Towards Coherent Regulation of Law Enforcement Surveillance in the Network Society

AUTHOR

Serena Chan
Laboratory for Information and Decision Systems
Massachusetts Institute of Technology
Cambridge,
MA 02139

L. Jean Camp
Kennedy School of Government
Harvard University
Cambridge, MA 02139

ABSTRACT

In this paper, we will study the evolution of telecommunications technology and its impact on law enforcement surveillance. Privacy and the need for law enforcement to conduct investigations have not been at the center of the recent public policy debate, rather corporate efforts at data surveillance have been the core. Yet unlike corporate surveillance, law enforcement surveillance can be and is intrusive and approved in policy environments. Thus police and state surveillance are different topics, and law enforcement surveillance deserves particular attention. The recent installation of Carnivore, a classified packet sniffer, on American networks by the American federal law enforcement agency illustrate the importance of considering law enforcement surveillance as a separate category.

The growth of interception is a result of technological improvements, which have drawn more and more valuable traffic into telecommunications channels. The means by which we communicate (e.g., telegraphy, telephone, electronic mail, and video conference) have expanded due to technological changes. As a result of being able to listen in on those communications (e.g., wiretaps), spying on communication channels becomes increasingly rewarding for governments, businesses, and criminals. Laws cannot change these facts. Communications are inherently interceptable and digital technology has increased this interceptability. Conversely, law enforcement agencies will continually face challenges in maintaining their electronic surveillance capabilities in the future as new communications technologies and services are developed. Ultimately, to create the foundation for good policy we must be aware of many factors, including technology, cryptography and electronic surveillance, the aims and practices of intelligence and law enforcement agencies, and the history of society’s attempts to deal with similar problems over the previous centuries. Policies need to be technology-neutral in order to withstand the further evolution of telecommunications technologies and services.

The bandwidth exchanges operating on the coasts of the United States illustrate that surveillance policies in the United States will effect citizens in the Pacific Rim and the European Community. We will illustrate that the US government has historically tried to increase its power of search, despite the gradual acceptance of the basic human right to privacy. US government surveillance will have an increasing impact because of globalization as much international traffic may travel across American network wires. European traffic travels across the East Coast while Asian traffic travels across the West Coast when US bandwidth is more available than that overseas. Rather than curtailing law enforcement surveillance activities per se, policy in the US has emphasized privacy protection of individuals. Thus, the traditional assumption is that when individual privacy is protected government surveillance activities would be kept in check.

We will discuss surveillance practices preceding the widespread adoption of electronic means of communication in the areas of United States (US) postal mail, telegraph, and telephone communications, as well as physical surveillance. We will also analyze surveillance in the area of encrypted telephony and the Internet (e.g., e-mail) in the United States. From the examination of these cases, we will see that not only is there the much-heralded convergence of telecommunications channels, but also a resulting convergence of jurisdictions.

We will conclude with a discussion of privacy principles on which to build a coherent technology-neutral policy for law enforcement surveillance of electronic information. We will analyze how a such US-based digital surveillance standard might comply or conflict with European data protection principles. In particular we argue that the telecommunications industry assist law enforcement agencies in their interception needs instead of the government implementing their own surveillance techniques. Such a practice will create a window of transparency whereby law enforcement requests for communications are documented and the transfer of data can be observered. The increasingly private nature of networks offers promise that an increasing transparency of dataflow to law enforcement is possible. We further conclude that ensuring the privacy of the individual in the market is not adequate for ensuring the privacy of the individual with respect to law enforcement; however, such marketplace privacy is a pre-requisite for citizen privacy. Finally we argue that the European Principles for Data Protection offer an excellent foundation on which to build technology-neutral standards for surveillance; although given the uniquely and necessarily intrusive nature of law enforcement surveillance the Principles are not themselves suitable.