Increased Wiretap Access for New Communications Tech Urged

A top FBI official asked a House subcommittee for new laws allowing “intercept solutions” in cellular and Internet infrastructure.
Publish date:
Updated on

Law enforcement needs changes to existing wiretap-technology law requiring “intercept solutions” be installed in systems managing cell phones and Internet communications—including person-to-person video communications—a top FBI official told a House subcommittee.

On Feb. 17, 2011, Valerie Caproni, the general counsel for the FBI told the subcommittee on crime, terrorism and security that the FBI and other government agencies are facing a potentially widening gap between the legal authority to intercept electronic communications pursuant to a court order and the ability to actually intercept those communications.

The current law—the Communications Assistance for Law Enforcement Act (CALEA) of 1994, (PL 103-414)—does not cover the complex technologies of the many different types of new communications, Caproni said. That, combined with multiple carriers, has made it difficult for providers to quickly comply with a court order approving a wiretap, Caproni said.

When the FBI serves wiretap orders on providers that are not covered by CALEA, “critical evidence can be lost,” due to the time it takes to install the intercept devices, Caproni said. Therefore, law enforcement would like to see CALEA amended to cover Internet based modalities, she said. Specifically, CALEA needs to be amended so that providers are directed to install, deploy and make available to law enforcement a solution to assist with court ordered electronic surveillance of telecommunication services. However, the Obama administration does not have a proposal ready, but one is been developed, she added.

Despite the lack of proposed legislation to amend CALEA, a Harvard University researcher warned of “threats” raised by extending the law to cover IP-based communications. Susan Landau, a fellow at Radcliffe Institute for Advanced Study, says building a wiretapping capability into communications infrastructure “creates serious risk the communications system will be subverted either by trusted insiders or skilled outsiders.”

Landau said such wiretapping capabilities installed into communications systems’ infrastructure—a “back door” into a system—have been used by outsiders to gain unauthorized access to systems. For example, she said, in Greece, technology allowing the “lawful interception” of IP communications was used by hackers to modify “blocks of computer code” to conduct their own wiretapping of specific targets. The breach was only discovered when some text messages had gone awry, she said, adding the culprits have not been identified.

A similar situation occurred in Italy from 1996 to 2006, Landau said. During that period, at least 6,000 Telecom Italia customers were illegally wiretapped using built in wiretapping infrastructure, and the information gained was used to bribe, or blackmail, those tapped, she said. If CALEA is amended directing Internet and cell phone providers to install technology that allows user communications to be easily wiretapped, there is a chance that technology “can be exploited,” she said.

However, despite the concerns about creating a “back-door system,” that is not what the FBI is advocating, Caproni said. “We don’t want a back door (into systems), what we want is for the provider to isolate the transaction, isolate the communication that the court has authorized us to get, and to send those communications to us through the front door,” she said.

Nonetheless, Landau disagreed with Caproni’s description. “When you build wiretapping capability into an application, when you build it into a switch, you create a serious security risk (for that system),” she said.