The boundary between protection and privacy has always been a bit fuzzy. However, in an era of global terrorism, powerful drug cartels, and aggressive cybercriminals, it's no secret that government officials are tapping into technology in ever more sophisticated ways to monitor voice and data communications. "There are potential benefits but there are also potential risks," says Steven M. Bellovin, professor of computer science at Columbia University. "In many instances we're moving into uncharted territory."
Make no mistake, electronic surveillanceand the growing use of warrantless wiretappinghas caused deep concerns. Since New York's Twin Towers were destroyed during a terrorist attack in 2001, intelligence agencies around the world have embraced new and more powerful tools to intercept messages and track potential threats. The ultra-secretive nature of the monitoring combined with the dragnet-style approach to collecting data pushes laws and legal systems to the limitand perhaps beyond.
It's no small matter. Government entities that intercept plots and identify plans are more likely to thwart attacks and save lives. In addition, data mining and predictive analytics tools provide clues that could help prevent a disaster. However, if data is used improperlyand historical as well as current evidence supports the fact that this scenario is likelyserious legal questions arise. Among other things, these center on the use and misuse of government secrecy; the extent of unilateral presidential authority; and the role of intermediaries, including telecommunications companies and Internet service providers, in protecting privacy and assisting law-enforcement agencies.
Moreover, the use of warrantless surveillance could unleash chilling consequences, including Watergate-style attacks on political enemies and, for society, the curtailment of civil liberties and freedom. Says Susan Landau, a distinguished engineer at Sun Microsystems and co-author of Privacy on the Line: The Politics of Wiretapping and Encryption, "Cybersecurity measures must be taken seriously. There are consequences at all levels of society if these tools and systems are misused."
The battle for intelligence information is nothing new, of course. For centuries, governments have worked to intercept communicationsusing informants, spies, eavesdropping, and whatever means necessary to achieve their goal. Law enforcement agencies, too, have embraced data collection methods, including wiretaps. However, in virtually all democracies, well-established laws control telephone tapping and other forms of wiretapping. In most instances, it's necessary to obtain a court order to eavesdrop.
The legal system in the U.S., for example, is well defined. The Fourth Amendment to the Constitution protects against unreasonable searches and seizures. What's more, various lawsincluding Title III in 1968 and the Foreign Intelligence Surveillance Act (FISA) in 1978establish strict guidelines about the use of wiretaps. In fact, FISA was established partly as a response to the Watergate spying scandal and the resignation of President Nixon in 1974.
Nevertheless, protections haven't always prevented abuses. For example, the U.S. Federal Bureau of Investigationunder the leadership of J. Edgar Hooverbegan assembling dossiers on spies, political activists, and others beginning in the 1930s. Eventually, Hoover used wiretapping and other surveillance tools to track more than 12,000 Americans, including political leaders and public figures. Hoover later launched campaigns to discredit those who spoke out against him and the FBI. Frequently, he tapped into information collected through unauthorized spying to target enemies.
Fast forward to the present day and the stakes are much higher. Nuclear weapons, biological threats, and other forms of terrorism represent a widespread and persistent danger. Yet, technology also provides powerful tools for monitoring phone conversations, electronic messages, and data streaming across the Internet. This has led organizations like the National Security Agency (NSA) in the U.S. to pursue warrantless domestic wiretapping. "There is evidence that the NSA is monitoring the communications of millions of Americans," says Kevin S. Bankston, senior staff attorney for the Electronic Frontier Foundation (EFF).
The EFF contends that the U.S. government, with the aid of AT&T and other telecommunications companies, has engaged in a massive domestic dragnet surveillance program over a nine-year span beginning since at least 2001. Under one claim, the telecom carrier databases of customer calling records appear to have been made available for examination by the NSA; under other claims, technical devices may have copied Internet traffic and made it available to the NSA.
This program came to light in January 2006. That's when the New York Times broke a story about the existence of ultra-secretive surveillance and Mark Klein, a former AT&T technician turned whistleblower, provided so far undisputed evidence that the telecom provider had set up a separate room run by the NSA at the company's San Francisco offices. AT&T routed copies of Internet traffic to computers inside the room, he contends.
In the U.K., the Home Secretary, a cabinet minister, approves all wiretaps and no judge is required.
Not surprisingly, the fallout is growing. In January 2006, the EFF filed a class action lawsuit, Hepting v. AT&T, designed to curtail unwarranted eavesdropping. It alleges that the telecommunications provider violated customers' privacy. Then, in September 2008, EFF filed a second lawsuit, Jewel v. NSA, which seeks to halt warrantless wiretapping and hold the government officials who used it accountable. Both Hepting v. AT&T and Jewel v. NSA have been dismissed by the courts and are being appealed by EFF. "We believe that these practices present a significant danger to a democratic society," Bankston explains.
Although it refuses to comment on pending litigation, NSA stands behind its overall objectives. "[The agency] is committed to performing its mission under the rule of law and takes seriously its responsibilities to protect privacy rights," says NSA spokesperson Marci Green. "All of our employees with mission responsibilities are thoroughly trained on the legal authorities and procedures that govern NSA's activities." AT&T, meanwhile, says only that it is "fully committed to protecting our customers' privacy. We do not comment on matters of national security."
Down to the Wire
Historically, wiretapping has been a fairly targeted activity. "You knew who you wanted to listen to and you targeted this person's communications," states Patrick Radden Keefe, author of Chatter: Dispatches from the Secret World of Global Eavesdropping. However, after the passage of the USA PATRIOT Act in 2001, even though the statue did not authorize dragnet surveillance, the scope and boundaries for surveillance shifted dramatically in the U.S.
Ratcheting up the stakes further is a quantum leap in technology. Today, data switches and telephone switches from major equipment manufacturers such as Cisco, Lucent, and Nortel have built-in data intercept capabilities; and data mining and analytics applications identify targeted packetsincluding names and other wordswhile using sophisticated algorithms with predictive capabilities to provide insights into possible threats.
But that's only part of the story. The NSA "now monitors huge volumes of records of domestic emails and Internet searches as well as bank transfers, credit-card transactions, travel and telephone records," writes Bruce Schneier, a computer security expert, author, and blogger. In fact, according to the Wall Street Journal, the NSA receives this so-called "transactional" data from other agencies or private companies, and its software programs analyze the various transactions for suspicious patterns. Officials hand out promising leads to counterterrorism programs scattered across the U.S. government.
Still, no one outside the NSA and elite government circles appears to know exactly what's being used and how. And the issue affects an unknown and possibly increasing number of nations. In 2004, an unknown individual or individuals installed unauthorized software on the Vodafone Greece telephone network and illegally monitored the cell phone conversations of more than 100 persons, including prime minister Kostas Karamanlis and many leading government officials, for approximately seven months. "It was an extremely sophisticated attack that exploited lawful intercept software," Bellovin explains. "It was proof that these systems can be exploited. It has probably happened elsewhere and we simply don't know about it."
Indeed, the fear of hackers infiltrating intelligence systems isn't unwarranted. Insiders such as technicians, who have access to switches and other equipment, are of particular concern to security experts. "It's supposed to be impossible for an insider to gain access to these systems," Bellovin states. "It's most likely possible. There's a long history of phone phreaks breaking into telephone switches and hackers getting into highly secure government computing systems. So, you have to ask why it's not possible."
On the international scene, serious concerns have also taken root. In Italy, judges are allowed to order wiretaps but because their function is more akin to a prosecutor than an independent entityand there are no obstacles to obtaining a wiretapmany civil libertarians worry that there are too few checks and balances in place. In the United Kingdom, the Home Secretary, a cabinet minister, approves all wiretaps and no judge is required. And in the Netherlands police can tap any phone or computer network as long as the crime under investigation has at least a three-year prison term.
Sweden, Turkey, South Korea, Mongolia, and many other countries have also found themselves embroiled in recent wiretapping controversies. And in numerous countriesmost notably China and Iranwiretapping and other surveillance is simply a fact of life.
The debate over surveillance methods and civil liberties isn't about to disappear. The ongoing threat of terrorism translates into a desire among government leaders to build evermore powerful snooping technology. While no one would argue that security and intelligence gathering should be tossed aside, many observers say that it's time to approach the issue responsibly. Concludes Bankston, "It's essential to respect privacy and adhere to the principles of a free society."
Diffie, W. and Landau, S.
Privacy on the Line: The Politics of Wiretapping and Encryption. MIT Press, Cambridge, MA, 2007.
Risen, J. and Lichtblau, E.
E-Mail surveillance renews concerns in Congress. The New York Times, June 16, 2009.
NSA's domestic spying, March 26, 2008, http://www.schneier.com/blog/archives/2008/03/nsas_domestic_s.html.
Offices of the Inspector Generals, Dept. of Defense, Dept. of Justice, Central Intelligence Agency, National Security Agency, Office of the Director of National Intelligence Unclassified Report on the President's Surveillance Program, July 20, 2009,
Electronic Frontier Foundation
NSA spying, http://www.eff.org/issues/nsa-spying.
Figure. Mark Klein, the former AT&T technician who blew the whistle on the U.S. government's wide-ranging, ultra-secretive surveillance program to The New York Times.
©2010 ACM 0001-0782/10/0400 $10.00
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.
The Digital Library is published by the Association for Computing Machinery. Copyright © 2010 ACM, Inc.