Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (47 page)

Electronic bugging tools, from employing microphones placed in an
adjacent dwelling to bugs placed within a telephone receiver (this was the
technique involved in the famous Watergate taps), can also be used to
capture voice communications. Other techniques that do the same thing
from a greater distance include parabolic microphones (parabolic reflectors" and laser microphones53)

The continuing vulnerability of end hosts leaves open the use of compromising tools such as CIPAV to tap communications. Such forms of
wiretapping will be available until such time as communications equipment is built error free. Because cell phones, smart phones, laptops, and
other communications devices are reliant on complex software and hardware systems, that day is a long way off. Police and spies can be assured
that there will continue to be many ways to collect electronic communications. It is also worth noting that nothing precludes the development of
end-to-end encryption techniques that give the government easier ways to
decrypt than brute force (recall the techniques that Lotus Notes employed
in the mid-1990s).

CALEA changed the model of who bore responsibility for government's
access to communications. Instead of wiretapping being a law-enforcement
concern, it became a communications providers' problem: design the networks so that there was an "easy button" for government to push when
it needed to tap a suspect. CALEA means that, subject to legal authorization, at virtually no cost and with very little pain, the FBI and other
law enforcement agencies have access to what they want. Yet as the
solutions above demonstrate, CALEA is not the only solution. There are
many ways law-enforcement agencies can obtain the information they
need. Virtually everything law-enforcement investigators need can be
acquired without embedding interception capabilities into communications networks.

Missing from law-enforcement's equation is the fact that CALEA is not
free. Government investigating agencies do not bear the cost of CALEAsociety does. CALEA's cost resides in the building of the switches, whose
cost is passed on to consumers. CALEA compliance means innovative
telecommunications systems are delayed or not deployed. Money spent on
CALEA is money diverted from investment in system infrastructure and in
developing new products.

CALEA's biggest cost, however, is in the potential vulnerabilities it
creates. Compliance creates risks to communications security by those capable of exploiting those vulnerabilities (insiders and other nation-states).
Threats to privacy are posed by the telecommunications providers themselves, who seek to recoup their CALEA investments for their own business
purposes. Is providing law enforcement with a "free and easy" wiretap
button worth the potential cost to network integrity and commercial telecommunications innovation when safer wiretapping alternatives are
available?

Without CALEA-type systems, investigators might need other routes,
developing individualized tools in order to successfully wiretap. Although
developing and implementing such solutions may be complicated for lawenforcement agencies, such an approach is plausible. After all, such technologies form the basis for foreign-intelligence collection. Government
investigators would need to innovate, finding new electronic surveillance
solutions as old ones cease to be effective. Surely that is not too big a tradeoff in exchange for not introducing vulnerabilities into U.S. communications infrastructures.

11.7 What It Means to "Get Communications Security Right"

The conflict created between communications security and communications surveillance may appear technical. Its resolution is not. The resolution will occur not in some abstract nation of the future, but in the United
States of the twenty-first century. The present conundrum of national
security and communications surveillance needs to be resolved within the
framework established by the U.S. Constitution. U.S. wiretap policy should
be governed by the following principles:

Secure communications is necessary for freedom, security, human dignity, and
consent of the governed. Such security is necessary for democracy. The preamble to the Constitution says the responsibility of the government is to
"secure the Blessings of Liberty to ourselves and our Posterity." The Fourth
Amendment states that "the right of the people to be secure in their
persons, houses, papers, and effects, against unreasonable searches and
seizures, shall not be violated." As Jed Rubenfeld convincingly argues, "A
search or seizure would be unreasonable if and only if it violated the people's
right to security.""

This does not mean that under proper legal authorization, the government cannot wiretap. Indeed the preamble does state that providing for
the common defense is one of the responsibilities of government. Wiretapping is an important tool in many types of criminal and foreign-intelligence
cases. However, in providing for a common defense, the government should not be obstructing the people's right to be secure. Private and secure communication is necessary for businesses to function, for personal relationships to flourish, and for political activity to occur. Proposed laws and
technologies for wiretapping should not substantively impede the peoples'
communications security.ss Any wiretapping law or technology should be
measured against the threats it poses to the security of the communication.
It should not be implemented if it poses a substantive threat to the freedom,
security, human dignity, or consent of the governed.

Interception technologies intended for use in public networks must be
peer reviewed.56 They must also have regular security reviews to ensure that
they have not fallen prey to new forms of attack.57

The U.S. government should 'secure the Blessings of Freedom ... for our
Posterity.' Communications surveillance must be designed with this principle
fully in mind. Technologies change with remarkable rapidity. Laws come
and go. Installed infrastructure, however, has great longevity. Changing
an installed base is complicated and expensive. As a result, infrastructure
tends to last for decades. Thus there is a very high cost if insecure eavesdropping capabilities are built into communications infrastructure such as
network switches and routers. Securing the blessings of freedom for posterity means that the government must ensure that wiretapping technologies
do not create such risks. Interception systems are not built insecure by
design; rather, flaws creep in as they do with any complex system. That is
why the IETF Network Working Group chose not to include wiretapping
capabilities within its standards track functionality."

To ensure the blessings of freedom for our posterity, certain principles
must be adhered to during the development and implementation of surveillance systems for use in communications infrastructures, as well as
afterward, during actual usage. First and foremost, interception technologies must be designed so that auditing is automatically on. The design
system must not allow auditing to be turned off. Unlike many computer
technologies, design of interception access should minimize flexibility; this
will minimize risks that the eavesdropping system can be subverted.59 The
interception system should be designed to have genuine two-organization
control. Finally, the design should be subject to open public review before
implementation in any communications network. Technologies that
cannot meet these criteria should not be used for interception in any
public communications system.

These rules cannot guarantee that an interception system will work correctly, but they are important safeguards. Or as a mathematician might
say, such protections are necessary, even if they are not sufficient.

Any suspension of communication privacy protections must occur only during
periods of extreme emergency and must be for brief-and quite temporaryperiods of time. "Temporary" should be a matter of days and weeks and not
extend to months and years. A communications interception designed for
such temporary use is much more likely to be used for a brief period and
not become, as the system designed for the President's Surveillance Program
did, part of communications infrastructure.

In line with the recommendations put forth by the 2007 National
Research Council report on data mining and behavioral surveillance, any
surveillance program that suspends privacy protections must be evaluated
for effectiveness.60 This implies that it should be designed in such a way
that its effectiveness can be evaluated. No such program should be expanded
unless there is a framework for evaluating its effectiveness.61

After a declaration of national emergency in which warrantless wiretapping of U.S. persons is temporarily permitted, there should be a deliberate
and careful study of the circumstances under which the emergency was
declared and any communications privacy violations that occurred. If
privacy violations occurred, there should be a careful delineation of how
investigative rules should change to prevent similar breaches in the future.

Communications surveillance should not impede the working of the press.
This principle may seem less important than the other three. It is not.
Journalists are society's guardians, and the security of their communications functions as the equivalent of canaries in the coal mine. The Founding Fathers understood that a free society rests on a free press. A nation is
a democracy only so long as journalists' communications are secure.

Yet although the First Amendment provides an absolute right to publish,
its protections of a reporter's right to investigate are less definitive.62 Laws
permit the wiretapping of journalists in the course of criminal investigations.63 There is an important balancing act here.

Modern society is now heavily dependent on electronic communications. To be a journalist is to talk to sources by phone, email, Instant
Messenger-and occasionally in person. The fact that reporters are so
heavily dependent on electronic communications means they are particularly susceptible to wiretapping. At the time the U.S. Constitution was
written, it was hard to track a journalist. Now it is both simple and cheap.
Often it is not even necessary to listen to reporters' communications in
order to discover what the reporter is uncovering: by exposing who is in
a reporter's proximity, location information may reveal all.

There have been multiple times in U.S. history when journalists' communications were intercepted without legal authorization. Protecting the security of journalists' communication is necessary for ensuring the security of the nation. U.S. law allows government wiretapping under certain
circumstances. Implementing this principle is almost entirely a matter of
law and not one of technology.

Adhering to these principles cannot guarantee that we will secure "the
Blessings of Liberty to ourselves and our Posterity," but failure to adhere
to them will guarantee that we will not.

At the end of World War II, the United States entered into a period where
it was at the height of its powers. Except for Pearl Harbor, the nation had
experienced no serious attacks on U.S. territory, and its industrial strength
was unparalleled. Meanwhile much of Europe lay in ruins, the Soviet
Union had suffered the loss of 26 million people, and Japan had lost the
war and saw much of its manufacturing base in ruins. China was impoverished and in the middle of a civil war. It was then that the paradigm for
the next fifty years of U.S. military and diplomatic policy was established.
While not every event in that fifty-year period went in favor of the United
States-there were the Soviet atomic and hydrogen bombs, Sputnik, the
loss in the Vietnam War-there can be little question that this was "the
American century."

That is now slowly, but inexorably, changing. In the second decade of
the new millennium the United States is still, to be sure, the sole superpower, but others are gaining economic power. By 2005, China's share of
the world's GDP was 9.7 percent (the U.S. share was 22.5 percent); at one
point, a mistaken calculation led economists to believe that China's GDP
would overtake that of the United States in 2010.1 When China's GDP
exceeds that of the United States is not as important as the fact that it will,
and most likely before the half-century mark. China is already the world's
factory. The fact that the United States will not be the world's largest
economy will have many implications for U.S. defense and diplomatic
policy.

Cyber is now a critical aspect of U.S. defense, and an important strategic
issue is whether it is possible to achieve overwhelming superiority in this
domain. The answer is: almost surely not, for it is a domain where someone
with a $40 Internet connection and a PC can create a great deal of havoc,'
a situation unlikely to be alleviated soon. Multiply it by the size of the PLA
and the issue becomes clear.

The communications infrastructure we build will persist for decades to
come. Wiretapping is typically not debated except in times of high stress,
when emotion takes over from rationality. Now, as we embark on a future
network design, is the time to consider the issue thoughtfully.