Threat Management

From RSA: Warrantless wiretapping: blame it on technology

The digitization of information has made wiretapping incredibly easy, while at the same time making legislation around warrants and civil liberties exponentially more complex, said experts during an afternoon panel at RSA yesterday.

“Two and a half years ago, I and my partners at the New York Times exposed a national wiretapping program and we still can't tell what it's all about,” said Eric Lichtblau, investigative reporter, who officiated the panel.

It doesn't make sense, he said, that AT&T and about 40 other ISPs are being sued for complying with government wiretap orders, while laws are in flux and there are no clear legal standards that currently apply.

In pre-internet days, government agencies got a wiretap order, set up at a switch and just tapped that individual's personal calls, explained Matt Blaze, researcher and associate professor, computer and information science, University of Pennsylvania. Now government intelligence agencies have access to large data pipes hosted at the ISPs themselves where they can filter large volumes of data on everyone, instead of just a single suspect or case.

“FISA [Foreign Information Surveillance Act] did not allow government to go to the courts and say ‘Give me the keys to the kingdom.' But that's what they're doing,” he said.

When FISA passed in 1978, its intent was to sort through only overseas calls, and even then with a wiretap court order, added Bill Crowell, director for ArcSight. “The sooner we pass a law that modernizes FISA and balances privacy considerations in the Protect America Act, the better,” he said.

Bush's Protect America Act of 2007 essentially does away with the judicial requirement for obtaining wiretaps required in previous wiretapping laws. And while that enables speedy processing in criminal cases, all panelists felt that the laws should include a way to bring the judicial back into the process without overly inhibiting investigations.

“What we need is supervised flexibility in which all three branches of government, including the judicial branch, are involved going forward,” said Jim Dempsey, policy director, Center for Democracy and Technology.

Crowell added that such a system should then be followed up with technologies. This would include filtering and other technologies that can be used to protect citizen data from view and make search more localized and specific.

Deb Radcliff

Deb Radcliff was the first investigative reporter to make cyber crime a beat starting in 1996 after researching a best-selling book about Kevin Mitnick called the Fugitive Game. Since then, she has written hundreds of articles for business and trade magazines, won two Neal awards for investigative reporting, and was runner up for a third. She stood up an analyst program for SANS Institute and ran it for 15 years before joining the Cyber Risk Alliance as strategic analyst on the business intelligence unit. And she wrote her first book in a cyber thriller series, “Breaking Backbones: Information is Power,” which is selling well on Amazon and other outlets.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.