Online communications should be handled like robots.

Back in 2013, a report appeared, to criticize the then-last iteration of a beast that never dies: another plan to “require makers of secure communication tools to redesign their systems to make wiretapping easy”. Such plans were doomed to fail in 2013 as they would be now, for the same couple of reasons.

Wiretapping in “endpoint systems” is harmful

The first reason is well explained in that evergreen report: traditional wiretaps are designed for, and feasible on, centralized networks only: in Gmail, Facebook or mobile phone networks, all the wiretapping equipment only needs to be in the data center.

But for any distributed, P2P system, from Skype to WhatsApp, information can only be captured on the user’s devices: therefore, the software itself would have to be changed to add a virtual “wiretap port” that could be activated remotely without the user’s knowledge.

Such ports make it easier for attackers to capture the very same data that law enforcement wants. In ways that, by design, deliberately make it difficult for the user to tell that anything is amiss.

The simpler, and more open, a system’s design is, the easier it is to spot wiretaps. Complex, obfuscated designs are harder to secure and raise the total cost of building and operating the system.

Todays there are only military networks

The other reason why wiretapping needs to die, or at least to be reinvented from the ground up, is the one explained by B. Schneier, which I summarized here one month ago: these days, you can’t weaken consumer devices without also weakening military and government ones.

And the first endpoint to fix is the smartphone

As E. Moglen said in 2012, today’s smartphones are what makes of us easily controllable:

“Smartphones work for other people[, not their users]. They’re designed, built and managed to provide leverage and control to people other than their owners. Unless we retrofit the first law of robotics onto smartphones immediately, we’re cooked."