Traditionally, the term 'wiretapping' applies to the interception of telephone conversations between two wires. In modern times, however, wiretapping is no longer restricted to such communications. Rather, the term has extended its definition such that contemporary wiretaps manifest themselves within radio links, telephone switches, and computer networks. Modern wiretaps not only eavesdrop on the classic telephone call, but also tap into other forms of electronic communication, such as faxes, e-mails, and data transfers. Such methods of electronic surveillance are powerful investigative tools, allowing the law enforcement to detect criminal conspiracies and present the retrieved information as hard evidence of wrongdoing. Wiretapping tools are especially advantageous since the sender and receiver of the tapped communications have no way of knowing if someone is listening to their conversation. However, this same invisibility makes wiretapping readily adaptable to malign uses that can endanger the privacy of the individual or, on a larger scale, the security of the nation.
Finding the proper balance among privacy, security, and law enforcement interests in the realm of wiretapping has always been a complex endeavor. With rapid changes in communications technology quickly reshaping the way people interact, the nation must frequently re-examine its laws to ensure equilibrium among these competing concerns. Recently, talk about building wiretapping provisions into standard Internet protocols, such as Ipv6, has spurred yet another review of the nation's wiretapping laws, most specifically the Communications Assistance for Law Enforcement Act (CALEA). CALEA, a federal law introduced in 1994, requires telecommunication carriers to build wiretapping capabilities into their phone systems, exacting a fine of $10,000 per day if they don't comply. While the law enforcement has immediately proclaimed that the proposed wiretapping provisions are required under CALEA, the proposal has received strong opposition from organizations such as the CDT (Center for Democracy and Technology), IETF (Internet Engineering Task Force), and EPIC (Electronic Privacy Information Center) who see the provision as undermining network security without preventing crime, the worst of both worlds.
The following sections will explore the controversy that has risen over Internet wiretapping provisions, beginning with a review of the legal history of wiretapping in the context in which the laws were created. Next, the paper will specifically examine CALEA to demonstrate that it explicitly excludes Internet wiretapping provisions, despite the insistence of the law enforcement. Furthermore, the paper will present the views of the key contributors to the Internet debate, including the law enforcement, concerned organizations, and affected carrier companies. A final evaluation will conclude that current wiretapping provisions and other electronic surveillance techniques are sufficient for law enforcement purposes. Despite the advantages of Internet protocol usage from a law enforcement standpoint, the provisions would encroach on the privacy of the individual and endanger the security of the nation.
Therefore, the focus of this paper is twofold, to assess the correctness of Congress' wiretapping revisions through an analysis of the legal history of wiretapping, and to evaluate the Internet wiretapping proposal as it applies to CALEA, the law enforcement, privacy, and security issues.
Though wiretapping had been in use since the invention of the telegraph, the first tapping of telephones by the police didn't occur until the early 1890's in New York City. In fact, the state legislature discovered in the mid-1910's that the police had the ability to tap any line of the New York Telephone Company, and had used their power recklessly. The New York Times reported in 1916 that "in some cases the trunk lines of hotels were tapped and the conversations of all hotel guests listened to". [1] However, during this period, the federal government played no legislative role, leaving all wiretapping decisions to the state legislature.
In 1928, the police caught Roy Olmstead running a $2 million a year bootlegging operation, who was convicted partially on the basis of evidence obtained from warrantless wiretaps installed by federal agents. Olmstead's appeal led to one of the first Supreme Court wiretapping decisions, Olmstead v. United States, where the court ruled that the evidence obtained from tapping Olmstead's phone calls did not involve any trespass. Five justices agreed that the Fourth Amendment protected tangibles alone and since a conversation is intangible, using a tapped conversation as evidence does not constitute search and seizure. Judge Louis Brandies dissented, however, arguing that "whenever a telephone is tapped, the privacy of the persons at both ends of the lines is invaded… as a means of espionage, writs of assistance and general warrants are but puny instruments of tyranny and oppression when compared with wiretapping". [2] Therefore, early on in the wiretapping debates, law enforcement and privacy interests clashed head on. The view of wiretapping as a type of search involved very controversial interpretations of the Fourth Amendment.
Between 1928 and 1968, the courts changed their wiretapping stance several times. Nardone vs. United States reversed Olmstead vs. United States, ruling that wiretapped information could not be submitted as evidence in court in regards to the 1934 Federal Communications Act. However, two more Supreme Court cases in 1967, Berger and Katz, once again reverted the court's position to reaccept wiretapping as search and seizure protected by the Fourth Amendment. In light of these Supreme Court opinions, as well as the FBI's argument that wiretapping was vital to fighting organized crime, Congress authorized police wiretapping in 1968 under a system of protections intended to compensate for the inherent intrusiveness of wiretapping. This wiretap law is commonly referred to as "Title III" since it arises from Title III of the Omnibus Crime Control and Safe Streets Act. In it, Congress allowed wiretapping by the law enforcement only upon finding probable cause and only as a last resort. Furthermore, because of the "knock and notice" requirement of any traditional search, Congress required the law enforcement to provide notice of any wiretapping activity after the conclusion of the investigation.
While Title III provided the nation with a firm legal stance on wiretapping provisions, the rapid pace of technological change has required Congress to periodically examine the legal framework of wiretapping. Thus the 1968 law was revised with the introduction of the Electronic Communications Privacy Act (ECPA) in 1986, and again with the creation of the Communications Assistance for Law Enforcement Act (CALEA) in 1994. In ECPA, Congress attempted to respond to the emergence of wireless services in the digital era. The law extended Title III to wireless voice communications, as well as non-voice electronic communications such as e-mail, allowing the law enforcement to wiretap such devices only through the attainment of a warrant. ECPA also set up rules which allowed the law enforcement to record the telephone numbers of outgoing and incoming calls requiring only the law enforcement officers assertion that such actions were relevant to the pending investigation. Furthermore, Congress displays a more lenient wiretapping provision in the case of non-voice communications. For example, instead of requiring a list of crimes to serve for a predicate for telephone wiretaps, the interception of electronic communications can be based on suspected violations of the law. Thus, despite the word 'privacy' in ECPA, the act was much more concerned with broadening the power of the law enforcement than preserving the privacy of the individual.
In drafting ECPA, Congress failed to re-examine the most basic assumption of Title III, that the use of electronic surveillance should not intrude on the privacy of the individual unless the situation was scrutinized before and after the surveillance, and the activity was cut down to a minimum. In fact, the provisions above show a much more lenient view to wiretapping protocols. Furthermore, Congress seems to have overlooked the context in which Title III was created under, which has completely changed with the coming of the digital revolution. Thus, many of the rules that applied in 1968 cannot simply be extended to wireless and non-voice communications. In fact, the CDT describes the 1960's as a "monopolistic, wire-based, voice-centered, one-on-one environment," almost the complete antithesis of the more competitive, electronic-based, information-centered, one-to-many environment which began to develop in the mid-1980's. [3] Though much had changed in the use of communications technology since the creation of the 1968 wiretapping provisions, Congress not only retained, but also loosened, the 20-year old view of wiretapping.
By 1994, the communications age had evolved to an entirely new era, which included the rise of the Internet and more advanced forms of voice communications. Warned of "increasing opportunities for loss of privacy" by committees, Congress became concerned that "as the potential intrusiveness of technology increases, it is necessary to ensure that government surveillance authority is clearly defined and appropriately limited". [4] However, the foundations for CALEA came not from Congress, but through the FBI's Digital Telephony Proposal, submitted in March 1994. This proposal limited wiretapping to common carriers and allocated $500 million to cover their costs. Carriers would have 3 years to build wiretapping into their systems, and a failure to comply would result in a fine of up to $10,000 a day. Congress passed the proposal under the name CALEA, announcing that networks deployed after January 1, 1995 would need to be configured to meet law-enforcement interception requirements. Therefore, despite congressional concerns of increasing privacy loss, CALEA was developed specifically to aid the law enforcement.
In fact, even after the ECPA and CALEA revisions only years ago, technology has evolved in ways never before imagined. The number of wireless telephones has gone up from 92,000 in 1984 to 46 million in 1997, making electronic communication flexible and constantly available. [5] Furthermore, wireless transmission is becoming increasingly important for data transfer, in the form of wireless faxes, modems, and computer networks. More importantly, the dramatic development of the Internet has completely revolutionized information retrieval, processing, and sharing. With fewer than 300 computers linked to the Internet in 1981, over 9.4 million computers had been connected to the Internet by 1996. Drastically different from the telephone system or mail system, the Internet can be applied to numerous functions, including personal one-to-one communication, reading newspapers, shopping for gifts, and obtaining driving directions. However, much like any other medium for communication, the Internet can be used for the purposes of criminal activity.
The dramatic development of the Internet as a revolutionary form of data communication has fundamentally changed the nature of communications. As a result, the type and amount of information exposed to "intrusion, interception, and misuse" has also been altered by the advent of the Internet. [6] Recognizing the flood of potentially useful information travelling through Internet cables, the law enforcement has already accomplished much in its surveillance of Internet activities. First of all, the ECPA has generously provided the FBI with the power to intercept both voice and data communications, both of which are available through the Internet. While the FBI does not yet have the same wiretapping abilities over the Internet that CALEA provides with telephone signal carriers, information is still easily accessible through the use of packet sniffing technologies.
In order to intercept data packets from the Internet, one first needs to know where the data is coming from, namely what the IP address of the target computer is. (A target computer in this case refers to the computer the FBI intends to wiretap for information.) When sent through the Internet, data packets are sheathed in a wrapper containing the data's starting IP address, destination IP address, packet size, and other important pieces of information. Therefore, by knowing the IP address of the target computer, the law enforcement can easily sift through the flood of data packets and locate those that originate from the desired computer. Since packets flow through an arbitrary set of routers, depending on the Internet congestion level and other non-deterministic factors, the law enforcement must set up the sniffer on the same local sub-net as the target computer in order to guarantee receipt of every packet the target sends. This technique is simple to do, since the law enforcement simply needs to find any etherport in the same building as the target, and connect up a computer that has been loaded with sniffing technologies. Once this simple installation is complete, no further work is necessary. The sniffer will automatically retrieve all pertinent data packets from the Internet.
In comparison with the building of wiretapping into phone systems, as required by CALEA, packet sniffing is a much more passive form of electronic surveillance. If the FBI, for example, wants to wiretap someone's phone, the agency easily informs the telephone companies of their wish and the information is inputted into their switches. Then, the FBI simply waits for the desired communications to enter their systems. However, if the FBI would like to track someone's Internet communications, they need to install a sniffer in the exact same sub-net the communications travel through. Therefore, in the interception of Internet communications, the law enforcement's activities become isolated to the exact locations they specify, whereas in the interception of telephone communications, the law enforcement's activities are ubiquitous.
The advantages of telephone surveillance techniques over Internet sniffing technologies, from a criminal investigation point of view, have led the law enforcement to develop a craving for the same ubiquitous powers in both communication domains. The ability to wiretap the Internet routers in the same way the telephone switches are implemented would allow the law enforcement to specify an arbitrary computer IP address and have the routers automatically copy and forward any packets to or from that particular address. Furthermore, wiretapping is also much less expensive than sniffing since only one large installation procedure is required, instead of one minor installation per wiretap. For these reasons, the law enforcement is pushing for the revision of Internet protocols, such as Ipv6, to include wiretapping provisions.
To persuade the IETF (Internet Engineering Task Force) to develop this new protocol, and convince Internet providers that they should use them, the FBI asserts that pre-CALEA wiretap provisions of Title 18 of the U.S. Code require Internet service providers to comply with legal wiretap requests. In fact, an FBI spokesperson, Barry Smith, states that "those setting the standards should understand that federal wiretap laws do in fact require them to design in wiretap capabilities" and further emphasizes "we have every confidence that the technical-standards-setting bodies will fulfill that statutory requirement". [7] However, many organizations, including the IETF, CDT, and EPIC, completely object to these assertions. In fact, James X. Dempsey of the CDT claims that CALEA provisions specifically excluded the Internet, stating that this was "one of the central compromises of CALEA". [8] Both IETF and EPIC made similar remarks.
So which one of these groups is correct? Well, since the initial CALEA proposal arose from FBI interests, it's a good idea to conduct our analysis with a look at the bill itself. Interestingly enough, CALEA was initially called the Digital Telephony Act, strongly pointing to the fact that the law enforcement had originally intended the proposal to apply to telephone wiretapping only, rather than both telephone and Internet communications. Of course, for a more formal answer, we must look directly into the content of the original bill. A clear statement of CALEA's main initiative appears at the very top of the proposal, asserting that the purpose of the bill was:
"To amend title 18, United States Code, to make clear a telecommunications carrier's duty to cooperate in the interception of communications for law enforcement purposes, and for other purposes". [9]
Therefore, the requirements of CALEA clearly apply to "telecommunication carriers" only. But how do we know what that means exactly? A strict definition may apply only to telephone carriers. However, given a broader perspective, telecommunication may pertain to telephones, the Internet, satellite communication, and many other technologies. Luckily, the bill provides its own definition of a 'telecommunications carrier' which should give us a clear idea of whether these wiretapping provisions do apply to the Internet or not. CALEA defines a carrier to be:
"A person or entity engaged in the transmission or switching of wire or electronic communications as a common carrier for hire, including 1) a person or entity engaged in providing commercial mobile service ... or 2) a person or entity engaged in providing wire or electronic communication switching or transmission. However, this does not include 1) persons or entities insofar as they are engaged in providing information services and 2) any class or category of telecommunications carriers that the Commission exempts by rule after consultation with the Attorney General." [10]
Thus, the bill clearly states that a telecommunications carrier does not include information service providers. So the next question to ask is whether the Internet is an information service or not, and do to so we must find a legal definition of the Internet. Coincidentally, one appears in the 'Findings of Fact' paper of the recent U.S. vs. Microsoft Corporation case, stating that "The Internet is a global electronic network, consisting of smaller, interconnected networks, which allows millions of computers to EXCHANGE INFORMATION over telephone wires, dedicated data cables, and wireless links". [11] This definition is very similar to other Internet descriptions. Therefore, without a doubt, the Internet is an information exchange service, an entity specifically excluded from the requirements of CALEA. As a consequence, the FBI's argument that CALEA necessitates the revision of Internet protocols holds no water. In fact, at the IETF 46th meeting on November 10, 1999, the Internet standard-setters decided not to provide wiretap capabilities for governments that want to conduct online surveillance, based on their own interpretations of CALEA, as well as privacy and security concerns of the general public.
Despite the fact that CALEA does not apply to Internet service providers and that IETF has rejected the idea of Internet wiretaps, the issue of building wiretapping provisions into the Internet still remains an important issue. After all, legal protections for wiretapping have been revised several times already. It would not be surprising if the law enforcement pushed Congress to enforce wiretapping capabilities within Internet services as well. Furthermore, it's unclear how certain the IETF is about rejecting wiretapping. Wired News describes the IETF's meeting last month as "overwhelmingly" favoring the rejection of wiretaps. However, NetworkWorld Fusion gives a very different perspective, describing that a larger-than-expected percentage of IETF members spoke in favor of wiretapping. Moreover, according to Fusion, in a vote taken at the end of the debate, more members abstained from voting than opposed the issue. Therefore, the Internet wiretapping issue is still very much alive, and would benefit from an analysis of the different perspectives involved.
While we've already discussed the law enforcement's wiretapping wishes in great detail, it is important to understand why the FBI has the mentality it has. The purpose of the law enforcement is to prevent, prohibit, and investigate crimes. And while the investigation of crimes has not changed much through the centuries, the methods of investigation have changed a great deal, due to the rise of technology.
Before and after the development of telecommunication, a central element to police work has been the acquisition of information about criminal's plans and conversations without their knowledge or cooperation. According to Whitfield Diffie and Susan Landau in Privacy on the Line, there are two fundamental ways this acquisition takes place: first, through conversations where a criminal is unknowingly providing information to an undercover police officer, and second, through police eavesdropping on conversations between criminals. [12] The second method is the fundamental basis for electronic surveillance today. Wiretaps are crucial in providing information about the crime being committed or the structure of the criminal organization. Furthermore, wiretaps can also provide more basic information, including relationships between the suspect and those he converses with and daily routines. Therefore, wiretapping has become such an integral part of criminal investigation today that, as new forms of communication appear, the law enforcement increasingly fears the loss of this surveillance power. FBI Director Louis Freeh states this concern during the 1994 push for CALEA with "Development of technology is moving so rapidly that several hundred court-authorized surveillances already have been prevented by new technological impediments with advanced communications equipment". [13]
However, perhaps the law enforcement is simply using a façade of fear in order to get their wiretapping wishes approved. Similar concerns have been expressed in the National Security Agency's (NSA) similar battle with technology. In fact, Whitfield Diffie was quick to suggest that the current alarm in the NSA about technological developments in encryption and the Internet may be a "self-interested ruse". Diffie continues with the idea that the NSA wants people to believe that "they used to be great, but these days they have trouble reading the newspaper, the Internet is too complicated for them, and there is so much traffic and they can't find what they want". [14] A similar suggestion can be applied to law enforcement concerns regarding wiretapping. It is very convenient for the FBI to have the nation believe they're in trouble, in regard to technological change, so that they can push for broader wiretapping powers. Therefore, in noting the wiretapping concerns of the FBI, it is also important to keep in mind possible mind games the agency may be playing in order to get what they want.
However, telephone switch companies wholeheartedly support the idea since this expansion would allow them to explore the Internet market. Several IETF members who work for manufacturers of these switches fear they won't be able to sell combined voice and data switches to carriers unless these switches support wiretapping. [17] The idea of building a gateway protocol to convert voice traffic into Internet data packets would become severely disadvantaged if voice communications needed wiretapping capabilities while the Internet did not.
Some router companies, however, like Cisco Systems, are in the process of implementing a backdoor system into their routers, despite the government's claim that such a system is not required at the moment. Cisco, in fact, has been denounced by many concerned individuals for their work on this system, accused of 'giving in' to the government and breaching security and privacy concerns. This decision by Cisco seems curious because of the general corporate sentiment to protect the privacy of the company. However, a deeper analysis of the situation shows that Cisco is actually trying to amend the wiretapping situation by giving government access to the information they need while restricting the FBI from looking up information they have no legal access to.
Cisco's "open doorbell" system does indeed provide a backdoor into their router system, allowing messages to be decrypted at the router, read, re-encrypted, and transmitted again. However, the Cisco product only provides the government with access to the clear text without providing the key. Therefore, the product is actually very clever because it guarantees the government can look at those messages it has authorization for, but has no power to view any other messages passing through the Internet routing system. Although Cisco appears to be giving into the law enforcement, the corporation actually protects individuals from any illegal government invasion of privacy. Susan Landau, a contributor to EPIC and a strong opposer of changing Internet protocols for wiretapping, describes it well, "The government was quite upset with Cisco when they figured out what Cisco had done. It was what they wanted, but not what they were really looking for". [18]
In 1968, there was no form of ubiquitous surveillance. Old police movies show police urgently whispering "Try to keep the kidnapper on the line while we trace the call". Technology has advanced greatly since this era, in such a way that this type of urgency isn't necessary anymore. Many households have devices that instantaneously tell you what number is calling you. Furthermore video surveillance has revolutionized criminal investigation in these past two decades. In the case of Timothy McVeigh and the Oklahoma City bombing, the FBI quickly obtained a videotape revealing McVeigh's location about a mile away from where he allegedly rented the truck. Where did such a tape come from? Well, at McDonalds, of course, because McDonalds uses video surveillance on its customers. One Atlantic Monthly issue clearly illustrates today's ubiquitous surveillance powers. In a July 1998 article, Atlantic Monthly displayed a map of downtown Manhattan showing how much of the area is constantly surveilled by video cameras. The result is incredible. No criminal activity can take place on the entire 34th Street without being on somebody's video camera. Nothing can be done in Herald Square, or the West side of 4th and 7th streets either, and many other streets of Manhattan. Of course the law enforcement will be hampered without the support of Internet protocols. However, the amount of surveillance that exists in 1999 far surpasses anything that existed in 1968. There is no doubt the law enforcement can function properly without the addition of Internet protocols to its list of wiretapping tools.
Furthermore, the development of wiretapping provisions over the Internet makes both the nation and the individual vulnerable to third-party attacks. Providing a method for the government to examine information over the Internet is a clear invitation for hackers to exploit the system for their own benefit. While the government benefits only moderately from such a provision, privacy and security protections would be strongly undermined. These fundamental concerns cannot be ignored.
While telephone and Internet services remain distinct entities, maintaining wiretapping on one system and restricting it on the other is a trivial task. However, technology is constantly changing and one must always be aware of future technological concerns and wiretapping revisions. For example, many people are already anticipating the merging of the telephone with the Internet. After all, in the near future, telecommunication systems will begin to rely more and more on packet switching technologies resembling those used on the Internet. [20] If the routing techniques for telephone and Internet usage are becoming increasingly similar, why not combine the two systems into one? This technology merge brings into question whether a telephone service becomes an information service (and is thus released from its CALEA agreements) or whether the Internet will have to bow to wiretapping requirements. Therefore, as technology continues to grow and change, new definitions of 'telecommunication carrier' and 'information service' will emerge as wiretapping debates continue. While revisions should be considered from all perspectives, the law enforcement, individual privacy, national security, and affected companies, decisions must fundamentally arise from an evaluation of past wiretapping issues as they relate to the society that produced them.
[1] New York Times, as cited by Diffie, Whitfield and Landau, Susan. Privacy on the Line: The Politics of Wiretapping and Encryption. Cambridge, 1998. Page 155.
[2] Brandeis, Louis. Dissenting opinion in Olmstead vs. United States, 277 U.S. 438, 1928
[3] "Communications Privacy in the Digital Age", June 1997 Report by the Center for Democracy and Technology, found on http://www.cdt.org/digi_tele/9706rpt.html
[4] The House and Judiciary Report on CALEA, as cited by Dempsey, James X. and Stern, Martin L., "Disconnect the FBI Wiretap Plan", June 15, 1998, Legal Times
[5] "Communications Privacy in the Digital Age", CDT
[6] "Communications Privacy in the Digital Age", CDT
[7] Smith, Barry as quoted by Schwartz, John, "Internet Industry Debates Wiretapping", The Washington Post, November 10, 1999, page E3
[8] Dempsey, James X. as quoted by Schwartz
[9] CALEA, beginning statements
[10] CALEA, Title 1, Section 102(8)
[11] 'Findings of Fact", Background #11, U.S. vs. Microsoft case in the United States District Court for the District of Columbia, http://usvms.gpo.gov/findfact.html
[12] Diffie and Landau, page 113
[13] Freeh, Louis as cited by Diffie and Landau, page 195
[14] Diffie, Whitfield as quoted by Hersh, Seymour M., "Annals of National Security: The Intelligence Gap", The New Yorker, December 6, 1999, page 76
[15] Wiretapping statistics from "Communications Privacy in the Digital Age", CDT
[16] "An Open Letter to the Internet Engineering Task Force", EPIC, November 8, 1999, http://www.epic.org/privacy/letter_to_ietf.html
[17] Marsan, Carolyn Duffy, "IETF Meeting: Wiretap debate full of static", NetworkWorld Fusion, November 11, 1999, http://www.nwfusion.com/news/1999/1111wiretap.html
[18] Phone Interview with Susan Landau, conducted on December 3, 1999
[19] Landau Interview
[20] CDT and EFF (Electronic Frontier Foundation) petition, "Civil Liberties Groups Ask FCC to Block FBI Electronic Surveilance Proposal", http://www.cdt.org/digi_tele/headlines/headlines5.html
1) Status Report on the Communications Assistance for Law Enforcement Act (CALEA): FBI Seeks to Impose Surveillance Mandates on Telephone System; Balanced Objectives of 1994 Law Frustrated, March 4, 1999
2) slashdot.org comments on Internet Wiretapping, http://slashdot.org/yro/99/11/10/1331224.shtml
2) McCullah, Decian, "IETF Says 'No Way' to Net Taps", Wired News, December 1, 1999, http://www.wired.com/news/politics/0,1283,32455,00.html
3) "The IETF's position on technology to support legal interception", October 11, 1999 http://www.ietf.org/mail-archive/working-groups/raven/current/msg00000.html
4) Marsan, Carolyn Duffy, "Internet community debates wiretapping", CNN web page, October 19, 1999, http://cnn.com/TECH/computing/9910/19/ietf.wiretap.idg/index.html
Return to Course home page