As Online Communications Stymie Wiretaps, Lawmakers Debate Solutions
New York Times, February 17, 2011
Leading Democrats on the House Judiciary Committee on Thursday reacted skeptically to the idea of overhauling surveillance laws to make it easier to wiretap people who communicate online rather than by telephone, a major priority for the Federal Bureau of Investigation.
The lawmakers expressed their concerns at a House hearing devoted to a problem that law enforcement officials call "going dark" — investigators' inability to carry out court-approved wiretap orders when the people who are the targets communicate using services that lack a surveillance capability.
The FBI has been quietly laying the groundwork for years for a push to require Internet-based communications services — like Gmail, Facebook, Twitter, BlackBerry and Skype — to design their systems with a built-in way to comply with wiretap orders. On Thursday, the bureau made its first full airing of the "going dark" problem.
"Due to the revolutionary expansion of communications technology in recent years, the government finds that it is rapidly losing ground in its ability to execute court orders with respect to Internet-based communications," said the FBI's general counsel, Valerie Caproni.
A 1994 law requires phone companies to build their networks with the capability of immediately starting to intercept a user's communications when the company is presented with a wiretap order. But that law does not cover Internet-based communication providers.
As a result, while they, too, are subject to court wiretap orders, they are often unable to comply, for technical reasons, when presented with one.
Ms. Caproni stopped short of making any specific legislative proposal, saying that the Obama administration was still debating the issue internally. Last fall, The New York Times reported that law enforcement officials were developing a bill that would impose new regulations on Internet communications companies and phone and broadband carriers, making them easier to wiretap.
"We don't have a specific request yet," Ms. Caproni said. "The administration does not yet have a proposal. It is something that is actively being discussed within the administration, and I am optimistic that we will have a proposal in the near future."
Still, Representative John Conyers Jr. of Michigan, the ranking Democrat on the Judiciary Committee, was one of several lawmakers who said he was likely to greet such a proposal with skepticism. Forcing Internet communications services to build in "back doors" for law enforcement surveillance, he said, would hamper innovation and create vulnerabilities for hackers and foreign governments to exploit.
"Requiring back doors in all communications systems by law runs counter to how the Internet works and may make it impossible for some companies to offer their services," Mr. Conyers said.
Several lawmakers of both parties raised concerns about how such a mandate would affect the competitiveness of Internet companies that operate in the United States. Still, several Republicans suggested sympathy with law enforcement officials' fear that changing technology could hamper their ability to investigate criminals and terrorists.
Ms. Caproni emphasized that the FBI was not seeking new surveillance powers, but rather a way to keep its existing powers from eroding. She also said the FBI was not seeking a decryption key that would allow the government to directly intercept and unscramble secure communications.
Rather, she said, the bureau hoped to require communication service providers to deploy, within their own systems, a wiretapping capability. The provider would have to be able to isolate, intercept and deliver to the government a particular user's communications in response to a wiretap order.
Susan Landau, a Radcliffe Institute for Advanced Study fellow and former Sun Microsystems engineer, argued against building interception systems within a service, citing high-profile cases in which hackers exploited such mechanisms in Greece and Italy to illegally spy on politicians and other prominent people.
Ms. Caproni spoke with caution about several aspects of the FBI's broad goals that have attracted controversy. For example, law enforcement officials have said in the past that all companies that facilitate communications should be able to provide a plain-text version of messages in response to a wiretap order.
Such a mandate could require major changes for companies like Research in Motion, whose BlackBerry Enterprise Server system relays encrypted messages that the company says it cannot unscramble. Last year, Research in Motion came into conflict with several governments, including in India and the United Arab Emirates, over their inability to conduct surveillance of messages sent via its encrypted service.
Asked about encryption, Ms. Caproni said that if a provider encrypted communications but had the ability to decrypt them, then it should be required to give law enforcement unscrambled versions. And she said that if an individual encrypted his own communications, investigators would have to find some other way to monitor that person.
But crucially, she did not directly address whether a service provider should be allowed to encrypt a user's communications in such a way that the provider is unable to unscramble them — even if a court orders it to do so.
The hearing came a day after the release of several hundred pages of internal FBI documents showing that the bureau has been working with great urgency to push to change legislation for years. The documents were obtained under the Freedom of Information Act by the Electronic Frontier Foundation, an Internet freedom advocacy group.
The documents shed new light on how the FBI's interest in the "going dark" problem predates the Obama administration. The bureau commissioned a study from the RAND Corporation and Booz Allen Hamilton several years ago, and it conducted surveys of law enforcement officials seeking examples of encountering obstacles to carrying out wiretap orders.
One such document redacted a legislative proposal for the "going dark" surveillance issue. But beneath it, a related proposal was left uncensored: electronic communications service providers, it said, should be required "to retain for two years records showing the origination and termination of communications."
Currently, law enforcement agencies are able to obtain such records only if the provider has chosen to preserve them for its own purposes, like billing.