Want CNET to notify you of price drops and the latest stories?

Can terrorists use the Net to avoid wiretaps?

Can members of Al Qaeda use voice over Internet technology (VoIP) to avoid wiretaps?

Chris Soghoian
Christopher Soghoian delves into the areas of security, privacy, technology policy and cyber-law. He is a student fellow at Harvard University's Berkman Center for Internet and Society , and is a PhD candidate at Indiana University's School of Informatics. His academic work and contact information can be found by visiting www.dubfire.net/chris/.
Chris Soghoian
3 min read

Can members of Al Qaeda use voice over Internet technology (VoIP) to avoid wiretaps?

Recent comments by Michael McConnell, Director of National Intelligence, seem to suggest that terrorists could create significant roadblocks for the National Security Agency by simply routing their traffic through the U.S.

Mike McConnell: I'll have some of what he's smoking, Office of the Director of National Intelligence

The incongruously named Protect America Act of 2007 gutted the existing Foreign Intelligence Surveillance Act (FISA), and allowed the National Security Agency to significantly expand its surveillance powers. It's set to expire in February, and the Administration is looking for reasons to justify extending the law. With perfect timing, Michael McConnell, Director of National Intelligence, has come to the rescue.

An interview published in the upcoming edition of The New Yorker quotes him, stating that,

"McConnell said that federal judges had recently decided, in a series of secret rulings, that any telephone transmission or e-mail that incidentally flowed into U.S. computer systems was potentially subject to judicial oversight. According to McConnell, the capacity of the NSA to monitor foreign-based communications had consequently been reduced by 70 percent."

Conveniently enough, if Congress passes legislation to further gut FISA, the NSA will be able to resume its warrantless snooping on the terrorists, the troops will be safe, global warming will cease to be a problem, and no more puppies will have to die.

While the average privacy geek would consider an NSA wiretap of an undersea fiber-optic cable carrying millions of phone calls to be surveillance, it turns out that the law does not agree. As per the existing FISA rules, anything the NSA does outside of the U.S. does not count as electronic surveillance, and thus does not require a warrant. Thus, any wiretapping that happens in Iraq will never require approval of the FISA court, with or without any new legislation being passed.

AT&T and the NSA: best friends forever Electronic Frontier Foundation

(I'm not the only one to call bs on McConnell's claims. Wired's Ryan Singel is offering a $1,000 wager that "when and if those rulings are ever released, we'll see they say no such thing." Clearly, the pay over at Wired is far better than CNET. While I can't offer the same level of money as Ryan, if McConnell does turn out to be telling the truth, I'll promise to switch my telephone service to AT&T--thus sending a little bit of money to the NSA's best friend forever.)

However, for the purposes of this blog post, let's assume that McConnell is in fact telling the truth. Let's assume that a phone call between two members of Al Qaeda in the Middle East that happens to flow through a U.S.-based server automatically kicks in a requirement that the NSA get a FISA warrant before it can listen in--even if the tap is conducted in Iraq, or under the Atlantic Ocean.

It's not surprising that this would be alarming to the NSA. In a previous interview, McConnell claimed that each FISA warrant takes more than 200 man hours to process. Were every member of the Iraqi insurgency to route his communications via the U.S., the NSA would presumably become the largest law firm in the world.

Which brings me to the point of today's blog post. If McConnell is to be believed, Al Qaeda merely needs to switch to using U.S.-based voice over IP services, and it can immediately crush the NSA under a pile of FISA paperwork. No matter where the NSA actually tried to intercept the Internet-routed phone call, a FISA warrant would be required. For $24.99 a month per terrorist, Al Qaeda could launch a gigantic legal denial of service against the folks at Fort Meade. Furthermore, now that the iPhone has been hacked to support VoIP software, the VoIP-subscribing terrorists could communicate in style.

Of course, the problem with using most commercial VoIP solutions is that phone calls flow over the wire in the clear, making it trivially easy for our spooks to listen in once they've dealt with that pesky matter of the warrant. Thus, any smart terrorist worth his salt would most likely use encrypted VoIP software, such as the uber-fantastic Zfone project, which can be had for free.