Images de page
PDF
ePub

PROPOSED LEGISLATION The proposed legislation represents, in our estimation, the only rational and viable approach to solving the digital telephony problem in a comprehensive fashion. Only through legislation can the government be assured that within a reasonable period of time the impediments to electronic surveillance will be removed and our society's window of vulnerability closed. Without enactment of the administration's proposal, one of our most effective weapons against national and international drug trafficking, terrorism, espionage, organized crime, and serious violent crimes will be severely and adversely impacted. Without its enactment, the public safety, the national security, and effective law enforcement will be imperiled.

The purpose of this legislation is to maintain technological capabilities commensurate with existing statutory authority—that is, to prevent advanced telecommuni. cations technology from repealing de facto the statutory authority already conferred by the Congress. The proposed legislation explicitly states that the legislation does not enlarge or reduce the government's authority to lawfully intercept the content of communications or install or use pen register or trap and trace devices pursuant to court authorization. Neither does it alter the current duty of the service provider to assist law enforcement and receive payment for such assistance. Nor does it alter existing causes of action, civil liability, or good faith defenses.

The "purpose” section of the act indicates that the act is designed to clarify and define the responsibilities of common carriers, providers of common carrier support services, and telecommunications equipment manufacturers. They would be requested to provide the assistance required to ensure that government agencies can implement court orders and lawful authorizations to intercept the content of wire and electronic communications and acquire call setup information (e.g., dialed number information), pursuant to the Federal and State electronic surveillance and pen register and trap and trace statutes. The “assistance” requirement that is clarified and more fully defined is not a new one, but rather a long-standing one, dating-back to 1970. In the original assistance provision, Congress evidenced a clear intent that lawful court orders should not be frustrated due to a service provider's failure to provide needed technological assistance and facilities. The proposed legislation clarifies and defines the nature and extent of the responsibility which arises from the unequivocal mandate of the 1970 law.

An additional purpose of the act is to improve communications privacy protection for users

of cordless telephones, certain radio-based data communications and networks, communications transmitted using certain privacy-enhancing modulation techniques, and to clarify the lawfulness of quality control and service provision monitoring of electronic communications on a par with wire communications.

The legislation sets forth law enforcement's electronic surveillance requirements. The requirements are, by design, generic in nature and are intended to put common carriers on notice as to needs of law enforcement. The government purposely eschewed setting any technical standards because it does not desire to dictate" particular technological solutions. It is the government's position that each common carrier is best positioned and qualified to determine how it will meet the requirements in the most cost-effective way.

The articulation of these requirements constitutes the first legislative listing of law enforcement's electronic surveillance requirements. However, most of these requirements have been known to the major local exchange carriers, interexchange carriers, and cellular carriers for quite some time.

In brief, the requirements specify that common carriers must be able to provide forthwith, pursuant to court order or lawful authorization, the capability and capacity to permit the government to conduct electronic surveillance, pen register, and trap and trace investigations effectively. Common carriers are required to ensure that there is an ability to execute expeditiously and simultaneously all court orders and lawful authorizations directed to them. Second, they are required to ensure that the content of communications and call setup information (dialing information) can be intercepted, acquired, and provided to the law enforcement agency. It must be provided concurrent with the transmission of the subject's communication, to the exclusion of anyone else's communications or dialing information, and without regard to the mobile nature of the facility or service that is the subject of the court order or lawful authorization, regardless of any features offered by the common carrier used by the subscriber who is the subject of the court ordered intercept. Third, they are required to sure that communications can be intercepted and dialing information acquired unobtrusively and with a minimum of interference with any subscriber's telecommunications service. Finally, they are required to ensure that the content of communications and the dialing information can be transmitted to a location identified by the government distant from the facility that is the subject of the inter

ception, from the interception access point, and from the premises of the common carrier.

The basis for these requirements is easy to understand. Inasmuch as communication interceptions and dialed number acquisitions increasingly will be activated from within common carrier premises, including switching offices, it is critical that there be sufficient capacity to accommodate completely the concomitant needs of all law enforcement and government agencies.

It is critical for law enforcement agencies to be able to intercept communications and acquire dialing information concurrently, so they can respond immediately to life-threatening circumstances and react promptly and effectively to criminal activity in terms of making needed arrests, seizing evidence, and interdicting contraband, such as drugs, illegal weapons, and bombs. This requirement also is important and critical in helping law enforcement agencies "minimize” the monitoring and recording of noncriminal communications.

The requirement that common carriers have the ability to isolate for law enforcement the communications and dialing information of the subjects of electronic surveillance to the exclusion of the communications and dialing information of other subscribers is a basic and a long-standing one. Law enforcement agencies do not want to be faced with the prospect of having to “sort through” a tangle of communications which include the communications of innocent individuals who have the misfortune of having their communications "bundled” or otherwise commingled with those criminal conversations of the subject of court-ordered interception in the telecommunications transmission process. (However, if the "bundling of communications is being done by the subscriber law enforcement does not expect the common carrier to “unbundle” these communications. This ability is being challenged by the increased use of digital transport, multiplexing, and fiber optics closer to the premises of the interception subject.

The requirement pertaining to the mobile nature of services and features directly addresses the significant impediments to electronic surveillance brought about by cellular, Personal Communications Services (PCS), and other emerging mobile services, as well as features and services which permit subscribers to program or otherwise direct communications to any facility they choose (e.g., "call forwarding" and "follow me service").

The basis for the requirement that communications and dialing information be acquired unobtrusively and with a minimum of interference with any subscriber's service is self evident. Without it, electronic surveillance would be detected by the subject of the intercept and compromised. The requirement that

intercepted communications or acquired dialing information be received at a location identified by law enforcement agencies distant from the subject's facility, from the interception point, and from the premises of the common carrier is likewise not new and maintains current operating procedures. This requirement is fundamentally important, since without it the safety of law enforcement officers and government employees would be put at risk, the interception easily could be compromised through detection, and the effective execution of the surveillance would be significantly disrupted.

The legislation contains a provision entitled “systems security” which is intended to maintain the highest levels of telecommunications privacy and systems security. Since communication interceptions and dialing information acquisitions increasingly will be facilitated from within common carrier premises, including switching facilities and network elements, it is critical that these facilities remain highly secure. Consequently, law enforcement will be required to notify_common carriers of any interceptions that are to be effected within such facilities. Further, common carriers will designate individuals who exclusively will have the ability to activate all such interceptions for law enforcement. Law enforcement and other government agencies are not seeking the authority or ability to remotely activate interceptions within the premises of a common carrier in a fashion that bypasses personnel designated by common carrier. All executions of court orders or authorizations which require access to the switching facilities or other carrier premises will be made through the individuals authorized and designated by the common carrier.

The focus of compliance is upon common carriers within whose networks most of the electronic surveillance occurs and where most of the impediments are encountered. Compliance is set for within three years, a period of time considered to be reasonable for removing the impediments. The coverage of compliance includes only needed modifications to existing systems and networks, as well as to future systems and networks (those fielded after the three-year compliance period).

Because common carriers must rely on equipment manufacturers and support service providers, the legislation provides that common carriers are to consult with these entities in a timely fashion and that these entities, in turn, shall make avail

able needed equipment and services on a timely and priority basis, and at a reasonable and cost-effective charge.

Enforcement of the legislation is vested in the Attorney General. This is to avoid disparate enforcement actions throughout the country in ways that could be burdensome for common carriers. The Attorney General is authorized to seek injunctive relief against common carriers, equipment manufacturers, and support service providers, as well as to file civil actions for fines against common carriers. The Attorney General is also authorized to request enforcement assistance from the Federal Communications Commission. Violators are subject to a civil penalty of $10,000 per day for each day in violation. As a practical matter, it is not expected that these enforcement remedies and actions will be required, particularly with. Regard to responsible common carriers. However, with approximately 2,000 common carriers now in the telecommunications marketplace, the prospect that some will disregard these requirements or respond to them in a dilatory fashion cannot be disregarded.

In order to facilitate compliance with the provisions of this legislation, the Attorney General is encouraged to consult with the Federal Communications Commission and common carrier representatives and to utilize common carrier standards bodies, associations, or other such organizations to discuss details of the requirements and cost-effective approaches.

In the definition of the term "intercept,” it is made clear that the legislation, as a general rule, does not make common carriers responsible for deciphering or decrypting encrypted communications. As a general rule, law enforcement agencies assume this responsibility. Common carriers are required to provide only the plaintext of encrypted communications when the encryption was provided by the common carrier the common carrier possesses the information necessary to decrypt the communication.

The term “call setup information” is essentially the dialing information associated with any communication which identifies the origin and destination of a wire or electronic communication obtained through the use of a pen register or trap and trace device pursuant to court order. It does not include any information which might disclose the general location of a mobile facility or service, beyond that associated with the area code or exchange of the facility or service. There is no intent whatsoever, with reference to this term, to acquire anything that could properly be called "tracking" information.

The legislation includes several provisions that are intended to improve communications privacy. These include the conferral of full privacy protection for cordless telephones, including those transmissions occurring in the radio link between the telephone handset and base station. This provision recognizes that newer generations of cordless telephones tend to afford greater privacy protection to users than those previously marketed, because lawful network monitoring is allowed for electronic as well as wire communications.

It is important to understand that this legislation is intended to stand the test of time and overcome the shortcomings of the 1970 amendment. It is specifically designed to deal intelligently and comprehensively with current and emerging future telecommunications technologies and to preclude the need for much more restrictive and more costly legislation in five or ten years when court-authorized interceptions would no longer be possible due to further technology advances. Any legislation that would limit its application to technological impediments on a “piecemeal” basis would be disastrous. Piecemeal legislation which deals only with current problems or some of the problems would result in common carriers fully deploying new technologies which would impede electronic surveillance and which would cause the government to return to the Congress repeatedly. In the meantime, the public safety, the national security, and effective law enforcement would be harmed and the cost of removing those future impediments would be prohibitive. Indeed, in this regard, bad legislation would be worse than no legislation at all.

WHAT THE LEGISLATION DOES NOT PROPOSE Much of the criticism directed toward the administration's proposal has been misleading or incorrect. I would like to clarify for the record what the legislation does not propose

NO CHANGE IN LEGAL AUTHORITY First, as I previously stated, the proposed legislation does not seek to expand the current laws authorizing the interception of wire or electronic communications. To the contrary, this proposal simply seeks to maintain law enforcement's ability to conduct the types of surveillances currently authorized in Chapters 119 and 206, Title 18, U.S.C.; the foreign intelligence surveillance act; and the laws in 37 states,

the District of Columbia, Puerto Rico, and the U.S. Virgin Islands. In 1968, Congress carefully considered and passed legislation setting forth the exact procedure by which law enforcement can obtain court authorization to conduct electronic surveillance. The statute demands that law enforcement use electronic surveillance only as a technique of last resort. Requests for electronic surveillance receive rigorous administrative and judicial scrutiny and are granted only after a Federal District Court judge, or his/her state/local counterpart, is satisfied that all the statutory safeguards have been met and all other reasonable investigative steps have failed, or are likely to fail. The proposed legislation will not change this.

Furthermore, service providers will not execute an intercept without the required court order or statutory authorization. Any attempt to do so by anyone, either inside the government or the private sector, will continue to be a violation of Federal law and those individuals will be prosecuted to the fullest extent of the law.

In addition, the proposal will not change who controls access to the communications to be intercepted. In fact, interception access points increasingly are likely to be activated within the common carrier's premises, thereby severely limiting the potential for illegal wiretapping. The proposal will not open the door to easy or wholesale wiretapping, nor does law enforcement envision a marked increase in the number of electronic surveillance court orders that will be sought or an increase in the types of investigations in which a court-authorized interception can be granted. The legislation does not, in any way, relax the established statutory and court-imposed requirement for obtaining a court order.

This proposal does not restrict technology. It deals solely with preserving technical capabilities. The proposed legislation seeks only to clarify and more clearly define existing law regarding the "technical assistance” provision by making it applicable and meaningful, regardless of the technology employed.

ENCRYPTION The proposal, in essence, only addresses the technological issue concerning access to communications and does not alter the legal requirements currently associated with court-ordered intercepts. With minor exception where encryption was provided by the common carrier and the common carrier possess in the information necessary to decrypt the information, the legislation does not address the issue of encryption. While encryption certainly poses a problem for law enforcement, this legislative proposal focuses only on the issue of interception access within advanced communications networks. The topic of access within advanced telecommunications networks is distinct from encryption and poses an immediate and critical problem for law enforcement for which we are now seeking a legislative solution.

NETWORK SECURITY AND RELIABILITY Some have raised concerns regarding the impact this legislation might have on network security and reliability. Certain special interest spokespersons have asserted that the legislation will make it easier for anyone, from computer hackers to foreign spies, to access an individual's communications. These fears are unfounded and misplaced. First of all, just as network maintenance and audit access can be accomplished with full regard for network and system security, so also can law enforcement's electronic surveillance access be accomplished with the same high regard for security and privacy. Second, the proposed legislation includes a “systems security” provision which means that only designated telephone company employees will activate interceptions which originate within telephone company premises. Third, unauthorized access to communications remains a serious crime which is addressed in the current electronic surveillance statutes. Any unauthorized individual or group breaching communications_security and privacy is subject to prosecution to the fullest extent of the law. Fourth, this proposal will not introduce any vulnerabilities into systems that are not already present. As technology evolves and as any new features and services are introduced, industry will necessarily plan network security measures and countermeasures early in the design phase and address intensively the architectural design for network security.

The proposed legislation fits well within the context of these activities. By requiring common carriers to develop law enforcement access solutions within their own networks, we are best assuring appropriate security. Therefore, contrary to many public statements made on the subject, law enforcement is not seeking to build "back doors” to sneak into common carriers' systems. The proposed legislation is not some dreaded Orwellian prophecy come true. Rather, this legislative proposal represents a recognition of legitimate law enforcement needs and a desire to protect the American people.

To support normal operations, service providers must manage and maintain their networks. This is terribly important to the FBI just as it is for everyone. Law enforcement electronic surveillance interception access to communications will be a stringently controlled extension of the system's features. With adequate planning, the integration of law enforcement's needs should be easily accommodated within the requirements for network security. To further enhance the public's confidence in the security of our communications networks, subcommittee staff have raised with us the issue of imposing reporting and auditing requirements on common carries concerning their implementation of authorized intercepts. We are supportive of such requirements.

EFFECTS ON NETWORK DESIGN AND TECHNOLOGY Another concern that has been raised is the possible negative impact this legislation might have on network design and technology, requiring a broad re-engineering of the network components. The proposed legislation does not require common carriers to design their systems in any one, particular way. The proposal simply requires that common carriers respond to the generic requirements of law enforcement and provide law enforcement with interception access and the capability and capacity to intercept wire and electronic communications, in real time, when authorized by law.

This legislation also does not propose that industry design systems with the ability to wiretap as the "design goal.” Law enforcement is simply requiring common carriers to craft appropriate solutions that interface with their networks designs. Industry is in the best position to develop reasonable and cost-effective solutions and, at the same time, maintain the security and reliability of the networks.

Furthermore, we are unaware of any authoritative industry statement that these requirements would significantly delay development of new technologies.

Additionally, this legislation does not prohibit or impede the deployment of new telecommunications technologies. Advanced technologies support a number of features that make systems more intelligent. The basic technology underpinning the introduction of advanced features and services, which often impede electronic surveillance, likely will offer solutions to these very problems.

Law enforcement's requirements will not dictate the course or pace of technology. However, with this legislation, our requirements intentionally will be included, rather than excluded, in the development of new technology in much the same fashion that other legislation requires new technologies and products to take public safety into account.

COMPETITIVENESS Another issue raised pertains to the effect of the legislation on American competitiveness. The proposed legislation will not in any fashion adversely affect competitiveness. Domestically, the proposed legislation would mean that all 2,000 common carriers would compete on a "level playing field” because all providers would be required to meet the sane electronic surveillance specifications. The proposed legislation does not prohibit U.S. manufacturers or international service providers from developing or deploying equipment or service features for sale outside the United States that are different from that required pursuant to the proposed legislation. This proposal only applies to common carrier communications services deployed within the United States. If anything, this legislation could provide U.S. industry with a competitive edge. Other democratic nations will very likely want telecommunications systems and equipment that preclude service providers from developing or deploying equipment or service features not capable of intercept.

PRIVACY-BASED OBJECTIONS A spokesperson for the American Civil Liberties Union (ACLU) has stated on numerous occasions that the ACLU opposes the proposed legislation because it would allow law enforcement to maintain technical capabilities commensurate with existing federal and state legal authorities. This is because the ACLU opposes the existing legal authorities—those found in the Title III and FISA statutes, as it persists in the erroneous position that wiretapping is unconstitutional per se. This radical position is in flat opposition to the policy positions and the constitutional analyses of the executive, legislative, and judicial branches of both the Federal and State Governments. The United States Supreme Court held long ago that the Title III wiretap statute is constitutional. See United States v. Donovan, 429 U.S. 413 (1977).

Privacy is protected in the federal and state electronic surveillance statutes by requiring law enforcement agencies' adherence to a number of legislatively-created

« PrécédentContinuer »