It's slow progress, but a federal judge agrees with the Electronic Frontier Foundation that federal agencies, including the FBI, are dragging their feet on releasing documents that would reveal the extent to which private companies will be forced to tailor their technology to make it easier for the government to spy on the Internet. The EFF has filed filed two freedom of information requests, in response to which they received damned little. Judge Richard Seeborg says the feds need to go back and try again.
Here are the details of what's at stake, from Judge Seeborg's order, dated October 30, 2012:
Two separate FOIA requests are at issue in this action, both of which relate generally to the Communications Assistance for Law Enforcement Act (CALEA), 47 U.S.C. §§1001, et seq., a 1994 law designed to aid law enforcement efforts to conduct surveillance of digital telephone networks. Although CALEA was expanded in 2005 to apply to broadband and certain Voice over IP (VoIP) providers, it expressly excludes the regulation of "information services" providers, and does not require any carrier to decrypt encrypted communications. According to EFF, in recent years law enforcement interests have advocated expanding CALEA to require all services that enable communications—including encrypted e-mail transmitters, social networking websites, and "peer to peer" messaging services—to be technically capable of complying with wiretap orders, including being able to intercept and unscramble encrypted messages.
The FBI has addressed this subject through a program known as "Going Dark." While the parties have not explained the exact nature or parameters of that program, there is no dispute that EFF's FOIA requests referring to it by name were adequate to permit the Government to respond.
The FBI's position seems to be that forcing private businesses to build-in backdoors is no end-run around the Fourth Amendment; it just allows companies to comply with lawful court orders when the FBI and other agencies secure warrants in the future, even if the law doesn't actually require such technical ability — yet. How forward-looking. Strictly speaking, this might just incentivize people to overlay privacy-minded services on their existing networks, such as Silent Circle, an encrypted communications service deliberately based outside the United States to escape American regulations like CALEA. But that will leave savvier people with intact privacy and the rest of the population subject to government scrutiny.
So the EFF asked just what the feds were up to — and received iffy cooperation in return.
The Criminal Division of DOJ initially located approximately 8,425 pages of potentially responsive information. It contends that upon further review, very few of the pages turned out to be responsive. It ultimately released one page in full and 6 pages in part, and withheld 51 pages in full. DOJ also referred approximately 500 pages of potentially responsive information to other agencies for processing and possible production to plaintiff.
The DEA and the FBI did a little better, but they all construed the requests pretty narrowly in terms of date and subject. That's a problem, says Judge Seeborg, because the courts have held that "Under FOIA, agencies are required 'to construe a FOIA request liberally.'" After some more discussion of the rules that should apply, Judge Seeborg wrote:
[T]he Government is directed to conduct a further review of the materials previously withheld as non-responsive. In conducting such review, the presumption should be that information located on the same page, or in close proximity to undisputedly responsive material is likely to qualify as information that in "any sense sheds light on, amplifies, or enlarges upon" the plainly responsive material, and that it should therefore be produced, absent an applicable exemption.
We still don't know what the records requests, once properly honored, will reveal. But it's obvious that the feds aren't eager to show their hand.