Interesting People mailing list archives
EFFector Online 07.05: Privacy Coalition Against FBI Bill letter to the White House and letter to th
From: David Farber <>
Date: Sat, 12 Mar 1994 03:29:28 -0500
=========================================================================
________________ _______________ _______________
/_______________/\ /_______________\ /\______________\
\\\\\\\\\\\\\\\\\ \ ||||||||||||||||| / ////////////////
\\\\\\\\\\\\\\\\\/ ||||||||||||||||| / ////////////////
\\\\\\_______/\ ||||||_______\ / //////_____\
\\\\\\\\\\\\\ \ |||||||||||||| / /////////////
\\\\\\\\\\\\\/____ |||||||||||||| / /////////////
\\\\\___________/\ ||||| / ////
\\\\\\\\\\\\\\\\ \ ||||| / ////
\\\\\\\\\\\\\\\\/ ||||| \////
=========================================================================
EFFector Online Volume 07 No. 05 Mar. 11, 1994 editors () eff org
A Publication of the Electronic Frontier Foundation ISSN 1062-9424
Subject: DPSWG Coalition's Digital Telephony Letter to White House
------------------------------------------------------------------
On March 9, the Digital Privacy and Security Working Group sent the following
letter to the Administration calling into question the procedures by which
the FBI's Digital Telephony "Wiretap Bill" draft is being examined, and
expressing harsh criticism of the would-be legislation. The DPSWG is a
coalition of privacy and civil liberties organizations, trade
associations, and industry leaders, coordinated by the Electronic Frontier
Foundation.
March 9, 1994
The President William J. Clinton
The White House
Washington, D.C. 20500
The Vice President of the United States
United States Senate
Washington, D.C. 20510
Dear Mr. President and Mr. Vice President:
Telecommunications carriers and other members of the Digital Privacy and
Security Working Group are keenly aware of the concerns raised by the
Administration regarding the ability to intercept communications
transmitted over advanced commu nications networks.
We are concerned, however, about the nature of the process upon which the
Administration has embarked to address these issues. Seeking immediate
industry reaction to the FBI's draft legislation and congressional passage
of such legislation shortly thereafter is troubling. It suggests
curtailment of public debate and of congressional deliberation. Given the
interest of the public in these matters and their complexity, it is
essential that there be a full public debate on these issues.
Industry is currently cooperating with appropriate authorities to avoid
future problems and to expand existing capacities. This is not to say that
there have not been some transitional concerns particularly upon the
introduction of new technologies that have grown greatly in popularity. But,
whenever transitional problems have arisen, industry representatives have
worked with law enforcement officials to resolve them.
The FBI's actions are especially troubling in light of our view that
legislation is not needed to accomplish the agency's goals. We still see
no evidence that current law enforcement efforts are being jeopardized by
new technologies. Nor are we convinced that future law enforcement
activities will be jeopardized given industry cooperation.
We still believe that continued cooperation by government and industry
within the working relationship that has emerged from the 1992 Quantico
Joint Government Industry Group will resolve "the digital telephony
problem" and preserve the government's current authorities. The
discussions have succeeded in identifying specific problems and have begun
the process of generating concrete, cost-effective solutions. This process
has facilitated a more robust exchange of technical information and
an identification of possible new equipment and police tactics needed to
achieve law enforcement goals. Nevertheless, we are prepared to work with
the Congress and the Administration to attempt to resolve the legitimate
concerns of law enforcement.
The signatories to this letter cannot overemphasize how critical it is that
any new initiatives in this area preserve the public's confidence in the
privacy of information carried over the public switched network. Less than
a decade after enactment of the Electronic Communications Privacy Act of
1986, the nation can ill afford to undercut customer privacy expectations.
Indeed, on the eve of the National Information Infrastructure's deployment,
preserving customer confidence is all the more important. Privacy
protection is not a secondary interest here.
Survey after survey performed by Professor Alan Westin and others have
demonstrated the public's concern with privacy and the security of their
communications. We all must seek to maximize those interests and assure
the public that their communications are protected.
Sincerely yours,
Apple Computer, Inc.
AT&T
American Civil Liberties Union
Business Software Alliance
Cellular Telecommunications Industry Association
Computer Business Equipment & Manufacturers Assn
Digital Equipment Corporation
Electronic Frontier Foundation
Electronic Messaging Association
GTE Corporation
Information Industry Association
Information Technology Association of America
Iris Associates, Inc
McCaw Cellular
MCI Communications Corporation
People for the American Way
Software Publishers Association
Sun Microsystems Federal, Inc.
Trusted Information Systems
United States Telephone Association
cc: Louis Freeh, Director, Federal Bureau of Investigation
John Podesta, Office of the President
Michael Nelson, Office of the Vice President
Senator Patrick Leahy
Senator Ernest Hollings
Representitive Don Edwards
Representative Edward Markey
------------------------------
Subject: Letter of DPSWG to FBI Dir. Freeh on Wiretap Bill's Privacy Threat
---------------------------------------------------------------------------
On March 11, the Digital Privacy and Security Working Group sent the
letter below to FBI Dir. Louis Freeh as a followup to the March 9 letter to
the Administration, detailing the DPSWG's criticisms of the FBI's proposed
Digital Telephony bill, and raising serious privacy questions. EFF and
the DPSWG feel that the Digital Telephony scheme, coupled with the
Administration's Clipper Chip plan, could turn the future National
Inforamation Infrastructure into a nationwide surveillance network.
It is clear that law enforcement needs and wants do not require
such overly-broad legislative action, and the possible gain to law
enforcement is vastly outweighed by the massive threat to citizen privacy.
The DPSWG is a coalition of privacy and civil liberties organizations, trade
associations, and industry leaders, coordinated by the Electronic Frontier
Foundation.
March 11, 1994
By Hand Delivery
Mr. Louis Freeh
Director
Federal Bureau of Investigation
Washington, D.C.
Dear Director Freeh:
This letter is a follow-up to our letter of March 9, 1994 to President
Clinton and Vice President Gore (a copy is attached). While we do not
believe that new legislation is needed to accomplish the FBI's goals, we
take this opportunity to more specifically raise some of the questions that
should be answered in pursuing any digital telephony legislation. The
draft that the White House has given us for comment is overly broad, and
it is our hope that this letter will assist in narrowing the scope of any
legislation.
While we have additional, important questions and concerns, this letter
sets forth our primary concerns.
(1) Should digital telephony legislation reach "call setup information"
independently of a "Title III" search warrant?
The New York Times of February 28, 1994 quotes you as stating, "My real
objective is to get access to the content of telephone calls." The bill
should therefore be limited to content of communications and incidental
call setup or transactional data.
Legislation should apply to "call setup information" only when that
information is incident to a warrant issued for wire, oral, or electronic
communications as set forth in 18 U.S.C. $ 2518. Extending the legislation's
scope beyond the acquisition of content (pursuant to a warrant under
section 2518) to the independent acquisition of call setup information
raises many issues that require examination. For example, currently the
legal standard for obtaining transactional data is a certification (via
subpoena or statement to a judge) that the sought-after data is relevant to
an ongoing criminal investigation. In the era of personal communications
services ("PCS") and of the information highway, transactional data will
reveal far more about individuals than it has in the past. In fact, in some
cases it may be equivalent to content information. This transactional data
certainly could make it possible to build a detailed model of an individual's
behavior and movements. The net result could be government dictating to
industry that it create a surveillance-based system that will allow federal,
state, and local government to use a service provider's electronic
communication facilities to conduct minute-by-minute surveillance of
individuals.
As long as they have an IRS or other administrative subpoena or a law
enforcement agent willing to certify that the sought-after data is
relevant to an ongoing criminal investigation, law enforcement officials
could demand that they be notified at some remote location every time
certain individuals communicate by telephone, and their location at the
time, as well as every database they connect to and when they log on and
off. In short, law enforcement officials could insist on instantaneously
knowing the existence of every single electronic communication (but not
its content).
The enormous potential for abuse and threat to personal privacy suggests
that, if transactional data were to be covered by digital telephony
legislation, it should be incidental to a "Title III" wiretap warrant. This
would not limit in any way law enforcement's access to trap and trace, pen
register, or call billing information under current law or practice. This is
particularly true given that there has been no case made that
demonstrates any current or potential difficulty in getting this non-content
information under current practices. The technology in fact has made
these type of services much easier for law enforcement to use and access.
Additional legislation is simply not necessary to obtain this data.
(2) What is covered?
The obligation to isolate the content of communications must be reasonably
related to the service provider's telecommunications services. It would
be unreasonable for the FBI to demand any person involved with the
communication to furnish it with access to that communication. For
example, most providers, including local telephone companies, usually
need to isolate communications for purposes of billing and maintenance. It
is appropriate for the FBI to seek their assistance in intercepting
communications on their networks only when the requests are reasonably
related to the telecommunications services they provide.
Therefore, the question is not necessarily who is covered, but what
telecommunications services are covered. For example, the legislation
should reflect the fact that, in reselling services, even local telephone
companies sometimes are unable in those instances to furnish call setup
information regardless of whether it is incident to the acquisition of a
communication's content.
(3) What will be the requirements placed upon service providers and what
will be the standard of compliance that will be applied?
Legislation should carefully define the obligations of service providers.
This is not the case with the FBI's current draft of proposed legislation.
These obligations are vague and subject to considerable interpretation.
Service providers and manufactures must have flexibility to adopt
procedures that reasonably comply with the specific functional performance
requirements of law enforcement.
This is particularly true where, as here, compliance requires an
assessment of future needs and interoperability requirements. There
is a difference between compliance and a guarantee, and legislation must
reflect that difference. Carriers should be required to provide reasonable
cooperation and that cooperation should be measured by a standard of
reasonable compliance.
In installing new software or equipment under this statute, a service
provider must be able to reasonably assess future demands by law
enforcement. Other industries subject to regulation at least know, for
example, the temperature at which they must maintain the specimens, the
emission standard they must satisfy, or the type of safety restraint
equipment they must install and the date by which they must have it
installed in vehicles. Service providers cannot be held to an absolute
standard of compliance where they are using and delivering new
technologies to the public and the demands of law enforcement are not
clearly specified. This applies to both capability and capacity. Law
enforcement must be specific in its requirements for capacity and
capability from each service provider.
(4) What is expected of commercial mobile service providers?
It is not a foregone conclusion that mobility in a digitized
telecommunications environment will degrade or otherwise impede the
law enforcement community's ability to effectively execute court-
approved wiretap orders.
Wireless carriers are committed to assisting law enforcement agencies to
successfully wiretap and intercept voice communications. To accomplish
this goal, the wireless industry understands that available excess port
capacity is needed in all switches throughout the nation. While it may be
reasonable for federal and state law enforcement agencies to acquire the
contents of wireless communications pursuant to "Title III" warrants
through additional port capacity, it would be prohibitively expensive to
require that every one of the nation's switches be connected to the FBI to
enable it to acquire such information on a "real time" basis at remote
locations.
Connecting every one of the nation's switches to the FBI, moreover,
would increase exponentially the risk of unauthorized access to wireless
communications. Further, the proliferation of fraudulent use of wireless
telephones through such techniques as "cloning" and "tumbling" ESNs
(electronic serial numbers) poses additional questions with respect to
privacy and the ability of law enforcement to properly execute court-
approved wiretap orders.
(5) What are the responsibilities of manufacturers and suppliers, if any?
The FBI wishes manufacturers of telecommunications equipment and providers
of support services to fall within the scope of the legislation. But,
would service providers be held liable for software or hardware that
is not available from vendors? Why? How would the obligations be
enforced against foreign manufacturers? What would be the liability of a
domestic carrier that relies upon foreign manufacturers? What are the
trade implications of having domestic manufacturers export equipment
designed for governmental surveillance?
(6) How, and during what period, are costs to be recovered to ensure that
there is a direct relationship between the costs reasonably incurred
by covered entities and the government's requirements?
Government should pay for what it needs, which will help focus attention
upon the facilities that truly need upgrading. If the government does not
pay for upgrades or facilities, then the service providers should not be
held responsible. The FBI appears to have accepted the concept that
government should pay for the costs of compliance but has so far
underestimated these costs and proposed an arbitrary three-year limit on
cost reimbursement. Government compensation should be ongoing with
industry's compliance.
* * *
We trust you find our comments helpful. We remain prepared to work with
you, Congress, and others to attempt to resolve the legitimate concerns of
law enforcement.
Sincerely yours,
[signed]
Jerry Berman
(202) 347-5400
[signed]
Ronald Plesser
(202) 861-3969
Enclosure
cc: John Podesta, Office of the President
Michael Nelson, Office of Science & Technology Policy
Senator Joseph Biden
Senator Ernest Hollings
Senator Patrick Leahy
Representative Jack Brooks
Representative John Dingell
Representative Don Edwards
Representative Edward Markey
Current thread:
- EFFector Online 07.05: Privacy Coalition Against FBI Bill letter to the White House and letter to th David Farber (Mar 12)