Comments Off

Should app developers be more wary of CALEA

Posted November 18th, 2015 in CALEA, communications act of 1934 and tagged , by Alton Drew

ISIS’ recent attacks in Paris was allegedly facilitated via encrypted communications conducted over the internet. One of the apps allegedly used was Telegram. According to CNN:

“ISIS is also using Telegram to broadcast big messages on the app’s “channels,” which are devoted to a variety of topics. It was on the official ISIS channel that the group said the Paris attacks would be the ‘first of the storm.’”

Telegram has been flying under the radar having only been developed in 2013. Commercial applications like Telegram are hard to break allegedly because of the quality of their encryption. This quality of encrypted communications are providing law enforcement with its share of headaches. Again, according to CNN:

“Encryption is one of many ways that an adversary, whether that’s a criminal, a terrorist, a rogue nation, one of the many ways that they might use to hide their activities,” former NSA Deputy Director Chris Inglis, told CNNMoney. “I saw dozens of times — more than that, likely — across my career that, in fact, was an obstacle for us.”

Should app developers expect more scrutiny given not only the Paris attacks but threats by ISIS about striking targets in Washington, DC? Probably. And one agency that could add pressure is the Federal Communications Commission. Earlier this year the FCC issued rules that declared broadband services were no longer “information services” but “telecommunications services.” In a nutshell, the Communications Assistance for Law Enforcement Act (CALEA) requires telecommunications companies to enable the government, once a warrant has been obtained, to intercept all wire and electronic communications carried by the telecommunications company to and from equipment, facilities, and services of a subscriber. Carriers, however, are not responsible for decrypting any communications encrypted by a subscriber unless the encryption was provided by the carrier.

But while encryption can help hide the contents of a communication, it can’t hide that a communication happened. CALEA, as written, could be a tool to help law enforcement crack the actual devices (or what security experts call “the end point”) ¬†used by a subscriber for receiving and sending messages. So if the subscriber is using a device with Telegram or some other enabling app loaded on it, data collected within the software could be subject for an investigation.