Photo via Qfamily / Flickr
We know it's open season on our data. Simply by examining your online interactions, your trades of email or gender in exchange for access, it’s not that difficult for big companies, government agencies or unscrupulous persons to establish a profile of who you are—political affiliations, religious beliefs, relationships, consumer habits, job history, schools you attended, locations you frequent, and in some cases, even your home address. It's not dead, but privacy will never be the same.
Still, the various systems that coax intimate details of your life from your data haven't made it dramatically easier for the government to listen into your online communications. That's because getting a warrant for a user's information and requesting the data from the companies that have it—the Facebooks and the Googles and the Apples and the Microsofts—can take months. By the time the "tap" is in place, those companies may have disposed of it, or the suspect may have moved on.
That's what the government argues. What it needs, it says, is easier access to your inbox, your chats, even your gaming data—and in real-time. According to the top lawyer at the Federal Bureau of Investigation, being able to wiretap all forms of Internet communication and cloud storage nearly instantaneously is the agency's “top priority.”
At a forum at the American Bar Association in Washington, DC, last month, Andrew Weissman, FBI general counsel, said that people who are “up to no good” take advantage of encrypted online communication to hide evidence of their criminal actions, but that the Bureau simply can't keep up. Think about the terrorists, Weissman warned. “This huge legal apparatus that many of you know about to prevent crimes, to prevent terrorist attacks is becoming increasingly hampered.”
The FBI refers to this problem as "Going Dark." To move into the light, it wants its current surveillance tools to work faster. In 2011, Valerie Caproni, the former FBI general counsel, told the House Judiciary Subcommittee on Crime, Terrorism, and Homeland Security, that "addressing the Going Dark problem does not require the Internet to be re-designed or re-architected for the benefit of the government." In actuality, say the Internet providers, by asking institutions to provide a permanent back-door into the servers through which the government can access private information, this is precisely what it will require.
Dallas Police Dept. fusion center. Via Christie Digital
Wiretapping of phone calls made through the Internet is already permitted under the 1994 Communications Assistance for Law Enforcement Act (CALEA), which oversees phone taps. The justification for amending the law to include online communications was that an increasing number of conversations were taking place using voice over Internet Protocol (VoIP), instead of traditional telecommunications such as landlines and mobile phones. Telephone companies had been required to modify their systems to allow law enforcement to tap conversations without having to approach the company for assistance, and in real-time. This is the kind of ability the FBI would like to have now with the servers that exchange e-mails, chats, videos, and personal data.
“The FBI used the "tappability principle" to justify the demands," the Electronic Frontier Foundation explained in a statement about a new version of CALEA. "This principle holds that if something is legally searchable sometimes it should be physically searchable all the time. If we applied the FBI's logic to the phone system it would state that every individual phone should be designed with built-in bugs. Consumers would simply have to trust law enforcement or the phone companies not to activate those bugs without just cause.”
Details are still sketchy about the FBI's new reach for power over Internet service providers, but the plan raises concerns about overstepping wiretap laws, as the FBI was found to have done in 2006. It also bears echos of the secret surveillance program managed by the National Security Agency. Under the Foreign Service Intelligence Act, when Americans are targeted by the government on suspicions of terrorism, the government must get a warrant from a special 11-judge court, made up of U.S. district judges who are appointed by the Supreme Court. But from the start of the Bush Administration until the end of 2006, the NSA collected this kind of data without bothering to ask for warrants.
In December, Congress passed and President Obama quietly signed a five-year extension of FISA, which, because of various amendments since September 11, still permits wiretapping without a warrant in some cases—though ostensibly not of Americans. Attempts to sue the government over the warrantless wiretapping program have run up against a wall at the Supreme Court, mainly because of a Catch-22: any evidence of harm to the plaintiffs is classified information.
Among those who have been tracking the government's digital surveillance ambitions is Trevor Timm, an activist for the EFF and Executive Director of the Freedom of the Press Foundation. Trevor is also one of the humans behind the @Drones Twitter account, and recently spoke about privacy at Motherboard's Drone Day. I asked Trevor to tease apart the FBI's new "top priority," which, the Bureau's lawyer acknowledged, is “something that there should be a public debate about.”
MOTHERBOARD: Is it counter-intuitive to say that the increase in Internet communication has been a hindrance to FBI surveillance? Haven't we assumed the exact opposite—that in fact, more of our information is accessible than ever?
Trevor Timm: Well, yeah. They've been complaining about this “Going Dark” problem for years now and we've never really seen any actual evidence that this actually exists. The FBI or the DOJ has to report the number of times they run into encryption when they ask for surveillance. Every year they have to report back how many times they ultimately couldn't get the information they sought; the number is always 0—for the last 11 years.
They have a multitude of ways to get either content or non-content, metadata, where you're sending data to and from, or when you're sending them and how often you're sending them. They have a variety of ways of getting this information, and they don't need warrants if it's not content. The transparency reports by Google and Twitter and Microsoft have shown that government surveillance on the Internet is actually on the rise. It's really curious that they keep saying that they have this problem about going dark when all the evidence points to the opposite.
How does this type of expansion in surveillance capabilities tie into the Cyber Intelligence Sharing and Protection Act (CISPA) that the EFF and other privacy advocates have been warning us about?
CISPA is a little different. With CALEA they actually want companies to build in back-doors to their systems so the Justice Department wouldn't have to go to them with a warrant. They could just get the warrant and then do the wiretap directly themselves. So right now if they get a warrant for content they have to present the warrant to Google, and Google gives them the information. They just want to cut Google out of the equation.
When they open these back doors for law enforcement, how does the government prevent others from accessing our private information through them as well?
Oh, they can't. That's the crazy part. At the same time that they're talking about CISPA and they're talking about cybersecurity and about how secure systems are, this would just make their systems that much more insecure. You want the opposite argument that Congress is making right now: we need to be able to close as many back-doors as we possibly can. By opening a back-door up for an outside service like the Justice Department to use, that also leaves these companies more vulnerable to other malicious hackers that maybe could find the same back-door and find a way into it. So this proposal would obviously affect Americans’ privacy, but it would also affect the security of the Internet in a very negative way.
Data center, courtesy Google
President Obama signed an executive order on cybersecurity this year just before his State of the Union address. How does that factor in to this privacy issue?
It's kind of a separate issue. The executive order gave the government the ability to share classified information more easily with companies about cyberattacks. It was really only about information sharing going one way, from the government to the companies. The problem with CISPA is the information going the other way, from the companies to the government. There are privacy problems with CISPA as well, given that we have all the privacy laws set up so that there are only certain situations where companies can hand your information over to the government, and they have to get a warrant. [CISPA] would kind of open a loophole which would allow companies to hand over huge amounts of your information without legal repercussions.
Should the expansion of CALEA occur, would we experience a loss of judicial oversight in cases that required the FBI to wiretap online communications?
They would still have to go to a judge, supposedly. So, CALEA wouldn't be changing any of the legal framework for what they need to get content. But, then again, a lot of times when the government goes to Google, [Google] asks them to narrow the warrant because they don't think it's narrow enough, or if it's unclear if it would deal with non-content information too. So the government could potentially get meta-data through this system.
Even more times, these companies are rejecting government claims that are too broad in that respect, because a lot of times with meta-data they don't actually go to a judge. They issue a subpoena, which is a much lower threshold, so it's unclear how that would play into things. Obviously when there is direct access by the government, this opens up the system for abuse. And we've seen through things like the NSA warrantless wiretapping program that sometimes the government oversteps the law.
For more on wiretapping and privacy, check out: