From: Ernest Hua <hua@chromatic.com>
Date: Wed, 30 Oct 1996 00:06:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: News: TIA to
Message-ID: <199610300805.AAA00355@krypton.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain


    From Communications Week

    October 28, 1996
    Issue: 635
    Section: Telepath -- Top Sories


    TIA TO ISSUE DRAFT WIRETAP SPECS

    By Peter Cassidy

    The Telecommunications Industries Association next month will issue
    draft standards allowing manufacturers to make equipment that complies
    with the most recent federal wiretapping law.

    If and when those draft standards are ultimately approved, however,
    equipment makers will still face a troubling dilemma: The U.S. Justice
    Department, which in large part wrote the new law, is also the agency
    that will enforce it.

    President Clinton signed the Communications Assistance for Law
    Enforcement Act in October 1994 after a last-ditch, sub-rosa lobbying
    effort by the National Security Agency and the Federal Bureau of
    Investigation pushed the bill through a Senate committee.

    In essence, the law says that the U.S. Attorney General will dictate
    how the law will carry out its job of tapping into switches.

    As of October 1998, manufacturers will have to build their switches to
    meet the industry specs, and carriers will have to maintain the
    switches accordingly.

    Switches in place before Jan. 1, 1995, are nominally exempted from
    compliance. Modifications intended to fulfill the capabilities the
    Justice Department mandates will be required only if companies are
    reimbursed for the changes-the exception being equipment that has been
    "substantially" modified.

    Despite these protections, concern persists: Because many of the
    technical features in place before the January 1995 cutoff will have
    been updated in some way, conflicts with the Justice Department may
    ensue over whether to consider them "pre-existing" technologies under
    the law.

    And companies on the losing end will suffer major penalties: The law
    specifies that the FBI can define which companies are not in
    compliance and bring civil actions against them, with fines of up to
    $10,000 per violation.

    Accordingly, the ambiguity in the legislative language could end up as
    costly both for modifications that are not reimbursed and for court
    challenges.

    "What is not really addressed is what 'a significant upgrade' really
    means," said Dan Bart, standards and technology vice president at the
    TIA. "Ultimately, some test case will come and some judge will make
    the final decision."

    Given the relationship between the industry and Justice over
    wiretapping capability thus far, a court challenge hardly seems
    far-fetched. In fact the act was proposed only after the FBI and
    telecom industry groups wrangled for years in consultative
    committees. The FBI had argued that advanced telephony technologies
    were making it difficult to wiretap and capture call data. Finally,
    the agency turned to a legislative solution.

    The TIA's draft standards, due to be issued next month by the group's
    TR 45.2 committee, will contain the technical specifications required
    to build-in the features for the Electronic Surveillance Interface
    that the act defines.

    Following a comment period of up to 90 days, the standards will be
    placed on a ballot for a vote by committee members, said committee
    chairwoman Cheryl Blum. If substantial changes are made to the draft
    during the comment period, the standards may have to go back to the
    committee, she noted.

    Cellular data removed

    At a standards meeting last month, the committee removed language that
    would have defined a standard for forwarding the location data of
    cellular phones when the instrument is powered up-but not actively
    transmitting and receiving-information the FBI indicated it should
    have if available.

    Ms. Blum said the committee decided such a capability exceeds the
    requirements of the the act. This point is important because, under
    the law, companies are reimbursed only for those modifications of
    existing technologies expressly spelled out in the act.

    Clearly, the FBI holds the whip, even in this standards-making
    process. Should the standards be found deficient under the law, the
    FCC can step in and replace those standards with its own.

    Justice is the most visible proponent, but the act is also of great
    interest to the NSA, which introduces a potentially troubling level of
    complexity as the industry attempts to comply with the law.

    Commerce Department memos obtained by Telepath show that the NSA was
    involved in sculpting the language of the act as far back as 1992.

    A Senate committee staff attorney, now in private industry, told
    Telepath that the NSA's interest was that the act introduce the
    opportunity to build wiretap access points into switches outside the
    United States.

    Equipment built to specifications in this country-and by offshore
    manufacturers for the U.S.  market-would thus find its way into
    foreign telephone networks, allowing the NSA a simpler means to tap
    into targeted subjects.

    What liabilities this introduces to equipment makers remains unclear,
    as these are the early days of the act-the first law to give the
    government the power to demand design changes in telephony
    technologies.

    Peter Cassidy is a freelance writer. Send your reactions to this
    article to telepath@cmp.com.