Steven M. Bellovin, Matt Blaze, Sandy Clark, Susan Landau, Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet

Steven M. Bellovin, Matt Blaze, Sandy Clark, Susan Landau, Lawful Hacking:  Using Existing Vulnerabilities for Wiretapping on the Internet

Comment by: Anne McKenna

PLSC 2013

Published version available here:

Workshop draft abstract:

For years, legal wiretapping was straightforward: the officer doing the intercept connected a tape recorder or the like to a single pair of wires. By the 1990s, though, the changing structure of telecommunications—there was no longer just “Ma Bell”  to talk to—and new technologies such as ISDN and cellular telephony made life more complicated.  Simple technologies would no longer suffice. In response, Congress passed the Communications Assistance for Law Enforcement Act (CALEA)5, which mandated a standardized lawful intercept interface on all local phone switches.  Technology has continued to progress, and in the face of new forms of communication—Skype, voice chat during multiplayer online games, many forms of instant messaging, etc.—law enforcement is again experiencing problems. The FBI has called this “Going Dark”:6 their loss of access to suspects’ communication.  According to news reports, they want changes to the wiretap laws to require a CALEA-­‐like interface in Internet software.7


CALEA, though, has its own issues: it is complex software specifically intended to create a security hole—eavesdropping capability—in the already-­‐complex environment of a phone switch. Warnings of danger have indeed come to pass, most famously in the so-­‐called “Athens Affair”, where someone hacked into a Vodaphone Greece switch and used the built-­‐in lawful intercept mechanism to listen to the cell phone calls of high Greek officials, up to and including the Prime Minister.8 In an earlier work, we showed why extending CALEA to the Internet would create very serious problems, including very specifically creating many new security problems.

We proposed an alternative: legalized hacking, relying on the very large store of unintentional, naturally occurring existing vulnerabilities in software to obtain access to communications.  Relying on vulnerabilities and hacking, though, poses a large set of legal and policy questions.  Among these are:

  • Will it create disincentives to patching?
  • Will there be a negative effect on innovation? (Lessons from the so-­‐called
  • “Crypto Wars” of the 1990s are instructive here.)
  • Will law enforcement’s participation in vulnerabilities purchases skew the market?
  • Should law enforcement even be participating in a market where many of the sellers and other buyers are themselves criminals?
  • What happens if these tools are captured and repurposed by miscreants?
  • How does the Fourth Amendment affect use of these tools? In particular,  since they can grant full access to a computer and not just to communications, should there be statutory restrictions similar to those in the Wiretap Act?10
  • Is the probability of success from such an approach too low for it to be useful?

There are also logistical and organizational concerns. Local and even state law enforcement agencies are unlikely to have the technical sophistication to develop exploits and the legally acceptable tools to use them. This in turn implies a greater role for the FBI and its labs. Is this intrusion of Federal authorities into local policing acceptable?  Will this turn the FBI more into an intelligence agency?


1 Steven M. Bellovin is a professor of computer science at Columbia University.

2 Matt Blaze is an associate professor of computer science at the University of Pennsylvania.

3 Sandy Clark is a Ph.D. student in computer science at the University of Pennsylvania.

4 Susan Landau is a Guggenheim Fellow.

5 Pub. L. No. 103-­‐414, 108 Stat. 4279, codified at 47 USC 1001-­‐1010.

6 Valerie Caproni, General Counsel of the FBI, Statement Before the House Judiciary Committee, Subcommittee on Crime, Terrorism, and Homeland Security, February

17, 2011, available at

7 Declan McCullagh, “’Dark’ motive: FBI seeks signs of carrier roadblocks to

surveillance”, CNET News, Nov. 5, 2012, available at

8 Vassilis Prevelakis and Diomidis Spinellis, The Athens Affair, IEEE Spectrum, July 2007.

9 Steven M. Bellovin, Matt Blaze, Sandy Clark, and Susan Landau, “Going Bright: Wiretapping without Weakening Communications Infrastructure”, IEEE Security & Privacy”, Jan/Feb 201

10 In particular, see the conditions that must be satisfied in 18 USC 2518(1)(c) and the enumeration of offenses in 18 USC 2516.