TUCoPS :: Privacy :: priv_319.txt

Privacy Digest 3.19 10/7/94

PRIVACY Forum Digest     Friday, 7 October 1994     Volume 03 : Issue 19

          Moderated by Lauren Weinstein (lauren@vortex.com)
            Vortex Technology, Woodland Hills, CA, U.S.A.
	
                     ===== PRIVACY FORUM =====

   	  The PRIVACY Forum digest is supported in part by the 
	      ACM Committee on Computers and Public Policy.


CONTENTS 
	*** SPECIAL ISSUE on the Digital Telephony Bill ***

	PRIVACY Forum Special Issue on the Digital Telephony Bill
	   (Lauren Weinstein; PRIVACY Forum Moderator)
	Support the Digital Telephony Bill! (Dorothy Denning)
	Rebuttal (Marc Rotenberg)
        The FBI's Wiretap Plan: Welcome to the Information Snooper Highway
	   (Marc Rotenberg)
	Rebuttal (Dorothy Denning)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic "listserv" system; for
subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com".  All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the listserv system.  Please follow the instructions above
for getting the listserv "help" information, which includes details
regarding the "index" and "get" listserv commands, which are used to access
the PRIVACY Forum archive.  All PRIVACY Forum materials are available
through the Internet Gopher system via a gopher server on site
"gopher.vortex.com".  Access to PRIVACY Forum materials is also available
through the Internet World Wide Web (WWW) via the Vortex Technology WWW home
page at the URL: "http://www.vortex.com/".

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@vortex.com, call (818) 225-2800, or FAX
to (818) 225-7203.
-----------------------------------------------------------------------------

VOLUME 03, ISSUE 19

   Quote for the day:

     "And now here's something we hope you'll *really* like!"

			-- Rocket [Rocky] J. Squirrel (June Foray)
			   "Rocky and His Friends" (1959-1961)

----------------------------------------------------------------------

Date:    Fri, 7 Oct 94 11:08 PDT
From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: PRIVACY Forum Special Issue on the Digital Telephony Bill

Greetings.  As many of you know, the issues surrounding the Digital
Telephony Bill, which involves the controversial issue of wiretapping, have
resulted in considerable animosity in some discussions.  The Senate version
of the bill (SB 2375) in fact may be up for final vote today (Friday,
10/7/94).  

In an attempt to further reasoned discussion of this matter, I recently
invited two of the best known spokespersons for each side of the debate
(Marc Rotenberg of the Electronic Privacy Information Center [EPIC], and
Dorothy Denning of Georgetown University) to send the Forum short essays
summarizing their positions on this topic, and to also send in rebuttals to
each other's essays.  They both graciously agreed to do so, and the four
items are included below.  Since nobody had an ordering preference, I
determined the presentation order through coin flips.  

I urge everyone to carefully read and consider the arguments below.  More
details regarding the bill are in the PRIVACY Forum archive--see the
masthead of this digest for access info and look through the index for
locations.  And remember that your opinion *counts*.  You can pick up the
phone sitting right next to you, call your Senators, and let them know how
you feel--either pro or con.  If you don't know the numbers, just call
Washington D.C. directory assistance at (202) 555-1212 and ask.  Such calls
to Senators *do* have an impact.  

I hope you'll find this special issue of the digest to be useful.

And now, the essays.

--Lauren--

------------------------------

Date:    Tue, 4 Oct 94 11:58:38 EDT
From:    denning@chair.cosc.georgetown.edu (Dorothy Denning)
Subject: Support the Digital Telephony Bill!

Support the Digital Telephony Bill!

Changes in technology are threatening the ability of law enforcement to
conduct court-ordered wiretaps.  In testimony given to the Senate
Judiciary Subcommittee on Technology and the Law and the House
Judiciary Subcommittee on Civil and Constitutional Rights on Aug. 11,
FBI Director Louis Freeh reported that a recent informal survey by the
FBI identified 183 instances where law enforcement was frustrated by
technological impediments.  This figure includes orders for dialing
information as well as call content, but excludes those instances where
court orders were never sought or served on carriers because the
impediments were known in advance.  In testimony given to the same
subcommittees in March, he noted that one federal agency reported that
it did not pursue 25 court orders because of the known inabilities of a
particular cellular carrier.  He also reported on an earlier survey
that identified 91 instances where court orders were frustrated.  Of
those 91 instances, 33% related to cellular services and 32% to custom
calling features.  His written statement describes five specific cases
where court orders could not be fully implemented.  In one of those
cases, a cellular provider was unable to provide access to the
subject's long distance communications made through the provider's
cellular service.  In another, a regional telephone company was unable
to provide content and dialed number information as a result of the
subjects use of custom calling features.  At the August 11 hearings,
Hazel Edwards of the GAO reported that "industry representatives told
us that there are current and imminent technological situations that
would be difficult to wiretap," and Roy Neel, president of U.S.
Telephone Association, stated that in a number of cases, wiretaps
probably would be frustrated because of new services.

The primary purpose of the Digital Telephony bill is to ensure that the
government can continue to intercept the contents of communications and
acquire dialing information as the telecommunications infrastructure
evolves with advances in technology, particularly digital technology.
The bill is sponsored in the Senate by Senator Patrick Leahy (S. 2375)
and in the House by Representative Don Edwards (H.R.  4922), both of
whom are ardent advocates of liberties.  They and their staff have been
working closely with the FBI, industry groups, and privacy advocates to
address concerns about privacy, costs, compliance, scope, design
requirements, and government accountability.  A lot of effort has gone
into it.  The result is a very well thought through and worked over
piece of legislation.

The bill was introduced only after it was recognized that the problems
would not be solved voluntarily.  Director Freeh testified in March
that while meetings with industry over the past four years have led to
a greater understanding of the problem, they have not produced
implemented solutions or a commitment from industry to implement
solutions.  Moreover, of the 2,000 or so companies that would be
affected, only a handful have participated in the technical working
group which was established two years ago to address the problem and is
now operating as the Electronic Communications Service Provider
Committee (ECSP) under the Alliance for Telecommunications Industry
Solutions (ATIS).  This experience plus the general non-binding nature
of committee resolutions and the cost factor led the Administration and
Congressional leaders to conclude that a legislative mandate was
needed.  The bill authorizes reimbursements to industry of $500 million
over the next four fiscal years.

The Digital Telephony bill strengthens privacy and security.  It
requires that the carriers protect "the privacy and security of
communications and call-identifying information not authorized to be
intercepted" and that switched-based intercepts "be activated only with
the affirmative intervention of an individual officer or employee of
the carrier."  Law enforcement officers will not be able to dial into
switches and start their own taps.  The bill strengthens privacy
protections for transactional records, location-specific information,
cordless phones, and radio communications.  It provides long-needed
legislation against fraudulent cellular phone cloning.

Defeating the bill would not provide greater security for
communications, guarantee that communications could not be intercepted,
or provide better switch security.  Many of the carriers likely would
continue to implement some intercept capabilities for maintenance
purposes as well as for law enforcement.  If anything, the bill should
lead to more secure switches because of the security and privacy
requirement in the bill.  Since switch security is essential to the
integrity of the phone system, this is a step in the right direction.

Nothing in the bill weakens privacy protections.  Wiretaps will
have to be carried out under the same tightly controlled conditions as
they have been, subject to strict legal and procedural controls.  As a
result of the provisions of the bill and changes in technology, it will
be increasingly unlikely that the government could systematically
intercept the communications of a particular person without the
assistance of the service providers.

Although accommodating the need for court-ordered wiretaps is sometimes
viewed as trading some privacy for law enforcement, for nearly all of
us, our privacy is totally unaffected by whether the government can
conduct wiretaps since our communications never will be targeted for
interception anyway.  Even for those who are the subject of a criminal
investigation, it is not obvious that they would have greater privacy
if wiretaps became technically impossible.  Although the government
would be unable to successfully investigate or prosecute many cases
without the use of wiretaps, it is likely to try other methods that
might otherwise have been rejected because they are more dangerous, for
example, undercover operations and the placing of bugs on subjects'
premises.  These methods are potentially more invasive of privacy than
a wiretap.

If we don't take steps to maintain an effective wiretap capability, our
telecommunications systems will evolve into sanctuaries for criminality
wherein organized crime leaders, drug dealers, terrorists, and others
can conspire and act with impunity.  Eventually, we could find
ourselves with an increase in incidents such as the World Trade Center
bombing, a diminished capability to fight crime and terrorism, and no
timely solution.

Louis Freeh, Director of the FBI, identified the wiretap maintenance
issue as "the number one law enforcement, public safety, and national
security issue facing us today."  In his August testimony, FBI Director
Freeh stated that "electronic surveillance is one of law enforcement's
most important and effective investigative techniques, and is often the
only way to prevent or solve the most serious crimes facing today's
society."  In earlier testimony given in March, he described numerous
incidents where wiretaps had been critical in fighting organized crime,
drug trafficking, public corruption, fraud, terrorism, violent crime,
and in saving innocent lives.  For example, wiretaps helped prevent the
bombing of a foreign consulate in the U.S., a rocket attack against a
U.S. ally, and the shooting down of a commercial airliner.  They led to
the conviction of 22,000 serious criminals in the past decade,
including 79 individuals in a major health fraud case and 65 in a major
government fraud case.  The latter case alone has led to $271,000,000
in fines, restitutions, and recoveries ordered.

With wiretaps, criminals can be caught and convicted using their own
words rather than testimony "bought" from other criminals.  Wiretaps
can be more reliable and less dangerous than other methods, for
example, the use informants.

Director Freeh predicted that loss of a viable electronic surveillance
technique would result in a substantial loss of life; a substantial
increase in corruption and economic harm to business, industry, and
labor unions caused by the growth/emergence of organized crime groups;
a substantial increase in the availability of illegal drugs; a
substantial increase in undetected and unprosecuted public corruption
and fraud against the government; a substantial increase in undetected
and unprosecuted terrorist acts and murders; and a substantial increase
in acquittals and hung juries resulting from lack of direct and
persuasive evidence.  He estimated the economic harm to be in the
billions of dollars.  He predicted "dire consequences to effective law
enforcement, the public safety, and the national security if no binding
solution to [the problem of maintaining a wiretap capability] is
obtained."

The Digital Telephony bill is essential for law enforcement and public
safety.  It has been carefully crafted to address concerns about
privacy, scope, cost, compliance, design requirements, and
accountability.

Dorothy Denning

------------------------------

Date:    Fri, 7 Oct 1994 12:35:46 EST    
From:    Marc Rotenberg <rotenberg@washofc.epic.org>
Subject: Rebuttal 

	Denning and I agree on one point: "The primary purpose of the Digital
Telephony bill is to ensure that the government can continue to intercept
the contents of communications and acquire dialing information as the
telecommunications infrastructure evolves with advances in technology." The
question is whether this goal justifies the expense of $500 million and the
entry of the FBI into the technical development of the nation's
communication network.  She says yes.  I believe the answer is no.

	First, Denning's argument relies largely on the assurances of the FBI
director.  Mr. Freeh is, of course entitled to express his views, and he has
been an extremely effective proponent of the legislation.  But a proposal as
sweeping as a fundamental redesign of the communications system calls out
for an open, public analysis.  The problem must be well understood by all
concerned, not just the FBI and not just the telephone companies.
Alternatives should be explored, less costly and less intrusive approaches
should be considered. The public has a right to know the specific reasons
for spending $500 m and why alternatives were rejected.

	The FBI has frustrated the public debate through secrecy and left us
only with their characterization of the problem.  The Bureau has not
disclosed information regarding the 183 incidents that it claims justifies
the proposal even after we submitted a Freedom of Information Act request.

	So important is this issue that we sued the FBI in court to obtain
the document.  The FBI replied that it would take *five* years before the
document could be disclosed. This seemed an incredible delay to find 20
pages that the Director frequently referred to at Congressional hearings.
At the same time, the FBI was fast tracking the legislation in Congress.

	When the district court judge considered the case EPIC v. FBI
earlier this week he was shocked.  "I could have this document in an hour
and a half," he said.  He instructed the FBI to turn over the survey within
30 day.  Why should Congress or the public accept any less?

	We cannot substitute the assurances of government officials, however
well intended and sincerely believed, for the necessary disclosure of
relevant facts.  Denning's frequent appeals to the statements of the FBI
director do not strengthen her case.  They simply remind us that we are
being asked to accept the FBI's position without the opportunity to
challenge the evidence.

	It is also hard to argue that the wiretap bill will strengthen
privacy and security, as those terms are generally understood.  The intent
is obviously to make it easier to conduct electronic surveillance, and even
the "privacy" provisions in the bill do little to disturb this fundamental
goal. Some may say that this is a necessary sacrifice.  But it can hardly be
said that a bill to promote electronic wiretapping is good for privacy and
security.

	Third, Denning says nothing would be gained by defeating the bill.
To the contrary, putting the bill off till next year would allow privacy and
civil liberties organizations to come to the table and press for a better
solution.  Alternatives could be explored.  Real privacy safeguards could be
put in place.  The privacy community was kept out of the development of this
legislation.  That is the reason the bill went unchallenged until it was
finally introduced in August.

	Not surprisingly, Denning concludes with the FBI Director's dire
predictions about threats to public safety and national security if the bill
does not pass.  It is an argument intended to scare. It is the same type of
argument that was made earlier to support the Clipper proposal and that will
be made in the future to support other attempts by government to encroach on
personal freedom.

	The question always is whether we must accept such claims.

-- Marc Rotenberg, EPIC

------------------------------

Date:    Wed, 5 Oct 1994 17:46:33 EST    
From:    Marc Rotenberg <rotenberg@washofc.epic.org>
Subject: The FBI's Wiretap Plan: Welcome to the Information Snooper Highway

THE FBI'S WIRETAP PLAN:
WELCOME TO THE INFORMATION SNOOPER HIGHWAY

Marc Rotenberg, 
Electronic Privacy Information Center, 
Washington, DC.

	In August of this year the most expensive proposal ever developed for
monitoring personal communications in the United States was introduced in
Congress.  The FBI wiretap bill would commit more than $500 million dollars
toward the goal of making the information highway easy to wiretap.  
	It is an elaborate scheme that allows the Attorney General to force
telecommunications companies, equipment manufacturers, and professional
organizations to incorporate electronic surveillance capabilities into
services and standards for network communications.  In other words, welcome
to the Information Snooper Highway.
	If something about this idea seems wrong to you, you're not alone.
Industry groups, privacy advocates, and computer users, have all expressed
concern about the wiretap plan.  EPIC, the Internet Business Association,
the ACLU, the Society for Electronic Access, and Voters Telecomm Watch have
said simply that the bill should be dropped.  Why the concern?

THE REAL STORY ON WIRETAP
	Supporters of the plan say that new technology is making the job of
law enforcement more difficult.  They cast wiretapping as the only way to
solve crime, trot out stories about terrorists and pedophiles, blur the
distinction between wiretapping and bugging, and characterize FBI as
hopelessly behind the hi-tech curve. It is a picture that has virtually
nothing in common with the reality of wiretapping in the United States
	First, wiretapping contributes a very small number to the total
number of arrest in the United States.  In 1991 for example, more than
14,000,000 people were arrested in the United States, according to
statistics compiled by the Bureau of Justice Statistics.  The same source
reports that only about 2,000 people were arrested as a result of wiretap.
That means that wiretapping is responsible for about one in seven thousand
arrests in the United States.
	Now, you may think those arrests involve terrorists and pedophiles.
In fact, the vast majority of court warrants are for narcotics investigations
(536 of the total 856 warrants issued at the federal and state level).  Next
in line is racketeering (114).  
	Kidnapping and extortion were at the bottom of the list.  There were
a total of five wiretaps, three at the federal level and two at the state
level, for all cases involving kidnapping in 1991. A total of two cases
involving loansharking, usury, and extortion.
	Does this mean that wiretapping is not an important or useful
technique for law enforcement?  No.  But does it justify the massive and
expensive overhaul of the US. phone system proposed?  Clearly not.
	Consider also that law enforcement agencies have become savvy users
of new technologies.  The FBI is now developing the most sophisticated
surveillance systems in the world, everything from pre-fabricated
microphones, smaller than a computer chip, to Forward Looking Infra-Red
Radar, a new technology that actually allows police to see through the walls
of a home.  That particular device raises staggering Fourth Amendment
concerns.  It also reminds us that law enforcement has hardly been left
behind the curve.
	The proponents of the wiretap plan are not really seeking "to
preserve the status quo" or save a particular tool for criminal
investigation.  (Wiretapping is too insignificant to justify the massive
campaign being waged by the backers of the bill.)
	What the proponents really want is to build new surveillance
capabilities into the communications network, to make it easier to conduct
wiretapping, and to establish a basis for the incorporation of new
monitoring features in the future.  That's what this debate is about.
 	Let's look at the real case more closely.

THE PROBLEMS WITH THE REAL PROPOSAL
** Americans do not like wiretapping.  For this reason, wiretap law
restricts the government, it does not coerce the public. ** 
	We should begin by asking a simple question: Do Americans, the
people who will be directly affected by this plan, favor wiretapping? Here
is the answer.  Surveys taken every year by the Bureau of Justice Statistics
show that American oppose wiretapping by roughly a three to one margin
(Question: "Everything considered, would you say that you approve or
disapprove of wiretapping?").  The opposition to wiretapping is found across
all demographic groups, from sex, race and education to region, religion and
political affiliation.
	The American attitude toward wiretapping is not surprising.  The
framers of the Fourth Amendment believed that barriers must be erected
against the natural tendency of government to seize personal property and
private correspondence in the name of criminal investigation. And the
drafters of the federal wiretap law established every conceivable obstacle
to the execution of wiretap authority.  They never intended that the
government could tell private companies -- as the current proposal would --
to make their technologies "wiretap friendly."
	The 1968 law that permits the government to conduct electronic
surveillance described wiretapping as "an investigative method of last
resort."  The law set out elaborate restrictions on the government's ability
to conduct wiretap.  The reason for the precautions is understandable.  Wire
surveillance is far more intrusive than other types of criminal
investigation and more prone to abuse.  To treat an investigative method of
last resort as a design goal of first priority, as the wiretap bill would
do, is to stand wiretap law in this country on its head.

** The FBI wiretap bill will cost taxpayers at least $500,000,000. **
	The FBI wiretap bill authorizes the expenditure of $500 million over
the next four years to reimburse private firms for complying with the FBI's
"capacity requirements" for electronic surveillance.  But that amount may
not be enough to satisfy the FBI's goal.  The General Accounting Office
estimates that the cost could run as high as $2 billion to $3 billion.  Roy
Neal, the President of the United States Telephone Association estimated
that it could cost as much as $1.8 billion just to redesign call forwarding
to satisfy the FBI's concerns.

** The GSA trashed the proposal.  **
	The General Services Administration, which is the largest purchaser
of telecommunications equipment in the federal government, said the FBI
wiretap plan would have an adverse impact on national security.  In 1992 the
General Services Administration wrote that the FBI wiretap plan would make it
"easier for criminals, terrorists, foreign intelligence (spies) and computer
hackers to electronically penetrate the phone network and pry into areas
previously not open to snooping."  The confidential memo was obtained as a
result of a Freedom of Information Act request.

** The wiretap bill mandates new technologies for data surveillance. ** 
	The wiretap bill says that "a telecommunications carrier shall
ensure that it can enable government access to call-identifying
information."  This is the first time the U.S. government has required by
law that communications networks be designed to facilitate electronic data
surveillance.  Telecommunications firms, equipment manufacturers, and those
who work in the hi-tech industry face a legal obligation to design networks
for electronic monitoring.

** The Constitution protects the right of privacy, not the use of wiretap. **
	Privacy is a Constitutional right.  The Fourth Amendment protects
privacy and the right of individuals to be free from unreasonable search and
seizure.  Wiretapping is permitted by federal statute only in narrow
circumstances.  It has no Constitutional basis.  Congress could outlaw all
wiretapping tomorrow if it chose to do so, but it could not easily repeal
the Fourth Amendment.

** Clipper shows what happens when government tries to develop standards for
surveillance. **
	Recent experience shows that standards developed to facilitate
wiretapping are less robust, and are costly to American business and
individual privacy.
 The development of a technical standard called the "Digital Signature
Standard" used for authentication of electronic documents provides a case
study of what happens when an agency with legal authority to conduct wire
surveillance is also given authority to set technical standards for
communications networks.  
	Viewing the role of the National Security Agency in the development
of the DSS, MIT Professor Ronald Rivest said "It is my belief that the NIST
proposals [for DSS] represent an attempt to install weak cryptography as a
national standard, and that NIST is doing so in order to please the NSA and
federal law enforcement agencies."  Stanford Professor Martin Hellman
concluded that "NIST's action give strong indication of favoring NSA's
espionage mission at the expense of American business and individual
privacy." 

** The FBI wiretap plan will undermine the privacy and security of
communication networks around the world. **
	Communications firms in the United States are the largest produces of
networking equipment in the world.  The adoption of surveillance-based
standards in the United States will almost certainly lead to more electronic
monitoring in other countries by state police.  Many countries do not have
even basic legal protections to control unlawful electronic surveillance.
	There is one story, almost apocryphal.  When FBI Director Lou Freeh
was in Eastern Europe earlier this year and urged the leaders of the new
democratic government to adopt similar proposals for wiretap capability, he
was turned down.  Not surprisingly, those who had just lived through regimes
where governments routinely spied on their citizens were not eager to repeat
past mistakes.

** The wiretap bill established a framework for further encroachments on
personal privacy. **
	In granting power to the Department of Justice to establish
standards for communications surveillance across every telephone system in
the United States, the wiretap plan takes a sharp turn toward greater
encroachments on personal privacy.  What could follow? Mandatory licensing
schemes for technologies that protect privacy.  Criminal sanctions for
developers and manufacturers of equipment that is not easily wiretapped.  A
presumption of illegal conduct when people choose to communicate with
technologies that the United States has not certified can be wiretapped.
	If this sounds like speculation, consider the fact that the Department of
Energy recently announced that it moving forward with a research program to
develop network technologies that will make it easy for law enforcement to
track payments.  Sound familiar?

BAD IDEAS HAVE CONSEQUENCES
	Considering both our national views on wiretap and all the Reasons to
oppose the plan,  does it matter if the government goes forward anyway? 
Yes, for several reasons.
	First, the plan will waste hundreds of millions of dollars.  The FBI
may not succeed in building a "wiretapable" network, but if the pending
wiretap bill goes forward it will spend more than half a billion dollars of
taxpayer dollars in the effort. Combined with the costs of Clipper,
taxpayers are looking at a bill of around one billion dollars for a plan
that even the proponents agree cannot fully work.
	Second, there is no question that the wiretap proposal will slow
technical innovation and leave US companies to play catch-up with foreign
firms that do not face similar requirements.  New network technologies
require good privacy technology.  Wireless networks in particular, such as
cellular phones and satellite systems, would benefit greatly from better
privacy protection.  Smart companies will design networks that protect
privacy and security, not promote eavesdropping and surveillance.  The
wiretap plan means less security for consumers and businesses, and less
competitive products for U.S. firms.
	Third, the risks of the proposal are enormous.  Networks designed for
surveillance are inherently more vulnerable than those designed for
security.  Are the FBI and the proponents of the plan really prepared to
jeopardize the integrity of the nation's communications grid for less than a
thousand wiretaps a year?
	Digital Telephony also will not meet the government's goal of trying
to ensure the viability of electronic wiretapping.  But in the effort to
preserve this form of electronic surveillance, a lot of damage can be done
to network security, American business, and personal privacy. 
	In fact, of all the many proposals for the information highway, no
two are less popular, less needed, or less desirable than Clipper and Digital
Telephony.  The White House can cut it losses if it simply drops these
surveillance plans.
	Some will say that the plans are necessary for law enforcement.  But
Americans have never been comfortable with electronic wiretapping.  We
recognize that enforcement of law is a central goal in every democratic
society.  But the exercise of law enforcement, and the ability to conduct
surveillance of citizens, requires a careful assessment of methods and
objectives.  Even a country deeply concerned about crime is prepared to draw
some limits on the scope of government power.

	-- Marc Rotenberg, 
        Electronic Privacy Information Center

------------------------------

Date:    Fri, 7 Oct 94 09:49:41 EDT
From:    denning@chair.cosc.georgetown.edu (Dorothy Denning)
Subject: Rebuttal

Marc welcomes us to the "Information Snooper Highway."  If maintaining
a capability to conduct court-ordered wiretaps makes the phone system a
snooper highway, then by Marc's reasoning, we arrived many decades ago
since until recently, implementing wiretaps has not been a problem.
Why doesn't Marc complain about our roadways being snooper highways?
After all, the police can follow us, pull us over, search our vehicles,
and test our alcohol level.  We have to display license plates on our
cars so that we can be identified, and we even have to pay for the
"privilege" of being easily identified.

The fact is, nothing in the Digital Telephony bill precludes the
adoption of privacy enhancing technologies, including encryption.  With
such technologies, our telecommunications infrastructure will be less
prone to snooping that it is right now.  Illegal wiretaps will be
virtually impossible.

Marc seems to prefer that the information highway be wiretap proof.
But imagine if the roadways were police proof.  What would have
happened if the police could not have followed O.J. Simpson's white
bronco on the freeway or if they could not have seen inside his vehicle
in order to base their decisions on a reasonable assessment of dangers
and risks?

Marc cites an old GSA memo, where GSA raised concerns relating to an
earlier draft of the proposed legislation, including concerns that the
wiretap capability could threaten security.  Telecommunications
security is, of course, extremely important.  But the real
vulnerabilities are with the switches, which may be subject to
penetration attacks (possibly leading to a shut-down of the phone
system), and with the over-the air communications, which can be
intercepted with cheap scanners.  The Digital Telephony bill does not
aggravate these vulnerabilities.  More likely, the security and privacy
requirements of the bill will lead to greater security.

Congress could, of course, outlaw wiretaps as Marc suggests.  They
could also outlaw auto emissions requirements and speed limits.  And
since we don't like taxes any better than wiretaps, maybe they should
outlaw that too.  Fortunately, Congress acts more responsibly than
that, and considers the needs of society as well as personal freedoms.

Marc claims that standards developed to facilitate wiretapping are less
robust, quoting Ron Rivest as saying that the DSS proposal was an
attempt to install weak cryptography as a national standard.  Marc does
not tell us that Ron made his statement before the DSS was adopted as a
standard, with key lengths up to 1024 bits.  For comparable key sizes,
the DSS is at least as strong as the RSA digital signature system.

None of us is thrilled with the idea of the government tapping our
lines.  That's why the use of this tool is severely restricted.  The
Digital Telephony bill is not about extending the surveillance
authorities of the government, but about maintaining a tool that people
in law enforcement view as vital to their work against organized crime,
drug trafficking, fraud and corruption, terrorism, and other serious
crimes.  That the FBI is going to all this trouble to fight for
something that is used in less than 1000 cases per year is evidence of
how important they view this tool for performing their job.  If Marc
understood this, he would not erroneously infer that the FBI wanted to
build new surveillance capabilities into the communications network.

While it is tempting to rush forward with new technologies, we must
make sure those technologies serve us over the long term.  In general,
it is cheaper and easier to design safety and security features into
systems while they are being designed than after the fact.  The Digital
Telephony bill is about doing just that, and not waiting until
wiretapping becomes a more serious problem to law enforcement and a
more costly problem to fix.

Dorothy Denning

------------------------------

End of PRIVACY Forum Digest 03.19
************************

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH