• United States



by Paul Kerstein

Groups Challenge FCC’s VOIP Wiretapping Rules

Oct 26, 20053 mins
CSO and CISOData and Information Security

A group of privacy advocates and technology companies on Tuesday filedcourt papers to challenge a ruling by the U.S. Federal CommunicationsCommission (FCC), saying it overstepped its authority by requiring VOIP(voice over Internet Protocol) providers to allow wiretapping by lawenforcement agencies.

The groups, including advocacy groups the Center for Democracy andTechnology (CDT) and the Electronic Frontier Foundation (EFF), arguedthat an FCC’s ruling on VOIP could introduce security vulnerabilitiesinto VOIP services, could drive up costs for customers, and could openup additional Internet applications, such as instant messaging, towiretap rules.

The August 2004 FCC ruling requires VOIP providers, by early 2007, tobuild in technology that complies with a 1994 telephone wiretapping lawcalled the Communications Assistance for Law Enforcement Act (CALEA).But adding such functionality to VOIP could introduce security holes byincreasing the complexity of the code, and it could open upvulnerabilities to sophisticated hackers, said Susan Landau, adistinguished engineer at Sun Microsystems Inc.

“What the FCC rule does is say, ’Build surveillance technology intoInternet Protocol,’” she said. “We feel that’s very dangerous andweakens national security rather than strengthens it.”

The groups filed paperwork to begin a challenge to the FCC rulingTuesday in the U.S. Court of Appeals for the District of ColumbiaCircuit. Groups joining Sun, CDT and EFF in the challenge were theAmerican Library Association;, provider of a freecomputer-to-computer VOIP service; the Electronic Privacy InformationCenter (EPIC), a privacy advocacy group; and CompTel, a telecom tradegroup representing competitive local exchange carriers, or CLECs.

The FCC declined to comment on the challenge. The U.S. Department ofJustice and the U.S. Federal Bureau of Investigation (FBI) have argued,however, that their surveillance efforts are “compromised” withoutCALEA rules for VOIP.

The American Council on Education filed its own challenge to the VOIPCALEA rules Monday. The CDT’s challenges comes a day after theWashington Post reported that the FBI has looked into hundreds of rulesviolations in cases involving its surveillance of U.S. residents.

By adopting the VOIP wiretapping rule, the FCC backtracked on anearlier decision to treat computer-to-computer VOIP much like it treatsother Internet-related communication, as an unregulated informationservice, the groups said. The FCC overstepped limits in the CALEA lawexempting information services, and federal law enforcement agencieshave not shown they need additional help to intercept onlinecommunications, said John Morris, staff counsel for the CDT.

“The FCC had to go through huge contortions to try to get around that specific exemption,” Morris said.

Building in wiretapping functionality will cost money both tofor-profit VOIP providers and to organizations such as public librariesoffering free Internet access to patrons, the groups said. And whilelaw enforcement authorities have not asked for CALEA to apply to otherInternet applications, it opens the door, said Morris.

“We believe … that this extension of CALEA to a certain category ofVOIP is really the first step to extending CALEA to a huge diversity ofservices on the Internet,” Morris said. “It’s clear to us that if theCALEA mandate can be imposed on VOIP, it will imposed on things likeinstant messaging and Xbox Live.”

By Grant Gross – IDG News Service (Washington Bureau)