The Obama administration is developing a legislative proposal that would expand the current US wiretap law, known as the Communications Assistance to Law Enforcement Act (CALEA), to the internet. The current law excludes internet-based communications, but law enforcement and national security officials are pushing for an expansion of the law to include all services that enable communications, including emails, social networking sites, and peer-to-peer communications, according to a New York Times report.
Law enforcement argues that the expansion is necessary to keep the law current with technology so that it can access internet-based communication, particularly communication that is encrypted. The FBI stresses that this would not involve an expansion of its legal authority since a court order would still need to be obtained before the capability would be used.
However, industry and privacy critics see a major impact from the proposed legal changes.
“Until now CALEA has applied to communications that had a single point of passage…They are now talking about applying [CALEA] to communications that are handled by software services that don’t have these single points of passage, for example peer-to-peer and other technologies; this really challenges fundamentally the design of these services, their basic operating principles. That could have a considerable impact on trust in those technologies,” said BSA’s Journoud.
In an interview with Infosecurity, Journoud said that the fundamental design of cloud computing could also be challenged by this proposal. “The fundamental principle of cloud computing is the cloud provider does not look at the data that you put in your cloud. They don’t have access to it; they don’t know where it is. This proposal would challenge that operating principle…The consequences of such proposals could be significant,” he said.
Journoud warned that criminals and terrorists could find ways around the law, for example by using foreign or open source providers, who would not be covered by the law. At the same time, legitimate users of these software services and encryption products could lose trust in them, fearing that their security has been compromised by providing access to the government – and probably hackers as well.
Privacy experts are also concerned about the proposal. Jack Dempsey, vice president of the Center for Democracy and Technology, told the New York Times that the proposal has “huge implications” and would challenge the “fundamental elements of the Internet revolution”.
“They are really asking for the authority to redesign services that take advantage of the unique, and now pervasive, architecture of the Internet. They basically want to turn back the clock and make Internet services function the way that the telephone system used to function,” Dempsey said.
The legislative proposal is in the preliminary stage, so any discussion of its implications may be premature. Industry intends to work closely with Congress if and when the legislation is introduced to ensure that legitimate law enforcement and national security interests do not place excessive burdens on US companies, Journoud concluded.