- Related Stories
-
Wiretap rules for VoIP, broadband coming in 2007
September 26, 2005 -
S.F. keeps pushing citywide Wi-Fi
August 17, 2005 -
Cities brace for broadband war
May 2, 2005 -
Philly, Verizon reach accord on city Wi-Fi plan
December 1, 2004
An FCC edict from September orders broadband providers and some Internet phone companies to rewire their networks for police wiretapping convenience.
In the bizarro world of federal bureaucracies, of course, it doesn't matter how much complying with this order will cost, whether it's technically feasible, or even whether the requirements are legal or not.
But in the real world, engineers and managers who actually build networks have to worry about those questions. That's why the FCC's pronunciamento worries everyone from Internet providers to universities--and now, even local governments.
"How much is it going to cost for us to comply? We want to help out law enforcement, but obviously we can't completely bankrupt the city to do it," Cheryl Leanza, legislative counsel for the National League of Cities, said last week.
The National League of Cities is no bunch of Roger Baldwin-quoting civil libertarians. It's the lobbying arm of more than 18,000 cities, villages and towns--in other words, the group represents the same local and state police agencies that the FCC claims to be helping.
What municipal governments are alarmed about is the cost of following the FCC's murky requirements, which could total hundreds of dollars per user. Over the last few years, scores of local governments have embraced broadband, led by high-profile examples like Philadelphia and San Francisco. (Here's a map).
"Generally cities have been aligned with law enforcement with regard to these issues," Leanza said. But, she added: "When there's not enough information, it's very difficult for anyone to make a plan."
The reasons for the FCC's expansive designs on the Internet go beyond bureaucratic turf-maximizing. The FCC commissioners have bowed to the Bush administration's push, visible in its lobbying over the Patriot Act, to maximize electronic surveillance at all costs.
"They understand the turmoil they're causing," said Glenn Richards, a partner at Pillsbury Winthrop Shaw Pittman who represents Internet phone companies. "The current administration has been very considerate of homeland security issues. You've got to remember the reason we are where we are today is because the (Drug Enforcement Administration), the FBI and the Justice Department filed the request for new rules."
Universities opposed
In another peculiar twist that could only be concocted inside
Washington, D.C., the FCC has proclaimed a wiretapping compliance deadline of spring 2007. But it hasn't said who has to comply or what the rules will be, saying in an unhelpful aside that it has reached "no conclusions" about whether universities, research institutions, and small or rural broadband providers must be wiretap-ready.
Imagine the head-scratching that's caused. Larry Conrad, the chief information officer of Florida State University, has asked the FCC to "clarify that private networks operated by higher education and research institutions...are not subject to CALEA." CALEA stands for the Communications Assistance for Law Enforcement Act.
The government-funded Missouri Research and Education Network, or Morenet, says it agrees in principle with CALEA. But complying with the FCC's dictate is infeasible for a network that provides Internet access to nearly 1 million students and faculty, plus public libraries throughout the state, Morenet says.
"To ask that Morenet monitor and evaluate all network traffic to meet the provisions of CALEA is unrealistic and serves no purpose that cannot be met by traditional subpoena requests," the Missouri group told the FCC. "Further, the financial demands placed by the provisions of CALEA could be potentially damaging to the future of Morenet."
No wonder telecommunications companies, nonprofit organizations and education groups are challenging the wiretapping rules before a federal court.
Their lawsuit will highlight two important points: First, CALEA is not necessary to conduct Internet wiretaps--they were conducted long before the law was enacted in 1994. (Its primary benefit is to create a centralized wiretapping hub.) Second, as I wrote in a previous column, both Congress and the FBI agreed at the time that CALEA would not cover Internet providers.
There is some good news. The case is pending before the same federal appeals court that unceremoniously gutted the last FCC power grab, in the form of the so-called "broadcast flag." Now we'll see whether the judges have the mettle to eviscerate this one as well.
Biography
Declan McCullagh is CNET News.com's chief political correspondent. He spent more than a decade in Washington, D.C., chronicling the busy intersection between technology and politics. Previously, he was the Washington bureau chief for Wired News, and a reporter for Time.com, Time magazine and HotWired. McCullagh has taught journalism at American University and been an adjunct professor at Case Western University.
See more CNET content tagged:
CALEA,
Internet phone company,
broadband provider,
homeland security,
university
Of course the government is going to want and need this type of access. Otherwise they're just saying "Anyone who wants to conduct illegal activity over the phone, please use VOIP. Thank you."
"The idea that a company would create a VOIP system to replace the standard phone system and not design in at the very least a capability tap these calls was shortsighted at best."
VOIP hasn't become a "substantial replacement" (as the FCC tried to argue in it's Notice of Proposed Rulemaking) for POTS, in that most people still use traditional land lines and cellphones. Also law enforcement has had the power to intercept the various communications of an internet user under existing law. I would also point out companies like Vonage have taken responsibility in that they implemented their systems in such away that law enforcement could intercept a VOIP phone call if they need to. They didn't secure the conversation with public key cryptography which they could have done. The arguement that the internet and VOIP are somehow out of reach of law enforcement falls flat. What the FBI and DOJ want is the ability to tap any connection from centralized point, a luxary not required by CALEA. Then there is the issue of the FCC over stepping it's bounds. When CALEA was made law in 1994 it was agreed that it wouldn't cover data traveling over the internet. Such an expansion requires congressional approval.
"Of course the government is going to want and need this type of access. Otherwise they're just saying "Anyone who wants to conduct illegal activity over the phone, please use VOIP. Thank you."
"The FBI used the "tappability principle" to justify the demands in its petition. This principle holds that if something is legally searchable sometimes, it should be physically searchable all the time. But there is a vast difference between a computer network switch created precisely to be tappable and one that can be tapped with the right tools under the right circumstances. If we applied the FBI's logic to the phone system, it would state that every individual phone should be designed with built-in bugs. Consumers would simply have to trust law enforcement or the phone companies not to activate those bugs without just cause." --Taken from EFF.org
Of course merely having the ability to intercept data doesn't mean they'll be able to use it. Strong encryption tools are widely avaliable. There was a peace of software called PGPfone, that would secure a VOIP conversion with strong public key cryptography. During the late 90's there were a few lawsuits that force the government to rain in some of their controls on strong cryptography.