The Laws That Make It Easy for the Government to Spy on Americans

With all of the new disclosures in the last 24 hours about surveillance by the National Security Agency and the FBI of both telephone and Internet use by American citizens, it’s useful to dredge up some history of how all this came to be.

With the new disclosures, there’s been a lot of focus on the Foreign Intelligence Surveillance Act, and on the Obama Administration’s secret interpretations of various sections of that law as a legal basis for all this spying.

But a law passed in 1994 and signed by then-president Bill Clinton is worth remembering for what it requires of American telecommunications companies. The Communications Assistance for Law Enforcement Act requires telecom carriers and the companies that manufacture the gear they use to modify the design of that equipment to ensure that they have built-in surveillance capabilities.

The point was to make it easier to tap digital phone networks, which were on the rise. Strangely, the law didn’t expressly cover data passing over the Internet.

That changed in 2005, following a petition by the Department of Justice — the FBI’s parent agency — to the Federal Communications Commission. The DOJ asked that the scope of CALEA be expanded to cover the Internet. Broadband Internet companies would be required to open up their networks so that VOIP phone calls could be wiretapped, as well. The FCC agreed, arguing that the Internet had replaced the old telephone exchanges.

This isn’t just a history lesson. In recent years, the FBI has been complaining of “going deaf.” Encrypted communications that use peer-to-peer connections like Skype and FaceTime and other tools like Google Hangouts are difficult to monitor. Now the FBI wants Congress to require that new communications software products that run on the user’s computer or smartphone be built from the ground up to be wiretap-friendly, essentially by inserting backdoor capabilities in the source code. Wiretaps could be executed silently, and without the user knowing. Companies that don’t comply would be subjected to a fine of $25,000 per day. The new proposal is being dubbed CALEA II by some people.

Critics of the proposal — including a group of 20 computer scientists who co-authored a report on it last month — have argued that requiring a back door in all communications products would make that same back door available to attackers — hackers, foreign spies and others.

As Ed Felten, a professor of computer science as Princeton University, put it in a recent post on his blog, the requirement would make it “easier for attackers to capture the very same data that law enforcement wants. Intruders want to capture everything that happens on a compromised computer. They will be happy to see a built-in tool for capturing and extracting large amounts of audio, video, and text traffic.”

Worse, he writes, “… the capability will be stealthy by design, making it difficult for the user to tell that anything is amiss.”

Basically, the government should be careful what it wishes for.