FBI renews push for ready-made Web wiretaps

FBI renews push for ready-made Web wiretaps

Summary: The FBI is asking Internet companies not to oppose a proposal that would require them to to build in backdoors for government surveillance.


The FBI is asking Internet companies not to oppose a controversial proposal that would require the firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance.

In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, CNET has learned.

The FBI general counsel's office has drafted a proposed law that the bureau claims is the best solution: requiring that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly.

"If you create a service, product, or app that allows a user to communicate, you get the privilege of adding that extra coding," a person who has reviewed the FBI's draft legislation told CNET. The requirements apply only if a threshold of a certain number of users is exceeded, according to a second person briefed on it.

The FBI's proposal would amend a 1994 law, called the Communications Assistance for Law Enforcement Act, or CALEA, that currently applies only to telecommunications providers, not Web companies. The Federal Communications Commission extended CALEA in 2004 to apply to broadband networks.

FBI Director Robert Mueller is not asking companies to support the bureau's CALEA expansion, but instead is "asking what can go in it to minimize impacts," one participant in the discussions says. That included a scheduled trip this month to the West Coast -- which was subsequently postponed -- to meet with Internet companies' CEOs and top lawyers.

A further expansion of CALEA is unlikely to be applauded by tech companies, their customers, or privacy groups. Apple (which distributes iChat and FaceTime) is currently lobbying on the topic, according to disclosure documents filed with Congress two weeks ago. Microsoft (which owns Skype and Hotmail) says its lobbyists are following the topic because it's "an area of ongoing interest to us." Google, Yahoo, and Facebook declined to comment.

In February 2011, CNET was the first to report that then-FBI general counsel Valerie Caproni was planning to warn Congress of what the bureau calls its "Going Dark" problem, meaning that its surveillance capabilities may diminish as technology advances. Caproni singled out "Web-based e-mail, social-networking sites, and peer-to-peer communications" as problems that have left the FBI "increasingly unable" to conduct the same kind of wiretapping it could in the past.

In addition to the FBI's legislative proposal, there are indications that the Federal Communications Commission is considering reinterpreting CALEA to demand that products that allow video or voice chat over the Internet -- from Skype to Google Hangouts to Xbox Live -- include surveillance backdoors to help the FBI with its "Going Dark" program. CALEA applies to technologies that are a "substantial replacement" for the telephone system.

"We have noticed a massive uptick in the amount of FCC CALEA inquiries and enforcement proceedings within the last year, most of which are intended to address 'Going Dark' issues," says Christopher Canter, lead compliance counsel at the Marashlian and Donahue law firm, which specializes in CALEA. "This generally means that the FCC is laying the groundwork for regulatory action."

Subsentio, a Colorado-based company that sells CALEA compliance products and worked with the Justice Department when it asked the FCC to extend CALEA seven years ago, says the FBI's draft legislation was prepared with the compliance costs of Internet companies in mind.

In a statement to CNET, Subsentio President Steve Bock said that the measure provides a "safe harbor" for Internet companies as long as the interception techniques are "'good enough' solutions approved by the attorney general."

Another option that would be permitted, Bock said, is if companies "supply the government with proprietary information to decode information" obtained through a wiretap or other type of lawful interception, rather than "provide a complex system for converting the information into an industry standard format."

A representative for the FBI told CNET today that: "(There are) significant challenges posed to the FBI in the accomplishment of our diverse mission. These include those that result from the advent of rapidly changing technology. A growing gap exists between the statutory authority of law enforcement to intercept electronic communications pursuant to court order and our practical ability to intercept those communications. The FBI believes that if this gap continues to grow, there is a very real risk of the government 'going dark,' resulting in an increased risk to national security and public safety."

Next steps

The FBI's legislation, which has been approved by the Department of Justice, is one component of what the bureau has internally called the "National Electronic Surveillance Strategy." Documents obtained by the Electronic Frontier Foundation show that since 2006, Going Dark has been a worry inside the bureau, which employed 107 full-time equivalent people on the project as of 2009, commissioned a RAND study, and sought extensive technical input from the bureau's secretive Operational Technology Division in Quantico, Va. The division boasts of developing the "latest and greatest investigative technologies to catch terrorists and criminals."

But the White House, perhaps less inclined than the bureau to initiate what would likely be a bruising privacy battle, has not sent the FBI's CALEA amendments to Capitol Hill, even though they were expected last year. (A representative for Sen. Patrick Leahy, head of the Judiciary committee and original author of CALEA, said today that "we have not seen any proposals from the administration.")

Mueller said in December that the CALEA amendments will be "coordinated through the interagency process," meaning they would need to receive administration-wide approval.

Stewart Baker, a partner at Steptoe and Johnson who is the former assistant secretary for policy at Homeland Security, said the FBI has "faced difficulty getting its legislative proposals through an administration staffed in large part by people who lived through the CALEA and crypto fights of the Clinton administration, and who are jaundiced about law enforcement regulation of technology -- overly jaundiced, in my view."

On the other hand, as a senator in the 1990s, Vice President Joe Biden introduced a bill at the FBI's behest that echoes the bureau's proposal today. Biden's bill said companies should "ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law." (Biden's legislation spurred the public release of PGP, one of the first easy-to-use encryption utilities.)

The Justice Department did not respond to a request for comment. An FCC representative referred questions to the Public Safety and Homeland Security Bureau, which declined to comment.

From the FBI's perspective, expanding CALEA to cover VoIP, Web e-mail, and social networks isn't expanding wiretapping law: If a court order is required today, one will be required tomorrow as well. Rather, it's making sure that a wiretap is guaranteed to produce results.

But that nuanced argument could prove radioactive among an Internet community already skeptical of government efforts in the wake of protests over the Stop Online Piracy Act, or SOPA, in January, and the CISPA data-sharing bill last month. And even if startups or hobbyist projects are exempted if they stay below the user threshold, it's hardly clear how open-source or free software projects such as Linphone, KPhone, and Zfone -- or Nicholas Merrill's proposal for a privacy-protective Internet provider -- will comply.

The FBI's CALEA amendments could be particularly troublesome for Zfone. Phil Zimmermann, the creator of PGP who became a privacy icon two decades ago after being threatened with criminal prosecution, announced Zfone in 2005 as a way to protect the privacy of VoIP users. Zfone scrambles the entire conversation from end to end.

"I worry about the government mandating backdoors into these kinds of communications," says Jennifer Lynch, an attorney at the San Francisco-based Electronic Frontier Foundation, which has obtained documents from the FBI relating to its proposed expansion of CALEA.

As CNET was the first to report in 2003, representatives of the FBI's Electronic Surveillance Technology Section in Chantilly, Va., began quietly lobbying the FCC to force broadband providers to provide more-efficient, standardized surveillance facilities. The FCC approved that requirement a year later, sweeping in Internet phone companies that tie into the existing telecommunications system. It was upheld in 2006 by a federal appeals court.

But the FCC never granted the FBI's request to rewrite CALEA to cover instant messaging and VoIP programs that are not "managed"--meaning peer-to-peer programs like Apple's Facetime, iChat/AIM, Gmail's video chat, and Xbox Live's in-game chat that do not use the public telephone network.

If there is going to be a CALEA rewrite, "industry would like to see any new legislation include some protections against disclosure of any trade secrets or other confidential information that might be shared with law enforcement, so that they are not released, for example, during open court proceedings," says Roszel Thomsen, a partner at Thomsen and Burke who represents technology companies and is a member of an FBI study group. He suggests that such language would make it "somewhat easier" for both industry and the police to respond to new technologies. But industry groups aren't necessarily going to roll over without a fight. TechAmerica, a trade association that includes representatives of HP, eBay, IBM, Qualcomm, and other tech companies on its board of directors, has been lobbying against a CALEA expansion. Such a law would "represent a sea change in government surveillance law, imposing significant compliance costs on both traditional (think local exchange carriers) and nontraditional (think social media) communications companies," TechAmerica said in e-mail today.

Ross Schulman, public policy and regulatory counsel at the Computer and Communications Industry Association, adds: "New methods of communication should not be subject to a government green light before they can be used."

About Declan McCullagh
Declan McCullagh is the chief political correspondent for CNET. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.

This article was originally posted on CNET News.

"Going Dark" timeline
June 2008: FBI Director Robert Mueller and his aides brief Sens. Barbara Mikulski, Richard Shelby, and Ted Stevens on "Going Dark."

June 2008: FBI Assistant Director Kerry Haynes holds "Going Dark" briefing for Senate appropriations subcommittee and offers a "classified version of this briefing" at Quantico.

August 2008: Mueller briefed on Going Dark at strategy meeting.

September 2008: FBI completes a "high-level explanation" of CALEA amendment package.

May 2009: FBI Assistant Director Rich Haley briefs Senate Intelligence committee and Mikulsi staffers on how bureau is "dealing with the 'Going Dark' issue.'" Mikulski plans to bring up "Going Dark" at a closed-door hearing the following week.

May 2009: Haley briefs Rep. Dutch Ruppersberger, currently the top Democrat on House Intelligence, who would later co-author CISPA. September 2008: FBI staff briefed by RAND, which was commissioned to "look at" Going Dark.

November 2008: FBI Assistant Director Marcus Thomas, who oversees the Quantico-based Operational Technology Division, prepares briefing for President-Elect Obama's transition team.

December 2008: FBI intelligence analyst in Communications Analysis Unit begins analysis of VoIP surveillance.

February 2009: FBI memo to all field offices asks for anecdotal information about cases where "investigations have been negatively impacted" by lack of data retention or Internet interception.

March 2009: Mueller's advisory board meets for a full-day briefing on Going Dark.

April 2009: FBI distributes presentation for White House meeting on Going Dark.

April 2009: FBI warns that the Going Dark project is "yellow," meaning limited progress, because of "new administration personnel not being in place for briefings."

April 2009: FBI general counsel's office reports that the bureau's Data Interception Technology Unit has "compiled a list of FISA dockets... that the FBI has been unable to fully implement." That's a reference to telecom companies that are already covered by the FCC's expansion of CALEA.

May 2009: FBI's internal Wikipedia-knockoff Bureaupedia entry for "National Lawful Intercept Strategy" includes section on "modernize lawful intercept laws."

May 2009: FBI e-mail boasts that the bureau's plan has "gotten attention" from industry, but "we need to strengthen the business case on this."

June 2009: FBI's Office of Congressional Affairs prepares Going Dark briefing for closed-door session of Senate Appropriations subcommittee.

July 2010: FBI e-mail says the "Going Dark Working Group (GDWG) continues to ask for examples from Cvber investigations where investigators have had problems" because of new technologies.

September 2010: FBI staff operations specialist in its Counterterrorism Division sends e-mail on difficulties in "obtaining information from Internet Service Providers and social-networking sites."

Topics: Government US, Browser, Government

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • more big brother!

    The right thing to do is to pay the users to get access to their info and communications.
    Otherwise the Chinese will brag about having less digital surveillance than us.
    The Linux Geek
  • If only these guys could be trusted...

    Since 911, our Government has conducted surveillance of Americans with little regard for the reasonable privacy of innocent citizens. They have openly, brazenly broken the law on a vast scale (for instance with the collection of telco billing records and NSA backbone taps). Our Government surveillance community has demonstrated no respect for the law, no accountability when the law is broken and no transparency about how the law is used.

    Is it any wonder that there is no enthusiasm on the part of industry or users to support Government in their further efforts to pry into our private lives, finances and communications? If we could be confident that Government would use these surveillance powers only when they have probable cause of wrong doing rather than to understand the habits and behaviors of everyday, innocent citizens, there would be much more support for these kinds of Government capabilities.
    • ... and we get to pay for it

      The best part is that the taxpayer gets stuck with the bill for all this unnecessary surveillance! Our country is broke, but we can find money for this?
  • bad move

    When you create those vulnerabilities for government, those same vulnerabilities can be exploited by any sufficiently knowledgeable person ... including those involved with blackmail, fraud, or terrorism. The Constitution was created to protect citizens from their government; as Ars put it, privacy is a feature, not a bug. It is just insane that the government would even consider requiring retention policies for data on customers that a business would never need save for government seizure.
    • Bush's Attempt

      Most people tend to forget the failed attempt by the first Bush administration in trying to push hardware on everybody that would supposedly protect them while providing the government with a back door. The infamous clipper chip. Of course once the back door was opened by others it meant that there was no longer any security provided to transmissions using the chip since anyone could then decode it. The concern by businesses these days on communications being intercepted and monitored by foreign governments is even greater, even within our borders. Back doors provide a security weakness that once opened cannot be close thus eliminating the security once provided.
      Unc Al
      • Once again

        Obama finishes a job Bush couldn't manage.
  • We're Looking For A Few Good Fink/Suckers

    Let me get this straight: The FBI not only wants illegal access to the Web activities of US citizens, they want the ISPs to PAY for the 'honor' of being collaborators in this anti-American scheme?

    As they say in my neighborhood: Go pound sand in a rathole.
  • Not buying it

    This is another MPAA/RIAA sponsored bill to put everyone under surveillance to stop people sharing movies & music over P2P networks. They say it's for national security and public safety, but that's total bunk.
  • Land of the free, home of the brave...

    And Ms Clinton and Mr Brin have the gall to complain about the Chinese government (of course, our Swedish government, which is a wholly-owned subsidiary of its counterpart in the USA, already has access to everything we do on the net, via the so-called FRA-lagen, so here the centre lags behind the periphery) !...

  • Awful solution to a real problem

    I strongly oppose any attempt by the government to mandate back doors or other interception features in communications software. It's a bad idea on many levels, including the near certainty of security breaches. It also won't work. Criminals and terrorists will find ways to evade it.

    Having said all that, I don't dismiss the FBI's concerns. They have a real problem.

    Wiretaps are a legitimate law enforcement and national security tool. There's no doubt that governments have a long history of abusing wiretaps, and the abuse has probably accelerated over the last 10 years. That doesn't change the fact that there are many legitimate uses for wiretaps. It's also a fact that the shift from circuit switched voice to VoIP will eventually make traditional wiretaps impossible.

    If you're opposed to back doors in communications software, the intellectually honest thing to do is admit that law enforcement will loose an important, even critical, tool. Some crimes will go undetected and some criminals will go unpunished as a result. Some terrorists will be able to plan and execute attacks that might otherwise have been prevented. People may die. I'm willing to accept that as the price for living in a free and open society.
    • The criminals who violated our telco privacy laws have yet to be punished.

      A significant amount of criminality that is going unacknowledged, and unpunished, is that practiced by the very intelligence services seeking these additional tools for spying on our citizens. Giving more and more tools and more and more power to these folks who do not respect our existing laws seems hardly a path to less criminality in our society.
  • Give the government a rope and they will hang you with it.

    Not a single agency can be trusted in the slightest. The entire government is a clear and present danger to all of humanity.
    Reality Bites
  • Have to be able to trust them

    Until corruption and poor judgement is eliminated from such organisations, giving priviledged access has concerns, especially if there is not transparency and accountability.
  • I'm sure this has happened already via Patriot Act

    But this will make it matter of fact and will not necessitate any kind of quasi order. People should not have expected any sort of privacy on the net anyway.
  • FBI Misuse of power

    Those of us who are old enough remember when the Feebs used this power illegally as in when J. Edgar Fairy used the FBI to coerce his enemies and blackmail politicians to fall in with his agenda or be exposed even if he had to make it up. I haven't seen a lot to make me think these clowns have changed their morals or intentions since then.
  • Nothing to hide

    I like privacy but things are getting out of hand.
    They cannot survey everyone. So if you have nothing to hide they should not notice. If you check out kiddie sites and extreme muzzie sites and whatnot then they will notice. I want freedom but I also know we have to have safety. X military, I have seen so many attempts on freedom squashed by us that does not make it into the news. They have to do what they have to do. Don't like it? Then come up with a better plan or STFU. A better plan would be way appreciated.
    • check out kiddie sites

      Are you referring to the case where there was a "kiddie site" set up by FBI to catch a "kiddie-lover"?

      They should be closing these sites, not watching them. But instead, they are making their own...to keep surveillance. Its like becoming the big-scale drug seller "to keep eye" an all the smaller scale drug sellers. Which is, many people already believe the governments are actually doing. Now they no longer even hide that policy.
  • Great... now they're trying to legitimize...

    ... the illegal surveillance they've been doing since the first Bush administration, and demanding AGAIN that service providers ASSIST them.

    I cannot believe the balls on these people.

    Nothing to hide, you're a naive fool. YOU STFU.

    Charlie Foxtrot Alphabet Soup.
  • nothing new

    Organized crime had the power to spy on others while hiding their own corruption from public view going back to the stone age days. Anyone with any sense who is plotting against a government is encrypting all such communication today.

    Those traps may record some of it but no one will ever decrypt it. It takes longer than the life of the galaxy to process all the possible key sequences on today's hardware and that impossible scenario is unlikely to change in our lifetimes. Unless the key is leaked, those communications are totally secure. My guess is the top boss is going to keep the keys.

    The only thing that has changed is that the widespread availability of cheap technology, and the widespread communication of encryption techniques via the web, is putting these same unhackable capabilities into the hands of the average person.

    That means that virtually any criminal entity with a competent security advisor is already completely secure, unless there is a mole or a lazy arrogant idiot in the organization.

    Skype, email, shtml, torrent, TOR, cellphone, payphone, you name it, every form of communication can be secured by unhackable encryption today at reasonable cost.

    This bill is not about protecting us from the next Bin Laden. It is about protecting media producers from the Pirate Bay.

    What the bureaucrats are really after is a simple and cheap way to spy on the dummies out there who are too naive or lazy to implement their own security standards. That includes stupid homegrown radical terrorists and casual copyright infringers (i.e. mass murderers and young or casual media thiefs), in other words protecting middle American lawnorder values like Mom and apple pie.

    Oh yes don't forget the occasional wiretap on the inconvenient and unsuspecting idealistic liberal political opponent, who more than likely will find him or herself being audited by the IRS, having his or her psychotherapy records inexplicably released on the Internet, or maybe mysteriously dying in a single-car crash on a deserted highway.

    Maybe once in a while they will also catch someone who is really dangerous, just to 'prove' that the expense is worthwhile. If not, they can always entrap some unsuspecting idiot. Meanwhile the dollars keep rolling in to the political slush funds and the propaganda keeps pumping out of the mass media. As long as the wealthy are making money they are happy.

    This gravy train will roll along until we run out of resources and the environment becomes too hostile to sustain all this zealotry. Then we will be back to dungeons and hot pokers as our main source of intelligence on the enemy, even in 'enlightened' countries that never do that sort of thing, at least not on their own soil. Hey, that sounds awfully familiar!

    Sorry, just too much a realist to fall for the propaganda - on any side of the debate.

    No more heinous cowards have been hatched and nourished by the USA than the clandestine assassins of the fbi and cia.

    fbi's Own Crimes On Wall Street