Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Court Rejects FBI Claims for Added Wiretap Features

From: Marjorie Simmons <lawyer () USIT NET>
Date: Wed, 16 Aug 2000 01:48:48 -0400
CDT POLICY POST Volume 6, Number 15 August 15, 2000

CONTENTS
(1) Court Rejects FBI Claims for Added Wiretap Features
(2) Packet Surveillance Must Satisfy Highest Legal Standard
(3) Wireless Phone Location Required, but Under Some Higher Standard
(4) Looking Forward - Congress and the FCC
_________________________________________________________

(1) COURT REJECTS FBI CLAIMS FOR ADDED WIRETAP FEATURES

The Federal Court of Appeals for the District of Columbia on August 15 overturned
in major respects and affirmed in part a highly contested agency ruling on wiretap
standards, rejecting FBI demands for added surveillance features but affirming a
requirement that wireless phones be able to provide general location information
about users.  The court also signaled that interception of newer "packet"
technologies must meet the highest legal standards, implicitly casting doubt
on the new FBI monitoring system known as Carnivore.

The court ruling came in a case brought by CDT, other privacy advocates
and the telecommunications industry challenging a ruling of the Federal
Communications Commission under the Communications Assistance for
Law Enforcement Act (CALEA), a 1994 statute that required wireline and
wireless telephone companies to design newer digital systems so as to
preserve law enforcement surveillance capabilities while protecting privacy
and minimizing costs to industry.

In essence, the court told the FCC that it was wrong to give in to the FBI's
surveillance demands at the cost of privacy. In a unanimous opinion, the
three judge panel found that the FCC's decision requiring carriers to build
additional surveillance features into their networks was "an entirely
unsatisfactory response" to the privacy provisions of the 1994 law and
failed to take into account the financial cost to industry.  Among the
added features sought by the FBI was the ability to extract from a call
any dialed digits, which might include long distance numbers but also
would include bank account and credit card numbers.

The court opinion is online at
http://pacer.cadc.uscourts.gov/common/opinions/200008/99-1442a.txt
________________________________________________________________

(2) PACKET SURVEILLANCE MUST SATISFY HIGHEST LEGAL STANDARD

In a separate portion of the opinion dealing with newer "packet" technologies
used on the Internet and increasingly in voice networks, the court concluded
that government agents would be required to meet the highest legal standards
if they wanted to intercept data packets that mingled addressing information
and the content of communications.  The court upheld the FCC's interim
conclusion that carriers should not be required to separate the addressing
information from the contents, but it rejected the FCC's assumption that the
government would be able to intercept both routing information and call content
under the less demanding standard of approval required for so-called pen
register and trap and trace orders.  The court held that this FCC assumption
"was simply mistaken."  Instead, the court indicated, the government would
need to meet the higher standard required for interception of communications
content, even if it claimed it was only interested in the addressing information.

The court's statement that the government must meet the most stringent
constitutional standard to obtain digital packets that include call content gives
a big boost to privacy, especially on the Internet.  It rejects the FBI's "trust us"
approach, and among other things, it casts a dark shadow of doubt over the
legality of Carnivore, the recently-disclosed FBI computer program that monitors
large numbers of email packets looking for certain routing information.
______________________________________________________________

(3) WIRELESS PHONE LOCATION REQUIRED, BUT UNDER SOME HIGHER STANDARD

On a third issue, the Court held that the Commission correctly required carriers
to build into their systems a location capability for wireless phones, but the court
noted that the requirement was limited only to the location of the antenna handling
a call.  The court approvingly cited the FCC's rejection of a claim by the New York City
Police Department that would have required triangulating precise location based on
the signals from multiple cellular antenna towers, a capability, the court noted, "that
could undermine individual privacy" in violation of CALEA.  The court also emphasized
that location information could not be obtained by the government under the weaker
pen register standard, while noting that it is unclear what the legal standard is.

The question of what should be the legal standard for government access to
cell phone tracking information is now up to Congress to decide.  CDT has long
argued that Congress should require government agents to obtain a full probable
cause-based judicial order for access to wireless phone location.  Congressional
action is more important than ever as more people access the Internet with
mobile devices.
_____________________________________________________________

(4)  LOOKING FORWARD - CONGRESS AND THE FCC

Given this decision, Congress cannot view the Clinton Administration's recent
Internet surveillance bill or any other cybercrime bill as a serious update of the
privacy laws unless it sets higher legal requirements for access to wireless phone
location information, codifies the court's ruling that the higher standard applies to
systems like Carnivore, and narrowly defines how pen registers work on the Internet,
making it clear that redesign of the Internet is not required.

CALEA issues return to the FCC on September 30, when the telephone industry
must file a report explaining how it intends to carry out surveillance of
packet communications.

Further background on CALEA is at http://www.cdt.org/digi_tele/

Further background on other surveillance issues,
including Carnivore: http://www.cdt.org/security/

--
To subscribe to CDT's Activist Network, sign up at:
  http://www.cdt.org/join/

If you ever wish to remove yourself from the list, unsubscribe at:
  http://www.cdt.org/action/unsubscribe.shtml

If you just want to change your address, you should unsubscribe
yourself and then sign up again or contact: mclark () cdt org
--
Michael Clark, Grassroots Webmaster
Center for Democracy and Technology
1634 Eye Street NW, Suite 1100    Washington, DC 20006
voice: 202-637-9800    fax: 202-637-0968
mclark () cdt org  http://www.cdt.org/
PGP Key available on keyservers

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: