{"id":3146,"date":"2025-04-09T05:03:50","date_gmt":"2025-04-09T05:03:50","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/04\/09\/arguing-against-calea-html\/"},"modified":"2025-04-09T05:03:50","modified_gmt":"2025-04-09T05:03:50","slug":"arguing-against-calea-html","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/04\/09\/arguing-against-calea-html\/","title":{"rendered":"Arguing Against CALEA"},"content":{"rendered":"\n<div>Arguing Against CALEA<\/div>\n<p> \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>At a Congressional <a href=\"https:\/\/oversight.house.gov\/hearing\/salt-typhoon-securing-americas-telecommunications-from-state-sponsored-cyber-attacks\/\">hearing<\/a> earlier this week, Matt Blaze <a href=\"https:\/\/oversight.house.gov\/wp-content\/uploads\/2025\/04\/Blaze-Written-Testimony.pdf\">made the point<\/a> that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today\u2019s threat environment and should be rethought:<\/p>\n<blockquote>\n<p>In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that must implement and protect it has changed radically. This has greatly expanded the \u201cattack surface\u201d that must be defended to prevent unauthorized wiretaps, especially at scale. The job of the illegal eavesdropper has gotten significantly easier, with many more options and opportunities for them to exploit. Compromising our telecommunications infrastructure is now little different from performing any other kind of computer intrusion or data breach, a well-known and endemic cybersecurity problem. To put it bluntly, something like Salt Typhoon was inevitable, and will likely happen again unless significant changes are made.<\/p>\n<\/blockquote>\n<p>This is the access that the Chinese threat actor Salt Typhoon <a href=\"https:\/\/techcrunch.com\/2024\/10\/07\/the-30-year-old-internet-backdoor-law-that-came-back-to-bite\/\">used<\/a> to spy on Americans:<\/p>\n<blockquote>\n<p><a href=\"https:\/\/www.wsj.com\/tech\/cybersecurity\/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b\">The Wall Street Journal<\/a> first reported Friday that a Chinese government hacking group dubbed Salt Typhoon broke into three of the largest U.S. internet providers, including AT&amp;T, Lumen (formerly CenturyLink), and Verizon, to access systems they use for facilitating customer data to law enforcement and governments. The hacks reportedly may have resulted in the \u201cvast collection of internet traffic\u201d; from the telecom and internet giants. <a href=\"https:\/\/www.cnn.com\/2024\/10\/05\/politics\/chinese-hackers-us-telecoms\/\">CNN<\/a> and <a href=\"https:\/\/www.washingtonpost.com\/national-security\/2024\/10\/06\/salt-typhoon-china-espionage-telecom\/\">The Washington Post<\/a> also confirmed the intrusions and that the U.S. government\u2019s investigation is in its early stages.<\/p>\n<\/blockquote>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Bruce Schneier<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/www.schneier.com\/blog\/archives\/2025\/04\/arguing-against-calea.html\">Go to bruce schneier<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Arguing Against CALEA At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today\u2019s threat environment and should be rethought: In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57,1089,464,1090,90,480,1],"tags":[87],"class_list":["post-3146","post","type-post","status-publish","format-standard","hentry","category-bruce-schneier","category-calea","category-cybersecurity","category-eavesdropping","category-national-security-policy","category-telecom","category-uncategorized","tag-bruce-schneier"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/3146"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=3146"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/3146\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=3146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=3146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=3146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}