Administration Laughs at CALEA, Proposes to Eviscerate Law's Compromise

After a petition from the FBI and other federal law enforcement agencies, the FCC ruled last year that companies like Vonage and private institutions that provide Net access must redesign their networks to facilitate wiretaps. By forcing broadband Internet and interconnected voice over Internet Protocol (VoIP) services to abide by the controversial Communications Assistance for Law Enforcement Act (CALEA), the FCC ignored the statute's plain language and threatened privacy, security, and innovation.

The FCC ruling has been challenged in court by EFF and others and may end up before the Supreme Court. But the DOJ -- apparently tired of our lawsuits and hoping to avoid such suits in the future -- has now proposed draft legislation to codify and expand the FCC ruling. Read on to learn more about how you may soon be forced to finance this unnecessary expansion of government surveillance.

[Read the entire post]

Court Calls FCC CALEA Ruling "Gobbledygook ... Utter Nonsense"

Today, the DC Circuit Court of Appeals heard oral arguments in a suit brought by EFF and a coalition of public interest, industry, and academic groups challenging the FCC's unjustified expansion of the Communications Assistance for Law Enforcement Act (CALEA). The suit argues that the FCC ignored the plain language of CALEA by forcing broadband and VoIP providers to become wiretap-friendly.

According to News.com, the court is also skeptical of the FCC's power over Internet services:

"'This is wholly ridiculous,' [Judge Harry] Edwards said, saying that Congress' meaning was clear. The FCC's argument 'is such gobbedlygook, it's really funny.... It's utter nonsense.'"

AP also reported on the hearing.

[Permalink]

EFF Urges Reversal of FCC's Forcing Internet Services To Be Wiretap-Friendly

On May 5, the DC Circuit Court of Appeals will hear oral arguments in a suit brought by EFF and a coalition of public interest, industry, and academic groups challenging the FCC's unjustified expansion of the Communications Assistance for Law Enforcement Act (CALEA). By forcing broadband Internet and interconnected voice over Internet Protocol (VoIP) services to become wiretap-friendly, the FCC ignored CALEA's plain language and threatened privacy, security, and innovation.

When Congress controversially passed CALEA in 1994 and gave the FCC powers to mandate backdoors in traditional telephony systems, it expressly exempted "information services" such as the Internet. Yet after a petition from the FBI and other federal law enforcement agencies, the FCC ruled last year that companies like Vonage and private institutions that provide Net access must redesign their networks to facilitate wiretaps. On Wednesday, the FCC announced that these service providers would have to foot the bill -- an estimated $7 billion dollars for the universities alone.

The FCC completely failed to give the law enforcement petitions the "hard look" that the public deserves when massive government surveillance proposals are on the table. While the FCC's unfunded tech mandate will undoubtedly harm the public, the government made no showing that there was any need to extend CALEA to Internet services at all.

Indeed, just this past Monday, the Administrative Office of the U.S. Courts issued its annual wiretap report -- which revealed that only 8 court orders for Internet wiretaps were issued in 2005, down from 12 orders in each of the years 2003 and 2004 -- and the report contains no indication that law enforcement had any problems in conducting these electronic surveillances.

Petitioners in American Council on Education v. FCC include the American Library Association, the Center for Democracy and Technology, Electronic Privacy Information Center, EDUCAUSE, Pulver.com, and Sun Microsystems.

Read the petitioners' opening and reply briefs here.

[Permalink]

Leahy Opposes Expansion of CALEA

Senator Patrick Leahy, the chief sponsor of the Communications Assistance for Law Enforcement Act CALEA), had a few strong words for the FCC ruling that would expand the CALEA to broadband ISPs and VoIP providers. In a statement Leahy writes "The expansion of the Communications Assistance for Law Enforcement Act (CALEA) to the Internet is troubling, and it is not what Congress intended." He goes on to warn that "...stretching this law without changing it, and without properly examining the implications of doing that, invites a basketful of potential new problems." Leahy further explains:

Congress recognized the unique architecture of the Internet and explicitly excluded it from the scope of CALEA's surveillance design mandates, and we did that to allow Congress to re-visit the appropriateness of such an extension as the Internet developed. Any extension of CALEA - a law written for the telephone system in 1994 - to the Internet in 2005 would be inconsistent with congressional intent.

EFF, along with many other groups, has already told the FCC that its expansion of CALEA goes beyond the statute's letter and Congressional intent, and has petitioned for a federal appeals court to review the FCC decision. But it's great to see one of the original proponents of the legislation remind the FCC of the legislature's clear intent to keep its hands of the Internet.

[Permalink]

Plan for Internet "Backdoors" Draws Coordinated Attack

The FCC's new tech mandate requiring Internet backdoors exceeds the FCC's authority, is arbitrary, capricious, unsupported by the evidence, and is contrary to law, and EFF and six other groups have teamed up to stop it.

The coalition has petitioned an appeals court to review the FCC ruling that would expand the Communications Assistance to Law Enforcement Act (CALEA) to broadband ISPs and VoIP providers, forcing them to build insecure backdoors into their networks. Law enforcement says it needs the backdoors because, they argue, it's just too hard for them to intercept all the communications that they need. But that kind of easy access will also endanger the privacy of innocent people, stifle innovation, and risk the Internet as a forum for free and open expression.

EFF has already argued against this expansion of CALEA in several rounds of comments to the FCC, and we'll be there every step of the way during the court battle.

[Permalink]

Give the Government an Inch of CALEA and It Will Take a Mile of Privacy

The FCC is set to expand CALEA and force VoIP and broadband providers to make their networks wiretap-"friendly." Along with curbing technological innovation and passing along the costs to service providers and their customers, this casual expansion of surveillance powers poses a substantial privacy threat. If we want to see where the slippery slope leads, we need look no further than Italy.

According to a recent LA Times story, wiretaps in Italy are so easy to do that they're used routinely to snoop on millions of innocent people:

"Surreptitious listening is now so common in Italy that people with little or no connection to criminal cases have found themselves recorded and their private utterings made public in newspapers....

"One of Italy's largest cellphone companies complained this year that government-ordered taps — 7,000 at one time — had maxed out its technological capacity."

Expanding CALEA invites this kind of abuse, risking pervasive surveillance of private communication. As we note in our letter to Time magazine, additional surveillance isn't necessary to achieve legitimate law enforcement ends -- Internet service providers already cooperate with law enforcement to provide sufficient information under existing laws, and there's nothing to suggest that the FBI is having any trouble with compliance. The potential incremental benefit of extending CALEA to the Internet just isn't worth the inevitable, immense costs.

[Permalink]

Time Magazine Swallows FBI Surveillance Story

Time recently published a very brief -- even glib -- article [subscription required] on the FBI's push to expand the Communications Assistance for Law Enforcement Act (CALEA) to some Internet communications. The article is remarkably uncritical of law enforcement's claims, so we wrote a letter to the editor to give readers the whole story:

Your account of FBI efforts to embed wiretapping into the design of new Internet communication technologies ("Psst! The FBI is Having Trouble on the Line," Notebook, August 15) is in error.

You claim that police "can't tap into [Internet] conversations or identify the location of callers, even with court orders."

That is false. Internet service providers and VoIP companies have consistently responded to such orders and turned over information in their possession. There is no evidence that law enforcement is having any trouble obtaining compliance.

But more disturbingly, you omit entirely any reference to the grave threat these FBI initiatives pose to the personal privacy and security of innocent Americans. The technologies currently used to create wiretap-friendly computer networks make the people on those networks more pregnable to attackers who want to steal their data or personal information. And at a time when many of our most fundamental consititutional rights are being stripped away in the name of fighting terrorism, you implicitly endorse opening yet another channel for potential government abuse.

The legislative history of the Communications Assistance for Law Enforcement Act (CALEA) shows that Congress recognized the danger of giving law enforcement this kind of surveillance power "in the face of increasingly powerful and personally revealing technologies" (H.R. Rep. No. 103-827, 1994 U.S.C.C.A.N. 3489, 3493 [1994] [House Report]). The law explicitly exempts so-called information services; law enforcement repeatedly assured civil libertarians that the Internet would be excluded. Yet the FBI and FCC have now betrayed that promise and stepped beyond the law, demanding that Internet software be redesigned to facilitate eavesdropping. In the coming months, we expect the federal courts to rein in these dangerously expansive legal intepretations.

For more detailed information about CALEA, see our CALEA page and the CALEA FAQ.

[Permalink]

More on the Mother of Acrimonious Acronyms

Marcia Coyle has the best piece yet on why applying CALEA to the Internet is a terrible idea: Wiretap the Net? Not So Fast (previous Deep Links coverage: The Mother of Acrimonious Acronyms).

Here's a bit that will be sure to interest librarians who've been fighting PATRIOT Section 215 and the Broadcast Flag (hyperlink, mine):

There are a number of collateral consequences to the FCC's order, said Perkins Coie's Gidari, counsel to education, library and other associations that opposed the FCC's decision.

"I don't think the commission had a clue that what they were saying affected other facilities-based providers," he said.

"A lot of companies and organizations make broadband available to their work force, students, faculties, researchers and others. That's why Congress holds hearings, to determine impact. The commission put out an order only carriers would pay attention to," Gidari said.

"The notion a librarian would have to do a wiretap and is subject to felony penalties if she discloses it, is amazing," he said.

"That's what CALEA requires -- you have to have a security office, security procedures. In truth, that won't happen because the library will be closed because it has no budget for this. That's why this issue is important."

Applying CALEA to the Internet is in many ways like a combo 215/Broadcast Flag -- in short, it's a technology mandate to make it easier for the government (and others) to spy on people. The kicker is that it's the customers/patrons/surveillance subjects themselves who will pay for it.

[Permalink]

The Mother of Acrimonious Acronyms

As Cardozo law professor Susan Crawford recently noted, there are a lot of "acrimonious acronyms" in the battle over the future of the Internet. One of the most dangerous: the Communications Assistance to Law Enforcement Act, better known as CALEA.

Back in the Clinton era, the FBI asked for a law to force all telecommunications companies to build backdoors into their networks for easy government spying. As part of the desperate Capitol Hill horse-trading before CALEA was passed, privacy advocates won a concession: the new law would not apply to providers of information services such as email and Internet access. But as of Friday, that's no longer the case. The Federal Communications Commission (FCC) has issued an advisory stating that it has granted the FBI's request to expand the scope of CALEA to include Internet broadband providers and certain Voice-over-IP (VoIP) providers.

So what does this mean in practical terms? It means the government will be asking broadband providers -- as well as companies that manufacture devices used for broadband communications -- to build insecure backdoors into their networks, imperiling the privacy and security of citizens on the Internet. It also means that technological innovation will be hobbled as companies involved in broadband are forced to redesign their products to meet government specs.

This is bad news on multiple levels. "Expanding CALEA to the Internet is contrary to the statute and is a fundamentally flawed public policy," explains Staff Attorney Kurt Opsahl in EFF's press release. "This misguided tech mandate endangers the privacy of innocent people, stifles innovation, and risks the functionality of the Internet as a forum for free and open expression."

And the government isn't stopping there. The Department of Justice (DOJ) is asking airlines to build similar backdoors into the phone and data networks on airplanes. EFF and the Center for Democracy and Technology (CDT) last week submitted joint comments [PDF] with the FCC to oppose this unprecedented, sweeping new technology design mandate and anticipatory wiretapping system.

As the press release points out, the proposal to expand CALEA to airline broadband illustrates the fallacy of law enforcement's rationale for its CALEA request. To avoid the statute's carefully crafted compromise -- the total exclusion of information services from the CALEA's reach -- the DOJ argues that CALEA covers broadband services because they have "substantially replaced" the local telephone exchange. But airplane communications have hardly "substantially replaced" local telephone services. This request is about opening the door for CALEA to cover just about anything.

Our CALEA FAQ gives it to you short and not-so-sweet:

Q: "Is the FBI trying to dictate how the Internet should be engineered to permit whatever level of surveillance the FBI deems necessary?"

A: "Yes. What the FBI is really asking for is a massive overhaul of how the Internet works to make it easier for federal agents to listen in on people's digital conversations. EFF believes that law enforcement should not be allowed to have veto power over proposed innovations to the Internet in order to make spying easier. In addition, federal agencies should not force the broadband industry -- and by extension, its consumers -- to bear the considerable costs of purchasing and implementing surveillance-ready network technologies simply because it suits the government's needs."

In other words, the government not only wants service providers to make your private communications easily open to government surveillance, it also wants the providers -- and therefore you, the customer -- to pay for it.

For more on the FCC and CALEA, see Declan McCullagh's CNET column, FCC Schizo on DSL, Wiretapping.

[Permalink]

A Government-Mandated Backdoor for Every Network

That's what the Federal Communications Commission (FCC) promises if the FBI gets its way.

The Communications Assistance for Law Enforcement Act (CALEA) was passed in 1994 to make it easier for the feds to listen in to everyone's phone calls. The law forced phone companies to design their digital networks with special backdoors for government surveillance. There was a single saving grace - CALEA did not apply to the Internet.

But now, all of that could change. Under pressure from the Department of Justice (DoJ) and federal law enforcement, the FCC is gathering comments on a proposal to expand CALEA to cover broadband Internet access providers and Voice over IP (VoIP) telephony companies.

If the FCC adopts the proposal, Internet Service Providers (ISPs) and nearly all VoIP companies will have to design their systems to be tappable. This isn't nearly as tidy as it sounds. The law distinguishes between two kinds of information that can be gleaned via telephone surveillance: "call identifying information" or CII (numbers dialed and when), and "content" (actual conversations taking place). Telephone network technology allows a law enforcement agent to gather these two kinds of information separately, in isolation from one another. There is no danger that an agent seeking CII will accidentally get to listen to the content of his target's conversations. Or that he will accidentally hear the conversations of everybody on the same block as his target.

With the new proposal, all of these things are possible. Surveillance on the Internet is a messy business - CII "trap and trace" information is contained in the same data packets as the actual content of the communication. Moreover, all current methods of snooping on somebody's communications at an ISP also mean sifting through the private communications of other people using the same ISP. Law enforcement officers with a trap and trace order would have the opportunity - if they chose - to capture the content of a target's communications, and that of any number of innocent people who share the same ISP. Similar issues will plague VoIP providers, who will have to examine the data packets of every user in order to find those associated with law enforcement's target.

Having these kinds of backdoors in data networks will make communicating over the Internet less secure for everyone - especially when criminals with technical know-how figure out how to use the built-in backdoors for their own purposes.

And here's the kicker: you're going to have to pay for all this. The FCC wants to force broadband Internet access and VoIP providers and their customers to bear the considerable costs of purchasing and implementing surveillance-ready network technologies. So you'll be paying extra to make it easier for the FBI and net-savvy criminals to spy on you.

In two months, the FCC will review the public's comments on this proposal and make a final decision on whether the future of the Internet is one of pervasive surveillance or relative privacy.

Now is the time to tell your ISP that you don't want to pay for the government to tap everybody's data stream. Urge your service provider to get more information about CALEA and tell the FCC why it's a bad idea.

[Permalink]