Privacy, National Security and Internet Traffic

Thursday, October 07, 2010

Theresa Payton

D13f77e036666dbd8f93bf5895f47703

The recent attempt to bomb Times Square was a vivid reminder that intelligence before, during, and after a crime are key to understanding motive, protecting citizens, and moving swiftly to avoid future attacks. 

Federal Investigators found that the man suspected of the attempted bombing used pre-paid phones to communicate and coordinate the bombing. 

So why didn't law enforcement know this in advance? 

The bad guys know that pre-paid cell phones help avoid tracking.  There is no requirement to provide ID when purchasing a pre-paid phone.

There is a law in effect to aid law enforcement called The Communications Assistance to Law Enforcement Act.  It was passed in 1994 and it requires telecommunications companies to allow court authorized access to their information, often in real time. 

It is not broad enough to cover newer technologies that provide "communications" that are not within the legacy telecommunications framework.

See Theresa Payton on Fox News' Special Report (Video)

As found in Newsmax:

"We're talking about lawfully authorized intercepts," said FBI lawyer Valerie E. Caproni. "We're not talking about expanding authority. We're talking about preserving our ability to execute our existing authority in order to protect the public safety and national security. "

As found in the Wall Street Journal:

"The way we communicate has changed dramatically since 1994 but telecommunications law has not kept up," said an administration official. "The government doesn't want new powers, but wants to ensure that communications companies outside of the telephone business have the technology to respond to court orders for information, the official said."

The bill is still under consideration and will likely be submitted next year according to Newsmax. The New York Times reports that the current proposal may have these elements:

-Ability to unscramble encrypted messages so Law Enforcement can read them

-Any foreign companies (RIM of BlackBerry) that have U.S. based business must provide a U.S. office capable of performing intercepts for Law Enforcement.

-Peer-to-peer communication providers must build in capabilities to their service to allow interception.


4 Recommendations:

1.  Let's Debat
e:  I would like to see open and vigorous debate where the voices of both Privacy advocates and National Security & Law Enforcement agencies are heard.  By hearing and vetting the pros and cons of the issue, I believe the country can craft a law that accommodates the concerns and needs of both sides.

2.  Don't Kill Innovation:
  We need to be careful about the regulatory burdens and dictating specifically how companies are to comply.  Tell them what is needed and let them figure it out.  Regulatory burdens could kill many start up companies that are not even sure if consumers will adopt their product and they will not have the money to build a government specific framework.  We should not shoe horn the newer technologies and force them to fit into the old framework of the phone companies.

3.  Don't Dictate or Design "Back Doors":  If the regulation specifically outlines a "back door" and the design expectations for the back door, that does provide insights to the bad guys which could be used to infiltrate the "back door".

4.  Maintain Checks and Balances:  We have court oversights in place for requesting warrants and how information can be used when gathered via surveillance and wiretaps.

Sources:

"New Technologies Prompt Push for Better Wiretap Law", Evan Perez, Wall Street Journal, Septemer 27, 2010.

"U.S. Tries to Make It Easier to Wiretap the Internet", Charlie Savage, New York Times, September 27, 2010.

"US Would Make Internet Wirtetaps Easier", Newsmax, September 27, 2010.

Possibly Related Articles:
4948
Privacy
Privacy Government terrorism
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.