Threat Level - Wired Blogs

Computer science professor Steven Bellovin — one of the most knowledgeable outsiders on the government’s eavesdropping mandates known as CALEA, pored over recently released documents that outline the FBI’s extensive, eavesdropping architecture.

He concludes that they don’t bode well for anyone:

I don’t think the FBI really understands computer security. More precisely, while parts of the organization seem to, the overall design of the DCS-3000 system shows that when it comes to building and operating secure systems, they just don’t get it.

The most obvious example is the account management scheme described in the DCS-3000 documents: there are no unprivileged userids. In fact, there are no individual userids; rather, there are two privileged accounts. Each has diferent powers; however, as the documents themselves note, each can change the other’s permissions to restore the missing abilities. Where is the per-user accountability? Why should ordinary users run in privileged mode at all? The answers are simple and dismaying.