« Business Week: Is Your VoIP Phone Vulnerable?
Asterisk & IAX Client Library Buffer Overflow Advisories »

VoIP providers must adhere to CALEA by May 14

June 13th, 2006 by Dustin D. Trammell

One of the current hot-button issues in the VoIP Security industry is the argument between end-to-end media encryption versus hop-by-hop media encryption. The folks on the hop-by-hop side of the argument have been making the case that end-to-end media encryption schemes like ZRTP are just not feasable for use in a business environment due to the requirement for law enforcement to be able to lawfully intercept or wire-tap VoIP Calls as is similarly required by the Communications Assistance for Law Enforcement Act (CALEA) for traditional telephony providers. It seems that a recent court ruling may have just backed those folks argument. ComputerWorld has coverage on a recent court ruling on the subject. From the article:

“The U.S. Court of Appeals for the District of Columbia upheld the FCC’s August 2004 ruling saying interconnected VoIP providers must allow wiretapping by May 14, 2007.”

“The FCC ruling requires VoIP providers that offer a substitute service for traditional telephone service to comply with a 1994 telephone wiretapping law called the Communications Assistance for Law Enforcement Act (CALEA). The U.S. Department of Justice and the FBI, in requesting the ruling, argued that their surveillance efforts are “compromised” without CALEA rules for VoIP.”

Thanks to Brian Honan for sending the referenced article to the VoIPSec e-mail forum.

This entry was posted on Tuesday, June 13th, 2006 at 7:04 pm and is filed under CALEA, VoIP Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “VoIP providers must adhere to CALEA by May 14”

  1. Dan York Says:
    June 13th, 2006 at 8:22 pm

    I’d note that Jeff Pulver has some more useful info in his post about recent legislation and his May 5th post about the CALEA hearing.

  2. Randell Jesup Says:
    June 13th, 2006 at 9:08 pm

    This has nothing directly to do with hop-by-hop versus end-to-end (other than making end-to-end much more attractive).

    This just states that CALEA applies to any provider who has PSTN in-and-out capability (even through a 3rd party), and that it applies to ALL calls by that provider, even IP-to-IP. CALEA does not (currently) require that the provider decrypt the call or block end-to-end encryption, only that they provide the keys for the call IF they have them.

  3. Voice of VOIPSA » Blog Archive » Internet pioneers say VOIP wiretapping complicated Says:
    June 14th, 2006 at 3:27 pm

    [...] As a followup to Dustin Trammell’s posting about CALEA compliance, the Information Technology Association of America released a report today entitled Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP. To quote from a an InfoWorld article covering the report: [...]

  4. Frank Says:
    May 8th, 2007 at 12:22 pm

    The strange thing is in Holland, that we need first a PSTN line, and THEN a VOIP connection. Allowing is 1 thing, ability is second.

    Frank

Leave a Reply

Twitter Users
Enter your personal information in the form or sign in with your Twitter account by clicking the button below.