Bad Medicine

[Prof. David Farber <David.Farber () cisr anu edu au>]

CyberWire Dispatch // Copyright (c) 1994 //
 
Jacking in from the "The Good, the Bad and the Ugly" Port:
 
Washington, DC --  For months now a kind of high stakes privacy poker has
been played out here behind the closed doors of congressional subcommittees
as the FBI, telephone industry executives, congressional staffers and civil
libertarians have played a kind of five card draw with the privacy of all
your future telephone calls, faxes and electronic mail.
 
The betting's all but over now;  Congress has "called" the hand and laid
its cards on the table:  A soon to be introduced bill that will mandate
--forever -- that all the nation's telephone networks be designed to give
the FBI easy wiretap access.  The bill's sponsors, Senator Patrick Leahy
(D-Vt.) and Rep. Don Edwards (D- Cal.), have fought through a numbing array
of options, opinions and (FBI) obfuscation in order feel comfortable enough
to sign their names to a bill that, just years ago, was laughed off Capitol
Hill because it was severely flawed.
 
My how time changes things.
 
It's been two years since the FBI first introduced what amounted to an
"Easy Wiretap America" bill.  Now we have a new President, a new FBI
director and suddenly, a new bill that requires the nation's
telecommunications providers to reengineer their facilities so the FBI can
do wiretaps easier.
 
The Leahy and Edwards staffs have dumped hundreds of hours of "sweat
equity" into this bill, which could be introduced as early as today
(Friday) but certainly before next Tuesday.
 
Leahy and Edwards have never been known to tape "kick me" signs on the back
of American privacy rights.  The bill that's been hammered out here -- and
that phrase isn't used lightly -- by Leahy and Edwards is a damn sight
better than the FBI's laughable attempts at drafting legislation.  In fact,
it was Leahy and Edwards that stepped into the breach to thwart those early
FBI proposals from being passed "as is."
 
An earlier version of this bill, which, among other things, gave the
Justice Department the right to shut down any telephone company's network,
regardless of size, if they didn't comply with the wiretap statute, was set
to be introduced by Sen. Joseph Biden (D-Del.), with heavy support from
others in congress.  That bill, if introduced, would have passed,
congressional sources have said.
 
But the Leahy and Edwards tag team effort took Sen. Biden off the scent.
So, we get a more palatable bill.  Call it the "cod liver oil act" of 1994.
It tastes horrible, but it's necessary, considering the earlier
alternatives.  Without this Leahy/Edwards bill our privacy rights would
have really been fucked over.  At least now we get kissed. (Sorry, no
tongues.)
 
Still Got The Power
====================
 
A draft copy of the latest bill, obtained by Dispatch, shows that the
Justice Department and FBI still have the tools to intimidate and harass
the future development of the nation's telecommunications infrastructure.
 
The bill, as it stands, does keep Justice and law enforcement from
mandating any "specific design of features or system configurations to be
adopted."  But the requirements to build wiretap capability into all public
telecommunications carrier systems is steadfast. This means that while the
FBI can't expressly tell a company "how to get there," it can definitely
say, "just get there."
 
Never again, under the provisions of this bill, will a telecommunications
provider be able to develop a service or technology without first and
foremost asking the question:  How can I design this so that it pops off
the assembly line wiretap ready?
 
Read it again.  The key word there:  Never.
 
There is an "out" however, and it comes thanks to Leahy.  If a new
technology doesn't fit with the mandate, that is, if you can't make that
new hand held satellite phone wiretap ready and you've made every
"reasonable effort" to make it so, it can still be sold. How?
 
"The court can enforce the (wiretap) requirement of this act only if
compliance with the act is 'reasonably achievable' through the application
of 'available technology,'" said Jeff Ward, director of governmental affair
for the Nynex telephone company.
 
Ward -- who says the bill has been an "albatross" around his neck for 2
years -- has focused his efforts during this 2 year time frame, on ensuring
that such "reasonably achievable" provisions allow telephone industry and
equipment makers to be "good corporate citizens."   That is, these
companies are required to consider [wiretap] design factors, but if after
"due consideration, we can't do it, we've got to be able to proceed."
 
This effort is supported by the bill;  however, it is a court of law that
decides what is "reasonable" or not.  Such litigation, brought by Justice
no doubt, could tie up a new technology for years while the case is
decided, thus giving Justice and the FBI a kind of de facto control over
the development of new technologies.
 
Make That Check Out To...
=========================
 
Then there's cost.  The FBI insists that the cost to industry to retrofit
all their networks will be only $500 million.  But that's a bullshit figure
and everyone from FBI Director Louis Freeh to the newest line programmer at
AT&T knows it.
 
In fact, so many lines of code will have to be written and maintained to
comply with these wiretap mandates that one Internet pioneer, Dave Farber,
has called the FBI proposal "the programmers full employment act."
 
Provisions in the bill make it basically a blank check for the FBI. Within
the first 4 years, there is $500 million approved to be spent on
"upgrading" all the nation's telephone systems to provide law enforcement
with easy wiretap access.   There are provisions in the bill that require
the government to repay all costs of installing wiretap software throughout
all networks forever, with no cap.  What's not clear, however, is what
happens when FBI demands for wiretap capability exceed the $500 million
mark (and it will) during those first 4 years.
 
Maybe we'll get some answers when this bill (in whatever language is
finally passed) is discussed at joint hearings to be held by Leahy and
Edwards on it August 11th.
 
Take It or Take It
===================
 
Take it or take it.  Those are your only choices here.  This bill is a slam
dunk for passage.  But you didn't lose everything.
 
All electronic systems will be exempt from complying with the bill's
mandates.  But hold on before you cheer...
 
This simply means that the FBI can't tap your Email from, say, America
Online's computers;  rather, they can do what they've always been allowed
to do:  Snag it off the telephone company's central switch.  But at least
we don't have the Internet being hung with "FBI:  Tap In Here" signs.
 
Transactional data, Dispatch has been told, will get some beefed up
protection.  Just how this language shakes out remains to be seen, however.
 
 
Yeah, but Can They Count?
=========================
 
At the very end of the draft we obtained, the FBI is given a curious
additional reporting requirement under its annual wiretap reports.  The
addition, in our draft copy, says the Bureau must quantify "the number of
interceptions encountering electronically encrypted communications,
specifying the number of such interceptions that could not be decrypted."
 
Throughout the history of this bill and the now ignominious Clipper Chip
proposal, the FBI has touted the fact that it's investigations are
continually stymied by encryption technologies.  Small problem: The Bureau
refuses to provide any kind of documentation to back up those claims.
 
At first blush, then, this extra requirement finally means the G- men will
have to give us some concrete numbers.   All well and good... *if* that's
what this requirement actually is used for.
 
There's potentially a much darker use for these stats... yes, I see all you
Crypto-rebels nodding your anxious heads.  You see, such a formal gathering
of statistics could be used by the Bureau or... say, the National Security
Agency, to "prove" that private encryption schemes are just too great a
threat to "catching bad guys."
 
Citing these newly gathered statistics the White House could, one day,
order the banning of private encryption methods.   Far fetched you say?
 
Yeah, it's far-fetched... something on the order of, oh, say a bill that
mandates telephone companies give the FBI easy access to all conversations
from now until forever.
 
Meeks out...