The Broadcast Flag and CALEA
In their November 2004 comments [warning — enormous pdf] in the CALEA proceeding now pending before the FCC, law enforcement has made clear that they want everyone to ask permission before launching.
This is a big deal.
All IP-enabled services that might be covered by CALEA and that don't want to go through some post-launch “deficiency” proceeding with the FBI (ark! our service has been enjoined!) will go through pre-deployment review for “compliance” with unstated requirements.
That's right — the DOJ doesn't know exactly what information it will require, or what form it will need to be in, or who should do what to get it. All of that will be worked out behind closed doors, with people who are anxious to launch.
That means prior approval of internet services by DOJ. If you don't go through such a process, DOJ will penalize you. In DOJ's view, any service provider must submit their proposed new application to FCC and FBI review “well before deployment of the service in question”; and “DOJ would certainly consider a service provider's failure to request such guidance in any enforcement action.” (all of this is on p.38 of the huge pdf).
Now, everyone is already required to help law enforcement execute wiretap requests. That's built into the federal criminal code. And there is no evidence that DOJ is having trouble getting these requests carried out. Zip. This is a back-door design mandate — negotiated design mandate — that DOJ could never get through Congress. (I hope.)
This is like the “interim process” set up by the FCC in the flag context. There, as here, FCC set a broad framework, saying it wanted to protect DTV. (Here, FCC will say it wants to protect us against terrorists. Piracy/terrorism — one big group of Bad Guys.) There, as likely will happen here, FCC threw up its hands when confronted with the hard details — what exactly do you want us to do? — and gave over control to another actor.
In the flag world, that other actor was and is the MPAA, which persuaded several content protection technology developers to give up on allowing content to traverse the public internet — even though the line maintained by the MPAA was very different than the standard set by the FCC (which talked about indiscriminate online distribution).
All of this dampening effect on innovation is incremental. So our machines are a little broken. So our online services have been designed with law enforcement in mind. All of this happens in a negotiated, soft way, with no real public scrutiny. Why should we care?
We should care because both of these steps, now being echoed around the world, will have (if successful) deep effects on the openness of online life. Both of these are initial, baby steps that may lead to much more serious incursions.