“Two and a half years ago, I and my partners at the New York Times exposed a national wiretapping program and we still can't tell what it's all about,” said Eric Lichtblau, investigative reporter, who officiated the panel.
It doesn't make sense, he said, that AT&T and about 40 other ISPs are being sued for complying with government wiretap orders, while laws are in flux and there are no clear legal standards that currently apply.
In pre-internet days, government agencies got a wiretap order, set up at a switch and just tapped that individual's personal calls, explained Matt Blaze, researcher and associate professor, computer and information science, University of Pennsylvania. Now government intelligence agencies have access to large data pipes hosted at the ISPs themselves where they can filter large volumes of data on everyone, instead of just a single suspect or case.
“FISA [Foreign Information Surveillance Act] did not allow government to go to the courts and say ‘Give me the keys to the kingdom.' But that's what they're doing,” he said.
When FISA passed in 1978, its intent was to sort through only overseas calls, and even then with a wiretap court order, added Bill Crowell, director for ArcSight. “The sooner we pass a law that modernizes FISA and balances privacy considerations in the Protect America Act, the better,” he said.
Bush's Protect America Act of 2007 essentially does away with the judicial requirement for obtaining wiretaps required in previous wiretapping laws. And while that enables speedy processing in criminal cases, all panelists felt that the laws should include a way to bring the judicial back into the process without overly inhibiting investigations.
“What we need is supervised flexibility in which all three branches of government, including the judicial branch, are involved going forward,” said Jim Dempsey, policy director, Center for Democracy and Technology.
Crowell added that such a system should then be followed up with technologies. This would include filtering and other technologies that can be used to protect citizen data from view and make search more localized and specific.