Archives

CALEA: Increasing Government Surveillance, Limiting Technological Innovation

Since its enactment in 1994, privacy rights experts and watchdogs have been wary of the Communications Assistance for Law Enforcement Act (CALEA). This article explores the history of the CALEA, how it has evolved over the years and some privacy issues surrounding wiretapping and other forms of surveillance.

Background

CALEA was passed in 1994 in order to facilitate law enforcement authorities’ wiretapping of digital telephone networks. It was the first piece of legislation in history that required telecommunications companies to modify their equipment in order to facilitate government surveillance. The FBI originally proposed the CALEA in 1992. This proposal was broadly inclusive – for instance, computer networks would have been part of this Act, in the name of government surveillance.

The CALEA essentially forced telephone companies to redesign their architectures in order to facilitate wiretapping. Notably, the CALEA did not regulate data traveling over the internet.

According to privacy watchdogs, wiretapping of suspected criminal activity by law enforcement agencies can rapidly degenerate into suspicionless monitoring of the general public, which violates the Fourth Amendment.

According to the Privacy Rights Clearinghouse, “Wiretapping is any interception of a telephone transmission by accessing the telephone signal itself.” Another related concept is ‘electronic eavesdropping,’ which is defined as “the use of an electronic transmitting or recording device to monitor conversations without the consent of the parties.”

Under US law, there are very few situations in which wiretaps are legal. However, technological improvements have made it increasingly easier to illegally wiretap communications.

Evolution of CALEA

In August 2004, the Federal Communications Commission (FCC) released a Notice of Proposed Rule Making (NPRM), which expanded the boundaries of CALEA by redefining what constitutes telephone service, concluding that broadband Internet access providers and managed VoIP systems substantially replace local exchanges and therefore are subject to the requirements of CALEA.

In August 2005, the FCC announced a Final Rule, which expanded CALEA to Internet broadband providers and certain VoIP providers.

Critics Say…

In response to the expanding reach of CALEA, the Electronic Frontier Foundation (EFF) has listed a number of objections and concerns. These are briefly summarized below.

  • Wiretapping Convenience – According to the EFF, wiretapping is already a relatively easy practice as is. Existing legislation already permits law enforcement agencies to place Internet users under surveillance, regardless of what programs or protocols being used to communicate. The reality is that most types of surveillance has gotten easier in this day and age.
  • “Tappability Principle” is Problematic – The FBI suggested that if something is legally searchable sometimes, it should be physically searchable all the time (the “tappability principle”). However, this could lead to all individual phones having built-in bugs, leaving consumers to trust that the phone companies or law enforcement would not activate those bugs without a legitimate reason.
  • Increased Costs for Services – Expanding CALEA in the manner suggested by the FCC’s NPRM would cause broadband providers to spend millions of dollars restructuring their network architectures and design and manufacture surveillance-friendly technologies. This would cause telecommunications bills to skyrocket. It would also eliminate privacy-friendly technologies from the marketplace.
  • Takes a Toll on Innovation – CALEA compliance would significantly reduce the scope of technological research and development. It would also allow the FCC to have authority over a wider range of technologies. CALEA’s requirements might result in economic incentives for software developers to create new programs (e.g. email, IM programs) that are more surveillance-friendly. This would mean that innovators will need to work within the guidelines of CALEA’s surveillance.
  • Phone Regulations are not Applicable – The NPRM assumes that regulations that apply within the phone network (a closed, insulated system) should be extended to the internet (an open, always-changing system). This could severely hamper technological development and innovation on the Internet, where new services and devices are being introduced all the time.
  • Internet Insecurities – Unfortunately, many of the technologies that are used to create surveillance-friendly computer networks might increase the risk of attacks or breaches of personal data. Broadband service providers who must make their networks or applications more tappable end up introducing potential points of vulnerability into their system. Many users are unaware of this reality when they register for such services.

Surveillance-Industrial Complex

Services that facilitate wiretapping, and the types of policies that are necessitated by such legislation as the CALEA essentially facilitates what the American Civil Liberties Union (ACLU) refers to as the surveillance-industrial complex, which involves the integration of private individuals and organizations with a government-sanctioned surveillance network. Private entities motivated by profiting from surveillance activities have an incentive to lobby for increased government surveillance authority.

Regarding the CALEA, the ACLU comments,

“Americans have long feared the specter of the government maintaining dossiers filled with information about the lives of individual, innocent citizens. Data retention, whether mandatory or de facto, achieves the same goal indirectly, by ensuring that information is stored by corporations – from where, as we have seen, it can easily be accessed by the authorities.”

Summary

This article takes a look at the Communications Assistance for Law Enforcement Act (CALEA), which was passed in 1994 to facilitate law enforcement authorities’ wiretapping of digital telephone networks. In 2004, the FCC suggested substantial expansions in the scope of the CALEA in its Notice of Proposed Rulemaking (NPRM). In August 2005, the FCC’s Final Rule expanded the CALEA to include Internet broadband and VoIP providers. This article also explores privacy watchdogs’ criticism of government surveillance expansion.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional (CIPP) exam, a privacy professional should be comfortable with topics related to this post, including:

  • Communications Assistance to Law Enforcement Act – CALEA (I.B.a.iii.3.)
Share

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>