BOB GARFIELD: Monday was the deadline for all providers of high-speed Internet to make it easier for the government to snoop on their customers. It's the outgrowth of a piece of legislation called the Communications Assistance for Law Enforcement Act, or CALEA, passed in 1994 after the FBI complained that it was too difficult with all the new telephone technology to install a wiretap.
The act made phone wiretapping capability mandatory, and now, following September 11th and the digital information revolution, law enforcement wants the same access to Internet communications.
Kevin Poulsen, a senior editor at Wired News, says that instead of passing a new CALEA that would include Internet surveillance, the FCC was persuaded to reinterpret the old 1994 act. KEVIN POULSEN: That was a controversial move, because when Congress passed CALEA it specifically exempted "information services," quote, unquote, from the laws. That's one of the ways that it got through some initial opposition from technology companies.
So the FBI went back for another bite of the apple and the FCC obliged them and expanded this law rather dramatically. BOB GARFIELD: Now, the FCC over the past six years has been a particularly compliant [LAUGHS] agency, but they've also run into a lot of resistance on the Hill and in public opinion. Is there any kind of groundswell that would keep this law from actually being enforced? KEVIN POULSEN: There was actually a lawsuit challenging not the law but the FCC's interpretation of it, and that went before a federal appeals court in Washington DC, who last year ruled in favor of the FCC, two to one. BOB GARFIELD: I just want to understand this clearly. Even though it will be much easier for the government to go to a given ISP or phone company to conduct a wiretap, these are still investigations that require a specific court order for a specific line to be tapped. KEVIN POULSEN: That's correct, or a specific surveillance target. The standards for obtaining a court order haven't changed. What's changed is the ease of implementing that court order once you've obtained it. BOB GARFIELD: How difficult will it be for Internet service providers and portals and so forth to comply with the provisions of CALEA? KEVIN POULSEN: It's not difficult to make Internet broadband networks wiretappable. What will be more difficult is meeting the exacting standards that have arisen around the new Internet wiretapping requirements. There's a very specific format in which customer information is supposed to be delivered to the FBI or other law enforcement agencies, and if you don't meet that standard then you could be held as being in violation of the law.
There's a small cottage industry that's grown around just making broadband ISPs and voiceover Internet providers compliant. You can essentially outsource your wiretapping now to a third-party company that will handle all of this for you. BOB GARFIELD: Now, it seems to me that the biggest threat here is that once law enforcement is given tools, it has shown a [LAUGHS] tendency to use them, even to abuse them. Do we have any reason to fear that simply creating the apparatus for future wiretaps is going to cause just a tremendous boom in the number requested by the government? KEVIN POULSEN: I don't know if it's going to cause a massive overnight explosion, but when the deadline for compliance with the telephone, the original provisions of CALEA, came in 2002, it was accompanied immediately by a climb in the number of wiretaps that take place year after year. That's been growing ever since.
So I think you could logically expect the same thing to happen now. If you make it so that an Internet wiretap can be in place the same day a judge signs off on it, then it's going to be a lot more attractive to law enforcement and we're going to see more tapping of the Internet.
And, of course, the risk here is surveillance as sort of a sweeping, and, one might argue, lazy way of investigating a crime. If we see law enforcement officials turning to that as a first step instead of a last resort, then more and more innocent people are going to find a communications trap in this net. BOB GARFIELD: Well, your blog is called The Threat Level Blog. By your lights, you know, how far does this move the threat level needle? KEVIN POULSEN: [LAUGHS] A little bit higher in the red now. BOB GARFIELD: [LAUGHS] It's been a long time since it's been in the white, hasn't it? KEVIN POULSEN: I'm afraid so. BOB GARFIELD: Kevin, thank you so much. KEVIN POULSEN: No problem. Thanks for having me. BOB GARFIELD: Kevin Poulsen writes for the Threat Level Blog on wired.com. He spoke to us from the Wired newsroom in San Francisco.