Communications Litigation Today was a service of Warren Communications News.

Govt. Needs Wiretap Authority for In-Flight Broadband, Agencies Say

July 13, 2005 by Greg Piper and Andrew Noyes|Miscellaneous

Law enforcement agencies asked the FCC to add in- flight satellite broadband to the technologies covered by federal wiretap law, in comments filed last week with the Commission. The Dept. of Justice, FBI and Dept. of Homeland Security said the Communications Assistance for Law Enforcement Act (CALEA) “is a technology-neutral statute that applies to all ’telecommunications carriers,'” regardless of whether the platform is wireline, wireless, cable, satellite or others. The comments were in response to the Commission’s rulemaking (05-20) on creating a regulatory framework for aeronautical mobile satellite service (AMSS), which includes broadband service on aircraft.

The agencies noted the FCC had “tentatively concluded” in a separate NPRM in Aug. that facilities- based broadband services and managed VoIP services would be subject to CALEA. That would likely cover satellite broadband providers as well, they said.

CALEA offers no timeframe for “promptly” implementing an intercept order, the agencies noted. They proposed “promptly” be defined as no more than 10 minutes between the provider’s notification of an order and the provider’s real-time transmission of intercepted communications to law enforcement. “There is no room for such uncertainty in the air-to-ground context where delays of minutes and seconds could make the difference between life and death,” the comments said. They said the 3 planes hijacked on Sept. 11, 2001, crashed 12-27 minutes after the govt. learned they were hijacked. The agencies also asked the FCC to require any carriers using in-flight satellite broadband service to use only ground stations located in the U.S., not the borders of neighboring countries.

Terrorists on the ground and in the air, on different planes or different parts of the same plane’s cabin could conceivably communicate with each other through in-flight broadband, the agencies said. All providers and carriers should be required to record “at a minimum, non-content communications records” between “broadband-enabled communications devices” at central land-based storage facilities, and give law enforcement “immediate access” to the records, they said. They also want providers and carriers to identify the relative or exact location -- like seat numbers -- of passengers using the service and terminate the service without affecting communication by authorized personnel. Unlike other interception scenarios, law enforcement can’t quickly surround and penetrate aircraft in flight, the agencies said.

To prevent the use of remote-controlled improvised explosive devices (RCIEDs) through broadband-enabled devices, in the air or on the ground, carriers should require airborne users to register their location on the plane before connecting, the agencies said. Connectivity should be denied to any device in the cargo hull, they added.

Who’s Covered?

Two providers currently offer in-flight broadband service to carriers, but serve different markets. Connexion by Boeing focuses on passenger flights, but so far only serves international carriers, including Lufthansa, SAS, Japan Airlines, ANA and Singapore Airlines. “It’s just too early to say” what Connexion’s position will be on the agencies’ proposals, a spokesman told our affiliate Washington Internet Daily. The company is checking cost estimates and analyzing the implications of such a change, but Connexion questions “whether the FCC is the right avenue to implement a ruling that would have such broad implications for electronic communications.”

Transportation communications provider Arinc was granted FCC permission in April to provide the same service, but Arinc targets business jets, Senior Dir.- Satellite Services Robert Thompson said. The company has read the DoJ/FBI/DHS filing, and tentatively believes its focus would exempt it from CALEA’s surveillance provisions, he said. “We don’t know the extent we'd have to comply with a rule like that because we are not serving the flying public, per se,” Thompson said: “If you read this at face value, they're worried about passengers,” not private planes. Arinc will decide in “a week to 10 days” whether it will formally claim itself exempt from the possible surveillance rules, he said. Thompson said the satellite industry is familiar with CALEA and would comply with pertinent provisions if the FCC finds they apply to providers not serving passenger aircraft. Tech Leaders Question Law’s Extension, Not Passenger Support

Reactions to law enforcement’s request were mixed from members of the Dept. of Homeland Security’s National Infrastructure Advisory Council (NIAC), who held their 2nd meeting of the year Tues. Members echoed how critical it will be to balancing passengers’ security with civil liberties as regulators consider the issue of in-flight broadband access.

NIAC Chmn. Erle Nye said he wasn’t sure if stakeholders fully understand the technical aspects of the emerging debate, let alone the public policy implications. “It seems to me that it’s worthy of review and calling upon the people who are closest to it is a smart thing to do,” he said of the request before the FCC. He said most Americans would likely vote toward upholding pressing security concerns if presented with the challenge, especially in the days after the deadly attacks on mass transit in London: “After last Thursday, we're all probably a little more inclined to give up a little bit of our privacy.”

Symantec CEO John Thompson added: “Clearly you have to balance the needs of individuals who want to be productive as they are flying across the country or from town to town against the security exposures or threats.” He said the big question for airlines is to determine the extent to which they have a minimum requirement to implement their own Internet security measures onboard their aircraft. If those providing the broadband access were to “administer some modicum of security, it might be a better way of providing access for people yet preserving security for passengers as well,” Thompson said. He also cautioned against giving law enforcement unrestricted access to tapping passenger communication in the air without a court-ordered mandate.

Issues associated with policy and technology are “very far apart right now,” said Internet Security Systems Pres. Thomas Noonan, saying he’s unsure whether current U.S. policies on eavesdropping apply: “That kind of communication can move freely without borders so maybe the rules don’t apply if the monitoring takes place offshore.” Noonan said the Internet is an “open and easy to access environment” for “good guys” and “bad guys” alike. In light of the increased need for homeland security, there are certain rights the govt. has granted itself in recent years -- like the Patriot Act -- to protect its citizens, he said: “What’s good for the goose is good for the gander whether you're up there flying around or you're down here.” Aside from the notion of being able to remotely control explosive devices from the comfort of their aisle seat, Noonan said he couldn’t determine how much additional risk in-flight broadband access poses in the hands of terrorists. “I think we have a long way to go with this but clearly it’s an area of policy the govt. really has to look at,” he said.

Inevitable Usage for ‘Ordinary Crime Control’

Privacy advocates said the surveillance power would go far beyond terrorism and do little to discourage determined and tech-savvy terrorists. “Any terrorist worth his salt is going to be speaking in code language” to evade detection, said Jim Harper, Cato Institute dir.-information policy studies: “It’s embarrassing to see an agency imagine itself capable of stopping a terrorist with 10 minutes to go.” Center for Democracy & Technology (CDT) Counsel John Morris told Washington Internet Daily: “Encrypted communications are so trivially easy these days” that “nefarious” actors could easily foil eavesdropping technology. Spying on ordinary Internet users in flight and “ordinary crime control” will be the “natural trajectory” of the law’s extension, Harper said.

The technical requirements of the agencies’ requests are daunting, Morris said. Mandating providers and carriers to exclusively use ground stations based in the U.S., even “100 miles off the coast of Japan,” is an “extraordinarily detailed govt. mandate” and “unprecedented,” he added. That’s not to say air-to- ground communications should face no regulation, but the agencies’ “laundry list… goes far beyond the FCC’s power,” Morris said. DoJ might use a rule change as “a stepping stone” to get “far more information than they could expect to have in any other context,” Opsahl said. If the agency gets to identify Internet users by airplane seat, they could argue for similar rights in a terrestrial context, he added.

If the FCC agrees with law enforcement, the extension might be struck down in court. The FCC previously tried to apply CALEA to broadband communications through a “substantial replacement clause,” whereby any technology that replaced a “substantial portion” of the local telephone network would inherit its regulatory burden, said Kurt Opsahl, Electronic Frontier Foundation (EFF) staff attorney. But satellite broadband doesn’t replace any telecom service, so “the hook” is missing, he added. CDT has argued previously that CALEA was never meant to cover the Internet, highlighting the FBI’s earlier agreement. Congress is the proper venue for such a change: “It shouldn’t be backdoor through a rulemaking,” Opsahl said.