WIRED 2.04

Electrosphere

The End Of Privacy

Did you know there's a working group of security agents and telecommunications companies designing backdoors into the information infrastructure? Now you do.

By Brock N. Meeks

[Note: The following article will appear in the April 1994 issue of WIRED. We, the editors of WIRED, are net-casting it now in its pre-published form as a public service. Because of the vital and urgent nature of its message, we believe readers on the Net should hear and take action now. You are free to pass this article on electronically; in fact we urge you to replicate it throughout the net with our blessings. If you do, please keep the copyright statements and this note intact. For a complete listing of Clipper-related resources available through WIRED Online, send email to with the following message: "send clipper.index". - The Editors of WIRED]

If privacy isn't already the first roadkill along the information superhighway, then it's about to be. The panel members didn't try to finesse the subject. They went right for the privacy jugular, saying law enforcement agencies wanted to "front load" the NII with trapdoor technologies that would allow them easy access to digital conversations, including capturing electronic communications midstream.

But these are tools the "good guys" said would be used only to catch the "bad guys." Honest. We hard-working, law-abiding citizens have nothing to fear from these cops selling out our privacy rights to make their jobs easier. Nope, we can rest easy, knowing that child pornographers, drug traffickers, and organized crime families will be sufficiently thwarted by law enforcement's proposed built-in gadgetry, which they want to hang off every telephone and data network, not to mention fax machine and PBX.

There's just one small crack in this logic: No law enforcement agency has yet proven it needs all these proposed digital trapdoors. In fact, "Right now most law enforcement personnel don't have any idea what the NII is," this according to Assistant US Attorney Kent Walker, who appeared on the panel.

Gore Gives Go Ahead

In January, Vice President Gore had promised that the White House would work to ensure that the NII would "help law enforcement agencies thwart criminals and terrorists who might use advanced telecommunications to commit crimes." Panel members representing the Justice Department, FBI, and US Attorney's office said they had taken his promise as a tacit approval of their proposals to push for digital wiretap access and government-mandated encryption policies.

Gore buried those remarks deep in a speech he made in Los Angeles in which he fleshed out how the administration planned to rewrite the rules for communications in a new, perhaps more enlightened age. His pledge went unnoticed by the mainstream press.

Notwithstanding that it fell on reporters' deaf ears, Gore dropped a bombshell. Forget Ross Perot's NAFTA-inspired "giant sucking sound." This was the dull "thump" of Law Enforcement running over the privacy rights of the American public on its way **at the on-ramp??**to the information superhighway. The real crime is that the collision barely dented the damn fender.

Walker blithely referred to this cunning, calculated move to install interception technologies all along the information superhighway as "proactive" law enforcement policy. Designing these technologies into future networks, which include all telephone systems, would ensure that law enforcement organizations "have the same capabilities [they] enjoy right now," Walker said.

For today's wiretap operations, the Feds must get a court to approve their request, after supplying enough evidence to warrant one. But Walker seemed to be lobbying for the opposite. Giving the Feds the ability to listen in first and give justification later amounts to "no big difference," he said. Besides, "it would save time and money."

And Walker promised that law enforcement would only use this power against evil, never abusing it. "Frankly, I don't see the empirical evidence that law enforcement agencies have abused [wiretap authority]," he said. With a straight face.

It's Us vs. Them

For Walker, privacy issues weighed against law-enforcement needs is a black-and-white, or rather good-guys-versus-bad-guys, issue. For example, he said, the rapid rise of private (read: not government-controlled) encryption technologies didn't mean law enforcement would have to work harder. On the contrary, "it only means we'll catch fewer criminals," he said.

But if law enforcement is merely concerned with the task of "just putting the bad guys in jail," as James Settle, head of the FBI's National Computer Crime Squad insists, then why are we seeing a sudden move by government intelligence agencies into areas they have historically shied from? Because law enforcement agencies know their window of opportunity for asserting their influence is open right now, right at the time the government is about to make a fundamental shift in how it deals with privacy issues within the networks that make up the NII, says David Sobel, general counsel for Computer Professionals for Social Responsibility, who also addressed the Working Group on Privacy.

"Because of law enforcement's concerns (regarding digital technologies), we're seeing an unprecedented involvement by federal security agencies in the domestic law enforcement activities," Sobel said, adding that, for the first time in history, the National Security Agency "is now deeply involved in the design of the public telecommunications network."

Go ahead. Read it again.

Sobel backs up his claims with hundreds of pages of previously classified memos and reports obtained under the Freedom of Information Act. The involvement of the National Security Agency in the design of our telephone networks is, Sobel believes, a violation of federal statutes.

Sobel is also concerned that the public might soon be looking down the throat of a classified telecommunications standard. Another move he calls "unprecedented" is that - if the National Security Agency, FBI, and other law enforcement organizations have their way - the design of the national telecommunications network will end up classified and withheld from the public.**These two sentences are the same**

Sobel is dead on target with his warnings.

The telecommunications industry and the FBI have set up an ad hoc working group to see if a technical fix for digital wiretapping can be found to make the bureau happy. That way, legislation doesn't need to be passed that might mandate such FBI access and stick the Baby Bells with the full cost of reengineering their networks.

The industry-FBI group was formed during a March 1992 meeting at the FBI's Quantico, Virginia, facilities, according to previously classified FBI documents released under the Freedom of Information Act. The group was only formalized late last year, under the auspices of the Alliance for Telecommunications Industry Solutions. The joint group operates under the innocuous sounding name of the Electronic Communications Service Provider Committee.

The committee meets monthly, pursuing a technological "solution" to the FBI's request for putting a trapdoor into digital switches, allowing agents easy access to phone conversations. To date, no industry solution has been found for the digital-wiretap problem, according to Kenneth Raymond, a Nynex telephone company engineer, who is the industry co-chairman of the group.

Oh, there's also a small, but nagging problem: The FBI hasn't provided concrete proof that such solutions are needed, Raymond said. Sobel, of Computer Professionals for Social Responsibility, raised this same point during the panel discussion.

The telecommunications industry is "trying to evaluate just what is the nature of the [digital-access] problem and how we can best solve it in some reasonable way that is consistent with cost and demand," Raymond said. One solution might be to write digital wiretap access into future switch specifications, he said.

If and when the industry does find that solution, do you think the FBI will put out a press release to tell us about it? "I doubt it very much," said FBI agent Barry Smith of the Bureau's Congressional Affairs office. "It will be done quietly, with no media fanfare."

Underscoring Sobel's warnings was the little-noticed move by the Commerce Department to establish the Federal Wireless Policy Committee. The work of this seemingly benign committee will be "invaluable" as the administration evaluates key issues in wireless communications with the NII, said Larry Irving, administrator of the National Telecommunications Information Agency. But the devil is in the details. The policy committee's four subcommittees include Policy, Standards and Requirements, Security and Privacy, and Acquisitions. Standards and Requirements is headed by Richard Dean, a National Security Agency official. And Security and Privacy is to be chaired by Raymond Kammer of the National Institute of Standards and Technology. Kammer's organization, of course, is knee-deep responsible for the government's Clipper Chip encryption scheme.

Is it just me or are these headlights getting awfully close?

The FBI's Settle is also adamant about trapdoor specifications being written into any blueprints for the National Information Infrastructure. But there's a catch. Settle calls these "security measures," because they'll give his office a better chance at "catching bad guys." He wants all networks "to be required to install some kind of standard for security." And who's writing those standards? You guessed it: The National Security Agency, with input from the FBI and other assorted spook agencies.

Settle defends these standards, saying that the "best we have going for us is that the criminal element hasn't yet figured out how to use encryption and networks in general. When they do, we'll be in trouble. We want to stay ahead of the curve."

In the meantime, his division has to hustle. The FBI currently has only 25 "Net literate" personnel, Settle admitted. "Most of these were recruited two years ago," he said. Most have computer science degrees and were systems administrators at one time, he said.

You think that's funny? Hell, the Net is still a small community, relatively speaking. One of your friends is probably an FBI Net snitch, working for Settle.

Don't laugh.

The law enforcement establishment doesn't think you really know what you expect when it comes to privacy.

Assistant US Attorney Walker said: "If you ask the public, 'Is privacy more important than catching criminals?' They'll tell you, 'No.'"

(Write him with your own thoughts, won't you?) **e-mail addresses here for our outraged readers to express themselves - We haven't got addresses for Walker. There's president@whitehouse.gov and vice- president@whitehouse.gov....**

Because of views like Walker's, the Electronic Communications Privacy Act "needs to be broader," said Mike Godwin, legal counsel for the Electronic Frontier Foundation. The act protects transmitted data, but it also needs to protect stored data, he said. "A person's expectation of privacy doesn't end when they store something on a hard disk."

But Walker brushed Godwin aside, saying, "It's easy to get caught up in the rhetoric that privacy is the end all be all." **correct cliche is "the be- all and end-all"**

Do you have an expectation of privacy for things you store on your hard disk, in your own home? Walker said that idea is up for debate: "Part of this working group is to establish what is a reasonable expectation of privacy."

That's right. Toss everything you know or thought you knew about privacy out the window, as you cruise down the fast lane of the information superhighway. Why? Because for people like Walker, those guardians of justice, "there has to be a balance between privacy needs and law enforcement needs to catch criminals."

Balance, yes. Total abrogation of my rights? Fat chance.


Brock N. Meeks (brock@well.sf.ca.us) is a frequent contributor to WIRED. He is a reporter for Communications Daily, a Washington, DC-based trade publication.

[an error occurred while processing this directive]