WASHINGTON — Federal officials are planning to seek legislation that would require social-networking companies and voice-over-Internet service providers to adapt their technology so law enforcement agents can monitor users’ communications to catch suspected terrorists and other criminals.
The proposal arises out of concern that technology and social customs have outpaced the law and that law enforcement authorities lack the means to monitor new methods of communication, administration officials said. But the initiative has also revived the debate over the proper balance between national security and personal privacy as well as what industry can be reasonably asked to do without stifling innovation.
“This is a shortsighted and ill-conceived power grab by some in the administration,” said Marc Rotenberg, executive director of the Washington-based Electronic Privacy Information Center. “The balance has swung radically toward enhanced law enforcement powers. For them to argue that it’s still not enough is just unbelievable. It’s breathtaking in its hubris.”
But law-enforcement officials contend that imposing such a mandate is reasonable and necessary to prevent the erosion of their investigative powers.
“This is about lawfully authorized intercepts,” said Valerie Caproni, FBI general counsel. “This is not about expanding authority, but about preserving the ability to carry out existing authorities in order to protect the national security and public safety.”
The idea, which has been percolating for at least two years, is still in the discussion stages among federal bodies, including the FBI, the Justice Department and the National Security Council. Congressional and administration officials said no draft language or clear timeline exists. The new regulations would be sent to Congress next year.
At issue is a 1994 telecommunications law called the Communications Assistance to Law Enforcement Act, which requires phone and broadband companies to build interception capabilities into their networks for law enforcement. An agent must have a court order based on probable cause to gain access to a provider’s network.
Encrypted e-mail transmitters such as BlackBerry, social networking websites like Facebook and Twitter, and software that allows direct “peer to peer” messaging like Skype are not covered under the act. Their technologies were not built to provide law enforcement with real-time access to content.
Law enforcement would also like firms that offer encrypted communications to be able to provide them decrypted “clear text,” as well as design a service to allow interception of peer-to-peer communications, such as Skype.
“If you’re in an ongoing situation, where we had hostages and the suspects are communicating with one another calling out their plan or next move, you’d want real-time access,”said one federal law enforcement official, noting that the issue concerns state and local police, too.
Greg Nojeim, senior counsel at the Center for Democracy and Technology, said that government already has enormous electronic surveillance powers and that the proposal could impede the creation of new products. “The whole power of the Internet grows out of the fact that anyone in a garage can innovate and develop a new service,” he said. “[Under the proposal], you wouldn’t be able to build some products unless you complied with the government mandate. We could lose our competitive edge if the government gets into the design process.”
Michael Sussmann, a former Justice Department lawyer who advises social networking and communications services providers, said that the proposal to expand the 1994 act “could be extremely difficult” from a technical point of view. “In some cases networks would need to be re-engineered,” he said. “Where even possible, that can require a lot of time and huge costs.”
There is not yet agreement on important elements, like how to word statutory language defining who counts as a communications service provider, according to several officials familiar with the deliberations.
But they want it to apply broadly, including to companies that operate from servers abroad, like Research In Motion, the Canadian maker of BlackBerry devices. In recent months, that company has come into conflict with the governments of Dubai and India over their inability to conduct surveillance of messages sent via its encrypted service.
The FBI’s operational technologies division spent $9.75 million last year helping communication companies - including some subject to the 1994 law that had difficulties - do so. And its 2010 budget included $9 million for a “Going Dark Program” to bolster its electronic surveillance capabilities.
Beyond such costs, Caproni said, FBI efforts to help retrofit services have a major shortcoming: The process can delay their ability to wiretap a suspect for months.
Moreover, some services encrypt messages between users, so that even the provider cannot unscramble them.
There is no public data about how often court-approved surveillance is frustrated because of a service’s technical design.
But as an example, one official said, an investigation into a drug cartel earlier this year was stymied because smugglers used peer-to-peer software, which is difficult to intercept because it is not routed through a central hub. Agents eventually installed surveillance equipment in a suspect’s office, but that tactic was “risky,” the official said, and the delay “prevented the interception of pertinent communications.”
To counter such problems, officials are coalescing around several of the proposal’s likely requirements:
Communications services that encrypt messages must have a way to unscramble them.
Foreign-based providers that do business inside the United States must install a domestic office capable of performing intercepts.
Developers of software that enables peer-to-peer communication must redesign their service to allow interception.
Providers that failed to comply would face fines or some other penalty. But the proposal is likely to direct companies to come up with their own way to meet the mandates. Writing any statute in “technologically neutral” terms would also help prevent it from becoming obsolete, officials said.
Even with such a law, some gaps could remain. It is not clear how it could compel compliance by overseas services that do no domestic business, or from a “free ware” application developed by volunteers.
In their battle with Research In Motion, countries like Dubai have sought leverage by threatening to block BlackBerry data from their networks. But Caproni said the FBI does not support filtering the Internet in the United States.
Information for this article was contributed by Ellen Nakashima of The Washington Post, by Charlie Savage of The New York Times, and by Lolita C. Baldor and Sagar Meghani of The Associated Press.
Front Section, Pages 1 on 09/28/2010