FBI adds to wiretap wish list

[InfoSec News <isn () c4i org>]

http://news.com.com/2100-1028-5172948.html

By Declan McCullagh and Ben Charny 
Staff Writer, CNET News.com
March 12, 2004

A far-reaching proposal from the FBI, made public Friday, would
require all broadband Internet providers, including cable modem and
DSL companies, to rewire their networks to support easy wiretapping by
police.

The FBI's request to the Federal Communications Commission aims to
give police ready access to any form of Internet-based communications.  
If approved as drafted, the proposal could dramatically expand the
scope of the agency's wiretap powers, raise costs for cable broadband
companies and complicate Internet product development.

Legal experts said the 85-page filing includes language that could be
interpreted as forcing companies to build back doors into everything
from instant messaging and voice over Internet Protocol (VoIP)  
programs to Microsoft's Xbox Live game service. The introduction of
new services that did not support a back door for police would be
outlawed, and companies would be given 15 months to make sure that
existing services comply.

"The importance and the urgency of this task cannot be overstated,"  
says the proposal, which is also backed by the U.S. Department of
Justice and the Drug Enforcement Administration. "The ability of
federal, state and local law enforcement to carry out critical
electronic surveillance is being compromised today."

Because the eavesdropping scheme has the support of the Bush
administration, the FCC is expected to take it very seriously. Last
month, FCC Chairman Michael Powell stressed that "law enforcement
access to IP-enabled communications is essential" and that police must
have "access to communications infrastructure they need to protect our
nation."

The request from federal police comes almost a year after
representatives from the FBI's Electronic Surveillance Technology
Section approached the FCC and asked that broadband providers be
required to provide more efficient, standardized surveillance
facilities. Such new rules were necessary, the FBI argued, because
terrorists could otherwise frustrate legitimate wiretaps by placing
phone calls over the Internet.

"It is a very big deal and will be very costly for the Internet and
the deployment of new technologies," said Stewart Baker, who
represents Internet providers as a partner at law firm Steptoe &
Johnson. "Law enforcement is very serious about it. There is a lot of
emotion behind this. They have stories that they're very convinced
about in which they have not achieved access to communications and in
which wiretaps have failed."


Broadband in the mix

Broadband providers say the FBI's request would, for the first time,
force cable providers that sell broadband to come under the
jurisdiction of 1994's Communications Assistance for Law Enforcement
Act (CALEA), which further defined the already existing statutory
obligations of telecommunications carriers to help police conduct
electronic surveillance. Telephone companies that use their networks
to sell broadband have already been following CALEA rules.

"For cable companies, it's all new," said Bill McCloskey, a BellSouth
spokesman.

Several cable providers, including Comcast, Time Warner Cable and
Cablevision Systems, had no immediate comment on the FBI's request.

The FBI proposal would also force Vonage, 8x8, AT&T and other
prominent providers of broadband telephone services to comply with
CALEA. Executives from these companies have said in the past that they
all intend to comply with any request law enforcement makes, if
technically possible.

Broadband phone service providers say they are already creating a code
of conduct to cover some of the same issues the FBI is addressing--but
on a voluntary basis, according to Jeff Pulver, founder of Free World
Dialup. "We have our chance right now to prove to law enforcement that
we can do this on a voluntary basis," Pulver said. "If we mandate and
make rules, it will just complicate things."

Under CALEA, police must still follow legal procedures when
wiretapping Internet communications. Depending on the situation, such
wiretaps do not always require court approval, in part because of
expanded wiretapping powers put in place by the USA Patriot Act.

A Verizon representative said Friday that the company has already
complied with at least one law enforcement request to tap a DSL line.

This week's proposal surprised privacy advocates by reaching beyond
broadband providers to target companies that offer communications
applications such as instant-messaging clients.

"I don't think it's a reasonable claim," said Marc Rotenberg, director
of the Electronic Privacy Information Center. "The FCC should
seriously consider where the FBI believes its authority...to regulate
new technologies would end. What about Bluetooth and USB?"

Baker agrees that the FBI's proposal means that IP-based services such
as chat programs and videoconferencing "that are 'switched' in any
fashion would be treated as telephony." If the FCC agrees, Baker said,
"you would have to vet your designs with law enforcement before
providing your service. There will be a queue. There will be politics
involved. It would completely change the way services are introduced
on the Internet."

As encryption becomes glued into more and more VoIP and
instant-messaging systems like PSST, X-IM and CryptIM, eavesdropping
methods like the FBI's Carnivore system (also called DCS1000) become
less useful. Both Free World Dialup's Pulver, and Niklas Zennstrom,
founder of Skype, said last month that their services currently offer
no easy wiretap route for police, because VoIP calls travel along the
Internet in tens of thousands of packets, each sometimes taking
completely different routes.

Skype has become a hot button in the debate by automatically
encrypting all calls that take place through the peer-to-peer voice
application.

The origins of this debate date back to when the FBI persuaded
Congress to enact the controversial CALEA. Louis Freeh, FBI director
at the time, testified in 1994 that emerging technologies such as call
forwarding, call waiting and cellular phones had frustrated
surveillance efforts.

Congress responded to the FBI's concern by requiring that
telecommunications services rewire their networks to provide police
with guaranteed access for wiretaps. Legislators also granted the FCC
substantial leeway in defining what types of companies must comply. So
far, the FCC has interpreted CALEA's wiretap-ready requirements to
cover only traditional analog and wireless telephone service, leaving
broadband and Internet applications in a regulatory gray area.

Under the FBI's proposal, Internet companies would bear "sole
financial responsibility for development and implementation of CALEA
solutions" but would be authorized to raise prices to cover their
costs.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.