Sides dig in as FBI warns of 'going dark' in online era

To the FBI, it would be substantively the same as what the agency has had the authority to do for generations with a court warrant: wiretap phones to listen in on possibly criminal communications. To privacy and civil liberties advocates, it amounts to another expansion of the FBI's already excessive authority to spy on innocent American citizens.

"It" is a proposed amendment to the 1994 Communications Assistance for Law Enforcement Act, that would require social-networking Web sites and providers of VoIP (such as Skype), instant messaging and e-mail to provide a so-called "backdoor" to give the FBI the same ability to tap into communications as they can with mobile or landline phone networks.

And the common targets of a lobbying war over the legislation are the various tech companies that would be affected, along with the tech industry in general. The FBI hasn't asked for the outright support of giants like Microsoft, Facebook, Yahoo and Google to offer outright support for the the law, but has quietly been asking them not to oppose it.

CNET's Declan McCullagh reported last week on the FBI's argument, that the massive shift of communications from the telephone system to the Internet "has made it far more difficult for the agency to wiretap Americans suspected of illegal activities."

The law has already been expanded once, in 2004, to include broadband networks, but still excludes Web companies. The FBI says its surveillance efforts are in danger of "going dark," if it is not allowed to monitor the way people communicate now.

As McCullagh put it, "From the FBI's perspective, expanding CALEA to cover VoIP, Web e-mail, and social networks isn't expanding wiretapping law: If a court order is required today, one will be required tomorrow as well. Rather, it's making sure that a wiretap is guaranteed to produce results."

Not surprisingly, a range of opponents from privacy advocates to legal experts disagree -- strongly.

The affects of the amendment could easily spill into the economic arena, says John Koetsier in VentureBeat, who begins a May 4 post with, "George Orwell was an optimist."

In "1984's" Oceania, the government could only monitor its citizens over TV screens. This, he notes, would allow surveillance through any kind of communication service. "I can't imagine a better way to kill U.S. competitiveness in the tech sector abroad," he writes. "What European, Asian, or South American will want to use a U.S. product such as Google+ or Facebook knowing that the U.S. government has easy access to whatever is said, shared, uploaded, or done there? This could accelerate massive migration away from predominantly American tools and networks."

But the major concern remains government invasion of citizen privacy. Jay Stanley, a senior policy analyst at the ACLU, writes: "If the government has a warrant and happens to have a means of eavesdropping, that is one thing. But to rearrange the world to guarantee eavesdropping is something else entirely."

Stanley also worries about government interference with popular methods of communicating online that may include encryption. "Should the FBI be able to dictate what kind of code runs on your computer? That crosses a line that we have never crossed before," he says.

Glenn Greenwald, writing at Salon, contends, "This isn't about expanding the scope of the government's legal surveillance powers -- numerous legislative changes since 2001 have already accomplished that quite nicely -- but is about ensuring the government's physical ability to intrude into all forms of Internet communication."

Greenwald accuses the Obama administration of rank hypocrisy. It condemned the governments of Saudi Arabia and the United Arab Emirates for banning BlackBerry smartphones, since they were unable to monitor communications on them, calling the actions "a dangerous precedent" and a threat to "democracy, human rights and freedom of information."

"Yet six weeks later, the very same Obama administration embraced exactly the same rationale -- that it is intolerable for any human interaction to take place beyond the prying eyes and ears of the government," Greenwald writes.

ACLU attorney Mark Rumold says the FBI hasn't yet even made the case that it will "go dark" if it doesn't have backdoor access to Web communications. "In 2010, we filed a lawsuit against the FBI and Department of Justice, and part of that was asking them about their difficulties in interception communications," he says. "So far, they have not produced much. When their premise is that they're having difficulties but won't disclose them, that doesn't do much for their case."

Rumold and others say there is a difference between wiretapping phones and demanding a backdoor to Internet services. "A backdoor doesn't just make it accessible to the FBI -- it makes it vulnerable to others," he says.

Marc Zwillinger, founder and owner of the law firm ZwillGen, says that all Internet communication "has to go through pipes," so the answer is not to put the burden on developers, but to conduct surveillance "at the edge," of the end users, including putting a key logger on a suspect's computer, if they think he or she may be using encryption.

"[But] intercept authority isn't everything," Zwillinger says. "In many instances [online], you're leaving stored communication, unlike a phone conversation, where unless one hears or records the person speaking, there is no record of the communication."

Read more about investigations/forensics in CSOonline's Investigations/Forensics section.

Join the CSO newsletter!

Error: Please check your email address.

More about BlackBerryCNET NetworksDepartment of JusticeFacebookFBIGoogleMicrosoftSkypeYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts