WASHINGTON, D.C. – The government is reportedly working to create an aggressive and comprehensive Internet eavesdropping capability that could fundamentally alter the landscape of privacy – and cost businesses a bundle.
Businesses could be required to install expensive government snooping software in their corporate networks, and communications companies may have to do the same.
For weeks, Congress has debated new antiterrorism legislation that would make it easier for the feds to spy on networks, but the operational aspects have been missing.
A Washington, D.C., insider said last week that the FBI plans to seek service provider and vendor cooperation in deploying a new type of software that would pool suspicious IP traffic into central locations for easier wiretapping.
“Its clear [the FBI has] decided that, in the next year or so, they are going to make a big push on packet data, and they are going to use whatever leverage they can to get people to cooperate and to build a set of packet data systems that are more wiretap-friendly than the ones we have today,” said Stewart Baker, a Washington lawyer and former general counsel of the National Security Agency.
If Baker, who still has ties to the security community, is correct, I-managers could be affected directly, as they will be required to support FBI wiretapping efforts at their own cost.
Complying with wiretapping requirements is neither cheap nor easy, said Mark Stone, president of Narus, a business intelligence software vendor. Stone noted that an earlier federal wiretapping mandate provided federal funding and six years to comply.
Baker said the FBI will try to schedule meetings with service providers and vendors over the next six weeks to explain how the new technology works. It will likely be much more expansive than Carnivore, the FBIs current software for monitoring e-mail messages, and would allow eavesdropping on the full stream of IP traffic – both voice and data. The FBI is planning to begin implementing this architecture using the powers it has under existing wiretapping laws, Baker said.
The FBI did not respond by press time to a request for comment.
In addition to technical challenges, associated legal demands could be overwhelming for companies, said David Snead, corporate counsel of e.Spire Communications, which gets about five subpoenas per week.
“The subpoenas have very tight turnaround times, and an increase to even 20 a week would require us to hire an attorney full-time just to comply,” Snead said.
Some access industry executives appear to be open-minded about the possibility of increased government monitoring.
“I tend to think that if it is a target initiative for known people who perpetrated crimes or are on terrorist target lists, I would encourage every service provider to participate,” said Patrick Sweeney, president and CEO of ServerVault, a Web hoster specializing in secure hosting.
Others have been expecting it.
“I think you will see some legislation passed that will be our CALEA [Communications Assistance for Law Enforcement Act], mandating a time period during which the government would legislate that service providers need to have capabilities that would allow law enforcement agencies [to place taps more easily]” Stone said.
Privacy advocates are not pleased. “Basically, what law enforcement is looking for here is an architecture that facilitates more spying on citizens, and the core principle we would follow is communications systems should not be built for spying,” said Chris Hoofnagle, the Electronic Privacy Information Centers legislative counsel.
Hoofnagle is equally dismayed about the antiterrorism legislation that is nearly complete on Capitol Hill, after more than a month of haggling over the details of final language that would give authorities greater access to Internet communications, from e-mail messages to Web surfing trails.
“The antiterrorism legislation is better than the original [Attorney General John] Ashcroft proposal, but it still contains significant infringements on civil liberties. Were talking about expanded use of Carnivore, the use of Carnivore without a warrant and roving wiretaps,” Hoofnagle said.
And thats not all. Last week, Virginia Gov. James Gilmore recommended to Congress that a special “cybercourt” be set up to deal quickly with threats against critical infrastructure.
Randy Barrett and Doug Brown contributed to this report.