SAN FRANCISCO — Telephone companies are
sitting on a potential diamond mine of
information. The Bush administration is locked in
a struggle with Congress about the rules for
mining the data. Once again, technology has leapfrogged regulation. And once again, the battle lines are drawn around ideological positions.
A panel discussion at the RSA security conference, held in San Francisco this week, illuminated the divide between those who want to
take full advantage of data mining technology and
those who think the courts should help safeguard the privacy of U.S. citizens.
In August 2006, a federal judge ordered
the Bush administration to cease all warrantless
wiretapping of calls between Americans and
suspected foreign terrorists, after the program
of eavesdropping on calls between the United
States and foreign countries was revealed by Eric
Lichtblau of the New York Times. Lichtblau moderated the panel.
At issue is whether the government can go
around the FISA-authorized courts and engage in
wiretaps without a court order. In 1978, Congress
passed the Foreign Intelligence Surveillance Act
(FISA), designed to provide a secret, fast track
for the government to get warrants for electronic
surveillance related to foreign terrorism or
espionage. But President Bush claims he doesn’t need warrants, because he’s Commander-in-Chief of the U.S. armed forces.
Both the Senate and the House of
Representatives have bills designed to modify
FISA, while AT&T is being sued
for cooperating with the government’s
non-FISA-approved telephone surveillance.
The panel attempted to unravel the
complexities, both technological and legal,
behind the Bush administration’s warrantless wiretapping program.
For example, should the telcos that took part in
the program be given retroactive immunity for their actions?
Bill Crowell, an IT security specialist and
former National Security Agency senior official,
said that NSA staffers want to obey the law, they
just need clear guidelines. But David Rivkin, a
partner in the law firm of Baker Hostetler, said
the rules need to be flexible enough to let
government agencies collect the information they
need. He said the assurance that the government won’t
eavesdrop on citizens without a warrant may be a casualty of the war on terror.
For example, the government has spied on calls
made from the United States to foreign countries
assumed to harbor terrorists in hopes of hearing
a snippet of useful information.
“There’s no clever way of providing us with a
foreign intelligence collection stream and
insulating all the data Americans want to keep private,” he said.
Dempsey, policy director for the Center for
Democracy and Technology, pointed out that in our
modern, global society, it’s very common to make
international phone calls. Allowing the
government to spy on such calls would place a
large number of citizens under surveillance.
No reasonable expectation of privacy?
“The bill the president supports hinges on one
of the people [on the call] being overseas. On
the American end of the communication, the
Administration says that when an American picks
up the phone, they have no reasonable expectation of
privacy when they dial overseas.”
Page 2 of 2
Dempsey said the debate is over whether we can
create a program of supervised flexibility in
which all three branches of government have a
role to play. But Rivkin advocated keeping the judicial system out of it.
“The relevant committees in Congress have
received every bit of information on what was
done. There’s a difference between congress
receiving information and having it come out in open court,” Rivkin said.
Matt Blaze, a security researcher and
associate professor of computer and information
science at the University of Pennsylvania — and
a former AT&T employee — argued that technology
does matter. Pointing out that details of
how AT&T transferred information to the Feds were
murky, he theorized that the large data pipes
inside the AT&T network had been split and
filtered by equipment controlled completely by the government.
“This represents a profound shift in the way
wiretapping has traditionally been done,” he
said. “The telcos used to do the filtering on a
case-by-case basis. If it’s done by the
government itself, some inherent technical
safeguards just go away.”
He added that two surveillance systems he’d studied had properties
their designers weren’t aware of.
Allowing automated filters to determine which
calls are recorded and analyzed removes an
important level of oversight, Blaze argued. “We’re
losing an important technological safeguard,
because the scope of those safeguards now
determined entirely by filters that have access
to purely domestic communications.”