Risking Communications Security: Potential Hazards of the Protect America Act

Steven M. Bellovin; Susan Landau; Peter G. Neumann; Matt Blaze; Whitfield Diffie; Jennifer Rexford

doi:10.1109/MSP.2008.17

Security&Privacy
2008
Issue No. 1 - January/February
Abstract - Risking Communications Security: Potential Hazards of the Protect America Act

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Steven M. Bellovin Articles by Matt Blaze Articles by Whitfield Diffie Articles by Susan Landau Articles by Peter G. Neumann Articles by Jennifer Rexford

Risking Communications Security: Potential Hazards of the Protect America Act

January/February 2008 (vol. 6 no. 1)

pp. 24-33

	ASCII Text	x
	Steven M. Bellovin, Matt Blaze, Whitfield Diffie, Susan Landau, Peter G. Neumann, Jennifer Rexford, "Risking Communications Security: Potential Hazards of the Protect America Act," IEEE Security & Privacy, vol. 6, no. 1, pp. 24-33, January/February, 2008.

	BibTex	x
	@article{ 10.1109/MSP.2008.17, author = {Steven M. Bellovin and Matt Blaze and Whitfield Diffie and Susan Landau and Peter G. Neumann and Jennifer Rexford}, title = {Risking Communications Security: Potential Hazards of the Protect America Act}, journal ={IEEE Security & Privacy}, volume = {6}, number = {1}, issn = {1540-7993}, year = {2008}, pages = {24-33}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2008.17}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security & Privacy TI - Risking Communications Security: Potential Hazards of the Protect America Act IS - 1 SN - 1540-7993 SP24 EP33 EPD - 24-33 A1 - Steven M. Bellovin, A1 - Matt Blaze, A1 - Whitfield Diffie, A1 - Susan Landau, A1 - Peter G. Neumann, A1 - Jennifer Rexford, PY - 2008 KW - Protect America Act KW - wiretapping KW - surveillance KW - civil liberties KW - US wiretap law VL - 6 JA - IEEE Security & Privacy ER -

Steven M. Bellovin, Columbia University

Matt Blaze, University of Pennsylvania

Whitfield Diffie, Sun Microsystems

Susan Landau, Sun Microsystems

Peter G. Neumann, SRI International

Jennifer Rexford, Princeton University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2008.17

A new US law allows warrantless wiretapping whenever one end of the communication is believed to be outside national borders. This creates serious security risks: danger of exploitation of the system by unauthorized users, danger of criminal misuse by trusted insiders, and danger of misuse by government agents.

1. V. Prevelakis and D. Spinellis, "The Athens Affair," IEEE Spectrum, July 2007, pp. 18–25.
2. P. Kiefer, "Phone Taps in Italy Spur Rush toward Encryption," New York Times,29 Apr. 2007; www.nytimes.com/2007/04/29/technology29cnd-encrypt.html?ex=1335499200&en=aa06d98a600afc6f&ei=5088&partner=rssnyt&emc=rss .
3. W. Diffie and S. Landau, Privacy on the Line: The Politics of Wiretapping and Encryption, updated and expanded edition, MIT Press, 2007.
4. US Code, Title 50, section 1801(i), 1978.
5. US Code, Title 50, section 1801(f), 1978.
6. Protect America Act, section 105(a) 2007.
7. United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 Jan. 2006.
8. Exhibit A in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006.
9. M. Klein affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006.
10. J.S. Marcus affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006.
11. J.S. Marcus affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006, p. 15.
12. J.S. Marcus affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006, pp. 12–14.
13. M. Klein affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006, p. 7.
14. J.S. Marcus affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006, p. 24.
15. J.S. Marcus affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006, pp. 24–25.
16. C. Cortes, D. Pregibon, and C. Volinsky, "Computational Methods for Dynamic Graphs," AT&T Shannon Labs, 9 Jan. 2004.
17. G. Danezis, "Introducing Traffic Analysis: Attacks, Defences and Public Policy Issues" http://research.microsoft.com/users/gdane/ papersTAIntro.pdf.
18. F. Schneider (ed.), Trust in Cyberspace, Computer Science and Telecommunications Board, National Research Council, 1999, p. 36.
19. R. Clayton, Anonymity and Traceability in Cyberspace, Univ. of Cambridge Computer Lab, tech. report 653, Nov. 2005.
20. S. Bellovin et al., "Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice-over IP," 2006; www.itaa.org/news/docsCALEAVOIPreport.pdf .
21. S. Landau, "National Security on the Line," J. Telecommunications and High Technology Law, vol. 4, no. 2, 2006, p. 418.
22. EFF v. Department of Justice, Civil Action No. 06-1708-CKK (D.D.C.) (filed 3 Oct. 2006); www.eff.org/issues/foia061708CKK.
23. Information Assurance Section, US Federal Bureau of Investigation, "Controlled Interface 100 (CI-100) System Security Plan (SSP) DCS-3000 to EDMS,"16 April 2007.
24. S. Landau, "National Security on the Line," J. Telecommunications and High Technology Law, vol. 4, no. 2, 2006, pp. 433–434.
1. D. Solove and M. Rotenberg, Information Privacy Law, Aspen Publishers, 2003, pp. 323–341.
2. United States Senate, Select Committee to Study Governmental Operations with Respect to Intelligence Activities (1976), Intelligence Activities and the Rights of Americans, Final Report: Book II, Report 94-755, Ninety-Fourth Congress, Second Session, 23 Apr. 1976, pp. 292–330.
3. W. Diffie and S. Landau, Privacy on the Line: The Politics of Wiretapping and Encryption, updated and expanded edition, MIT Press, 2007, pp. 280–285.
4. United States Senate, Committee of the Judiciary (1977), Legislative History P.L. 95-511 Foreign Intelligence Surveillance Act, Report 95-604, Ninety-Fifth Congress, First Session, 15 Nov. 1977, p. 34.
5. United States Foreign Intelligence Surveillance Court, Memorandum Opinion (as Corrected and Amended,) May 17, 2002, in United States Senate, Committee on the Judiciary, 2002, The USA PATRIOT Act in Practice: Shedding Light on the FISA Process, Hearing on 10 Sept. 2002, S. Hrg. 107-947, One Hundred Seventh Congress, Second Session.
6. Inspector General, US Federal Bureau of Investigation, A Review of the Federal Bureau of Investigation's Use of the National Security Letters, Mar. 2007.

Index Terms:

Protect America Act, wiretapping, surveillance, civil liberties, US wiretap law

Citation:

Steven M. Bellovin, Matt Blaze, Whitfield Diffie, Susan Landau, Peter G. Neumann, Jennifer Rexford, "Risking Communications Security: Potential Hazards of the Protect America Act," IEEE Security & Privacy, vol. 6, no. 1, pp. 24-33, Jan.-Feb. 2008, doi:10.1109/MSP.2008.17

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.