FBI adds to wiretap wish list

A sweeping proposal seeks to guarantee that Internet Protocol-based communications from VoIP to instant messaging are susceptible to police surveillance.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
5 min read
A far-reaching proposal from the FBI, made public Friday, would require all broadband Internet providers, including cable modem and DSL companies, to rewire their networks to support easy wiretapping by police.


What's new:
A far-reaching FBI proposal would require all broadband Net providers, including cable modem and DSL companies, to rewire their networks to support easy wiretapping by police.

Bottom line:
If approved as drafted, the proposal could dramatically expand the scope of the agency's wiretap powers, raise costs for cable broadband companies and complicate Internet product development.

More stories on this topic

The FBI's request to the Federal Communications Commission aims to give police ready access to any form of Internet-based communications. If approved as drafted, the proposal could dramatically expand the scope of the agency's wiretap powers, raise costs for cable broadband companies and complicate Internet product development.

Legal experts said the 85-page filing includes language that could be interpreted as forcing companies to build back doors into everything from instant messaging and voice over Internet Protocol (VoIP) programs to Microsoft's Xbox Live game service. The introduction of new services that did not support a back door for police would be outlawed, and companies would be given 15 months to make sure that existing services comply.

"The importance and the urgency of this task cannot be overstated," says the proposal, which is also backed by the U.S. Department of Justice and the Drug Enforcement Administration. "The ability of federal, state and local law enforcement to carry out critical electronic surveillance is being compromised today."

Because the eavesdropping scheme has the support of the Bush administration, the FCC is expected to take it very seriously. Last month, FCC Chairman Michael Powell stressed that "law enforcement access to IP-enabled communications is essential" and that police must have "access to communications infrastructure they need to protect our nation."

The request from federal police comes almost a year after representatives from the FBI's Electronic Surveillance Technology Section approached the FCC and asked that broadband providers be required to provide more efficient, standardized surveillance facilities. Such new rules were necessary, the FBI argued, because terrorists could otherwise frustrate legitimate wiretaps by placing phone calls over the Internet.

"It is a very big deal and will be very costly for the Internet and the deployment of new technologies," said Stewart Baker, who represents Internet providers as a partner at law firm Steptoe & Johnson. "Law enforcement is very serious about it. There is a lot of emotion behind this. They have stories that they're very convinced about in which they have not achieved access to communications and in which wiretaps have failed."

Broadband in the mix
Broadband providers say the FBI's request would, for the first time, force cable providers that sell broadband to come under the jurisdiction of 1994's Communications Assistance for Law Enforcement Act (CALEA), which further defined the already existing statutory obligations of telecommunications carriers to help police conduct electronic surveillance. Telephone companies that use their networks to sell broadband have already been following CALEA rules.

"For cable companies, it's all new," said Bill McCloskey, a BellSouth spokesman.

Several cable providers, including Comcast, Time Warner Cable and Cablevision Systems, had no immediate comment on the FBI's request.

The FBI proposal would also force Vonage, 8x8, AT&T and other prominent providers of broadband telephone services to comply with CALEA. Executives from these companies have said in the past that they all intend to comply with any request law enforcement makes, if technically possible.

Broadband phone service providers say they are already creating a code of conduct to cover some of the same issues the FBI is addressing--but on a voluntary basis, according to Jeff Pulver, founder of Free World Dialup. "We have our chance right now to prove to law enforcement that we can do this on a voluntary basis," Pulver said. "If we mandate and make rules, it will just complicate things."

Under CALEA, police must still follow legal procedures when wiretapping Internet communications. Depending on the situation, such wiretaps do not always require court approval, in part because of expanded wiretapping powers put in place by the USA Patriot Act.

A Verizon representative said Friday that the company has already complied with at least one law enforcement request to tap a DSL line.

This week's proposal surprised privacy advocates by reaching beyond broadband providers to target companies that offer communications applications such as instant-messaging clients.

"I don't think it's a reasonable claim," said Marc Rotenberg, director of the Electronic Privacy Information Center. "The FCC should seriously consider where the FBI believes its authority...to regulate new technologies would end. What about Bluetooth and USB?"

Baker agrees that the FBI's proposal means that IP-based services such as chat programs and videoconferencing "that are 'switched' in any fashion would be treated as telephony." If the FCC agrees, Baker said, "you would have to vet your designs with law enforcement before providing your service. There will be a queue. There will be politics involved. It would completely change the way services are introduced on the Internet."

As encryption becomes glued into more and more VoIP and instant-messaging systems like PSST, X-IM and CryptIM, eavesdropping methods like the FBI's Carnivore system (also called DCS1000) become less useful. Both Free World Dialup's Pulver, and Niklas Zennstrom, founder of Skype, said last month that their services currently offer no easy wiretap route for police, because VoIP calls travel along the Internet in tens of thousands of packets, each sometimes taking completely different routes.

Skype has become a hot button in the debate by automatically encrypting all calls that take place through the peer-to-peer voice application.

The origins of this debate date back to when the FBI persuaded Congress to enact the controversial CALEA. Louis Freeh, FBI director at the time, testified in 1994 that emerging technologies such as call forwarding, call waiting and cellular phones had frustrated surveillance efforts.

Congress responded to the FBI's concern by requiring that telecommunications services rewire their networks to provide police with guaranteed access for wiretaps. Legislators also granted the FCC substantial leeway in defining what types of companies must comply. So far, the FCC has interpreted CALEA's wiretap-ready requirements to cover only traditional analog and wireless telephone service, leaving broadband and Internet applications in a regulatory gray area.

Under the FBI's proposal, Internet companies would bear "sole financial responsibility for development and implementation of CALEA solutions" but would be authorized to raise prices to cover their costs.