Surveilling The Web

Kelsey Atherton unpacks an unsettling new proposal that would make it easier for the FBI to gain access to your online communications:

In 2006, the FCC expanded the [Communications Assistance for Law Enforcement Act] to include Internet access providers, but there’s a tricky caveat: court orders under existing law only instruct internet communications providers to offer technical assistance to law enforcement. That gives the tech companies some leeway if they’re uncomfortable handing over information; they can just say they were unable to make the technology work the way the FBI wants.

Under the new proposal, that wiggle room disappears. FBI officials can notify a company (with a wiretap order, say) that they need the tech to be surveillance-ready in 30 days. If not? Fines, starting at $25,000/day that the capability isn’t there.

Susan Landau explains why the idea of a “wiretap” needs updating:

This view of wiretapping is mired in the 1960s, when each phone was on a wire from the phone company’s central office, and a wiretap consisted of a pair of alligator clips and a headset.

In the 1990s, cellphones and advanced services eliminated the wire and made it harder to tap. … Now we have a new world with myriad services: FacebookgmailSkypeRepublic Wireless, each one with a different architecture, some centralized (and thus with information “in the clear” at the provider), some peer-to-peer, some a mix. None of these are traditional carriers, so [the Communications Assistance for Law Enforcement Act] doesn’t apply.

But the real issue, which the FBI does not seem to recognize, is that the providers of the infrastructure, the wire—or wireless signal, are different from the providers of the service. What this means is that sometimes the infrastructure provider has the content, sometimes the communications provider has the content, and sometimes no one does but the sender and receiver (which is actually the most secure way to communicate).