Internet pioneers speak out on VoIP wiretapping

As a followup to Dustin Trammell’s posting about CALEA compliance, the Information Technology Association of America released a report today entitled Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP. To quote from a an InfoWorld article covering the report:

The study, co-authored by several people including TCP/IP co-creator Vinton Cerf and former U.S. National Security Agency encryption scientist Clinton Brooks, comes days after a U.S. appeals court upheld the FCC’s VOIP wiretapping rules. On Friday, the U.S. Court of Appeals for the District of Columbia upheld the ruling, requiring that VOIP providers offering a substitute for traditional telephone service comply with a 1994 telephone wiretapping law called the Communications Assistance for Law Enforcement Act (CALEA).

The FCC did not immediately respond to a request for comments about the ITAA study. But on Friday, FCC Chairman Kevin Martin said allowing law enforcement wiretapping of VOIP calls is of “paramount importance” to U.S. security.

Tracking VOIP calls would be more difficult than tracking calls on the traditional telephone network, because VOIP providers have little control over how their calls are routed across the Internet, said Whitfield Diffie, chief security officer at Sun Microsystems Inc. VOIP providers “have no special Internet privileges” to control traffic, said Diffie, one of the study’s authors.

3 thoughts on “Internet pioneers speak out on VoIP wiretapping

  1. Robert Welbourn

    The ITAA study doesn’t reflect reality, I’m afraid. The authors’ premise is that VoIP networks are inherently distributed, and so not amenable to wiretapping. But this is not true: the necessity of deploying session border controllers to handle NAT and firewall traversal means that both signaling and media streams do traverse the VoIP service providers’ networks, and are effectively funneled through a few entry points.

    And guess what: SBC vendors tout the products’ capabilities to support CALEA, for exactly that reason.

    This is certainly true for VoIP services that are just a cheap replacement for the PSTN; where the ITAA report might have some real applicability is with P2P VoIP services, like Skype, which are truly distributed. The CALEA language that mandates wiretapping capability if the VoIP service provider merely interconnects with the PSTN may be enough to bring Skype into play, because SkypeIn and SkypeOut provide that connectivity.

    More here: http://welbourn.blogspot.com/2006/06/itaa-slams-feds-regs-on-voip.html

    Rob

  2. Geoff Devine

    Personally, I think the ITAA study was written in Never Never Land. If you are selling a commercial product that interfaces to the PSTN and uses E.164 telephone numbers for addressing, you are subject to all the regulations of the PSTN. Period.

    I’m constantly amused by naive software engineers who create voice communications products without first researching the requirements. Aspects of telecommunications requirements like lawful intercept, emergency services, and taxes to support rural subsidies are good public policy. The FCC and DOJ are perfectly entitled to insist that voice vendors comply with their public policies rather than hide under smarmy words like “value added data services” and “it stifles innovation”.

    In the long run, I don’t see the SBC as the solution to this problem. That function really belongs in the edge router. Maybe I’m drinking the purple Kool Aid from that Large Router Company in San Jose but I view the SBC as being a real kludge. Given the proclivity of that Large Router Company to insist that you forklift upgrade your router to get these functions, I guess the SBC will be with us for a while but it’s pretty much inevitable that functions like CALEA will get rolled into the router. That’s already where CableLabs has placed the function in the PacketCable VoIP solution.

  3. Pingback: voip priviuders

Comments are closed.