How Governments and Telecom Companies Work Together on Surveillance Laws
It isn’t a coincidence that the U.S., Canada, Australia, and the U.K. are proposing similar laws to permit monitoring of Internet communications.
Photo by Ernest Nikl/iStockphoto.
When Americans are displeased with their politicians, they like to threaten to move to Canada. But if you’re tempted to move north—or even further afield—to get away from plans for increased Internet surveillance by the government, think again. Controversial new surveillance laws proposed in the United States, Canada, the United Kingdom, and Australia have quite a bit in common. And it’s no coincidence.
Over the past few months, authorities in these countries have separately been arguing the case for expanded power to monitor Internet communications. Changes could include making it mandatory for social networks and online chat providers to build in back doors for law enforcement eavesdropping and instituting so-called “deep packet inspection” technology to enable monitoring and interception of data.
The plans have prompted an outpouring of negative reaction, much of it centered on concerns about government invading Internet users’ privacy. But what has gone largely unremarked upon is the role played by little-known networks of telecom companies and international government agencies, which have been quietly collaborating to reform surveillance laws so that they are “harmonized” to a similar standard from country to country.
In cities across the world, groups composed of telecom companies and government representatives have met to discuss how to integrate surveillance capabilities into existing and developing technologies. The decisions they have made, largely beyond public scrutiny, could lead to a fundamental shift in the Web’s basic architecture.
Below, alongside links to documents offering insight into ongoing discussions between industry and government on surveillance issues, you can find details about some of the key organizations, countries, and companies involved.
The Alliance for Telecommunications Industry Solutions
ATIS is an organization that brings together the communications industry and law enforcement. Focused mainly on North America but collaborating internationally, ATIS’s list of more than 180 members includes the FBI’s specialist Electronic Surveillance Technology Section alongside many familiar companies: Microsoft, AT&T, Sprint Nextel, T-Mobile, Time Warner Cable, and Verizon, among others.
ATIS runs a series of subcommittees and task forces, some of which focus specifically on integrating surveillance capabilities into the latest communications technologies. One recent ATIS presentation, given by a representative from CenturyLink in late 2011, detailed how the organization was working on updating standards for intercepting communications sent over voice over IP chat services (like Skype) and IMS networks. IMS is considered a “next generation” telecom network that combines mobile and fixed networks into one. Law enforcement agencies see IMS as a challenge in part because it can enable difficult-to-intercept mobile VOIP calls.
The European Telecommunications Standards Institute
Like ATIS, the European Telecommunications Standards Institute has been working with government and law enforcement agencies to integrate surveillance capabilities into communications infrastructure.
ETSI holds meetings on lawful interception three times a year, attended by up to 80 participants from countries such as the United Kingdom, the United States, Canada, and Australia. It has more than 700 members across five continents. Some are government departments tasked with upgrading surveillance laws in their respective countries: Canada’s public safety department; Australia’s attorney general’s department; and the National Technical Assistance Centre, a subunit of the U.K. spy agency GCHQ.
Several of the world’s largest telecom firms—including Vodafone, RIM, Nokia Siemens, and British Telecom in previous years—participate in ETSI’s lawful-interception meetings. ETSI’s January 2012 white paper on “security for ICT” (information and communication technologies) detailed that it is working toward “the standardisation of lawful interception,” and has the “active participation of the major telecom manufacturers, network operators, and regulatory authorities of Europe and from around the world.”
Ultan Mulligan, an ETSI spokesman, said the organization focuses on finding “agreed technical solutions” to lawful interception across borders because it’s not economical for telecommunications companies to have a different mechanism in each country. He added that consumer groups and universities focused on telecommunications and ICT industry can attend and contribute to ETSI’s lawful interception meetings if they are paid-up members. But “private individuals” (including journalists or interested citizens) cannot attend or apply for membership.
An ETSI presentation dated 2011 shows the organization is working to help enable cross-border interception of data held by cloud storage services.
Ryan Gallagher is a journalist who reports from the intersection of surveillance, national security, and privacy for Slate's Future Tense blog. He is also a Future Tense fellow at the New America Foundation.