Congress initially addressed the issue with the Communications Assistance for Law Enforcement Act in 1994, which required telecom carriers to ensure that police had the ability to conduct real-time eavesdropping when they needed it. But that law focused on landline and mobile phone services, not Internet communications. Today, popular tools like Web mail, social networking sites and online chats aren’t fully covered by the law. So when police approach companies that provide those services, the companies often lack the ability to quickly and easily provide access. The IACP, whose members are mostly state and local law enforcement officials, wants Congress to update the law to essentially force those companies to be more helpful, by requiring them to build surveillance capability into their systems. A House Judiciary Committee hearing examined the subject in mid-February, and President Obama’s 2012 budget request includes $15 million for creating a Domestic Communications Assistance Center, which would help all levels of law enforcement share surveillance technology.
But the IACP’s position, which is shared by the FBI, has created a conundrum. Any framework that readily gives law enforcement the ability to spy could also be exploited by hackers such as foreign governments, identity thieves or those committing corporate espionage. “I think what they’re proposing ... seems to be a bad mistake when we’re really worried about cyber-security and cyber-exploitation,” says Susan Landau, a Radcliffe Institute for Advanced Study fellow at Harvard University and former engineer at Sun Microsystems, who testified at the congressional hearing. Building in wiretapping capability would be akin to an “architected security breach,” she says, creating the possibility that criminals could breach the system and access information that might otherwise have remained nearly impossible to reach. In Italy, for example, an insider attack on Telecom Italia targeted 6,000 people for unauthorized wiretaps from 1996 to 2006, and dossiers were collected on politicians, judges, journalists and businesspeople. That means no major business or political deal at the time could be considered private. As Landau testified, “Rather than secure us, such capabilities endanger us.”