As technologies have advanced, they have dramatically changed the way that we live and interact. We, as consumers, have become accustomed to the convenience, capabilities, and even the entertainment that they provide. But, should these same advantages be applied to other areas such as law enforcement?
This topic has recently come up for debate after the FBI indicated that it is contemplating legislation that would require Internet firms to build backdoors into their services for government surveillance. The bureau is hoping to amend the 1994 Communications Assistance for Law Enforcement Act (CALEA) in order to require companies such as Google, Microsoft, Apple, and Facebook to comply with federal wiretapping orders if the need arises.
CALEA, in its current form, applies to telecommunications companies. It was amended in 2004 to also include broadband networks, but if the FBI’s effort works, it could also force Web companies to alter their code to ensure surveillance capabilities.
“Basically, the FBI wants to amend CALEA to keep up with the changes in technology that have taken place over the last 18 years since CALEA became law,” Michael Donahue, partner at Marashlian & Donahue, LLC, tells WebProNews.
In the past, the FBI has worked to develop independent solutions for these types of companies, explained Donahue. However, due to budget cuts, the funding for them no longer exists.
These recent developments are part of the bureau’s mission to resolve, what it calls, its “Going Dark” problem. According to information released by the FBI, “Going Dark” refers to “law enforcement's limited capability to comprehensively and lawfully collect data and information, conduct electronic surveillance and analyze the raw data due to the rapid evolution of telecommunications and data collection technology and services.”
Research shows that the “Going Dark” problem dates back several years. Under this initiative, Donahue told us that the FBI is trying to achieve the following actions:
- To commit the FCC to regulate technical standards for solutions
- To require the FCC to approve a standard in order for it to be considered a safe harbor
- To eliminate or modify the current exemption in CALEA for private networks (i.e., Universities, Colleges, etc.)
- To eliminate or modify the current exemption for information services
- To provide stronger enforcement of existing requirements that providers that enable encryption are also able to decrypt the information for law enforcement
- To require providers to certify their CALEA compliance annually
“While this was a small problem a number of years ago,” pointed out Donahue, “it’s becoming an increasingly larger problem as more services are moving to different technologies and more innovative technologies that are not currently covered by CALEA, or they fall into a gray area where CALEA may or may not apply.”
The FBI has said that, with this move, it has no intention of gaining more authority. It believes the amendment would be a natural evolution of its current tools and that it would help their agents do their jobs more effectively.
“What it’s [FBI] seeking is the ability to go to a provider and obtain the kind of information that it’s authorized to get under the law in a cooperative manner,” said Donahue.
He went on to say that law enforcement currently runs into the problem of, after obtaining the court order, finding the company doesn’t have a solution in place for letting it get the information it needs. Another issue that law enforcement is facing is dealing with a company that has a solution but finding that it hasn’t been maintained, thus making it unusable.
Since these problems have persisted for several years without a solution, the FBI has reported the non-compliant parties to the FCC. Based on current processes, the commission, in turn, investigates the companies to see if they are in compliance with CALEA and its own rules. The FCC then has the authority to fine or require the companies to comply. Although the commission has not issued any notices of liability yet, Donahue told us that he wouldn’t be surprised if it does in the near future.
The current form of CALEA is careful to include protections for the privacy and security of users, but there are concerns being raised over these areas in light of a potential amendment the FBI is pushing. The FBI has yet to release an official proposal, but tech companies, privacy advocates, and consumer groups are not likely going to be supportive of such a measure.
The monitoring of users’ online activities has become increasingly controversial in recent years, and it has sparked the introduction of numerous bills in Congress. However, given the reactions to SOPA and CISPA, it is not likely that the FBI’s amendment proposal will pass without a fight.
“There are valid arguments on both sides, and I think what’s important is that both sides recognize there are privacy issues, there are issues with network security and cybersecurity and the ability of third parties to obtain access to systems,” said Donahue.
“The key is to have a framework in place that addresses those issues to balance those with law enforcement’s concerns,” he added.
This week FBI Director Robert Mueller criticized the press regarding its informal proposition saying that the media had presented a “distortion of what our needs are.”
“What we are seeking is the ability to enforce that order, and be able to obtain those communications,” Mueller said. “And what we’re looking at is some form of legislation that will assure that when we get the appropriate court order, those individual companies that are served with that order do have the capability and the capacity to respond to that order.”
Since it is an election year, Donahue told us that it was unlikely that we would see any type of proposal from the FBI this year.