Risking Communications Security: Potential Hazards of the Protect America Act

@article{Bellovin2008RiskingCS,
  title={Risking Communications Security: Potential Hazards of the Protect America Act},
  author={Steven M. Bellovin and Matt Blaze and Whitfield Diffie and Susan Landau and Peter G. Neumann and Jennifer Rexford},
  journal={IEEE Security \& Privacy},
  year={2008},
  volume={6}
}
A new US law allows warrantless wiretapping whenever one end of the communication is believed to be outside national borders. This creates serious security risks: danger of exploitation of the system by unauthorized users, danger of criminal misuse by trusted insiders, and danger of misuse by government agents. 
View on IEEE
academiccommons.columbia.edu
39 Citations
Highly Influential Citations
1
Background Citations
9

39 Citations

Citation Type

Citation Type

Can they hear me now?: a security analysis of law enforcement wiretaps
TLDR
It is demonstrated that the standard CALEA interfaces are vulnerable to a range of unilateral attacks by the intercept target, and stop-gap mitigation strategies are identified that partially mitigate some of the identified attacks.
The Hidden Difficulties of Watching and Rebuilding Networks
TLDR
This installment of secure systems focuses on two areas of network defense that are particularly troublesome to manage: network intrusion recovery and ubiquitous network monitoring.
Security Threats in Cloud Computing
TLDR
This chapter discusses the most common threats in cloud computing, including data breaches and data loss, and the dangers of account and service hijacking in addition to the use of insecure APIs.
The Legality of the Data Retention Directive in Light of the Fundamental Rights to Privacy and Data Protection
  • L. Feiler
  • Computer Science, Law
    Eur. J. Law Technol.
  • 2010
TLDR
The suitability, necessity, and proportionality of the interference with the fundamental rights to privacy and data protection as guaranteed by the Charter of Fundamental Rights of the European Union are examined.
Securitizing Critical Infrastructure, Blurring Organizational Boundaries: The U.S. Einstein Program
Objective: The objective of this research is to understand how organizations and policies were altered by a new information security technology, namely intrusion detection and intrusion prevention
Towards an ethical code for information security?
TLDR
A group of experts with different viewpoints on this subject were assembled for a New Security Paradigms Workshop panel, and the charge of considering the mere notion of a specialized code of ethics for the field of cybersecurity was given.
Einstein on the Breach: Surveillance Technology, Cybersecurity and Organizational Change
TLDR
It is found that DPI implementations led to significant organizational changes in government agencies and threatened to blur the boundary between cybersecurity efforts confined to U.S government agenciesand private sector ISPs, defense contractors and ISPs.
Security threats in cloud computing
This paper reports a detailed analysis and categorization of various security threats in a cloud computing environment along with a brief taxonomy of intrusion detection system. The security attacks
Security and service assurance issues in Cloud environment
TLDR
The paper reports a meticulous review in the field of Cloud computing with a focus on the security risk assessment and service assurance.
Making Sense from Snowden: What's Significant in the NSA Surveillance Revelations
TLDR
This article seeks to put the Snowden revelations in context, explaining what's new, why it matters, and what might happen next.
...
1
2
3
4
...

References

SHOWING 1-10 OF 40 REFERENCES
Trust in Cyberspace
TLDR
An assessment of the current state of the art for building trustworthy networked information systems and proposes directions for research in computer and network security, software technology, and system architecture.
National Security on the Line
  • S. Landau
  • Computer Science
    J. Telecommun. High Technol. Law
  • 2006
TLDR
In this paper, wiretapping, the Internet, communications security, and national-security needs in this communications environment are discussed.
Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP
TLDR
VoIP makes perfect sense that anything that can be done with the telephone system — such as E911 and the graceful accommodation of wiretapping — should be able to be done readily with VoIP as well.
Privacy on the Line: The Politics of Wiretapping and Encryption, Updated and Expanded Edition
TLDR
This updated and expanded edition revises their original -- and prescient -- discussions of both policy and technology in light of recent controversies over NSA spying and other government threats to communications privacy.
Introducing Traffic Analysis Attacks , Defences and Public Policy Issues . . . ( Invited Talk )
TLDR
This talk will present an overview of traffic analysis techniques, and how they can be used to extract data from ‘secure’ systems.
Anonymity and traceability in cyberspace
TLDR
It is shown that, in a world of high profit margins and insecure end-user machines, it is impossible to find a payment level that stops the spam without affecting legitimate usage of email, and considers an oft-proposed approach using computational " proof-of-work " that is elegant and anonymity preserving.
Protocol failure in the escrowed encryption standard
TLDR
This paper outlines various techniques that enable cryptographic communication among EES processors without transmission of the valid LEAF, and identifies two classes of techniques that allow communication only between pairs of “rogue” parties.
The Athens Affair
How some extremely smart hackers pulled off the most audacious cell-network break-in ever. On 9 march 2005, a 38-year-old Greek electrical engineer named Costas Tsalikidis was found hanged in his
Privacy on the Line: The Politics of Wiretapping and Encryption, Updated and Expanded Edition
Information Privacy Law
TLDR
The Second Edition addresses numerous rapidly developing areas of privacy law, including: - identity theft, government data mining, and electronic surveillance law - RFID tags, GPS, spyware, web bugs - airline passenger screening.
...
1
2
3
4
...