The NSA's crown jewel is being built in Utah: a $2 billion data center.
Additional intersection points have arisen as well that could be cause for concern. The development of the next-generation 9-1-1 (NG9-1-1) system includes provisions for the government to shut down
communications and utilities; burgeoning smart grid initiatives making the proxy control of these facilities even easier. But the single biggest factor that has altered the data collection and
privacy landscape is the U.S. Government's response to the September 11 attacks. In the interest of national security and the prevention of future attacks, executive orders have been issued by the
last and current presidents that authorize warrant-less electronic data collection. With the stroke of a pen, the Patriot Act authorized the National Security Administration (NSA) to monitor,
without search warrants, phone calls, internet activity, text messaging, and all other communications.
This surveillance, however, wouldn't be possible without an infrastructure to support it and the participation of communications service providers (CSPs). This groundwork was laid back in 1994
when then-President Bill Clinton signed the Communications Assistance for Law Enforcement Act (CALEA) act into law. The language of CALEA outlines its intent:
βTo amend title 18, United States Code, to make clear a telecommunications carrier's duty to cooperate in the interception of communications for Law Enforcement purposes, and for other purposes.β
CALEA sets forth mandates that require CSPs and their vendor partners to design their infrastructure with federal monitoring in mind, and permits the surveillance of telephone, broadband
internet, and VoIP traffic. This means if a warrant is issued, CSPs must be able to provide investigators with a variety of customer records. There are several solutions that CSPs turn to for CALEA
compliance. There are on-premise hardware solutions like forensics appliances from Solera Networks and Cisco, application-based solutions like NetSentry, and trusted third party solutions like Com
Net. There is even an open source project
designed to help smaller ISPs meet CALEA compliance without incurring large costs.
What about Skype, Facebook Chat, or WhatsApp? As it's currently worded, CALEA doesn't apply to over-the-top (OTT) communications service, and there hasn't been a formal proposal made to
Congress to include such data collection. Nevertheless,"the Department of Justice is complaining that they are going dark, and losing the ability to intercept communication," says Mark Rumold,
Legal Fellow with the Electronic Frontier Foundation (EFF). "The Administration is pushing to expand CALEA; what they would have to do is build a backdoor in the code. When you build a backdoor for
the FBI, it's not just for the FBI, it's for everybody. Laws that mandate a backdoor threaten everyone's security."