Monday, May 21, 2007

Internet surveillance grows under expanded 'wiretapping' law

Seattle PI May 21, 2007 BRANDON ENG
Local companies are ramping up their Internet surveillance to comply with a law requiring them to provide police with an easy way to intercept data.
May 14 marked the first day that broadband and Voice over Internet Protocol, or VoIP, providers must be in full compliance with the 1994 Communications Assistance for Law Enforcement Act.
The law aims to create an instant switch to turn on and collect data about individuals whom a court has identified as suspicious. A group is releasing industry standards for service providers to capture "e-mail, instant messaging records, Web-browsing information and other information sent or received through a user's broadband connection, including online banking activity."
Some civil libertarians say such interception, or "wiretapping," is bad for business, privacy and even Internet security.
The CALEA statute threatens constitutional and privacy law, said Lee Tien, senior staff attorney for civil rights group the Electronic Frontier Foundation.
"It's like giving the cops a copy of the key to your house just in case they need to use it," Tien said. CALEA gives law enforcement an instant switch "to see what's going on in your home."
"When you build in back doors, when you have many types of equipment that have to be configured to let someone in, then you are potentially creating a lot of security holes that can be exploited by others. Security experts have always been pretty critical of CALEA for creating this kind of (insecurity) within the phone network," Tien said.
Some say the new CALEA requirements also make it harder for innovation because the great strength of the Internet is its decentralization. If CALEA had applied to the Internet in 1994, many technologies such as gaming service Xbox Live or even VoIP might not have been created because of the FBI's "tappability principle." The original compromise provided by Congress in 1994 was explicitly not to include the Internet when setting up digital phone networks for lawful interception, Tien said. Under a 2004 joint petition, the FBI, Drug Enforcement Administration and Department of Justice requested that CALEA be re-examined.
The Federal Communications Commission has reinterpreted the ruling to include not just digital phone networks but broadband and VoIP providers. In 2006, the U.S. Court of Appeals for the District of Columbia upheld the decision against Fourth Amendment concerns.
Marc Wallace, vice president of Business Development at Drizzle Internet NW, said his company doesn't monitor individual customers except for fraudulent Internet protocol addresses unless the government makes a request. Usually law enforcement requests concern child pornography or theft.
"Our customers have First Amendment rights, so again we will protect our customers until we are forced to legally comply," Wallace said.
Drizzle has never had to submit evidence related to terrorism, Wallace said.
Drizzle provides broadband Internet and VoIP to Washington, Oregon and Utah.
Comcast, the second largest Internet service provider in the United States, is cooperating with CALEA as it applies today.
"We comply with all valid legal requests," said Sena Fitzmaurice, senior director of communications in government affairs at Comcast.
The race for government agencies' ability to tap telecommunications lines was extremely fast in the mobile telephone field.
"In 2006, 92 percent of all wiretaps were conducted on wireless phones," said Al Gidari, partner at Seattle law firm Perkins Coie.
While CALEA originally was intended for domestic criminal enforcement, the capabilities of the statute have expanded the surveillance abilities for other lawful interception operations like the Foreign Intelligence Surveillance Act.
"CALEA is just part of the culture now; for better or worse it's baked into communication networks," Gidari said.
The cost-benefit analysis of programs like CALEA is highly controversial. Millions of dollars are spent on lawful interception programs and Trusted Third Party companies that provide these services, yet they only provide a 16 percent conviction rate, Gidari said. The government does not "pay for it ... the shareholders and the public pay for it."
Wired magazine's blog Threat Level sent the blogosphere spiraling after it reminded bloggers that May 14 was the first day of full compliance with CALEA for many Internet providers.
Liberal blog Blognonymous wrote in response to the CALEA alert, "I'm feeling safer already. Now ... where ... is that encryption program?"