WASHINGTON -- The Clinton administration is seeking to update U.S. wiretap law to take into account the latest technology and at the same time add provisions that strengthen individual privacy, a top administration official said Monday. The move comes shortly after attention was directed at "Carnivore," a wiretap application recently embraced by the U.S. Federal Bureau of Investigation (FBI).
The proposals, which are being discussed with members of Congress who have proposed similar legislation, come amid a torrent of criticism of a wiretap application nicknamed "Carnivore" that the FBI has used to intercept e-mail sent and received by suspects in criminal investigations.
The FBI acknowledged last week that it is using Carnivore, which plugs in to an ISP's (Internet Service Provider's) equipment, but the agency said the application is able to target the e-mail traffic of an individual suspect.
Carnivore, however, drew criticism from the American Civil Liberties Union (ACLU) and privacy advocates who say it's not as selective as law enforcement officials say it is and that it puts the privacy of law abiding citizens at risk because of its potential to scan and analyze large volumes of e-mail messages.
The new proposals put forth by the Clinton administration Monday were outlined at a news briefing by White House Chief of Staff John Podesta, who also announced new export encryption policies affecting U.S. companies that export encryption software to the 15 European Union countries and eight other U.S. allies.
There is no link between the updated encryption policies, which have been sought by encryption software vendors, and the proposals, Podesta said. The proposals are legislative protections needed to "map" privacy principles onto the latest technology, he said.
"It's time to update and harmonize our existing laws to give all forms of technology the same legislative protections as our telephone conversations," Podesta said.
The proposals would affect the use of Carnivore in cases when investigators use the system to access the content of e-mail and other electronic communications, Podesta said.
In those cases, the proposals would apply to e-mail and other Internet communications what Podesta called the tough but workable standards that currently define when police can listen to the content of regular telephone calls.
Those standards require a court order and approval from a high-level U.S. Department of Justice official for all telephone wiretaps and further allow wiretapping only during the investigation of serious crimes, such as espionage and violent crimes.
In cases where police want to find out with whom a suspect is communicating over the Internet, the new proposals also would apply a slightly tougher standard than currently exists for voice telephone calls.
Under current law, when police officers seek the numbers a suspect has dialed or the numbers of people who have dialed the suspect through "trap and trace" or "pen register" methods, a judge must issue the order after police certify certain standards have been met. Under the White House proposals, when police are seeking to find out with whom a suspect is communicating over the Internet, the judge would make an independent finding of whether the standards have been met.
Podesta noted that the changes are necessary to bring current law up to date with the way technology is being used. Cable systems, for example, were not used to access the Internet when the current law governing cable service was written.
"When the standards were written, cable did one thing: it downloaded content. Now the use of cable as a two-way system has begun to grow," Podesta said. "We are suggesting that if you are communicating via cable modem, the same standard ought to apply."
The proposals, however, would not change laws that apply to a customers' right to protect data about what they watched over cable.
The expectation of cooperation that has applied to telephone companies will apply to ISPs whenever they are presented with a surveillance order, Podesta said. But there is nothing in the proposals that would put ISPs in the shoes of law enforcement, he said.
Another proposal submitted Monday by the Clinton administration would strengthen the Computer Fraud and Abuse Act so that multiple small attacks are treated as one large attack, and therefore become subject to higher penalties.
That proposals outlined Monday will be sent to the Senate Judiciary Committee, which has under consideration a number of cyber-security bills. The proposals take some elements from two of the leading bills being discussed in order to attract support from both Republicans and Democrats on the committee, Podesta said.
The proposals "could be a basis for moving forward to do what's needed on the law enforcement side, but at the same time enhance the privacy protection and civil liberties protections," Podesta said.
Copyright 2000 IDG News Service, International Data Group Inc. All rights reserved.