- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - Senate hearings in Washington last week focused on whether the National Security Agency needs a warrant before it conducts domestic surveillance, but from a technology perspective, the lawful wiretap process is pretty straightforward.
Let's say U.S. forces in Iraq or elsewhere capture a laptop or cell phone containing the phone number of someone suspected of having links to Al Qaeda. And let's assume that law enforcement goes to the appropriate court and obtains a warrant to tap that phone number.
Once a warrant is issued, depending on time constraints surrounding the investigation, it is either faxed directly to the service provider or physically presented by law enforcement. In this scenario, it might be the FBI, acting on behalf of the NSA.
Under the federal Communications Assistance for Law Enforcement Act (CALEA) of 1994, carriers are required to have a procedure and technology in place for intercepting calls.
The most common type of tap is a pen register (otherwise known as trap and trace), which produces a log showing what numbers were called, and the dates, times and durations of the calls. The second type intercepts the content of the call.
"There are tens of thousands of trap and trace interceptions vs. thousands of content interceptions each year because they are much easier to do," says John Morris, staff counsel at the Center for Democracy and Technology (CDT) in Washington, D.C.
The way it works is that a carrier taps into a digital switch at its central offices or at an aggregation point and programs in what number will be traced or what calls will be intercepted.
Once the information is gathered, it is sent via a private link paid for by law enforcement to the agency that requested it. That could be the FBI or another federal law enforcement agency, such as the Drug Enforcement Agency or Bureau of Alcohol, Tobacco and Firearms.
"Phone tapping has been going on for more than 20 years, it's nothing new," says David Holtzman, a security expert, former CTO of Network Solutions, and author of the upcoming book Privacy Lost. "It's a very simple thing to get a warrant to intercept communications."
But what has changed significantly, according to experts, is the role that carriers and service providers play.
"In the past, the government or law enforcement didn't need the carrier's help," Morris says. "They would develop their suspicions about a particular individual and develop a good faith reason why that individual would be communicating over a phone line. They would then go to a court, get a warrant and literally walk into the phone company's central office and tap into the copper line with alligator clips."
With fiber replacing copper wires, the deployment of digital switches at the central office, and the burst of cellular and Internet traffic, law enforcement now depends on the expertise of service providers to help carry out interception warrants, Morris says.
Three U.S. laws compel carriers and other communications providers to participate in lawful interceptions:
1. Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (also known as Title XVIII).
2. The Foreign Intelligence Surveillance Act (FISA) of 1978.
3. CALEA of 1994.
"Title III covers domestic surveillance, and FISA deals with matters involving foreign powers," says Kevin DiLallo, partner at the Levine, Blaszak & Boothby, LLP law firm in Washington, D.C. He adds that CALEA explains the role of communications providers in helping law enforcement carry out wiretaps.
In addition, the Patriot Act of 2001 widened the scope of lawful interception.