Big Brother Awards
quintessenz search  /  subscribe  /  upload  /  contact  
/q/depesche *
/kampaigns
/topiqs
/doquments
/contaqt
/about
/handheld
/subscribe
Linuxwochen Österreich Tour
RSS-Feed Depeschen RSS
Hosted by AKIS
<<   ^   >>
Date: 1999-11-07

Netz/gremium IETF & die Aboerschnittstellen


-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-.

Dieser Brief der American Civil Liberties Union [ACLU] an die
Internet Engineering Task Force [IETF] betreffend der
Berücksichtigung von Abhör/schnitt/stellen in
Netzwerk/protokollen wird zur Lektüre dringend empfohlen.
Auf europäisch: Wo im Text CALEA steht, ersetze man dies
durch ENFOPOL.


-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-

November 5, 1999

Mr. Fred Baker Internet Engineering Task Force Secretariat
c/o Corporation for National Research Initiatives 1895 Preston
White Drive Suite 100 Reston VA 20191-5434

Re: Wiretapping and the Internet

Dear Mr. Baker:

I am writing on behalf of the American Civil Liberties Union
(ACLU) and its approximately 300,000 members.

The Internet Engineering Task Force(IETF) has been studying
whether to conform network technology with the requirements
of the Communications Assistance to Law Enforcement Act
(CALEA). The proponents of this move, including the Federal
Bureau of Investigation argue that law enforcement needs
built in surveillance capacities and that CALEA may require
this compliance.

The ACLU urges the IETF to reject these calls, and to
emphasize that the plain language of CALEA, as well as the
legislative history, make it quite clear that the Federal
government cannot require Internet architecture to be CALEA
compliant.

CALEA was originally enacted in 1994. Its proponents argued
that the Act was necessary to help law enforcement keep
pace with technology. The FBI claimed that it sought no new
powers, but only to preserve their existing communications
surveillance capabilities.

Under its provisions, telecommunications companies must
build wiretap capabilities into their systems. Among other
things, the Act states that telecommunications carriers
generally shall ensure that the government can intercept
communications and get caller identification information (see
47 U.S.C. § 1002(a)). The Act also applies to
telecommunications equipment manufacturers, who are to
consult and cooperate with carriers to ensure compliance
with the needs of law enforcement (see 47 U.S.C. § 1005).

CALEA contains a number of exemptions. The statute
explicitly provides that the general compliance requirements
“do not apply to - · (A) information services; or · (B)
equipment, facilities, or services that support the transport or
switching of communications for private networks or for the
sole purpose of interconnecting telecommunications
carriers.” (See 47 U.S.C. § 1002(b)(2).)

In addition, the statute contains a definition of
“telecommunications carrier” which “does not include persons
or entities insofar as they are engaged in providing
information services” (see 47 U.S.C. § 1001(8)(C)). This
definition has the effect of excluding “information services”
providers from having to submit to CALEA’s conditions.

The question that then arises is: what are “information
services”? According to the Act, “The term ‘information
services’ -

· (A) means the offering of a capability for generating,
acquiring, storing, transforming, processing, retrieving,
utilizing, or making available information via
telecommunications; and · (B) includes - · (i) a service that
permits a customer to retrieve stored information from, or file
information for storage in, information storage facilities; · (ii)
electronic publishing; and · (iii) electronic messaging
services; but · (C) does not include any capability for a
telecommunications carrier's internal management, control,
or operation of its telecommunications network.” (See 47
U.S.C. § 1001(6).)

This portion of the statute essentially describes the key
functions of the Internet, which allows individuals to retrieve
stored information (e.g. FTP or Gopher), as well as engage in
electronic publishing (such as the World Wide Web) or send
electronic messages (including e-mail). Furthermore, the
Act’s definition of “electronic messaging services” leaves no
doubt that this exemption was meant for the computing
world; under this definition, ''electronic messaging services''
are “software-based services that enable the sharing of data,
images, sound, writing, or other information among
computing devices controlled by the senders or recipients of
the messages.” (See 47 U.S.C. § 1001(4).) This close
similarity between the CALEA’s description of “information
services” and the functions of the Internet is not just a
coincidence. It is a clear indication that CALEA exempts the
Internet and its constituents from having to comply with
statute’s stringent wiretapping requirements.

The legislative history of CALEA also bears out the fact that
Congress never intended the statute to apply to the Internet.
When Congress discussed the bill, it was noted that:

“The term ‘information services’ encompasses both electronic
publishing...and electronic messaging services, which is a
term broadly defined to encompass electronic mail,
electronic forms transfer, electronic document interchange,
and electronic data interchange.” (See 140 CONG. REC.
H10780 (daily ed. October 4, 1994) (statement of Rep.
Markey).) (Emphasis added.)

These discussions also show that Congress intended the bill
to apply, not to the Internet, but to:

“such service providers as local exchange carriers,
interexchange carriers, competitive access providers [CAPs],
cellular carriers, providers of personal communications
services(PCS), satellite-based service providers, cable
operators and electric and other utilities ...” (See 140 CONG.
REC. H10779 (daily ed. October 4, 1994) (statement of Rep.
Hyde).)

In addition, it should be noted that CALEA has been
amended (see General Accounting Office Act of 1996, Pub.
L. 104-316, § 126(b), 110 Stat. 3826, 3840 (1996)). However,
Congress did not remove or otherwise change the exemption
for “information services” when it added the amendments. If
Congress intended the Internet to comply with CALEA’s
requirements, it surely would have taken the opportunity to
say so. The fact that this opportunity was not taken is further
evidence that Congress did not intend the Act to apply to
cyberspace.

In short, the providers of Internet services are not required to
comply with CALEA and the IETF is under no obligation to
assist law enforcement in bringing Internet services into
compliance with CALEA. As Rep. Bob Barr’s letter to you
indicated, there is also substantial opposition in the
Congress to any extension of CALEA to the Internet and, in
fact, I am not aware of any bills which have been introduced
that would remove the exemption for “information service
providers” or that purport to require Internet services to
become CALEA compliant.

It also seems evident that built in surveillance capabilities
would violate the terms of the European Privacy Directive
(97/66/EC of 15 December 1997), which provides that
telecommunications services "must take appropriate
technical and organizational measures to safeguard security
of its services."

Beyond question of law, it would be a serious mistake to
alter the very architecture of the Internet to make it wiretap or
surveillance ready. What law enforcement is asking you to do
is the equivalent of requiring the home building industry to
place a “secret” door in all new homes to which only it would
have the key. That is a frightening extension of the
proposition that an industry is required to cooperate with law
enforcement when it has obtained a proper judicial order.

Just as a secret door would add a new level of insecurity to
our homes that could be exploited by criminals, so too would
built-in law enforcement access add new levels of insecurity
that could be exploited by information pirates and thieves.

I also urge you to consider the FBI’s broken promises about
CALEA before you jump to accommodate them. The FBI
has repeatedly violated its promises to Congress and the
telephone industry that it would not seek expanded
surveillance powers, but only sought to preserve its existing
surveillance capabilities.

For example, the FBI has sought the capability to use
cellular telephones as tracking devices. In its so-called
“punch list”, the FBI sought expanded access to post
connection digits dialed by telephone customer. It demanded
the right to stay on conference call even after the subject of
its wiretap order is off the call and sought a whole series of
expensive signaling requirements. Most extraordinarily, the
FBI has proposed a series of capacity notices, that, in their
most extreme form, would have required the telephone
industry to provide it with the capacity to simultaneously tap
in every telephone line in major urban areas like New York.

Once you begin the process of building surveillance features
into the Internet, you will open Pandora’s box to an ever
increasing demand for services from law enforcement, and
you will be consigning service providers to a future of
unknown, but undoubtedly significant, costs. The ultimate
irony for service providers would be that, since they do not
come under the terms of CALEA, they would not even be
eligible for limited cost reimbursements offered by the law to
the telecommunications carriers.

I hope you will find this material of interest, and I am happy to
answer any questions you might have.

Sincerely,


Barry Steinhardt Associate Director


Cc: Dr. Scott Bradner--Transport Area Director--
<sob@harvard.edu>

Barry Steinhardt Associate Director American Civil Liberties
Union 125 Broad St NY,NY 10004 212 549 2508 (v)
Barrys@aclu.org Barry Steinhardt Associate Director
American Civil Liberties Union 125 Broad St NY,NY 10004
212 549 2508 (v) Barrys@aclu.org
-.- -.-. --.-
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-

- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-.
edited by Harkank
published on: 1999-11-07
comments to office@quintessenz.at
subscribe Newsletter
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-.
<<   ^   >>
Druck mich
Linuxwochen Austria

meet q/uintessenz every friday

BigBrotherAwards





25. Oktober 2017
freier Eintritt
#BBA17
Big Brother Awards Austria
 related topiqs
 
 /q/depeschen
 


 CURRENTLY RUNNING
bits4free 18. Jan. 2012: Ihre Meinung zählt
Liquid Democracy - direkte Demokratie durch Online-Partizipation?
 
 !WATCH OUT!
q/Talk, Di 29. Nov: Es gilt die unSchuldsvermutung!
Bürger unter Generalverdacht und stundenlange Einvernahme von Chattern