Bad news for telecommunications companies: New details have emerged about the FBI’s efforts to upgrade its surveillance powers—and the feds’ latest idea is to heavily fine firms that don’t comply with eavesdropping requests.
Last month I reported that the bureau said it was having a hard time monitoring services like Gmail, Google Voice, and Dropbox in real time when attempting to spy on criminals. The FBI’s general counsel Andrew Weissmann revealed in a speech that a “top priority” for the bureau in 2013 was to reform surveillance laws in order to force email, cloud services, or online chat providers like Skype to provide a wiretap function. The 1994 Communications Assistance for Law Enforcement Act already allows the government to mandate Internet providers and phone companies to install surveillance equipment within their networks. But it doesn’t apply to third-party providers—like Google or Facebook—which has led the bureau to claim that its ability to monitor suspected criminals’ conversations is “going dark.”
Now, according to the Washington Post, the feds have prompted a government task force to draft a proposal to update CALEA and the 1968 Wiretap Act to put more pressure on companies that do not currently fall under the scope of their powers.* This could involve, the Post reports, “a series of escalating fines, starting at tens of thousands of dollars, on firms that fail to comply with wiretap orders.” If a company fails to comply with an order in a set timeframe, it would “face an automatic judicial inquiry, which could lead to fines. After 90 days, fines that remain unpaid would double daily.”
The FBI’s controversial proposal is reminiscent of what other countries have recently considered. Governments in the United Kingdom, Canada, and Australia have each sought similar surveillance authority. Last year, the British government published a draft Internet snooping law that would have enabled legal action and penalties against companies that did not comply with surveillance requests. But the proposal appears to have been killed off due to political infighting and public opposition. Canada’s Web spy law was also canceled after an outpouring of criticism, and in Australia the government’s surveillance plans have been delayed.
If other countries’ experiences are anything to go by, then, the FBI’s efforts will certainly not have a smooth passage into law. Aside from privacy and civil liberties concerns, the bureau will face tough opposition from companies concerned about the potential security risks posed by building in so-called surveillance “backdoors” for monitoring purposes, which can be exploited by hackers. For that reason alone, the FBI can be sure that not all companies will play ball if it tries to rewrite CALEA in a way that would strong-arm companies into complying with eavesdropping. The CEO of encrypted communications provider Silent Circle told me last year, for instance, that he would “rather shut Silent Circle down than ever allow a backdoor or be bullied into an ‘or else’ position.”
In the meantime, however, the FBI does have some options on the table if it wants to spy on Skype calls or get transcripts of Gchats in near real-time. The bureau has a sophisticated spy Trojan that can covertly infiltrate a computer to gather all kinds of data—taking snaps of a suspect through their webcam, recording passwords, and gathering logs of conversations, as a judge in Texas disclosed last week in an order denying the tool’s use.
*Update, April 29, 2013: This sentence was updated to clarify that the FBI has directed a task force to create the proposal, rather than the bureau drafting the proposal itself.