Ok, so I haven't been here in a while... very busy with other issues (other sites, work, etc.) and still trying to figure out exactly what I want to do with this space. Keeping up on every twist and turn of the NSA debacle and the PATRIOT Act extension and whatnot simply isn't in the cards for me -- not for lack of interest, but because others are doing a far better job at it.
I'm thinking about some kind of campaign to coincide with the new Congress, something to drum up debate and discussion on the rapidly eroding nature of privacy in America, perhaps revamping the proposed amendment (though I still like the current draft for its simplicity). A few days driving through the desert might help me bring some clarity to this project.
So yesterday, I posted an article about CALEA and mentioned both the recent FCC activity and the oral arguments at the DC Circuit. Not six hours later, I learn of the AP report (in this case, via the LA Times) that reports on the arguments themselves... and if I'd thought a little, I would have skimmed Google News and come across Declan McCullagh's first-hand coverage of the arguments.
Skepticism in the courtroom doesn't always translate into "favorable" opinions. What I do find interesting about the report, however, is the suggestion by Judge Sentelle (apparently echoed by Judge Edwards) that pure Internet calling (e.g. the original Skype) may be exempt from CALEA, but VoIP services that connect to the traditional telephone network (e.g. Vonage, AT&T CallVantage, Verizon Broadwing) are likely covered. I'm curious to see how this line of reasoning might affect the SkypeOut and SkypeIn plans (which do connect to the PSTN) now that Skype is a wholly-owned subsidiary of eBay, as well as AOL's plan to begin offering telephone numbers on its voice/instant messaging service.
Technorati: CALEA, VoIP, Skype, DC Circuit
Most of the time when I talk about the Federal Communications Commission, it's over at Deadly Tango and in connection with broadcasting, especially content regulation. The FCC's jurisdiction is a bit wider, however... and some of its other areas of concern are likely to affect many of us in much more significant ways.
One of the joys of being a rank amateur at this quasi-journalistic stuff is that I have the luxury of starting an article and then waiting six months to finish the story when it becomes timely again. In this case, the topic is the costs and potential damage from CALEA, the Communications Assistance for Law Enforcement Act. Jointly administered by the FCC and FBI, CALEA sets out various requirements for telephone companies to open their networks for wiretapping and other surveillance. Notably, CALEA is an act about technical standards for communications companies, not a separate authorization for wiretapping by the FBI or other law enforcement agencies.
Last summer, the FCC decided (PDF) that CALEA requires participation and assistance from all "interconnected VoIP providers" and "broadband Internet access service providers", not just the traditional telephone companies. In other words, all the cable companies and broadband ISPs, along with any of the "VoIP-out" and "VoIP-in" services, are responsible for installing equipment that allows law enforcement to tap and intercept communications across those circuits or lines. Last Wednesday, the FCC reaffirmed (PDF) its August 2005 order and the implementation deadline of May 14, 2007 for all affected parties.
The Electronic Frontier Foundation (with the usual cast of fellow travellers) has challenged this expansion of CALEA and just yesterday argued its case before the Court of Appeals for the DC Circuit (the highest-ranking "administrative law" court in the country). The foundation of the EFF's argument is pretty simple: there are already enough wiretapping laws, and the ones already on the books are being honored primarily in the breach.
Aside from the privacy advocates, the other major (and potentially unexpected) protest to this expansion of CALEA is coming from U.S. colleges and universities. Since larger universities often operate their own phone switches and nearly always operate IP networks connected to the Internet, the expanded CALEA smacks them squarely across the teeth. The universities seem to be more concerned about cost than about higher principles of free speech and privacy... but at least they're speaking up. For additional perspectives, please check out Ars Technica's continuing coverage of the issue.
Personally, I'm torn on this topic. Is it right for ISPs and telcos to say "sorry, we have no technological hooks into VoIP traffic" in the face of a legitimate (and judicially authorized) wiretap request? Is it right for the government to pass this cost to private industry? Will CALEA-type requirements lead to Ed Whitacre's tiered and segregated Internet, where VoIP traffic gets tagged and shunted into separate "pipes" where interceptions can occur? Will the law prohibit encryption of VoIP traffic? Far more questions than answers, to be sure... all I can say is "stay tuned."
Technorati: CALEA, FCC, FBI, EFF, surveillance, wiretaps, VoIP
[Catching up on various events of the past couple months... something like "spring cleaning" in anticipation of some new ideas coming soon...]
Cellphone Tracking:
Among the newish strategies in the encroachment on personal liberties: tracking individuals via their mobile phones. The State of Missouri says it will use the data only to help MoDOT unravel traffic knots -- and if you believe that, then take a look back to my earlier entry reporting on the first briefing on Missouri's plan (plus Oregon's similar experimentations). And if that weren't enough, take a look at a recent US court ruling allowing the FBI to engage in warrantless cellphone tracking. The court opinion seems related to Judge Richard Posner's assertion that "there's no invasion of privacy in automated data capture and mining" -- a disturbing notion pretty much any way I can slice it. The Brits are also getting in on the mobile phone action -- through WorldTracker (SMS-fueled web tracking) and similar programs -- though the BBC article does suggest that the publicity is leading to reform... wish I could say the same about the US.
Data Retention:
The uproar has died down for the moment, but rest assured that the Electronic Frontier Foundation is moving forward with its litigation against "the new AT&T" for its participation in the presidentially-sanctioned (but putatively illegal) domestic surveillance program. Perhaps the Senate hearings headed by Arlen Specter (R-PA) will help swing the spotlight back around again. The ACLU offers a funky map / schematic demonstrating the infrastructure of the surveillance efforts AND rechristened the former "Echelon Watch" pages as "NSA Watch" while Ars Technica offers its own look at the NSA technology in play.
Across the pond, the European Union staged a significant attack on personal privacy by permitting a wide range of communications surveillance, including mandatory logging of all end-user communications by telcos and perhaps ISPs. One Irish MEP is challenging the actionon parliamentary / procedural grounds, but action seems to have quieted down once again (perhaps due to continued negotiations?). Of course, if Microsoft's vision of a "secure and trusted" future comes to pass, it will take far more than one MEP to make an effective stand for the public. Meanwhile, the UK is considering cameras on the highways to record license plates -- not because the driver is accused of running a red light, but because they can.
An extended piece in the Washington Post (and follow-up on-line chat) from November cataloged the FBI's powers today under the USAPATRIOT Act. I'd hope that some of our politicians revisit this story before the inevitable conference committee about the re-authorization of the act. (I only expect a committee because the House will give away even more than the Senate did, leaving us with a "lesser of two evils" scenario -- always a positive outcome in an election year.) Note also that the FBI has rolled back the reinstatement of headquarters tours (once a hallmark of any trip to the nation's capital and increasingly relevant in this day of "CSI" and "Law and Order" overload) have been cancelled until 2007. Anyone want to bet against an extension of that re-entry date to at least 2009 (assuming a change in administrations at that point)?
Finally, there's really not much to say about the "sale of cellphone records" stories that garnered attention in the US and Canada, except that the cellcos are definitely going to have to work on defeating the social engineering tricks used for many of the "breaches." Rogue employees will always exist -- so the challenge is one of being able to identify activity early (instead of just cracking down after the fact).
Random Entry:
Like any number of "is this microphone on? gaffes, I'd like to think that the Houston (TX) police chief was simply musing aloud when he suggested that the city should have cameras in every home. "If you are not doing anything wrong, why should worry about it?" The inevitable wise-ass response (courtesy of BoingBoing): a reward (now close to $2000) to the person who catches the chief on video commiting an illegal act.
From Sunday's Washington Post: Surveillance Net Yields Few Suspects. Quick take: no surprises, but plenty to refute the need for a warrantless, unsupervised program infringing on personal liberties. As I noted in my last entry, there are plenty of ways for investigators (either criminal or civil) to get permission for this kind of surveillance and tracking. But will any of this really make a difference in the face of a war on an abstraction? I'll have more comments later, but wanted to get the placeholder here.
