Trump's Eavesdropping Allegations: How Do Wiretaps Work?
President Donald Trump recently accused his predecessor, Barack Obama, of wiretapping the current president's phones during the U.S. election. Though the claims are unsubstantiated, they have raised questions about how such technology really works.
Some people may think wiretapping involves breaking into someone's house or office, clipping wires to a phone line, and listening in on conversations between Mafia dons or spying on foreign agents. But in the 21st century, eavesdropping on phone calls might not even involve a phone.
This is because current wiretapping techniques involve data; most phone calls, even cell phones, now go over the internet at some point, said David Holtzman, author of the book "Privacy Lost: How Technology Is Endangering Your Privacy" (Jossey-Bass, 2006). Holtzman is a former intelligence officer himself; in the 1980s, he was a code breaker in the U.S. Navy. He has also worked as a scientist at IBM, developing cryptography products. [6 Incredible Spy Technologies That Are Real]
Modes of communication
There are three communication lines that the government could tap: landline phones, cellphones and internet communication (email, Skype and internet-based phones, for instance), he told Live Science. Tapping a landline phone would require a legal warrant explicitly outlining who is being listened to, how long the surveillance will last and the probable cause that law enforcement has for using a wiretap. Before the evolution of more sophisticated technologies, this type of wiretap involved someone opening a panel and clipping actual wires to the phone line.
Cellphones are a different story. Holtzman said a number of tools can be installed on a phone to allow a third party to listen in on communications before they are encrypted.
Earlier this week, WikiLeaks released documents from the CIA that reportedly reveal technical tools at the agency's disposal for hacking into various devices. The leaked documents suggest it's possible to install software on a smartphone, even remotely, that can record data from the device. It's even easier if someone gets access to the phone, but malware can be downloaded to a mobile device that surreptitiously turns on the cameras and microphones, or simply transmits personal data. It's even easier to do this to a computer because the tools have been "in the wild" for some years, according to experts.
The electronics manufacturer Samsung came under fire in 2015 when several outlets reported that the company's televisions were sending owners' voices over the internet to improve voice-recognition software's ability to react to customers. And the proliferation of internet-connected "smart" devices makes this problem more acute, Holtzman said.
Sign up for the Live Science daily newsletter now
Get the world’s most fascinating discoveries delivered straight to your inbox.
The law regarding such surveillance is much less clear-cut than it is for landline phones, he added. "It's not exactly clear what legal protection [there] is" against surveillance, Holtzman said.
Online metadata
Online communication has the least amount of legal protections, noted Rashida Richardson, legislative counsel of the New York Civil Liberties Union.
To monitor data that comes out of, say, Trump Tower (as Trump's allegations suggest has happened), the FBI or National Security Agency (NSA) could obtain a warrant under the Foreign Intelligence Surveillance Act. The Foreign Intelligence Service Court, which makes decisions on these cases in secret, would approve the request if the FBI or NSA showed there was some probable cause that a crime was being committed.
The NSA, for example, could submit to the court a list of organizations it wanted to monitor. If the request was approved, the NSA would be allowed to conduct surveillance for 15 days; after that period, the request would have to be renewed.
But rather than trying to monitor specific communications, it could be simpler to just sweep up data from an internet service provider. In 2013, it was revealed that the NSA used a program known as PRISM to gain access, from several internet service providers, to private communications. Whistleblower Edward Snowden leaked details of the PRISM program, which showed a large amount of cooperation between private companies and the NSA. [The 8 Craziest Intelligence Leaks in US History]
The NSA's engagement in this type of activity has since been curtailed, after a federal appeals court ruled in 2015 that the agency's massive data collection was illegal. It's possible, though extremely unlikely, that Trump's data, or that of someone he knows, could get swept up in a wide-ranging search similar to what occurred within the PRISM program.
If this was the case, the NSA would ask a provider — a company like Verizon, for example — to provide "metadata," which is information about the calls, emails and other messages that go out on a fiber optic cable. (For example, the data in a cellphone call consists of your conversation, while the metadata includes information such as the number you called, and the time and duration of the call.) Richardson noted that a law enforcement agency only needs to subpoena the service provider. Under the Stored Communications Act, written in 1986, not even a search warrant is required.
In the case of the NSA, in principle, the agency can monitor data or calls only when they involve foreign actors. Holtzman said that when he worked for the NSA in the 1980s, any information involving a person in the U.S. was automatically deleted. That's less true now, he said. He added that the NSA can also listen to phone calls and pick out certain keywords.
"That capability was in place decades ago," Holtzman said. "I'd be shocked if they weren't doing it now."
Holtzman added that the technical capabilities as well as the legal restraints (or lack thereof) of intelligence and security agencies raise several important questions about how surveillance gets done and what it means for privacy. For example, the NSA's keyword search is passed to a human being for evaluation, to prevent flagging something harmless as being dangerous. But that might one day be automated, he said, and biases can be built into artificial intelligence that even the programmers aren't aware of.
Original article on Live Science.