Friday, October 01, 2010
BROOKE GLADSTONE: From WNYC in New York, this is On the Media. I'm Brooke Gladstone.
BOB GARFIELD: And I'm Bob Garfield. If the Feds want to legally tap your phone, they a) persuade a judge to give them a warrant, b) present that warrant to the phone company and c) the phone company activates the tap, easy peasy, a practice codified in a 1994 law known as CALEA. But these days, tech-savvy criminals and terrorists, and pretty much everybody else, use Skype and encrypted BlackBerrys and Google and Facebook. What’s old school law enforcement to do? This week The New York Times revealed a White House plan to be proposed next year that would force all the 21st century communications networks to construct the same wiretap capabilities that now exist for the phone. Charlie Savage, Washington correspondent for The Times, broke the story this week, and he says that even if the proposal results in legislation, it could be an incredibly difficult law to implement.
CHARLIE SAVAGE: If the service is located on servers that are overseas, it’s not subject to U.S. court order. If they're using a form of encryption, that means that even the service provider can't say what this data is. Or if it’s a peer-to-peer software like Skype, there is no central place to go and capture all that data.
BOB GARFIELD: If you build a back door into these various networks that the government has access to, it seems to me that every hacker and his brother, not to mention foreign governments, would try to enter the same back door, no?
CHARLIE SAVAGE: If you create a security hole for a lawful purpose, it’s inevitable, the critics say, that it will be exploited for unlawful purposes. Greece has a law that requires its phone systems to be wire-tapable, and in 2005 it was discovered that somebody, still unknown, had hacked into that capacity, forwarding copies of cell phone calls of about a hundred top officials to an unknown phone where they could be listened to, including the prime minister’s phone.
BOB GARFIELD: So here’s another potential objection. On the one hand, it’s a little nerve-wracking that a terrorism investigation could be slowed down by weeks or months because of having to retrofit a communications service with tapability capacity. On the other hand, should I be nervous that the federal government would have one-step access to all of these communications? Aren't they just destined to abuse it?
CHARLIE SAVAGE: Well, the privacy rights and civil liberties activist communities certainly have that view. They like the idea of some communication streams between individuals being beyond the reach of government intrusion. And the government’s rebuttal is, look, we're not talking about getting into the contents of these communications without court orders. We're talking about cases where you go to a judge and you say, look, I've got the following evidence, I think this person’s communications should be looked at, and the judge independently agrees or doesn't, and only after that authority is granted would this be exercised.
BOB GARFIELD: If this technology is built into every communications platform and its brother, presumably that means that governments like Iran and China and Burma would be able to go in through the same back doors.
CHARLIE SAVAGE: You still have to have some sort of leverage, if you’re Government X, over a service provider to get them to provide their communications. That’s hard to do when the service is operating from servers that are outside of your borders. But one person suggested to me that once the United States requires everyone to have a server here capable of decrypting communications it will be no time at all before every other country in the world demands the same deal, making the same argument.
BOB GARFIELD: And now we're talking about an enormous increase in cost. A gigantic company with all sorts of cash flow will have no problem submitting to the government’s wishes. Startups, small companies, undercapitalized companies, in other words, most of the new players into the technology sector, maybe don't have the wherewithal to set up offices in 200-some countries.
CHARLIE SAVAGE: This is, in some ways, a replay of the arguments in the '90s over that 1994 law that required phone companies to build in these kinds of intercept capacities. There was, number one, a lot of fears expressed that that would impede cell phone innovation and further developments, and there was a lot of jostling between rival companies to try to get the regulations as they were written in a way that would help them raise barriers to entry for future rivals.
BOB GARFIELD: What’s been the reaction to your story, and how different do you suppose the reaction would have been had this proposal been floated during the notoriously overreaching George Bush administration?
CHARLIE SAVAGE: This is different from some of the surveillance scandals of the Bush administration. This is something that is being proposed through the lens of let's go to Congress and get them to adjust the law to do what we want to do, not this is something that we can do unilaterally in defiance of Congressional statutes or approval. Republicans, who have generally been pro-national security when it comes to the security versus privacy tradeoff, aren't criticizing it, and Democrats who want to support the administration don't see this as a fruitful thing to bang the drum about, where it might have been fruitful for that purpose when the Republicans were in charge of the White House. And finally this, as the FBI, at least would argue, is not an attempt to gain new power to wiretap, it is an attempt to keep existing power to wiretap from eroding due to technological change.
BOB GARFIELD: All right, Charlie, thanks so much.
CHARLIE SAVAGE: Thank you for having me on.
BOB GARFIELD: Charlie Savage is a Washington correspondent for The New York Times. His piece, U.S. Tries to Make it Easier to Wiretap the Internet, ran in Monday’s New York Times.