1994-08-19 - EFF Analysis of Leahy/Edwards Digital Telephony Bill

Header Data

From: dance@cicero.spc.uchicago.edu (Squeal)
To: Cyperpunks <cypherpunks@toad.com>
Message Hash: b3e73b7b3f243120538fb4f07051d862dfa42d45e55bc8d3f99c3d927a9fa93b
Message ID: <9408191351.AA03160@cicero.spc.uchicago.edu>
Reply To: N/A
UTC Datetime: 1994-08-19 13:52:07 UTC
Raw Date: Fri, 19 Aug 94 06:52:07 PDT

Raw message

From: dance@cicero.spc.uchicago.edu (Squeal)
Date: Fri, 19 Aug 94 06:52:07 PDT
To: Cyperpunks <cypherpunks@toad.com>
Subject: EFF Analysis of Leahy/Edwards Digital Telephony Bill
Message-ID: <9408191351.AA03160@cicero.spc.uchicago.edu>
MIME-Version: 1.0
Content-Type: text/plain


I hope this is helpful (and not too out-of-date, 9 days ago!). It's the
EFF's justification....

--------------------------Begin Message-----------------------------

Date: 10 Aug 1994 16:58:23 -0500
From: mech@eff.org (Stanton McCandlish)
Subject: EFF Analysis of Leahy/Edwards Digital Telephony Bill

EFF SUMMARY OF THE EDWARDS/LEAHY DIGITAL TELEPHONY BILL
=======================================================


OVERVIEW
--------

The Edwards/Leahy Digital Telephony bill places functional
requirements on telecommunications carriers in order to enable law
enforcement to continue to conduct authorized electronic surveillance. It
allows a court to impose fines on carriers that violate the requirements,
and mandates that the processes for determining capacity requirements and
technical standards be open and public.  The bill also contains significant
new privacy protections; including an increased standard for government
access to transactional data (such as addressing information contained in
electronic mail logs), a requirement that information acquired through the
use of pen registers or trap and trace devices not disclose the physical
location of an individual, and an expansion of current law to protect the
radio portion of cordless telephone conversations from unauthorized
surveillance.


SCOPE OF THE BILL.  WHO IS COVERED?
-----------------------------------

The requirements of the bill apply to "telecommunications carriers", which
are defined as any person or entity engaged in the transmission or
switching of wire or electronic communications as a common carrier for hire
(as defined by section 3 (h) of the Communications Act of 1934), including
commercial mobile services (cellular, PCS, etc.).  The bill also applies to
those persons or entities engaged in providing wire or electronic
communication switching or transmission service to the extent
that the FCC finds that such service is a replacement for a substantial
portion of the local telephone exchange.

The bill does not apply to online communication and information services
such as Internet providers, Compuserve, AOL, Prodigy, and BBS's. It also
excludes private networks, PBX's, and facilities which only interconnect
telecommunications carriers or private networks (such as most long
distance service).


REQUIREMENTS IMPOSED ON CARRIERS
--------------------------------

Telecommunications carriers would be required to ensure that they
possess sufficient capability and capacity to accommodate law enforcement's
needs.  The bill distinguishes between capability and capacity
requirements, and ensures that the determination of such requirements occur
in an open and public process.


CAPABILITY REQUIREMENTS
-----------------------

A telecommunications carrier is required to ensure that, within four years
from the date of enactment, it has the capability to:

1.      expeditiously isolate the content of a targeted communication
        within its service area;

2.      isolate call-identifying information about the origin and
        destination of a targeted communication;

3.      enable the government to access isolated communications at a point away
        from the carrier's premises and on facilities procured by the
        government, and;

4.      to do so unobtrusively and in such a way that protects the privacy and
        security of communications not authorized to be intercepted (Sec.
        2601).

However, the bill does not permit law enforcement agencies or officers to
require the specific design of features or services, nor does it prohibit a
carrier from deploying any feature or service which does not meet the
requirements outlined above.


CAPACITY REQUIREMENTS
---------------------

Within 1 year of enactment of the bill, the Attorney General must
determine the maximum number of intercepts, pen register, and trap and
trace devices that law enforcement will require four years from the date of
enactment.  Notices of capacity requirements must be published in the
Federal Register (Sec. 2603).   Carriers have 4 years to comply with
capacity requirements.


PROCESS FOR DETERMINING TECH. STANDARDS TO IMPLEMENT CAPABILITY REQUIREMENTS
----------------------------------------------------------------------------

Telecommunications carriers, through trade associations or standards
setting bodies and in consultation with the Attorney General, must
determine the technical specifications necessary to implement the
capability requirements (Sec. 2606).

The bill contains a 'safe harbor' provision, which allows a carrier to meet
its obligations under the legislation if it is in compliance with publicly
available standards set through this process.   A carrier may deploy a
feature or service in the absence of technical standards, although in such
a case the carrier would not be covered by the safe harbor provision and
may be found in violation.

Furthermore, the legislation allows any one to file a motion at the FCC in
the event that a standard violates the privacy and security of
telecommunications networks or does not meet the requirements of the bill
(Sec. 2606).  If petitioned under this section, the FCC may establish
technical requirements or standards that:

1)      meet the capability requirements (in Sec. 2602);

2)      protect the privacy and security of communications not authorized
        to be intercepted, and;

3)      encourage the provision of new technologies and services to the public.


ENFORCEMENT AND PENALTIES
-------------------------

In the event that a court or the FCC deems a technical standard to be
insufficient, or if law enforcement finds that it is unable to conduct
authorized surveillance because a carrier has not met the requirements of
this legislation, the Attorney General can request that a court issue an
enforcement order (an order directing a carrier to comply), and/or a fine
of up to $10,000 per day for each day in violation (Sec. 2607).  However, a
court can issue an enforcement order or fine a carrier only if it can be
determined that no other reasonable alternatives are available to law
enforcement.  This provision allows carriers to deploy features and
services which may not meet the requirements of the bill.  Furthermore,
this legislation does not permit the government to block the adoption or
use of any feature or service by a telecommunications carrier which does
not meet the requirements.

The bill requires the government to reimburse carriers for all reasonable
costs associated with complying with the capacity requirements. In other
words, the government will pay for upgrades of current features or
services, as well as any future upgrades which may be necessary, pursuant
to published notices of capacity requirements (Sec. 2608).

There is $500,000,000 authorized for appropriation to cover the costs of
government reimbursements to carriers.  In the event that a smaller sum is
actually appropriated, the bill allows a court to determine whether a
carrier must comply (Sec. 2608 (d)).  This section recognizes that
telecommunications carriers may not  be responsible for meeting the
requirements if the government does not cover reasonable costs.

The government is also required to submit a report to congress within four
years describing all costs paid to carriers for upgrades (Sec. 4).


ENHANCED PRIVACY PROTECTIONS
----------------------------

The legislation contains enhanced privacy protections for transactional
information (such as telephone toll records and electronic mail logs)
generated in the course of completing a communication.  Current law permits
law enforcement to gain access to transactional information through a
subpoena.   The bill establishes a higher standard for law enforcement
access to transactional data contained electronic mail logs and other
online records.  Telephone toll records would still be available through a
subpoena.   Under the new standard, law enforcement is required to obtain a
court order by demonstrating specific and articulable facts that electronic
mail logs and other online transactional records are relevant and material
to an ongoing criminal investigation (Sec. 10).

Law enforcement is also prohibited from remotely activating any
surveillance capability.  All intercepts must be conducted with the
affirmative consent of a telecommunications carrier and activated by a
designated employee of the carrier within the carrier's facilities (Sec.
2604).

The bill further requires that, when using pen registers and trap and trace
devices, law enforcement will use, when reasonably available, devices which
only provide call set up and dialed number information (Sec. 10).  This
provision will ensure that as law enforcement employs new technologies in
pen register and trap and trace devices, it will not gain access to
additional call setup information beyond its current authority.

Finally, the bill extends the Electronic Communications Privacy Act (ECPA)
protections against interception of wireless communications to cordless
telephones, making illegal the intentional interception of the radio
portion of a cordless telephone (the transmission between the handset
and the base unit).


CELLULAR SCANNERS
-----------------

The bill makes it a crime to possess or use an altered telecommunications
instrument (such as a cellular telephone or scanning receiver) to obtain
unauthorized access to telecommunications services (Sec. 9).  This
provision is intended to prevent the illegal use of cellular and other
wireless communications services.  Violations under this section face
imprisonment for up to 15 years and a fine of up to $50,000.


IMPROVEMENTS OF THE EDWARDS/LEAHY BILL OVER PREVIOUS FBI PROPOSALS
------------------------------------------------------------------

The Digital Telephony legislative proposal was first offered in 1992 by the
Bush Administration.  The 1992 version of the bill:

*       applied to all providers of wire or electronic communications
        services (no exemptions for information services, interexchange
        carriers or private networks);

*       gave the government the explicit authority to block or enjoin a
        feature or service that did not meet the requirements;

*       contained no privacy protections;

*       contained no public process for determining the capacity
        requirements;

*       contained no government reimbursement (carriers were responsible
        for meeting all costs);

*       would have allowed remote access to communications by law
        enforcement, and;

*       granted telecommunications carriers only 18 months to comply.

The Bush Administration proposal was offered on capitol hill for almost a
year, but did attract any congressional sponsors.

The proposal was again offered under the Clinton Administration's FBI in
March of 1993.  The Clinton Administration's bill was a moderated version
of the original 1992 proposal:

*       It required the government to pay all reasonable costs incurred by
        telecommunications carriers in retrofitting their facilities in
        order to correct existing problems;

*       It encouraged (but did not require), the Attorney General to consult
        with telecommunications industry representatives and standards
        bodies to facilitate compliance,

*       It narrowed the scope of the legislation to common carriers, rather
        than all providers of electronic communications services.

        Although the Clinton Administration version was an improvement
        over the Bush Administration proposal, it did not address the
        larger concerns of public interest organizations or the
        telecommunications industry.  The Clinton Administration version:

*       did not contain any protections for access to transactional
        information;

*       did not contain any public process for determining the capability
        requirements or public notice of law enforcement's capacity needs;

*       would have allowed law enforcement to dictate system design and
        bar the introduction of features and services which did not meet
        the requirements, and;

*       would have allowed law enforcement to use pen registers and trap and
        trace devices to obtain tracking or physical location information.


                                    * * *


Locating Relevant Documents
===========================

** Original 1992 Bush-era draft **

ftp.eff.org, /pub/EFF/Policy/FBI/Old/digtel92_old_bill.draft
gopher.eff.org, 1/EFF/Policy/FBI/Old, digtel92_old_bill.draft
http://www.eff.org/pub/EFF/Policy/FBI/Old/digtel92_old_bill.draft
bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital
     Telephony; file: digtel92.old


** 1993/1994 Clinton-era draft **

ftp.eff.org, /pub/EFF/Policy/FBI/digtel94_bill.draft
gopher.eff.org, 1/EFF/Policy/FBI, digtel94_bill.draft
http://www.eff.org/pub/EFF/Policy/FBI/digtel94_bill.draft
bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital
     Telephony; file: digtel94.dft


** 1994 final draft, as sponsored **

ftp.eff.org, /pub/EFF/Policy/FBI/digtel94.bill
gopher.eff.org, 1/EFF/Policy/FBI, digtel94.bill
http://www.eff.org/pub/EFF/Policy/FBI/digtel94.bill
bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital
     Telephony; file: digtel94.bil


** EFF Statement on sponsored version **

ftp.eff.org, /pub/EFF/Policy/FBI/digtel94_statement.eff
gopher.eff.org, 1/EFF/Policy/FBI, digtel94_statement.eff
http://www.eff.org/pub/EFF/Policy/FBI/digtel94_statement.eff
bbs: +1 202 638 6120 (8N1, 300-14400bps), file area: Privacy - Digital
     Telephony; file: digtel94.eff

--------------------------End of Message-----------------------------

 _/_/_/  _/_/_/   _/_/_/      _/      _/     The strongest reason for the
_/       _/  _/   _/         _/_/     _/     people to retain their right to
_/_/_/   _/  _/   _/_/_/    _/  _/    _/     keep and bear arms is, as a last
     _/  _/  _/   _/       _/_/_/_/   _/     resort, to protect themselves
_/_/_/   _/_/_/   _/_/_/  _/      _/  _/_/_/ against tyranny in government.
              _/                                           --Thomas
Jefferson







Thread