------------------------------------------------------------------------------
_____ _____ _______
/ ____| __ \__ __| ____ ___ ____ __
| | | | | | | | / __ \____ / (_)______ __ / __ \____ _____/ /_
| | | | | | | | / /_/ / __ \/ / / ___/ / / / / /_/ / __ \/ ___/ __/
| |____| |__| | | | / ____/ /_/ / / / /__/ /_/ / / ____/ /_/ (__ ) /_
\_____|_____/ |_| /_/ \____/_/_/\___/\__, / /_/ \____/____/\__/
The Center for Democracy and Technology /____/ Volume 3, Number 15
----------------------------------------------------------------------------
A briefing on public policy issues affecting civil liberties online
----------------------------------------------------------------------------
CDT POLICY POST Volume 3, Number 15 Decenber 16, 1997
CONTENTS: (1) Civil Liberties Groups Call on FCC to Protect Privacy, Security
as FBI Pushes Digital Telephony Law
(3) How to Subscribe/Unsubscribe
(4) About CDT, Contacting us
** This document may be redistributed freely with this banner intact **
Excerpts may be re-posted with permission of
|PLEASE SEE END OF THIS DOCUMENT FOR SUBSCRIPTION INFORMATION|
_____________________________________________________________________________
(1) CIVIL LIBERTIES GROUPS CALL ON FCC TO PROTECT PRIVACY, SECURITY AS FBI
PUSHES DIGITAL TELEPHONY LAW
Dec. 15 -- Three leading online civil liberties groups have urged the
Federal Communications Commission (FCC) to find that the FBI is trying
improperly to enhance its surveillance capabilities, and is overlooking key
privacy rights, under a controversial 1994 wiretap law.
The Center for Democracy and Technology (CDT), Computer Professionals for
Social Responsibility (CPSR), and the Electronic Frontier Foundation (EFF)
asked the FCC on December 12 to take a more active role in protecting
privacy as telephone companies and the FBI struggle to implement the new
wiretap law. The three groups urged the FCC not to focus solely on
personnel security practices and recordkeeping among the telephone
companies affected by the law, as it has been doing, but instead to broaden
its examination by demanding that the digital technology the companies plan
to use be made tamperproof.
The Comments, along with detailed background information on CALEA, will be
posted soon at http://www.cdt.org/digi_tele/
CALEA BACKGROUND
Congress enacted the Communications Assistance for Law Enforcement Act
(CALEA), more commonly called the "digital telephony" law, in October 1994.
The law requires telecommunications carriers--primarily local telephone
companies and wireless service providers--to upgrade their switching
equipment and computer software so that law enforcement officials can
perform wiretaps and other forms of electronic surveillance despite the
addition of new technologies.
Congress passed CALEA to assuage the concern of law enforcement that new
digital modes of transmitting information could render wiretapping
obsolete. Like so many new technologies, however, digital telephony can be
a boon to the pursuer as well as to the wrongdoer. With digital telephony
law enforcement officials can amass much more detailed information on a
private citizen's calling habits than ever before. The debate over CALEA
depends, at least in part, on whether it will be implemented in a way that
maintains law enforcement's traditional surveillance capabilities, or
whether government will use it as an excuse to exploit the full
surveillance capabilities of digital technology.
Fcc Proceeding Fails To Give Adequate Attention To Privacy
In October, the FCC issued a "Notice of Proposed Rulemaking" seeking
comments from the communications industry, law enforcement agencies and the
public on CALEA. The notice focused almost entirely on two areas: the
telephone companies' recordkeeping and personnel security practices, and
the definition of key terms in the 1994 law. CDT and the other two groups
joining in last Friday's filing argue that the Commission has overlooked
the issue of privacy in its efforts to flesh out the law, despite Congress'
clear directives in the statute that privacy be protected.
While the FCC's proposed rules require more detailed recordkeeping and
background checks on phone company employees, Congress specifically called
for systems designed to protect the privacy of communications not
authorized to be intercepted. In CDT's view, this requires telephone
companies to withhold information which law enforcement doesn't have
specific legal authority to intercept. As telephone companies increasingly
adopt packet switching protocols, the separation of call content from
packet addressing information becomes critical to ensure that law
enforcement doesn't receive call content without probable cause.
IMPLEMENTATION DELAYED
A series of disputes has delayed the implementation of the law. In the past
two years the FBI has twice attempted to draft notices to telephone
companies outlining how many wiretap intercepts they can be required, under
the law, to perform at one time in any given service area. Both of these
drafts have been roundly criticized for proposing a surveillance capacity
that far exceeds traditional law enforcement needs. On the separate
question of capability, the telecommunications industry earlier this year
proposed a compliance standard that calls for switching software upgrades
to make interceptions easier. But the FBI opposed adopting that standard
because it doesn't go far enough to satisfy the Bureau's demands for
enhanced surveillance capabilities. For example, the industry standard
calls for tracking capabilities in wireless telephones. The FBI, however,
wants other features, such as the ability to continue monitoring parties on
a conference call even after the person named in the surveillance order has
left the call. The FBI also wants telecommunications carriers to be
required to provide law enforcement with more detailed information on a
citizen's calling practices.
COMPUTER SECURITY
Computers increasingly control telecommunications switching, and most of
the telephone companies' efforts to comply with CALEA will involve changes
to the software that controls switching within the companies' central
offices. Carriers will soon be establishing computerized surveillance
administration functions, that, in turn, may be networked with other system
administration functions and also linked to computers located outside the
switching office. All in all, the changes could leave the carriers' systems
vulnerable to employees bent on doing mischief, or to malicious hackers.
Because of this possibility, CDT, EFF and CPSR have urged the FCC to
examine the security of these new software protocols. Among the factors
that CDT believes the FCC should require are:
* System integrity. Both hardware and software systems must be tamperproof.
Most systems have a maintenance function that allows "backdoor" access,
which
could be used to subvert the entire system.
* Simple authentication for individual system users. Fixed passwords for user
identification are inherently dangerous because they reside in the system's
memory and can be plucked out by technology-savvy wrongdoers.
* System-to-system authentication. When whole systems within the telephone
industry are networked to each other, it's equally important that each
system
be able to authenticate contact with another system.
* Audit trails which the industry can use to review surveillance activity.
* Intrusion detection programs within the telephone systems themselves which
will help identify when a surveillance technology is being put to an
improper
use.
FOR FURTHER INFORMATION CONTACT:
James X. Dempsey, Staff Counsel, Center for Democracy and Technology
+1.202.637.9800,
_____________________________________________________________________________
(3) SUBSCRIPTION INFORMATION
Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list. CDT Policy Posts, the regular news
publication of the Center For Democracy and Technology, are received by
more than 13,000 Internet users, industry leaders, policy makers and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.
To subscribe to CDT's Policy Post list, send mail to
majordomo@cdt.org
in the BODY of the message (leave the SUBJECT LINE BLANK), type
subscribe policy-posts
If you ever wish to remove yourself from the list, send mail to the
above address with a subject of:
unsubscribe policy-posts
_____________________________________________________________________________
(4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US
The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.
Contacting us:
General information: info@cdt.org
World Wide Web: URL:http://www.cdt.org/
FTP URL:ftp://ftp.cdt.org/pub/cdt/
Snail Mail: The Center for Democracy and Technology
1634 Eye Street NW * Suite 1100 * Washington, DC 20006
(v) +1.202.637.9800 * (f) +1.202.637.0968
----------------------------------------------------------------------------
End Policy Post 3.15 12/16/97
----------------------------------------------------------------------------
CDT Publications Page
CDT Home Page