BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on 
 the Internet. - Prof. Steven M. Bellovin\, Columbia University
DTSTART:20131223T161500Z
DTEND:20131223T171500Z
UID:TALK49410@talks.cam.ac.uk
CONTACT:Laurent Simon
DESCRIPTION:*Abstract:*\nFor years\, legal wiretapping was straightforward
 : the officer doing the intercept connected a tape recorder or the like to
  a single pair of wires. By the 1990s\, though\, the changing structure of
  telecommunications — there was no longer just “Ma Bell” to talk to 
 — and new technologies such as ISDN and cellular telephony made executin
 g a wiretap more complicated for law enforcement. Simple technologies woul
 d no longer suffice. In response\, Congress passed the Communications Assi
 stance for Law Enforcement Act (CALEA)\, which mandated a standardized law
 ful intercept interface on all local phone switches. Technology has contin
 ued to progress\, and in the face of new forms of communication — Skype\
 , voice chat during multi-player online games\, many forms of instant mess
 aging\, etc.— law enforcement is again experiencing problems. The FBI ha
 s called this “Going Dark”: their loss of access to suspects’ commun
 ication. According to news reports\, they want changes to the wiretap laws
  to require a CALEA-­like interface in Internet software. \n\nCALEA\, tho
 ugh\, has its own issues: it is complex software specifically intended to 
 create a security hole — eavesdropping capability — in the already-­c
 omplex environment of a phone switch. It has unfortunately made wiretappin
 g easier for everyone\, not just law enforcement. Congress failed to heed 
 experts’ warnings of the danger posed by this mandated vulnerability\, b
 ut time has proven the experts right. The so-­called “Athens Affair”\
 , where someone used the built-­in lawful intercept mechanism to listen t
 o the cell phone calls of high Greek officials\, including the Prime Minis
 ter\, is but one example. In an earlier work\, we showed why extending CAL
 EA to the Internet would create very serious problems\, including the secu
 rity problems it has visited on the phone system.\n\nThis talk explores th
 e viability and implications of an alternative method for addressing law e
 nforcement's need to access communications: legalized hacking of target de
 vices through existing vulnerabilities in end-­user software and platform
 s.\n\n*Bio:*\nSteven M. Bellovin is a professor of computer science at Col
 umbia University\, where he does research on networks\, security\, and esp
 ecially why the two don't get along\, as well as related public policy iss
 ues. In his spare professional time\, he does some work on the history of 
 cryptography. He joined the faculty in 2005 after many years at Bell Labs 
 and AT&T Labs Research\, where he was an AT&T Fellow. He received a BA deg
 ree from Columbia University\, and an MS and PhD in Computer Science from 
 the University of North Carolina at Chapel Hill. While a graduate student\
 , he helped create Netnews\; for this\, he and the other perpetrators were
  given the 1995 Usenix Lifetime Achievement Award (The Flame). Bellovin ha
 s served as Chief Technologist of the Federal Trade Commission. He is a me
 mber of the National Academy of Engineering and is serving on the Computer
  Science and Telecommunications Board of the National Academies\, the Depa
 rtment of Homeland Security's Science and Technology Advisory Committee\, 
 and the Technical Guidelines Development Committee of the Election Assista
 nce Commission\; he has also received the 2007 NIST/NSA National Computer 
 Systems Security Award.\n\nBellovin is the co-author of Firewalls and Inte
 rnet Security: Repelling the Wily Hacker\, and holds a number of patents o
 n cryptographic and network protocols. He has served on many National Rese
 arch Council study committees\, including those on information systems tru
 stworthiness\, the privacy implications of authentication technologies\, a
 nd cybersecurity research needs\; he was also a member of the information 
 technology subcommittee of an NRC study group on science versus terrorism.
  He was a member of the Internet Architecture Board from 1996-2002\; he wa
 s co-director of the Security Area of the IETF from 2002 through 2004.\n\n
 More details may be found at http://www.cs.columbia.edu/~smb/informal-bio.
 html. 
LOCATION:Lecture Theatre 2\, Computer Laboratory\, William Gates Building
END:VEVENT
END:VCALENDAR