The New York Times reports: Surveillance can be a tricky affair in the Internet age.

A federal law called the Communications Assistance for Law Enforcement Act allows law enforcement officials to tap a traditional phone, as long as they get approval from a judge. But if communication is through voice over Internet Protocol technology — Skype, for instance — it’s not as simple.

That conversation doesn’t pass through a central hub controlled by the service provider. It is encrypted — to varying degrees of protection — as it travels through the Internet, from the caller’s end to the recipient’s.

The Federal Bureau of Investigation has made it clear it wants to intercept Internet audio and video chats. And that, according to a new report being released Friday by a group of technologists, could pose “serious security risks” to ordinary Internet users, giving thieves and even foreign agents a way to listen in on Americans’ conversations, undetected.

The 20 computer experts and cryptographers who drafted the report say the only way that companies can meet wiretap orders is to re-engineer the way their systems are built at the endpoints, either in the software or in users’ devices, in effect creating a valuable listening station for repressive governments as well as for ordinary thieves and blackmailers.

“It’s a single point in the system through which all of the content can be collected if they can manage to activate it,” said Edward W. Felten, a computer science professor at Princeton and one of the authors of the report, released by the Center for Democracy and Technology, an advocacy group in Washington.

“That’s a security vulnerability waiting to happen, as if we needed more,” he said. [Continue reading…]