Surveillance can be a tricky affair in the Internet age.
A federal law called the Communications Assistance for Law Enforcement Act allows law enforcement officials to tap a traditional phone, as long as they get approval from a judge. But if communication is through voice over Internet Protocol technology — Skype, for instance — it’s not as simple.
That conversation doesn’t pass through a central hub controlled by the service provider. It is encrypted — to varying degrees of protection — as it travels through the Internet, from the caller’s end to the recipient’s.
The Federal Bureau of Investigation has made it clear it wants to intercept Internet audio and video chats. And that, according to a new report being released Friday by a group of technologists, could pose “serious security risks” to ordinary Internet users, giving thieves and even foreign agents a way to listen in on Americans’ conversations, undetected.
The 20 computer experts and cryptographers who drafted the report say the only way that companies can meet wiretap orders is to re-engineer the way their systems are built at the endpoints, either in the software or in users’ devices, in effect creating a valuable listening station for repressive governments as well as for ordinary thieves and blackmailers.
“It’s a single point in the system through which all of the content can be collected if they can manage to activate it,” said Edward W. Felten, a computer science professor at Princeton and one of the authors of the report, released by the Center for Democracy and Technology, an advocacy group in Washington.
“That’s a security vulnerability waiting to happen, as if we needed more,” he said.
The report comes as federal officials say they are close to reaching consensus on the F.B.I.’s longstanding demand to be able to intercept Internet communications. Companies that say they were unable to modify their operations to comply with the new wiretap orders would be subject to a fine, according to the plan. The White House has yet to review it.
Neither the F.B.I. nor White House officials have provided technical details of how the Web service providers would comply.
Law enforcement officials regularly seek information from Web companies about the communications of their users, from e-mail messages to social network posts and chats.
Microsoft, which owns Skype, reported receiving 4,713 requests in 2012 from law enforcement, which covered just over 15,000 Skype accounts; the company said it released only “noncontent data, such as a Skype ID, name, e-mail account, billing information and call detail records” if an account is connected to a telephone number.
Skype is a Luxembourg company, even after its acquisition by Microsoft, of Redmond, Wash. United States wiretap law does not apply to the company.
Along with Mr. Felten, who served as a technologist with the Federal Trade Commission until recently, the report’s authors include the cryptographer Bruce Schneier and Phil Zimmermann, who created what has become the most widely used software to keep e-mails private.