Public protest against proposed Internet laws, like the Stop Online Piracy Act (SOPA) and The Protect IP Act (PIPA), has plagued the past twelve months. But according to CNet.com, it looks like a highly controversial amendment to the Communications Assistance for Law Enforcement Act (CALEA) — which seeks to extend the FBI’s electronic wiretapping abilities — is quietly being passed around hallowed government halls. The Department of Justice already approved the amendment, and word on the street is that high-level meetings between officials and tech companies are being planned to discuss next-steps and potential problem points.
The crux of the proposal addresses the FBI’s fear of “going dark” – a term used in the Bureau for not being able to legally monitor electronic information, which, officials aver, weakens our country’s ability to identify and thwart national security threats. Essentially, the changes sought will give officials “backdoor access” to social networks, VoIP and webmail providers – meaning they would be able to “tap into” a digital communication platform when investigating.
Granting the Feds special access to electronic communication systems is a scenario most citizens and privacy stalwarts eschew, but are their concerns enough to silence the loud bi-partisan drum beating inside the beltway for expanded wiretapping abilities?
The Communications Assistance for Law Enforcement Act (CALEA)
Originally authored by Senator Patrick Leahy, H.R. 4922 (a.k.a. The Communications Assistance for Law Enforcement Act) outlines allowable wiretap procedures. Originally enacted in 1994, the bill was amended once in 2004 to include definitions and requirements for broadband providers.
As its written now, the bill only applies to telecommunications and broadband companies. Politicians and national security officials, however, want all 21st century communication tools (i.e., social networking websites, voice over IP platforms, web mail service providers, etc.) added to the list.
The Fear of Going Dark Prompts CALEA Amendment Proposal
We like to think of the U.S. intelligence and investigative agencies as powerful forces; we glorify their bad-ass-ness through shows like “24”, “Homeland” and dozens of other procedurals. And while it’s true that we may voice concern over their tactics from time-to-time, we also have full confidence in the sleuths tasked with keeping us safe.
But those same super-spies say they can’t do their jobs properly without expanding CALEA. The state of “darkness” created due to their inability to access new communication avenues, they say, presents a gravely serious national security problem.
Reports indicate operatives and officials have been worried about “going dark” since 2006. As such, they’ve worked to strengthen the National Electronic Surveillance Strategy. Ostensibly, the addition of provisions that allow for expanded wiretapping capabilities will further their cause and mitigate fears about “going dark.”
Proposed CALEA Wiretapping Amendment Provisions
While the exact language of the proposed amendment has yet to make its way online, chatter suggests changes will involve making sure all communication technologies — not just phone and broadband — are covered. That means technology companies would be required to add a digital “backdoor” to their programs that, in theory, can only be accessed by authorized federal agents with proper warrants.
The way(s) in which this will actually happen, though, have yet to be laid out for inspection. Those in the know suggest the act will provide a “safe harbor” for communications companies (much like the DMCA aims to do for ISPs in defamation and copyright infringement lawsuits), so long as the attorney general determines the interception data collection techniques are “good enough.” Others have hinted the amendment may actually be more of an agreement to share data (which, actually, sounds a lot like CISPA – a bill recently passed in Congress with significant online privacy implications).
If the CALEA proposal does include a technology requirement, the current belief is that it will include compliance provisions. (Yep, the government will help companies foot the bill for implementing the new “backdoor” technology – kind of makes you wonder where they’re going to find the budget for this; but that’s another discussion for another day.)
Spokespeople for industry lobbyists have also expressed a desire to see safeguards that protect against the disclosure of trade secrets in court. In other words, the big-wigs don’t want their R&D (or dirt) inadvertently ending up in a public court filing.
Lastly, it’s widely believed the requirements will only apply to companies and platforms that surpass a certain user threshold. If true, when you think about the stated purpose of “national security,” this footnote seems astoundingly counterproductive – we’ll get to why in a few.
What The Anti-CALEA Crowd Is Arguing
Anti-CALEA-expansion advocates feel the changes cross privacy lines and increase the risk for hacking tomfoolery. (Have officials already forgotten the Sony/FBI/Financial Institution privacy debacle of 2011? If last year taught us one thing, it’s that more electronic access points in a given platform spell heightened security breech trouble.)
Trade associations and lobbying firms, like TechAmerica, point out that if passed, the CALEA amendment could mark a “sea change in government surveillance law [that would probably result in] significant compliance costs [for tech firms].”
Many are also concerned about how expanding the reach of CALEA will affect open-source projects. Will the cost of developing and maintaining the wiretap technology be too cost prohibitive for smaller start-ups and tech non-profits? Those pushing for the bill insist there will be pecuniary provisions to eliminate unfair barriers to competition and compliance. Moreover, many smaller operations may not even have to comply with the act if their user base is small.
Security vs. Privacy: The Great 21st Century Legal Debate
This new CALEA amendment is one of many statutes reviewed over the last decade that grapples with the question of security vs. personal privacy in the digital age. And like the bills before it, these alleged new CALEA amendments also fall short at striking a happy balance.
Which brings us to the national security point I promised we’d explore a smidge more. Check it: If the FBI and intelligence officials truly believe these new CALEA provisions are necessary to safeguard our nation (presumably in part against terrorist attacks), is it not silly for them to say, “Yeah, we only want to be able to access the most popular sites, platforms and communication systems. Those smaller ones that hardly anybody uses can do what they want.” Not to be cynical, but won’t would-be evil-doers choose to use little trafficked tools not under the watchful eye of “big brother” FED? Because let’s face it, cyber criminals — with an end-game of violence — may be terrible, but they’re not dumb; as such, the inclusion of the “user threshold limit” seems supremely counterproductive.
Let The CALEA Expansion Lobbying Games Begin!
Apple has already fired up their lobbying engine to attack the topic; Microsoft has made it known that they’re watching the CALEA developments closely; and at the time of this writing, Google, Facebook and Yahoo have yet to comment. (Perhaps because they, too, are eager to loosen online privacy statutes in order to allow for more sharing…which means more advertising revenue).
In an age where both privacy and security are equally valued, laws affecting both will continue to remain front and center on the Internet law stage – and you can expect the CALEA amendments will start garnering increasingly more press as the powers that be move forward on the issue.