Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
The Intercept law proposed by the FBI is in need of the full support of the
cyberspace community but requires some additions that are disturbingly absent.
The proposed amendment to the Communications act of 1934 is necessary to
perpetuate an essential capability of law enforcement to protect the public
from crime and particularly to protect the privacy of individuals whose
personal information is communicated. However, it has serious shortcomings
that must be corrected that I hope organizations such as EFF and CPSR can
address that are needed to protect all the stakeholders from unauthorized use
and misuse of the interception capability. Clearly, access and usage security
controls are needed. In addition, recording of all intercept activity is
needed for audit and evidential purposes. Finally, only the FCC rulemaking
proceedings should be kept secret that would aid and abet unauthorized persons
to abuse the capability to use the intercept capability for bad purposes; some
detailed information about the auditing and safeguarding must not be revealed.
The providers and PBX operators probably require the interception capabilities
anyway for maintenance and line quality testing. However, my suggested
additions would help ensure that interception for whatever reasons would not be
misused, and abusers could more effectively be prosecuted.
Donn B. Parker
There has been a lot of debate about whether a person can be videotaped (or audiotaped) without consent. The quick answer is it depends. Of course you can videotape people or objects if they are in the public view — they have no legitimate expectations of privacy. Just look at The Star or other tabloids that routinely photograph people on the streets. There are limitations, however. There is a common law tort of interference with or invasion of privacy, as well as exploitation of a person's likeness for financial gain. (Suppose the "Coppertone" girl decided to sue). From a Fourth Amendment standpoint, a videotape in a public place is not an "unreasonable search or seizure." Videotapes in PRIVATE places are another matter. Because they enable the government to see what otherwise cannot be seen, and therefore impart information to the government, they MAY constitute searches in Fourth Amendment terms. NOTE that the search (e.g., the videotaping) MUST entail some state action — be performed at the behest of law enforcement. No state action — no fourth amendment violation. (This does not prevent a private suit for interference with privacy, however). There is an exception recognized in Katz v. United States. That is, what Katz called the "invited ear" exception. You ALWAYS run the risk that the person you visit is videotaping you. (OR, in Katz, audiotaping you). This has led to the development of the law of one-party consent. IN GENERAL, one party to a conversation may consent to its being recorded. Exceptions exist in many jurisdictions for TELEPHONE conversations where the state law may require two party consent. If the law always required two-party consent to video/audio recording, imagine the effect on — for example — television news. No more undercover recodings -- no more 60 Minutes. No more panoramic sweeps (consent from all the pedestrians??). Finally, in the electronic environment things are even more screwy. Telephone calls are covered by privacy laws, FCC regulations, wiretap and surveillance laws, warrant requirements and the like. Electronic communications may also be covered by the Electronic Communications Privacy Act, the Privacy Protection Act, and (a la Steve Jackson) the First Amendment. The turgidity continues.
I would like to address what Jerry Leichter <leichter@lrw.com> said in
RISKS-13.39. I agree with what he said about the ability of the FBI and other
police authorities to tap into phone conversations being curtailed by the
advances in technology. What I disagree with is that this is a bad thing. It
seems to me that if tapping a phone conversation is difficult and expensive and
the funding for such efforts comes out of the budget of the police agency
involved, then it is far more likely that such tapping will be used with
restraint, than if using it is cheap and easy.
If anything I'm worried that technology is going too far in the other
direction. I suspect that the major cost of any phone tap isn't the cost of
placing the tap and recording the conversations, but in paying people to listen
to them. It isn't collecting data that is expensive, but analyzing it. With the
advent of computer voice recognition in the next few years, it is quite
possible that this cost will decrease drastically, maybe by an order of
magnitude or more as the technology improves.
As the saying goes, government is a dangerous servant and a terrible
master. A prudent citizen will try to ensure that powers of government
are strictly curtailed and a close eye is kept to make sure these powers
are neither abused or exceeded either through malice or an excess of zeal.
I keeping asking myself, how is the FBI proposal different from one that would
require audio and video surveillance equipment be placed in every home at the
expense of the home owner? Even if there were strict controls to make sure the
equipment was never used without a court order, I doubt that most people would
approve of it. What if the FBI required me to not seal my envelopes, since it
would inhibit their ability to surreptitiously read my mail? It's not so much
that idea that they want me to pay for it, it is the idea that want me to pay
to give them capabilities that I'd be willing to pay for them NOT to have.
As for Mr. Leichter's police analogy, it is rather flawed. A better question to
ask is should we forego the right of self-protection, because some criminals
misuse the technology involved and always trust that the government will be
able to protect us and will never oppress us? Some people think so, but I'm not
one of them.
Joel Upchurch/Upchurch Computer Consulting/718 Galsworthy/Orlando, FL 32809
joel@peora.ccur.com {uiucuxc,hoptoad,petsd,ucf-cs}!peora!joel (407) 859-0982
The debate over the FBI's proposal to ensure wiretappability of digital phone
technologies largely misses the point. This is especially true for Jerry
Leichter's recent comments.
I think it is reasonable to ask whether any proposed restrictive legislation
will be effective in its intended purpose. If the answer is "no", then it is
entirely pointless to debate the merits of a bill's goals, no matter how
desirable they may seem.
I submit that the FBI's measure will ultimately prove ineffective, for one very
simple reason: user-provided end-to-end encryption. Like it or not, it is only
a matter of time before most criminals routinely use it to thwart wiretaps.
Encryption is uncontrollable because the encryption-specific parts of a system
can be implemented entirely in software if necessary. It need only use cheap,
readily available generic computer hardware that cannot be practically
controlled in a modern industrial society.
The means to protect textual communications from wiretapping are already
readily available. All it takes is a sufficiently motivated user. Someone, say,
with good reason to fear an FBI wiretap. And before long the generic hardware
necessary for secure voice communications will be just as cheap and widespread.
Eventually, the FBI's wiretap facilities will be effective only against those
few remaining criminals too stupid to encrypt. And they could also be quite
effective against those law-abiding companies and individuals who, instead of
providing their own cryptographic privacy, blindly trust whatever "safeguards"
(legal and/or technical) are supposedly in place to prevent their misuse.
Quite frankly, after the Nixon years it's hard to have much faith in legal
safeguards, and I know too much about telco technology to have much faith in
technical safeguards.
Most readers of this list are highly computer literate, so these may seem like
obvious statements. But they are apparently not so obvious to many in
government policymaking positions. Our real problem is how to educate these
people about the nature of cryptography, why it will be impossible for the FBI
to maintain its precious "status quo", and to begin thinking about how they can
*realistically* deal with the future instead of trying to force a return to the
past.
We urgently need to get these people to understand the following:
1. The use of cryptography by criminals to thwart wiretaps is inevitable in
anything remotely resembling a modern free society. You don't even want to
contemplate living in a state with truly effective ways to prevent the private
use of encryption. So we might as well promote, not restrict, the widespread
use of encryption so that law-abiding persons can benefit from it as well.
2. As the utility of the wiretap decreases, law enforcement will have to rely
other ways to collect evidence. Informers, for example, or testimony compelled
under grants of immunity. Eventually the government might even have to
consider abandoning its attempts to penalize certain types of behavior that
consist largely or entirely of communications or the mere possession of
information.
Unfortunately, our government's historical inability to accept the inevitable
without a long, wasteful and futile fight does not give me much hope that we'll
avoid one this time.
Phil
I submit that the biggest risks in dealing with a system that allows
single point phone tapping can be better addressed in questions far more basic
then of trusting the good intentions of any agency itself. Rather we might
first examine:
1) The number of lives and total value of all information to
be entrusted to such a system.
2) The ability of such an agency to protect the proposed
system from misuse by outside forces.
3) The social and monetary costs including the risks generated
from proposed system vs that of the former system .
So even if one fully trusts the intentions of an agency we might not
sleep better knowing that we have in effect put up a big sign saying to all
would be criminals "in order to save you time we have placed all are eggs in
this basket right here"...
Mike Gore, Technical Support, Institute for Computer Research
1-519-885-1211, x6205 uunet!watmath!watserv1!magore
magore@watserv1.waterloo.edu or magore@watserv1.uwaterloo.ca
James Zuchelli seems surprised that he would have calls billed by Alternate Operator Services companies from places he's never never been. The practice is known as 'Splashing', and arises from the arrangements among smaller long distance carriers and operator services companies. His call was presumably handled by an operator company in Ada, Michigan who were unable to determine the true point of origin of the call. They would bill the call to a calling card as being from their location to the actual called number. Congress and the FCC do not seem to feel that this practice was one of the benefits intended to follow from the break up of the Bell System, and seem to have initiated proceedings to ensure that all calls will be billed based on the true point of origin. The FBI/encryption/privacy debate has been interesting. Obviously the FBI will only be successful in interpreting data from wiretaps if they can manage to stay abreast of technology. The usual file archiving and compression schemes are meant to be easy to use, so any reasonbly aware user will recognize from file naming conventions what decompression techniques to use. They could become the basis for encryption schemes, but it seems reasonable to suppose that they would tend to have signatures that a knowledgeable spook could recognize fairly easily. In the same way, the FBI would have to keep abreast of technology and learn to use any widely used speech compression technology. ISDN makes end to end encryption of speech a little easier than it once was, since speech is readily available for manipulation in digital form at either end. However, it's possible to compress digital speech from the 64K bit/sec rate ISDN normally uses to rates as low as 2400 bit/sec with some loss of fidelity, and that would allow a digital stream to be encrypted and transmitted on a fairly ordinary analogue line. Any digital switch would allow the FBI to wiretap such a call, but it would take them a good deal of effort to make sense of it. Ultimately it seems unlikely that laws against using encryption will deter people who are already breaking more serious laws. They will affect people with legitimate needs for privacy such as protection of trade secrets and financial information. Restrictions on American trade will clearly not apply abroad, and can only work to the disadvantage of American (free?) enterprise. The FBI may wish for simpler times, but in the long run it seems like they'll have to heat their buildings with Crays and learn to be as good at cryptography as the bad guys. After all, the first working electronic computer may have been Colossus, which was built to do cryptography.
>I'm disturbed . . . . The general approach seems to be based on
>the idea that government is not to be trusted, ever, with anything.
>Nothing government says is to be believed.
Many of us do feel that the history of government lies on issues large and
small preclude believing what government tells us without substantial
additional evidence. Sure, there are many good people in government, and many
useful functions performed by it. But we really do differ from you in having
enough concern for civil liberties to willingly, even enthusiastically accept
some inefficiency and some additional crime in return for stronger guarantees
of privacy and freedom for the great masses of people who are basically decent,
including ourselves and our friends.
>Let's take the FBI "phone tapping" proposal.
Many of us, while tolerant of occasional phone-tapping under a difficult-to-get
court order, might prefer no phone-tapping at all to tapping under
easy-to-obtain court orders or widespread tapping of any sort.
>Do they believe ... that we should banish policy [sic] departments
>and arm ourselves for our own protection against criminals ... ?
We might not advocate the abolition of police departments because they have not
yet become that extremely corrupt. But for other reasons — including the
physical inability of even a large police force to provide protection at the
level that could assure everyone's safety from assault, burglary, rape, and
murder — we certainly support possession of firearms by adult citizens,
perhaps even required possession and required training. This threat of
self-defense would produce a far greater reduction in violent crime than any
law could.
The risks issue, as I see it: I'm happy to assume the (perceived small) risk
that my neighbor will shoot me, in place of the (perceived much larger) risk
that either a criminal will attack my family and friends while we are
defenseless or that at some future time only a fully armed population could
save itself from a would-be-totalitarian government (either home-grown or
invading). It is no accident that the Soviet Union's first action after taking
over Hungary, Czechoslovakia, and Poland was the seizure of privately owned
firearms.
Irving_Wolfe@Happy-Man.com Happy Man Corp. 206/463-9399 x101
4410 SW Pt. Robinson Rd., Vashon Island, WA 98070-7399 fax x108
[Commercial advertising deleted... PGN]
Attached is a copy of the FBI's proposed law which would prevent telephone
companies and PBX operators from using equipment which would inhibit the
government's ability to perform wiretaps. This was uploaded to the Well by
Mike Godwin of the EFF.
Steve Dever
102nd Congress
2nd Session
Amendment No.
Offered by M.
1. SEC. 1. FINDINGS AND PURPOSES
2. (a) The Congress finds:
3. (1) that telecommunications systems and networks are often
4 used in the furtherance of criminal activities including
5 organized crime, racketeering, extortion, kidnapping, espionage,
6 terrorism, and trafficking in illegal drugs; and
7 (2 ) that recent and continuing advances in
8 telecommunications technology, and the introduction of new
9 technologies and transmission modes by the telecommunications
10 industry, have made it increasingly difficult for government
11 agencies to implement lawful orders or authorizations to
12 intercept communications and thus threaten the ability of such
13 agencies effectively to enfore the laws and protect the national
14 security; and
15 (3) without the assistance and cooperation of providers of
16 electronic communication services and private branch exchange
17 operators, the introduction of new technologies and transmission
18 modes into telecommunications systems without consideration and
19 accommodation of the need of government agencies lawfully to
20 intercept communications, would impede the ability of such
21 agencies effectively to carry out their responsibilities.
1 The purpose of this Act are:
2 (1) to clarify the duty of providers of electronic
3 communication services and private branch exchange operators to
4 provide such assistance as necessary to ensure the ability of
5 government agencies to implement lawful orders or authorizations
6 to intercept communications; and
7 (2) to ensure that the Federal Communications Commission,
8 in the setting of standards affecting providers of electronic
9 communication services or private branch exchange operators, will
10 accommodate the need of government agencies lawfully to intercept
11 communications.
12 SEC. 2. Title II of the Communications Act of 1934 is amended
13 by adding at the end thereof the following new sections:
14 "Sec__. GOVERNMENT REQUIREMENTS
15 "(a) The Federal Communications Commission shall,
16 within 120 days after enactment of this Act, issue such
17 regulations as are necessary to ensure that the government
18 can intercept communications when such interception is
19 otherwise lawfully authorized
20 "(b) The regulations issued by the commission shall:
21 "(1) establish standards and specifications for
22 telecommunications equipment and technology employed by
23 providers of electronic communication services or
24 private branch exchange operators as may be necessary
25 to maintain the ability of the government to lawfully
26 intercept communication
1 "(2) require that any telecommunications
2 equipment or technology which impedes the ability of
3 the government to lawfully intercept communications and
4 and which has been introduced into a telecommunications
5 system by providers of electronic communication
6 services or private branch exchange operators shall not
7 expanded so as to further impede such utility until
8 that telecommunications equpment or technology is
9 brought into compliance with the requirements set forth
10 in regulations issued by the Commission;
11 "(3) require that modifications which are
12 necessary to be made to existing telecommunications
13 equipment or technology to eliminate impediments to the
14 ability of the government to lawfully intercept
15 communications shall be implemented by such providers
16 of electronic communication services and private branch
17 exchange operators within 180 days of issuance of such
18 regulations; and
19 "(4) prohibit the use by electronic communication
20 service providers and private branch exchange operators
21 of any telecommunications equipment or technology which
22 does not comply with the regulations issued under this
23 section after the 180th day following the issuance of
24 such regulations.
25 "(c) For the purposes of administering and enforcing
26 the provisions of this section and the regulations
1 prescribed hereunder, the Commission shall have the same
2 authority, power, and functions with respect to providers of
3 electronic communication services or private branch exchange
4 operators as the Commission has in administering and
5 enforcing the provisions of this title with respect to any
6 common carrier otherwise subject to Commission jurisdiction.
7 Any violation of this section by any provider of electronic
8 communication service or any private branch exchange
9 operator shall be subject to the same remedies, penalties,
10 and procedures as are applicable to a violation of this
11 chapter by a common carrier otherwise subject to Commission
12 jurisdiction, except as otherwise specified in subsection
13 (d).
14 "(d) In addition to any enforcement authorities vested
15 in the Commission under this title, the Attorney General may
16 apply to the appropriate United States District Court for a
17 restraining order or injunction against any provider of
18 electronic communication service or private branch exchange
19 operator based upon a failure to comply with the provisions
20 of this section or regulations prescribed hereunder.
21 "(e) Any person who willfully violates any provision
22 of the regulations issued by the Commission pursuant to
23 subjection (a) of this section shall be subject to a civil
24 penalty of $10,000 per day for each day in violation.
25 "(f) To the extent consistent with the setting or
26 implementation of just and reasonable rates, charges and
1 classifications, the Commission shall authorize the
2 compensation of any electronic communication service
3 providers or other entities whose rates or charges are
4 subject to its jurisdiction for the reasonable costs
5 associated with such modifications of existing
6 telecommunications equipment or technology, or with the
7 development or procurement, and the installation of such
8 telecommunications equipment or technology as is necessary
9 to carry out the purposes of this Act, through appropriate
10 adjustments to such rates and charges.
11 "(g) The Attorney General shall advise the Commission
12 within 30 days after the date of enactment of this Act, and
13 periodically thereafter, as necessary, of the specific needs
14 and performance requirements to ensure the continued ability
15 of the government to lawfully intercept communications
16 transmitted by or through the electronic communication
17 services and private branch exchanges introduced, operated,
18 sold or leased in the United States.
l9 "(h) Notwithstanding section 552b of Title 5, United
20 States Code or any other provision of law, the Attorney
21 General or his designee may direct that any Commission
22 proceeding concerning regulations, standards or
23 registrations issued or to be issued under the authority of
24 this section shall be closed to the public.
25 "(i) Definitions — As used in this section --
1 "(l) 'provider of electronic communication
2 service' or 'private branch exchange operator' means
3 any service which professes to users thereof the ability
4 to send or receive wire, oral or electronic
5 communications, as those terms are defined in
6 subsections 2510(1) and 2510(12) of Title 18, United
7 States Code;
8 "(2) 'communication' means any wire or electronic
9 communication, as defined in subsection 2510(1) and
10 2510 (12), of Title 18, United States Code;
11 "(3) 'impede' means to prevent, hinder or impair
12 the government's ability to intercept a communication
13 in the same form as transmitted;
14 "(4) 'intercept' shall have the same meaning
l5 set forth in section 2510 (4) of Title 18, United States
16 Code;
17 "(5) 'government' means the Government of the
18 United States and any agency or instrumentality
19 thereof, any state or political subdivision thereof,
20 and the District of Columbia, and Commonwealth of Puerto
21 Rico; and
22 "(6) 'telecommunications equipment or technology'
23 means any equipment or technology, used or to be used
24 by any providers of electronic communication services
25 or private branch exchange operators, which is for the
1 transmission or receipt of wire, oral or electronic
2 communications."
3 SEC 3. Section 510, Title V, P.L. 97-259 is amended deleting the
4 phrase "section 301 or 302a" and substituting the phrase "section
5 301, 302a, or ____.
DIGITAL TELEPHONY AMENDMENT
(report language)
Significant changes are being made in the systems by which communications
services are provided. Digital technologies, fiber optics, and other
telecommunications transmission technologies are coming into widespread use.
These changes in communications systems and technologies make it increasingly
difficult for government agencies to implement lawful orders or authorizations
to intercept communications in order to enfore the laws and protect the
national security.
With the assistance of providers of electronic communication services, these
technological advances need not impede the ability of government agencies to
carry out their responsibilities. This bill would direct the Federal
Communications Commission (FCC) to issue standards ensuring that communications
systems and service providers continue to accommodate lawful government
communications intercepts. The regulations are not intended to cover federal
government communications systems. Procedure already exist by which the
Federal Bureau of Investigation amy obtain federal agency cooperation in
implementing lawful orders or authorizations applicable to such systems.
Further, there would be no obligation on the part of the service providers or
any other party to ensure access to the plain text of encrypted or other
encoded material, but rather only to the communication in whatever form it is
transmitted. It is thus the intent and purpose of the bill only to maintain
the government's current communications interception capability where properly
ordered or authorized. No expansion of that authority is sought.
ANALYSIS
Subsection 2(a) and (b) would require the Federal Communications Commission
(FCC) to issue any regulations deemed necessary to ensure that
telecommunications equipment and technology used by providers of electronic
communications services or private branch exchange operators will permit the
government to intercept communications when such interception is lawfully
authorized. The regulations would also require that equipment or technologies
currently used by such providers or operators that impede this ability until
brought into compliance with the regulations. Compliance with FCC regulations
issued under this section would be required within 180 days of their issuance.
Subsection 2(c) provides that the Commission's authority to implement and
enforce the provisions of this section are the same as those it has with
respect to common carriers subject to its jurisdiction.
Subsection 2(d) would give the Attorney General the authority to request
injunctive relief against non-complying service providers or private branch
exchange operators.
Subsection 2(e) provides civil penalty authority for willful violations of the
regulations of up to $10,000 per day for each violation.
Subsection 2(f) would permit the FCC to provide rate relief to service
providers subject to its rate-setting jurisdiction for the costs associated
with modifying equipment or technologies to carry out the purposes of the bill.
Subsections 2(g), (h), and (i) require the Attorney General to advise the
Commission regarding the specific needs and performance criteria required to
maintain government intercept capabilities, require the FCC to ensure that the
standards and specifications it promulgates may be implemented on a royalty-
free basis, and authorize the Attorney General to require that particular
Commission rulemaking proceedings to implement the Act be closed to the public.
Subsection 2(j) provides definitions for key terms used in this section.
Please report problems with the web pages to the maintainer