U.S. Weighs Wide Overhaul of Wiretap Laws
WASHINGTON — The Obama administration, resolving years of internal debate, is on the verge of backing a Federal Bureau of Investigation plan for a sweeping overhaul of surveillance laws that would make it easier to wiretap people who communicate using the Internet rather than by traditional phone services, according to officials familiar with the deliberations.
The F.B.I. director, Robert S. Mueller III, has argued that the bureau’s ability to carry out court-approved eavesdropping on suspects is “going dark” as communications technology evolves, and since 2010 has pushed for a legal mandate requiring companies like Facebook and Google to build into their instant-messaging and other such systems a capacity to comply with wiretap orders. That proposal, however, bogged down amid concerns by other agencies, like the Commerce Department, about quashing Silicon Valley innovation.
While the F.B.I.’s original proposal would have required Internet communications services to each build in a wiretapping capacity, the revised one, which must now be reviewed by the White House, focuses on fining companies that do not comply with wiretap orders. The difference, officials say, means that start-ups with a small number of users would have fewer worries about wiretapping issues unless the companies became popular enough to come to the Justice Department’s attention.
Still, the plan is likely to set off a debate over the future of the Internet if the White House submits it to Congress, according to lawyers for technology companies and advocates of Internet privacy and freedom.
“I think the F.B.I.’s proposal would render Internet communications less secure and more vulnerable to hackers and identity thieves,” said Gregory T. Nojeim of the Center for Democracy and Technology. “It would also mean that innovators who want to avoid new and expensive mandates will take their innovations abroad and develop them there, where there aren’t the same mandates.”
Andrew Weissmann, the general counsel of the F.B.I., said in a statement that the proposal was aimed only at preserving law enforcement officials’ longstanding ability to investigate suspected criminals, spies and terrorists subject to a court’s permission.
“This doesn’t create any new legal surveillance authority,” he said. “This always requires a court order. None of the ‘going dark’ solutions would do anything except update the law given means of modern communications.”
A central element of the F.B.I.’s 2010 proposal was to expand the Communications Assistance for Law Enforcement Act — a 1994 law that already requires phone and network carriers to build interception capabilities into their systems — so that it would also cover Internet-based services that allow people to converse. But the bureau has now largely moved away from that one-size-fits-all mandate.
Instead, the new proposal focuses on strengthening wiretap orders issued by judges. Currently, such orders instruct recipients to provide technical assistance to law enforcement agencies, leaving wiggle room for companies to say they tried but could not make the technology work. Under the new proposal, providers could be ordered to comply, and judges could impose fines if they did not. The shift in thinking toward the judicial fines was first reported by The Washington Post, and additional details were described to The New York Times by several officials who spoke on the condition of anonymity.
Under the proposal, officials said, for a company to be eligible for the strictest deadlines and fines — starting at $25,000 a day — it must first have been put on notice that it needed surveillance capabilities, triggering a 30-day period to consult with the government on any technical problems.
Such notice could be the receipt of its first wiretap order or a warning from the attorney general that it might receive a surveillance request in the future, officials said, arguing that most small start-ups would never receive either.
Michael Sussmann, a former Justice Department lawyer who advises communications providers, said that aspect of the plan appeared to be modeled on a British law, the Regulation of Investigatory Powers Act of 2000.
Foreign-based communications services that do business in the United States would be subject to the same procedures, and would be required to have a point of contact on domestic soil who could be served with a wiretap order, officials said.
Albert Gidari Jr., who represents technology companies on law enforcement matters, criticized that proposed procedure. He argued that if the United States started imposing fines on foreign Internet firms, it would encourage other countries, some of which may be looking for political dissidents, to penalize American companies if they refused to turn over users’ information.
“We’ll look a lot more like China than America after this,” Mr. Gidari said.
The expanded fines would also apply to phone and network carriers, like Verizon and AT&T, which are separately subject to the 1994 wiretapping capacity law. The FBI has argued that such companies sometimes roll out system upgrades without making sure that their wiretap capabilities will keep working.
The 1994 law would be expanded to cover peer-to-peer voice-over-Internet protocol, or VoIP — calls between computers that do not connect to the regular phone network. Such services typically do not route data packets through any central hub, making them difficult to intercept.
The F.B.I. has abandoned a component of its original proposal that would have required companies that facilitate the encryption of users’ messages to always have a key to unscramble them if presented with a court order. Critics had charged that such a law would create back doors for hackers. The current proposal would allow services that fully encrypt messages between users to keep operating, officials said.
In November 2010, Mr. Mueller toured Silicon Valley and briefed executives on the proposal as it then existed, urging them not to lobby against it, but the firms have adopted a cautious stance. In February 2011, the F.B.I.’s top lawyer at the time testified about the “going dark” problem at a House hearing, emphasizing that there was no administration proposal yet. Still, several top lawmakers at the hearing expressed skepticism, raising fears about innovation and security.
This article has been revised to reflect the following correction:
Correction: May 8, 2013
An earlier version of this article misspelled the surname of a former Justice Department lawyer who advises communications providers and commented on one aspect of the F.B.I.’s plan to overhaul surveillance laws. He is Michael Sussmann, not Sussman.