This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Risking Communications Security: Potential Hazards of the Protect America Act
January/February 2008 (vol. 6 no. 1)
pp. 24-33
Steven M. Bellovin, Columbia University
Matt Blaze, University of Pennsylvania
Whitfield Diffie, Sun Microsystems
Susan Landau, Sun Microsystems
Peter G. Neumann, SRI International
Jennifer Rexford, Princeton University
A new US law allows warrantless wiretapping whenever one end of the communication is believed to be outside national borders. This creates serious security risks: danger of exploitation of the system by unauthorized users, danger of criminal misuse by trusted insiders, and danger of misuse by government agents.

1. V. Prevelakis and D. Spinellis, "The Athens Affair," IEEE Spectrum, July 2007, pp. 18–25.
2. P. Kiefer, "Phone Taps in Italy Spur Rush toward Encryption," New York Times,29 Apr. 2007; www.nytimes.com/2007/04/29/technology29cnd-encrypt.html?ex=1335499200&en=aa06d98a600afc6f&ei=5088&partner=rssnyt&emc=rss .
3. W. Diffie and S. Landau, Privacy on the Line: The Politics of Wiretapping and Encryption, updated and expanded edition, MIT Press, 2007.
4. US Code, Title 50, section 1801(i), 1978.
5. US Code, Title 50, section 1801(f), 1978.
6. Protect America Act, section 105(a) 2007.
7. United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 Jan. 2006.
8. Exhibit A in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006.
9. M. Klein affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006.
10. J.S. Marcus affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006.
11. J.S. Marcus affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006, p. 15.
12. J.S. Marcus affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006, pp. 12–14.
13. M. Klein affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006, p. 7.
14. J.S. Marcus affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006, p. 24.
15. J.S. Marcus affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006, pp. 24–25.
16. C. Cortes, D. Pregibon, and C. Volinsky, "Computational Methods for Dynamic Graphs," AT&T Shannon Labs, 9 Jan. 2004.
17. G. Danezis, "Introducing Traffic Analysis: Attacks, Defences and Public Policy Issues" http://research.microsoft.com/users/gdane/ papersTAIntro.pdf.
18. F. Schneider (ed.), Trust in Cyberspace, Computer Science and Telecommunications Board, National Research Council, 1999, p. 36.
19. R. Clayton, Anonymity and Traceability in Cyberspace, Univ. of Cambridge Computer Lab, tech. report 653, Nov. 2005.
20. S. Bellovin et al., "Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice-over IP," 2006; www.itaa.org/news/docsCALEAVOIPreport.pdf .
21. S. Landau, "National Security on the Line," J. Telecommunications and High Technology Law, vol. 4, no. 2, 2006, p. 418.
22. EFF v. Department of Justice, Civil Action No. 06-1708-CKK (D.D.C.) (filed 3 Oct. 2006); www.eff.org/issues/foia061708CKK.
23. Information Assurance Section, US Federal Bureau of Investigation, "Controlled Interface 100 (CI-100) System Security Plan (SSP) DCS-3000 to EDMS,"16 April 2007.
24. S. Landau, "National Security on the Line," J. Telecommunications and High Technology Law, vol. 4, no. 2, 2006, pp. 433–434.
1. D. Solove and M. Rotenberg, Information Privacy Law, Aspen Publishers, 2003, pp. 323–341.
2. United States Senate, Select Committee to Study Governmental Operations with Respect to Intelligence Activities (1976), Intelligence Activities and the Rights of Americans, Final Report: Book II, Report 94-755, Ninety-Fourth Congress, Second Session, 23 Apr. 1976, pp. 292–330.
3. W. Diffie and S. Landau, Privacy on the Line: The Politics of Wiretapping and Encryption, updated and expanded edition, MIT Press, 2007, pp. 280–285.
4. United States Senate, Committee of the Judiciary (1977), Legislative History P.L. 95-511 Foreign Intelligence Surveillance Act, Report 95-604, Ninety-Fifth Congress, First Session, 15 Nov. 1977, p. 34.
5. United States Foreign Intelligence Surveillance Court, Memorandum Opinion (as Corrected and Amended,) May 17, 2002, in United States Senate, Committee on the Judiciary, 2002, The USA PATRIOT Act in Practice: Shedding Light on the FISA Process, Hearing on 10 Sept. 2002, S. Hrg. 107-947, One Hundred Seventh Congress, Second Session.
6. Inspector General, US Federal Bureau of Investigation, A Review of the Federal Bureau of Investigation's Use of the National Security Letters, Mar. 2007.

Index Terms:
Protect America Act, wiretapping, surveillance, civil liberties, US wiretap law
Citation:
Steven M. Bellovin, Matt Blaze, Whitfield Diffie, Susan Landau, Peter G. Neumann, Jennifer Rexford, "Risking Communications Security: Potential Hazards of the Protect America Act," IEEE Security & Privacy, vol. 6, no. 1, pp. 24-33, Jan.-Feb. 2008, doi:10.1109/MSP.2008.17
Usage of this product signifies your acceptance of the Terms of Use.