(6 of 8)
The FBI is policing an ever evolving Internet using static, often outdated laws. The Communications Assistance for Law Enforcement Act, which governs law enforcement's warrant process and is known as CALEA, was passed in 1994. "We're coming up next year on its 20th anniversary," says Marcus Thomas, former assistant director of the FBI's technology division, who now advises Subsentio, a firm that helps companies comply with CALEA. "It's in serious need of being updated to keep pace with the current environment."
Even leaving aside specialized tools like Tor, there are plenty of mainstream technologies that criminals can use to hide their activities: satellite phones, PIN messaging on BlackBerrys and even Apple iMessage, the instant-messaging service on iPhones and iPads. "The DEA got burned in April when it came out that we weren't able to capture iMessage on a wiretap," says Diana Summers Dolliver, a professor at the University of Alabama's department of criminal justice who previously worked at the Drug Enforcement Administration. "So of course all the bad guys went out and got iPhones and encrypted iMessage."
The FBI isn't trying to listen in on everything the way the NSA allegedly does; it's just looking to obtain legal search warrants under CALEA. But even that isn't as simple as it sounds. "First of all, even if you have an idea that they're using their computer to ill ends, you can't seize the computer for evidence," Dolliver says. "You have to have probable cause. So that's roadblock No. 1. Then, once you get ahold of their computer, it takes a lot of forensic work to figure out who the perps are." There are also many companies that have built their businesses specifically on providing their users with privacy and anonymity. Interest groups like the Center for Democracy and Technology argue that making new technologies CALEA-compliant stifles innovation and that building in back doors for law enforcement can make otherwise secure systems vulnerable to hackers.
For years the FBI has been working with other agencies on a proposal to update CALEA, which they finally submitted to the White House in April. The FBI won't comment on details, but generally speaking, the idea is not to force companies to divulge information, potentially compromising them technologically, but to increase fines on those that choose not to comply. If the arguments are reasonable, the timing is terrible: the Edward Snowden leaks began on June 5 and, almost at once, the idea of making electronic surveillance by the government easier became politically radioactive.
In 2012 the FBI established--jointly with the DEA, the ATF and the U.S. Marshals Service--the National Domestic Communications Assistance Center (NDCAC) in Quantico, Va. The center exists because--to quote from the appropriations bill that funds it--"changes in the volume and complexity of today's communications services and technologies present new and emerging challenges to law enforcement's ability to access, intercept, collect, and process wire or electronic communications to which they are lawfully authorized." In essence, the NDCAC is a tech startup with at least $54 million in funding for the 2013 fiscal year that's focused on helping law enforcement penetrate areas of the Web that are currently unsearchable.