http://www.pbs.org/cringely/pulpit/pulpit20060119.html January 19, 2006 Hitler on Line One There's a Long History of Intercepting Foreign Communications, and Some of It May Have Been Legal By Robert X. Cringely Who is listening-in on your phone calls? Probably nobody. Right now, there is huge interest in phone tapping in the United States because the Bush Administration (through the National Security Agency) was caught listening in without appropriate court orders. What I have noticed is that, for all the talking and writing on this subject, there seems to be very little real information being presented. So this column is my attempt to share what I've learned about the topic. It might surprise you. Intercepting communications for purposes of maintaining national security is nothing new. From before Pearl Harbor through 1945, EVERY trans-Atlantic phone call, cable and indeed letter was intercepted in Bermuda by the Coordinator of Information (COI) in the White House and later by the Office of Strategic Services (OSS). Sir William Stephenson revealed this in his autobiography, A Man Called Intrepid. They literally tapped the undersea cables and shipped all post to Europe through Bermuda, where every single call was monitored, every cable printed out, and every letter opened. FDR and Churchill needed intelligence and they took the steps they needed to get it. The computer monitoring of cell phone conversations pales in both scale and significance. One fun fact from that monitoring: The CEO of International Telephone & Telegraph (ITT) reportedly spoke with Adolf Hitler on the phone from New York City every week of the war. According to the book The Sovereign State of ITT, the call was placed from New York to South America, and then used a cable from South America to Berlin. Key companies that maintained the German telephone network were ITT subsidiaries at that time, and communications were obviously of strategic importance for Germany; thus Hitler needed to speak with the CEO every week. ITT never stopped running the German phones during the war and were evidently allowed to continue doing so to gather just this sort of intelligence (that's me putting a positive spin on a disturbingly ambiguous relationship). So information technology's ability to eliminate borders in warfare is nothing new, even though it seemed to take the New York Times by surprise! Following the war, the Bell Operating Companies cooperated in national security wiretapping for years based only on the delivery of the so-called "Hoover Letter," under the hand of FBI Director J. Edgar Hoover. As a result of that cooperation, AT&T was ultimately the defendant in 18 national security lawsuits, all of which involved wiretaps of U.S. citizens' domestic communications where there was no prior judicial authorization. The trial court and the D.C. Circuit Court of Appeals decided that AT&T had not violated any constitutional right or law. Keep in mind that international calls or communications were not at issue. In 1967, the U.S. Supreme Court ruled that telephone surveillance was technically a "search," and thus prohibited by the Fourth Amendment to the Constitution unless conducted with a court order. In 1972 the Supreme Court handed down a unanimous opinion that clarified the scope of the Executive Branch to engage in wiretapping without prior judicial approval, saying that the Nixon Administration needed warrants for every domestic phone and wire tap. Even after this decision, however, the Executive Branch continued to conduct electronic surveillance of international communications without prior judicial approval (Republican and Democratic administrations alike), according to people working in these areas for the phone company at that time. Because the objects of those searches were presumed not to be U.S. citizens (whether they actually were or not), the taps were allowed. Jumping to the present day, in the United States there were two categories of phone taps and two major laws governing phone taps -- that is until the Bush Administration invented whole new versions of both. The two laws are the Community Assistance for Law Enforcement Act (CALEA) and the Foreign Intelligence Surveillance Act (FISA). CALEA is for domestic wiretaps and FISA is for international wiretaps. Each requires a report to Congress every year and for the 2004 year (the most recent reported) each had slightly over 1700 qualifying wiretaps. Each law also requires a court order for every tap, though under FISA there is some leeway, and in theory such court orders can be obtained retroactively in any case within 72 hours. To this point what we have been considering are technically called "intercepts" -- listening to phone calls and recording the information they contain. Most phone taps in the U.S. aren't conducted that way at all. On top of the approximately 3,500 CALEA and FISA intercepts conducted each year, there are another 75,000 domestic phone taps called "pen/traps" by the telephone company. While interceptions capture the voice portion of a telephone call or the data portion of an electronic communication, such as the content of e-mail, pen/traps capture just the outgoing digits dialed (the pen register portion of the technology) and the numbers of the incoming callers (the trap and trace portion of the technology). In CALEA terms, these are "call-identifying information." Court authorizations for interceptions are difficult to obtain for many reasons. Pen/traps are easy to obtain. While the government has to obtain court authorization to install a pen/trap, the role of the court in this review and approval procedure is merely "ministerial" -- primarily a form of record-keeping. The government has a very low hurdle to meet to obtain judicial approval for pen/traps, and if that hurdle is met, the court MUST approve the order. Pen/traps are very useful in a criminal investigation, and inexpensive compared to a court-approved interception. So, it is not surprising that there are so many more pen/traps than there are interceptions. To get this far, I had to talk to a lot of former and current telco people, and one thing I learned is that they generally don't like having to do either type of phone tap. Under both laws, telephone companies that do this kind of work are supposed to be reimbursed for it, yet many phone companies never send a bill. Whether that is because of patriotism or fear of liability, I don't know. Many phone companies also outsource their phone taps to smaller firms that specialize in that kind of work. These firms handle the legal paperwork, and generally more than pay for themselves by billing the Feds, too, on behalf of the telco. It feels a little creepy to me knowing that our telephone systems can be accessed at will by "rent-a-tap" outfits, and that the technology has advanced to the point where such intercepts can apparently be done from a properly-authorized PC. Is all of this worth worrying about? What led me on this quest in the first place was the fact that I simply couldn't understand why the Administration felt the need to go beyond FISA, given that the court nearly always granted warrants and warrants could be done retroactively. But does it really matter? I didn't know whether to be outraged or bored, and I feared that most Americans were in similar positions. Given that this is all about National Security, we'll probably never know the full answer. Even if the proper research is conducted and answers obtained, they won't be shared with you or me. But here's a hint from a lawyer who used to be in charge of exactly these compliance issues for one of the largest RBOCs: "While it is true the FISA court approves nearly all applications submitted to it, this is due primarily to the close vetting the DOJ attorneys give to applications before they are submitted to the court. In fact, the FISA appellate court noted that the DOJ standards had been higher than the statute required. I am unaware that the court has 'retroactively' approved any electronic surveillance that was not conducted in an emergency situation. There are four emergency situations enumerated in the statute. Even in an emergency, the government has to apply for approval of what they have already started or in some case finished and these applications have to meet the same strict standards as any other application." So the probable answer is that the several hundred NSA communication intercepts wouldn't have qualified for submission by the DoJ to the FISA court, and some of those might not have qualified for FISA court orders even if they had been submitted. It looks like the difference between using a rifle or a shotgun, with the Bush Administration clearly preferring the shotgun approach. Only time will tell, though, if what they are doing is legal. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]