A group of privacy advocates and technology companies on Tuesday filedcourt papers to challenge a ruling by the U.S. Federal CommunicationsCommission (FCC), saying it overstepped its authority by requiring VOIP(voice over Internet Protocol) providers to allow wiretapping by lawenforcement agencies.The groups, including advocacy groups the Center for Democracy andTechnology (CDT) and the Electronic Frontier Foundation (EFF), arguedthat an FCC’s ruling on VOIP could introduce security vulnerabilitiesinto VOIP services, could drive up costs for customers, and could openup additional Internet applications, such as instant messaging, towiretap rules.The August 2004 FCC ruling requires VOIP providers, by early 2007, tobuild in technology that complies with a 1994 telephone wiretapping lawcalled the Communications Assistance for Law Enforcement Act (CALEA).But adding such functionality to VOIP could introduce security holes byincreasing the complexity of the code, and it could open upvulnerabilities to sophisticated hackers, said Susan Landau, adistinguished engineer at Sun Microsystems Inc.“What the FCC rule does is say, ’Build surveillance technology intoInternet Protocol,’” she said. “We feel that’s very dangerous andweakens national security rather than strengthens it.” The groups filed paperwork to begin a challenge to the FCC rulingTuesday in the U.S. Court of Appeals for the District of ColumbiaCircuit. Groups joining Sun, CDT and EFF in the challenge were theAmerican Library Association; Pulver.com, provider of a freecomputer-to-computer VOIP service; the Electronic Privacy InformationCenter (EPIC), a privacy advocacy group; and CompTel, a telecom tradegroup representing competitive local exchange carriers, or CLECs.The FCC declined to comment on the challenge. The U.S. Department ofJustice and the U.S. Federal Bureau of Investigation (FBI) have argued,however, that their surveillance efforts are “compromised” withoutCALEA rules for VOIP. The American Council on Education filed its own challenge to the VOIPCALEA rules Monday. The CDT’s challenges comes a day after theWashington Post reported that the FBI has looked into hundreds of rulesviolations in cases involving its surveillance of U.S. residents.By adopting the VOIP wiretapping rule, the FCC backtracked on anearlier decision to treat computer-to-computer VOIP much like it treatsother Internet-related communication, as an unregulated informationservice, the groups said. The FCC overstepped limits in the CALEA lawexempting information services, and federal law enforcement agencieshave not shown they need additional help to intercept onlinecommunications, said John Morris, staff counsel for the CDT.“The FCC had to go through huge contortions to try to get around that specific exemption,” Morris said.Building in wiretapping functionality will cost money both tofor-profit VOIP providers and to organizations such as public librariesoffering free Internet access to patrons, the groups said. And whilelaw enforcement authorities have not asked for CALEA to apply to otherInternet applications, it opens the door, said Morris.“We believe … that this extension of CALEA to a certain category ofVOIP is really the first step to extending CALEA to a huge diversity ofservices on the Internet,” Morris said. “It’s clear to us that if theCALEA mandate can be imposed on VOIP, it will imposed on things likeinstant messaging and Xbox Live.”By Grant Gross – IDG News Service (Washington Bureau) Related content news Is China waging a cyber war with Taiwan? Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. By Gagandeep Kaur Dec 01, 2023 4 mins Cyberattacks Government news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe