present Court-ordered safeguards as an elaborate massive bank vault door, with the back wall open to the street. To be sure encrypting is a means of protection: However, the proposals for Clipper provide a "backdoor", which would allow "authorized" government agencies to decrypt supposedly private conversations (voice or data). If the government can use what is in effect a mandatory backdoor, there is the ever-present risk that private parties might also do so by acquiring knowledge of the Clipper technology. Then the government and "private parties" can intercept personal and business transmissions by effectively simply bypassing Clipper's sophisticated encoding. Is the "cure" worse than the disease? Take for example the massive industrial sabotage waged on Seatrain Shipbuilding, a major corporation building supertankers at the old Brooklyn Navy Yard in the 1970's. In addition to continual disruption of phone communications, their offices were raided time after time, with wholesale lots of office equipment carted off in the night. If there were no master office key, the locks of each and every office would have had to be picked each time. With a master key unlimited easy access was assured. The Clipper Chip works with such an associated Master Key, making access to corporate secrets far simpler. Clipper does have one "flaw" with respect to "authorized" government decrypting, in addition to flaws highlighted by testimony of others. Near the beginning of a transmission through a Clipper Chip, the encoded serial number of the chip is sent along with the encoded message. A non-government interception cannot read this serial number unless he has the LEAF (Law Enforcement Access Field) key. All Clipper Chips have different serial numbers, but use the same LEAF key. The sophisticated originator gaining access to the LEAF key could easily disguise his serial number so that the government could not obtain the true number and therefore could not obtain the correct Escrow Key to decrypt the transmission. This apparent Achilles Heel would, despite contentions to the contrary, give full unbreached protection to the Key Escrow encrypted transmission. This, it appears, effectively defeats the ability of the government to decrypt an intercepted transmission by a sophisticated industrial spy or criminal. Two birds with one stone You will remember that in the Bush administration FBI Director William Sessions initiated a plea to compel all phone companies to incorporate equipment and software to make eavesdropping of telephone and cable networks easier still. As the attached detailed Open Letter suggests, it is not necessary-existing tapping facilities can easily monitor suspected terrorists and drug dealers. What his unexplained, unsupported request does do-and the request is still pending is to enable illegal trawling or fishing of the massive Main Trunk traffic flashing between digitized exchanges-traffic emanating from hi-tech industry, not from targeted drug dealers or terrorists. Is there really a need for government to require easier still tapping and to in effect mandate unlimited back door access? The track record of 60 years of uncontrolled illegal tapping justifies a resounding no. U.S. DEPARTMENT OF JUSTICE, Washington, DC, November 17, 1986. Mr. MORTON BROMFIELD, Wellesley Hills, MA. DEAR MR. BROMFIELD: Your September 24, 1986, Freedom of Information Act request, to Mr. Jay B. Stephens has been referred to this Unit for response. In that request, you sought a list of "professional wire tappers" (who engage in industrial espionage and political tapping) prosecuted under Title III and/or The Communications Act of 1934, in the years since 1953. We have conducted a search of the General Litigation and Legal Advice Section (the section in the Criminal Division most likely to have the record you are seeking.) This section advised that it does not have a list such as you describe nor is it aware of the existence of any such list or information from which such a list could be derived. Sincerely, L. JEFFREY Ross, Chief, Office of Enforcement Operations Criminal Division. FEDERAL COMMUNICATIONS COMMISSION, Mr. MORTON BROMFIELD, DEAR MR. BROMFIELD: After discussing your request for a general en banc Commission meeting with the Office of General Counsel, and the Chairman's Office, I must inform you that the Federal Communications Commission does not have jurisdiction over matters of wiretapping. As a result of the Omnibus Crime Control Act of 1968, Congress clearly placed jurisdiction over wiretapping with the United States Department of Justice. Due to lack of subject matter jurisdiction, your request for a general en banc hearing can not be accommodated. Sincerely, WILLIAM A. RUSSELL, JR., Office of Congressional and Public Affairs. AN OPEN LETTER TO FBI DIRECTOR WILLIAM S. SESSIONS FROM MORTON BROMFIELD ON BEHALF OF THE AMERICAN PRIVACY FOUNDATION With all due respect, the recent OPED appeal by you "to preserve the ability of law enforcement officers to intercept-to wire tap conversations of people engaged in serious crimes" is not only unnecessary but harmful to the health of America's hi-tech industrial base. As you say, "new digital technology spells trouble" -true, but not for the FBI with pre-selected targets. These individuals and small groups can continue to be eavesdropped upon at their local telephone exchange by tapping the terminals of the "twisted pair" of wires leading to a suspect's handset. If the conversation is digitized right up to a target's electronic handset, your agent merely obtains an electronic handset similar to that purchased by the drug dealer. Or your agent merely plugs in an off-the-shelf adapter-a slightly modified Centrex Recording Interface (CRI376) for under $200 will do-and plain language will result. Your chief of the Engineering Research Facility at Quantico, Virginia, apparently did not know of these easily obtained countermeasures. It turns out that Mr. James Kallstrom's request for modifying the switchgear of this nation's 100 billion dollar telecommunications industry is not based on any study of his. He explained that the root of this considerably expensive request was a suggestion of an unnamed telephone engineer of an unnamed telephone company. This nebulous proposal also was made without establishing that the FBI's routine local exchange tapping is in any way threatened. Instead the scenario is that of an agent having to climb a telephone pole, burdened with a huge black box and applying alligator clips. Alligator clip/telephone pole tapping went out with hulahoops. Separating out the misinformation, the proposal is aimed at a new, unneeded capability of tapping into a phone company's digitized Main Trunk traffic flashing between digitized telephone exchanges. Mr. Kallstrom would have such switchgear as AT&T's #5ESS and Northern Telecom's DMS 100 altered so as to facilitate interception-to "port out" so as to segregate and extract transmissions of yet-to-be-identified targets. Such interception is known as "trawling" in England and "fishing" within the States, where it is illegal to fish. Prior to your stewardship other moves by the FBI in this area were clearly not in the interest of the Bureau itself. While you cite the Omnibus Crime and Safe Streets Act of 1968 as support for this needless proposal, Title III of that Act was intended to control wire tapping by federal officials and put a stop to illegal phone tapping. Legislators wisely made provisions to verily its effectiveness with the formation in 1973 of the National Wiretap Commission. The FBI usurped its investigation, flooding the Commission with erroneous information saying illegal wire tapping is minor, mostly involving marital matters, political tapping (despite Watergate) is one to two percent of the total, and industrial espionage well, that is nonexistent. An FBI staffer went before the Commission to fully explain this, but his testimony was inexplicably curtailed. May we suggest the following simple procedure for coping with any future broadening of digitized traffic in connection with court-ordered tapping of suspects: The FBI requests and receives a court order for a phone company to transmit on FBI leased lines all phone traffic sent to a target identified by the court order. This procedure would encompass and catch all call-forwarded traffic. This procedure need not and would not involve any issues of encryption. Finally, this need not and would not distinguish between analog and digital messages. Query: Is this not sufficient for the FBI's legitimate need? You could well wonder, Mr. Sessions, that if this procedure will suffice, why then a proposal to facilitate the tapping of MAIN TRUNK traffic? Well, large volumes of digitized voice and data communications emanate from hi-tech multinationals. And contrary to the FBI's "findings" that industrial espionage is nonexistent, we have a recent burst of glasnost from the KGB's Press Service: "industrial espionage is conducted everywhere and this is considered a perfectly normal thing." But this still leaves a question. Why would the FBI act as a front for the business-indeed the industry-of wire tapping? The answer for this can be found in the words of John Kenneth Galbraith: "Very often," he wrote, an agency "becomes the captive of the very industry it is intended to regulate." STATEMENT OF THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION The Telecommunications Industry Association (TIA), which represents more than 550 U.S. manufacturers of telecommunications equipment, wishes to commend Representative Edwards and Senator Leahy, and their very capable staffs, for their efforts to work with representatives of the telecommunications industry to craft legislation to clarify the telecommunications industry's obligations to assist law enforcement authorities in the implementation of court-ordered wiretaps. H.R. 4922 and its Senate counterpart, S. 2375,1 are the product of a lengthy and reasoned discussion between congressional, law enforcement, and telecommunications industry interests, and these bills represent a significant improvement over FBI Digital Telephony proposals circulated in 1992 and February 1994. Accordingly, while the TIA prefers continued efforts to foster cooperation 2 between law enforcement authorities and manufacturers of telecommunications equipment, the TIA believes that further refinement of H.R. 4922 would yield legislation which accommodates the legitimate needs of the law enforcement community and adequately safeguards the interests of telecommunications equipment manufacturers. While many of the TIA's concerns regarding the impact of this legislation were addressed during the negotiations which preceded the introduction of H.R. 4922, there remain two issues that the TIA believes require the attention of the Commit tee. WHO DEFINES "REASONABLE CHARGE"? The first matter of concern to the TIA is that of who defines what constitutes a "reasonable charge" for equipment modifications required under Subsection 2605(b). Historically, the price that manufacturers of transmission and switching equipment charge for their products has been determined by market forces, and the price of such equipment traditionally has not been regulated. This reliance on market forces has created a robustly competitive market for the manufacture and sale of telecommunications transmission and switching equipment, and it has encouraged technological innovation by those involved in the manufacturing process. The Committee should seek to ensure that the present reliance on market forces is not disturbed, and thus should take care, in Subsection 2605(b), to explain that it is not the Committee's intent for the Federal Communications Commission, or any other agency of the federal government, to regulate the price of telecommunications transmission and switching equipment. The TIA regards regulation as unnecessary in what is a truly competitive marketplace, and asks the Committee to clarify that determinations regarding what constitutes a "reasonable charge" for modifications should be made by manufacturers, in consultation with their customers, in accordance with normal and accepted business practices. Additionally, the TIA urges the Committee to clarify Subsection 2605(b) to clearly indicate that when a manufacturer undertakes "such modifications as are necessary to permit" its customer, i.e., a telecommunications carrier, to comply with the requirements of H.R. 4922, the manufacturer is to be paid by the telecommunications carrier, in accordance with normal and accepted business practices. 1 Hereafter referred to as H.R. 4922. 2 Such cooperation has been conducted in fora such as the Electronic Communications Service Provider (ECSP) Committee, which is sponsored by the Alliance for Telecommunications Industry Solutions (ATIS). PENALTIES FOR FAILURE TO COMPLY The second matter of concern to the TIA is possibility that manufacturers will face civil penalties if they fail to comply with the requirements of H.R. 4922. Under normal business practices, telecommunications carriers set forth technical requirements (in a request for quotation or RFQ) when they contract for equipment. The provisions of H.R. 4922 are consistent with this practice, as, in accordance with Subsection 2605(a), telecommunications carriers would communicate to their preferred or chosen manufacturer what type of modifications, i.e. intercept capabilities, may be necessary. After such communication, the manufacturer would be compelled, by its existing contract (and, presumably, by its desire to secure future contracts), to provide whatever modifications might be required. The TIA acknowledges and appreciates the bill's reliance upon the existing and accepted process for procurement. The TIA is much less comfortable, however, with the provisions of Subsection 2607(f), that would subject a manufacturer which fails to provide the necessary modifications to a civil penalty of up to $10,000 per day for each day such manufacturer is not in compliance with the requirements of H.R. 4922. While the imposition of civil penalties may be appropriate with respect to telecommunications carriers which fail to comply with the requirements imposed by H.R. 4922, in that there is no marketplace mechanism to ensure carrier compliance, there is no need to apply such significant penalties to manufacturers, as there is an existing marketplace mechanism to ensure manufacturer compliance. If a manufacturer fails to comply with the requirements of H.R. 4922, said manufacturer will face significant risk of a breach of contract suit brought by any carrier which employs said manufacturer's equipment and is, therefore, unable to comply with the requirements set out for telecommunications carriers. Given the likely severity of the civil and marketplace sanctions that would accompany a breach of contract suit, the TIA believes that market considerations will adequately ensure manufacturer compliance. Accordingly, the TIA considers the imposition of civil penalties on manufacturers to be both totally unnecessary and counter to the cooperative spir it embodied in H.R. 4922. In sum, the TIA considers H.R. 4922 to be a significant improvement over previous legislation proposals regarding digital wiretap capabilities, and believes that with the aforementioned clarifications, H.R. 4922 will be a bill that will meet the legitimate needs of the law enforcement community and safeguard the interests of manufacturers of telecommunications equipment. The TIA thanks the Committee for the opportunity to comment on this important legislation, and looks forward to working with the Committee's members and staff. STATEMENT OF AT&T CORPORATION AT&T would first like to extend its gratitude to Senator Leahy and Congressman Edwards for the considerable efforts they and their staff have made during the past several months to draft legislation outlining the telecommunications industry's obligations to assist law enforcement implement court-authorized wiretaps. Their interest and knowledge of and commitment to the public's, telecommunications industry's, and law enforcement's concerns, as reflected in S. 2375/H.R. 4922 (the "Leahy/ Edwards bill"), has made progress possible on a number of issues that few thought could be made. They have worked diligently to try to balance the many competing law enforcement, privacy, and technological concerns that are raised by law enforcement's wiretapping needs. AT&T's interest in the Leahy/Edwards bill arises from the many roles we have in the telecommunications industry. One is as a provider of telecommunication services which are subject to wiretap orders. Another is as the manufacturer of the literally thousands of switches used by a variety of telecommunication service providers, including the local exchange companies and cellular service providers, which will have to be retrofitted to meet the bill's requirements. Finally, as a company that relies on its good name and customers' trust, AT&T is deeply concerned about this bill and its effect on our customers' privacy rights and expectations. AT&T has always worked to cooperate with law enforcement in a manner that is consistent with the law and the rights and expectations of our customers. AT&T believes that our record on both of these matters is one of which we can be proud-AT&T has a strong record of protecting its customers' privacy and is not aware of any failure on our part of to satisfy any authorized law enforcement request. AT&T has also been an active participant in the Electronic Communications Services Provider Committee ("ECSPC") since its inception, devoting considerable time and resources to it. ECSPC was formed specifically to address and resolve law en forcement's concerns and, despite the FBI's criticisms of its results to date, AT&T believes that ECSPC has proven to have had considerable merit in addressing law enforcement's concerns. In fact, all parties, including the FBI, acknowledge the need for and usefulness of ECSPC and it has served as the model for cooperation that is established by the bill. It is important to note that law enforcement's ability to implement wiretaps, though vitally important, is not the only public policy issue affected by this legislation. The core of this bill-how limited resources (both financial and technical) are to be deployed in the telecommunications industry-is also 'at the core of the National Information Infrastructure ("NII"). The public, Congress, and the Administration have all recognized the importance of the NII to virtually every aspect of life and the U.S. economy-education, medicine, job creation, and improved communication for consumers and businesses. The cornerstone of the NII is the telecommunications industry and its deployment of the greatest number of services as quickly as possible at the lowest possible cost. These are tremendous demands and are being made at a time when competition in the telecommunications industry is forcing carriers, to be more and more conscious of costs and how best to deploy limited financial and technological resources. AT&T would therefore urge the Subcommittees to continue to narrow and clarify the bill's language so that it achieves its stated purpose without needlessly slowing the deployment of telecommunications services and the advancement of the NII. NEEDED CLARIFICATIONS AT&T has been encouraged by the progress that has been made between industry and law enforcement during the past few months towards narrowing the scope of the legislation. Several issues remain, most of which AT&T hopes can be worked out as part of the legislative process and with the agreement of all involved. There remain, however, two very critical issues which have yet to be sufficiently resolved in the bill. AT&T believes that the failure to clarify these issues could have a chilling effect on the development and deployment of new services and that they need to be resolved. These issues, more fully described below, are (1) will law enforcement compensate carriers for the full cost of compliance with the bill's requirements, particularly those needed to retrofit existing services, and (2) under what circumstances will carriers be able to deploy new services that do not meet the requirements of the bill. It is essential to industry that the government pay the full cost of compliance with the bill's requirements, especially those needed to retrofit existing services, for a number of reasons, including: • It will require law enforcement to focus on what they actually require to accomplish their legitimate needs thereby freeing resources they do not actually require for other purposes. • It will provide an essential mechanism for Congress to control both the costs and level of law enforcement involvement in the development of new services. • It will ensure that the fewest taxpayer dollars are spent to address legitimate law enforcement concerns. • It will minimize the competitive disadvantage that carriers covered by the bill will face from persons not covered by the bill. Law enforcement, as represented by the FBI, has repeatedly indicated their intention to compensate carriers for the full cost of retrofitting their existing services and for meeting law enforcement's ongoing capacity requirements. This intention is not, however, fully reflected in the proposed bill. Instead, the bill states that the Attorney General will pay all retrofit costs, but it only appropriates $500 million towards such costs a number virtually all agree is significantly less than the amount needed to fund all of the capability and capacity costs generated by the bill's requirements. The bill indicates that the lack of funding can be considered by a court when determining whether compliance is reasonable, but such lack of funding does not rise to the level of an absolute defense. This leaves carriers with the obligation to meet all of the bill's requirements, but with no guaranteed access to the funding law enforcement has agreed to provide. AT&T strongly urges the Subcommittees to clarify the bill to reflect law enforcement's clearly stated intention to fund all of the retrofitting and capacity costs. This could be accomplished in the bill either by clearly stating that if the government does not compensate a carrier to retrofit certain services or switches, such carrier shall not be required to meet the bill's requirements with respect to those services or switches, or by appropriating the full amount needed. |