Cerf: Wire Tapping VoIP Will Kill Innovation

Building standardized wiretap backdoors into Internet telephone systems is a bad idea that will lead to increased cyber security concerns. At least that’s the opinion of the Information Technology Association of America (ITAA).

Responding fiercely to a Friday court decision upholding the Federal Communications Commission (FCC) authority to impose traditional wiretap laws on Voice over IP companies, the ITAA Tuesday issued a report sharply critical of the ruling.

“The network architectures of the Internet and the public switched telephone network (PSTN) are substantially different,” the report states. “Lack of understanding of the implications of the differences has led to some difficult — and potentially dangerous — policy decisions.”

The U.S. Court of Appeals for the District of Columbia said VoIP calls are no different than traditional telephone service when it comes to wiretap laws.

At issue is the Communications Assistance for Law Enforcement Act (CALEA), a 1994 law mandating traditional telephone companies build their technology in specific ways in order to make wiretapping easier for law enforcement officials.

Last August, the FCC ruled CALEA also applied to Internet phone services and gave VoIP providers 18 months to comply with the order. The decision prompted immediate lawsuits to block the FCC action.

While Congress specifically exempted information services such as the Internet from CALEA, the FCC contends the controversial law applies to any “replacement for a substantial portion of the local telephone exchange service,” an interpretation recently supported by the U.S. Court of Appeals for the District of Columbia.

“I am pleased that the court agreed with the Commission’s finding, which will ensure that law enforcement agencies’ ability to conduct lawful, court-ordered electronic surveillance will keep pace with new communication technologies,” FCC Commissioner Kevin Martin said in a statement.

The ITAA, one of Washington’s major technology trade associations, wasn’t nearly as pleased.

The ITAA report, co-authored by Vint Cerf, chief Internet evangelist of Google and Whitfield Diffie, chief security officer for Sun Microsystems, among others, notes that in some cases, VoIP calls are essentially the same as a traditional call.

Beyond that, though, the ITAA argues the problem of assuring interception is “enormously harder.”

VoIP calls, for instance, often involve situations where neither the physical location of the caller or the address of the call recipient is fixed.

To facilitate CALEA in those cases, the report states, “it is necessary either to eliminate the flexibility that Internet communications allow — thus making VoIP essentially a copy of the PSTN — or else introduce serious security risks to domestic VoIP implementations.”

The report added: “The former would have significant negative effects on U.S. ability to innovate, while the latter is simply dangerous.”

News Around the Web