The head of the Federal Communications Commission on Tuesday raised the possibility that the spread of encryption signaled the need for an update to a landmark wiretapping law.
During testimony before the House Subcommittee on Communications and Technology, FCC Chairman Tom Wheeler floated the idea of extending the Communications Assistance for Law Enforcement Act (CALEA) to cover more technology companies.
CALEA, which passed in 1994, originally required only phone companies to build their systems to accommodate court-ordered government wiretaps, also known as “lawful intercepts.” At the urging of the George W. Bush administration, Congress amended it to cover Internet service providers and voice-over-Internet-protocol (VoIP) companies.
“It is an old law that predates the modern computing and communications system, cybersecurity threats, and the need to routinely use encryption in everyday life.”
“One of the issues here is the question of, ‘What is a lawful intercept?'” Wheeler said at Tuesday’s House hearing. He noted that Congress had answered this question with its earlier work on CALEA, but he added, “Things have moved on since then.”
Wheeler then pointed to a report about terrorists allegedly using the Playstation 4‘s chat feature to plan attacks, calling that technology “outside the scope of anything ever considered in CALEA” and adding, “There’s probably opportunities to update the lawful intercept concept.”
An FCC spokesman clarified to the Daily Dot that Wheeler was not seeking changes to CALEA but rather noting Congress’ ability to make those changes if it deemed them necessary. The spokesman said that the FCC would respond if Congress or the law-enforcement community asked it to change how it interpreted the existing law. As a regulatory agency, the FCC is required to ensure that companies fulfill their technical obligations under CALEA.
Wheeler may not have been asking Congress to update CALEA, but his comments might alarm many in the privacy community, which fought a bitter battle over CALEA—as part of a broader encryption debate called the “crypto wars”—and eventually won several exemptions.
“Absolutely, that concerns us,” Lee Tien, a senior staff attorney at the Electronic Frontier Foundation, told the Daily Dot in an email. Tien argued that, because CALEA was written at a time before ubiquitous encryption, Congress could not reasonably expand it today.
“CALEA essentially treats communications in the clear as the norm,” he said. “It is an old law that predates the modern computing and communications system, cybersecurity threats, and the need to routinely use encryption in everyday life.”
Any expansive revision of CALEA would likely target its three privacy-minded limitations. These provisions specify that the government can’t mandate the inclusion or exclusion of specific features; that “information services” companies (essentially any Internet companies other than ISPs) are exempt from the law; and that companies subject to CALEA don’t have to decrypt communications as part of wiretaps unless they have the decryption keys.
Taken together, these limitations provided a strong bulwark against far-reaching Internet wiretapping. Seth Schoen, a senior staff technologist at the EFF, told the Daily Dot in July that these provisions shielded companies like Apple from having to facilitate wiretaps—and, in particular, from having to put wiretap-friendly “backdoors” in their encryption.
“Essentially, each part of [the limitations section] provides a reason why the current CALEA couldn’t be applied to make Apple change its software,” Schoen said. “Because it doesn’t apply to Apple [as an information service], because it can’t be used to dictate features, and because companies aren’t responsible for decrypting unless they have the keys.”
A spokesman for Rep. Fred Upton (R-Mich.), the chairman of the House Energy and Commerce Committee, did not say whether Upton wanted to update CALEA. A spokesman for Rep. Greg Walden (R-Ore.), the chairman of the Subcommittee on Communications and Technology, did not respond when asked the same question.
Photo via Dieter R/Flickr (CC BY 2.0)