Federal Government to Seek Web Message Surveillance Power

By Wayne Rash  |  Posted 2010-09-27

Federal Government to Seek Web Message Surveillance Power

The Obama administration is preparing legislation that would require messaging providers to make wiretap capabilities available to federal agencies with court orders, according to a story in the New York Times Sept. 27

The Times report says that the proposed legislation would require companies such as BlackBerry maker Research In Motion to make it technically possible to respond to a court-ordered wiretap for messaging and e-mail systems. Wiretapping of voice communications is already legal, although a debate continues as to whether a court can issue a wiretap that covers all calls made by a specific person, or only calls on a specific phone. 

A similar debate raised its head several years ago when the federal government proposed legislation that would require digital phone carriers and Internet service providers to provide such a wiretap capability. They eventually got the ability to tap these services. The debate this time is similar but for one aspect, and that is the existing practice of encrypting data to provide users with an expectation of privacy. 

It's no secret that transmitting text messages in the clear means that it's possible, if unlikely, that they'll be intercepted. This is why companies such as RIM provide tight encryption-they want their business customers to be able to keep their information private. In RIM's case, it's a competitive advantage especially in some industries such as banking and health care, where privacy rules are important. 

The government is asking for legislation that would require that all companies providing a communications service to make it possible for investigators armed with a court order to be able to tap into these communications. Currently, they can get the court order, but some companies including RIM can't comply because they can't break their own encryption. This is the issue that caused a standoff in India, Saudi Arabia and Dubai, and likely will continue to cause similar standoffs. 

The legislation, which probably won't see the light of day until next year, faces a number of hurdles. There are the obvious privacy concerns, of course, and privacy advocates are sure to raise a ruckus about any such proposal. But there are other hurdles as well, not the least of which is that some of the companies involved, including RIM, aren't in the United States. Currently, the proposal is said to include a requirement that businesses located outside the United States be required to establish U.S. operations that would be able to provide a base for such wiretaps. 

It's hard to see exactly how such legislation, even if it's enacted, would do this. Giving U.S. law enforcement agencies some sort of power over foreign companies would seem to require the negotiation of new treaties, at least.

Federal Government to Seek Web Message Surveillance Power

title=Casting a Huge Net to Catch the Dumbest Criminals}

You can assume that the respective governments of those companies would complain loudly indeed if the United States were to try to force their companies to comply with a U.S. law that unilaterally tries to change privacy rules. This is especially true in the EU, where specific privacy rules are mandatory, and they're far from in concert with U.S. law enforcement demands. Is the United States ready to start a trade war with Europe or Canada just to prove a point? 

The problem goes on from there. Just because communications providers can make it possible to tap into their e-mail systems doesn't mean that users have to cooperate. One of the reasons for the continuing success of PGP is that it provides a means of encrypting e-mail so that the government (or anyone else) can't read it, even if they can get it from your e-mail provider. I think it's a pretty safe bet that degrading encryption so that the government can tap messages will simply mean that there will be encryption apps that work with smartphone messaging systems just as they do now with e-mail. 

So won't the government just ask for a new law outlawing unbreakable encryption for all electronic communications? The government might ask for that, but then it raises a whole new set of issues, some of them Constitutional. People in the U.S. have the right to express themselves in any way they wish. You can't, for example, require that communications be in a particular language or that you can't use Pig Latin or that you can't use, for example, French, even though they may be equivalent to encryption for some people. 

In other words, choosing to express yourself in encrypted text is a protected form of expression. It's possible that the courts might decide differently, but it would take years, and there's little likelihood that the government would succeed considering the amount of opposition a threat to the First Amendment is likely to get. 

While the government is likely to eventually get its wish, probably long after Barack Obama leaves office, after treaties are negotiated and after a few changes in the make-up of Congress (in both directions), all that it will really mean is that law enforcement can listen in on criminals who are too dumb to find another way to encrypt their communications. It would seem that there are better ways for the government to catch the bad guys if only they focus on being more creative and work less on trampling on everyone's rights just to catch a few of the dumbest criminals. 

Rocket Fuel