[ISN] FBI adds to wiretap wish list

From: InfoSec News (isn@private)
Date: Sun Mar 14 2004 - 23:03:42 PST

  • Next message: InfoSec News: "[ISN] Linux Advisory Watch - March 12th 2004"

    http://news.com.com/2100-1028-5172948.html
    
    By Declan McCullagh and Ben Charny 
    Staff Writer, CNET News.com
    March 12, 2004
    
    A far-reaching proposal from the FBI, made public Friday, would
    require all broadband Internet providers, including cable modem and
    DSL companies, to rewire their networks to support easy wiretapping by
    police.
    
    The FBI's request to the Federal Communications Commission aims to
    give police ready access to any form of Internet-based communications.  
    If approved as drafted, the proposal could dramatically expand the
    scope of the agency's wiretap powers, raise costs for cable broadband
    companies and complicate Internet product development.
    
    Legal experts said the 85-page filing includes language that could be
    interpreted as forcing companies to build back doors into everything
    from instant messaging and voice over Internet Protocol (VoIP)  
    programs to Microsoft's Xbox Live game service. The introduction of
    new services that did not support a back door for police would be
    outlawed, and companies would be given 15 months to make sure that
    existing services comply.
    
    "The importance and the urgency of this task cannot be overstated,"  
    says the proposal, which is also backed by the U.S. Department of
    Justice and the Drug Enforcement Administration. "The ability of
    federal, state and local law enforcement to carry out critical
    electronic surveillance is being compromised today."
    
    Because the eavesdropping scheme has the support of the Bush
    administration, the FCC is expected to take it very seriously. Last
    month, FCC Chairman Michael Powell stressed that "law enforcement
    access to IP-enabled communications is essential" and that police must
    have "access to communications infrastructure they need to protect our
    nation."
    
    The request from federal police comes almost a year after
    representatives from the FBI's Electronic Surveillance Technology
    Section approached the FCC and asked that broadband providers be
    required to provide more efficient, standardized surveillance
    facilities. Such new rules were necessary, the FBI argued, because
    terrorists could otherwise frustrate legitimate wiretaps by placing
    phone calls over the Internet.
    
    "It is a very big deal and will be very costly for the Internet and
    the deployment of new technologies," said Stewart Baker, who
    represents Internet providers as a partner at law firm Steptoe &
    Johnson. "Law enforcement is very serious about it. There is a lot of
    emotion behind this. They have stories that they're very convinced
    about in which they have not achieved access to communications and in
    which wiretaps have failed."
    
    
    Broadband in the mix
    
    Broadband providers say the FBI's request would, for the first time,
    force cable providers that sell broadband to come under the
    jurisdiction of 1994's Communications Assistance for Law Enforcement
    Act (CALEA), which further defined the already existing statutory
    obligations of telecommunications carriers to help police conduct
    electronic surveillance. Telephone companies that use their networks
    to sell broadband have already been following CALEA rules.
    
    "For cable companies, it's all new," said Bill McCloskey, a BellSouth
    spokesman.
    
    Several cable providers, including Comcast, Time Warner Cable and
    Cablevision Systems, had no immediate comment on the FBI's request.
    
    The FBI proposal would also force Vonage, 8x8, AT&T and other
    prominent providers of broadband telephone services to comply with
    CALEA. Executives from these companies have said in the past that they
    all intend to comply with any request law enforcement makes, if
    technically possible.
    
    Broadband phone service providers say they are already creating a code
    of conduct to cover some of the same issues the FBI is addressing--but
    on a voluntary basis, according to Jeff Pulver, founder of Free World
    Dialup. "We have our chance right now to prove to law enforcement that
    we can do this on a voluntary basis," Pulver said. "If we mandate and
    make rules, it will just complicate things."
    
    Under CALEA, police must still follow legal procedures when
    wiretapping Internet communications. Depending on the situation, such
    wiretaps do not always require court approval, in part because of
    expanded wiretapping powers put in place by the USA Patriot Act.
    
    A Verizon representative said Friday that the company has already
    complied with at least one law enforcement request to tap a DSL line.
    
    This week's proposal surprised privacy advocates by reaching beyond
    broadband providers to target companies that offer communications
    applications such as instant-messaging clients.
    
    "I don't think it's a reasonable claim," said Marc Rotenberg, director
    of the Electronic Privacy Information Center. "The FCC should
    seriously consider where the FBI believes its authority...to regulate
    new technologies would end. What about Bluetooth and USB?"
    
    Baker agrees that the FBI's proposal means that IP-based services such
    as chat programs and videoconferencing "that are 'switched' in any
    fashion would be treated as telephony." If the FCC agrees, Baker said,
    "you would have to vet your designs with law enforcement before
    providing your service. There will be a queue. There will be politics
    involved. It would completely change the way services are introduced
    on the Internet."
    
    As encryption becomes glued into more and more VoIP and
    instant-messaging systems like PSST, X-IM and CryptIM, eavesdropping
    methods like the FBI's Carnivore system (also called DCS1000) become
    less useful. Both Free World Dialup's Pulver, and Niklas Zennstrom,
    founder of Skype, said last month that their services currently offer
    no easy wiretap route for police, because VoIP calls travel along the
    Internet in tens of thousands of packets, each sometimes taking
    completely different routes.
    
    Skype has become a hot button in the debate by automatically
    encrypting all calls that take place through the peer-to-peer voice
    application.
    
    The origins of this debate date back to when the FBI persuaded
    Congress to enact the controversial CALEA. Louis Freeh, FBI director
    at the time, testified in 1994 that emerging technologies such as call
    forwarding, call waiting and cellular phones had frustrated
    surveillance efforts.
    
    Congress responded to the FBI's concern by requiring that
    telecommunications services rewire their networks to provide police
    with guaranteed access for wiretaps. Legislators also granted the FCC
    substantial leeway in defining what types of companies must comply. So
    far, the FCC has interpreted CALEA's wiretap-ready requirements to
    cover only traditional analog and wireless telephone service, leaving
    broadband and Internet applications in a regulatory gray area.
    
    Under the FBI's proposal, Internet companies would bear "sole
    financial responsibility for development and implementation of CALEA
    solutions" but would be authorized to raise prices to cover their
    costs.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Mar 15 2004 - 02:11:50 PST