The FBI director and a Republican congressman sketched out a far-reaching plan this week for warrantless surveillance of the Internet.
During a House of Representatives Judiciary Committee hearing, the FBI’s Robert Mueller and Rep. Darrell Issa of California talked about what amounts to a two-step approach. Step 1 involves asking Internet service providers to open their networks to the FBI voluntarily; step 2 would be a federal law forcing companies to do just that.
Both have their problems, legal and practical, but let’s look at step 1 first. Issa suggested that Internet providers could get “consent from every single person who signed up to operate under their auspices” for federal police to monitor network traffic for attempts to steal personal information and national secrets. Mueller said “legislation has to be developed” for “some omnibus search capability, utilizing filters that would identify the illegal activity as it comes through and give us the ability to pre-empt” it.
These are remarkable statements. The clearest reading of them points to deep packet inspection of network traffic–akin to the measures Comcast took against BitTorrent and to what Phorm in the United Kingdom has done, in terms of advertising–plus additional processing to detect and thwart any “illegal activity.” (See the complete transcript here.)
“That’s very troubling,” said Greg Nojeim, director of the project on freedom, security, and technology at the Center for Democracy and Technology. “It could be an effort to achieve, through unknowing consent, permission to monitor communications in a way that would otherwise be prohibited by law.”
Unfortunately, neither Issa nor Mueller recognized that such a plan is probably illegal. California law, for instance, says anyone who “intentionally and without the consent of all parties to a confidential communication” conducts electronic surveillance shall be imprisoned for one year. (I say “probably illegal” because their exchange didn’t offer much in the way of details.)
“I think there’s a substantial problem with what Mueller’s proposing,” said Al Gidari, a partner at the Perkins Coie law firm who represents telecommunications providers. “He forgets the states have the power to pass more restrictive rules, and 12 of them have. He also forgets that we live in a global world, and the rest of the world doesn’t quite see eye to eye on this issue. That consent would be of dubious validity in Europe, for instance, where many of our customers reside.”
For its part, the FBI isn’t talking. After we made repeated attempts to get the bureau to explain what Mueller was talking about, FBI spokesman Paul Bresson responded by saying, “At this point, I’m going to let the director’s comments, in the context of the exchange with Rep. Issa, speak for themselves.”
What step 1 appears to involve is persuading Internet providers to amend their terms of service and insert an FBI-can-monitor-everything clause. Informed consent is one thing. But does anyone actually read the fine print on their contracts with their broadband or wireless provider? If not, is that fine print good enough?