NSA, FBI split on comms intercepts

The differing missions of the US National Security Agency (NSA) and the FBI have led to a split over telecommunications intercept policies — which Americans call "wiretaps" — according to computer scientist Susan Landau.

The differing missions of the US National Security Agency (NSA) and the FBI have led to a split over telecommunications intercept policies — which Americans call "wiretaps" — according to computer scientist Susan Landau.

The FBI's focus is on law enforcement. Since 1994, the agency has had a direct say in the design of communications networks, courtesy of the US Communications Assistance for Law Enforcement Act (CALEA), so that its ability to conduct intercepts isn't compromised by new developments, such as voice over internet protocol (VoIP) communications, and other peer-to-peer technologies.

Law-enforcement agencies in the US and elsewhere are demanding the ability to intercept communications in their fight against terrorism, espionage and serious international crimes. The impact of American actions is felt far beyond its shores, because the majority of the world's internet communications still traverses the US.

But as Landau, a visiting scholar in the Computer Science Department at Harvard University, told the AusCERT information security conference last week, wiretaps help solve just six US kidnapping cases per year, and, according to a June 2006 Department of Justice whitepaper on counterterrorism, only 441 defendants have ever been charged with terror- or terrorism-related activities with an international "nexus".

Landau said that natural disasters pose far greatest risks to the nation.

The FBI estimated that the cost to the US of nation-state espionage is US$200 billion annually, she said, and Kaspersky Lab chief Eugene Kaspersky told the conference that criminal malware costs more than US$100 billion globally.

But in 2005, Hurricane Katrina alone was responsible for 1836 deaths and an estimated US$81 billion in property damage — and the US has been relatively lucky. The Haiti earthquake of 2010 killed 230,000 people. The Indian Ocean tsunami of 2004 killed 283,000.

"We face serious natural disaster risks...what do you need during those times? You need emergency responders to be able to communicate," she said. Availability and interoperability are key.

Landau said that while researching her book Surveillance or Security? The Risks Posed by New Wiretapping Technologies, the NSA told her that the answer is for secure, interoperable land mobile radio to be available cheaply through consumer electronics stores. Mobile or landline phones might go down in an emergency, she said. Satellite communication could be blocked by tall buildings or bad weather.

"To get [the balance] right, you want to have secure communications when you have a disaster, whether natural or otherwise, and the natural ones happen much more often," Landau said. Only after that should we consider ensuring the security of personal and business communication, and then the potential for intercepts.

"You build wiretapping capability into a communications system, it stays a really long time. You try to deal with an emergency threat [such as terrorism] now by building a wiretapping capability into your system now, you might take care of your threat now, but five years, 10 years, 20 years down the road, you've still got that wiretapping capability, and somebody else can break into it," she said.

"The NSA and FBI have split on this, because they have different viewpoints," she said, with the NSA looking at the broader picture of national security, rather than just law enforcement.

Landau recommends against focusing on the blunt instrument of privacy-invasive communications intercepts, which she says could easily be turned against citizens. Law-enforcement agencies should instead use transactional information, such as mobile phone location data, the vulnerability of end hosts and other "clever" solutions.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All