Internet surveillance for national-security purposes is largely regulated by two legal authorities. The Foreign Intelligence Surveillance Act (FISA) largely regulates surveillance on US territory, while Executive Order (EO) 12333 largely regulates surveillance abroad. Surveillance programs conducted under FISA are subject to legal restrictions imposed by Congress and the courts, while surveillance programs under EO 12333 are conducted solely under the authority of the President.
The talk considers that possibility that the legal protections built into in FISA can be circumvented by exploiting the Internet’s routing protocols. Specifically, we consider the possibility that routing hijacks can be used to deliberately divert American traffic abroad, where it can be collected under EO 12333. We analyze the lawfulness of using routing hijacks to circumvent FISA, and discuss how several newly-developed secure routing protocols might (or might not) prevent these hijacks. We conclude with a policy recommendation: Congress should expand FISA to cover the surveillance of any and all Internet traffic collected abroad.
Sharon Goldberg is an associate professor in the computer science department at Boston University. Her research focuses on the security of Internet protocols. She received her Ph.D. from Princeton University in 2009 and her B.A.Sc. from the University of Toronto in 2003. She has worked as a researcher at IBM, Cisco, and Microsoft, as an engineer at Bell Canada and Hydro One Networks, has served on working groups of the Federal Communications Commission (FCC), and is an active participant in the standardization activities of the Internet Engineering Task Force (IETF).
She is the recipient of two IETF/IRTF Applied Networking Research Prizes, an NSF CAREER Award, and a Sloan Research Fellowship.