CALEA – Now, Even Starbucks is Required to Spy on You
While the wiretap law that’s supposed to protect Americans from warrantless government wiretaps, FISA, is now widely known, few have heard of the other major domestic surveillance law, the 1994 Communications Assistance for Law Enforcement Act (CALEA).
CALEA makes it mandatory that all telephone companies, Internet Service Providers (ISPs), and even universities and coffee shop chains that offer public internet access install equipment that makes it possible for the government to track and record your calls and surfing habits, or pay an outside firm to do the same thing. That law initially came with a half billion dollar incentive to cooperate for the telephone companies which had, in the early 1990s, resisted a law that required they install bugging equipment at all their switching centers as an unfunded mandate and very much unwanted business expense.
But, that was so pre-911. As of May 14 this year, once you log on to your Internet provider or use your laptop at a university or other institution that offers a broadcast wireless network, federal law now requires that the network carrier record your terminal's unique IP address, you know, the one assigned to each and every computer that accesses the Worldwide Web.
The FCC even maintains a handy website where you or your company can check on the latest pronouncements on CALEA compliance requirements. Check it out -- http://www.fcc.gov/... -- there you’ll find a nice, handy introduction to what you, your government, and the company that brews your favorite cup of coffee needs to know to stay out of jail if you want to operate in the Digital Age:
In response to concerns that emerging technologies such as digital and wireless communications were making it increasingly difficult for law enforcement agencies to execute authorized surveillance, Congress enacted CALEA on October 25, 1994. CALEA was intended to preserve the ability of law enforcement agencies to conduct electronic surveillance by requiring that telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities. Common carriers, facilities-based broadband Internet access providers, and providers of interconnected Voice over Internet Protocol (VoIP) service – all three types of entities are defined to be "telecommunications carriers" for purposes of CALEA section 102, 47 U.S.C. § 1001 – must comply with the CALEA obligations set forth in CALEA section 103, 47 U.S.C. § 1002. See CALEA First Report and Order (rel. Sept. 23, 2005).
We find a bit further into that page that there are two ways for "telecommunications carriers" – which, apparently, now includes the nearest Starbucks store – to conduct electronic surveillance over you. They may purchase or develop their own Legal Intercept (LI) equipment or contract that out to Trusted Third Parties (TPP), companies that act as middlemen between the Barista and the Spooks:
A telecommunications carrier may comply with CALEA in different ways. First, the carrier may develop its own compliance solution for its unique network. Second, the carrier may purchase a compliance solution from vendors, including the manufacturers of the equipment it is using to provide service. Third, the carrier may purchase a compliance solution from a trusted third party (TPP).
Regarding the use of trusted third parties, the Commission provided the following guidance on the use of TTPs in the CALEA Second Report and Order, at paragraph 26:
"The record indicates that TTPs are available to provide a variety of services for CALEA compliance to carriers, including processing requests for intercepts, conducting electronic surveillance, and delivering relevant information to LEAs. Given the effectively unanimous view of commenters that the use of TTPs should be permitted but not required, we conclude that TTPs may provide a reasonable means for carriers to comply with CALEA, especially broadband access and VoIP providers and smaller carriers. We emphasize, however, that if a carrier chooses to use a TTP, that carrier remains responsible for ensuring the timely delivery of CII and call content information to a LEA and for protecting subscriber privacy, as required by CALEA. Thus, a carrier must be satisfied that the TTP's processes allow the carrier to meet its obligations without compromising the integrity of the intercept
.
The world is indeed wired, and the NSA, in fact, has access to virtually all of it. Make a phone call, and your phone company records who owns the phone, who and where you called, for how long you talked, and then bills you accordingly. Similarly, as you surf, Starbucks (or its TPP) now keeps a running tab of the sites you visit, how long you stay there, and whether you exchanged data with other visitors.
Thanks to CALEA, the companies that provide communications networks are required to have devices in place to either divert identifying data about users or else to simply record it, should the government demand a copy of it. Under the Bush Administration’s interpretation of the law, the government is entitled to call records and Internet activity logs because such data are "business records" that it says are in the public domain, and further, the government says that you have no reasonable expectation of privacy about anything you post on-line, including chat-rooms. If you believe that any Internet message is truly anonymous, you are wrong. If you speak or write in Arabic or exchange recipes at sites where someone has posted a picture that turns out to have imbedded diagrams for military bases, or just simply like to talk about Government agencies and programs that touch on national security, your URL history and everything in the public domain about you is safely snuggled away in a data base. The only question is, under "The Program", has a copy of every file in your computer and every phone conversation since late 2001 also been clandestinely copied and uploaded? What’s the line, if indeed there is still a line, and how much of this warrantless surveillance actually started before 9/11?
Apparently, quite a lot, according to court papers filed in the federal prosecution of Richard Nacchio, former President of Qwest Wireless. As early as February 27, 2001, months before the 9/11, Qwest’s lawyers had already raised questions about the "ethics" and legality" of a plan for domestic surveillance program being implemented by NSA in conjunction with Project Groundbreaker, a $10 billion technology transformation program that has essentially turned over the Agency’s domestic surveillance programs and processes to a consortium of defense contractors and telcos.
Between September 2000 and February 2001, something changed in the plans being discussed by NSA leadership and Qwest executives, something which so disturbed the company’s lawyers and management that they were willing to jeopardize $500 million in federal contracts. At the end of July, the Groundbreaker contract was awarded to a consortium of other companies, including Verizon, which was competing for a buyout bid for Global Crossing, a troubled international fiber optic company linking Asia and the United States. Out of grace with the Bush Administration, the SEC blocked Qwest’s takeover offer for Global Crossing. In the end Verizon didn’t buy GC, which filed for bankruptcy. Qwest’s stock plummeted, and Mr. Nacchio was facing stock manipulation charges. When Nacchio tried to raise at trial the issues he raised with Gen. Hayden on February 27, 2001, the presiding judge invoked national security grounds, squelching Nacchio’s defense.
The Groundbreaker Project is now in its fifth year, and Verizon, CSC, Grumman, et al, essentially run the NSA’s domestic surveillance and analysis functions. These same companies that accepted the program that Qwest questioned, now want a full grant of immunity for the mass warrantless wiretapping that they implemented.
______________________
It’s bad enough that Starbucks watches where you surf. Further eroding privacy, e-mail and the widespread adoption of Voice Over Internet Protocol (VOIP) phone messages, obscures the legal and technological lines between Internet traffic (which the NSA simply scoops up at the main switching stations, called node points) and the content of phone messages that go out over wires, the privacy of which are supposed to be protected by the 4th Amendment (and, thus, legally require warrants before the government can intercept them and use them to develop evidence of a crime, terrorism, or foreign intelligence activity).
The NSA is generally not supposed to target and monitor phone calls and other electronic communications inside the U.S. without either a criminal (Title III) warrant or a FISA warrant specifying reasonable cause to conclude that one or both parties are involved in espionage, terrorism or some other serious crime. The legal requirements for obtaining FISA warrants have been smoothed down in recent years, but the basic warrant requirement remains a part of U.S. law, as do the criminal and civil sanctions attached to it.
Nonetheless, like a whale swimming through krill, the NSA today scoops up huge amounts of data from sources within the U.S., 99.999% of it purely domestic messages between U.S. persons who have nothing to do with spying or assisting a foreign power, terrorist organizations, or planning attacks on U.S. military forces and facilities. Under long-standing Presidential Orders, all this mountain of "U.S. person" data is supposed to be minimized, which is NSA speak for erased. Until the Bush Administration, minimization routinely took place after several months. Now, well, nobody knows how long U.S. person data is kept in the closet and what NSA does with it, it’s been said that NSA has sufficient capacity for 13 years data storage and that it’s made available to private contractor to test run new Terrorist Profiling algorithms, it’s been said. Yes, you too can be labeled a terrorist suspect, because you like falafel and read on-line publications to the left of The National Review. Nothing should shock you.
What about your e-mails? E-mail and other electronic messages are a mule of the law and technology – it’s claimed that e-mail, like telephone calls and U.S. postal service mail, is covered by 4th Amendment warrant requirements. All that this means, of course, is that it can’t be used as direct evidence against you in a court of law. But, who gets tried for suspected terrorism anymore?
Six years after 9/11, Americans are just beginning to wake up to the fact that all of our communications are fair game for snooping devices and recorders linked to government computer banks.
_________
Call it schizophrenic or pragmatic, this is the regulatory framework that has led us to a looming Congressional decision that will decide whether we effectively scrap the constitutional and legal requirement that require warrants to intercept voice communications and electronic messages.
Bush wants to grant the telcos retroactive immunity for violations of federal wiretap statutes and FISA – laws that impose requirements that the telcos and ISPs demand warrants before they allow the Gov’t to tap the specific content of messages between U.S. persons. What would happen if immunity were granted toVerizon, AT&T, and other companies that have reportedly allowed the NSA to intercept millions of voice messages. What incentive would any company ever have to demand a lawful warrant or a letter from the Attorney General explaining in reasonable terms why such warrantless wiretapping is legal – a direct violation of FISA criminal and civil penalties? In a system in which the telcos are supposed to have a stake in lawful procedures, what do you think is going to happen? Carte blanche and free lunch. The Sheriff’s opening the jail doors and buying everyone drinks.
First we pay these private contractors billionsof dollars to break the law, and then we give them all Get Out of Jail Free cards. Isn’t America a great place to do business?