Did you know there's a working group of security agents and telecommunications companies designing backdoors into the information infrastructure? Now you do.
By Brock N. Meeks
[Note: The following article will appear in the April 1994 issue of WIRED.
We, the editors of WIRED, are net-casting it now in its pre-published form
as a public service. Because of the vital and urgent nature of its message,
we believe readers on the Net should hear and take action now. You are free
to pass this article on electronically; in fact we urge you to replicate it
throughout the net with our blessings. If you do, please keep the copyright
statements and this note intact. For a complete listing of Clipper-related
resources available through WIRED Online, send email to
If privacy isn't already the first roadkill along the information
superhighway, then it's about to be.
But these are tools the "good guys" said would be used only to catch the
"bad guys." Honest. We hard-working, law-abiding citizens have nothing to
fear from these cops selling out our privacy rights to make their jobs
easier. Nope, we can rest easy, knowing that child pornographers, drug
traffickers, and organized crime families will be sufficiently thwarted by
law enforcement's proposed built-in gadgetry, which they want to hang off
every telephone and data network, not to mention fax machine and PBX.
There's just one small crack in this logic: No law enforcement agency has
yet proven it needs all these proposed digital trapdoors. In fact, "Right
now most law enforcement personnel don't have any idea what the NII is,"
this according to Assistant US Attorney Kent Walker, who appeared on the
panel.
In January, Vice President Gore had promised that the White House would
work to ensure that the NII would "help law enforcement agencies thwart
criminals and terrorists who might use advanced telecommunications to
commit crimes." Panel members representing the Justice Department, FBI,
and US Attorney's office said they had taken his promise as a tacit
approval of their proposals to push for digital wiretap access and
government-mandated encryption policies.
Gore buried those remarks deep in a speech he made in Los Angeles in which
he fleshed out how the administration planned to rewrite the rules for
communications in a new, perhaps more enlightened age. His pledge went
unnoticed by the mainstream press.
Notwithstanding that it fell on reporters' deaf ears, Gore dropped a
bombshell. Forget Ross Perot's NAFTA-inspired "giant sucking sound." This
was the dull "thump" of Law Enforcement running over the privacy rights of
the American public on its way **at the on-ramp??**to the information
superhighway. The real crime is that the collision barely dented the damn
fender.
Walker blithely referred to this cunning, calculated move to install
interception technologies all along the information superhighway as
"proactive" law enforcement policy. Designing these technologies into
future networks, which include all telephone systems, would ensure that
law enforcement organizations "have the same capabilities [they] enjoy
right now," Walker said.
For today's wiretap operations, the Feds must get a court to approve their
request, after supplying enough evidence to warrant one. But Walker seemed
to be lobbying for the opposite. Giving the Feds the ability to listen in
first and give justification later amounts to "no big difference," he
said. Besides, "it would save time and money."
And Walker promised that law enforcement would only use this power against
evil, never abusing it. "Frankly, I don't see the empirical evidence that
law enforcement agencies have abused [wiretap authority]," he said. With a
straight face.
For Walker, privacy issues weighed against law-enforcement needs is a
black-and-white, or rather good-guys-versus-bad-guys, issue. For example,
he said, the rapid rise of private (read: not government-controlled)
encryption technologies didn't mean law enforcement would have to work
harder. On the contrary, "it only means we'll catch fewer criminals," he
said.
But if law enforcement is merely concerned with the task of "just putting
the bad guys in jail," as James Settle, head of the FBI's National Computer
Crime Squad insists, then why are we seeing a sudden move by government
intelligence agencies into areas they have historically shied from?
Because law enforcement agencies know their window of opportunity for
asserting their influence is open right now, right at the time the
government is about to make a fundamental shift in how it deals with
privacy issues within the networks that make up the NII, says David Sobel,
general counsel for Computer Professionals for Social Responsibility, who
also addressed the Working Group on Privacy.
"Because of law enforcement's concerns (regarding digital technologies),
we're seeing an unprecedented involvement by federal security agencies in
the domestic law enforcement activities," Sobel said, adding that, for the
first time in history, the National Security Agency "is now deeply
involved in the design of the public telecommunications network."
Go ahead. Read it again.
Sobel backs up his claims with hundreds of pages of previously classified
memos and reports obtained under the Freedom of Information Act. The
involvement of the National Security Agency in the design of our telephone
networks is, Sobel believes, a violation of federal statutes.
Sobel is also concerned that the public might soon be looking down the
throat of a classified telecommunications standard. Another move he calls
"unprecedented" is that - if the National Security Agency, FBI, and other
law enforcement organizations have their way - the design of the national
telecommunications network will end up classified and withheld from the
public.**These two sentences are the same**
Sobel is dead on target with his warnings.
The telecommunications industry and the FBI have set up an ad hoc working
group to see if a technical fix for digital wiretapping can be found to
make the bureau happy. That way, legislation doesn't need to be passed that
might mandate such FBI access and stick the Baby Bells with the full cost
of reengineering their networks.
The industry-FBI group was formed during a March 1992 meeting at the FBI's
Quantico, Virginia, facilities, according to previously classified FBI
documents released under the Freedom of Information Act. The group was only
formalized late last year, under the auspices of the Alliance for
Telecommunications Industry Solutions. The joint group operates under the
innocuous sounding name of the Electronic Communications Service Provider
Committee.
The committee meets monthly, pursuing a technological "solution" to the
FBI's request for putting a trapdoor into digital switches, allowing agents
easy access to phone conversations. To date, no industry solution has been
found for the digital-wiretap problem, according to Kenneth Raymond, a
Nynex telephone company engineer, who is the industry co-chairman of the
group.
Oh, there's also a small, but nagging problem: The FBI hasn't provided
concrete proof that such solutions are needed, Raymond said. Sobel, of
Computer Professionals for Social Responsibility, raised this same point
during the panel discussion.
The telecommunications industry is "trying to evaluate just what is the
nature of the [digital-access] problem and how we can best solve it in some
reasonable way that is consistent with cost and demand," Raymond said. One
solution might be to write digital wiretap access into future switch
specifications, he said.
If and when the industry does find that solution, do you think the FBI will
put out a press release to tell us about it? "I doubt it very much," said
FBI agent Barry Smith of the Bureau's Congressional Affairs office. "It
will be done quietly, with no media fanfare."
Underscoring Sobel's warnings was the little-noticed move by the Commerce
Department to establish the Federal Wireless Policy Committee. The work of
this seemingly benign committee will be "invaluable" as the administration
evaluates key issues in wireless communications with the NII, said Larry
Irving, administrator of the National Telecommunications Information
Agency. But the devil is in the details. The policy committee's four
subcommittees include Policy, Standards and Requirements, Security and
Privacy, and Acquisitions. Standards and Requirements is headed by Richard
Dean, a National Security Agency official. And Security and Privacy is to
be chaired by Raymond Kammer of the National Institute of Standards and
Technology. Kammer's organization, of course, is knee-deep responsible for
the government's Clipper Chip encryption scheme.
Is it just me or are these headlights getting awfully close?
The FBI's Settle is also adamant about trapdoor specifications being
written into any blueprints for the National Information Infrastructure.
But there's a catch. Settle calls these "security measures," because
they'll give his office a better chance at "catching bad guys." He wants
all networks "to be required to install some kind of standard for
security." And who's writing those standards? You guessed it: The National
Security Agency, with input from the FBI and other assorted spook
agencies.
Settle defends these standards, saying that the "best we have going for us
is that the criminal element hasn't yet figured out how to use encryption
and networks in general. When they do, we'll be in trouble. We want to stay
ahead of the curve."
In the meantime, his division has to hustle. The FBI currently has only 25
"Net literate" personnel, Settle admitted. "Most of these were recruited
two years ago," he said. Most have computer science degrees and were
systems administrators at one time, he said.
You think that's funny? Hell, the Net is still a small community,
relatively speaking. One of your friends is probably an FBI Net snitch,
working for Settle.
Don't laugh.
Assistant US Attorney Walker said: "If you ask the public, 'Is privacy more
important than catching criminals?' They'll tell you, 'No.'"
(Write him with your own thoughts, won't you?) **e-mail addresses here for
our outraged readers to express themselves - We haven't got addresses for
Walker. There's president@whitehouse.gov and vice-
president@whitehouse.gov....**
Because of views like Walker's, the Electronic Communications Privacy Act
"needs to be broader," said Mike Godwin, legal counsel for the Electronic
Frontier Foundation. The act protects transmitted data, but it also needs
to protect stored data, he said. "A person's expectation of privacy doesn't
end when they store something on a hard disk."
But Walker brushed Godwin aside, saying, "It's easy to get caught up in the
rhetoric that privacy is the end all be all." **correct cliche is "the be-
all and end-all"**
Do you have an expectation of privacy for things you store on your hard
disk, in your own home? Walker said that idea is up for debate: "Part of
this working group is to establish what is a reasonable expectation of
privacy."
That's right. Toss everything you know or thought you knew about privacy
out the window, as you cruise down the fast lane of the information
superhighway. Why? Because for people like Walker, those guardians of
justice, "there has to be a balance between privacy needs and law
enforcement needs to catch criminals."
Balance, yes. Total abrogation of my rights? Fat chance.
Brock N. Meeks (brock@well.sf.ca.us) is a frequent contributor to WIRED. He
is a reporter for Communications Daily, a Washington, DC-based trade
publication.
[an error occurred while processing this directive]
Gore Gives Go Ahead
It's Us vs. Them