Interesting People mailing list archives
EFFector Online 07.05: Privacy Coalition Against FBI Bill letter to the White House and letter to th
From: David Farber <>
Date: Sat, 12 Mar 1994 03:29:28 -0500
========================================================================= ________________ _______________ _______________ /_______________/\ /_______________\ /\______________\ \\\\\\\\\\\\\\\\\ \ ||||||||||||||||| / //////////////// \\\\\\\\\\\\\\\\\/ ||||||||||||||||| / //////////////// \\\\\\_______/\ ||||||_______\ / //////_____\ \\\\\\\\\\\\\ \ |||||||||||||| / ///////////// \\\\\\\\\\\\\/____ |||||||||||||| / ///////////// \\\\\___________/\ ||||| / //// \\\\\\\\\\\\\\\\ \ ||||| / //// \\\\\\\\\\\\\\\\/ ||||| \//// ========================================================================= EFFector Online Volume 07 No. 05 Mar. 11, 1994 editors () eff org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 Subject: DPSWG Coalition's Digital Telephony Letter to White House ------------------------------------------------------------------ On March 9, the Digital Privacy and Security Working Group sent the following letter to the Administration calling into question the procedures by which the FBI's Digital Telephony "Wiretap Bill" draft is being examined, and expressing harsh criticism of the would-be legislation. The DPSWG is a coalition of privacy and civil liberties organizations, trade associations, and industry leaders, coordinated by the Electronic Frontier Foundation. March 9, 1994 The President William J. Clinton The White House Washington, D.C. 20500 The Vice President of the United States United States Senate Washington, D.C. 20510 Dear Mr. President and Mr. Vice President: Telecommunications carriers and other members of the Digital Privacy and Security Working Group are keenly aware of the concerns raised by the Administration regarding the ability to intercept communications transmitted over advanced commu nications networks. We are concerned, however, about the nature of the process upon which the Administration has embarked to address these issues. Seeking immediate industry reaction to the FBI's draft legislation and congressional passage of such legislation shortly thereafter is troubling. It suggests curtailment of public debate and of congressional deliberation. Given the interest of the public in these matters and their complexity, it is essential that there be a full public debate on these issues. Industry is currently cooperating with appropriate authorities to avoid future problems and to expand existing capacities. This is not to say that there have not been some transitional concerns particularly upon the introduction of new technologies that have grown greatly in popularity. But, whenever transitional problems have arisen, industry representatives have worked with law enforcement officials to resolve them. The FBI's actions are especially troubling in light of our view that legislation is not needed to accomplish the agency's goals. We still see no evidence that current law enforcement efforts are being jeopardized by new technologies. Nor are we convinced that future law enforcement activities will be jeopardized given industry cooperation. We still believe that continued cooperation by government and industry within the working relationship that has emerged from the 1992 Quantico Joint Government Industry Group will resolve "the digital telephony problem" and preserve the government's current authorities. The discussions have succeeded in identifying specific problems and have begun the process of generating concrete, cost-effective solutions. This process has facilitated a more robust exchange of technical information and an identification of possible new equipment and police tactics needed to achieve law enforcement goals. Nevertheless, we are prepared to work with the Congress and the Administration to attempt to resolve the legitimate concerns of law enforcement. The signatories to this letter cannot overemphasize how critical it is that any new initiatives in this area preserve the public's confidence in the privacy of information carried over the public switched network. Less than a decade after enactment of the Electronic Communications Privacy Act of 1986, the nation can ill afford to undercut customer privacy expectations. Indeed, on the eve of the National Information Infrastructure's deployment, preserving customer confidence is all the more important. Privacy protection is not a secondary interest here. Survey after survey performed by Professor Alan Westin and others have demonstrated the public's concern with privacy and the security of their communications. We all must seek to maximize those interests and assure the public that their communications are protected. Sincerely yours, Apple Computer, Inc. AT&T American Civil Liberties Union Business Software Alliance Cellular Telecommunications Industry Association Computer Business Equipment & Manufacturers Assn Digital Equipment Corporation Electronic Frontier Foundation Electronic Messaging Association GTE Corporation Information Industry Association Information Technology Association of America Iris Associates, Inc McCaw Cellular MCI Communications Corporation People for the American Way Software Publishers Association Sun Microsystems Federal, Inc. Trusted Information Systems United States Telephone Association cc: Louis Freeh, Director, Federal Bureau of Investigation John Podesta, Office of the President Michael Nelson, Office of the Vice President Senator Patrick Leahy Senator Ernest Hollings Representitive Don Edwards Representative Edward Markey ------------------------------ Subject: Letter of DPSWG to FBI Dir. Freeh on Wiretap Bill's Privacy Threat --------------------------------------------------------------------------- On March 11, the Digital Privacy and Security Working Group sent the letter below to FBI Dir. Louis Freeh as a followup to the March 9 letter to the Administration, detailing the DPSWG's criticisms of the FBI's proposed Digital Telephony bill, and raising serious privacy questions. EFF and the DPSWG feel that the Digital Telephony scheme, coupled with the Administration's Clipper Chip plan, could turn the future National Inforamation Infrastructure into a nationwide surveillance network. It is clear that law enforcement needs and wants do not require such overly-broad legislative action, and the possible gain to law enforcement is vastly outweighed by the massive threat to citizen privacy. The DPSWG is a coalition of privacy and civil liberties organizations, trade associations, and industry leaders, coordinated by the Electronic Frontier Foundation. March 11, 1994 By Hand Delivery Mr. Louis Freeh Director Federal Bureau of Investigation Washington, D.C. Dear Director Freeh: This letter is a follow-up to our letter of March 9, 1994 to President Clinton and Vice President Gore (a copy is attached). While we do not believe that new legislation is needed to accomplish the FBI's goals, we take this opportunity to more specifically raise some of the questions that should be answered in pursuing any digital telephony legislation. The draft that the White House has given us for comment is overly broad, and it is our hope that this letter will assist in narrowing the scope of any legislation. While we have additional, important questions and concerns, this letter sets forth our primary concerns. (1) Should digital telephony legislation reach "call setup information" independently of a "Title III" search warrant? The New York Times of February 28, 1994 quotes you as stating, "My real objective is to get access to the content of telephone calls." The bill should therefore be limited to content of communications and incidental call setup or transactional data. Legislation should apply to "call setup information" only when that information is incident to a warrant issued for wire, oral, or electronic communications as set forth in 18 U.S.C. $ 2518. Extending the legislation's scope beyond the acquisition of content (pursuant to a warrant under section 2518) to the independent acquisition of call setup information raises many issues that require examination. For example, currently the legal standard for obtaining transactional data is a certification (via subpoena or statement to a judge) that the sought-after data is relevant to an ongoing criminal investigation. In the era of personal communications services ("PCS") and of the information highway, transactional data will reveal far more about individuals than it has in the past. In fact, in some cases it may be equivalent to content information. This transactional data certainly could make it possible to build a detailed model of an individual's behavior and movements. The net result could be government dictating to industry that it create a surveillance-based system that will allow federal, state, and local government to use a service provider's electronic communication facilities to conduct minute-by-minute surveillance of individuals. As long as they have an IRS or other administrative subpoena or a law enforcement agent willing to certify that the sought-after data is relevant to an ongoing criminal investigation, law enforcement officials could demand that they be notified at some remote location every time certain individuals communicate by telephone, and their location at the time, as well as every database they connect to and when they log on and off. In short, law enforcement officials could insist on instantaneously knowing the existence of every single electronic communication (but not its content). The enormous potential for abuse and threat to personal privacy suggests that, if transactional data were to be covered by digital telephony legislation, it should be incidental to a "Title III" wiretap warrant. This would not limit in any way law enforcement's access to trap and trace, pen register, or call billing information under current law or practice. This is particularly true given that there has been no case made that demonstrates any current or potential difficulty in getting this non-content information under current practices. The technology in fact has made these type of services much easier for law enforcement to use and access. Additional legislation is simply not necessary to obtain this data. (2) What is covered? The obligation to isolate the content of communications must be reasonably related to the service provider's telecommunications services. It would be unreasonable for the FBI to demand any person involved with the communication to furnish it with access to that communication. For example, most providers, including local telephone companies, usually need to isolate communications for purposes of billing and maintenance. It is appropriate for the FBI to seek their assistance in intercepting communications on their networks only when the requests are reasonably related to the telecommunications services they provide. Therefore, the question is not necessarily who is covered, but what telecommunications services are covered. For example, the legislation should reflect the fact that, in reselling services, even local telephone companies sometimes are unable in those instances to furnish call setup information regardless of whether it is incident to the acquisition of a communication's content. (3) What will be the requirements placed upon service providers and what will be the standard of compliance that will be applied? Legislation should carefully define the obligations of service providers. This is not the case with the FBI's current draft of proposed legislation. These obligations are vague and subject to considerable interpretation. Service providers and manufactures must have flexibility to adopt procedures that reasonably comply with the specific functional performance requirements of law enforcement. This is particularly true where, as here, compliance requires an assessment of future needs and interoperability requirements. There is a difference between compliance and a guarantee, and legislation must reflect that difference. Carriers should be required to provide reasonable cooperation and that cooperation should be measured by a standard of reasonable compliance. In installing new software or equipment under this statute, a service provider must be able to reasonably assess future demands by law enforcement. Other industries subject to regulation at least know, for example, the temperature at which they must maintain the specimens, the emission standard they must satisfy, or the type of safety restraint equipment they must install and the date by which they must have it installed in vehicles. Service providers cannot be held to an absolute standard of compliance where they are using and delivering new technologies to the public and the demands of law enforcement are not clearly specified. This applies to both capability and capacity. Law enforcement must be specific in its requirements for capacity and capability from each service provider. (4) What is expected of commercial mobile service providers? It is not a foregone conclusion that mobility in a digitized telecommunications environment will degrade or otherwise impede the law enforcement community's ability to effectively execute court- approved wiretap orders. Wireless carriers are committed to assisting law enforcement agencies to successfully wiretap and intercept voice communications. To accomplish this goal, the wireless industry understands that available excess port capacity is needed in all switches throughout the nation. While it may be reasonable for federal and state law enforcement agencies to acquire the contents of wireless communications pursuant to "Title III" warrants through additional port capacity, it would be prohibitively expensive to require that every one of the nation's switches be connected to the FBI to enable it to acquire such information on a "real time" basis at remote locations. Connecting every one of the nation's switches to the FBI, moreover, would increase exponentially the risk of unauthorized access to wireless communications. Further, the proliferation of fraudulent use of wireless telephones through such techniques as "cloning" and "tumbling" ESNs (electronic serial numbers) poses additional questions with respect to privacy and the ability of law enforcement to properly execute court- approved wiretap orders. (5) What are the responsibilities of manufacturers and suppliers, if any? The FBI wishes manufacturers of telecommunications equipment and providers of support services to fall within the scope of the legislation. But, would service providers be held liable for software or hardware that is not available from vendors? Why? How would the obligations be enforced against foreign manufacturers? What would be the liability of a domestic carrier that relies upon foreign manufacturers? What are the trade implications of having domestic manufacturers export equipment designed for governmental surveillance? (6) How, and during what period, are costs to be recovered to ensure that there is a direct relationship between the costs reasonably incurred by covered entities and the government's requirements? Government should pay for what it needs, which will help focus attention upon the facilities that truly need upgrading. If the government does not pay for upgrades or facilities, then the service providers should not be held responsible. The FBI appears to have accepted the concept that government should pay for the costs of compliance but has so far underestimated these costs and proposed an arbitrary three-year limit on cost reimbursement. Government compensation should be ongoing with industry's compliance. * * * We trust you find our comments helpful. We remain prepared to work with you, Congress, and others to attempt to resolve the legitimate concerns of law enforcement. Sincerely yours, [signed] Jerry Berman (202) 347-5400 [signed] Ronald Plesser (202) 861-3969 Enclosure cc: John Podesta, Office of the President Michael Nelson, Office of Science & Technology Policy Senator Joseph Biden Senator Ernest Hollings Senator Patrick Leahy Representative Jack Brooks Representative John Dingell Representative Don Edwards Representative Edward Markey
Current thread:
- EFFector Online 07.05: Privacy Coalition Against FBI Bill letter to the White House and letter to th David Farber (Mar 12)