FBI to Discuss Packet Tapping

The FBI and its consultant, Telcordia Technologies, are holding a closed meeting with telecommunications carriers and vendors in Tucson, Ariz., this week to detail "law enforcement needs" for wiretapping packet data on the Internet.

Senior FBI officials - responding to reports to the contrary - said they have no plans to expand packet data wiretapping capabilities beyond what is already authorized in the 1994 Communications Assistance for Law Enforcement Act .

Rumors spread throughout the telecommunications industry last week, based in part on comments by a Washington, D.C., insider who suggested that the FBI was seeking broader wiretapping authority involving ISPs.

Officials insisted that those reports were "speculation," probably based on the FBIs continuing efforts to implement CALEA where it applies to surveillance of packet-mode transmissions. They said that no sweeping surveillance changes are being contemplated.

"The concept of electronic surveillance is a very focused, surgical tool, aimed toward individual people," said Mike Clifford, chief of the FBIs CALEA implementation section. "It is not about doing vast, large-scale interception. That is not going to change.

"Our laws are structured that way for reasons, so we want to develop capabilities to meet the legal requirements. That does not mean . . . any architectural shift in the Internet," he said.

To that end, the agency and its consultant, Telcordia Technologies, are meeting behind closed doors with telecommunications carriers and vendors at an invitation-only symposium in Tucson, Ariz., on Tuesday, Nov. 6.

The meeting precedes a scheduled meeting of the Federal Communications Commission on Wednesday, Nov. 7, at which standards for packet data interception under CALEA will be discussed in Washington D.C.

The FBI and Telcordia will release a confidential document to participants in Tucson, outlining technological details of "law enforcement needs" in surveillance on the Internet. While that document is considered confidential, privacy advocates are expected to push for release of more detail of what the FBI wants.

Marcus Thomas, head of the FBIs cybertechnology section, debunked published reports of a sweeping new wiretap initiative by the FBI, saying the confusion stirred up in the industry by those suggestions had even created some confusion within the agency itself.

While the FBI is keeping the information under wraps, Clifford said that the Tucson initiative is simply part of implementing current law, not an expansion of Internet wiretapping authority because of the recent terrorist attacks.

"Nothing is coming out of [Tucson] . . . that would in any way imply we have an interest in [mass surveillance]," Clifford said. "What we are interested in doing is developing - or having the industry develop - capabilities for identifying and isolating individual communications that are subject to guidelines of the law, which are very strict."

Thomas said that while ISPs are not covered directly under CALEA, packet data has become a focus for surveillance because of the "migration" from voice to packet-mode transmission by telecom carriers

Although ISPs are not covered, they have obligations, Clifford said.

"There is a requirement to provide assistance when it is legally authorized," Thomas said. "It might be allowing us to use our equipment, or them providing the information. But electronic surveillance is strictly done by electronic surveillance order. There is also the pen registry-type trace. But everything we are talking about here is pursuant to court orders."

Thomas said that the agencys use of Carnivore - the FBI-developed technology that places wiretaps on suspects computers - wont change, except by evolution that makes it more efficient.

"Nothing . . . would change the way this process works, with the exception that more and more, we will find ISPs having their own capability to perform interception service for law enforcement," Thomas said. "Not because of any requirement on them to do that, but because of the issues raised in privacy and the issues raised about who is watching the watchers.

"I think a lot of [ISPs] feel it is to their benefit to do this without relying so heavily on us. If they can do it, and choose to do it, its better for us because the information is all we are interested in anyway," he said.

Stewart Baker, former general counsel of the National Security Agency and a former member of the presidents commission on encryption, said last month that he believed that the FBI was preparing a new plan to expand wiretap activities that could more directly involve ISPs.

Baker predicted that the FBI would meet with ISPs shortly, and suggested that the agency was interested in "pooling" information in order to facilitate wiretaps.

Officials of Siemens who have worked closely with the FBI in developing CALEA-compliant software and hardware said that they are aware that the agency wants to regionalize and centralize data it receives from wiretaps. But that does not involve "pooling" data for mass surveillance, or architectural changes in the Internet, they said.

Thomas said the FBI is hoping for and anticipating cooperation from ISPs, but only as those companies conduct their own normal surveillance of user activities. If they see something suspicious, Thomas said, he expects they will notify the FBI.

"Were very adept at working with the industry," Thomas said. "And I think they are much more inclined today, because of Sept. 11, to address lawful intercept needs. That is the purpose [of the meeting] . . . to identify those things that we need, and what may be too complicated or cost prohibitive to accomplish."

Baker said that he "does not disagree with anything the agency is saying," but he cautioned that the FBI may be "underhyping" the impact that what it is doing will have on privacy and related issues.

Baker said that if the impact is the setting of standards that the ISPs either follow or are forced to challenge in court, the result would be an environment in which ISPs may feel pressured to build systems that are not their preference, but are compatible with CALEA.

"There are some out there who believe that CALEA does not apply to packet data surveillance at all," Baker said. "And the FBI seems to believe that CALEA allows them to follow telecom carriers, wherever they go."

Ray Shedden and Erwin Hunter, who oversee CALEA-related products at Siemens, said they believe that telecommunications carriers affected by the law want to cooperate with the FBI, but are faced with greater complexity - and costs - to meet the FBIs packet surveillance needs than they faced for voice wiretap technology.

"There are a variety of issues, but who is going to pay the costs?" said Shedden, who manages business switching products. "The FBI has not been given enough money to fund what it will cost telephone companies to [facilitate] these intercepts."

Hunter said that another concern of the FBI is the speed at which the agency would be able to receive intercepted communications, so that it can be acted upon in time to preserve public safety.

The Department of Justices field guidance related to Carnivore specifically instructs agents to check with ISPs first, to see if they have the technology handy to lay the same wiretaps the FBI offers through Carnivore. Most carriers have such capability through regular billing, traffic monitoring and enforcement tools, and it appears to suffice.

Trials to set up a snooping system that would isolate traffic generated by a particular user have been discussed within technical circles as far back as 1999. That year, a WorldCom engineer presented attendees of the quarterly North American Network Operators Group conference with a plan to "pool" traffic generated by hackers in the midst of an attack onto separate pipes equipped with technology to locate the offenders and shut them down.

The technology, while operational, was later abandoned by WorldCom, supposedly because of costs associated with running it.