Images de page
PDF
ePub
[merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][subsumed][merged small][merged small][subsumed][merged small][merged small][merged small][merged small][ocr errors][subsumed][subsumed][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][merged small][ocr errors][merged small][merged small]

Source: Administrative Office of the United States Court Wiretap Report. For the period January 1, 1993 to December 21, 1993.

Representative EDWARDS. Thank you, Mr. Wheeler.

I am sure that you all can count on the Congress, both in the House and in the Senate, working closely in the years ahead as these problems develop. We are pretty resilient around here, especially where something as important as this is concerned, so I hope we can handle that in the future.

The last member of the panel is Jerry Berman, who for many years has worked both with the Senate committees and the House committees and has always been a trusted expert on privacy. Mr. Berman is Director of the Electronic Frontier Foundation.

Welcome, Mr. Berman.

STATEMENT OF JERRY BERMAN, DIRECTOR OF POLICY, ELECTRONIC FRONTIER FOUNDATION

Mr. BERMAN. Thank you, Chairman Edwards, and thank you, Chairman Leahy, for allowing me to testify today.

Like the other witnesses, I really want to commend both of you and your staffs and Senator Biden's staff and Ken Mendelson with Chairman Brooks for having really done an incredible job in transforming a bill which we saw as a potential privacy nightmare into a bill which is carefully crafted to protect privacy, not only as industry is required to meet and continue to deliver a wiretap capability subject to court authorization, but in recognizing that technology is a two-way street.

When technology hampers law enforcement, law enforcement makes a case that it requires legislation or redress. They have

made that case. We might believe that it could have been done with a funding bill or some other vehicle, but we are beyond that. But I think that what you have crafted here is a bill that is very narrow in scope. It leaves out information services, the Internet, the manipulators of content on the information highway, which were included in the last bill, and that was a very troubling thing. They are not here.

You have set up an open standards process, allowed industry to make standards, allowed privacy interests to be taken into account in the design feature, and also allowed privacy advocates to intervene in this process if security interests are at stake.

I think that subject to resolving the cost issue, which I will come back to at the end of my statement, in the legislative process as we go forward, I think that if we are going to pass a digital telephony bill, this is the bill to pass.

"I must also point out that the other side of the technology street is that when technology advances, privacy can also be impaired and undermined and eroded. This legislation, unlike previous drafts, as the FBI Director has pointed out, deals with some of those privacy problems that have been created by the evolving technology and which Senator Leahy's task force in 1991 identified and which the presence of a Digital Telephony bill gave us an opportunity to look at the other side of the issue.

I really want to point out that in addition to the changes that were made for cordless phones and so forth, that significant advances have been made here for privacy in the kind of electronic world we are going to be and increasingly living in.

This legislation requires that the FBI get a court order, based on reasonable suspicion and articulable facts, that in order to get the transactional information that is generated in electronic messages and E-mail messaging. In many ways, it looks like just addressing information which in other regimes is subject to a subpoena. Here, a court order is being imposed because of the recognition that the richness of these transactions, the fact that it really, on a minuteby-minute basis, can tell you who you are talking to, what you are doing, what you are interested in, it reveals content. So the committee and the Congress is recognizing, and the FBI is agreeing, that it deserves higher scrutiny, and that is an important protection that is in this bill.

It is also important that one of the requirements that the committee has imposed is a requirement not to design ongoing location features into the electronic technology for communications. We do not want to turn our cellular and radio-based communication systems into nationwide tracking systems for persons who may be of interest to law enforcement and who are not subject to a warrant. It is important that the legislation also says that the additional information which is gained by pen registers, because it captures more digits than just that which reveal the telephone number, has to be stripped off and they have to move toward technology which strips it off, because more and more content is coming through the touch-tone phone over a pen register.

It is also important that this legislation says that carriers have no responsibility to decrypt any communications, so that people using encryption technology for their privacy, you have to move

those communications across this network, which is very important and, of course, is the subject of another ongoing debate which Senator Leahy has been working on and which I am sure we will return to again next year.

As the Director points out, it is also important that this technology can be designed so that you can have an on/off switch at the central office that will allow the FBI to turn on taps from a remote site. This legislation says they cannot do that.

I have already pointed out that there are privacy protections built into the requirements process, so as a whole package, I think that these are significant advances for privacy and make the whole package a balanced approach, and if legislation is going to happen, it ought to be this vehicle. We are hoping to work with you to ensure that it stays together and is improved and perfected, and I think we can do maybe more clarifying language on the reasonableness test. I don't want to bother you with a minimization issue that we have, but we will come back to that in the discussion process. I want to come back to the cost issue. There is a letter which the Electronic Frontier Foundation as an advocacy organization has signed along with long-distance carriers and the telephone industry to both of you, to the chairs of the committee and to the committee, saying that we need to resolve this cost issue.

The estimates of $500 million on the one hand and several billion dollars on the other hand from the telephone industry, with GAO saying it is a complicated issue, we think needs to be nailed down, not only for us to know where we are diverting dollars from one priority, like law enforcement, or taking from innovation or expansion of the information highway, but it is a significant privacy issue.

The whole point of this bill turns on there being a compliance process which is reasonable and we need to have a cost on the top of the table and they need to be capped in some way, both to force the FBI and law enforcement to do what they want to do, which is set priorities, but also let industry know that they are going to be paid.

If those issues are not addressed, there is the possibility of skimping on costs which could present privacy problems, or on the other hand, building more capacity into the network because the Government doesn't have to pay for it and they ask for more than they may need because they want to take care of law enforcement. There, we have more capacity than we need and that presents a privacy threat at that level.

So I think that that is an issue which we did not resolve in the negotiating process and I think it is important to nail down in the legislation.

Again, I appreciate the efforts that you have gone through. We have been working with you in a spirit of cooperation, along with the whole coalition. We hope to continue as the process goes forward. Thank you very much.

[Mr. Berman submitted the following:]

PREPARED STATEMENT OF JERRY J. BERMAN ON BEHALF OF THE ELECTRONIC FRONTIER FOUNDATION

Chairman Leahy, Chairman Edwards and Members of both subcommittees: I want to thank you for the opportunity to testify today on your new version of the

Digital Telephony bill (H.R. 4922, S. 2375). The Electronic Frontier Foundation (EFF) is a public interest membership organization dedicated to achieving the democratic potential of new communications and computer technology and works to protect civil liberties in new digital environments. EFF also coordinates the Digital Privacy and Security Working Group (DPSWG), a coalition of more than 50 computer, communications, and public interest organizations and associations working on communications privacy issues. am testifying today, however, only on behalf of EFF.

Since 1992, the Electronic Frontier Foundation has opposed a series of FBI Digital Telephony proposals, each of which would have forced communications companies to install wiretap capability into every communications network. However, earlier this year, when it became apparent that some version of the bill would pass the Congress, the Subcommittees asked EFF along with computer and communications industry groups to participate in a process that would yield a narrow bill that both met law enforcement needs and had strong privacy protections. The result of that process is the bill we have before us today. EFF remains deeply troubled by the prospect of the federal government forcing communications networks to be made wiretap ready,' but we believe that this legislation is substantially less intrusive that the original FBI proposals.

The bill is significantly more narrow than the original proposals in that it exclude a number of electronic communications service providers including online information services, Internet access providers, electronic bulletin board systems, PBX's, and private networks-from any compliance obligation. In particular, the Leahy/Edwards version contains a number of important changes from earlier proposals, including:

• A narrow Scope,

• Open standard-setting process with public right of intervention,

• Technical requirements standards developed by industry instead of the Attorney General,

• Right to deploy untappable services.

In my testimony today, however, I would like to review what I believe to be the most important privacy protections of this bill, and to discuss the areas which EFF still believes require more attention before a bill is passed.

A. NEW PRIVACY PROTECTIONS

The Digital Telephony legislation before us includes significant recognition that new communication technologies, and new patterns of technology use, require new privacy protections. Thanks to the work of Senator Leahy and Representative Edwards and Senator Biden, the bill contains a number of significant privacy advances, including enhanced protection for the detailed transactional information records generated by on line information services, email systems, and the Internet. 1. Expanded protection for transactional records sought by law enforcement

Chief among these new protections is an enhanced protection for transactional records from indiscriminate law enforcement access. Many online communication and information systems create detailed records of users' communication activities as well as lists of the information that they have accessed. Provisions in the bill recognize that this transactional information created by new digital communications systems is extremely sensitive and deserves a high degree of protection from casual law enforcement access which is currently possible without any independent judicial supervision.

EFF commends Senator Leahy, Representative Edwards, and Senator Biden for declaring that law enforcement access to transactional records in online communication systems (everything from the Internet to AOL to hobbyist BBS's) threatens privacy rights. Privacy interests are implicated because:

• The records are personally identifiable,

• They reveal the content of people's communications, and,

• The compilation of such records makes it easy for law enforcement to create a detailed picture of people's lives on line.

Based on this recognition, the draft bill contains the following provisions:

• Court order required for access to transactional records instead of mere subpoena

In order to gain access to transactional records, such as a list of to whom a subject sent email, which online discussion group one subscribes to, or which movies you request on a pay-per view channel, law enforcement will have to prove to a court,

by the showing of "specific and articulable facts" that the records requested are relevant to an ongoing criminal investigation. This means that the government may not request volumes of transactional records merely to see what it can find through traffic analysis. Rather, law enforcement will have to prove to a court that it has reason to believe that it will find specific information relevant to an ongoing criminal investigation in the records it requested.

With these provisions, we have achieved for all online systems, a significantly greater level of protection than exists today for records such as email logs, and greater protection than currently exists for telephone toll records. The lists of telephone calls that are kept by local and long distance phone companies are available to law enforcement without any judicial intervention at all. Law enforcement gains access to hundreds of thousands of such telephone records each year, without a warrant and without even notice to the citizens involved. Court order protection will make it much more difficult for law enforcement to go on "fishing expeditions" through online transactional records, hoping to find evidence of a crime by accident. We have also submitted a detailed memorandum on the importance of protection and would ask that this document be included in the record of these proceedings along with this testimony.

• Standard of proof much greater than for telephone toll records, but below that for content

The most important change that these new provisions offer is that law enforcement will: (a) have to convince a judge that there is reason to look at a particular set of records, and; (b) have to expend the time and energy necessary to have a United States Attorney or District Attorney actually present a case before a court. However, the burden or proof to be met by the government in such a proceeding is lower than required for access to the content of a communication.

2. New protection for location-specific Information available In cellular, PCS and other advanced networks

Much of the electronic surveillance conducted by law enforcement today involves gathering telephone dialing information through a device known as a pen register. Authority to attach pen registers is obtained merely by asserting that the information would be relevant to a criminal investigation. Under current law, courts must approve pen register requests without any substantive review of the basis for law enforcement's request. This legislation offers significant new limits on the use of pen register data.

Under this bill, when law enforcement seeks pen register information from a telecommunications carrier, the carrier is forbidden to deliver to law enforcement any information which would disclose the location or movement of the calling or called party. Cellular phone networks, PCS systems, and so-called "follow-me" services all store location information in their networks. This new limitation is a major safeguard which will prevent law enforcement from casually using mobile and intelligent communications services as nation-wide tracking systems.

3. New limitations on "pen register" authority

Contemporary uses of pen registers also involve substantial privacy invasion, even aside from location information. Currently, law enforcement is able to use pen registers to capture not only the telephone number dialed, but also any other touchtone digits dialed which reflect the user's interaction with an automated information service on the other end of the line, such as an automatic banking system or a voicemail password. If this bill is enacted, law enforcement would be required to use "technology reasonably available" to limit pen registers to the collection of calling number information only. We are aware that new pen register devices are now on the market which automatically screen out all dialed digits except for the actual telephone numbers. Just as this bill would require telecommunications carriers to deploy technology which facilitates taps, we believe that law enforcement should be required to deploy technology which shields users communications from unauthorized invasion.

4. Bill does not preclude use of encryption

Unlike previous Digital Telephony proposals, this bill places no obligation on telecommunication carriers to decipher encrypted messages, unless the carrier actually holds the key to the message as well.

5. Automated remote monitoring precluded

Law enforcement is specifically precluded from having automated, remote surveillance capability. Any court-ordered electronic surveillance must be initiated by an employee of the telecommunications carrier, upon request by law enforcement.

« PrécédentContinuer »