The nation’s top telecom regulator recommended broadening America’s wiretapping laws Tuesday, in response to the recent attacks in Paris by the Islamic State that left more than 120 people dead.
While the Federal Communications Commission cannot take direct action against the Islamic State, such as shutting down its Web sites or social media accounts, Congress could do “specific things” allowing the FCC to assist law enforcement more effectively, agency Chairman Tom Wheeler told a House subcommittee.
That includes revisiting the wiretap legislation, said Wheeler. The 1994 law, known as the Communications Assistance for Law Enforcement Act, or CALEA, provides for the “lawful intercept” of a suspect’s telephone and online communications. It requires telecom companies and Internet providers, not to mention some online voice services, to build their networks in ways that grant authorities easier access to those communications.
Wheeler’s suggestion underscores the FCC’s growing interest in online privacy and security just as intelligence officials are rekindling a debate over government surveillance and encrypted communications.
“One of the issues here is the question of, ‘What is a lawful intercept?’, something the Congress can define,” Wheeler told lawmakers. “You did it in CALEA. Things have moved on since then.
“You read in the press that [the attackers] were using PlayStation 4 games to communicate on,” Wheeler continued, “which is outside the scope of anything considered in CALEA, so there's probably opportunities to update the ‘lawful intercept’ concept.”
Reports about the use of the gaming console to coordinate the attacks have since been debunked, and it remains unclear how the Paris attackers communicated.
But the suggestion that video-game communications services could someday be covered under CALEA represents a dramatic new development, said Chris Calabrese, a policy executive at the Center for Democracy and Technology.
CALEA’s origins can be traced to a compromise: Telecom companies and Internet service providers would allow the government greater access to customer information, but pure “information services” such as Web-based messaging apps would be exempted, Calabrese said.
“If you say ‘we want to revisit that deal,’ you’re talking about building an intercept capacity into the Internet,” said Calabrese, “which is obviously a very different kettle of fish from what we had 20 years ago when we had a few big phone companies.”
Asked to clarify Wheeler’s comments, an FCC spokesperson said CALEA currently grants the agency a narrow responsibility to ensure communications providers “are technically able to respond to judicially approved warrants for lawful intercepts.
“If and when Congress changes the law, or the law enforcement community tells us how we should change our present regulations, we will respond,” added the spokesperson, who spoke on the condition of anonymity in order to speak more freely.
House lawmakers are interested in Wheeler’s suggestion but have not yet settled on a course of action, according to a Democratic aide, who spoke on the condition of anonymity because the discussions are private.
To Nate Cardozo, a staff attorney at the Electronic Frontier Foundation, Wheeler's comments appeared to reference a debate over whether tech companies should be forced to give the government access even to the secret, encrypted user communications that some services build into their products.
Encryption is a widely used security measure that protects data by scrambling it so only authorized individuals can decode it. In the wake of revelations from Edward Snowden about the extent of the government’s surveillance capabilities, some tech companies, notably Apple, automatically expanded their deployment of strong forms of encryption that even the firms themselves cannot unlock.
That caused a backlash from senior law enforcement and intelligence officials, who say such technology limits their ability to investigate criminals and terrorists. But tech companies and privacy advocates counter that building so-called “backdoors” into products will leave all users at greater risk from hackers.
After some deliberation, the Obama administration ultimately concluded in recent weeks not to pursue legislation to require encryption backdoors.
But changes to CALEA could give law enforcement agencies greater powers to decrypt communications, or force companies to do so on their behalf.
The FCC chairman’s remarks on CALEA came as a surprise to several agency officials, who said they were not notified ahead of time. Harold Feld, senior vice president at the consumer advocacy group Public Knowledge, downplayed the significance of Wheeler’s comments.
“I think Wheeler was responding to a question that caught him off-guard,” said Feld. “Wheeler did what any smart witness would do in his situation — throw the problem back to Congress without really answering the question.”
Wheeler’s suggestion that Congress revisit CALEA could return in future administrations, even if Congress decides not to act this time around. And if the government amended the law to place limits on encryption, third-party communications tools that provide strong encryption would still be available, said Cardozo — allowing criminals to organize beyond the reach of the law.
”The U.S. Congress has the power to legislate backdoors, but it does not extend to open source [products], or essentially anything other than major U.S. service providers,” he said. “Terrorists are just going to use something else.”