25 October 1999
From: "Alexander, Brad" <Brad.Alexander@mail.house.gov>
To: "Alexander, Brad" <Brad.Alexander@mail.house.gov>
Subject: Barr Letter on Internet Wiretapping
Date: Mon, 25 Oct 1999 11:59:30 -0400
October 25, 1999
Mr. Fred Baker
IETF Secretariat
C/o Corporation for National Research Initiatives
1895 Preston White Drive
Suite 100
Reston, Virginia 20191-5434
IN RE: Wiretapping and Internet Telephony
Dear Mr. Baker:
In light of the fact that the Internet Engineering Task Force (IETF) has become involved in the Communications Assistance to Law Enforcement Act (CALEA) compliance debate, I write to urge your strong opposition to any effort to force a surveillance-friendly architecture on the Internet. There are several reasons why opposition to such efforts is critical.
When CALEA was enacted in 1994, law enforcement officials assured Congress its only effect would be to maintain the wiretapping status quo. Since then, the same officials have used every opportunity to pressure telecommunications companies to create unprecedented monitoring capabilities going far beyond the status quo, CALEA's mandates, the intent of Congress, and the Fourth Amendment. Even worse, the telecommunications companies have been forced to either pass these costs along to their customers or contest law enforcement's demands in court.
In my opinion, Internet telephony in its current form falls far short of the statutory definitions in CALEA. Furthermore, based on Congress's intent to do nothing more than maintain the status quo by enacting CALEA, it is questionable whether Internet telephony could ever be appropriately included under the Act's mandates. Of course, this fact will not put an end to demands by law enforcement and regulators that Internet service providers and telecommunications companies make their jobs easier by wiretapping the Internet for them.
If you encourage such steps, several things will happen. First, network and software creators will begin building flaws into products in order to create back doors for law enforcement. In the process, the security that serves as a prerequisite and incentive for electronic commerce and communication will be threatened. As hackers demonstrate with frightening regularity, practically no system is fully secure. Building intentional flaws into systems will expose them to criminal abuse and unconstitutional monitoring.
Secondly, an initial demand for limited access to Internet telephone calls will soon expand into an ever-increasing demand for access to all voice communications, followed by a demand for access to e-mail and data traffic.
If the IETF gets in the business of trying to anticipate what the government might demand, government agencies will thank you for your efforts, and promptly issue more demands. It is a virtual certainty the government's demands will exceed the private sector's willingness and ability to comply with them. The only real question is precisely when that point will be reached.
Finally, Internet-based companies will be forced to pass compliance and legal costs along to their customers. In a sector where cost-competitiveness is critical, compliance costs could bring the development of exciting new Internet telephony products and services to a virtual standstill. Similar effects could also be felt on practically every Internet company, if surveillance mandates are expanded beyond telephony.
For the sake of protecting freedom, commerce, and privacy on the Internet, I urge you to draw the line firmly and early, by immediately rejecting any attempts to force a cumbersome, expensive, and dangerous surveillance architecture on the Internet. If you arrive at the conclusion further legal protections are needed to ensure a massive wiretapping structure is not imposed on the Internet, I would welcome the opportunity to discuss how best to enact them.
With kind regards, I am,
very truly yours,
BOB BARR
Member of Congress