The U.S. government is pushing for more online surveillance, drafting legislation that would force companies like Google to comply with wiretap orders, the Washington Post reported Sunday.
Ellen Nakashima writes:
A government task force is preparing legislation that would pressure companies such as Facebook and Google to enable law enforcement officials to intercept online communications as they occur, according to current and former U.S. officials familiar with the effort. [...]
Under the draft proposal, a court could levy a series of escalating fines, starting at tens of thousands of dollars, on firms that fail to comply with wiretap orders, according to persons who spoke on the condition of anonymity to discuss internal deliberations. A company that does not comply with an order within a certain period would face an automatic judicial inquiry, which could lead to fines. After 90 days, fines that remain unpaid would double daily.
Instead of setting rules that dictate how the wiretap capability must be built, the proposal would let companies develop the solutions as long as those solutions yielded the needed data.
The task force began its work in 2010, The New York Times reported at the time. It would seek to strengthen and expand the Communications Assistance to Law Enforcement Act of 1994, the Times said.
The 1994 law says telephone and broadband companies must modify or design services so they have built-in surveillance capabilities allowing federal agencies to monitor cellphone, broadband, Internet and voice over IP communications immediately after being presented with a court order and in "real time."
"The unintended consequences of this proposal are profound," warned Joe Hall, Senior Staff Technologist with the Center for Democracy & Technology (CDT), while Greg Nojeim, a senior counsel with CDT, told the Post, “They might as well call it the Cyber Insecurity and Anti-Employment Act.”
"At the very time when the nation is concerned about cybersecurity, the FBI proposal has the potential to make our communications less secure," stated Hall, and added that "a wiretapping mandate is a vulnerability mandate" because "once you build a wiretap capability into products and services, the bad guys will find a way to use it." Or, he said, "criminals and other bad actors will simply use homemade communication services based offshore, making them even harder to monitor."
Also noting the possibility the proposal could make communications less secure, the Post adds:
Susan Landau, a former Sun Microsystems distinguished engineer, has argued that wiring in an intercept capability will increase the likelihood that a company’s servers will be hacked. “What you’ve done is created a way for someone to silently go in and activate a wiretap,” she said. Traditional phone communications were susceptible to illicit surveillance as a result of the 1994 law, she said, but the problem “becomes much worse when you move to an Internet or computer-based network.”
Further, according to CDT President Leslie Harris, the proposal would "stunt innovation" because "it comes with such onerous penalties that it would force developers to seek pre-approval from the FBI. No one is going to want to face fines that double every day, so they will go to the FBI and work it out in advance, diverting resources, slowing innovation, and resulting in less secure products."