Proposed legislation has unsettling implications for future of digital media

It is an unfortunate trait of humankind that we often do not note our watershed events until history has recorded their aftermath.

The transition to digital technology that we are facing today is one of those watersheds. Almost every vendor in every area of computing, consumer electronics, data communication and telecommunication is looking at new ways to transmit digital information, either over wires or through the airwaves. What we are witnessing, whether we know it yet or not, is the building of a vast global network, with new foundations and new paradigms for communication and commerce.

SAFE AND REASONABLE COMMERCE

Large pan-industry investments (like the ones mentioned in “A Tremendous Blossoming,” p. 9) are being made based on the assumption that such commerce can and will be conducted in a safe and reasonable manner over networks.

But that assumption is in question today. People who attended the second annual Computers, Freedom and Privacy (CFP-2) conference in Washington DC late last month were shocked to read copies of a legislative proposal instigated by the U.S. Federal Bureau of Investigation called “Digital Telephony.” (See the F.B.I. proposal, p. 11.) The proposed bill, which could be tacked on as an amendment to an existing bill, is presently being sponsored by Ernest Hollings, the Democratic senator from South Carolina and chairman of the Senate Committee on Commerce, Science and Transportation.

Should government dictate product design? The proposal apparently sprang forth from the FBI’s concern that it cannot keep up with digital communications technology, especially in the area of wiretap. The agency believes that as signals sent over telephone lines become digital, it will be incapable of finding and recording the conversations that it is legally entitled to intercept.

To avoid this scenario, the F.B.I. is proposing that the U.S. Federal Communications Commission and the U.S. Attorney General’s office be given the power to “determine the technological interception needs of the government” and issue regulations about how vendors must comply — specifically to allow the F.B.I. (and other agencies like the National Security Agency) unimpeded access to all digital communications.

In other words, the FCC would be given authority to dictate product design in this fundamental regard. If such regulations are passed, vendors would have 180 days to comply. If they do not, they can be charged and fined $10,000 per day for each day in violation.

FASTER POLICE CARS

Even more incredibly, the proposed legislation decrees that any FCC proceedings regarding design regulations, standards or registrations issued to equipment vendors will be closed to the public and conducted in secret.

This proposal has the potential to affect every single area touched by digital media. It does not just limit the FCC’s authority to traditional telephones and newer digital telephony technology. It would affect all kinds of computer communication, and likely radio communications as well.

Of course, one of the big questions is how far “wiretap” extends into the realm of non-voice digital communications — i.e., e-mail, document and file transfer, the transmission of sound and video information — which are increasingly in use today. Do files downloaded from the Internet constitute a type of communication the F.B.I. needs to monitor?

Those who’ve studied the proposal believe the answer is yes, in which case it will affect everyone from standard computer network providers, who often connect customers to the outside world via telephone lines and equipment, to banks, whose automatic teller machines must use secure data lines to transmit financial and customer identification information, and companies like Apple Computer, now in the process of developing an entire line of personal communication devices.

If encryption is outlawed … As more proprietary information is sent over networks, and as more systems are compromised by crackers, viruses and electronic eavesdroppers, equipment and software vendors as mainstream as Apple and Microsoft have begun incorporating high levels of security into their systems via encryption.

Cellular phone makers are doing the same thing. And as wireless communication traffic increases, one can expect that powerful security and encryption products will only become more popular, since more people will have access to interception technologies.

Though not specifically listed as a target in the proposal, many people are calling Digital Telephony “Son of S. 266,” a failed Senate bill that required the same “dumbing-down” for encryption as the F.B.I. proposal does for phone systems. In other words, makers of encryption devices or software were to be required to leave a “back door” open for law-enforcement and security agencies that wanted to decode encrypted communication.

The bill, of course, completely defeats the purpose of encryption — leaving the “back door” open for the very same sophisticated techno-criminals that the agencies were trying to thwart. S. 266 was shouted down last year by outraged computer experts and civil libertarians.

At the CFP conference, encryption expert Whitfield Diffie said, “I understand why the police don’t like [encryption]. But a very large part of the essence of a free versus totalitarian society consists of the difference between being answerable for your actions and being subject to prior restraint against actions the society doesn’t approve of.”

Making economic policy. Jim Bidzos, president of RSA Data Security, a public-key encryption firm, says the issue is both personal privacy and national competitiveness. The long-term effect of anti-encryption and related legislation is far worse than anything we’ve seen to date.

“One could argue that economic policy is being made by the intelligence agencies,” he said during a CFP panel on encryption. “That’s not a good idea.”

What’s happening, he says, is that electronic commerce is driving industry and government into an adversarial role regarding encryption and data protection. “Crypto is moving into mainstream products, and people who are doing so now will want to continue,” he says. “Government keeps trying to slip language into bills that weakens their ability to do so. They need to stop doing that.

“What we really need is a national policy review –a Computer Security Act advisory board to Congress. It’s the single more important thing we can do. We’re long overdue to get some rational policy that will work for all of us.”

HOW ABOUT CABLE? SATELLITE? CELLULAR?

But back to the F.B.I. proposal. Would the bill also have to restrict cable equipment, also capable of digital telecommunication? The cellular phone and data networks? Satellite communications? If monitoring of communications is what the F.B.I. is interested in, the way the industry is moving today would certainly indicate that any conduit of digital information would need to be “tappable.”

Jerry Berman, director of the EFF’s Washington DC office, certainly believes that particular threat is implied. “It’s one thing to get cooperation from a phone company,” he says. “It’s another thing to go to CompuServe and say, ‘We want to tap into electronic mail.’ Or ‘We want to know, when you’re tapping into the line between EFF’s Cambridge; whose data, voice, video is on that line. What’s in the packet?’ It’s getting much more complicated to distinguish between different kinds of messages and different parties who are being bundled together. Any kind of dumbing-down to separate that out is contra-intuitive to the most efficient use of this technology.”

As a Washington Post op-ed piece stated, the proposal is “an assault on progress, on scientific endeavor and on the competitive position of American industry. It’s comparable to requiring Detroit to produce only automobiles that can be overtaken by faster police cars.”

THE TROUBLE WITH ‘TAPPING

It’s true that the complexity of digital technology will make it harder, or even impossible, for law enforcement to conduct its wiretaps in the manner to which it has become accustomed. The prospect of techno-terrorists being able to use computers and sophisticated encryption techniques to thwart law-enforcement officials is a frightening one.

But it is important to remember that technology itself is never the problem. Technology only holds a magnifying glass to problems that already exist, and the desire to seek remedy by somehow controlling or legislating technology is a big step in the wrong direction. As Berman says, “If we can’t compress data and move it quickly through an ISDN or digital pipeline, to improve the infrastructure of the U.S., because the Bureau’s having trouble wiretapping, then the whole future of our information age is at stake.”

To put the issue in perspective, you must first look at the present state of affairs. William Sessions, director of the FBI, has stated publicly that so far the Bureau has not yet had any difficulty executing a warrant because of digital communications. In addition, says Marc Rotenberg, director of the Washington office of Computer Professionals for Social Responsibility, we must question why such far-reaching legislation is required for a law enforcement procedure of last resort.

Top of the charts. “I think the F.B.I. is sort of off the charts on this,” says Rotenberg. “I know everyone else is talking about this as though they believe we’re going to have some reasonable discussion at some point, but where they basically have come down on this issue is that the technology of the digital network doesn’t go forward until they can be assured that they can continue to conduct wire surveillance.”

He says the proposal is contrary to the spirit of the wiretap law of 1968, which is termed an investigative method of last resort. “It is the most intrusive, most unbounded, most prone to abuse form of routine investigation,” says Rotenberg. “For the F.B.I. to come back now and say that this is the primary concern is just not tenable — it stands the law on its head.”

In addition, he says, the proposal is simply impractical. The Bureau cannot reasonably expect to require every high tech firm in the United States to ensure that its system complies with the FBI’s needs and requirements of the moment. And the secrecy of the standards-setting hearings, he says, is a sure way to bring technological innovation to a crawl. “Private computer firms and researchers are already coming forward saying the best way to slow innovation is to put up walls in the research community and start restricting information on security practices.”

AN IMPRESSIVE LIST OF NAYSAYERS

Factions from all corners of industry are rallying to fight the proposed legislation.

The Electronic Frontier Foundation (EFF), an industry watchdog for networking issues, is helping organize vendors to oppose the bill. EFF co-founder Mitch Kapor (also founder of Lotus Development) says there’s an “enormous coalition growing” in opposition to the legislation. In fact, the EFF pulled together a coalition of concerned vendors and industry organizations who signed a letter to Sen. Hollings on April 9, expressing deep concern over the proposal.

Signers included AT&T, Cellular Telecommunications Industry Assoc., Computer & Business Equipment Manufacturers Assoc., Computer & Communications Industry Assoc., Digital Equipment Corp., the Electronic Mail Assoc., GTE Corp., IBM, the Information Industry Assoc., Lotus Development Corp., McCaw Cellular Communications Inc., Microsoft Corp., NYNEX, Pacific Telesis Group, Software Publishers Assoc., Southwestern Bell, Telecommunications Industry Assoc. and U.S. West Inc.

A spokeswoman for the influential Computer Systems Policy Project (CSPP), an organization comprised of CEOs of the 12 computer manufacturers, says the proposal has not yet been brought to the group as an issue.

TRACKING THE ISSUES

The future of digital technologies depends on how we respond to the increasing number of challenges from government and law enforcement agencies on these critical issues.

There are two industry organizations watchdogging these issues from a civil liberties perspective that also have access to technical expertise through their illustrious membership rosters.

The Electronic Frontier Foundation has generously offered to send a copy of the “Digital Telephony” to any interested party. Call (202) 544-9237.

Computer Professionals for Social Responsibility is based in Palo Alto, CA, and its Washington, DC office tracks policy issues. Call (202) 544-9240.

Write your legislators. Most importantly, though, after getting up to speed on the facts, is to contact your representatives in Congress. You can also call Sen. Hollings, who is sponsoring the bill. The phone number is (202) 224-9340.

Since the proposal has been drafted as an amendment rather than a separate bill, people are worried that it might get slipped into a bill that has already passed one house and be sent quietly to conference. That would be very bad. The only way to make sure it doesn’t happen is to let elected representatives know it’s not okay to shove this kind of proposal through without spirited debate, discussions and public hearings.

Denise Caruso

THE F.B.I. PROPOSAL

The following is taken directly from a Federal Bureau of Investigation document distributed to legislators and other concerned parties in Washington, DC.

Digital Telephony: Summary of Issues

• The F.B.I. utilizes electronic surveillance (wire taps) in virtually every area of its investigative responsibilities.

• The telecommunications industry, which remained virtually unchanged for approximately 50 years, is now rapidly changing to address the need for more advanced telecommunications systems, such as personal communications networks, advanced cellular and integrated services digital networks (ISDN) which have the capacity for high-speed transmissions of video, voice and data.

• One of the telephone telecommunications industry’s major developmental efforts is to provide total digital connectivity (end to end) for its subscribers, including residential and business communities, in the near future.

• At present, no capability exists to intercept ISDN (digital) transmissions; therefore, the emergence of digital telecommunications technology will preclude the F.B.I. and all of law enforcement from being able to intercept electronic communications, thus all but eliminating a statutorily-sanctioned, court-authorized and extraordinarily successful investigative technique.

• The Department of Justice and the F.B.I. have been working with the White House, various Administration agencies, the telecommunications industry and Congress to find a workable solution to this very serious problem that endangers the safety of the American public. A legislative solution has been developed to ensure that the legitimate need for law enforcement to lawfully intercept communications is met by the telecommunications industry.

Legislative Remedy

The proposal would amend the Communications Act of 1934 to require providers of electronic communications services and private branch exchanges to ensure that the Government’s ability to lawfully intercept communications is unimpeded by the introduction of advanced digital telecommunications technology or any other emerging telecommunications technology. Specifically, the amendment provides the following:

1. The FCC, in consultation with the Attorney General, shall determine the technological interception needs of the Government and issue regulations that will preserve the Government’s ability to conduct lawful electronic surveillance.

2. The FCC shall issue regulations within 120 days after enactment requiring the modification of existing telecommunication systems if those systems impede the Government’s ability to conduct lawful electronic surveillance.

3. Compliance by service providers and private branch exchanges will be required within 180 days of the issuance of the regulations and the use of non-conforming equipment is prohibited thereafter.

4. The FCC has the authority to compensate (through rate structure) telecommunication system operators under FCC jurisdiction for reasonable costs associated with required modifications of existing telecommunications equipment or technology.

5. The Attorney General has specific authority, in addition to that already vested in the FCC, to seek civil penalties and injunctive relief for non-compliance.

U.S. Department of Justice
Federal Bureau of Investigation