What Limits For Warrantless Wiretapping?

By Susan Kuchinskas

April 10, 2008

SAN FRANCISCO -- Telephone companies are sitting on a potential diamond mine of information. The Bush administration is locked in a struggle with Congress about the rules for mining the data. Once again, technology has leapfrogged regulation. And once again, the battle lines are drawn around ideological positions.

A panel discussion at the RSA security conference, held in San Francisco this week, illuminated the divide between those who want to take full advantage of data mining technology and those who think the courts should help safeguard the privacy of U.S. citizens.

In August 2006, a federal judge ordered the Bush administration to cease all warrantless wiretapping of calls between Americans and suspected foreign terrorists, after the program of eavesdropping on calls between the United States and foreign countries was revealed by Eric Lichtblau of the New York Times. Lichtblau moderated the panel.

At issue is whether the government can go around the FISA-authorized courts and engage in wiretaps without a court order. In 1978, Congress passed the Foreign Intelligence Surveillance Act (FISA), designed to provide a secret, fast track for the government to get warrants for electronic surveillance related to foreign terrorism or espionage. But President Bush claims he doesn't need warrants, because he's Commander-in-Chief of the U.S. armed forces.

Both the Senate and the House of Representatives have bills designed to modify FISA, while AT&T is being sued for cooperating with the government's non-FISA-approved telephone surveillance.

The panel attempted to unravel the complexities, both technological and legal, behind the Bush administration's warrantless wiretapping program. For example, should the telcos that took part in the program be given retroactive immunity for their actions?

Bill Crowell, an IT security specialist and former National Security Agency senior official, said that NSA staffers want to obey the law, they just need clear guidelines. But David Rivkin, a partner in the law firm of Baker Hostetler, said the rules need to be flexible enough to let government agencies collect the information they need. He said the assurance that the government won't eavesdrop on citizens without a warrant may be a casualty of the war on terror.

For example, the government has spied on calls made from the United States to foreign countries assumed to harbor terrorists in hopes of hearing a snippet of useful information.

"There's no clever way of providing us with a foreign intelligence collection stream and insulating all the data Americans want to keep private," he said.

Dempsey, policy director for the Center for Democracy and Technology, pointed out that in our modern, global society, it's very common to make international phone calls. Allowing the government to spy on such calls would place a large number of citizens under surveillance.

No reasonable expectation of privacy?

"The bill the president supports hinges on one of the people [on the call] being overseas. On the American end of the communication, the Administration says that when an American picks up the phone, they have no reasonable expectation of privacy when they dial overseas."

Page 2 of 2

Dempsey said the debate is over whether we can create a program of supervised flexibility in which all three branches of government have a role to play. But Rivkin advocated keeping the judicial system out of it.

"The relevant committees in Congress have received every bit of information on what was done. There's a difference between congress receiving information and having it come out in open court," Rivkin said.

Matt Blaze, a security researcher and associate professor of computer and information science at the University of Pennsylvania -- and a former AT&T employee -- argued that technology does matter. Pointing out that details of how AT&T transferred information to the Feds were murky, he theorized that the large data pipes inside the AT&T network had been split and filtered by equipment controlled completely by the government.

"This represents a profound shift in the way wiretapping has traditionally been done," he said. "The telcos used to do the filtering on a case-by-case basis. If it's done by the government itself, some inherent technical safeguards just go away."

He added that two surveillance systems he'd studied had properties their designers weren't aware of.

Allowing automated filters to determine which calls are recorded and analyzed removes an important level of oversight, Blaze argued. "We're losing an important technological safeguard, because the scope of those safeguards now determined entirely by filters that have access to purely domestic communications."