« PrécédentContinuer »
proaches from a distinctly different vantage point. All parties have work hard and all have been flexible. it is understandable that a small number may not be enthusiastic or strong advocates for legislation. However, public safety demands that a legislative solution be found and found quickly. I believe that this is why everyone made concessions and reached acceptable compromises. I also believe that this is why all acknowledge that your legislation is reasonable and acceptable as a means of resolving this critical law enforcement problem in light of the competing concerns and considerations.
Once again, I would like to personally thank both Chairman Edwards and Chairman Leahy, the members of the Subcommittees and your staffs, in particular Jim Dempsey, Beryl Howell, Nelson Cunningham and Ken Mendelson, for taking on this difficult issue and for your unwavering support for the enactment of legislation to resolve this problem during this session of Congress. This is a “drop dead" issue for law enforcement. Your efforts will ensure law enforcement's continued ability to protect the American public and safeguard our national security through the use of this vital investigative technique, while being ever mindful of legitimate privacy and industry concerns. At this time I would welcome any questions you may have.
DIGITAL PRIVACY AND SECURITY WORKING GROUP,
Washington, DC, March 11, 1994. Mr. LOUIS J. FREEH, Director, Federal Bureau of Investigation, Washington, DC.
DEAR DIRECTOR FREEH: This letter is a follow-up to our letter of March 9, 1994 to President Clinton and Vice President Gore (a copy is attached). While we do not believe that new legislation is needed to accomplish the FBI's goals, we take this opportunity to more specifically raise some of the questions that should be answered in pursuing any digital telephony legislation. The draft that the White House has given us for comment is overly broad, and it is our hope that this letter will assist in narrowing the scope of any legislation.
While we have additional, important questions and concerns, this letter sets forth our primary concerns.
(1) Should digital telephony legislation reach “call setup information” independently of a "Title III” search warrant?
The New York Times of February 28, 1994 quotes you as stating, “My real objective is to get access to the content of telephone calls.” The bill should therefore be limited to content of communications and incidental call setup or transactional data.
Legislation should apply to "call setup information” only when that information is incident to a warrant issued for wire, oral, or electronic communications as set forth in 18 U.S.C. 82518. Extending the legislation's scope beyond the acquisition of content (pursuant to a warrant under section 2518) to the independent acquisition of call setup information raises many issues that require examination. For example, currently the legal standard for obtaining transactional data is a certification (via subpoena or statement to a judge) that the sought-after data is relevant to an ongoing criminal investigation. In the era of personal communications services (“PCS”) and of the information highway, transactional data will reveal far more about individuals than it has in the past. In fact, in some cases it may be equivalent to content information. Thins transactional data certainly could make it possible to build a detailed model of an individual's behavior and movements. The net result could be government dictating to industry that it create a surveillance-based system that will allow federal, state, and local government to use a service provider's electronic communication facilities
to conduct minute-by-minute surveillance of individuals.
As long as they have an IRS or other administrative subpoena or a law enforcement agent willing to certify that the sought-after data is relevant to an ongoing criminal investigation law enforcement officials could demand that they be notified at some remote location every time certain individuals communicate by telephone and their location at the time, as well as every database they connect to and when they log on and off. In short, law enforcement officials could insist on instantaneously knowing the existence of every single electronic communication (but not its content).
The enormous potential for abuse and threat to personal privacy suggests that, if transactional data were to be covered by digital telephony legislation, it should be incidental to a "Title III” wiretap warrant. This would not limit in any way law enforcement's access to trap and trace, pen register, or call billing information under current law or practice. This is particularly true given that there has been no case
made that demonstrates any current or potential difficulty in getting this noncontent information under current practices. The technology in fact has made these type of services much easier for law enforcement to use and access. Additional legislation is simply not necessary to obtain this data.
(2) What is covered? The obligation to isolate the content of communications must be reasonably related to the service provider's telecommunications services. It would be unreasonable for the FBI to demand any person involved with the communication to furnish it with access to that communication. For example, most providers, including local telephone companies, usually need to isolate communications for purposes of billing and maintenance. It is appropriate for the FBI to seek their assistance in intercepting communications on their networks only when the requests are reasonably related to the telecommunications services they provide.
Therefore, the question is not necessarily who is covered, but what telecommunications services are covered. For example, the legislation should reflect the fact that, in reselling services, even local telephone companies sometimes are unable in those instances to furnish call setup information regardless of whether it is incident to the acquisition of a communication's content.
(3) What will be the requirements placed upon service providers and what will be the standard of compliance that will be applied?
Legislation should carefully define the obligations of service providers. This is not the case with the FBI's current draft of proposed legislation. These obligations are vague and subject to considerable interpretation. Service providers and manufactures must have flexibility to adopt procedures that reasonably comply with the specific functional performance requirements of law enforcement.
This is particularly true where, as here, compliance requires an assessment of future needs and interoperability requirements. There is a difference between compliance and a guarantee, and legislation must reflect that difference. Carriers should be required to provide reasonable cooperation and that cooperation should be measured by a standard of reasonable compliance.
In installing new software or equipment under this statute, a service provider must be able to reasonably assess future demands by law enforcement. Other industries subject to regulation at least know, for example, the temperature at which they must maintain the specimens, the emission standard they must satisfy, or the type of safety restraint equipment they must install and the date by which they must have it installed in vehicles. Service providers cannot be held to an absolute standard of compliance where they are using and delivering new technologies to the public and the demands of law enforcement are not clearly specified. This applies to both capability and capacity. Law enforcement must be specific in its requirements for capacity and capability from each service provider.
(4) What is expected of commercial mobile service providers?
It is not a foregone conclusion that mobility in a digitized telecommunications environment will degrade or otherwise impede the law enforcement community's ability to effectively execute court-approved wiretap orders.
Wireless carriers are committed to assisting law enforcement agencies to successfully wiretap and intercept voice communications. To accomplish this goal, the wireless industry understands that available excess port capacity is needed in all switches throughout the nation. While it may be reasonable for federal and state law enforcement agencies to acquire the contents of wireless communications pursuant to "Title III” warrants through additional port capacity, it would be prohibitively expensive to require that every one of the nation's switches be connected to the FBI to enable it to acquire such information on a "real time” basis at remote locations.
Connecting every one of the nation's switches to the FBI, moreover, would increase exponentially the risk of unauthorized access to wireless communications. Further, the proliferation of fraudulent use of wireless telephones through such techniques as "cloning” and “tumbling" ESN's (electronic serial numbers) poses additional questions with respect to privacy and the ability of law enforcement to properly execute court-approved wiretap orders.
(5) What are the responsibilities of manufacturers and suppliers, if any?
The FBI wishes manufacturers of telecommunications equipment and providers of support services to fall within the scope of the legislation. But, would service providers be held liable for software or hardware that is not available from vendors? Why? How would the obligations be enforced against foreign manufacturers? What would be the liability of a domestic carrier that relies upon foreign manufacturers? What are the trade implications of having domestic manufacturers export equipment designed for governmental surveillance?
(6) How, and during what period, are costs to be recovered to ensure that there is a direct relationship been the costs reasonably incurred by covered entities and the government's requirements?
Government should pay for what it needs, which will help focus attention upon the facilities that truly need upgrading. if the government does not pay for upgrades or facilities, then the service providers should not be held responsible. The FBI appears to have accepted the concept that government should pay for the costs of compliance but has so far underestimated these costs and proposed an arbitrary threeyear limit on cost reimbursement. Government compensation should be ongoing with industry's compliance.
We trust you find our comments helpful. We remain prepared to work with you, Congress, and others to attempt to resolve the legitimate concerns of law enforcement. Sincerely yours,
DIGITAL PRIVACY AND SECURITY WORKING GROUP,
Washington, DC, March 9, 1994. President William J. Clinton, The White House, Washington, DC. Vice President of the United States, U.S. Senate, Washington, DC.
DEAR MR. PRESIDENT AND MR. VICE PRESIDENT: Telecommunications carriers and other members of the Digital Privacy and Security Working Group are keenly aware of the concerns raised by the Administration regarding the ability to intercept communications transmitted over advanced communications networks.
We are concerned, however, about the nature of the process upon which the Administration has embarked to address these issues. Seeking immediate industry reaction to the FBI's draft legislation and congressional passage of such legislation shortly thereafter is troubling. It suggests curtailment of public debate and of congressional deliberation. Given the interest of the public in these matters and their complexity, it is essential that there be a full public debate on these issues.
Industry is currently cooperating with appropriate authorities to avoid fixture problems and to expand existing capacities. This is not to say that there have not been some transitional concerns particularly upon the introduction of new technologies that have grown greatly in popularity. But, whenever transitional problems have arisen, industry representatives have worked with law enforcement officials to resolve them.
The FBI's actions are especially troubling in light of our view that legislation is not needed to accomplish the Agency's goals. We still see no evidence that current law enforcement efforts are being jeopardized by new technologies. Nor are we convinced that future law enforcement activities will be jeopardized given industry cooperation.
We still believe that continued cooperation by government and industry within the working relationship that has emerged from the 1992 Quantico Joint Government Industry Group will resolve “the digital telephony problem” and preserve the government's current authorities. The discussions have succeeded in identifying specific problems and have begun the process of generating concrete, cost-effective solutions. This process has facilitated a more robust exchange of technical information and an identification of possible new equipment and police tactics needed to achieve law enforcement goals. Nevertheless, we are prepared to work with the Congress and the Administration to attempt to resolve the legitimate concerns of law enforcement.
The signatories to this letter cannot overemphasize how critical it is that any new initiatives in this area preserve the public's confidence in the privacy of information carried over the public switched network. Less than a decade after enactment of the Electronic Communications Privacy Act of 1986, the nation can ill afford to undercut customer privacy expectations. Indeed, on the eve of the National Information Infrastructure's deployment, preserving customer confidence is all the more important. Privacy protection is not a secondary interest here. Survey after survey performed by Professor Alan Westin and others have demonstrated the public's concern with
privacy and the security of their communications. We all must seek to maximize those interests and assure the public that their communications are protected. Sincerely yours,
APPLE COMPUTER, INC.,
CONGRESS OF THE UNITED STATES,
Washington, DC, April 11, 1994. Hon. LOUIS J. FREEH, Federal Bureau of Investigation, J. Edgar Hoover Building, Washington, DC.
DEAR DIRECTOR FREEH: The Subcommittees are eager to continue their hearings on digital telephony, and would like to ask for your assistance in expediting our consideration of this issue.
A critical point of controversy at our last hearing was whether there are current or prospective impediments that cannot be resolved by industry/law enforcement cooperation. You testified that an informal FBI survey of federal, state, and local law enforcement agencies had disclosed 91 instances of technological impediments to enforcement surveillance.
The telephone industry testified, as they have indicated on other occasions, that they were unaware of any problems that have not been solved, or are on the way to being solved, through cooperation.
Before we proceed with our next hearing, we request the details of the 91 instances (and any others that you can identify) so we can provide them to industry witnesses and get their response at the hearing. The exact number of instances is not important; what is important is being able to identify specific cases, so industry and law enforcement witnesses can discuss how legislation would deal with those cases in a way that the voluntary efforts have not.
For this purpose, we are requesting copies of the responses to your informal survey. You may, of course, redact any names of subjects and local case numbers. We only need to know the date, the law enforcement agency, the service provider, the type of service, the type of impediment, and any steps taken to resolve the problem. We would like to receive this information as soon as possible so that all witnesses would have an opportunity to respond to it in an informed fashion.
As our staffs have already discussed, we believe that this information is necessary to complete the record of the hearings. We look forwará to your prompt response. Sincerely,
Chairman, Subcommittee on Civil and Constitutional Rights.
PATRICK J. LEAHY,
Chairman, Subcommittee on Technology and the Law.
TECHNOLOGY-BASED PROBLEMS ENCOUNTERED BY FEDERAL, STATE, AND
LOCAL LAW ENFORCEMENT AGENCIES
This information was collected through informal survey of Federal, state, and local law enforcement agencies who voluntarily participated.
*Other problems include:
Inability of the provider to provide trap & trace information.
89-499 - 95 - 5