FBI: Web-based Services Hurting Wiretapping Efforts
Web-based e-mail, social-networking and peer-to-peer services are frustrating law enforcement wiretapping efforts, a lawyer for the U.S. Federal Bureau of Investigation told lawmakers Thursday, but she did not offer concrete ideas on how to fix the problem.
President Barack Obama's administration is debating ways to deal with Web-based services not covered by traditional wiretap laws, including incentives for companies to build in surveillance capabilities, said Valerie Caproni, general counsel at the FBI.
Many Internet services are not covered by the Communications Assistance for Law Enforcement Act (CALEA), which requires traditional telecom carriers to allow law enforcement agencies real-time access to communications after a court has issued a wiretap order, she told members of a subcommittee of the U.S. House of Representatives Judiciary Committee
But Caproni told lawmakers she was not asking for expanded CALEA powers. And she stopped short of calling for rules requiring Web-based communication providers to build in so-called back doors allowing law enforcement access to their software, although she said she's optimistic the U.S. government can find incentives for companies to "have intercept solutions engineered into their systems."
The FBI is concerned that law enforcement investigations are being compromised by the lack of wiretap capability on some Web-based services and encrypted mobile telephone traffic, Caproni said.
"We are not looking for any new authority," she added. "We are concerned we are losing ground in actually being able to gather the information we are authorized to have."
The American Civil Liberties Union raised concerns that expanding wiretapping capabilities would harm the Internet. Adding wiretapping capabilities to Web-based services "will actually change the structure of the Internet, providing the government with a master key to our online communications," Laura Murphy, director of the ACLU Washington Legislative Office, said in a statement.
Witness Susan Landau, a fellow at the Radcliffe Institute for Advanced Study at Harvard University, raised security concerns at the hearing. Extending CALEA rules to Internet services could leave them vulnerable to attack, said Landau, an author on privacy issues and formerly an engineer at Sun Microsystems.
"The intent of proposals to extend CALEA to IP-based communications is to secure the nation," she said. "Rather than doing so, surveillance mechanisms built into communications infrastructure threaten to create serious vulnerabilities for national security and present threats to innovation."
Representative John Conyers, a Michigan Democrat, asked Landau if the ACLU's privacy concerns were justified.
"When you make it easy to wiretap, when all you have to do is flip a switch, it becomes much easier for privacy to be violated," Landau said. "When you make it technologically simple to wiretap, it can be abused."
The FBI is concerned about privacy and the Internet's security, but also about criminals running loose because the agency can't execute a wiretap, Caproni said. "That criminal may be a massive drug dealer, they may be an arms trafficker, they may be a child pornographer or a child molester," she said. "We need the actual ability to conduct the wiretaps so we can keep the streets safe."
Conyers questioned the need for more CALEA powers. "So what's a little privacy invasion compared to all those big things that you are worrying about, right?" he said.
Caproni's testimony prompted Representative Hank Johnson, a Georgia Democrat, to ask about the reason for her appearance at the hearing. "What are you seeking here today?" he said. "What is it exactly that you would want Congress to do?"
The FBI would have recommendations for Congress soon, Caproni said. "You invited me, and we came," she said. "I'm really here today to talk about the problem."
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.