Perspective: The FCC's invite to Big Brother

It's cheaper and easier than ever to make phone calls over the Internet, thanks to innovative gadgets like a Wi-Fi handset from ZyXel.

With the ZyXel phone, you can make phone calls wherever there's an accessible Wi-Fi connection. But if the federal government has its way, you'll be tracked wherever you go.

Buried in the convoluted 91-page legalese of a recent Federal Communications Commission release on voice over Internet Protocol (VoIP) is a proposal with worrisome privacy implications.

It isn't wise to copy regulations crafted for analog phone networks and apply them to a packet-switched universe.

In it, the FCC suggests ways to "automatically identify the location" of all VoIP callers with handsets that connect to the telephone network. Those methods include creating an "inventory" of every Wi-Fi access point in the United States, engaging in "mapping and triangulation" of those access points, compiling an "access jack inventory" for wired VoIP users, or even mandating that Net phones include GPS receivers and broadcast their exact latitude and longitude.

The justification for those regulations sounds reasonable enough: to let emergency services identify an Internet caller's location when he or she dials 911. It's part of an ongoing proceeding in which the FCC gave VoIP operators until October to route 911 calls to the geographically appropriate call center.

It's easy enough to identify the location of office VoIP phones that stay in one spot. But the FCC is worried about the arrival of mobile VoIP phones such as ZyXel's, as well as business travelers taking a Vonage-like wired handset on the road.

The FCC warned in the 91-page document released in June that companies "often have no reliable way to discern from where their customers are accessing the VoIP service...There currently are no solutions that allow a provider of portable VoIP services to determine the location of an end user absent the end user affirmatively telling the service provider where he or she is."

"We intend to adopt in a future order an advanced e911 solution for interconnected VoIP that must include a method for determining a user's location without assistance from the user, as well as firm implementation deadlines," the FCC added.

In a subsequent appearance before a gaggle of Washington, D.C., telecommunications lawyers, a senior FCC official from the wireline competition bureau predicted a location requirement deadline of July 1, 2006. (As a side note, I think it's cowardly for FCC officials to refuse to have their names mentioned, but it was a condition of attending the event.)

"Public safety is not keen on solutions with customer intervention," the official said, adding that the FCC is being lobbied by companies selling location technology, including one based on "measuring broadcast signals."

Unanswered privacy questions
The FCC's proposal raises a number of questions: Who will have access to the location data stored by VoIP handsets? What rules will govern police monitoring of your moment-to-moment location? Should the federal government really be in the business of compiling a database of every wireless or wired access point in the country? And once such a database is created, what's to stop the Feds from saying that computer users also must have their locations registered?

I'm sure the FCC will claim that the location-identifying requirement is reasonable, pointing out with some justification that cellular providers are subject to similar regulations and some commercial Wi-Fi-location services are becoming available.

But the Internet is not the telephone network, and it isn't wise to copy regulations crafted for analog phone networks and apply them to a packet-switched universe.

For one thing, what if someone doesn't want 911 service on his or her VoIP phone? I already have a landline and a cell phone at home, and I might add a VoIP phone to the mix. I don't need 911 service and don't wish to pay higher prices for a GPS receiver or location-identifying hardware that would be included in it. Mandating 911 service would amount to a tax on VoIP customers.

A second option is for the FCC simply to do nothing. What would likely happen next is some VoIP providers would offer location-enabled 911 calling to customers who wanted it (for an additional fee), and others would not. That would permit the normal functions of a free market to work--and avoid zany proposals involving Uncle Sam registering all wired and wireless access points.

There's still time to let the FCC know what you think. The deadline for public comments is Monday, and they can be filed on the FCC's Web site. Just remember to fill in the spot labeled "proceeding 05-196."

Biography
Declan McCullagh is CNET News.com's chief political correspondent. He spent more than a decade in Washington, D.C., chronicling the busy intersection between technology and politics. Previously, he was the Washington bureau chief for Wired News, and a reporter for Time.com, Time magazine and HotWired. McCullagh has taught journalism at American University and been an adjunct professor at Case Western University.

More Perspectives

[hardedge]

Your argument is specious at best

This fear mongering is almost laughable. "The Internet is not the telephone network?" I guess all those telephone hand- and headsets being used to enable talking from Point A to Point B are just meaningless gadgets purchased for their asthetic charm? I guess, with similar logic, you could argue that the Internet isn't a retail sales operation either.

You may not have a GPS cell phone but "they" can already tell within a limited location, based on the cell tower your phone accesses, where you are.

You don't want 911 services on your VoIP phone? Okay, don't use them. Even CB radio had an emergency channel. In the long run, it is cheaper, from a manufacturing point of view, to make all of an item do something than to allow exceptions.

But you're right about not having the Feds be in charge of the gathering or maintaining of such a database. That should be solely the providers' responsibility. In that way it has a hope of getting doen correctly.

[Ian Rodriguez]

Fear Mongering??

Are you crazy? This is not about E-911 and public safety. This is about giving law enforcement another tool to track us and watch our every move. If this was about public safety, the FCC would require VoIP phones to register from a single IP and MAC address and bind those to a physical address. If your IP changed, you would be required (as a user) to identify your new location before your phone would work and only release that data electronically to a 911 call center in the way that the current phone system does.

-Just because you are not paranoid, does not mean someone is not out to get you.

[George Cole]

retail sales operation

http://www.analogstereo.com/fiat_seicento_owners_manual.htm

Alternate Way:

If you MUST provide 911 location service, allow me to define when I use it (Pressing Send after 911 has answered). Or only activate it when 911 is dialed (automatically pulling GPS or bouncing cell tower info to 911).

Sample Call
911: "911, what is your emergency?"
Caller: "[states emergency]"
911: "Press the Send key so I can get your location" (this assumes only that 911 can't get info from land line)
Caller: presses Send, [continues freaking out on phone while 911 operator dispatches help].

The FEW times I've had to call 911 I've been calm enough to be able to press a key on the phone if asked.
I know the news likes to portray 911 callers as people scared witless, but I'd be willing to bet that a good number of them maintain just enough sanity (They called, didn't they?) to press another button when asked.

A little refinement

It seems to me that it should not be too difficult to provide an automatic location signal ONLY when 911 is dialed. It could also provide an automatic response when contacting user programmed numbers such as parents or employers. These user programmed numbers would only be set-up or removed while in contact with said numbers. Any other time location services are required it would require the user to press a button.

cell phone ping

they can already do this by using the three tower ping method. you
can find out where any cell phone is in the usa by using a ping
service (cost is about $75 - $150). this is how bounty hunters or
bail enforcement officers commonly find their mark.

[Transaction7]

FCC VOIP Location Recording Requirements

Why, even with your help, do we mere citizens, the government officials' employers, only get hours' notice at the end of comment periods on federal regulations?

I want something like the transponder button on an aircraft that wijll let emergency services know I'm in trouble and say "please come find me," but can conceive of a number of perfectly legitimate reasons why I don't really want the government, or any hacker who can get into this, to know my exact location at all times. I'm not on parole from a sex offense and until now have not been required to wear a location bracelet.

Does this really differ that much from the companies' and FCC's capabilities for locating me where I am using my cell phone?

Is there anything in htis 91 page regulation to limit use of this data?

I do know one case in which this could have helped the prosecutor win a murder case in which I have always believed that the acquitted defendant left his wife brain dead and beat the rap, but the argument, made in osme Supreme Court cases, that something is reasonable because it might be useful to law enforcement, and talking about a zone of privacy that SOCIETY is or is not prepared to recognize for the individual, have always worried me.

Peter S. Chamberlain
peterschamberlain@earthlink.net

[captnet]

Right on!

Good job with the article! Wrote the FCC a few weeks back. It should be choice if 911 service is desired on VOIP. Also, it really gives the "public" a false sense of security to think 911 service on VOIP is like a land line 911 service. The false sense comes from the FCC saying how all this junk needs to be jamed down the throat of all users because it works! Well, maybe, maybe not is the reality. They (FCC) just can't keep there hands off things. Doing that would reduce their control and power. It's not the concern of the public. If that were the case the FCC should spend time making VOIP customers aware of the Facts about VOIP 911 and the choices/tradeoffs.

[GEBERWEIN]

Time Out

Many of the comments about VIOP 9-1-1 connections have some validity. Some are rather narrow in their view and probably reflect the experience of the writer. Lest we not forget that the whole VOIP issue is over a few people dying because they couldn't call 9-1-1 on the telephone - simply because it was part of a computer rather than the traditional landline. In many cases the person answering the call does not have the capability to detect if it is a VOIP, Cell or traditional call from the information on the screen. Sure there are codes that tell the company that provides the service but there are thousands of them. The particular dilema being addressed by the location issue is that the VOIP is mobile and the computer's physical location can change. But, the provider has to supply a location to the 9-1-1 call center. Unless the user updates the address in the IP file then the responders will be sent to the last one entered. Unlike the steady headed people on this thread there are vast numbers of people that could not handle pushing another button in a panic. The ping idea is very good except it costs for each time it is used. That could amount to large sums of money being spent by cities for this resolution. The location technology is already developed and easily delivered to equipment that will display the location without either the caller or the operator having to push any additional buttons. The best advice I can give is - if you don't want to be tracked, turn it off; and, whatever happens don't call 9-1-1.

[tvleavitt]

My comments to the FCC

Physical location reporting without user intervention should
be an optional service, not required of every VOIP connection
- the side effects of mandating this, as Declan McCullagh
points out in his editorial on CNET, of the various proposals are unnecessary costs (elimination of purely software based solutions,
as it is unlikely that a complete wireless database will every be
assembled, potential threats to civil liberties and personal
freedom arising from the ability to track end user locations, and unfortunate precedents for government intervention and tracking of
individuals who have committed no crime and drawn no suspicion.

If you mandate GPS location reporting, then you essentially ban any
and all software based VOIP systems.

Further, placing regulations of this sort exclusively on VOIP
systems that interconnect with the PSTN places an unreasonable
burden on such companies, vs. companies that do not... ultimately,
as all phone systems are virtualized, a phone number will
essentially become nothing except an arbitrary string - just like
a Yahoo ID is. Why should a company making it possible to enable
your friends to contact you via an arbitrary string of numbers
be regulated, when one that allows your friends to contact you
through an arbitrary string of alphanumeric characters isn't?

Such a design also disincentivizes VOIP companies from inter-
connecting to the PSTN, and instead insures a continued and
ultimately artificial fragmentation of the voice communications
market. Please do not impose these regulations.

Truly excellent

A truly excellent find, analysis, and proposal. As a conservative and former telecom policy wonk, I agree with your market-driven approach. However, as a former intel policy wonk, I know that it won't happen the way that you propose. The overhead costs on consumers that you outline are a tax. At least this tax is more like the surcharges we pay on airline tickets for airline security versus the Gore Tax we pay on phones to support non-POTS programs. Pre-9/11, if the locate-you feature were being promoted for safety of the individual user, the market model would find a critical mass of supporters in Congress and even at the FCC. Now, however, the locate-you feature is part of homeland security infrastructure, and that trumps the complaint against this tax.

As for the very real privacy concerns, intelligent guidelines, training, review, and oversight ? by management, IG offices, Privacy Czars, and the Hill ? are the best answer. Yes, relying on this type of privacy protection model means that abuses can happen, but a system designed to somehow make abuses impossible inherently prevents legitimate, highly valuable activities to be undertaken.

[George Cole]

market model

http://www.analogstereo.com/peugeot_owners_manual.htm

[jmaximus9]

No Way

No way in hell can they track every wifi access point. Unless they start making you buy a permit to use wifi, they have no known way of tracking it. Maybe they can the commercial access site thru company like Verison, but no way can they track all they residential sites. One simply needs to find an unprotected residential or business network and you have untraceable VoIP. It will trace back to the poor slobs network you hacked. GPS, terrorist will just buy foriegn made phones with no GPS. I suggest they do something more usefull like secure the damm Mexican Border!

http://jmaximus.blogspot.com