Congress must pass a new wiretap law that requires social media websites and operators of other Internet communication tools to share customers' communications with law enforcement agencies the same way that telecom carriers do, Michael Steinbach, assistant director of the FBI's Counterterrorism Division, said Wednesday.
Congress should use the existing telecom wiretap law Communications Assistance for Law Enforcement Act (CALEA) as a model for new rules focused on Internet-based communications, Steinbach told the U.S. House of Representatives' Homeland Security Committee. His comments build upon the FBI's call in recent months to expand CALEA to Internet communications tools. Agency Director James Comey first called for a CALEA rewrite to cover encrypted mobile phone data last October.
CALEA requires telecom carriers and equipment vendors to build wiretap capabilities into their products or networks, and critics have accused the FBI of wanting Congress to mandate encryption backdoors in technology products. But the FBI isn't asking for backdoors, Steinbach said.
"We're not talking about large-scale surveillance techniques," he said. "We're not looking at going through a backdoor or being nefarious; we're talking about going to the company and asking for their assistance."
Instead, the FBI wants access to stored or ongoing Internet communications after it shows evidence of criminal or terrorist activity and gets a court order, he said. The FBI needs help from Congress and from communications providers to make that happen, Steinbach said.
"We understand privacy," he said. "Privacy above all other things, including safety and freedom from terrorism, is not where we want to go."
Homeland Security Committee Chairman Michael McCaul, a Texas Republican, called on the committee to look into Steinbach's requests. The so-called Dark Web of hidden websites and encrypted communications is a "tremendous threat to the homeland," he said.
One of the two men who died in a thwarted attack on the site of a Muhammad cartoon-drawing contest in early May had heeded a call to attack the meeting from terrorist groups and posted hints about the attack on Twitter, McCaul said.
"This attack exemplifies a new era in which terrorism has gone viral," McCaul said. "Social media networks have become an extension of the Islamist terror battlefield overseas, turning homegrown extremists into sleeper operatives and attackers. We are no longer hunting terrorists who live in caves and only communicate through couriers."
Terrorists are increasingly using social network tools to recruit converts, but much of the recruiting is done in the open, three government witnesses told the committee.
The Islamic State of Iraq and the Levant (ISIL) is running professional-looking marketing campaigns on YouTube, Facebook, Twitter and other sites to recruit new fighters, not only to the Middle East, but also to engage in terrorist attacks in the U.S. and other Western nations, said John Mulligan, deputy director of the U.S. National Counterterrorism Center.
Since the beginning of this year, ISIL has published more than 1,700 messages online, including videos and online magazines, he said. Some social media providers take quick action to shut down ISIL recruiters, but others do not, he added.
"There is still much work to be done to encourage greater vigilance and broader sense of corporate responsibility to address this threat to public safety," Mulligan said.
Neither Mulligan nor Steinbach named the companies they were most concerned about, although McCaul mentioned anonymous messaging apps Kik and Whatsapp as well as "data-destroying" apps Surespot and Wickr.
Most lawmakers didn't question Steinbach's call for a rewrite of CALEA, although Representative Will Hurd, a Texas Republican and former CIA officer, said the proposed changes would have implications for privacy.
"I'm a little bit nervous when we start talking about CALEA expansion," Hurd said.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is firstname.lastname@example.org.