On Fri, 11 May 2007 10:52:21 -0400 William Allen Simpson <william.allen.simpson@gmail.com> wrote:
David Lesher wrote:
Speaking on Deep Background, the Press Secretary whispered: You work so hard to defend people that exploit children? Interesting. We are >> talking LEA here and not the latest in piracy law suits. The #1 request from a >> LEA in my experience concerns child exploitation. That's nonsense, or his (press secretary's) experience consists of watching /Law & Order/ and /Without a Trace/.
No official statistics backs that up. Where in the world does he operate?
I think you'll find most intercept orders are drug cases. > So I've heard, but my experience was the Ashcroft 'net p0rn crackdown. What a waste of time and resources for a perfectly legal activity!
Of course, CALEA (and PATRIOT) were supposed to be about tracking terrorists, not common criminals. That was never the real purpose; it was just a wish list.
Also, with so many college students, we *are* talking about piracy lawsuits. But that's civil law, not CALEA or PATRIOT. Hopefully, they haven't tried to expand into that, too?
The latest revisions to copyright law did provide for more criminal penalties... Let me toss in a few more factual URLs. First, on this topic: Federal wiretap warrants can only be issued for specific crimes. That list is in 18 USC 2516; see http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002516----000-... The list is long, but it doesn't seem to include the RIAA's least favorite activities -- at least, not yet... (The list has also been expanded significantly in recent years. I haven't bothered to check the details, but I think that most of the expansion was via the PATRIOT Act. Much of the PATRIOT Act, I might add, was a long set of DoJ/FBI wish list amendments, things they'd wanted for years but couldn't get through Congress until after 9/11. My source for that, btw, is conversations with people in DoJ.) For CALEA deployment status, see http://www.usdoj.gov/oig/reports/FBI/a0613/final.pdf Note in particular how much more expensive CALEA taps are... For the latest wiretap report, just out last week, see http://www.uscourts.gov/wiretap06/contents.html Pay particular attention to Table 3. The highlight: 80% of all wiretaps were for narcotics offenses. There is *no* separate category for pornography, child or otherwise, which caps the percentage at the 3.5% for "Other". To be sure, the report notes that sensitive ongoing cases are not counted; this may reflect ongoing sting operations or national security wiretaps, There are no national security or terrorism wiretaps listed, possibly because those fell under FISA (50 USC 1801 -- http://www4.law.cornell.edu/uscode/html/uscode50/usc_sec_50_00001801----000-... ). For those who remember the Crypto Wars of the 1990s, it's interesting to note this section of the wiretap report: Public Law 106-197 amended 18 U.S.C. 2519(2)(b) to require that reporting should reflect the number of wiretap applications granted for which encryption was encountered and whether such encryption prevented law enforcement officials from obtaining the plain text of communications intercepted pursuant to the court orders. In 2006, no instances were reported of encryption encountered during any federal or state wiretap. The situation may be different for national security wiretaps, but of course that's where compliance with any US anti-crypto laws are least likely. Folks, the factual and legal data is out there, and it's not that hard to find. Interpreting it is harder, and frequently does require a lawyer who really knows the field. (My favorite example there is 18 USC 2072(c)(6), which *permits* communications providers to disclose customer records (except for content) to "any person other than a governmental entity". I was surprised enough when I first read that that I went and looked up the legislative history, and it means exactly what it says. *But* -- such activity is no longer legal. Why? The Telecom Reform Act of 1996 bars telcos, at least, from certain forms of information sharing internally, to promote competition in the telephony market. They weren't trying to fix the privacy flaw in the older statute; fortunately, they did -- by accident...) As Bill Simpson has quite correctly pointed out, you're also not required to roll over and play dead when someone from the government asks you for some data. There are laws they're obligated to follow, too. Even if you want to look at it from a purely selfish position, you and/or your company may be liable if you co-operate with an improper or illegal request. Have a look at http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002520----000-... which provides for civil liability for illegal wiretaps. You're clear, under that statute, if you have good reason to believe the request is legal under certain very specific sections of the wiretap law, but not otherwise. --Steve Bellovin, http://www.cs.columbia.edu/~smb