Back in 1994, spurred on by the FBI, Congress passed a little-publicized
act known as CALEA (Communications Assistance for Law Enforcement Act),
and the FCC was given broad authority to oversee it. In a nutshell, CALEA
gives law enforcement agencies widespread access to a variety of
communications media. Using their discretion, law enforcement agencies can
lawfully eavesdrop on traditional telephone conversations, fax
transmissions, and wireless calls, and the FCC ensures that communications
providers stay compliant with the standards to facilitate such
wiretappings. While there have been some obstacles and some opposition,
many providers have been able to retrofit their systems in order to comply
with the mandates. Also, Congress allocated a pool of funds to assist
providers with their plans to deploy such systems and processes. The
success rate of CALEA is unclear (and it should be assumed that Federal
agencies will not disclose any particulars about their wiretap
activities). However, given the real threats that the nation is faced with
in these turbulent times, there can be no dispute that measures such as
eavesdropping on telephone calls have become a part of life. It is
perhaps ironic that around the same time that CALEA was being debated in
Congress, Netscape had released its debut version of the popular navigator
browser. By some accounts Netscape was instrumental in promulgating the
World Wide Web and, by extension, the Internet and the subsequent
explosion of Internet-related technologies such as Internet telephony. In
its infancy Internet telephony was more or less a novelty, mainly a toy in
the hands of geeks and nerds. But fast forward nine years from CALEA�s
passage in Congress, and Internet telephony has become a force to be
reckoned with, thanks in no small part to the vast improvements made to
the technologies to make it palatable to business and the explosion of
broadband at home. Today there�s little doubt that the shape of voice
traffic as a whole will be radically different in a not too distant future
than what it has been for a century. Instead of analog signals traveling
between voice switches, voice is increasingly being carried as packetized
fragments across routers, and as IPv6 and Internet2 continue to
revolutionize (evolutionize?) the Internet, voice traffic will
inevitably fuse with the data world for good.
Here�s where CALEA gets complicated. Can the fed legally wiretap VoIP
conversations? And if so, how? Once again the FBI has taken the initiative
and has challenged the FCC to come up with a plan to facilitate VoIP
eavesdropping. In essence (and this is not confirmed but generally
believed), the FBI wants to extend CALEA to cover ISPs as well as VoIP
service providers. The FCC is certainly the right institution for this
task as it has jurisdiction over broadband data lines, but roadblocks
abound. The Internet is inherently somewhat of a rebel, a patchwork of
open and dissociated servers and networks run by millions of people with
little barrier to entry for the newcomers. It is almost the exact opposite
of what defines a traditional telephone company and coaxing the Internet
to submission to allow effective VoIP wiretapping does come with
formidable challenges.
Legal Issues
An Internet telephony wiretap (especially one that requires monitoring at
the ISP level) would be met with the outcries of privacy violations. The
ACLU will certainly be the forerunner of such opposition. If ISPs are
mandated to install tools and systems to eavesdrop on unsuspecting users,
there can be little in the form of guarantees that such capabilities will
not be abused. The snooping could well go beyond legally wiretapping
reasonably suspicious VoIP conversations, and it could include e-mail, Web
browsing habits, and other activities that are generally considered
private.
Technological Issues
The wiretapping of VoIP also comes with a multitude of technology
challenges. Here�s a sample of some of these issues:
� Some VoIP providers don�t actually route calls between callers. They
only act as brokers for people to locate and connect to each other. After
the initial connection, the call is directly established between the
caller and the called party without further involvement of the provider.
� Based on the above scenario, the best place to capture the VoIP packets
would be at the caller�s and the called party�s respective ISP locations.
Equipment and resources required for such task would need to have enough
horsepower to scan all traffic, recognize and reroute the voice portion,
and store them in a separate area together with other evidence such as
logs, and related documents. Moreover, they would need the flexibility to
adapt to new technologies and the ever-increasing bandwidth utilization.
� VoIP calls still follow varying standards. That means that the industry
as a whole would need to come together and agree on one set of standards
to provide streamlined access to the law enforcement agencies. Even then,
new products (perhaps crafted in other countries) could become popular
curtailing the efforts of standardization. Just take a look at how many
peer-to-peer products came on the scene after Napster, and none of them
interoperate.
� Internet telephony is still a maturing technology with plenty of gray
areas. For example, how would one legally categorize voice file
attachments in e-mail? Are they e-mail? Are they files? Are they voice?
Could they be subject to wiretapping as well?
� Today many VoIP calls travel the Internet un-encrypted. Encryption would
add another layer of complexity to VoIP and would necessitate more
powerful processors to handle encryption and decryption and still maintain
an acceptable, real-time voice quality. But as VoIP equipment gets more
powerful, encryption technologies get more sophisticated, and people
demand more privacy, VoIP calls will become scrambled and difficult, if
not impossible, to decode.
It is interesting to note that the FBI can already legally conduct
Internet surveillance using its DCS 1000 system (a.k.a. Carnivore). But
apparently in an effort to ease its own challenges with DCS 1000, it wants
the ISPs to do their part in helping it eavesdrop on VoIP conversations.
What do you think? Should the FBI enhance its DCS 1000 system to achieve
better Internet telephony surveillance, or should it require the ISP�s to
do the job for it? Drop me a line
and let me know.
Robert Vahid Hashemian provides us with a healthy dose of reality
every other month in his Reality Check column. Robert is Webmaster for
TMCnet.com -- your online resource for CTI, Internet telephony, and call
center solutions. He is also the author of the recently published
Financial Markets For The Rest Of Us.
[ Return
To The November 2003 Table Of Contents ]
|