Computer underground Digest Wed Aug 17, 1994 Volume 6 : Issue 73
ISSN 1004-042X
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Retiring Shadow Archivist: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Campy Editor: Shrdlu Etaionsky
CONTENTS, #6.73 (Wed, Aug 17, 1994)
File 1--Digital Telephony Text (HR 4922)
File 2--The Good, the Bad, the Ugly, and the Confused (Re: CuD 6.72)
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.
CuD is available as a Usenet newsgroup: comp.society.cu-digest
Or, to subscribe, send a one-line message: SUB CUDIGEST your name
Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.
EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893;
In ITALY: Bits against the Empire BBS: +39-461-980493
UNITED STATES: etext.archive.umich.edu (141.211.164.18) in /pub/CuD/
ftp.eff.org (192.88.144.4) in /pub/Publications/CuD
aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/cud/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)
JAPAN: ftp.glocom.ac.jp /mirror/ftp.eff.org/
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Wed, 17 Aug 1994 09:49:02 -0500
From: David Banisar <Banisar@EPIC.ORG>
Subject: File 1--Digital Telephony Text (HR 4922)
((MODERATORS' NOTE: The following text, sent over by CPSR's Dave
Banisar, is the latest version of the Digital Telephony Bill. See CuD
6.72 and the next CuD (6.74) for additional discussion)).
103d Congress H. R. 4922 As Introduced in the House
Note: This document is the unofficial version of a Bill or Resolution.
The printed Bill and Resolution produced by the Government Printing
Office is the only official version.
VERSION As Introduced in the House
CONGRESS 103d CONGRESS
2d Session
BILL H. R. 4922
TITLE To amend title 18, United States Code, to make clear a
telecommunications carrier`s duty to cooperate in the
interception of communications for law enforcement purposes,
and for other purposes.
--------------------
IN THE HOUSE OF REPRESENTATIVES
AUGUST 9, 1994
Mr. Edwards of California (for himself and Mr. Hyde) introduced the
following bill; which was referred to the Committee on the
Judiciary
--------------------
TEXT A BILL
To amend title 18, United States Code, to make clear a
telecommunications carrier`s duty to cooperate in the
interception of communications for law enforcement purposes,
and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. INTERCEPTION OF DIGITAL AND OTHER COMMUNICATIONS.
(a) In General . - Part I of title 18, United States Code, is
amended by inserting after chapter 119 the following new chapter:
`CHAPTER 120 - TELECOMMUNICATIONS CARRIER ASSISTANCE TO THE
GOVERNMENT
`Sec.
`2601. Definitions.
`2602. Assistance capability requirements.
`2603. Notices of capacity requirements.
`2604. Systems security and integrity.
.
`2605. Cooperation of equipment manufacturers and providers of
telecommunications support services.
`2606. Technical requirements and standards; extension of
compliance date.
`2607. Enforcement orders.
`2608. Reimbursement of telecommunications carriers.
`Sec. 2601. Definitions
`(a) Definitions . - In this chapter -
`the terms defined in section 2510 have, respectively, the
meanings stated in that section.
` `call-identifying information` -
`(A) means all dialing or signalling information
associated with the origin, direction, destination, or
termination of each communication generated or received by
the subscriber equipment, facility, or service of a
telecommunications carrier that is the subject of a court
order or lawful authorization; but
`(B) does not include any information that may disclose
the physical location of the subscriber (except to the
extent that the location may be determined from the
telephone number).
` `Commission` means the Federal Communications Commission.
` `government` means the government of the United States and
any agency or instrumentality thereof, the District of
Columbia, any commonwealth, territory, or possession of the
United States, and any State or political subdivision thereof
authorized by law to conduct electronic surveillance.
` `information services` -
`(A) means the offering of a capability for generating,
acquiring, storing, transforming, processing, retrieving,
utilizing, or making available information via
telecommunications; and
`(B) includes electronic publishing and messaging
services; but
`(C) does not include any use of any such capability for
the management, control, or operation of a
telecommunications system or the management of a
telecommunications service.
` `provider of telecommunications support services` means a
person or entity that provides a product, software, or service
to a telecommunications carrier that is integral to such
carrier`s switching or transmission of wire or electronic
communications.
` `telecommunications carrier` -
`(A) means a person or entity engaged in the transmission
or switching of wire or electronic communications as a
common carrier for hire (within the meaning of section 3(h)
of the Communications Act of 1934 (47 U.S.C. 153(h))); and
`(B) includes -
`(i) a person or entity engaged in providing
commercial mobile service (as defined in section 332(d)
of the Communications Act of 1934 (47 U.S.C. 332(d)));
and
`(ii) a person or entity engaged in providing wire or
electronic communication switching or transmission
service to the extent that the Commission finds that
such service is a replacement for a substantial portion
of the local telephone exchange service and that it is
in the public interest to deem such a person or entity
to be a telecommunications carrier for purposes of this
chapter; but
`(C) does not include persons or entities insofar as they
are engaged in providing information services.
`Sec. 2602. Assistance capability requirements
`(a) Capability Requirements . - Except as provided in
subsections (b), (c), and (d) of this section, and subject to
section 2607(c), a telecommunications carrier shall ensure that its
services or facilities that provide a customer or subscriber with
the ability to originate, terminate, or direct communications are
capable of -
`(1) expeditiously isolating and enabling the government to
intercept, to the exclusion of any other communications, all
wire and electronic communications carried by the carrier
within a service area to or from equipment, facilities, or
services of a subscriber of such carrier concurrently with
their transmission to or from the subscriber`s service,
facility, or equipment or at such later time as may be
acceptable to the government;
`(2) expeditiously isolating and enabling the government to
access call-identifying information that is reasonably
available to the carrier -
`(A) before, during, or immediately after the
transmission of a wire or electronic communication (or at
such later time as may be acceptable to the government);
and
`(B) in a manner that allows it to be associated with the
communication to which it pertains,
except that, with regard to information acquired solely
pursuant to the authority for pen registers and trap and trace
devices (as defined in section 3127), such call-identifying
information shall not include any information that may disclose
the physical location of the subscriber (except to the extent
that the location may be determined from the telephone number);
`(3) delivering intercepted communications and
call-identifying information to the government in a format such
that they may be transmitted by means of facilities or services
procured by the government to a location other than the
premises of the carrier; and
`(4) facilitating authorized communications interceptions and
access to call-identifying information unobtrusively and with a
minimum of interference with any subscriber`s
telecommunications service and in a manner that protects -
`(A) the privacy and security of communications and
call-identifying information not authorized to be
intercepted; and
`(B) information regarding the government`s interception
of communications and access to call-identifying
information.
`(b) Limitations . -
`(1) Design of features and systems configurations . - This
chapter does not authorize any law enforcement agency or officer -
`(A) to require any specific design of features or system
configurations to be adopted by providers of wire or
electronic communication service, manufacturers of
telecommunications equipment, or providers of
telecommunications support services; or
`(B) to prohibit the adoption of any feature or service
by providers of wire or electronic communication service,
manufacturers of telecommunications equipment, or providers
of telecommunications support services.
`(2) Information services and interconnection services and
facilities . - The requirements of subsection (a) do not apply
. to -
`(A) information services; or
`(B) services or facilities that support the transport or
switching of communications for the sole purpose of
interconnecting telecommunications carriers or private
networks.
`(3) Encryption . - A telecommunications carrier shall not
be responsible for decrypting, or ensuring the government`s ability
to decrypt, any communication encrypted by a subscriber or
customer, unless the encryption was provided by the carrier and the
carrier possesses the information necessary to decrypt the
communication.
`(c) Emergency or Exigent Circumstances . - In emergency or
exigent circumstances (including those described in sections 2518
(7) or (11)(b) and 3125 of this title and section 1805(e) of title
50), a carrier may fulfill its responsibilities under subsection
(a)(3) by allowing monitoring at its premises if that is the only
means of accomplishing the interception or access.
`(d) Mobile Service Assistance Requirements . - A
telecommunications carrier offering a feature or service that
allows subscribers to redirect, hand off, or assign their wire or
electronic communications to another service area or another
service provider or to utilize facilities in another service area
or of another service provider shall ensure that, when the carrier
that had been providing assistance for the interception of wire or
electronic communications or access to call-identifying information
pursuant to a court order or lawful authorization no longer has
access to the content of such communications or call-identifying
information within the service area in which interception has been
occurring as a result of the subscriber`s use of such a feature or
service, information is available to the government (before,
during, or immediately after the transfer of such communications)
identifying the provider of wire or electronic communication
service that has acquired access to the communications.
`Sec. 2603. Notices of capacity requirements
`(a) Notices of Maximum and Initial Capacity Requirements . -
`(1) In general . - Not later than 1 year after the date of
enactment of this chapter, and after consulting with State and
local law enforcement agencies, telecommunications carriers,
providers of telecommunications support services, and manufacturers
of telecommunications equipment, the Attorney General shall publish
in the Federal Register and provide to appropriate
telecommunications carrier associations, standard-setting
organizations, and fora -
`(A) notice of the maximum capacity required to
accommodate all of the communication interceptions, pen
registers, and trap and trace devices that the Attorney
General estimates that government agencies authorized to
conduct electronic surveillance may conduct and use
simultaneously; and
`(B) notice of the number of communication interceptions,
pen registers, and trap and trace devices, representing a
portion of the maximum capacity set forth under
subparagraph (A), that the Attorney General estimates that
government agencies authorized to conduct electronic
surveillance may conduct and use simultaneously after the
date that is 4 years after the date of enactment of this
chapter.
`(2) Basis of notices . - The notices issued under paragraph
(1) may be based upon the type of equipment, type of service,
number of subscribers, geographic location, or other measure.
`(b) Compliance With Capacity Notices . -
`(1) Initial capacity . - Within 3 years after the
publication by the Attorney General of a notice of capacity
requirements or within 4 years after the date of enactment of this
chapter, whichever is longer, a telecommunications carrier shall
ensure that its systems are capable of -
`(A) expanding to the maximum capacity set forth in the
notice under paragraph (1)(A); and
`(B) accommodating simultaneously the number of
interceptions, pen registers, and trap and trace devices
set forth in the notice under paragraph (1)(B).
`(2) Permanent capacity . - After the date described in
paragraph (1), a telecommunications carrier shall ensure that it
can accommodate expeditiously any increase in the number of
communication interceptions, pen registers, and trap and trace
devices that authorized agencies may seek to conduct and use, up to
the maximum capacity requirement set forth in the notice under
paragraph (1)(A).
`(c) Notices of Increased Maximum Capacity Requirements . -
`(1) The Attorney General shall periodically provide to
telecommunications carriers written notice of any necessary
increases in the maximum capacity requirement set forth in the
notice under subsection (b)(1).
`(2) Within 3 years after receiving written notice of
increased capacity requirements under paragraph (1), or within
such longer time period as the Attorney General may specify, a
telecommunications carrier shall ensure that its systems are
capable of expanding to the increased maximum capacity set
forth in the notice.
`Sec. 2604. Systems security and integrity
`A telecommunications carrier shall ensure that any court ordered
or lawfully authorized interception of communications or access to
call-identifying information effected within its switching premises
can be activated only with the affirmative intervention of an
individual officer or employee of the carrier.
`Sec. 2605. Cooperation of equipment manufacturers and providers of
telecommunications support services
`(a) Consultation . - A telecommunications carrier shall
consult, as necessary, in a timely fashion with manufacturers of
its telecommunications transmission and switching equipment and its
providers of telecommunications support services for the purpose of
identifying any service or equipment, including hardware and
software, that may require modification so as to permit compliance
with this chapter.
`(b) Modification of Equipment and Services . - Subject to
section 2607(c), a manufacturer of telecommunications transmission
or switching equipment and a provider of telecommunications support
services shall, on a reasonably timely basis and at a reasonable
charge, make available to the telecommunications carriers using its
equipment or services such modifications as are necessary to permit
such carriers to comply with this chapter.
`Sec. 2606. Technical requirements and standards; extension of
compliance date
`(a) Safe Harbor . -
`(1) Consultation . - To ensure the efficient and
industry-wide implementation of the assistance capability
requirements under section 2602, the Attorney General, in.
coordination with other Federal, State, and local law enforcement
agencies, shall consult with appropriate associations and
standard-setting organizations of the telecommunications industry.
`(2) Compliance under accepted standards . - A
telecommunications carrier shall be found to be in compliance with
the assistance capability requirements under section 2602, and a
manufacturer of telecommunications transmission or switching
equipment or a provider of telecommunications support services
shall be found to be in compliance with section 2605, if the
carrier, manufacturer, or support service provider is in compliance
with publicly available technical requirements or standards are
adopted by an industry association or standard-setting organization
or by the Commission under subsection (b) to meet the requirements
of section 2602.
`(3) Absence of standards . - The absence of technical
requirements or standards for implementing the assistance
capability requirements of section 2602 shall not -
`(A) preclude a carrier, manufacturer, or services
provider from deploying a technology or service; or
`(B) relieve a carrier, manufacturer, or service provider
of the obligations imposed by section 2602 or 2605, as
applicable.
`(b) FCC Authority . -
`(1) In general . - If industry associations or
standard-setting organizations fail to issue technical requirements
or standards or if a government agency or any other person believes
that such requirements or standards are deficient, the agency or
person may petition the Commission to establish, by notice and
comment rulemaking or such other proceedings as the Commission may
be authorized to conduct, technical requirements or standards that
-
`(A) meet the assistance capability requirements of
section 2602;
`(B) protect the privacy and security of communications
not authorized to be intercepted; and
`(C) serve the policy of the United States to encourage
the provision of new technologies and services to the
public.
`(2) Transition period . - If an industry technical
requirement or standard is set aside or supplanted as a result of
Commission action under this section, the Commission, after
consultation with the Attorney General, shall establish a
reasonable time and conditions for compliance with and the
transition to any new standard, including defining the obligations
of telecommunications carriers under section 2602 during any
transition period.
`(c) Extension of Compliance Date for Features and Services . -
`(1) Petition . - A telecommunications carrier proposing to
deploy, or having deployed, a feature or service within 4 years
after the date of enactment of this chapter may petition the
Commission for 1 or more extensions of the deadline for complying
with the assistance capability requirements under section 2602.
`(2) Ground for extension . - The Commission may, after
affording a full opportunity for hearing and after consultation
with the Attorney General, grant an extension under this paragraph,
if the Commission determines that compliance with the assistance
capability requirements under section 2602 is not reasonably
achievable through application of technology available within the
compliance period.
`(3) Length of extension . - An extension under this
paragraph shall extend for no longer than the earlier of -
`(A) the date determined by the Commission as necessary
for the carrier to comply with the assistance capability
requirements under section 2602; or
`(B) the date that is 2 years after the date on which the
extension is granted.
`(4) Applicability of extension . - An extension under this
subsection shall apply to only that part of the carrier`s business
on which the new feature or service is used.
`Sec. 2607. Enforcement orders
`(a) Enforcement by Court Issuing Surveillance Order . - If a
court authorizing an interception under chapter 119, a State
statute, or the Foreign Intelligence Surveillance Act of 1978 (50
U.S.C. 1801 et seq.) or authorizing use of a pen register or a trap
and trace device under chapter 206 or a State statute finds that a
telecommunications carrier has failed to comply with the
requirements in this chapter, the court may direct that the carrier
comply forthwith and may direct that a provider of support services
to the carrier or the manufacturer of the carrier`s transmission or
switching equipment furnish forthwith modifications necessary for
the carrier to comply.
`(b) Enforcement Upon Application by Attorney General . - The
Attorney General may apply to the appropriate United States
district court for, and the United States district courts shall
have jurisdiction to issue, an order directing that a
telecommunications carrier, a manufacturer of telecommunications
transmission or switching equipment, or a provider of
telecommunications support services comply with this chapter.
`(c) Grounds for Issuance . - A court shall issue an order under
subsection (a) or (b) only if the court finds that -
`(1) alternative technologies or capabilities or the
facilities of another carrier are not reasonably available to
law enforcement for implementing the interception of
communications or access to call-identifying information; and
`(2) compliance with the requirements of this chapter is
reasonably achievable through the application of available
technology to the feature or service at issue or would have
been reasonably achievable if timely action had been taken.
`(d) Time for Compliance . - Upon issuance of an enforcement
order under this section, the court shall specify a reasonable time
and conditions for complying with its order, considering the good
faith efforts to comply in a timely manner, any effect on the
carrier`s, manufacturer`s, or service provider`s ability to
continue to do business, the degree of culpability or delay in
undertaking efforts to comply, and such other matters as justice
may require.
`(e) Limitation . - An order under this section may not require
a telecommunications carrier to meet the government`s demand for
interception of communications and acquisition of call-identifying
information to any extent in excess of the capacity for which
notice has been provided under section 2603.
`(f) Civil Penalty . -
`(1) In general . - A court issuing an order under this
section against a telecommunications carrier, a manufacturer of
telecommunications transmission or switching equipment, or a
provider of telecommunications support services may impose a civil
penalty of up to $10,000 per day for each day in violation after
the issuance of the order or after such future date as the court
may specify.
`(2) Considerations . - In determining whether to impose a
fine and in determining its amount, the court shall take into
account -
`(A) the nature, circumstances, and extent of the
violation;
`(B) the violator`s ability to pay, the violator`s good
faith efforts to comply in a timely manner, any effect on
the violator`s ability to continue to do business, the
degree of culpability, and the length of any delay in
undertaking efforts to comply; and
`(C) such other matters as justice may require.
`(3) Civil action . - The Attorney General may file a civil
action in the appropriate United States district court to collect,
and the United States district courts shall have jurisdiction to
impose, such fines.
`Sec. 2608. Reimbursement of telecommunications carriers
`(a) In General . - The Attorney General shall, subject to the
availability of appropriations, reimburse telecommunications
carriers for all reasonable costs directly associated with -
`(1) the modifications performed by carriers prior to the
effective date of section 2602 or prior to the expiration of
any extension granted under section 2606(c) to establish the
capabilities necessary to comply with section 2602;
`(2) meeting the maximum capacity requirements set forth in
the notice under section 2603(a)(1)(A); and
`(3) expanding existing facilities to accommodate
simultaneously the number of interceptions, pen registers and
trap and trace devices for which notice has been provided under
section 2603(a)(1)(B).
`(b) Procedures and Regulations . - Notwithstanding any other
law, the Attorney General may establish any procedures and
regulations deemed necessary to effectuate timely and
cost-efficient reimbursement to telecommunications carriers for
reimbursable costs incurred under this chapter, under chapters 119
and 121, and under the Foreign Intelligence Surveillance Act of
1978 (50 U.S.C. 1801 et seq.).
`(c) Dispute Resolution . - If there is a dispute between the
Attorney General and a telecommunications carrier regarding the
amount of reasonable costs to be reimbursed under subsection (b),
the dispute shall be resolved and the amount determined in a
proceeding initiated at the Commission under section 2606(b) or by
the court from which an enforcement order is sought under section
2607.
`(d) Lack of Appropriated Funds . - The lack of appropriated
funds sufficient to reimburse telecommunications carriers for
modifications under subsection (a) shall be considered by the
Commission or a court in determining whether compliance is
reasonable under section 2607(c).`.
(b) Technical Amendment . - The part analysis for part I of
title 18, United States Code, is amended by inserting after the
item relating to chapter 119 the following new item:
`120. Telecommunications carrier assistance to the Government
2601`.
SEC. 2. AUTHORIZATION OF APPROPRIATIONS.
There are authorized to be appropriated to carry out section 2608
of title 18, United States Code, as added by section 1 -
(1) a total of $500,000,000 for fiscal years 1995, 1996,
1997, and 1998; and
(2) such sums as are necessary for each fiscal year
thereafter.
SEC. 3. EFFECTIVE DATE.
(a) In General . - Except as provided in paragraph (2), chapter
120 of title 18, United States Code, as added by section 1, shall
take effect on the date of enactment of this Act.
(b) Assistance Capability and Systems Security and Integrity
Requirements . - Sections 2602 and 2604 of title 18, United States
Code, as added by section 1, shall take effect on the date that is
4 years after the date of enactment of this Act.
SEC. 4. REPORTS.
(a) Reports by the Attorney General . -
(1) In general . - On or before November 30, 1995, and on or
before November 30 of each year for 5 years thereafter, the
Attorney General shall submit to the Congress a report on the
amounts paid during the preceding fiscal year in reimbursement to
telecommunications carriers under section 2608 of title 18, United
States Code, as added by section 1.
(2) Contents . - A report under paragraph (1) shall include
-
(A) a detailed accounting of the amounts paid to each
carrier and the technology, feature or service for which
the amounts were paid; and
(B) projections of the amounts expected to be paid in the
current fiscal year, the carriers to which reimbursement is
expected to be paid, and the technologies, services, or
features for which reimbursement is expected to be paid.
(b) Reports by the Comptroller General . -
(1) In general . - On or before April 1, 1996, and April 1,
1998, the Comptroller General of the United States, after
consultation with the Attorney General and the telecommunications
industry, shall submit to the Congress a report reflecting its
audit of the sums paid by the Attorney General to carriers in
reimbursement.
(2) Contents . - A report under paragraph (1) shall include
the findings and conclusions of the Comptroller General on the
costs to be incurred after the compliance date, including
projections of the amounts expected to be incurred and the
technologies, services, or features for which expenses are expected
to be incurred.
SEC. 5. CORDLESS TELEPHONES.
(a) Definitions . - Section 2510 of title 18, United States
Code, is amended -
(1) in paragraph (1) by striking `but such term does not
include` and all that follows through `base unit`; and
(2) in paragraph (12) by striking subparagraph (A) and
redesignating subparagraphs (B), (C), and (D) as subparagraphs
(A), (B), and (C), respectively.
(b) Penalty . - Section 2511 of title 18, United States Code, is
amended -
(1) in subsection (4)(b)(i) by inserting `a cordless
telephone communication that is transmitted between the
cordless telephone handset and the base unit,` after `cellular
telephone communication,`; and
(2) in subsection (4)(b)(ii) by inserting `a cordless
telephone communication that is transmitted between the
cordless telephone handset and the base unit,` after `cellular
telephone communication,`.
SEC. 6. RADIO-BASED DATA COMMUNICATIONS.
Section 2510(16) of title 18, United States Code, is amended -
(1) by striking `or` at the end of subparagraph (D);
(2) by inserting `or` at the end of subparagraph (E); and
(3) by inserting after subparagraph (E) the following new
subparagraph:
`(F) an electronic communication;`
SEC. 7. PENALTIES FOR MONITORING RADIO COMMUNICATIONS THAT ARE
TRANSMITTED USING MODULATION TECHNIQUES WITH
NONPUBLIC PARAMETERS.
Section 2511(4)(b) of title 18, United States Code, is amended by
striking `or encrypted, then` and inserting `, encrypted, or
transmitted using modulation techniques the essential parameters of
which have been withheld from the public with the intention of
preserving the privacy of such communication`.
SEC. 8. TECHNICAL CORRECTION.
Section 2511(2)(a)(i) of title 18, United States Code, is amended
by striking `used in the transmission of a wire communication` and
inserting `used in the transmission of a wire or electronic
communication`.
SEC. 9. FRAUDULENT ALTERATION OF COMMERCIAL MOBILE RADIO
INSTRUMENTS.
(a) Offense . - Section 1029(a) of title 18, United States Code,
is amended -
(1) by striking `or` at the end of paragraph (3); and
(2) by inserting after paragraph (4) the following new
paragraphs:
`(5) knowingly and with intent to defraud uses, produces,
traffics in, has control or custody of, or possesses a
telecommunications instrument that has been modified or altered
to obtain unauthorized use of telecommunications services; or
`(6) knowingly and with intent to defraud uses, produces,
traffics in, has control or custody of, or possesses -
`(A) a scanning receiver; or
`(B) hardware or software used for altering or modifying
telecommunications instruments to obtain unauthorized
access to telecommunications services,`.
(b) Penalty . - Section 1029(c)(2) of title 18, United States
Code, is amended by striking `(a)(1) or (a)(4)` and inserting `(a)
(1), (4), (5), or (6)`.
(c) Definitions . - Section 1029(e) of title 18, United States
Code, is amended -
(1) in paragraph (1) by inserting `electronic serial number,
mobile identification number, personal identification number,
or other telecommunications service, equipment, or instrument
identifier,` after `account number,`;
(2) by striking `and` at the end of paragraph (5);
(3) by striking the period at the end of paragraph (6) and
inserting `; and`; and
(4) by adding at the end the following new paragraph:
`(7) the term `scanning receiver` means a device or apparatus
that can be used to intercept a wire or electronic
communication in violation of chapter 119.`.
SEC. 10. TRANSACTIONAL DATA.
(a) Disclosure of Records . - Section 2703 of title 18, United
States Code, is amended -
(1) in subsection (c) -
(A) in subparagraph (B) -
(i) by striking clause (i); and
(ii) by redesignating clauses (ii), (iii), (iv) as
clauses (i), (ii), and (iii), respectively; and
(B) by adding at the end the following new subparagraph:
`(C) A provider of electronic communication service or
remote computing service shall disclose to a governmental
entity the name, billing address, and length of service of
a subscriber to or customer of such service and the types
of services the subscriber or customer utilized, when the
governmental entity uses an administrative subpoena
authorized by a Federal or State statute or a Federal or
State grand jury or trial subpoena or any means available
under subparagraph (B).`; and
(2) by amending the first sentence of subsection (d) to read
as follows: `A court order for disclosure under subsection (b)
or (c) may be issued by any court that is a court of competent
jurisdiction described in section 3126(2)(A) and shall issue
only if the governmental entity offers specific and articulable
facts showing that there are reasonable grounds to believe that
the contents of a wire or electronic communication, or the
records or other information sought, are relevant and material
to an ongoing criminal investigation.`.
(b) Pen Registers and Trap and Trace Devices . - Section 3121 of
title 18, United States Code, is amended -
(1) by redesignating subsection (c) as subsection (d); and
(2) by inserting after subsection (b) the following new
subsection:
`(c) Limitation . - A government agency authorized to install
and use a pen register under this chapter or under State law, shall
use technology reasonably available to it that restricts the
recording or decoding of electronic or other impulses to the
dialing and signalling information utilized in call processing.`.
HR 4922 IH - - 2
------------------------------
Date: Mon, 15 Aug 94 10:46:11 EDT
From: Jerry Leichter <leichter@LRW.COM>
Subject: File 2--The Good, the Bad, the Ugly, and the Confused (Re: CuD 6.72)
X-Vms-Mail-To: CUD
A couple of CuD issues back I took Wade Riddick to task for calling on the
government to get involved in computer technology by drafting
standards for computers. In the interest of sniping at both extremes,
I feel compelled to reply to Brock Meeks. Unlike Mr. Riddick, who
proposed things that probably offended much of the on-line community,
Mr. Meeks, in his outraged condemnation of the current version of the
FBI "wiretap access" bill (and really the principles that would apply
to any version thereof) probably speaks words near and dear to the
hearts of most of his readers. I believe he, and those readers, are
being every bit as naive as I accused Mr. Riddick of being.
Mr. Riddick believes the direction of technology is influenced by the
market, and that society, through the government, has a right to exert
its own influence. Mr. Meeks seems to believe that technology will go
where it wishes - perhaps modulated by the market, perhaps not - and
society/government should have no say in the matter. He seems to
believe that the telephone industry is being uniquely cursed with
government regulation of the direction it can let technology take it.
"Never again, under the provisions of this bill, will a
telecommunications provider be able to develop a service or technology
without first and foremost asking the question: How can I design this
so that it pops off the assembly line wiretap ready?" There will be
actual government penalties for non-compliance.
The automobile manufacturers, of course, have never been subject to
such regulation. No, they can make brakelights any color they like.
They need not worry about what goes out the tailpipes of their
automobiles - they can simply use the cheapest, best technologies for
engines. They needn't waste money and weight on silly things like
seat belts and air bags and energy-absorbing bumpers and collapsing
steering wheels that don't crush the driver. If the market wants
those things, let the market worry about it. If the market likes
high-powered engines, let the manufacturers go ahead and build them -
who cares how much gas they use?
Of course, while the auto makers are building those high-technology
cars, they need not be constrained by any worries about the chemicals
that happen to go up their smokestacks or out their sewers or get
buried in their waste dumps. Any such worries would constrain their
techological choices.
Oh, and when the designers work on aerodynamics, they needn't feel
constrained to leave space for a flat 6 by 12 inch (or a different
size, elsewhere than the US) plate on the front, right in the air
stream. No, and purchasers needn't pay their governments significant
amounts of money on a regular basis so that they can display that
piece of ugly steel - which, by the way, seriously invades their
privacy; anyone remember the scandals of the 60's when police
photographed the license plates of cars parked near anti-war
demonstrations?
Oh, yes, TV makers were never forced to include the ridiculous UHF
tuners for stations no one wanted to watch anyway, or radio makers
that silly FM band - they could just use the best, cheapest
technology, good old VHF and AM. For that matter, TV broadcasters
could choose any color encoding system they liked - "the best
technology" was more important than all those silly old black and
white TV's. Likewise, the FM broadcasters could choose any stereo
encoding system.
Let's look further. Supermarkets can save money by scanning UPC
labels - they needn't label each individual item with its price. Gun
makers are under no obligation to include serial numbers on their
weapons. (For that matter, neither are auto manufacturers.) Makers
of children's clothing needn't worry about how flammable it is - just
use the latest man-made fibers! Builders can use any materials they
wish, and make buildings as tall as they like, anywhere they like.
You want a nuclear reactor in your basement so you can be free of the
power grid? Go ahead! Plutonium is available at your local hardware
store.
Hey, any other approach *interferes with the technology*! It makes
the world *less efficient*!
Let's get real. There are social goods beyond the "latest and
greatest" technology. There are social goods beyond "the most
efficient" solution. If you don't believe that, perhaps you're in
favor of getting rid of all those labor laws - it would be so much
more *efficient* to go back to 6-day weeks of 10-hour days. And, of
course, we should get rid of those silly child-labor laws - kids
aren't learning anything in school anyway, why not let them earn a few
cents an hour, all the while making US manufacturing more competitive
with the third world? While we're at it, look at the money we waste
on all those people sitting in prison - prison labor is cheap and
plentiful. An untapped resource if ever there was one!
You want to drive on the public highways? You *will* register your
car, pay the appropriate fees, and mount a license plate. You want to
open a shop and sell to the public? You *will* collect sales taxes,
and by the way keep records of sales - whether that slows down your
business or not - and make them available to the tax authorities on
appropriate demand, whether you think that invades your privacy or
not. Oh, yes, and you will make those records available in a form
convenient to the tax authorities - probably paper, perhaps 1/2 inch
magnetic tape in some long-obsolete format - whether you find that
consistent with your vision of the correct technology for running a
business or not.
We are all members of a society, and we all make use of the social
goods it provides to us. How long would the telephone companies last
with no legal system to enforce its contracts? (I suppose some of the
radical libertarians out there will say "Who needs police? Let the
telephone company hire people to enforce its own contracts." A
gambling debt cannot be enforced in court in Nevada, but somehow few
people find it a good idea to stiff the casinos. Do you really want
the whole world to run like that?) You use those goods, you incur
obligations. With rights come responsibilities.
There is certainly room for a legitimate debate about *what*
regulations it is desireable and proper for society to impose - the
government *is* the (admittedly imperfect) arm of society whose task
is to impose regulations - on telephone companies, or any other
enterprise. What I find distressing is the blind kow-towing to the
technological imperative - if it *can* be done, we *must* do it, and
society be damned. Does anyone really believe that? Let's go back to
Mr. Meeks's statement and change it a bit: "Never again, under the
provisions of this bill, will a medical database provider be able to
develop a service or technology without first and foremost asking the
question: How can I design this so that it pops off the assembly line
ready to protect the privacy of the patients whose records it
contains?" Does it still sound like such a bad thing?
No, what we really have here, hidden under a supposed appeal to
technological requirements, is the same belief that law enforcement
agencies just should not be able to tap telephone calls, no matter
what. It makes no difference what limits are placed on the tapping,
what kinds of oversight there is; because tapping can be abused - and
because it's pretty clear that a populace worried about crime is
perfectly willing to allow for tapping under controlled circumstances
- what's needed is a technological fix that will simply render the
whole question moot. That this fix will come at zero apparent cost -
the paranoid won't even have to get hold of encryption boxes - only
makes it look better. If you really and truly believe this, ask
yourself why you are not arguing against license plates, or for that
matter driver's licenses, which have probably been abused to invade
privacy much more often than telephone taps.
On another note, I also find it distressing that many have bought into
the sob story from the telcos about costs. The government - that's
*us*, in case you haven't noticed - tosses in $500 million, and the
response from the telcos is to be upset that, if their costs are
greater, they might actually have to pay up - or be subject to
penalties. How much money did the government put up when it forced
auto manufacturers to make cleaner engines? Engines with higher
mileage ratings? Seat belts? Air bags? Third brake lights? How
much is California offering to pay them to come up with
"zero-polution" vehicles? How much does it pay your local grocer
toward the purchase of a cash register with dual recording rolls of
paper tape? (Do you think a grocer *needs* such a cash register to
run his business?) Do you think the penalties if these businesses
don't comply will be a government letter saying, "Well, you tried,
sorry you couldn't do better - see you next year?"
------------------------------
End of Computer Underground Digest #6.73
************************************