Wireless Surveillance
Who's listening?
Since 1970, telecommunications carriers have had to cooperate with law enforcement agencies in conducting electronic surveillance. The Communications Assistance for Law Enforcement Act, or CALEA, was enacted by Congress in October 1994 to enable the government to continue to conduct electronic wireless surveillance effectively and efficiently in the wake of rapid advances in telecom technology.
CALEA is Congress' way of keeping up with the digital age. The most notable technology advances have occurred in digital transmission and processing techniques, along with the proliferation of wireless services. These advancements have hampered the law enforcement community's ability to conduct lawfully authorized surveillance.
Congress enacted CALEA to address these problems by boosting the law enforcement agencies' ability to tap into communications of suspected or confirmed criminals. CALEA is also designed to ensure that law enforcement surveillance efforts would not be unintentionally thwarted by the development and deployment of new technologies and services. CALEA set forth detailed capacity requirements for the capability to conduct simultaneous intercepts per region, based on historical incidence. For cellular carriers, these requirements were spelled out on a per-market basis-either metropolitan statistical area or rural statistical area.
While it is certainly admirable that the U.S. government wants to protect its national citizens from drug thugs, terrorists and other nasty felons, it's also possible that an overzealous government employee or agency could abuse the capability that CALEA will offer to telecom carriers.
Authorized interception When signed into law in 1994, CALEA was applicable only to wireline carriers, cellular carriers and broadband PCS carriers. Today, however, law enforcement agencies still can perform wireless surveillance on cellular and PCS phone calls with a court order (Figure 1). In defining the terms and requirements of CALEA, Congress realized the need to protect consumer privacy within the context of court-authorized electronic surveillance and sought to balance three important policies:
* Preserve a narrowly focused capability of law enforcement agencies to carry out properly authorized intercepts.
* Protect privacy in the face of increasingly powerful and personally revealing technologies.
* Avoid impeding the development of new communications services and technologies.
Table 1 illustrates the evolution of interception of communications in the United States over the last 30 years.
By the spring of 1997, the Telecommunications Industry Association had developed a final draft of a proposed CALEA industry standard. The draft standard defined services and features to support lawfully authorized electronic surveillance and the interfaces to deliver authorized intercepted communications and call-identifying information to a law enforcement agency.
In December 1997, the Telecommunications Industry Association (TIA) announced the publication of interim standard J-STD-025, which defines "services and features required to support lawfully authorized electronic surveillance and specifies interfaces necessary to deliver intercepted communications and call-identifying information to a [law enforcement agency]."
Industry representatives involved in negotiating the requirements of CALEA maintained the position that the specifications set forth in J-STD-025 comply with the requirements of CALEA. They were not willing to sign an agreement with law enforcement agencies until issues regarding "settlement" of the J-STD-025 standard were resolved.
However, law enforcement agencies said they thought the requirements of CALEA went further. One example of what the government is seeking is the ability to tap into all parties on a three-way call, even when the subject under investigation drops off the call. According to industry representatives involved in the process of developing the J-STD-025 standard, law enforcement agencies wants access into the network for anything regarding a tapped call, which would give them considerably more power than they had before CALEA.
Deadline extended On March 30, 1998, AT&T Wireless Services, Lucent Technologies and Ericsson filed a joint petition to extend CALEA's compliance date, arguing that technology allowing carriers to comply with CALEA would not be available by the deadline. The FCC also received numerous additional petitions for extension by other carriers. The commission soon learned that manufacturers would not have equipment available in time to allow carriers to comply with the assistance capability requirements of Section 103 by the Oct. 25, 1998 deadline.
The FCC therefore decided to grant an industrywide extension. The commission also believes that after manufacturers produce CALEA-compliant equipment, carriers will require an additional six months to purchase, test and install such equipment and facilities throughout their networks.
It is important to note that the interim J-STD-025 standard excludes the provisioning of location information and technical requirements related to packet-switched communications. One of the key reasons that equipment development has been so slow in coming is because there is still no agreement regarding standards between the telecom carriers and the law enforcement community. Moreover, there is a monumental challenge for equipment manufacturers regarding interception of packetized transmissions that run over transport platforms such as frame relay and asynchronous transfer mode.
The problem that needs to be resolved is the chief mechanism used to intercept packet transmissions in a network: remote monitoring technology. Remote monitoring can only be implemented reliably at the network's edge (for example, in a PC modem pool). Remote monitoring probes typically are not deployed in the core of carrier networks because functionally, it is unfeasible and inefficient. This is due to the very nature of packetized transmissions: Data transmissions can take multiple paths through the network to their destinations. Also, smaller carriers such as localized Internet service providers may not have the time or capital resources to install remote monitoring technology in their networks.
Protection or privacy threat? Some in the telecom industry believe that with the advent of CALEA and its looming deadline, the government may take advantage of loopholes in existing laws to use technology to erode privacy rights.
In August 1997, the Center for Democracy and Technology took the position that J-STD-025 goes too far in permitting location information capabilities and fails to protect the privacy of packet-mode communications. The CDT further argued that the additional surveillance enhancements sought by the FBI in the checklist are not required under CALEA.
The CDT stated that the telecom industry and the FBI had failed to agree on a plan for preserving a narrowly focused surveillance capability that would protect privacy. It went on to say that the industry and the FBI are now mired in an argument over designing additional surveillance features into the nation's telecom system. Finally, CDT stated that compliance with J-STD-025 was not reasonable and requested that the FCC indefinitely delay implementation of CALEA while a more narrowly focused standard is developed.
Other industry observers also believe strongly that compliance with CALEA by telecom carriers is a direct threat to the Fourth Amendment. Some insist that instead of giving law enforcement officials their old ground when it comes to taps and traces, new requirements of CALEA would give police immediate access into the nerve center of the regional telephone carriers-a massive leap past what they had before.
Roving wiretaps As surveillance capabilities are still being determined into the 21st century, one proposal under consideration is the use of what is known as a "roving wiretap."
A roving wiretap is perhaps the most frightening capability that CALEA could offer in terms of making law enforcement agencies technically "omniscient." A roving wiretap would enable police to monitor all phone calls made by a suspect, rather than just those from a specific telephone. High-speed computers would monitor calls passing through a certain network, selecting and red flagging a conversation that contained the voice print-a digitized fingerprint of a person's unique voice characteristics-of a person under investigation.
For example, if a suspect made a phone call from his neighbor's house or used a cell phone or a pay phone, his call would be recognized, retrieved and uploaded to a law enforcement agent by the carrier's "critical electronic equipment."
The equipment was developed and deployed to meet the requirements of Section 103 of CALEA. These same computers would be able to recognize certain words and phrases and record those conversations for law enforcement scrutiny. The National Security Agency uses this technology to monitor international telephone calls. Some experts believe it is already in use in some parts of the United States. Movies like "Enemy of the State"-in which a person's every move and conversation is recorded on audio and video-have fueled this notion.
The Administrative Office of the U.S. Courts records show that federal electronic intercepts have increased 30% to 40% since President Clinton took office, and no federal magistrate has turned down a federal request for an intercept order since 1988. The FBI also purportedly wants authority for "emergency wiretaps" that would not require a court order-and would be good for 48 hours-along with an easing of federal guidelines restricting how wiretaps are used.
The Clinton administration is claiming that increased wiretapping authority is needed to protect national security from a terrorist threat. The facts do not necessarily support these claims. The government's own statistics show that terrorism in the United States is at a 25-year low, despite the 1995 Oklahoma City bombing and the bombing at the Summer Olympics in Atlanta in 1996. The government has not requested or used a wiretap for an explosives investigation since the 1980s.
Because 83% of electronic intercepts are used to investigate possible gambling and drug offenses, according to the American Civil Liberties Union, the "terrorist threat" excuse appears to be invalid. Nevertheless, the argument the U.S. government could make-which has some validity-is that although terrorist-related intercepts may account for only 17% of electronic intercepts, they impose significantly more damage to the nation's psyche in terms of injury to innocents and the perceived lack of physical security in our own back yard.
The argument could be made that even with all the potential abuse and negative side effects that could result from the implementation of CALEA requirements, the U.S. government is attempting to protect us from ourselves, including industrial espionage in corporate America (see sidebar.)
Today, there is still no formal agreement between the law enforcement community and telecom carriers regarding the J-STD-025 standard for electronic interception of advanced communications, but law enforcement agencies can still intercept wireline, cellular and broadband PCS carrier subscriber transmissions with a proper warrant. The deadline for CALEA still stands; the only remaining question is how interceptions will occur. CALEA may allow police agencies too much access into the heart of the nation's telecom infrastructure when the compliance date is reached, but only time will tell if the potential for abuse becomes a reality.
