Concern Over Proposed Changes in Internet Surveillance September 21, 2001 By CARL S. KAPLAN Significant and perhaps worrisome changes in the government's Internet surveillance authority have been proposed by legislators in the wake of the attacks on the World Trade Center and the Pentagon. Indeed, so much is happening so quickly it's hard to keep track of the legislative process, let alone follow the ongoing debate between fast-moving law enforcement experts and more cautious civil libertarians. To illuminate the huge changes afoot, it might be useful to spotlight one little corner of some proposed legislation. After all, as lawyers love to say, the devil is in the details. The proposed law that is furthest along in the pipeline is the Combating Terrorism Act of 2001, an amendment to an appropriations bill that was passed by the Senate on September 13th without hearings and with little floor debate. That legislation, which may ultimately become part of an integrated package of laws put forward this week by the Attorney General, has several provisions. Perhaps the most controversial is section 832, which seeks to enhance the government's ability to capture information related to a suspect's activities in cyberspace. Some background information is in order. With telephone conversations, a law enforcement official can tap a suspect's conversations only if there is probable cause to believe the suspect is doing something illegal and if a magistrate agrees to issue an order. The Fourth Amendment's ban on unreasonable searches have heightened the legal requirements needed for a government wiretap. But suppose an F.B.I. agent doesn't want to listen to the content of a telephone conversation. Suppose she just wants to get a list of the telephone numbers that a suspect dials, and the telephone numbers of people that call the suspect? This information, the Supreme Court has held, is not that private. Under federal law, all the government has to do in order to plant gizmos that record a suspect's outgoing and incoming telephone numbers -- so called pen registers and trap and trace devices -- is to tell a magistrate that the information is relevant to an ongoing criminal investigation. There is no probable cause requirement and no hearing. The pen/trap and trace information is extremely easy to get. For the past few years, the government has interpreted the existing pen register and trap and trace laws, which were designed with telephones in mind, to allow them to swiftly garner certain information from ISP's about a suspect's e-mails -- for example, the to/from header information. In one sense, section 832 of the Senate amendment codifies the government's pro-law enforcement interpretation. Among other things, the amendment explicitly expands the pen/trap and trace law to include Internet communications. Specifically, the proposed law allows the government, under the low-standard pen/trap and trace authority, to record not just telephone numbers dialed but "routing, addressing, or signalling information" . According to experts on both sides of the legislative debate, the exact meaning of routing, addressing and signalling data is ambiguous. But chances are it includes not just to/from e-mail header information but a record of the URLs -- Web site addresses -- that a person visits. The legislation's language is "not very narrow," said Stewart Baker, head of the technology practice at Steptoe & Johnson, a Washington, D.C. law firm, and former general counsel of the National Security Agency. Conceivably, he said, federal agents under the proposed law could very easily -- and without making a showing of probable cause -- get a list of "everyone you send e-mail to, when you sent it, who replied to you, how long the messages were, whether they had attachments, as well as where you went online." "That's quite a bit of information," added Baker, who this week participated in a written dialog on national security in wartime on the online magazine Slate. Moreover, it's more information-rich material than a log of telephone numbers. "I think if you asked anyone on the street: 'Which would you rather reveal, the telephone numbers you dialed or a list of all the people you sent e-mail to and the Web sites you visited?' I think they'd say, "Go with the phone numbers,'" he said. </etc. . . . . > http://www.nytimes.com/2001/09/21/technology/21CYBERLAW.html?ex=1002099442&ei=1&en=87cfb55af752ecc4 HOW TO ADVERTISE --------------------------------- For information on advertising in e-mail newsletters or other creative advertising opportunities with The New York Times on the Web, please contact Alyson Racer at [EMAIL PROTECTED] or visit our online media kit at http://www.nytimes.com/adinfo For general information about NYTimes.com, write to [EMAIL PROTECTED] Copyright 2001 The New York Times Company --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
