As if CALEA wasn’t bad enough when it only applied to telephones, the FBI now wants to extend it to force makers of Internet communications gear to include a built-in back door for wiretapping. And of course, the goverment isn’t going to pay for it out of tax dollars — it’s another unfunded mandate. So we’ll pay for it in increased rates from internet service providers.
The way to preserve our privacy on the internet is to use end-to-end cryptography, which is already available for VoIP and other services.
The big problem with CALEA as applied to regular telephones was that it solved a non-problem, and in the process provided an incredible potential for abuse. Before CALEA, if the government wanted to tap your phone, they had to get a court-ordered warrant first. Once they had that, the telephone company would let government technicians connect a wiretap. But the FBI thought that was too much trouble. They wanted the ability to simply press a few buttons in their nice cushy FBI offices, and have the wiretap occur automatically. Thus they got Congress to pass CALEA, which mandated that telephone equipment provide this feature.
All that saves is having an FBI technician go to the phone company central office serving the customer to be wiretapped. Given that only a few thousand wiretaps were ordered per year, this hardly seemed to be overly onerous, expecially compared to the multi-billion dollar cost that CALEA burdened the equipment makers, telephone carriers, and ultimately the telephone subscribers with.
So why did they really want it? The convenience improvement of using CALEA for a court-ordered wiretap is minimal; they already have to go before a judge. But what if they skipped the warrant and just “installed” the wiretap? Before CALEA they couldn’t usually do that, because the phone company didn’t cooperate unless they had the warrant. But with CALEA, there is nothing to prevent the FBI (or any other part of the Federal government) from just turning on a wiretap. CALEA doesn’t have any auditing or paper trail, so there’s no way to know whether it has been used improperly. And even if someone did determine that the FBI had unlawfully used CALEA for a wiretap without a warrant, there is no penalty other than that the evidence so obtained might be inadmissible in court.
Why do they want to expand it now? They’re concerned about the proliferation of VoIP telephony, and want to make sure that they can wiretap that too.
There are two things I find ironic about this mad rush to eliminate privacy:
1. The problem with fighting terrorism has never been a lack of information. The goverment had all the information they needed to piece together the 9/11 attack beforehand, but agencies didn’t share information, and action wasn’t taken to investigate highly suspicious activity. In other words, rather than a lack of information, the problem was that they didn’t correlate the information, and that they didn’t act on it. Collecting more information will not solve that problem; in fact, it may make it worse.
2. Wiretaps are a completely useless way of trying to detect terrorism. Once you have identified a suspect, it may well be valuable to obtain a wiretap, but a simple mathematical analysis shows that wiretapping to detect terrorism has a near-zero probability of detecting actual terrorist activity [Floyd Rudmin, May 2006].
As citizens concerned about our privacy, what can we do about this? Aside from trying to persuade the FCC and Congress not to allow this useless but expensive invasion of our privacy, we can employ end-to-end encryption, using VoIP combined with encryption software using the ZRTP protocol, such as Zfone. By using end-to-end encryption, it no longer matters whether the router at your ISP has CALEA support; if the FBI or NSA monitors the connection, all they’ll get is encrypted traffic, without the keys.
The government could try to require that software like Zfone include a back door, or try to require that people using encrypted VoIP provide their keys to the government, or even just make encrypted VoIP illegal. All these ideas were discussed in the early-to-mid 1990s with regard to the Clipper chip proposal, and ultimately rejected. I don’t think there was any reason to believe that mandating key escrow would pass First Amendment muster then, nor would it now.
If the goverment were to mandate key escrow or ban cryptography, it wouldn’t improve their ability to use wiretapping to identify terrorists. Criminals are unlikely to use key escrow or honor a ban, just as they ignore gun control laws. Banning cryptography would be ineffective because suitable software such as Zfone is already widely available, and it is relatively easy for new cryptography software to be written. Even if a ban prevented such software from being written or distributed in the US, there is no effective way to ban it worldwide, or to prevent people in the US from downloading it from other parts of the world.