Bipartisan Policy Center task force urges wiretap law restrictions removed
A committee of mostly former national security officials criticized current wiretap law for preventing Internet service providers from monitoring traffic transiting their networks for cyber threats.
In a report (.pdf) released July 19 by the Bipartisan Policy Center's Cybersecurity Task Force--co-chaired by former CIA and National Security Agency director Michael Hayden and Mortimer Zuckerman, a real estate and sometime media magnate--the task force says "real and perceived legal limitations" act as a cyber security obstacle.
The Electronic Communications Privacy Act and the Wiretap Act place limitations on service provider interception and disclosure of communications. Exceptions permitting interception include existence of a substantial nexus between the communication device targeted for interception and fraudulent activity, and reasonable cause by the communications provider to suspect that its property rights are being violated.
But it's unclear whether an ISP monitoring packets for malware would be protecting its own network, or end-user computers. "Presently, only the protection of the provider's own network would qualify for the exception, limiting the ability to monitor for malware signatures on other networks," the report says.
Consent is another legal hurdle, the report says, since it's uncertain whether companies offering services that rely on ISP infrastructure can consent to monitoring on behalf of all their users.
Some states' legal requirement for two-party consent before communications can be monitored (requirements recognized by federal law) also act as a legal break, the report says, since its effect "is to give attackers a veto on whether their packets are inspected."
The report also cites a legal position that some companies take that says sharing communications with the government cannot be done without a subpoena, since one of the exceptions permitting communications providers to intercept traffic is that they do not act as law enforcement agents.
Report authors recommend that those legal obstacles be cleared, "under conditions that protect privacy and civil liberties."
Telecom firm challenges FBI on national security letters
FERC official decries lack of mandatory power for emergencies
DHS to set up continuous monitoring at civilian agencies
EINSTEIN 2 could violate Fourth Amendment