Randy Cadenhead, the privacy counsel for Cox Communications, which offers VOIP phone service and internet access, says the FBI has no independent access to his company's switches.
"Nothing ever gets connected or disconnected until I say so, based upon a court order in our hands," Cadenhead says. "We run the interception process off of my desk, and we track them coming in. We give instructions to relevant field people who allow for interconnection and to make verbal connections with technical representatives at the FBI."
The nation's largest cell-phone providers -- whose customers are targeted in the majority of wiretaps -- were less forthcoming. AT&T politely declined to comment, while Sprint, T-Mobile and Verizon simply ignored requests for comment.
Agent DiClemente, however, seconded Cadenhead's description.
"The carriers have complete control. That's consistent with CALEA," DiClemente said. "The carriers have legal teams to read the order, and they have procedures in place to review the court orders, and they also verify the information and that the target is one of their subscribers."
Despite its ease of use, the new technology is proving more expensive than a traditional wiretap. Telecoms charge the government an average of $2,200 for a 30-day CALEA wiretap, while a traditional intercept costs only $250, according to the Justice Department inspector general. A federal wiretap order in 2006 cost taxpayers $67,000 on average, according to the most recent U.S. Court wiretap report.
What's more, under CALEA, the government had to pay to make pre-1995 phone switches wiretap-friendly. The FBI has spent almost $500 million on that effort, but many traditional wire-line switches still aren't compliant.
Processing all the phone calls sucked in by DCSNet is also costly. At the backend of the data collection, the conversations and phone numbers are transferred to the FBI's Electronic Surveillance Data Management System, an Oracle SQL database that's seen a 62 percent growth in wiretap volume over the last three years -- and more than 3,000 percent growth in digital files like e-mail. Through 2007, the FBI has spent $39 million on the system, which indexes and analyzes data for agents, translators and intelligence analysts.
To security experts, though, the biggest concern over DCSNet isn't the cost: It's the possibility that push-button wiretapping opens new security holes in the telecommunications network.
More than 100 government officials in Greece learned in 2005 that their cell phones had been bugged, after an unknown hacker exploited CALEA-like functionality in wireless-carrier Vodafone's network. The infiltrator used the switches' wiretap-management software to send copies of officials' phone calls and text messages to other phones, while simultaneously hiding the taps from auditing software.
The FBI's DiClemente says DCSNet has never suffered a similar breach, so far as he knows.
"I know of no issue of compromise, internal or external," DiClemente says. He says the system's security is more than adequate, in part because the wiretaps still "require the assistance of a provider." The FBI also uses physical-security measures to control access to DCSNet end points, and has erected firewalls and other measures to render them "sufficiently isolated," according to DiClemente.
But the documents show that an internal 2003 audit uncovered numerous security vulnerabilities in DCSNet -- many of which mirror problems unearthed in the bureau's Carnivore application years earlier.
In particular, the DCS-3000 machines lacked adequate logging, had insufficient password management, were missing antivirus software, allowed unlimited numbers of incorrect passwords without locking the machine, and used shared logins rather than individual accounts.
The system also required that DCS-3000's user accounts have administrative privileges in Windows, which would allow a hacker who got into the machine to gain complete control.
Columbia's Bellovin says the flaws are appalling and show that the FBI fails to appreciate the risk from insiders.
"The underlying problem isn't so much the weaknesses here, as the FBI attitude towards security," he says. The FBI assumes "the threat is from the outside, not the inside," he adds, and it believes that "to the extent that inside threats exist, they can be controlled by process rather than technology."
Bellovin says any wiretap system faces a slew of risks, such as surveillance targets discovering a tap, or an outsider or corrupt insider setting up unauthorized taps. Moreover, the architectural changes to accommodate easy surveillance on phone switches and the internet can introduce new security and privacy holes.
"Any time something is tappable there is a risk," Bellovin says. "I'm not saying, 'Don't do wiretaps,' but when you start designing a system to be wiretappable, you start to create a new vulnerability. A wiretap is, by definition, a vulnerability from the point of the third party. The question is, can you control it?"