ITEXPO begins in:   New Coverage :  Asterisk  |  Fax Software  |  SIP Phones  |  Small Cells

Reality Check
November 2003

Robert Vahid Hashemian Packet-Tapping: The Next Surveillance Challenge


Back in 1994, spurred on by the FBI, Congress passed a little-publicized act known as CALEA (Communications Assistance for Law Enforcement Act), and the FCC was given broad authority to oversee it. In a nutshell, CALEA gives law enforcement agencies widespread access to a variety of communications media. Using their discretion, law enforcement agencies can lawfully eavesdrop on traditional telephone conversations, fax transmissions, and wireless calls, and the FCC ensures that communications providers stay compliant with the standards to facilitate such wiretappings. While there have been some obstacles and some opposition, many providers have been able to retrofit their systems in order to comply with the mandates. Also, Congress allocated a pool of funds to assist providers with their plans to deploy such systems and processes. The success rate of CALEA is unclear (and it should be assumed that Federal agencies will not disclose any particulars about their wiretap activities). However, given the real threats that the nation is faced with in these turbulent times, there can be no dispute that measures such as eavesdropping on telephone calls have become a part of life.

It is perhaps ironic that around the same time that CALEA was being debated in Congress, Netscape had released its debut version of the popular navigator browser. By some accounts Netscape was instrumental in promulgating the World Wide Web and, by extension, the Internet and the subsequent explosion of Internet-related technologies such as Internet telephony. In its infancy Internet telephony was more or less a novelty, mainly a toy in the hands of geeks and nerds. But fast forward nine years from CALEA�s passage in Congress, and Internet telephony has become a force to be reckoned with, thanks in no small part to the vast improvements made to the technologies to make it palatable to business and the explosion of broadband at home. Today there�s little doubt that the shape of voice traffic as a whole will be radically different in a not too distant future than what it has been for a century. Instead of analog signals traveling between voice switches, voice is increasingly being carried as packetized fragments across routers, and as IPv6 and Internet2 continue to revolutionize (evolutionize?) the Internet, voice traffic will inevitably fuse with the data world for good.

Here�s where CALEA gets complicated. Can the fed legally wiretap VoIP conversations? And if so, how? Once again the FBI has taken the initiative and has challenged the FCC to come up with a plan to facilitate VoIP eavesdropping. In essence (and this is not confirmed but generally believed), the FBI wants to extend CALEA to cover ISPs as well as VoIP service providers. The FCC is certainly the right institution for this task as it has jurisdiction over broadband data lines, but roadblocks abound. The Internet is inherently somewhat of a rebel, a patchwork of open and dissociated servers and networks run by millions of people with little barrier to entry for the newcomers. It is almost the exact opposite of what defines a traditional telephone company and coaxing the Internet to submission to allow effective VoIP wiretapping does come with formidable challenges.

Legal Issues
An Internet telephony wiretap (especially one that requires monitoring at the ISP level) would be met with the outcries of privacy violations. The ACLU will certainly be the forerunner of such opposition. If ISPs are mandated to install tools and systems to eavesdrop on unsuspecting users, there can be little in the form of guarantees that such capabilities will not be abused. The snooping could well go beyond legally wiretapping reasonably suspicious VoIP conversations, and it could include e-mail, Web browsing habits, and other activities that are generally considered private.

Technological Issues
The wiretapping of VoIP also comes with a multitude of technology challenges. Here�s a sample of some of these issues:

� Some VoIP providers don�t actually route calls between callers. They only act as brokers for people to locate and connect to each other. After the initial connection, the call is directly established between the caller and the called party without further involvement of the provider.

� Based on the above scenario, the best place to capture the VoIP packets would be at the caller�s and the called party�s respective ISP locations. Equipment and resources required for such task would need to have enough horsepower to scan all traffic, recognize and reroute the voice portion, and store them in a separate area together with other evidence such as logs, and related documents. Moreover, they would need the flexibility to adapt to new technologies and the ever-increasing bandwidth utilization.

� VoIP calls still follow varying standards. That means that the industry as a whole would need to come together and agree on one set of standards to provide streamlined access to the law enforcement agencies. Even then, new products (perhaps crafted in other countries) could become popular curtailing the efforts of standardization. Just take a look at how many peer-to-peer products came on the scene after Napster, and none of them interoperate.

� Internet telephony is still a maturing technology with plenty of gray areas. For example, how would one legally categorize voice file attachments in e-mail? Are they e-mail? Are they files? Are they voice? Could they be subject to wiretapping as well?

� Today many VoIP calls travel the Internet un-encrypted. Encryption would add another layer of complexity to VoIP and would necessitate more powerful processors to handle encryption and decryption and still maintain an acceptable, real-time voice quality. But as VoIP equipment gets more powerful, encryption technologies get more sophisticated, and people demand more privacy, VoIP calls will become scrambled and difficult, if not impossible, to decode.

It is interesting to note that the FBI can already legally conduct Internet surveillance using its DCS 1000 system (a.k.a. Carnivore). But apparently in an effort to ease its own challenges with DCS 1000, it wants the ISPs to do their part in helping it eavesdrop on VoIP conversations.

What do you think? Should the FBI enhance its DCS 1000 system to achieve better Internet telephony surveillance, or should it require the ISP�s to do the job for it? Drop me a line and let me know.

Robert Vahid Hashemian provides us with a healthy dose of reality every other month in his Reality Check column. Robert is Webmaster for TMCnet.com -- your online resource for CTI, Internet telephony, and call center solutions. He is also the author of the recently published Financial Markets For The Rest Of Us.

[ Return To The November 2003 Table Of Contents ]

Today @ TMC
Upcoming Events
ITEXPO West 2012
October 2- 5, 2012
The Austin Convention Center
Austin, Texas
The World's Premier Managed Services and Cloud Computing Event
Click for Dates and Locations
Mobility Tech Conference & Expo
October 3- 5, 2012
The Austin Convention Center
Austin, Texas
Cloud Communications Summit
October 3- 5, 2012
The Austin Convention Center
Austin, Texas