washingtonpost.com
U.S. seeks ways to wiretap the Internet

By Ellen Nakashima
Washington Post Staff Writer
Tuesday, September 28, 2010; A4

The Obama administration is planning to seek legislation that would require social networking companies and voice-over-Internet service providers to adapt their technology so law enforcement agents can monitor users' communications during criminal and terrorism investigations.

The proposal arises out of a concern that technology and social customs have outpaced the law and that authorities lack the means to monitor new methods of communication, administration officials said. But the initiative has also revived a more than 15-year-old debate over the proper balance between national security and personal privacy as well as what industry can reasonably be asked to do without stifling innovation.

"This is about lawfully authorized intercepts," said Valerie E. Caproni, FBI general counsel. "This is not about expanding authority, but about preserving the ability to carry out existing authorities in order to protect the national security and public safety."

The idea, which has been percolating for at least two years, is still in the discussion stages among federal bodies, including the FBI, the Justice Department and the National Security Council. Congressional and administration officials said no draft language or clear timeline exists. The administration's plans were first reported by the New York Times.

At issue is a 1994 telecommunications law called the Communications Assistance to Law Enforcement Act, which requires phone and broadband companies to build interception capabilities into their networks for law enforcement. An agent must have a court order based on probable cause to gain access to a provider's network.

Social networking companies such as Facebook and Twitter are not covered under CALEA. Their technologies were not built to provide law enforcement with real-time access to content.

Law enforcement agencies would also like firms that offer encrypted communications to be able to provide them with decrypted "clear text," as well as design a service to allow interception of peer-to-peer communications, such as Skype.

"If you're in an ongoing situation, where we had hostages and the suspects are communicating with one another calling out their plan or next move, you'd want real-time access," said one federal law enforcement official who was not authorized to speak for attribution.

State and local police are eager to see some changes, too. Peter Modafferi, chief of the Rockland County, N.Y., detectives division, said 90 percent of cases today involve some form of electronic evidence - he said he has done surveillance where mobsters "text instead of talk" - but there are growing numbers of applications that are often beyond law enforcement's reach.

"We're going dark," he said. "We're not being able to see the electronic evidence we need to conduct investigations."

Kevin Bankston, senior staff attorney at the Electronic Frontier Foundation, took issue with the move. "This proposal is a drastic anti-privacy, anti-security, anti-innovation solution in search of a problem," he said.

He noted that in an official 2009 review of 2,400 federal, state and local law enforcement applications for wiretap orders, "encryption was encountered during one state wiretap, but did not prevent officials from obtaining the plain text of the communications."

Federal law enforcement officials said that investigators generally know which companies can accommodate their requests and which cannot, and generally avoid the latter or work out an alternative, and that is not reflected in the statistics.

Industry lawyers said the administration must justify imposing the regulation by demonstrating why it is so difficult to obtain the data authorities are seeking.

Bankston also pointed out that a State Department spokesman last month critized the United Arab Emirates for threatening to block RIM's Blackberry service because it allowed users to send encrypted communications. "We think it sets a dangerous precedent," spokesman P.J. Crowley said. "You should be opening up societies to these new technologies that have the opportunity to empower people rather than looking to see how you can restrict certain technologies."

Bankston cited the impact on innovation. "Would Mark Zuckerberg have been able to build Facebook in his dorm room if he'd had to build in surveillance capabilities before launch in order to avoid fines for not being CALEA-compliant? Would Skype have ever happened if it was forced to include an artificial bottleneck for all of your peer-to-peer communications? "

Michael A. Sussmann, a former Justice Department lawyer who advises social networking and communications service providers, said that the proposal to expand CALEA "could be extremely difficult" from a technical point of view. "In some cases networks would need to be re-engineered," he said. "Where even possible, that can require a lot of time and huge costs."

Susan Landau, a Radcliffe Institute of Advanced Study fellow and former Sun Microsystems engineer, said the proposal would make it easier for nation-state adversaries to hack into U.S. networks.

"It simplifies the process for them," she said. "The more secure you make a communication system the harder you make it for everyone to break in.''

Post a Comment


Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions. You are fully responsible for the content that you post.

© 2010 The Washington Post Company