Exalted technology: should CALEA be expanded to authorize Internet wiretapping?

Author:Martin, Constance L.
Position:Communications Assistance for Law Enforcement Act of 1994


Rapid development of Internet technology has posed new challenges for government agencies and the legal community. One of the issues currently debated is the extent to which Internet phone systems should be regulated by law enforcement agencies. (1) In August 2004, the Federal Communications Commission ("FCC") tentatively approved a Notice of Proposed Rulemaking and Declaratory Ruling ("NPRM") by the Department of Justice ("DOJ"), the Federal Bureau of Investigation ("FBI"), and the U.S. Drug Enforcement Administration ("DLA") that would authorize Internet wiretapping by intelligence and police agencies. (2) The FCC's 5-0 vote approved plans to draft rules that would apply to "voice over Internet protocol" ("VoIP") services, making them subject to a 1994 law that requires new telecommunications technologies to be accessible to authorized eavesdropping. (3) On August 5, 2005, after a year of debate and consideration of relevant issues, the FCC adopted an order that will require "providers of certain broadband and interconnected" VoIP services to accommodate legally authorized enforcement wiretaps. (4)

This note demonstrates that while the Internet should not provide a cover for illegal activity, the FCC does not currently have the legal authority to undertake intrusive regulation of the Internet. Congress did not explicitly include the Internet as being subject to legislation enacted in 1994, nor does the legislative history lead one to a different conclusion. (5) Moreover, it is possible that this proposed regulation of Internet technology would simply serve as a road map to drive knowledgeable criminals to areas unprotected by legislation. (6) Finally, it is necessary to consider whether regulations imposed by this new rule would stifle the growth of new technology, and deprive us of its educational and economic benefits. (7)


A. History of Electronic Surveillance

The development of sophisticated technology has created new opportunities for surveillance. Simultaneously, such technology has made it possible to investigate individuals' private lives. (8) Electronic surveillance consists of interception of call content, or wiretapping, and the interception of call-identifying information, known as dialed-number extraction. (9) Lawfully authorized electronic surveillance can be a valuable tool for legal authorities in their fight against crime and terrorism. (10) The Omnibus Crime Control and Safe Streets Act (commonly referred to as Title III), (11) passed in 1968, contains the procedures law enforcement operatives must follow to obtain the necessary judicial approval to conduct electronic surveillance. (12) Enactment of the law followed spirited Congressional debate as to the need to balance an individual's right to privacy with law enforcement's need to monitor serious criminal activity. (13)

In 1970, Congress updated the federal wiretap statute to clarify the duty of service providers and to provide legal authority to accomplish needed interception. (14) Subsequently, Congress passed the Foreign Surveillance Act of 1978 ("FSA"), which sets forth procedures for requesting judicial authorization for electronic surveillance and physical search of a foreign power (or its agents) engaged in espionage or international terrorism against the United States. (15) This statute was considered a regulative response to allegations of domestic espionage by federal law enforcement and intelligence agencies in the 1960s and 70s. (16) In 1986, as a result of developments in technology, Congress enacted the Electronic Communications Privacy Act ("ECPA"), (17) which expanded Title III's coverage to include electronic communications. (18) Under Title III, government agents seeking authorization to intercept the content of electronic communications using a wiretap must submit a statement showing that other investigative means have been utilized (and determined inadequate), the length of time sought to have the order in place, and make a showing of probable cause. (19) There are three primary types of legally authorized electronic surveillance: pen registers, trap and trace devices, and content interception. (20) The provisions of Title III of the Omnibus Crime Control and Safe Streets Act continue to govern U.S. procedures for obtaining legal authority for initiating and conducting lawful interceptions of wire, oral, and electronic communications. (21) Congress passed the ECPA with the goal that it would provide balance "'between the privacy of citizens and the needs of law enforcement' that had become tipped too far in favor of the government." (22)

B. History of CALEA

In October 1994, Congress took action to protect public safety and ensure national security by enacting the Communications Assistance for Law Enforcement Act of 1994 ("CALEA"). (23) CALEA is a federal law that, immediately after court approval, authorizes FBI surveillance in U.S. telephone networks. (24) The purpose of CALEA is to facilitate the ability of law enforcement agencies to conduct electronic surveillance as telecommunications technology advances rapidly and the world's dependence on this technology increases. (25) It was also intended to clarify the scope of a carrier's duty in implementing legally authorized electronic surveillance. (26) CALEA does not simply authorize electronic surveillance as other legislation has done but requires telecommunications operators to take any necessary measures to aid law enforcement in this operation. (27)

Since 1970, "telecommunications carriers have been required ... to cooperate with law enforcement personnel in conducting lawfully-authorized electronic surveillance," but the implementation of CALEA required these carriers "to modify the design of their equipment, facilities, and services to ensure" the surveillance can actually be accomplished. (28) This applied to all carriers or entities "engaged in the transmission or switching of wire or electronic communications as a common carrier for hire." (29) Section 107(a)(2) of CALEA established the technical standards a carrier and a manufacturer of telecommunications transmission or switching equipment must meet to be in compliance. (30) Under certain license agreements, "the Government pays for the development of CALEA software solutions for high priority switching platforms," which enable carriers to obtain the "CALEA software at a nominal charge for equipment, facilities, or services installed or deployed now and in the future." (31)

CALEA authorized $500 million for the reimbursement of carriers for reasonable costs associated with making equipment, facilities, and services" to meet compliance requirements and a target date of June 30, 2002. (32) However, even with this seemingly large appropriation, full compliance has been hard to achieve, despite the fact that carriers can face fines of $10,000 for each intercept request from a law enforcement agency they fail to capture. (33) Some carriers argue that both the cost and the technology are obstacles in reaching compliance. (34) The FCC had to extend the original date for compliance from October 25, 1998 to June 30, 2000, and even in 2004 there were frequent allegations of noncompliance. (35)

C. Carnivore

Fourth Amendment privacy rights are in jeopardy during times of compromised national security. (36) The right to privacy derives from English common law, long before the concept of the sanctity of the home shifted from one's four walls to encompass secure technology within those walls. (37) However, "the right to privacy is not absolute" at any time, and "the courts have established" exceptions to the requirement "that all searches and seizures" need a court-issued warrant. (38) The privacy issues for accessing packet-based telephony are the same as those for e-mail surveillance, governed by the FBI's controversial system known as Carnivore (also called DCS1000). (39) Internet communications receive limited protection by the Fourth Amendment's right to be secure from unreasonable searches and seizure. (40) However, law enforcement officials complained that they could not adequately pursue cyber criminals because they lacked the support technology needed to identify and catch them. (41) As a result, in 2000 "the FBI developed the diagnostic tool [named] Carnivore to conduct electronic surveillance," which operates by running software from the FBI's system into the "surveillance target's ISP network." (42) Carnivore is "classified as a 'packet filter' or 'packet sniffer,'" and it operates on a personal computer or laptop by searching and intercepting "the surveillance target's electronic communications, while ignoring all the other communications that the government has no authority to intercept." (43) For example, the FBI states that Carnivore can be "configured to intercept e-mail but not online shopping records" if only the former had been authorized for surveillance. (44)

The Carnivore system has the capacity to scan millions of e-mail messages per second, and some contend that it exceeds the bounds of permissible government surveillance and is thus a threat to individual privacy. (45) The FBI claimed that this system "can read the destination and origination address of a data packet" to ascertain where it came from, without necessarily being able to read the contents. (46) The FBI said it would scan only the addresses in the "to" and "from" fields but not the contents, unless the intercept is identified as the one sought. (47) However, critics have complained that the way Carnivore operated was like an electronic version of listening to everyone's phone calls just to see if it is the one needed call that should be monitored. (48) Moreover, outside experts could not independently evaluate the technical capabilities of Carnivore because the FBI would not release the source code. (49) The FBI allegedly named the system 'Carnivore' because it had the ability to get to the meat of potentially...

To continue reading