Communications Assistance For Law Enforcement Research Articles

Game of Phones, Data Isn't Coming: Modern Mobile Operating System Technology and Its Chilling Effect on Law Enforcement

The encrypted smartphone presents a novel legal issue that is hard to crack. Smartphone data is essential to investigating and prosecuting a range of crimes, such as murder, human trafficking, child pornography, and terrorism. However, Apple and Google’s recently reengineered mobile operating systems threaten to lock out law enforcement completely. These operating systems use full-disk encryption technology, which converts everything on a hard drive into an unreadable format until the passcode is entered. Additionally, other security features on the smartphone could result in the data being completely destroyed if the passcode is incorrectly entered a certain number of times. Locked smartphones are thus quickly becoming expensive paperweights filing the evidence rooms of state and federal law enforcement. This Note provides relevant background information on Apple and Google’s use of full-disk encryption technology on their respective mobile operating systems. Based on the necessity of smartphone data in the twenty-first century, the Note explains that inaccessibility of such crucial data will likely frustrate investigations and prosecutions because law enforcement cannot access it elsewhere. The Note concludes that to prevent ‘Going Dark,’ Congress must immediately enact an amendment to the Communications Assistance for Law Enforcement Act that subjects the manufacturer and mobile operating system provider to a civil penalty for each instance that law enforcement cannot decrypt a smartphone it has the legal authority to search.

Breaking iPhones Under CALEA and the All Writs Act: Why the Government Was (Mostly) Right

During the investigation of the 2015 San Bernardino shooting, the government asked a district court to order Apple to draft code that would bypass the password protection system of one of the shooters’ iPhones. A number of experts opined that the All Writs Act (AWA) and the Communications Assistance for Law Enforcement Act (CALEA) prohibited the court from issuing the order. This request was preceded by the holding of a New York District Court, which found that those statutes indeed did protect Apple from such compulsion. Although sympathetic to Apple, I argue that those experts and the New York court misinterpreted CALEA, and that the government’s interpretation of that statute was correct. The court’s ultimate ruling in favor of Apple, however, was the right one based on the discretionary factors governing the AWA’s applicability, set forth by the United States Supreme Court in United States v. New York Telephone Co.

IPhones, Crime, and the Tension Between Privacy and Security: Should the Communications Assistance for Law Enforcement Act Be Amended?

When the United States sought an order forcing Apple to write code that would break the iPhone password protection of one of the San Bernardino shooters, long-simmering questions of statutory interpretation, constitutional limitations, the privacy-security debate, and the architecture of the Internet were brought into relief. The government has found a way to break the phone without Apple’s help, but this has only delayed answers to these persistent, wide-ranging questions.The short-term resolution of cases such as Apple’s will likely depend upon courts’ interpretation of the scope of the All Writs Act (AWA) in light of the Communications Assistance for Law Enforcement Act (CALEA). We believe that CALEA does not permit a court to issue the government’s requested order against Apple.But law enforcement has legitimate investigatory needs that the AWA and CALEA hinder. Should, therefore, CALEA be amended? This is an important question because it goes to the very structure of both the Internet and the Internet of Things. For decades, society and the government have been debating the extent to which the government ought to shape and control digital activity. From the Clipper Chip in the 1990s and CARNIVORE in the early 2000s, to the questions of online surveillance and net neutrality today, the structure of the Internet and the Internet of Things has democratic, constitutional, public safety, public security, and business contours. On one level, the Apple case was about a few digits entered into one iPhone. But it also implicates multifaceted, large-scale structural questions.Our paper takes the following route. In Part One, we brief the Apple case, including amici’s arguments, and place the case in the relevant context. In Part Two, we review the current reach and limitations of CALEA and consider how CALEA could be amended in light of law enforcement needs in the Apple case. In Part Three, we weigh the protection of personal privacy against the needs of law enforcement, as well as the diverging national security goals of fighting terrorism and protecting our digital infrastructure. We will also address the question whether it is too late anyway, as terrorists and other malfeasants increasingly use apps that leave no trace of earlier communications. Although a great deal of information is evanescent, the issue remains important for two reasons: people will still store valuable data on their smartphones, and they will use their phones as access points to cloud-stored data and Internet-equipped physical objects, such as home locks.Finally, in Part Four, we consider the impact of any CALEA amendment upon the structure of the Internet. If the government can compel Apple to build code to access an iPhone, then it is only a small step to requiring that Internet backbone providers build code to defeat encryption on a wide variety of communicative platforms. This would gradually bring about a restructuring of the Internet as we know it, and compromise the business plans of many companies. Whether this is a price worth paying is hard to say.

Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet

For years, legal wiretapping was straightforward: the officer doing the intercept connected a tape recorder or the like to a single pair of wires. By the 1990s, though, the changing structure of telecommunications — there was no longer just “Ma Bell” to talk to — and new technologies such as ISDN and cellular telephony made executing a wiretap more complicated for law enforcement. Simple technologies would no longer suffice. In response, Congress passed the Communications Assistance for Law Enforcement Act (CALEA), which mandated a standardized lawful intercept interface on all local phone switches. Technology has continued to progress, and in the face of new forms of communication — Skype, voice chat during multi-player online games, many forms of instant messaging, etc.— law enforcement is again experiencing problems. The FBI has called this “Going Dark”: their loss of access to suspects’ communication. According to news reports, they want changes to the wiretap laws to require a CALEA-­like interface in Internet software. CALEA, though, has its own issues: it is complex software specifically intended to create a security hole — eavesdropping capability — in the already-­complex environment of a phone switch. It has unfortunately made wiretapping easier for everyone, not just law enforcement. Congress failed to heed experts’ warnings of the danger posed by this mandated vulnerability, but time has proven the experts right. The so-­called “Athens Affair”, where someone used the built-­in lawful intercept mechanism to listen to the cell phone calls of high Greek officials, including the Prime Minister, is but one example. In an earlier work, we showed why extending CALEA to the Internet would create very serious problems, including the security problems it has visited on the phone system.In this paper, we explore the viability and implications of an alternative method for addressing law enforcement's need to access communications: legalized hacking of target devices through existing vulnerabilities in end-­user software and platforms. The FBI already uses this approach on a small scale; we expect that its use will increase, especially as centralized wiretapping capabilities become less viable.Relying on vulnerabilities and hacking poses a large set of legal and policy questions, some practical and some normative. Among these are:• Will it create disincentives to patching?• Will there be a negative effect on innovation? (Lessons from the so-­called “Crypto Wars” of the 1990s, and, in particular, the debate over export controls on cryptography, are instructive here.)• Will law enforcement’s participation in vulnerabilities purchasing skew the market?• Do local and even state law enforcement agencies have the technical sophistication to develop and use exploits? If not, how should this be handled? A larger FBI role?• Should law enforcement even be participating in a market where many of the sellers and other buyers are themselves criminals?• What happens if these tools are captured and re-purposed by miscreants?• Should we sanction otherwise-­illegal network activity to aid law enforcement?• Is the probability of success from such an approach too low for it to be useful?As we will show, though, these issues are indeed challenging. We regard them, on balance, as preferable to adding more complexity and insecurity to online systems.

The Large Immortal Machine and the Ticking Time Bomb

Designers of the first electronic telephone switches nicknamed them the large immortal machines because switches last decades. The 1994 Communications Assistance for Law Enforcement Act (CALEA) requires that all digital-switched telephone networks be built wiretap enabled; the law took longevity of switches into account by authorizing funding to update switches in place. But by failing to analyze how threat models would change in a highly connected IP-based world, CALEA did not consider the longevity of switches prospectively. As an architected security breach, CALEA compliance is a ticking time bomb. This paper discusses how this situation arose, and what policy the Federal Communications Commission should be following the alleviate the problem.

The Communications Assistance for Law Enforcement Act (CALEA)

ABSTRACT A number of laws have been passed in recent decades governing the wiretapping and interception of conversations on the Public Switching and Telecommunications Network and the Internet. The Communications Assistance for Law Enforcement Act (CALEA) passed in 1994 requires that digitally switched telephone networks be designed and built with wiretap capabilities and that service providers assist law enforcement agencies (LEA) in obtaining the desired surveillance. The Federal Communications Commission (FCC) in 2005 ruled that the CALEA also applies to Voice over IP (VoIP) conversations. This initially generated considerable contention among the Internet community regarding the extent to which wiretapping should be embedded into the applicable Internet protocols. The International Engineering Task Force (IETF) has provided general guidelines in RFC 3924 regarding architecture for the interception and availability of the information to the LEAs but has declined to produce a full-fledged standard. The guidelines proposed by the IETF were heavily influenced by Internet Service Provider (ISP) component manufactures and define a generic architecture based on the functionality of major components. These components are defined in such a manner as to properly configure network devices for the required intercept, limiting access to the information, and passing the intercepted information to the designated LEA. The IETF guidelines define the functional boundaries and communication between the ISP components and the LEA.

Wiretapping Woes

After the U.S. Congress passed the landmark wiretapping law, law enforcement officers now could conduct a wiretap centrally on a carrier's network by duplicating a phone call digitally and directing the copy to police headquarters. Starting on 14 May, the 1994 law, the Communications Assistance for Law Enforcement Act (CALEA), will also apply to some voice over Internet Protocol providers (VoIP), and the U.S. Federal Bureau of Investigation has asked that it eventually be extended to all Internet-based communications. With this law, the VoIP providers have the ability to route calls over the traditional telephone network, even if only some calls end up traveling that way.

Interceptability of telecommunications: Is US and Dutch law prepared for the future?

For many decades, governments have successfully intercepted telecommunications to collect information about—potential—criminals and terrorists. A crucial part of contemporary policy is legislation that requires telecommunications providers to make their networks and services interceptable. This paper discusses two examples of interceptability legislation: the Communications Assistance for Law Enforcement Act (CALEA) in the US and the Telecommunications Act in the Netherlands, in order to focus on basic questions, considerations, and trade-offs relevant to designing legal interceptability laws. In particular, the sustainability of interceptability policies as laid down in these laws is questioned, since they are under significant pressure. Technical and market developments challenge their effectiveness and costs. These developments include IP-based services, seamless roaming, default encryption at various telecommunications layers, and the ‘identity boom’. Market challenges include substantial shifts in the value chain and the explosion of traffic volumes. This paper aims to determine which interceptability policy is best suited for coping with the challenges that lie ahead.

Designing the right wiretap solution: setting standards under CALEA

The Communications Assistance for Law Enforcement Act (CALEA) requires telecommunications providers, including VoIP and broadband ISPs, to provide wiretapping capabilities with their services. Law enforcement and the telecommunications industry must work together to set CALEA-compliant standards.

Internet wiretapping decision headed for the courts

The US Federal Communications Commission (FCC) faces a legal challenge over its decision to compel broadband and voice-over-IP service providers to comply with wiretapping requests under the Communications Assistance for Law Enforcement Act. Law enforcement is not internally developing the capability to understand IP communications and that means law enforcement is completely unable to intercept the communications of any sophisticated terrorist organization or criminal organization, because it is a trivial matter for a moderately knowledgeable engineer to sit down and create a voice communication system just to be used by the internal criminal network.

Services to support regulatory action and requirements

Regulatory action is a key stimulus to telecommunication software services. At Lucent Worldwide Services (LWS), we have a long history of developing and delivering services that help providers implement new features or meet new regulatory requirements. We have built services to support and implement changes to local number portability (LNP), the Communications Assistance for Law Enforcement Act (CALEA), the North American Numbering Plan Administration (NANPA), and more. We continue to develop a suite of services that swiftly and safely migrate service between switching peripherals or switching entities, minimizing end-user impact, keeping downtime at acceptable levels, and allowing complex network realignment. These services will remain valuable as the Federal Communications Commission (FCC)-regulated competitive landscape changes. There has been FCC activity regarding unbundled network elements (UNEs) (created under the Telecommunications Act of 1996). Changes regarding UNEs and Voice over Internet Protocol (VoIP) might be coming. If they do, the changes could present tremendous challenges for our customers.

The Communications Assistance for Law Enforcement Act of 1994: A Surprising Sequel to the Break up of AT&T

The Communications Assistance for Law Enforcement Act of 1994: A Surprising Sequel to the Break up of AT&T

Privacy on the line: the politics of wiretapping and encryption

Telecommunication has never been perfectly secure. The Cold War culture of recording devices in telephone receivers and bugged embassy offices has been succeeded by a post-9/11 world of NSA wiretaps and demands for data retention. Although the 1990s battle for individual and commercial freedom to use cryptography was won, growth in the use of cryptography has been slow. Meanwhile, regulations requiring that the computer and communication industries build spying into their systems for government convenience have increased rapidly. The application of the 1994 Communications Assistance for Law Enforcement Act has expanded beyond the intent of Congress to apply to voice over Internet Protocol (VoIP) and other modern data services; attempts are being made to require ISPs to retain their data for years in case the government wants it; and data mining techniques developed for commercial marketing applications are being applied to widespread surveillance of the population. In Privacy on the Line, Whitfield Diffie and Susan Landau strip away the hype surrounding the policy debate over privacy to examine the national security, law enforcement, commercial, and civil liberties issues. They discuss the social function of privacy, how it underlies a democratic society, and what happens when it is lost. This updated and expanded edition revises their original -- and prescient -- discussions of both policy and technology in light of recent controversies over NSA spying and other government threats to communications privacy.