FCC Reinstates CALEA Surveillance Capabilities 113
This is a complex issue that we don't cover very often, so it requires some background. CALEA is the Communications Assistance for Law Enforcement Act. EPIC has a set of pages about CALEA, a law enacted in 1994 to require telephone companies to build "tap-ability" into their communications equipment. This is voice traffic, not data - don't get this confused with Carnivore, the FBI's tool for slurping down internet traffic. At the time, carriers were transitioning from analog networks to digital ones, and there was some concern that the new digital network would not permit the FBI to listen in easily. Due to the possible expenses incurred by the telephone companies in implementing this, Congress greased the skids with a $500,000,000 (yes, that's half a billion dollars) grant to the companies. Congress granted the FCC the power to decide exactly how to implement this, and the FCC asked for comments. The FBI suggested that the rules should make sure lots of information was available to the FBI, the civil liberties groups suggested that the rules should make sure little information (or at least no more than was available in the old analog system) was available to the FBI, and the phone companies suggested that the rules be inexpensive.
Let's go back in time a moment to look at the old, analog way of doing things. In a nutshell, there are two different ways to conduct a government search on someone's telephone calls: you can search to see who was calling who, or you can search to get the actual content of a telephone call. The first type of search is called a pen register or trap and trace. The pen register is the list of phone numbers you've called. Trap and trace gets the numbers of people who call you. These were (at one time) literal devices which would be physically attached to your phone line. Both of these have been seen by the courts and Congress as much less private (after all, you're "giving" the information to the phone company with every call) than the actual content of your calls, which can only be obtained with a wiretap. Under the old rules, getting pen register or trap and trace information requires only a simple warrant, issued by any judge. Under the law, the judge does not even have the discretion to refuse to issue the order! Nor should you get the impression that this is solely the FBI. Many states allow similar telecommunications searches, and in fact state law enforcement does the bulk of them.
The open question was, with many new digital phone services becoming available, what information would be obtainable with the (non-refusable) pen register or trap and trace-type order, and what would require a real search warrant where a judge is supposed to exercise his discretion in deciding whether to grant it or not? That is, in what cases would "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." be applied, and in what cases would the government be allowed to simply take the information without meeting those requirements?
Eventually the FCC released its interpretation of what the phone companies should do to implement CALEA. The FCC required several things that were "new" and expanded law enforcement's surveillance abilities. One requirement was that all the digits you dial after the call is put through be recorded and provided. So if you dial your bank to transfer funds to checking, or dial your voicemail to retrieve it, or send a message to someone's pager, your bank account number and PIN, your voicemail password, whatever you sent to the pager - all that can be retrieved without a search warrant by any law enforcement official. The FCC also required that if you were using a cell phone, that your physical location be provided as well. They required that if more than two people were on the line, complete information about who joined or dropped out of the conference call be made available. Similarly, data about call waiting or call forwarding was to be provided if these were used. And finally, if you were using VOIP, the government could get all the headers of all your packets sent during the call.
Cue the lawsuits. Civil liberties groups were concerned that the rules were too broad, the FBI was happy (the FCC had given them all they could want), and the telephone companies were concerned that the changes would be too expensive. The civil liberties groups and the telecom industry filed suits to force the FCC to revise its order.
In the case at hand, the telecom industry sued, claiming various things but attempting, in general, to reduce the cost of compliance. The lawsuit was partially successful. The court rejected certain aspects of the FCC's order, and accepted the cell-location and packet-headers parts. The reason for rejecting the other parts was basically that the FCC did not justify itself sufficiently - there are various requirements, created by previous courts, that when an agency creates rules like this that will have the force of law, that they do so in a reasonable and justified manner. The court felt that the stricken requirements did not meet this standard, and chucked the ball back into the FCC's court.
Fast-forward to today. The FCC has reinstated all of the four requirements that were stricken by the courts, and this time it took pains to justify itself. That's what the Reuters article linked above is talking about, and you can read the order yourself in text or in PDF.
There are other lawsuits filed against CALEA that have not yet concluded. Rulings in those may be expected this summer.
As a sidenote, a great many other laws have passed since then expanding other surveillance activities. Under them, the government can now record your internet-browsing activities in much the same way as they can can trace your phone calls - without judicial supervision. If you haven't already, you might wish to read more about the PATRIOT Act.
Cell phones and the like. (Score:2, Insightful)
Re:Cell phones and the like. (Score:1)
I think there should be locator devices on all cars.
Cars are frequently used in criminal activities because of their mobility. I'm not saying this post is right or wrong, but at least they aren't putting beacons on your body.. While criminals could just switch to say, walking, to do their bidding, cars are a lot more convenient. Even if some do change their plates/cars every two days.
Re:Cell phones and the like. (Score:1)
Re:Cell phones and the like. (Score:3, Insightful)
Little things add up. You need to balance the privacy violations with the good. Now, the problems with todays legal system is not what Law Enforcement is allowed to do, its how often and how easy it is for them to justify and get 'permission' to do it.
And by the way, there is no OPTION. We should have life, liberty and the pursuit of happiness. All laws enacted LIMIT our fullscale freedom. They arent enacted to add to, or enhance. If you try the 'option' bs then we can all agree that everything but eating and sleeping is optional in life. Its a pathetic argument. Point is: We start with EVERYTHING, every opportunity. Those are limited for the good of everyone(Ie: killing people is not legal.) by laws. Basically...its not about priveleges, its all about limiting your initial 3 rights. =-] (Sure some 'priveleges' are created from those limits)
So...how much do you want to give up today? =-]
Re:Cell phones and the like. (Score:2)
Re:Cell phones and the like. (Score:2)
The issue is not the technical ability. The issue is, under what circumstances can this be used? What justification does law enforcement have to offer? With pen-register, the answer is, "Virtually none." With wiretap, it's the same as a physical search. Which should cell phone content be considered? How about routing info?
If you mistake this post for legal advice, well, the court'll probably at least find that you're not mentally competent to stand trial...
Re:Cell phones and the like. (Score:1)
You need to modify this with "some"
In San Diego you *have* to drive or your life is practically worthless. Public transportation is crap and the city is huge geographically for its population.
Re:Cell phones and the like. (Score:1)
Have you ever actually tried the bus or the train? San Diego has an excellent system.
Driving is a hassle. Ride the bus and read the paper, relax on the way to work tomorrow.
Re:Cell phones and the like. (Score:1)
I haven't ridden the bus in years here, but it took a loooong time to get anywhere.
I worked downtown for a while and took the trolley. It works well, but only if you are near to a station, and have a car to get to the station. It would add at least an hour to bus to the trolley station and back.
Driving is a hassle.
True
Ride the bus and read the paper, relax on the way to work tomorrow.
Unfortunately this won't work for me. I am self employed and do consulting for companies all over the county: downtown, Sorrento Valley, Carlsbad, etc.
Granted this is a somewhat unusual situation, but I spent a few weeks in London in September and was amazed by the public transportation system. This is even given that most Londoners seemed to be bitching about how it's gone way downhill recently.
Re:Cell phones and the like. (Score:2)
I guess my New York roots are showing. Any city without an adequate public transit system is, IMHO, not a "major" city.
Re:Cell phones and the like. (Score:1)
If you are using this as part of your definition of major city, then it's not arguable since it's a definition, but by most other definitions, LA is a major city and public transportation there is crap.
Re:Cell phones and the like. (Score:2)
I don't have a problem with phone tapping when supervised by a strict, non-trivial judicial process and oversight. But the FCC appears to be making all sorts of new information obtainable with what is more or less a mandatory sign-off. That's trivial, and makes it far too easy (and much more likely to be abused).
I don't want law enforcement to be unnecessarily hindered when they're honestly working on a case, but I darn-well want the cops to be able to justify exactly why they need such broad taps before they're allowed to conduct them. "Ummm... cause he looks funny" appears to be a perfectly valid reason under these regs, and that's not good enough.
Re:Cell phones and the like. (Score:2)
Hehe, You know that would be veto'ed!
Re:Cell phones and the like. (Score:1)
Who didn't see this coming? (Score:2, Interesting)
I wonder when the word "privacy" will altogether disappear from English dictionaries....
-kwishot
Re:Who didn't see this coming? (Score:1)
Re:Who didn't see this coming? (Score:2, Insightful)
Ooooh, so it will still be in British-English dictionaries, where an estimated 300,000 closed-circuit TV cameras [privacy.org] monitor your movement on the streets?
Re:Who didn't see this coming? (Score:2)
Re:Who didn't see this coming? (Score:1)
Nobody's monitoring your conversations without a warrant. They're able to see who you're calling and who is calling you, which they can do already.
Re:Who didn't see this coming? (Score:1)
Then it happens again. And again we agree and allow our rights to be taken away, slowly, one at a time. Evermore, they keep chiseling away, one little freedom at a time, until... THEY'RE ALL GONE!!
And the scary thing is... (Score:1)
Definition of Privacy (Score:5, Funny)
Of course it'll always be there. See:
Privacy \Pri"va*cy\, n.; pl. Privacies. [See Private.]
1. The state of acting in secret in order to plot a terrorist activity. "The terrorist needed privacy so nobody could see the bomb he was preparing."
2. A dubious cause that various underground bodies like the ACLU (American Criminal Liberties Union) and the EFF (Electronic Fear Foundation) rally around.
3. (slang) General descriptor of something which threatens security and freedom. "That new bill Senator Jones is introducing is horrible. It's a privacy!" or "Encryption is a privacy to all we hold dear."
One phrase : "http://Cryptome.org" ! (Score:3, Informative)
You might need to spend a bit in there but you will find the goods. Please DO NOT xfer files in bulk. Its running financially strapped. You should buy cdrom archives of the bulk of it before the site suffers and dwindles from bandwidth abuse.
Re:One phrase : "http://Cryptome.org" ! (Score:1)
Theres something to be said about pricepoints, sure the info is worth much more than that...but I bet the number of people buying cds would increase exponentially if the price were lower =-]
Re:One phrase : "http://Cryptome.org" ! (Score:1)
Cryptome should definitely consider a P2P network for transfering their files. I'm thinking along the lines of BitTorrent [bitconjurer.org]. This would no doubt cut down on their "financially strapped" bandwidth while increasing it for everyone else downloading.
Just more proof. (Score:1, Interesting)
tcd004
Re:Just more proof. (Score:1)
<- Your Groin
http://www.lostbrain.com/verzon/safetychart.html [lostbrain.com]
Mirror (Score:1, Funny)
well... (Score:3, Informative)
The US Govt is already monitoring _us_ (Score:1)
Here in the UK, Echelon (www.echelonwatch.org) listens to all cellphone communications and all microwave relays (some of which transmit 'landline' calls) already.
Big Brother may not be watching yet - but he's listening vey hard.
Re:well... (Score:2)
Re:well... (Score:1)
Wording... (Score:3, Interesting)
Although we understand "call- identifying information" to consist of both dialing and signaling information that may or may not be described in terms of telephone numbers, we emphasize that not all dialing and signaling information is "call-identifying information." For example, parties using bank- by- phone systems, automated prescription renewal services, and voicemail systems often enter account numbers, prescription numbers and passcodes that do not affect how the network processes the ongoing call. To reach this distinction, we look at the definition of "call- identifying information":
"dialing or signaling information that identifies the origin, direction, destination, or termination of each communication generated or received by a subscriber by means of any equipment, facility, or service of a
telecommunications carrier." 81 While some dialing or signaling information identifies the origin, direction, destination, or termination of a communication, 82 other dialing or signaling information - such as a bank account number - clearly does not. Again, an analysis of traditional pen register surveillance supports this distinction. During a traditional pen register surveillance, a LEA receives all signals that are
sent from the intercept subject to the carrier, including 'off- hook' and 'on- hook' signals, hook flashes, ringing tones and busy signals. 83 Because special equipment is used to identify and record those audio
signals used in call processing, the traditional model recognizes that there is a distinction between audio signals that are call content and audio signals that are call- identifying. 84 This model also supports a broad interpretation of what "identifies" the origin, direction, destination, or termination of a communication.
------
I've been briefly looking over the document, and I can't seem to find where they specifically say that they want access to the call *content*. In fact, they seem to be saying that their original intent (to get call-identifying information) was misinterpreted to mean call-content.
Maybe I just haven't found it yet, but does anyone know which part specifically says that they need access to call *content*?
-kwishot
Re:Wording... (Score:2)
Re:Wording... (Score:1)
Of course, I highly doubt that they'll actually make any sort of distinction between your dialing a number that routes phone calls and any other numbers, so they'd be able to get content information in the process, without a pesky warrant standing in their way.
Fortunately, touch tone voice-mail type systems may be going the way of the dinosaur as good voice-recognition/dialog systems become adopted.
Re:Microsoft is Advertising on Slashdot (Score:1)
Not that thats a bad thing, supporting a site like slashdot is a good thing to do. (Posting this after browsing slashdot ad-free)
Re:Microsoft is Advertising on Slashdot (Score:1)
Microsoft is funding Slashdot to continue being anti-MS. Works for me.
bah.... (Score:4, Insightful)
Also, because the judge initially rejected the FCC interpretation due to lack of justification doesnt mean he'll approve it because they "justified" it. He only rejected them the first time because EPIC et al said they didnt provide justification, and the judge agreed. Now (if I know legal patterns well enough) EPIC et al is going to be challenging those justifications, making the judge decide on the merits of the FCC's justification. Only after the judge gives the ok to the FCC does this actually become a real issue (for those who care about it).
I would actually agree to this... (Score:2)
I would agree to this, if it were explicitly stated that the companies were legally required to refuse the information if a specific warrant is not shown to the company.
That's just it. The FBI can search whatever the heck of mine they want, if they show me a warrant first. No sooner.
Re:It's the Republicans! (Score:2)
Re:It's the Republicans! (Score:3, Insightful)
I would be a Republican, but I dont want forced Religion.
I would be a Democrat, but I dont want political correctness.
I would be a Libertarian [lp.org], if they could win.
Maybe a Party already exists with Slashdot values.
* WASHINGTON, DC -- A new federal regulation that turns every cellular phone into a "homing beacon" -- and allows the government to pinpoint the exact location of a phone call -- is an ominous development with troubling implications for privacy, the Libertarian Party said today.
* The Libertarian Party joined with thousands of concerned Internet users in "turning its web pages black" in protest of President Clinton's signing the unconstitutional "Communications Decency Act" in 1995.
* The Libertarian Party continues to speak out today against the attempts by Democrats and Republicans to find loop-holes in the First Amendment, so they can turn the Internet into a government-controlled medium.
-
Every decent man is ashamed of the government he lives under. - H. L. Mencken (1880 - 1956)
Re:It's the Republicans! (Score:1)
http://www.boston.com/dailynews/101/economy/New
so? (Score:1)
Hmm. (Score:3, Funny)
Well, I certainly hope this helps us put a stop to those pesky terrorists. After all, look how well the RICO laws worked at eliminating organized crime.
--saint
Cue obligatory rant about the book 1984... (Score:1)
You don't need GPS in the phone. (Score:3, Interesting)
The network doesn't need GPSes in the phone to locate the phone:
The existing base stations already locate the phone by relative signal strength, at a minimum, to decide which station is the best one to contact it. They do this as a separate transaction before actually ringing the phone. If you don't have a monitor on the phone to let you know every time it transmits you won't know if they're pinging it.
With a very small software upgrade the phone companies can trivially locate the phone to the resolution of the nearest cell tower whenever it is being used, and with a very slightly more extensive software upgrade they can ping it but not ring it, and tell the police the results.
The base stations can also measure the round-trip delay to the phone, thus obtaining the radius of a sphere centered on the cell antenna. The phone will be on the surface of that sphere if the path is direct, slightly inside it if the path takes a bounce. (The intersection of the sphere with the earth's surface is a circle if the ground is level.) With two base stations the phone is located to the intersection of two spheres - a vertical circle intersecting the ground at two points. With three base stations (that aren't on a straight line but are at the same altitude) you typically get one or two points in space, and if it's two they're one above the other. Bingo.
Of course this also works just pinging the phone without ringing it. There's a variant that lets the one handling the call or pinging the phone provide timing info to others that are passively monitoring.
This capability is already deployed in some cell systems. In at least one city it is used to create traffic condition reports by measuring the speed of active cell phones in traffic on major routes.
These capabilities make it possible to "tail" anyone with a cell phone, any time the phone is powered up.
Once you're being tailed the location data can be archived, then data-mined to to create a dossier of your typical behavior, then call for a cop's attention if you deviate from your normal travel habits.
One of the reasons the mandate is so expensive is it requires enough equipment to simultaneously monitor an ENORMOUS number of phones. (Something like a third of all of them or a third of the calls in progress, if I recall old news items correctly.) It's not enough to continuously monitor everybody all the time. But I seem to recall thinking that it IS enough to monitor everybody with a criminal record or a green card, even in "high-crime" residential areas, plus all the pay phones. (Am I confused on this?) Of course cell-phone location monitoring, rather than call content monitoring, isn't a big load once the software is in place to do it at all. So that can be done to ALL the cellphones ALL the time.
Let's see, with GPS installed and phone taps readily available now, doesn't that make anyone else here just a wee bit uneasy about using a cell phone?
Yep.
Makes me want to turn off my phone (and remove the battery) whenever I'm not actually making a call, and to use a vending-machine calling card in payphones when on vacation.
Re:Cue obligatory rant about the book 1984... (Score:1)
Re:Cue obligatory rant about the book 1984... (Score:1)
The frightening thing is I doubt it would take them long.
Re:Cue obligatory rant about the book 1984... (Score:1)
GPS has nothing to do with this, it works based on how long the signal from your phone takes to hit 3 different cell towers.
It's tiiime... (Score:2)
Re:It's tiiime... (Score:2)
Re:It's tiiime... (Score:1)
Sad.
Re:It's tiiime... (Score:1)
Heh. You can hope in one hand, and shit in the other, and you tell me which one fills up first.
We need money, effort, publicity and a reasonable percentage of politicians bribed to accept our cause, just like the other guys.
Complain (Score:2, Funny)
Re:Complain (Score:1)
At least with this there'd be someone on the other end paying attention to what you're saying!!
Re:Complain (Score:1)
We need a new moderation: +1 sad.
It's equivalent to "funny if it weren't true"
Impossible by that date (Score:2, Informative)
Bin Laden (Score:1)
What's really behind this? (Score:2, Informative)
The elite must be worried, so they need to tighten the grip on us. Too many people busy trying to figure out what really happened [whatreallyhappened.com] last September, and there is a real danger to the forces in power that democracy might break out.
--Mike--
Re:What's really behind this? (Score:1, Offtopic)
--Mike--
Where do Un-enumerated Rights go... (Score:2)
How the CALEA system works (Score:1)
There's nothing in anything I've read in the docs that say law enforcement will be able to remotely initiate a wiretap with CALEA, but you don't have to be a brain surgeon to figure out how to setup a few switch trunks to handle that, either.
Anyhow... my thoughts for whatever it's worth...
CALEA infrastructure compromised (Score:3, Interesting)
What I have found particularly striking is the extensive effort made to suppress this story.
I'm not sure how much of this story I believe, here are some other (mostly right-wing) sites that covered this:
Re:CALEA infrastructure compromised (Score:1)
Into the Buzzsaw [amazon.com] covers several cover-ups by the media. I have not finished reading it so I cannot say if it covers the Israeli/CALEA story you mention. With that said, after reading this book a coverup is neither hard to believe nor even far-fetched.
Not to mention that if we are willing to coverup the Israeli attack against the Liberty, why not this? Attack on the USS Liberty [logogo.net]
Spooky stuff, this... (Score:2)
So if you dial your bank to transfer funds to checking, or dial your
voicemail to retrieve it, or send a message to someone's pager, your bank account
number and PIN, your voicemail password, whatever you sent to the pager - all
that can be retrieved without a search warrant by any law enforcement official.
So let's say a LEO gets your PIN for your bank account. Would this give said LEO the right to access the account? Worse yet, if the LEO was corrupt, the issue would be moot: You'd be cleaned out in a heartbeat.
I wonder how long it will be before someone comes up with a digital scrambler for secure communications...a pay-per-call "anonymizer" service designed to obfuscate called numbers...hacks to obfuscate one's own phone number...or would all of these be prohibited by the DMCA?
The process isn't streamlined at all... (Score:3, Informative)
My company produces software for law enforcement agencies. A large part of my peronal job has been to write routines to 'import' the data that the telcos and such give the LEOs (law enforcement officers).
The telcos don't like doing this at all. While some give us nice comma-delimited files, others give terminal screen prints (imagine looking at the data on a terminal, hitting 'printscreen to file', pgdn, 'printscreen to file', pgdn, and so on), and even worse formats, such as PDF (without the data in 'strippable' format). I'm surprised they haven't given us pure image files yet.
From what I'm told, the law that the says the telcos have to provide this data pretty much says that they have to provide it in 'electronic form'. So sending it in PDF/Word/Excel formats technically compiles, but of course it's hardly usable. Supposedly it's a big pissing match between the FBI, saying, "Provide us this data; we have a law that says you have to!", and the telcos, saying, "OK, here 'ya go! 'Electronic' form it is! (and no more)".
This really hurts the non-FBI LEOs; if we weren't handling this data for them, they'd have a bitch of a time scaling their wiretapping. The FBI, on the other hand, has gobs of resources to hire data-entry people to type the PDF's and such back in. So they might be your Big Brother, but your local PD certainly isn't; they're at the the mercy of the telcos.
Security in code/Security in life (Score:2)
Arent these two ideals in total contradiction to each other? what am I missing?
Re:Security in code/Security in life (Score:2, Insightful)
I may not mind showing you the PHP scripts I'm using to generate web pages. I'll be dammed if I'm going to let you sniff traffic to get the passwords used to log into the database server though...
Nice try, though.
Re:Security in code/Security in life (Score:2)