(Screenshot: Spencer E Holtaway/flickr)

Under the draft proposal, a court could levy a series of escalating fines, starting at tens of thousands of dollars, on firms that fail to comply with wiretap orders, according to persons who spoke on the condition of anonymity to discuss internal deliberations. A company that does not comply with an order within a certain period would face an automatic judicial inquiry, which could lead to fines. After 90 days, fines that remain unpaid would double daily.

First, wiretap functionality allows covert access to communications that can be exploited not only by law enforcement, but by criminals, terrorists, and foreign military and intelligence agencies. Wiretap endpoints will be vulnerable to exploitation and difficult to secure. Second, imposing the obligation to facilitate wiretapping on software developers forces them to choose between two dangerous, expensive, cumbersome options: they can either create a compliance department capable of responding 24/7 to law enforcement demands, or they can show personnel in law enforcement agencies world wide how to exploit their software to harvest user communications. Finally, the wiretap capability that the FBI seeks will be ineffective because it is easily disabled and because knock-off products that lack the wiretap functionality can be readily downloaded from websites abroad. Because many of the tools that people use to communicate are built on open standards and open source software, it will be trivial to remove or disable wiretap functionality.

We believe that on balance mandating that endpoint software vendors build intercept functionality into their products will be much more costly to personal, economic and governmental security overall than the risks associated with not being able to wiretap all communications.

______________________________