Wiretapping Internet Calls May Require New Law

If you’re a criminal and you make a phone call, the police will have a relatively easy time eavesdropping, assuming they have the legal authority to do so. But conduct the call on Skype or some other Internet-based voice communication service, and chances are the police will have a much harder time. When technical limitations hinder law enforcers’ ability to conduct authorized, real-time surveillance, they call it “going dark” -- and police officials say the problem is becoming so pervasive that the federal government must step in. Every day, police miss opportunities to arrest criminals and prevent crimes because they can’t monitor Internet-based dialogue, says Smithfield, Va., Police Chief Mark Marshall, president of the International Association of Chiefs of Police (IACP). “Clearly we are losing ground,” he says, “and losing it quickly.”

Congress initially addressed the issue with the Communications Assistance for Law Enforcement Act in 1994, which required telecom carriers to ensure that police had the ability to conduct real-time eavesdropping when they needed it. But that law focused on landline and mobile phone services, not Internet communications. Today, popular tools like Web mail, social networking sites and online chats aren’t fully covered by the law. So when police approach companies that provide those services, the companies often lack the ability to quickly and easily provide access. The IACP, whose members are mostly state and local law enforcement officials, wants Congress to update the law to essentially force those companies to be more helpful, by requiring them to build surveillance capability into their systems. A House Judiciary Committee hearing examined the subject in mid-February, and President Obama’s 2012 budget request includes $15 million for creating a Domestic Communications Assistance Center, which would help all levels of law enforcement share surveillance technology.

But the IACP’s position, which is shared by the FBI, has created a conundrum. Any framework that readily gives law enforcement the ability to spy could also be exploited by hackers such as foreign governments, identity thieves or those committing corporate espionage. “I think what they’re proposing ... seems to be a bad mistake when we’re really worried about cyber-security and cyber-exploitation,” says Susan Landau, a Radcliffe Institute for Advanced Study fellow at Harvard University and former engineer at Sun Microsystems, who testified at the congressional hearing. Building in wiretapping capability would be akin to an “architected security breach,” she says, creating the possibility that criminals could breach the system and access information that might otherwise have remained nearly impossible to reach. In Italy, for example, an insider attack on Telecom Italia targeted 6,000 people for unauthorized wiretaps from 1996 to 2006, and dossiers were collected on politicians, judges, journalists and businesspeople. That means no major business or political deal at the time could be considered private. As Landau testified, “Rather than secure us, such capabilities endanger us.”