The Electronic Frontier Foundation issued an emergency alert Monday (Sept. 17) that warned about the implications of Senate amendments passed Sept. 13 to a House of Representatives appropriations bill (H.R. 2500). EFF officials warn that the amended bill could ease the use of header-analyzer equipment at Internet service providers, such as the DCS 1000, the so-called Carnivore which raised many civil liberty concerns last year. The amendments also aim to make it easier for intelligence agencies to share surveillance information, which could have the effect of removing the barriers to FBI use of communications intelligence collected by the National Security Agency.

Amendments to H.R. 2500 will allow expanded use of packet sniffers, which organizations like the Privacy Foundation (Denver) warn could be indiscriminate in targeting potential terrorists on the basis of misinterpreted information. Like the keyword search software used by the National Security Agency and other agencies, packet analysis systems can misinterpret the meaning of words and phrases in intercepted communications.

A conference committee of Senate and House members could meet as early as Thursday (Sept. 20) to begin deciding on the amendments to H.R. 2500. The EFF is concerned that in those debates, additional amendments could be added to restrict private citizens' use of public-key encryption, to increase online monitoring, and to allow warrantless use of pen registers and packet trap-and-trace equipment.

The bill is likely to pass regardless of what amendments are attached to it, EFF officials said. As a result, they are asking constituents to voice concerns with Congress and have listed members of the conference committee on the EFF Web site.

Vast expansion

Opposition to these expanded intelligence capabilities does not come solely from liberals. Rep. Bob Barr, R-Ga., a conservative who has been a consistent critic of the NSA, sent letters on Monday to U.S. Attorney General John Ashcroft and House Judiciary Chairman F. James Sensenbrenner, warning that Congress should not "rush into a vast expansion of government power in a misguided attempt to protect freedom. In doing so, we will inevitably erode the very freedoms we seek to protect."

Steven Aftergood, head of the Project on Government Secrecy at the Federation of American Scientists, said that Barr's comments are but one example of a limited "hope that legislative changes will be less drastic than they might otherwise be." But Aftergood stressed that the Sept. 11 terrorist attacks have changed everything. Open government may be a thing of the past, he said, as "declassification will almost certainly suffer, due to funding limits if nothing else. Openness in general is already diminishing."

Aftergood said that the fiscal 2002 intelligence budget may be the largest in U.S. history, with an increase of several billion dollars. That would place the classified total well over $30 billion for all agencies. While members of Congress have been emphasizing the need to increase human intelligence more than technical intelligence, they also were affected by NSA director Michael Hayden's February interview on 60 Minutes, where he claimed that Osama Bin Laden's commercially acquired technology could foil the NSA. Aftergood said that "re-capitalization of NSA is explicitly on the agenda."

Even the proponents of civil liberties are recognizing that the massive scale of the Sept. 11 attacks may lead, with some justification, to the kind of restrictions seen in the early years of the Cold War. Aftergood pointed out that "thousands of people suffered the ultimate invasion of privacy and the ultimate loss of civil liberties. Inevitably, one's perspective on these matters changes."

Combating terrorism

H.R. 2500 could provide a test of privacy issues as early as this week, when Congress reconvenes on Sept. 20. After the House passed the bill, the Senate passed its own version including dozens of amendments, but the one drawing the EFF's ire is number S.AMDT.1562, filed by Sen. Orrin Hatch, R-Utah, labeled the "Combating Terrorism Act of 2001."

Among the amendment's changes is a widening of wiretap laws to include computers and the Internet. The widened legislation has two problems, said Cindy Cohn, EFF's legal director. First, it would allow many low-level crimes, such as Web-site defacing, to be grounds for a wiretap, an arrangement the EFF believes is too severe. "Normally, you can only get an Article 3 wiretap if you're contending somebody's engaged in a very serious crime," Cohn said.

More chilling, she said, is that the amendment defines how the telephone-based wiretap laws will transfer to Internet communications.

When a telephone line is subject to "pen-and-trap" tapping, only telephone numbers are collected: the numbers called by the phone, and the numbers of the parties who call that phone. The identity of the caller and the content of the conversation aren't tapped.

The EFF believes that the Internet equivalent of "pen-and-trap" should be a system that collects only Internet Protocol addresses — namely, what IP address the computer in question is using and what addresses it connects to. But Sen. Hatch's amendments declare that the entire header of an e-mail is fair game under Internet "pen-and-trap" laws, Cohn said. This would give lawmakers access to substantially more information than they could otherwise collect, as e-mail headers include more detailed information, including a subject line and the user's identity. In some cases, even data about a user's Web destinations can be derived from the header, Cohn said.

The danger is that the law "codifies that the headers are the same [as telephone numbers], that they can get the header information in a pen-and-trap situation," Cohn said. The situation is troubling because the question of wiretapping a computer line has remained an open question. The EFF contends that the Combating Terrorism Act will close the issue "entirely in law enforcement's favor" without allowing space for debate, Cohn said.

Cohn was also critical of the rushed nature of the amendment, which faced only 30 minutes of discussion on the Senate floor. Debate on the amendments was minimal because most senators hadn't had time to read the amendment, she said.

Speaking before the Senate on Sept. 13, Hatch defended his amendments, noting that existing laws take neither terrorism nor the Internet into account. S.AMDT.1562 simply updates the language accordingly, he said.

"This statute does not change the standard for trap and trace. It only adds emergency authority for the U.S. attorney," Hatch said, according to the Congressional Record. "You [still] have to make your case before a federal judge. It isn't some wild-eyed breach of personal privacy."

Hatch also noted that the amendments reflect longtime requests of the Department of Justice. "Every one of these principles in this amendment, the Justice Department wants, and wants badly, so that they can do their job to protect American citizens," he said.

Several subsequent amendments filed by Sen. Hatch likewise appear to loosen the requirements for requesting a pen register or trap-and-trace on any given phone line or Internet connection; these were tabled by the Senate and could be presented in committee for approval.

Encryption threat

Separately, the EFF and other organizations are watching for potential changes in policy regarding data encryption. In a Sept. 12 Senate discussion about terrorism, Sen. Judd Gregg, R-N.H., noted that former FBI director Louis Freeh considered the availability of strong encryption to be the biggest barrier his office faced in fighting terrorism.

Gregg added that to answer Freeh's concerns, software vendors need to give their software "backdoor" provisions, which would allow government agents to decipher any messages instantly. He added that that willingness should extend to software companies abroad, who many say would have a competitive advantage if all U.S. encryption had back doors. He stopped short of suggesting that such provisions be made mandatory, however.

Several reports said that Gregg had then filed a bill to institute mandatory backdoor provisions, but his press secretary told EE Times that Gregg had neither filed nor planned to draft any such legislation.