The future of wiretapping

Pushed by the Federal Bureau of Investigation, the Obama administration may ask Congress for the power to snoop on more types of communication online. The timing couldn’t be worse, given the outcry over the Justice Department secretly grabbing journalists’ phone records and emails in its pursuit of government leakers. The bigger issue with what the FBI is seeking, though, is that it applies 20th century assumptions about surveillance to 21st century technologies.

Congress passed the Wiretap Act in 1968 to give federal investigators the power to listen in on suspects’ phone calls if they obtained a federal court’s permission. The advent of wireless phones and digital networks led the feds to worry about their ability to monitor suspects who used new technologies, so lawmakers amended the law to require telecommunications companies to build wiretap capabilities into their networks.

That requirement, however, applies only to service providers that use or connect to the traditional phone grid. These days, there’s a growing number of ways to communicate through data networks that don’t use any part of the phone grid, including online teleconferencing and virtual telephones built into instant-message programs. In the not-too-distant future, video calling is likely to be a standard feature in Web browsers, potentially turning every website into a virtual phone booth or party line.

FBI officials have warned Congress about a widening gap between their ability to obtain wiretap orders and a service provider’s ability to intercept targeted communications. This “going dark” problem, they say, stems largely from the emergence of services that aren’t equipped to be tapped. That’s why they want to spur companies to make their technologies wiretap-friendly by creating stiff fines for those that can’t comply with wiretap orders.

The agency’s drive to adapt the law to new technology, however, ignores the fundamental shift away from centralized phone networks to decentralized systems powered by smart software that can create a network on the fly. To eavesdrop on some of the new forms of communication, Internet service providers would have to look at every bit of data they transmit, or the companies supplying the software involved would have to design it to be insecure. The latter would be both impractical — because criminals could easily switch to more secure foreign software — and dangerous, because making the software tappable opens new security holes that hackers and spies can employ against any user of the software. Criminals may want to be secure from wiretaps, but law-abiding people also want to be able to communicate sensitive information securely. And there are far more of the latter than the former.

The irony is that the Internet is actually making it easier for the feds to gather information about suspects without warrants. As the Center for Democracy and Technology pointed out, the widespread use of GPS-equipped mobile phones has effectively put a tracking device in the pocket of virtually every suspect. Combine that with the information collected online about the websites people visit, the material they download, the friends they keep and the people with whom they communicate, and it hardly seems as if the FBI is being left in the dark.