Last fall, the FBI claimed it was "going dark," unable to wiretap due to changes in communications technology, including peer-to-peer Voice over IP calls and encryption. The House Judiciary Committee held a hearing this spring, but in the absence of hard data, it is hard to know what law-enforcement's situation really is. Last week the Administrative Office of the U.S. Courts released its annual Wiretap Report, which lists every federal and state wiretap conducted for criminal investigations during 2010. That should reveal the state of the "Going Dark" problem.
We've learned some things. The 2010 report lists six cases of encryption encountered during wiretap investigations. The report states that in none of the cases did the encryption prevent law enforcement from obtaining a clear text of the communications. But there's also a lot we haven't learned. By law, there should be a report filed for each wiretap order used in a criminal investigation completed during 2010. Yet the Wiretap Report lists 3,104 wiretap orders completed in 2010 -- a 34 percent increase over 2009 (the Administrative Office says the increase is partially due to enhanced reporting efforts on its part) -- of which only 641 have been reported on. Fully 46 percent of federal wiretaps authorized -- 566 wiretap orders -- lack prosecutor reports. And 267 state wiretaps -- 13 percent of the total authorized state wiretaps -- also lack reports.
Wiretapping, a surreptitious and long-term form of search, is highly invasive and can be badly abused. Congress was well aware of such FBI abuses that occurred under the leadership of J. Edgar Hoover: congressional staff, Supreme Court Justices, even John Kennedy had all been wiretapped or bugged by the nation's chief law-enforcement agency. So Congress sought to control law-enforcement usage of wiretaps when passing the Omnibus Crime Control and Safe Streets Act (which establishes warrant procedures for wiretaps in criminal investigations). The history of law-enforcement abuse of wiretapping is a large part of why the legislators insisted on oversight, including the Wiretap Report.
The public can provide oversight. For example, in 1994, FBI Director Louis Freeh pressed for the Communications Assistance for Law Enforcement Act (CALEA), arguing that new communications technologies were preventing the FBI from solving many cases, including kidnapping. But by studying the number of times wiretaps were used in kidnapping cases -- an average of 2-3 times a year despite approximately 450 kidnappings annually -- Whitfield Diffie and I showed that the claims were false.
Oversight must also be done by Congress. Some is public; for example, under the leadership of Senators Leahy, Specter, and Grassley the Senate Judiciary Committee released a 2002 Foreign Intelligence Surveillance Court's criticism of misleading FBI wiretap applications in foreign-intelligence cases (these included misstatements and omissions in wiretaps applications, and unauthorized sharing of information with criminal investigators). And some oversight is presumably conducted behind closed doors.
Providing data in the Wiretap Report is not simply compliance with 40-year-old legislation. That information is what allows us to understand what's true about this highly intrusive and secretive investigative technique and what's not. Thus, for example, we now know that despite claims made last fall about the problems with encryption, encryption continues not to be a problem for wiretapping within the U.S. Matt Blaze has an excellent analysis on why that is likely to be the case. Examining the data is how we found out in the 1990s that kidnapping investigations rarely relied on wiretaps -- despite FBI Director Freeh's claims to the contrary.
By law the Wiretap Report should include data on each and every wiretap done in the U.S. for criminal investigations. This legal requirement was not put in lightly. Having detailed information on wiretaps is critical for clear decision making on surveillance law, and before any legislation for extending government wiretapping capabilities is considered, we must have the missing data. We should also know why so much of the information was not originally supplied. Only once we have the actual data can we analyze where problems might be, and begin to contemplate potential updates to U.S. wiretap law.