By Dr. Philip Baczewski, Director of Academic Computing and User ServicesFederal Eavesdropping: Coming to an Internet Near YouThe Federal Communications Commission (FCC) recently released an order which may affect Internet Service Providers, their customers, and the Internet as we now know it. This order extends provisions of the Communications Assistance for Law Enforcement Act (CALEA) to allow surveillance of information passing over any "facilities-based broadband Internet access." Facilities-based service providers are defined as those that "provide transmission or switching over their own facilities between the end user and the Internet Service Provider (ISP)." Plainly put, this extension of CALEA allows law enforcement authorities with a "court order or other lawful authorization" in their pocket to monitor and record any information transmitted over the Internet from any point on the Internet that they choose. As far as we know, it's up to the service provider to foot the bill for any changes on their network that are needed to allow such activity. CALEA's OriginsCALEA was passed in 1994 and went into effect on January 1, 1995. Its primary aim was to ensure that law enforcement agencies had the same type of wire tap access to digital phone systems that they had been used to with the analog and mechanical phone systems that had operated for many years before. Digital phone systems no longer had a wire to tap, at least not at the phone company office. Instead, some kind of digital device, like a computer, had to be used to intercept conversations and CALEA required telecommunications companies to provide such an interface for law enforcement use. CALEA also mandates that call identifying information be made available as well. So, how did we get from tapping phone conversations to monitoring Internet traffic under CALEA? The answer is found in the FCC order which was released on September 23 of this year. This was in response to a March 10, 2004 petition by the Department of Justice "asking the Commission to declare that broadband Internet access services and VoIP services are covered by CALEA." The resulting FCC order reads either as a brilliantly constructed legal argument or a guaranteed "A" in a creative writing class, depending upon your point of view. The World According to the FCCThe FCC's extension of CALEA is based upon the "Substantial Replacement Provision" (SRP) of the law (section 102(8)(B)(ii)). That provision allows for a telecommunications carrier to be defined as "a person or entity engaged in providing wire or electronic communication switching or transmission service to the extent that the Commission finds that such service is a replacement for a substantial portion of the local telephone exchange service. . . ." The definition is qualified, however, to exclude "persons or entities insofar as they are engaged in providing information services. . . ." CALEA defines information services to include "electronic publishing" and "electronic messaging services." You would think that Internet services, which primarily consist of publishing and messaging services, would be exempt from CALEA. However, the current FCC commissioners think otherwise. They aver that "while the storage of an e-mail message falls within CALEA's Information Services Exclusion, the transmission of an e-mail message is subject to CALEA." The Communications Act, last amended in 1996, defines many regulations concerning telecommunications services and information services. In their CALEA order, the FCC states, "We thus find that the classification of a service as an information service under the Communications Act does not necessarily compel a finding that the service falls within CALEA's Information Service Exclusion." In other words, if it walks like a duck and quacks like a duck, the FCC is in no way willing to concede that it is a duck. The FCC argues that "broadband Internet access providers satisfy each of the three prongs of the SRP: (1) they are providing a switching or transmission functionality; (2) this functionality is a replacement for a substantial portion of the local telephone exchange service, specifically, the portion used for dial-up Internet access; and (3) public interest factors weigh in favor of subjecting broadband Internet access services to CALEA." They claim that "broadband Internet access service providers provide a replacement for a substantial portion of the local telephone exchange service, specifically, the portion of local telephone exchange service that provides subscribers with dial-up Internet access capability." CALEA and Higher EducationUsing their own logic, their argument seems to exempt most U.S. universities from coverage under this order. Most universities made initial connections to the Internet with leased data lines and never utilized dial-up Internet access capability. Therefore it seems hard to claim that university facilities have replaced substantial portions of the local telephone exchange service. However, I'm sure that the FCC's response would be, "Commenters have not persuaded us otherwise." A number of responses to the CALEA order have come from the higher education and research community. The American Council on Education (ACE), a coordinating organization for institutions of higher education in the U.S., filed a lawsuit alleging that this order would represent a $7 billion expense to colleges and universities and would thus be an inefficient approach to providing law enforcement access. ACE also recently submitted comments to the FCC arguing that "Higher education and research institutions should be exempt from new . . . rules" because "Congress never intended to impose the burdens and cost of CALEA compliance on the information services provided on a non-common-carrier basis by educational and research institutions." Another last-minute comment to the FCC came from a group of network organizations connected to the NLR. They argue that networks such as Internet2 and the NLR are private facilities and any monitoring should be done where such private networks connect to commercial Internet service providers. This seems consistent with the provision of CALEA which exempts private networks from the same law enforcement assistance as other telecommunications networks. It remains to be seen whether this argument will sway the FCC. More information on CALEA's relation to and impact on higher education can be found on a site maintained by EDUCAUSE. It's important to note that the September 23 FCC order is the first of a two-part ruling. In the coming months they will issue an other order which defines the "assistance capabilities required" and the "entities subject to CALEA." The comment period for influencing these decisions closed as of November 14, 2005. 1984 ReduxAs a backdrop to the activation of this FCC order, we have Congress considering to make permanent many provisions of the USA Patriot Act. Among these is the ability of the FBI to issue national security letters. According to a November 11 Washington Post story, "A national security letter cannot be used to authorize eavesdropping or to read the contents of e-mail. But it does permit investigators to trace revealing paths through the private affairs of a modern digital citizen. The records it yields describe where a person makes and spends money, with whom he lives and lived before, how much he gambles, what he buys online, what he pawns and borrows, where he travels, how he invests, what he searches for and reads on the Web, and who telephones or e-mails him at home and at work." The Post states in the same article that there have been more than 30,000 of these letters issued per year since the Patriot act originally passed. Is it paranoia if Big Brother really is watching?
|
