RealTime IT News

VoIP Wiretaps: Good Intentions, Bad Legal Logic?

There seems to be no dispute that Internet telephony should be available to law enforcement officials armed with legal warrants. Both Congress and the Federal Communications Commission (FCC) have said the emerging technology must be surveillance friendly.

Voice over IP providers have repeatedly said they don't wish to be known as the terrorists' telephone system of choice, either out of patriotism or sound business logic or both. They have told Washington on numerous occasions this year they will comply with any laws necessary.

"We can and will comply with any regulations put forward," Jason Talley, president and CEO of commercial and residential VoIP provider Nuvio, said Thursday. "No one wants to open a hole in national security."

The problem for the regulators is that there is no specific law saying VoIP is subject to surveillance. The problem for VoIP providers is that no one knows what Washington will do to plug the hole. As Talley says, "We're not obligated to do anything right now."

Traditional telephone carriers must comply with the Communications Assistance for Law Enforcement Act (CALEA), which standardizes the system configurations for legal wiretaps. When Congress approved CALEA, it provided more than $500 million to help the telcos comply.

On Wednesday, the FCC took the first tentative step to mandate minimum surveillance compliance rules for Internet telephony, voting to initiate a rulemaking proceeding focusing on VoIP wiretapping. The agency's legal hook is that CALEA can be interpreted to cover VoIP. On a day that the FCC devoted to national security issues, the commissioners voted 5-0 to approve the proceeding, even though several questioned the legal basis of the decision.

According to the FCC, CALEA applies to traditional carriers and any "replacement for a substantial portion of the local telephone exchange service." With traditional phone calls, voice packets travels from one fixed point to another, making intercepting traffic fairly routine. VoIP calls, on the other hand, are data packets that can travel several routes and even change direction as the network seeks the clearest path. It remains an open legal question whether VoIP is a just another service like e-mail or actually is a substitute for the public switched telephone network .

Republican Commissioner Kathleen Abernathy said the FCC staff had come up with a "plausible interpretation" of CALEA, yet it was "fraught with legal risk." Democrat Michael Copps more bluntly said, "It is flush with tentative conclusions that stretch the statutory fabric to the point of tear."

Both Abernathy and Copps predicted inevitable legal challenges to the interpretation if the rules are ultimately approved. The rulemaking process will last at least until the end of the year before the FCC makes a final decision.

"I'm sure [if approved] there will be court challenges," Talley said, stressing that it is premature to jump to such conclusions. "This is an attempt to satisfy congressional concerns about VoIP. "I think the commission will go back and make sure they are complying with the law."

Talley was more concerned with the cost of possible CALEA compliance.

Noting the congressional grant to telcos for CALEA compliance, Talley said making VoIP providers comply without similar funding would amount to "another unfounded mandate pushed off on us by [Attorney General] John Ashcroft."

Talley also questioned the technological feasibility of CALEA compliance, saying there are better ways to utilize VoIP for surveillance.

"The FBI knows CALEA and wants the same rules to apply. Standardization is really what CALEA is all about," he said. "They just want to come in and plug in a jack. It reduces time for law enforcement. We [VoIP providers] could do things so much better than CALEA. We're dealing with data on the VoIP side and there are a lot more ways to go about surveillance."