WASHINGTON — Google, Twitter and even Silicon Valley startups are confronting calls by law enforcement following the Boston Marathon bombings to make their products more easily used for surveillance.
Police and federal agencies made record levels of requests for data from companies including Google and Twitter in months before the bombing, seeing increasing value in smartphone data, emails and online chats to help find and prevent terrorist plots and crime.
The International Association of Police Chiefs wants Congress to update a federal law to compel more companies providing communications services to build intercept tools that allow them to conduct surveillance with court orders.
"We just don't have the technology to keep up with what's going on," Peter Modafferi, chairman of the association's investigative operations committee, said in a phone interview. "It's not just Verizon and phone companies like that, there's Twitter and all kinds of methods for people to communicate."
Location-tracking data from an Apple iPhone and images from smartphone cameras helped track down the two suspects in the April 15 attack, brothers Dzhokhar and Tamerlan Tsarnaev. Investigators told lawmakers the brothers were schooled online in radical Islam and terrorist bomb-making, Rep. C.A. "Dutch" Ruppersberger, D-Md., the top Democrat on the House Intelligence Committee, said April 24 after a closed briefing.
Privacy advocates and Internet companies oppose the request, saying building so-called back doors into devices and platforms could cost them customers and expose them to liability, open them up to cyber-attacks and would be burdensome to reconfigure products that anonymize user data.
President Barack Obama said April 30 his administration is examining government actions before and after the bombings in an effort to determine if new procedures are needed to detect other attacks.
The administration is discussing legislative options to update the Communications Assistance for Law Enforcement Act, or CALEA, and no decisions have been made yet, said a law- enforcement official who wasn't authorized to speak about the talks.
Rep. Peter King, R-N.Y., said steps are needed to build the intelligence and surveillance capabilities of local police departments around the country. "We have to be aggressive and not worry about political correctness," King said in a phone interview.
Sen. Ron Wyden, D-Ore., and Rep. Jason Chaffetz, R-Utah, introduced bills in March requiring law enforcement to obtain warrants before acquiring geo-location data of citizens, whether through a smartphone or GPS-enabled device.
Requiring companies to build surveillance capabilities into their products could cost startups hundreds of millions of dollars and damage their reputations with customers who believe they are sharing data with government, said Josh Mendelsohn, managing director at Hattery, a venture capital firm with offices in San Francisco and New York.
"Anytime you try to introduce a back door into something you create a huge vulnerability," Mike Janke, chief executive officer of Silent Circle Inc., said in a phone interview. The Washington-based startup encrypts communications services.
It may be impossible for some companies to comply with surveillance requests because they use aggregated, anonymous data, Mendelsohn said in an interview. "We don't want to be forced to have to dismantle or change our business models due to new legislation or non-judicial requests," he said.
Law enforcement requests from in the U.S. for data from some social media companies is at an all-time high. Google's online transparency report shows that, along with the company's video-hosting website YouTube, it received 8,438 data requests from U.S. agencies between July and December last year — the most in any six-month period ever.
Twitter received 815 requests in the United States between July and December 2012, up from 679 requests between January and June 2012, according to an online company report. The latter figure represents the most requests the company has ever received, said Jim Prosser, company spokesman.
Microsoft received 11,073 requests in the U.S. in 2012, while its Skype unit received 1,154 requests, according to the company's first online report. Microsoft and other companies reject some requests. Microsoft provided law enforcement customer data, such as words in an e-mail, in response to 13.9 percent of valid court orders or warrants. Skype didn't provide data at all.
Facebook doesn't publicize data about law enforcement requests, Fred Wolens, a company spokesman, said in an email. Apple declined to provide statistics, Steve Dowling, company spokesman, said.
The FBI opened a new center in February for training law enforcement officials on electronic intercept tactics and to "reach out to the communications industry with one voice," FBI Director Robert Mueller said in prepared testimony for a March 19 congressional hearing.
Modafferi, of the police chiefs group, said law enforcement should be able to get tracking data from smartphones without first having to obtain a warrant. "We're not talking about snooping but if we have reasonable suspicion to believe that somebody's involved in criminal activity, we need to look at that," he said
Law enforcement agencies have options when a company doesn't comply with court-ordered wiretaps, said Paul Tiao, who recently left the FBI after serving as senior counselor for cybersecurity and technology. Those include bringing a contempt action, which could be time-consuming, obtaining data from another electronic or human source, or dropping the investigation, said Tiao, now a partner at the law firm of Hunton & Williams in Washington, in an interview.
"The challenge is how to develop a system that enables the FBI and law enforcement agencies to protect the country without undermining the competitiveness and innovation of Internet entrepreneurs," Tiao said.
The Internet Association, which represents Facebook, Microsoft and Amazon.com Inc., opposes the efforts to broaden law enforcement powers. A wiretap mandate for Internet products and services is "dead on arrival," the association's president, Michael Beckerman, said in an April 29 statement.
"The reality is we will never have perfect enforcement," Ben Wizner, a lawyer with the American Civil Liberties Union, said in an interview. "Our laws need to reflect a balance between values of privacy and security."