From: mech@eff.org (Stanton McCandlish) EFF SUMMARY OF THE EDWARDS/LEAHY DIGITAL TELEPHONY BILL ======================================================= OVERVIEW -------- The Edwards/Leahy Digital Telephony bill places functional requirements on telecommunications carriers in order to enable law enforcement to continue to conduct authorized electronic surveillance. It allows a court to impose fines on carriers that violate the requirements, and mandates that the processes for determining capacity requirements and technical standards be open and public. The bill also contains significant new privacy protections; including an increased standard for government access to transactional data (such as addressing information contained in electronic mail logs), a requirement that information acquired through the use of pen registers or trap and trace devices not disclose the physical location of an individual, and an expansion of current law to protect the radio portion of cordless telephone conversations from unauthorized surveillance. SCOPE OF THE BILL. WHO IS COVERED? ----------------------------------- The requirements of the bill apply to "telecommunications carriers", which are defined as any person or entity engaged in the transmission or switching of wire or electronic communications as a common carrier for hire (as defined by section 3 (h) of the Communications Act of 1934), including commercial mobile services (cellular, PCS, etc.). The bill also applies to those persons or entities engaged in providing wire or electronic communication switching or transmission service to the extent that the FCC finds that such service is a replacement for a substantial portion of the local telephone exchange. The bill does not apply to online communication and information services such as Internet providers, Compuserve, AOL, Prodigy, and BBS's. It also excludes private networks, PBX's, and facilities which only interconnect telecommunications carriers or private networks (such as most long distance service). REQUIREMENTS IMPOSED ON CARRIERS -------------------------------- Telecommunications carriers would be required to ensure that they possess sufficient capability and capacity to accommodate law enforcement's needs. The bill distinguishes between capability and capacity requirements, and ensures that the determination of such requirements occur in an open and public process. CAPABILITY REQUIREMENTS ----------------------- A telecommunications carrier is required to ensure that, within four years from the date of enactment, it has the capability to: 1. expeditiously isolate the content of a targeted communication within its service area; 2. isolate call-identifying information about the origin and destination of a targeted communication; 3. enable the government to access isolated communications at a point away from the carrier's premises and on facilities procured by the government, and; 4. to do so unobtrusively and in such a way that protects the privacy and security of communications not authorized to be intercepted (Sec. 2601). However, the bill does not permit law enforcement agencies or officers to require the specific design of features or services, nor does it prohibit a carrier from deploying any feature or service which does not meet the requirements outlined above. CAPACITY REQUIREMENTS --------------------- Within 1 year of enactment of the bill, the Attorney General must determine the maximum number of intercepts, pen register, and trap and trace devices that law enforcement will require four years from the date of enactment. Notices of capacity requirements must be published in the Federal Register (Sec. 2603). Carriers have 4 years to comply with capacity requirements. PROCESS FOR DETERMINING TECH. STANDARDS TO IMPLEMENT CAPABILITY REQUIREMENTS ---------------------------------------------------------------------------- Telecommunications carriers, through trade associations or standards setting bodies and in consultation with the Attorney General, must determine the technical specifications necessary to implement the capability requirements (Sec. 2606). The bill contains a 'safe harbor' provision, which allows a carrier to meet its obligations under the legislation if it is in compliance with publicly available standards set through this process. A carrier may deploy a feature or service in the absence of technical standards, although in such a case the carrier would not be covered by the safe harbor provision and may be found in violation. Furthermore, the legislation allows any one to file a motion at the FCC in the event that a standard violates the privacy and security of telecommunications networks or does not meet the requirements of the bill (Sec. 2606). If petitioned under this section, the FCC may establish technical requirements or standards that: 1) meet the capability requirements (in Sec. 2602); 2) protect the privacy and security of communications not authorized to be intercepted, and; 3) encourage the provision of new technologies and services to the public. ENFORCEMENT AND PENALTIES ------------------------- In the event that a court or the FCC deems a technical standard to be insufficient, or if law enforcement finds that it is unable to conduct authorized surveillance because a carrier has not met the requirements of this legislation, the Attorney General can request that a court issue an enforcement order (an order directing a carrier to comply), and/or a fine of up to $10,000 per day for each day in violation (Sec. 2607). However, a court can issue an enforcement order or fine a carrier only if it can be determined that no other reasonable alternatives are available to law enforcement. This provision allows carriers to deploy features and services which may not meet the requirements of the bill. Furthermore, this legislation does not permit the government to block the adoption or use of any feature or service by a telecommunications carrier which does not meet the requirements. The bill requires the government to reimburse carriers for all reasonable costs associated with complying with the capacity requirements. In other words, the government will pay for upgrades of current features or services, as well as any future upgrades which may be necessary, pursuant to published notices of capacity requirements (Sec. 2608). There is $500,000,000 authorized for appropriation to cover the costs of government reimbursements to carriers. In the event that a smaller sum is actually appropriated, the bill allows a court to determine whether a carrier must comply (Sec. 2608 (d)). This section recognizes that telecommunications carriers may not be responsible for meeting the requirements if the government does not cover reasonable costs. The government is also required to submit a report to congress within four years describing all costs paid to carriers for upgrades (Sec. 4). ENHANCED PRIVACY PROTECTIONS ---------------------------- The legislation contains enhanced privacy protections for transactional information (such as telephone toll records and electronic mail logs) generated in the course of completing a communication. Current law permits law enforcement to gain access to transactional information through a subpoena. The bill establishes a higher standard for law enforcement access to transactional data contained electronic mail logs and other online records. Telephone toll records would still be available through a subpoena. Under the new standard, law enforcement is required to obtain a court order by demonstrating specific and articulable facts that electronic mail logs and other online transactional records are relevant and material to an ongoing criminal investigation (Sec. 10). Law enforcement is also prohibited from remotely activating any surveillance capability. All intercepts must be conducted with the affirmative consent of a telecommunications carrier and activated by a designated employee of the carrier within the carrier's facilities (Sec. 2604). The bill further requires that, when using pen registers and trap and trace devices, law enforcement will use, when reasonably available, devices which only provide call set up and dialed number information (Sec. 10). This provision will ensure that as law enforcement employs new technologies in pen register and trap and trace devices, it will not gain access to additional call setup information beyond its current authority. Finally, the bill extends the Electronic Communications Privacy Act (ECPA) protections against interception of wireless communications to cordless telephones, making illegal the intentional interception of the radio portion of a cordless telephone (the transmission between the handset and the base unit). CELLULAR SCANNERS ----------------- The bill makes it a crime to possess or use an altered telecommunications instrument (such as a cellular telephone or scanning receiver) to obtain unauthorized access to telecommunications services (Sec. 9). This provision is intended to prevent the illegal use of cellular and other wireless communications services. Violations under this section face imprisonment for up to 15 years and a fine of up to $50,000. IMPROVEMENTS OF THE EDWARDS/LEAHY BILL OVER PREVIOUS FBI PROPOSALS ------------------------------------------------------------------ The Digital Telephony legislative proposal was first offered in 1992 by the Bush Administration. The 1992 version of the bill: * applied to all providers of wire or electronic communications services (no exemptions for information services, interexchange carriers or private networks); * gave the government the explicit authority to block or enjoin a feature or service that did not meet the requirements; * contained no privacy protections; * contained no public process for determining the capacity requirements; * contained no government reimbursement (carriers were responsible for meeting all costs); * would have allowed remote access to communications by law enforcement, and; * granted telecommunications carriers only 18 months to comply. The Bush Administration proposal was offered on capitol hill for almost a year, but did attract any congressional sponsors. The proposal was again offered under the Clinton Administration's FBI in March of 1993. The Clinton Administration's bill was a moderated version of the original 1992 proposal: * It required the government to pay all reasonable costs incurred by telecommunications carriers in retrofitting their facilities in order to correct existing problems; * It encouraged (but did not require), the Attorney General to consult with telecommunications industry representatives and standards bodies to facilitate compliance, * It narrowed the scope of the legislation to common carriers, rather than all providers of electronic communications services. Although the Clinton Administration version was an improvement over the Bush Administration proposal, it did not address the larger concerns of public interest organizations or the telecommunications industry. The Clinton Administration version: * did not contain any protections for access to transactional information; * did not contain any public process for determining the capability requirements or public notice of law enforcement's capacity needs; * would have allowed law enforcement to dictate system design and bar the introduction of features and services which did not meet the requirements, and; * would have allowed law enforcement to use pen registers and trap and trace devices to obtain tracking or physical location information. * * * Locating Relevant Documents =========================== ** Original 1992 Bush-era draft ** ftp.eff.org, /pub/EFF/Policy/FBI/Old/digtel92_old_bill.draft gopher.eff.org, 1/EFF/Policy/FBI/Old, digtel92_old_bill.draft http://www.eff.org/pub/EFF/Policy/FBI/Old/digtel92_old_bill.draft bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital Telephony; file: digtel92.old ** 1993/1994 Clinton-era draft ** ftp.eff.org, /pub/EFF/Policy/FBI/digtel94_bill.draft gopher.eff.org, 1/EFF/Policy/FBI, digtel94_bill.draft http://www.eff.org/pub/EFF/Policy/FBI/digtel94_bill.draft bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital Telephony; file: digtel94.dft ** 1994 final draft, as sponsored ** ftp.eff.org, /pub/EFF/Policy/FBI/digtel94.bill gopher.eff.org, 1/EFF/Policy/FBI, digtel94.bill http://www.eff.org/pub/EFF/Policy/FBI/digtel94.bill bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital Telephony; file: digtel94.bil ** EFF Statement on sponsored version **