Information Security News mailing list archives
Court Rejects FBI Claims for Added Wiretap Features
From: Marjorie Simmons <lawyer () USIT NET>
Date: Wed, 16 Aug 2000 01:48:48 -0400
CDT POLICY POST Volume 6, Number 15 August 15, 2000 CONTENTS (1) Court Rejects FBI Claims for Added Wiretap Features (2) Packet Surveillance Must Satisfy Highest Legal Standard (3) Wireless Phone Location Required, but Under Some Higher Standard (4) Looking Forward - Congress and the FCC _________________________________________________________ (1) COURT REJECTS FBI CLAIMS FOR ADDED WIRETAP FEATURES The Federal Court of Appeals for the District of Columbia on August 15 overturned in major respects and affirmed in part a highly contested agency ruling on wiretap standards, rejecting FBI demands for added surveillance features but affirming a requirement that wireless phones be able to provide general location information about users. The court also signaled that interception of newer "packet" technologies must meet the highest legal standards, implicitly casting doubt on the new FBI monitoring system known as Carnivore. The court ruling came in a case brought by CDT, other privacy advocates and the telecommunications industry challenging a ruling of the Federal Communications Commission under the Communications Assistance for Law Enforcement Act (CALEA), a 1994 statute that required wireline and wireless telephone companies to design newer digital systems so as to preserve law enforcement surveillance capabilities while protecting privacy and minimizing costs to industry. In essence, the court told the FCC that it was wrong to give in to the FBI's surveillance demands at the cost of privacy. In a unanimous opinion, the three judge panel found that the FCC's decision requiring carriers to build additional surveillance features into their networks was "an entirely unsatisfactory response" to the privacy provisions of the 1994 law and failed to take into account the financial cost to industry. Among the added features sought by the FBI was the ability to extract from a call any dialed digits, which might include long distance numbers but also would include bank account and credit card numbers. The court opinion is online at http://pacer.cadc.uscourts.gov/common/opinions/200008/99-1442a.txt ________________________________________________________________ (2) PACKET SURVEILLANCE MUST SATISFY HIGHEST LEGAL STANDARD In a separate portion of the opinion dealing with newer "packet" technologies used on the Internet and increasingly in voice networks, the court concluded that government agents would be required to meet the highest legal standards if they wanted to intercept data packets that mingled addressing information and the content of communications. The court upheld the FCC's interim conclusion that carriers should not be required to separate the addressing information from the contents, but it rejected the FCC's assumption that the government would be able to intercept both routing information and call content under the less demanding standard of approval required for so-called pen register and trap and trace orders. The court held that this FCC assumption "was simply mistaken." Instead, the court indicated, the government would need to meet the higher standard required for interception of communications content, even if it claimed it was only interested in the addressing information. The court's statement that the government must meet the most stringent constitutional standard to obtain digital packets that include call content gives a big boost to privacy, especially on the Internet. It rejects the FBI's "trust us" approach, and among other things, it casts a dark shadow of doubt over the legality of Carnivore, the recently-disclosed FBI computer program that monitors large numbers of email packets looking for certain routing information. ______________________________________________________________ (3) WIRELESS PHONE LOCATION REQUIRED, BUT UNDER SOME HIGHER STANDARD On a third issue, the Court held that the Commission correctly required carriers to build into their systems a location capability for wireless phones, but the court noted that the requirement was limited only to the location of the antenna handling a call. The court approvingly cited the FCC's rejection of a claim by the New York City Police Department that would have required triangulating precise location based on the signals from multiple cellular antenna towers, a capability, the court noted, "that could undermine individual privacy" in violation of CALEA. The court also emphasized that location information could not be obtained by the government under the weaker pen register standard, while noting that it is unclear what the legal standard is. The question of what should be the legal standard for government access to cell phone tracking information is now up to Congress to decide. CDT has long argued that Congress should require government agents to obtain a full probable cause-based judicial order for access to wireless phone location. Congressional action is more important than ever as more people access the Internet with mobile devices. _____________________________________________________________ (4) LOOKING FORWARD - CONGRESS AND THE FCC Given this decision, Congress cannot view the Clinton Administration's recent Internet surveillance bill or any other cybercrime bill as a serious update of the privacy laws unless it sets higher legal requirements for access to wireless phone location information, codifies the court's ruling that the higher standard applies to systems like Carnivore, and narrowly defines how pen registers work on the Internet, making it clear that redesign of the Internet is not required. CALEA issues return to the FCC on September 30, when the telephone industry must file a report explaining how it intends to carry out surveillance of packet communications. Further background on CALEA is at http://www.cdt.org/digi_tele/ Further background on other surveillance issues, including Carnivore: http://www.cdt.org/security/ -- To subscribe to CDT's Activist Network, sign up at: http://www.cdt.org/join/ If you ever wish to remove yourself from the list, unsubscribe at: http://www.cdt.org/action/unsubscribe.shtml If you just want to change your address, you should unsubscribe yourself and then sign up again or contact: mclark () cdt org -- Michael Clark, Grassroots Webmaster Center for Democracy and Technology 1634 Eye Street NW, Suite 1100 Washington, DC 20006 voice: 202-637-9800 fax: 202-637-0968 mclark () cdt org http://www.cdt.org/ PGP Key available on keyservers ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Court Rejects FBI Claims for Added Wiretap Features Marjorie Simmons (Aug 16)