By BRIAN BERGSTEIN, AP Technology Writer
A new method of communicating is creating intriguing services that
beat old ways of sending information. But law enforcement makes a
somber claim: These new networks will become a boon to criminals and
terrorists unless the government can easily listen in.
This was the story line in the mid-1990s when the Clinton
administration sought to have electronic communications encrypted only
by a National Security Agency-developed "Clipper Chip," for which the
feds would have a key.
The Clipper Chip eventually went the way of clipper ships after
industry balked and researchers showed its cryptographic approach was
flawed anyway. But while the Clipper Chip died, the dilemma it
illuminated remains.
With each new advance in communications, the government wants the same
level of snooping power that authorities have exercised over phone
conversations for a century. Technologists recoil, accusing the
government of micromanaging -- and potentially limiting -- innovation.
Today, this tug of war is playing out over the Federal Communications
Commission's demands that a phone-wiretapping law be extended to
voice-over-Internet services and broadband networks.
Opponents are trying to block the ruling on various grounds: that it
goes beyond the original scope of the law, that it will force network
owners to make complicated changes at their own expense, or that it
will have questionable value in improving security.
No matter who wins the battle over this law -- the Communications
Assistance for Law Enforcement Act, known as CALEA -- this probably
won't be the last time authorities raise hackles by seeking a bird's
eye view over the freewheeling information flow created by new
technology.
Authorities are justified in trying to reduce the ways that technology
helps dangerous people operate in the shadows, said Daniel Solove,
author of "The Digital Person." But a parallel concern is that
technology can end up increasing the government's surveillance power
rather than just maintaining it.
"We have to ask ourselves anew the larger question: What surveillance
power should the government have?" said Solove, an assistant professor
at George Washington University Law School. "And to what extent should
the government be allowed to manage the development of technology to
embody its surveillance capability?"
Wiretapping -- so named because eavesdropping police placed metal
clips on the analog wires that carried conversations -- has a complex
legal history.
A 1928 case, Olmstead v. United States, legitimized the practice, when
the Supreme Court ruled it was acceptable for police to monitor the
private calls of a suspected bootlegger.
Behind that 5-4 ruling, however, a seminal debate was raging. The
dissenting opinion by Justice Louis Brandeis argued, among other
things, that the government had no right to open someone's mail, so
why should a phone -- or other technologies that might emerge -- carry
different expectations about privacy?
In 1967, as the dawn of the digital age was fulfilling Brandeis' fears
that other forms of technological eavesdropping would become possible,
the Supreme Court reversed Olmstead. After that, authorities had to
get a search warrant before setting wiretaps, even on public
payphones.
That apparently hasn't been much of a hindrance.
State and federal authorities have had 30,975 wiretap requests
authorized since 1968, with only 30 rejections, according to the
Electronic Privacy Information Center. Some 1,710 wiretaps were
authorized last year, the most ever, with zero denied.
Since 1980, authorities also have been able to set secret wiretaps
with the approval of the Foreign Intelligence Surveillance Court,
which privacy watchdogs say requires a lower standard of evidence than
the general warrant process. For the first two decades FISA orders
numbered less than 1,000 annually; 2003 and 2004 each saw more than
1,700. Only four FISA applications have been rejected, all in 2003.
But technology began to pose obstacles in the 1980s, as old-fashioned
telephone networks were giving way to digital switching systems that
could also transmit information. Suddenly some wiretaps had to become
virtual, using "packet sniffing" programs that spy on the splintered
packets of data that make up network traffic.
Congress passed CALEA in 1994, requiring telecom carriers to ensure
that their networks left it relatively easy for law enforcement to set
wiretaps. The law applied to landline and cell phone networks but
essentially exempted the Internet.
Of course, at the time, federal officials were advocating use of the
Clipper Chip to ensure that bad guys couldn't hide by encrypting their
online traffic.
The FBI also was developing Carnivore, a program that agents could
tailor to grab specific e-mails and other Internet communications
defined in a court order. (The FBI eventually dropped Carnivore in
favor of commercial software; frequent cooperation from Internet
service providers often made the technology unnecessary anyway.)
And all the while the NSA was harvesting the fruits of a system called
Echelon, intercepting millions of international telephone calls and
feeding them into the agency's humungous maw for analysis.
Justifiably or not, each of these steps unsettled privacy
activists. And it is that unease that colors the current fight over
expanding CALEA's reach to new services such as Voice over Internet
Protocol (VoIP) by 2007. The FCC says the move is critical because
converting voice calls into data packets essentially replaces the old
phone system. VoIP services are expected to attain some 4 million
U.S. subscribers by the end of this year.
"CALEA in a sense is the culmination of where we've been," said Barry
Steinhardt, director of the technology and liberty program at the
American Civil Liberties Union. "Now the communications network is
built to be wiretap-ready, so you don't need Carnivore anymore. It's
just intrinsic to the system."
Clipper Chip objectors a decade ago contended that in addition to
being an onerous demand, the technology could be foiled, rendering it
pointless.
Similarly, critics of expanding CALEA to broadband networks say the
cost of rewiring -- estimated as high as $7 billion for universities
alone -- is excessive. Those against expanding it to VoIP say it
leaves too many holes to be effective.
For example, Internet phone services such as Vonage that can route
calls to regular phones will be expected to support CALEA. But
"peer-to-peer" VoIP services and instant-messaging programs that carry
voice conversations from one computer to another are exempt -- at least
for now.
"If you take the argument to its extreme, every kind of Internet
application, including (file-transfer programs) and Web browsing, is
capable of transmitting communications. So where does it end?" said
Glenn Manishin, an attorney with Kelley Drye & Warren LLP who has
handled telecom regulation cases for companies and consumer
groups. "Do they now have to have a back door into every Web browser?"
Plus, overseas services aren't covered by the U.S. law. Nor can it
touch any home-grown Internet voice programs that serious criminals
could develop.
"For the past two years, law enforcement has been saying, `If we just
had CALEA we'd catch all the terrorists,'" said John Morris, director
of Internet standards, technology and policy at the Center for
Democracy and Technology. "Well, if they're sophisticated enough to
evade all of our intelligence capabilities, they'll be sophisticated
enough not to use a CALEA-compliant phone service."
CALEA critics also say authorities haven't shown that existing
monitoring methods are so weak as to justify costly new back doors for
government.
Indeed, while they are not nearly as common as phone surveillance,
computer wiretaps have been successful even without the extra
assistance CALEA might provide. For example, a 2003 report by the
Administrative Office of U.S. Courts explained how surveillance on a
DSL high-speed Internet line in Minnesota intercepted 141,420
"computer messages" in three weeks, aiding a racketeering
investigation.
If there's one thing widely agreed upon in this debate, it's that
Congress could do well to step in.
Not only could lawmakers clarify how much of CALEA ought to apply to
the Internet, but they might also reconsider the overarching
Electronic Communications Privacy Act. That was passed in 1986, well
before the Internet became the vast commercial and personal medium
that redefined our categories of information.
"That pervades CALEA and everything we talk about," Solove said. "This
is something that Congress has been very derelict in addressing."
On the Net:
FBI page on CALEA: http://www.askcalea.com
Copyright 2005 The Associated Press.
For more news and headlines from Associated Press please go to:
http://telecom-digest.org/td-extra/AP.html
Brian Bergstein (ap@telecom-digest.org)