Friday, August 31, 2007

Credit Where Credit's due: Cox & Privacy

Credit where credit is due: Cox Communications, according to an entry Wired's "Threat Level" blog, is doing as right by the public in regard to their protecting their privacy from illegal government intrusion as is permissible.

Kudos.

Currently in Lafayette, and much of Louisiana, the choice for telecommunications services is between Cox and AT&T. If protecting your privacy from illegal government surveillance is important to you it appears that you'd be well-served to switch to Cox. (AT&T has been nailed repeatedly for complying with illegal requests.)

The blog entry is pretty much a set of reporters notes on a story he wrote for Wired, "Point, Click, Wiretap: How the FBI's wiretap net operates." The main story documents a pervasive network of surveillance with the FBI constantly tied into private providers communications centers across the country using a network physically separated from the regular internet. That network, according to the illustration from Wired at right must run through Lafayette on its way from New Orleans to Beaumont either on I-10 fiber or up US 90 along the railroad..

The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device...

The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is far more intricately woven into the nation's telecom infrastructure than observers suspected.

It's a "comprehensive wiretap system that intercepts wire-line phones, cellular phones, SMS and push-to-talk systems," says Steven Bellovin, a Columbia University computer science professor and longtime surveillance expert.

DCSNet is a suite of software that collects, sifts and stores phone numbers, phone calls and text messages. The system directly connects FBI wiretapping outposts around the country to a far-reaching private communications network.

The backstory is that during the Clinton administration federal law enforcement agencies complaining that digital communications made wiretapping increasing ineffective asked for a law that would force network providers to only install hardware and software that allowed for easy, centralized, information capture by all private network operators. That law, commonly labeled CALEA, passed and was augmented post 9-11 by the Bush administration. An FCC ruling this year extended CALEA compliance rules to all VOIP providers, facility based like AT&T or independent, like Vonage. That, in conjunction with elements of 911 compliance ensures that constant monitoring is possible. (You can, however, personally encrypt your communications though few do. Carrier-provided encryption must, by law, be trap-doored and that trap made available to governmental agencies that legally request them.)

What the story documents is just how the FBI has implemented this law and just how easily it can be and how extensively such monitoring is done.

It's not news that the large telecom corporations, intricately dependent upon federal regulation to protect their competitive positions, extensive subsidies, and spectrum "property" are pretty cravenly submissive to whatever the Feds ask of them. What is news, in a sort of man bites dog sort of way, is when one of the resists giving the administration anything they want. Qwest has earned kudos in the past and now it appears that Cox has also done "the right thing." From the blog:

Cox Communications lawyer Randy Cadenhead was also key to the story. Among the things that didn't make it into the final piece is that Cox is the only major telecom company to publicly publish its forms and fees for wiretaps. That documentation, which doesn't reveal any national secrets, should be on every telecom's website, in interests of transparency. Unfortunately, none of the largest wireless carriers do so, nor they, with the notable exception of AT&T, responded to requests for comments on the story.

Cadenhead also noted that Cox Communications did not participate in, or have any knowledge of, other wiretapping programs that have recently been in the news (read: warrantless wiretapping).

Now it should be noted that this leaves open the possibility that Cox simply was not asked to join the cabal. But as the third largest cable carrier and a VOIP leader in their field that seems unlikely. Nor does it mean that Cox hasn't complied fully with CALEA requirements. They surely have. Now it could be that once locked into an aggregation point on Cox's network they wouldn't have to ask Cox to do anything in order to "wiretap"—illegally or otherwise. In which case Cox's denial would be disingenuous. They'd have a warrant for legal wiretaps and wouldn't have, and thus wouldn't "know about," any illegal ones.

But that caveat aside it does appear that the reporter and the Cox representative believe that Cox is not cooperating with illegal wiretaps. And we know that AT&T is. One more reason to not hang up the phone when that annoying guy from Cox calls trying push VOIP during dinner.

(And, oddly, one more reason to be eager to see LUS enter the market. As a public agency LUS will be no less obligated to obey the law than any private corporation--but they are also, by law, will be unavoidably much more transparent than any private corporation. Public agencies can be required to submit records that make much of what they do visible (rightly so). But what that means to black hat operations like those we've seen recently is that those running them would be wise to avoid trying impose their illegalities on utilities like LUS which cannot hide their interactions from public scrutiny.)

No comments: