If you are planning a terrorist attack on the United States, it will no longer be possible to elude FBI wiretaps by communicating via Facebook chat (as so many terrorists have been known to do). The U.S. government is now preparing to expand its wiretapping reach to cover encrypted email transmitters (like BlackBerry), messages sent on social networking sites, and direct peer-to-peer messaging services, like Skype.
The bill, which proposes an overhaul of Internet regulations, is expected to be submitted to lawmakers next year and comes in response to the growing number of people who no longer use the phone as their primary source of communication. More and more people are moving to online and digital forms of communication and Federal law enforcement personnel are pushing for the bill’s passage, arguing that their ability to wiretap suspects is “going dark.”
The New York Times, which broke the story Monday morning, used the example of Faisal Shahzad, the suspected bomber in the failed Times Square bombing in May. After Shahzad was apprehended, investigators found that he had been communicating via an online communication system that did not have interception capacity—meaning that if he had sparked any suspicion beforehand, law enforcement would not have been able to immediately tap his communications.
What the bill mandates
To be clear, the bill does not represent broadened authority—all communication service providers are currently subject to wire-tapping. Rather, the bill would mandate that all service providers have an established capacity for wire-tapping. Currently, many services maintain the ability to intercept communications, but many others wait until they’re served with orders for wiretapping before they develop a wiretapping capacity, which often results in a delay that could ultimately stymie an investigation, or force investigators to resort to riskier alternatives, like installing physical surveillance devices to monitor suspects.
When communication systems really began to evolve in the early 90s, Congress passed the Communications Assistance to Law Enforcement Act in 1994, to enable law enforcement officials to continue to tap communication systems as people moved away from the old copper-wire phone system to cell phones and digital networks.
Typically, law enforcement can easily tap into a suspect’s online or digital exchanges at a switch operated by the service provider, but if the suspect uses a service that encrypts messages between his or her computer and the server, or uses a peer-to-peer system that does not loop through a central hub, investigators have to serve the provider with an order to allow them to intercept the messages.
Because investigators have long been legally capable of monitoring online and digital communication, the bill really does not represent the dawn of a dark new Big Brother era (Big Brother has been watching you; get over yourself), but it does present some other possible problems that may end up causing more damage than the bill would prevent.
For example, in 2004, a team of yet-to-be-identified hackers in Greece exploited a legally mandated wiretap function to spy on the phones of top government officials—including the Prime Minister. Basically, building back doors means that uninvited party-crashers will find those back doors.
“They are basically demanding that providers design their systems for breach,” wrote Julian Sanchez in a blog on Cato@Liberty. “This is massively stupid from a security perspective.”
Furthermore, the bill would represent a costly new burden for startups. Former Sun Microsystems engineer and current Radcliffe Institute of Advanced Study fellow, Susan Landau, remarked to the New York Times: “Every engineer who is developing the wiretap system is an engineer who is not building in greater security, more features, or getting the product out faster.” Additionally, former Justice Department lawyer, Michael A. Sussman, predicts that "the major investigative burden and cost will shift to providers."
The move also echoes recent demands from Saudi Arabia, India, and the United Arab Emirates that RIM redesign the BlackBerry system to facilitate easier interception.
According to Valerie E. Caproni, general counsel for the Federal Bureau of Investigation, the FBI is not looking to filter the Internet in the United States. Rather, she said, “No one should be promising their customers that they will thumb their nose at a U.S. court order. They can promise strong encryption. They just need to figure out how they can provide us plain text.”