The New York Times reported that the Obama administration is drafting a bill that would require “all services that enable communications – including encrypted e-mail transmitters like Blackberry, social networking Web sites like Facebook and software that allows direct ‘peer to peer’ messaging like Skype – to be technically capable of complying if served with a wiretap order.” The administration plans to submit the proposed legislation to Congress next year.
Although the language of the proposed legislation remains unknown, officials appear to be focused on three main requirements: that all communications services that encrypt messages be able to unscramble messages, that foreign-based providers doing business in the United States install a domestic office capable of performing intercepts, and that developers of software enabling peer-to-peer communication redesign their service to allow interception.
Importantly, this proposal comes at a time when the United States is also ramping up its efforts to confront the challenges of cyber war and cyber espionage. The following experts address some potential concerns over the proposed legislation:
Susan Landau: With Capabilities Come Vulnerabilities
- Communications providers that provide encryption must also be able to decrypt the communications;
- Communications providers that offer services used within the United States must have a domestic office able to aid in legal interception;
- Communications providers of peer-to-peer services must design their services to enable interception
seems eminently reasonable. It provides law enforcement access to legally authorized wiretaps when encryption or Internet architecture might otherwise block such access. But “things are seldom what they seem”; digging below the surface changes the picture substantially. Key escrow was debated heavily through the 1990s — and the administration decided against governmental key escrow, in part for the vulnerabilities its use raises. And although the phone system and the Internet are both communication networks, their different architectures means that simplifying law-enforcement access to communications is likely to create serious security risks.
Building wiretapping capabilities into communications infrastructures creates vulnerabilities. Perhaps if no one was interested in U.S. communications, such insecurities wouldn’t matter. But that isn’t the case. Writing in Foreign Affairs in August, Department of Defense Deputy Secretary William Lynn III said that threats to U.S. intellectual property — the inventions, processes, and business plans of U.S. industry — “may be the most significant cyberthreat that the United States will face over the long term.” Since 2004, there have been cyberattacks and cyberexploitations (in which massive amounts of proprietary and secret data were removed) against many major U.S. corporations and government sites, including defense installations.
Consider the Communications Assistance for Law Enforcement Act (CALEA), sought by the FBI and passed in 1994. This law requires that all digitally-switched networks be built “wiretap accessible.” Building wiretapping capabilities into switches allows easy access to communications transiting the switch. The idea is that only law enforcement should be able to use such access, and then only with proper legal authorization. But software is easy to subvert, and in 2004-2005 a CALEA-like switch serving a Vodafone Greece cell phone network was breached with the result that the communications of over one hundred senior members of the Greek government, including the Prime Minister and the head of the opposition party, were wiretapped for nearly a year. An IBM researcher has recently shown that another wiretapping system, a Cisco architecture designed to satisfy CALEA-type requirement, has numerous security holes in its design (this system is already in use). The point is that simplifying access to communications is a security breach, and these will be exploited not only by law enforcement with legal access but by others with nefarious intent.
During the 1990s “Crypto Wars,” the U.S. government battled industry over the deployment of strong encryption in computer systems. Just as today, the FBI and NSA’s concern was that encryption would prevent law-enforcement and national-security investigators from being able to understand communications obtained under legally authorized wiretaps. But, just as today, there were other issues at play, namely the need to protect an increasingly networked electronic society. In 1996, a National Research Council study on cryptography concluded that “on balance, the advantages of more widespread use of cryptography outweigh the disadvantages.” In 1999, the NSA dropped its objections to the export of cryptography in computer products, opening the way for widespread use of cryptography in domestic products. The NSA was aware that some terrorist and criminal wiretaps would become impossible to decrypt. But the government also believed that the vital importance of securing U.S. communications meant the decision was in balance appropriate. Indeed the question is not whether the FBI is having trouble with deciphering some communications, but why it took so long for carriers to routinely encrypt Internet communications (e.g., Google only began standardly encrypting Gmail after there were break-ins to certain communications).
In order to ensure wiretaps can be done in real time, the FBI wants any communications provider supplying encryption to be able to decrypt when legally authorized. The security implications of this have not been thought through. Several months ago, the United Arab Emirates (UAE) and India announced that Research in Motion (RIM), the makers of BlackBerrys, would not be allowed to operate in the respective countries unless the company would decrypt communications when requested during government-authorized investigations. RIM’s products were built so that only the communications endpoints — the sender and receiver — could decrypt them. The FBI proposal, and the proposals by the governments of the UAE and India, would subvert this solid security design.
The FBI wants to simplify the process of accessing U.S. communications. Other nations want the same for themselves, e.g., access to Blackberry communications in UAE for communications in UAE and access to communications in India for communications in India. Vodafone Greece amply demonstrates the risk that ensues when building surveillance capabilities into communications infrastructures. Does the FBI want communications of U.S. business and U.S. citizens overseas to be built to be secure — or built to be vulnerable?
Because peer-to-peer communications such as Skype do not travel through the communications provider, they create difficulties for wiretapping (a tap placed at the provider is unlikely to succeed). The FBI seeks a redesign of such systems so that they can accommodate wiretaps. This threatened disruption of peer-to-peer technologies, technologies used across the Internet for simplifying distribution of large files, for efficient communications, etc., is unhealthy for U.S. innovation and security.
Encryption and peer-to-peer communications have sometimes thwarted legal wiretaps. But it is also true that in recent decades the abundance of transactional information (the who, when, where of communications) and the easy availability of electronic records (passenger flight information, credit-card records, etc.) has vastly simplified law enforcement’s work. When a security breach is architected into a communications system, that breach is likely to be exploited by criminal organizations and other nation states. Given the U.S.’s increasing reliance on communications networks for all sorts of business, the FBI’s proposal creates unacceptable security risks. In looking at only one side of the security equation, and neglecting the protection of domestic communications, the bureau is proposing a short-sighted policy that creates long-term security risks for the United States.
Susan Landau is a fellow at the Radcliffe Institute for Advanced Study at Harvard University and a former Sun Distinguished Engineer. She is the co-author of “Privacy on the Line: The Politics of Wiretapping and Encryption” (rev. ed. 2007, MIT Press) and the author of the forthcoming “Surveillance or Security? The Risks Posed by New Wiretapping Technologies” (February 2011, MIT Press).
Marc Rotenberg: Surveillance Over Security – The Risk of a Wiretap Friendly Internet
The argument goes roughly as follows: if government has obtained legal authority to undertake surveillance but technology stands in the way, then manufacturers and service providers should redesign their systems to ensure government access to network communications
When this argument was first made almost twenty years ago, we successfully fought against a proposal to weaken encryption — a critical technology for Internet security. Even the government eventually conceded that the adoption of key escrow encryption — “the Clipper Chip” — would have made Internet communications more vulnerable to interception and attack by hostile actors.
Unfortunately, the government did succeed in passing legislation — the Communications Assistance for Law Enforcement Act — that required telephone companies to make their services easy to wiretap. We were told at the time that these technical requirements would only be imposed on traditional phone service and not the Internet. Law enforcement and the intelligence community have pressed on and now want to ensure that all communications networks are easily surveilled.
It is a bad idea.
To begin with, there is no guarantee in the U.S. Constitution that government is assured the success of its searches. Quite the opposite — the provisions in the Bill of Rights, and most importantly the Fourth Amendment, are constraints on government not citizens. To imagine that the Constitution grants the government this “right,” is to read the foundational legal document upside down. The federal wiretap law reflects this view. Wiretapping is described as “an investigative method of last resort.”
The government also had a much stronger case that legal safeguards were effective before passage of the PATRIOT Act, the expansion of the Foreign Intelligence Surveillance Act, and the widespread use of National Security Letters. The government no longer even claims a need for individualized suspicion before seeking wire surveillance authority. In many investigations today, the government has almost no idea what it is looking for, which makes the claim of effective legal safeguards almost nonsensical.
Troubling also is the impact that the White House proposal will have on the architecture of network communications. In the old days of the hub and spoke communications provider, it was not so difficult to imagine procedures that could simplify the execution of a lawful wiretap order. But the current web-based world with peer-to-peer communications is far more complex. Is it no longer a large service provider that is likely to be regulated, but the protocols that enable electronic communications between individuals. Is the White House really prepared to go that far?
There is also the troubling message that the United States sends to other countries when it adopts proposals that grant broad powers to intelligence agencies. President Obama was right to say recently that the United States supports strong communications safeguards for human rights advocates around the world. But foreign governments, including India and China, will hear a different message if the United States chooses to adopt technical standards that enable network surveillance.
Stories of wiretap abuse are rampant. Most recent reports tend to focus on the scandals in Italy, Greece, and elsewhere. The United States itself has a long history of wiretap abuse, from Presidents who spied on their political opponents to FBI Directors who recorded the conversation of civil rights leaders and anti-war activists.
It was because of these abuses that the United States enacted strong limits on wiretapping and electronic surveillance. And there is a good argument that when wiretap safeguards are diminished, abuses become more difficult to detect. We may never know of the post-PATRIOT Act abuses because of the Administration’s aggressive assertion of the state secrets doctrine and the immunity granted to telephone companies for the rampant unlawful surveillance that took place in the United States after 9-11. Assessing not only the lawfulness of wiretapping but also its effectiveness has become more difficult in recent years.
Even if you are not convinced that a wiretap friendly Internet is a bad idea, perhaps we can at least agree that more needs to be known about the White House wiretap plan. For this reason, EPIC has initiated a Freedom of Information Act lawsuit to obtain the draft proposal. This is an important debate for the country and the specifics of the proposal should be made available to the public.[/learn_more]
Marc Rotenberg is Executive Director of the Electronic Privacy Information Center (EPIC) and teaches Information Privacy Law at Georgetown University Law Center. He frequently testifies before Congress on emerging privacy issues.
John Palfrey: Retaining Privacy for Ordinary Citizens
There is no doubt but that law enforcement officials need the means to track activities mediated through digital technologies. We carry out more and more of our lives through the Internet, mobile devices, and related technologies. Our lives are fast-becoming hybrid experiences, lived partly in physical space and partly in virtual environments. It would be a terrible mistake not to enable our law enforcement authorities to use the information that they can obtain from these communications methods to prevent a terrorist act or to bring a criminal to justice.
Terrorism is among the chief justifications for limitation of speech online and otherwise throughout societies. While we celebrate the ways in which information and communications technologies, whether digital or not, are useful to those who would bring democracy about around the world, it is equally important to realize that the very same tools can be useful to those who would harm other people. Digital communications tools are neutral technologies, useful for the activist, useful for the state, and useful for the terrorist.
But we need to focus, too, on the ordinary citizen and her daily life. We need to invest just as much effort in the task of ensuring that we protect civil liberties over the long-term as we are in building increasingly sophisticated surveillance tools into digital networks. Part of what makes digital modes of communication sustainable in the long run is the presence of a mix of environments, some private and some public. The distinctions between the public and the private online are increasingly blurred. We need to ensure that they do not blend into one another completely, or, worse, make the entire space completely public and discoverable in nature.
The way that an ordinary person can navigate a life that is partially digitally-mediated is to establish mechanisms for reasonably private communications in addition to obviously public activities online. Someone who chooses to write a blog under her real name, open a Twitter account on the public web, or participate in mobile geolocation services like FourSquare is plainly making a choice to share some of her life with everyone else in the world, potentially for eternity. She should recognize this fact and appreciate its significance. At the same time, she should be able to establish a means of communicating privately with her close friends or business associates by sending them an encrypted email, using an encrypted BlackBerry service, or sending a private message over a social network.
The ability of a citizen to create and maintain these separate spheres of public and private should not become an impossibility. We should not let privacy become a luxury that only the extraordinarily sophisticated or wealthy can enjoy. We should not force citizens of democracies to choose a life that is solely an offline existence in order to enjoy private spheres of life. We may need to add new substantive legal protections over time to ensure that this is possible.
The Internet is a surveillance-ready technology. Surveillance systems penetrate every aspect of life, especially in the digital environment. As a global society, we are implicitly consenting to the greatest invasion of personal privacy in the history of mankind. We may choose this path, but we should do so in the full knowledge of what we are giving up, today and, in some respects, for all time.
Nearly everything that we do through digitally-mediated technologies can be tracked and traced by law enforcement officials – as well as private parties. Once recorded, these communications can be ignored for the present but preserved and reviewed long after the fact, stored in increasingly inexpensive data farms. These communications can, in turn, be mapped back to individuals, their correspondents, the time and context of the communications, and the specific details of the interaction. Through technologies, these communications can be combined with other information to establish rich portraits of individuals and their activities over time. The sophistication that is possible through modern methods of surveillance make the surveillance practices of the past seem quaint.
If a state needs to track the activity of a suspected terrorist or other criminal, there are plenty of ways today to obtain information about them, including their online activities. Even communications that are encrypted end-to-end can be obtained by going to either the source or the recipient and obtaining the plain text that resides on one or both devices. In the United States, the Communications Assistance to Law Enforcement Act already requires that most telecommunications systems are “wiretap ready.” If we need to provide law enforcement more resources to use the tools and the processes that they have today to keep us safe, then we should do so. But any new proposal for additional online surveillance capacities should be balanced with equally strong provisions to protect the privacy interests of ordinary citizens, for whom privacy is becoming an increasingly scarce experience.
John Palfrey is Henry N. Ess Professor of Law and Vice Dean for Library and Information Resources at Harvard Law School, as well as the faculty co-director of the Berkman Center for Internet & Society at Harvard University. He is the co-author of “Born Digital: Understanding the First Generative of Digital Natives” (Basic Books, 2008) and “Access Denied: The Practice and Politics of Internet Filtering” (MIT Press, 2008).
Image courtesy of technologyexpert.blogspot.com.