« PrécédentContinuer »
in developing and implementing solutions, especially if there were no assurance that their competitors would do so.
On January 15, 1992, then President Bush authorized the Justice Department to proceed with a legislative initiative. On March 6, 1992, the digital telephony legislation was announced, and the industry response was generally negative, a position that was at variance with that expressed previously by a number of the representatives of the telecommunications companies. On March 18, 1992, then Attorney General William Bart and then FBI Director William S. Sessions sponsored and chaired a meeting for all major industry executives. It was attended by four telecommunications executives, representing the industry. During this meeting, telecommunications executives asserted that the FBI had been talking to the wrong people in industry (the security officers, senior executives, etc.) and that the solution to these problems rested with those upper/mid-level managers and engineers who oversaw development implementation of the technologies in question. The Attorney General agreed to an industry request that a telecommunications technical committee consisting of the "right industry people" (picked by the CEOS) be created to identify technical solutions and to get the job done. It was also clearly understood that the administration and law enforcement would continue to pursue legislation.
As a result of the March 18, 1992, meeting, industry representatives met with the government on March 26, 1992, to begin a process of establishing a technical working committee to address technical impediments to electronic surveillance. In May of 1992, an ad hoc technical working group began. This group was later organized as the electronic communication service providers committee under an industry association now known as the Alliance for Telecommunications Industry Solutions (ATIS). This committee consists of representatives of electronic communication service providers (e.g. common carriers), telecommunications equipment manufacturers, and law enforcement officials, who attend voluntarily and with varying degrees of regularity and interest. As a result of this process, over the past two years there has been a better understanding by both law enforcement and industry representatives of the issues that each face with respect to electronic surveillance. However, contrary to assertions, new telecommunications technologies will jeopardize law enforcement's surveillance abilities. The ATIS chairman has stated in a recent letter that the entire committee, not just one participant or one group of participants, now recognizes the problems and impediments that these telecommunications technologies are creating for law enforcement. A copy of our correspondence with the ATIS chairman is attacked as an exhibit.
I support continued dialog between industry and law enforcement. However, it must be recognized that this committee process is voluntary and, as such, only those companies who are committed to assisting law enforcement participate and support this effort. Second, only a handful of the over 2,000 companies attend. Third, no implementable solutions have been developed since discussions began almost two years ago. Fourth, committee resolutions are nonbinding and it is not possible to secure a commitment from participants to implement any solutions that may be developed in this voluntary forum. Finally, as in any business decision, it is recognized that there will be costs incurred by industry to accommodate law enforcement's requirements. The ATIS chairman has also indicated that antitrust and other legal considerations preclude discussions and resolutions to these cost issues. In light of these limitations, the administration and all of law enforcement have concluded that the committee process is not, and cannot be, a substitute for a legislative mandate to ensure law enforcement's continued ability to conduct court-authorized electronic surveillance.
PRESIDENTIAL REVIEW DIRECTIVE (PRD) In April 1993, President Clinton directed that an interagency working group be established under the auspices of the National Security Council (NSC) to examine advanced telephony and to consider its effect and impact on the conduct of electronic surveillance by our nation's law enforcement and intelligence agencies. After an indepth eight month study, the NSC provided a number of policy options for the Vice President and appropriate cabinet officials. As a result of their review of the options, it was unanimously decided that comprehensive legislation was the only effective way to deal with the digital telephony problem. Fundamental to this decision was the belief that it would be unacceptable for the safety of the American public to be imperiled, the national security endangered, and effective law enforcement eroded through the loss or diminishment of this critical and essential tool of our nation's law enforcement and intelligence agencies.
PROPOSED LEGISLATION The proposed legislation represents, in our estimation, the only rational and viable approach to solving the digital telephony problem in a comprehensive fashion. Only through legislation can the government be assured that within a reasonable period of time the impediments to electronic surveillance will be removed and our society's window of vulnerability closed. Without enactment of the administration's proposal, one of our most effective weapons against national and international drug trafficking, terrorism, espionage, organized crime, and serious violent crimes will be severely and adversely impacted. Without its enactment, the public safety, the national security, and effective law enforcement will be imperiled.
The purpose of this legislation is to maintain technological capabilities commensurate with existing statutory authority—that is, to prevent advanced telecommuni. cations technology from repealing de facto the statutory authority already conferred by the Congress. The proposed legislation explicitly states that the legislation does not enlarge or reduce the government's authority to lawfully intercept the content of communications or install or use pen register or trap and trace devices pursuant to court authorization. Neither does it alter the current duty of the service provider to assist law enforcement and receive payment for such assistance. Nor does it alter existing causes of action, civil liability, or good faith defenses.
The purpose" section of the act indicates that the act is designed to clarify and define the responsibilities of common carriers, providers of common carrier support services, and telecommunications equipment manufacturers. They would be requested to provide the assistance required to ensure that government agencies can implement court orders and lawful authorizations to intercept the content of wire and electronic communications and acquire call setup information (e.g., dialed number information), pursuant to the Federal and State electronic surveillance and pen register and trap and trace statutes. The "assistance” requirement that is clarified and more fully defined is not a new one, but rather a long-standing one, dating-back to 1970. In the original assistance provision, Congress evidenced a clear intent that lawful court orders should not be frustrated due to a service provider's failure to provide needed technological assistance and facilities. The proposed legislation clarities and defines the nature and extent of the responsibility which arises from the unequivocal mandate of the 1970 law.
An additional purpose of the act is to improve communications privacy protection for users of cordless telephones, certain radio-based data communications and networks, communications transmitted using certain privacy-enhancing modulation techniques, and to clarify the lawfulness of quality control and service provision monitoring of electronic communications on a par with wire communications.
The legislation sets forth law enforcement's electronic surveillance requirements. The requirements are, by design, generic in nature and are intended to put common carriers on notice as to needs of law enforcement. The government purposely eschewed setting any technical standards because it does not desire to "dictate" particular technological solutions. It is the government's position that each common carrier is best positioned and qualified to determine how it will meet the requirements in the most cost-effective way.
The articulation of these requirements constitutes the first legislative listing of law enforcement's electronic surveillance requirements. However, most of these requirements have been known to the major local exchange carriers, interexchange carriers, and cellular carriers for quite some time.
In brief, the requirements specify that common carriers must be able to provide forthwith, pursuant to court order or lawful authorization, the capability and capacity to permit the government to conduct electronic surveillance, pen register, and trap and trace investigations effectively. Common carriers are required to ensure that there is an ability to execute expeditiously and simultaneously all court orders and lawful authorizations directed to them. Second, they are required to ensure that the content of communications and call setup information (dialing information) can be intercepted, acquired, and provided to the law enforcement agency. It must be provided concurrent with the transmission of the subject's communication, to the exclusion of anyone else's communications or dialing information, and without regard to the mobile nature of the facility or service that is the subject of the court order or lawful authorization, regardless of any features offered by the common carrier used by the subscriber who is the subject of the court ordered intercept. Third, they are required to sure that communications can be intercepted and dialing information acquired unobtrusively and with a minimum of interference with any subscriber's telecommunications service. Finally, they are required to ensure that the content of communications and the dialing information can be transmitted to a location identified by the government distant from the facility that is the subject of the inter
ception, from the interception access point, and from the premises of the common carrier.
The basis for these requirements is easy to understand. Inasmuch as communication interceptions and dialed number acquisitions increasingly will be activated from within common carrier premises, including switching offices, it is critical that there be sufficient capacity to accommodate completely the concomitant needs of all law enforcement and government agencies.
It is critical for law enforcement agencies to be able to intercept communications and acquire dialing information concurrently, so they can respond immediately to life-threatening circumstances and react promptly and effectively to criminal activity in terms of making needed arrests, seizing evidence, and interdicting contraband, such as drugs, illegal weapons, and bombs. This requirement also is important and critical in helping law enforcement agencies "minimize the monitoring and recording of noncriminal communications.
The requirement that common carriers have the ability to isolate for law enforcement the communications and dialing information of the subjects of electronic surveillance to the exclusion of the communications and dialing information of other subscribers is a basic and a long-standing one. Law enforcement agencies do not want to be faced with the prospect of having to “sort through” a tangle of communications which include the communications of innocent individuals who have the misfortune of having their communications "bundled” or otherwise commingled with those criminal conversations of the subject of court-ordered interception in the telecommunications transmission process. (However, if the "bundling of communications is being done by the subscriber law enforcement does not expect the common carrier to "unbundle" these communications. This ability is being challenged by the increased use of digital transport, multiplexing, and fiber optics closer to the premises of the interception subject.
The requirement pertaining to the mobile nature of services and features directly addresses the significant impediments to electronic surveillance brought about by cellular, Personal Communications Services (PCS), and other emerging mobile services, as well as features and services which permit subscribers to program or otherwise direct communications to any facility they choose (e.g., "call forwarding" and "follow me service").
The basis for the requirement that communications and dialing information be acquired unobtrusively and with a minimum of interference with any subscriber's service is self evident. Without it, electronic surveillance would be detected by the subject of the intercept and compromised.
The requirement that intercepted communications or acquired dialing information be received at a location identified by law enforcement agencies distant from the subject's facility, from the interception point, and from the premises of the common carrier is likewise not new and maintains current operating procedures. This requirement is fundamentally important, since without it the safety of law enforcement officers and government employees would be put at risk, the interception easily could be compromised through detection, and the effective execution of the surveillance would be significantly disrupted.
The legislation contains a provision entitled "systems security” which is intended to maintain the highest levels of telecommunications privacy and systems security. Since communication interceptions and dialing information acquisitions increasingly will be facilitated from within common carrier premises, including switching facili. ties and network elements, it is critical that these facilities remain highly secure. Consequently, law enforcement will be required to notify common carriers of any interceptions that are to be effected within such facilities. Further, common carriers will designate individuals who exclusively will have the ability to activate all such interceptions for law enforcement. Law enforcement and other government agencies are not seeking the authority or ability to remotely activate interceptions within the premises of a common carrier in a fashion that bypasses personnel designated by common carrier. All executions of court orders or authorizations which require access to the switching facilities or other carrier premises will be made through the individuals authorized and designated by the common carrier.
The focus of compliance is upon common carriers within whose networks most of the electronic surveillance occurs and where most of the impediments are encountered. Compliance is set for within three years, a period of time considered to be reasonable for removing the impediments. The coverage of compliance includes only needed modifications to existing systems and networks, as well as to future systems and networks (those fielded after the three-year compliance period).
Because common carriers must rely on equipment manufacturers and support service providers, the legislation provides that common carriers are to consult with these entities in a timely fashion and that these entities, in turn, shall make avail
able needed equipment and services on a timely and priority basis, and at a reasonable and cost-effective charge.
Enforcement of the legislation is vested in the Attorney General. This is to avoid disparate enforcement actions throughout the country in ways that could be burdensome for common carriers. The Attorney General is authorized to seek injunctive relief against common carriers, equipment manufacturers, and support service providers, as well as to file civil actions for fines against common carriers. The Attorney General is also authorized to request enforcement assistance from the Federal Communications Commission. Violators are subject to a civil penalty of $10,000 per day for each day in violation. As a practical matter, it is not expected that these enforcement remedies and actions will be required, particularly with. Regard to responsible common carriers. However, with approximately 2,000 common carriers now in the telecommunications marketplace, the prospect that some will disregard these requirements or respond to them in a dilatory fashion cannot be disregarded.
In order to facilitate compliance with the provisions of this legislation, the Attorney General is encouraged to consult with the Federal Communications Commission and common carrier representatives and to utilize common carrier standards bodies, associations, or other such organizations to discuss details of the requirements and cost-effective approaches.
In the definition of the term "intercept," it is made clear that the legislation, as a general rule, does not make common carriers responsible for deciphering or decrypting encrypted communications. As a general rule, law enforcement agencies assume this responsibility. Common carriers are required to provide only the plaintext of encrypted communications when the encryption was provided by the common carrier the common carrier possesses the information necessary to decrypt the communication.
The term "call setup information” is essentially the dialing information associated with any communication which identifies the origin and destination of a wire or electronic communication obtained through the use of a pen register or trap and trace device pursuant to court order. It does not include any information which might disclose the general location of a mobile facility or service, beyond that associated with the area code or exchange of the facility or service. There is no intent whatsoever, with reference to this term, to acquire anything that could properly be called "tracking" information.
The legislation includes several provisions that are intended to improve communications privacy. These include the conferral of full privacy protection for cordless telephones, including those transmissions occurring in the radio link between the telephone handset and base station. This provision recognizes that newer generations of cordless telephones tend to afford greater privacy protection to users than those previously marketed, because lawful network monitoring is allowed for electronic as well as wire communications.
It is important to understand that this legislation is intended to stand the test of time and overcome the shortcomings of the 1970 amendment. It is specifically designed to deal intelligently and comprehensively with current and emerging future telecommunications technologies and to preclude the need for much more restrictive and more costly legislation in five or ten years when court-authorized interceptions would no longer be possible due to further technology advances. Any legislation that would limit its application to technological impediments on a "piecemeal" basis would be disastrous. Piecemeal legislation which deals only with current problems or some of the problems would result in common carriers fully deploying new technologies which would impede electronic surveillance and which would cause the government to return to the Congress repeatedly. In the meantime, the public safety, the national security, and effective law enforcement would be harmed and the cost of removing those future impediments would be prohibitive. Indeed, in this regard, bad legislation would be worse than no legislation at all.
WHAT THE LEGISLATION DOES NOT PROPOSE Much of the criticism directed toward the administration's proposal has been misleading or incorrect. I would like to clarify for the record what the legislation does not propose.
NO CHANGE IN LEGAL AUTHORITY First, as I previously stated, the proposed legislation does not seek to expand the current laws authorizing the interception of wire or electronic communications. To the contrary, this proposal simply seeks to maintain law enforcement's ability to conduct the types of surveillances currently authorized in Chapters 119 and 206, Title 18, U.S.C.; the foreign intelligence surveillance act; and the laws in 37 states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands. In 1968, Congress carefully considered and passed legislation setting forth the exact procedure by which law enforcement can obtain court authorization to conduct electronic surveillance. The statute demands that law enforcement use electronic surveillance only as a technique of last resort. Requests for electronic surveillance receive rigorous administrative and judicial scrutiny and are granted only after a Federal District Court judge, or his/her state local counterpart, is satisfied that all the statutory safeguards have been met and all other reasonable investigative steps have failed, or are likely to fail. The proposed legislation will not change this.
Furthermore, service providers will not execute an intercept without the required court order or statutory authorization. Any attempt to do so by anyone, either inside the government or the private sector, will continue to be a violation of Federal law and those individuals will be prosecuted to the fullest extent of the law.
In addition, the proposal will not change who controls access to the communications to be intercepted. In fact, interception access points increasingly are likely to be activated within the common carrier's premises, thereby severely limiting the potential for illegal wiretapping. The proposal will not open the door to easy or wholesale wiretapping, nor does law enforcement envision a marked increase in the number of electronic surveillance court orders that will be sought or an increase in the types of investigations in which a court-authorized interception can be granted. The legislation does not, in any way, relax the established statutory and court-imposed requirement for obtaining a court order.
This proposal does not restrict technology. It deals solely with preserving technical capabilities. The proposed legislation seeks only to clarify and more clearly define existing law regarding the "technical assistance” provision by making it applicable and meaningful, regardless of the technology employed.
ENCRYPTION The proposal, in essence, only addresses the technological issue concerning access to communications and does not alter the legal requirements currently associated with court-ordered intercepts. With minor exception where encryption was provided by the common carrier and the common carrier possess in the information necessary to decrypt the information, the legislation does not address the issue of encryption. While encryption certainly poses a problem for law enforcement, this legislative proposal focuses only on the issue of interception access within advanced communications networks. The topic of access within advanced telecommunications networks is distinct from encryption and poses an immediate and critical problem for law enforcement for which we are now seeking a legislative solution.
NETWORK SECURITY AND RELIABILITY Some have raised concerns regarding the impact this legislation might have on network security and reliability. Certain special interest spokespersons have as. serted that the legislation will make it easier for anyone, from computer hackers to foreign spies, to access an individual's communications. These fears are unfounded and misplaced. First of all, just as network maintenance and audit access can be accomplished with full regard for network and system security, so also can law enforcement's electronic surveillance access be accomplished with the same high regard for security and privacy. Second, the proposed legislation includes a "systems security" provision which means that only designated telephone company employees will activate interceptions which originate within telephone company premises. Third, unauthorized access to communications remains a serious crime which is ad. dressed in the current electronic surveillance statutes. Any unauthorized individual or group breaching communications security and privacy is subject to prosecution to the fullest extent of the law. Fourth, this proposal will not introduce any vulnerabilities into systems that are not already present. As technology evolves and as any new features and services are introduced, industry will necessarily plan network security measures and countermeasures early in the design phase and address intensively the architectural design for network security.
The proposed legislation fits well within the context of these activities. By requiring common carriers to develop law enforcement access solutions within their own networks, we are best assuring appropriate security. Therefore, contrary to many public statements made on the subject, law enforcement is not seeking to build *back doors" to sneak into common carriers' systems. The proposed legislation is not some dreaded Orwellian prophecy come true. Rather, this legislative proposal represents a recognition of legitimate law enforcement needs and a desire to protect the American people.