January 8, 2004 7:42 AM PST
Feds seek wiretap access via VoIP
The agencies have asked the Federal Communications Commission to order companies offering voice over Internet Protocol (VoIP) service to rewire their networks to guarantee police the ability to eavesdrop on subscribers' conversations.
Without such mandatory rules, the two agencies predicted in a letter to the FCC last month that "criminals, terrorists, and spies (could) use VoIP services to avoid lawfully authorized surveillance." The letter also was signed by the Drug Enforcement Administration.
Get Up to Speed on...
Get the latest headlines and
company-specific news in our
expanded GUTS section.
In general, VoIP providers have pledged to work with police, and some, like Level 3 Communications, do not oppose the regulations the FBI is seeking. Others, like a coalition of 12 smaller VoIP providers including BullDog Teleworks and PingTone Communications, have told the FCC that "there are various industry initatives under way and the commission should allow those initiatives time to succeed before preemptively regulating."
Federal and local police rely heavily on wiretaps. In 2002, the most recent year for which information is available, police intercepted nearly 2.2 million conversations with court approval, according to the Administrative Office of the U.S. Courts. Wiretaps for that year cost taxpayers $69.5 million, and approximately 80 percent were related to drug investigations. Those statistics do not include approximately the same number of additional wiretaps authorized by the Foreign Intelligence Surveillance Act.
When weighing the FBI's request, the FCC will have to decide whether a 1994 law called the Communications Assistance for Law Enforcement Act (CALEA) applies to VoIP providers. The law is ambiguous. It clearly requires "telecommunications carriers" to provide ready wiretapping access while explicitly exempting "information services." If the FCC decides CALEA does not apply, the debate would shift to Congress, which could decide to amend the law.
When Internet links are used to carry voice calls that begin and end in the traditional, circuit-switched network--a move that Verizon Communications announced Wednesday--that would easily fall within CALEA's existing definitions. But Internet-to-Internet voice links like those offered by VoIP companies Vonage and Skype are closer to information services and fall into a regulatory gray area. The status of voice conversations carried through instant-messaging programs is even more unclear, as is the FCC's ability to compel overseas VoIP providers to comply with U.S. rules.
"The FCC should ignore pleas about national security and sophisticated criminals because sophisticated parties will use noncompliant VoIP, available open source and offshore," said Jim Harper of Privacilla.org, a privacy advocacy Web site. "CALEA for VoIP will only be good for busting small-time bookies, small-time potheads and other nincompoops."
One unusual section of the FBI letter is that it claims the bureau is seeking to protect Americans' privacy rights: "Mandatory CALEA compliance by VoIP providers would better protect the privacy of VoIP users than a voluntary approach. CALEA protects the privacy of surveillance suspects by requiring carriers to provision the surveillance in a confidential manner." Otherwise, the FBI argues, a VoIP company might turn over a "full pipe" to police that would include conversations of more people than necessary.
At least one FCC commissioner has expressed strong support for sweeping VoIP into CALEA's requirements, which currently apply only to telephone companies.
"We must understand the concerns raised by DOJ and FBI that classifying Vonage's VoIP as an information service severely undercuts CALEA," Jonathan Adelstein said last month. "VoIP jeopardizes the ability of federal, state and local governments to protect public safety and national security against domestic and foreign threats. Public safety is not negotiable."