Could this be the beginning of a new version of CALEA tailored for Internet communications? CNet News is reporting that the FBI is drafting new legislation intended to expand CALEA which will require ISPs to wiretap conversations and force makers of networking gear to provide hardware that can accommodate that capability. This legislation is set to be introduced by Sen. Mike DeWine (R. Ohio).
The 1994 Communications Assistance for Law Enforcement Act (CALEA) was originally drafted to apply to traditional telephony equipment and services and has since been viewed by figureheads in the Internet Telephony industry as inadequate or difficult to apply to Internet-based communications. This new legislation could potentially address those issues, however it may also eliminate safeguards that the original legislation provided.
The article published by CNet identifies four major points from the report. First, network infrastructure manufacturers will be required to upgrade their equipment to support Internet wiretapping. Second, law enforcement will have the ability to expand the reach of wiretapping beyond VoIP to other Internet communications such as Instant Messaging. Third, ISPs will have to monitor customer’s network traffic to identify only VoIP calls, and fourth, the legislation would eliminate the current CALEA requirement that the Justice Department must annually publish a public notice of the number of communication interceptions that have taken place.
News broke last week about Session Border ControllerÂ manufacturer Newport Networks, which has run into cash-flow problems waiting for deals to close.Â Newport Networks was started by serial entrepreneur Sir Terry Matthews, reportedly Walesâ€™s first billionaire, who also founded Newbridge (now part of Alcatel) and Mitel.
Last year Newport were lined up to supply their 1460 Session Border Controller to troubled equipment supplier Marconi.Â Marconi themselves failed to become prime NGN suppliers to British Telecom, which ultimately resulted in the failure of the company.Â The rump of Marconi has now been absorbed into Ericsson.
Newport have announced layoffs, as reported at ZDNetÂ and in the UK Guardian Newspaper, in an attempt to reduce cash burn while waiting for the business to arrive.Â It’s ironic with CALEA in the headlines and telcos rolling out NGNs that a provider of the enabling technology should have run onto the rocks.Â Let’s hope the Newport investors can keep their nerve.Â
Blue Box Podcast #31 is now available for download. In this show, Jonathan and I spend a block of time discussing the recent Pena/Moore VoIP fraud case and another large block of time discussing the recent FCC decision around the application of CALEA to VoIP service providers. We also have our regular discussion of VoIP security news, comments from listeners and more.
As a followup to Dustin Trammell’s posting about CALEA compliance, the Information Technology Association of America released a report today entitled Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP. To quote from a an InfoWorld article covering the report:
The study, co-authored by several people including TCP/IP co-creator Vinton Cerf and former U.S. National Security Agency encryption scientist Clinton Brooks, comes days after a U.S. appeals court upheld the FCC’s VOIP wiretapping rules. On Friday, the U.S. Court of Appeals for the District of Columbia upheld the ruling, requiring that VOIP providers offering a substitute for traditional telephone service comply with a 1994 telephone wiretapping law called the Communications Assistance for Law Enforcement Act (CALEA).
The FCC did not immediately respond to a request for comments about the ITAA study. But on Friday, FCC Chairman Kevin Martin said allowing law enforcement wiretapping of VOIP calls is of “paramount importance” to U.S. security.
Tracking VOIP calls would be more difficult than tracking calls on the traditional telephone network, because VOIP providers have little control over how their calls are routed across the Internet, said Whitfield Diffie, chief security officer at Sun Microsystems Inc. VOIP providers “have no special Internet privileges” to control traffic, said Diffie, one of the study’s authors.
One of the current hot-button issues in the VoIP Security industry is the argument between end-to-end media encryption versus hop-by-hop media encryption. The folks on the hop-by-hop side of the argument have been making the case that end-to-end media encryption schemes like ZRTP are just not feasable for use in a business environment due to the requirement for law enforcement to be able to lawfully intercept or wire-tap VoIP Calls as is similarly required by the Communications Assistance for Law Enforcement Act (CALEA) for traditional telephony providers. It seems that a recent court ruling may have just backed those folks argument. ComputerWorld has coverage on a recent court ruling on the subject. From the article:
“The U.S. Court of Appeals for the District of Columbia upheld the FCC’s August 2004 ruling saying interconnected VoIP providers must allow wiretapping by May 14, 2007.”
“The FCC ruling requires VoIP providers that offer a substitute service for traditional telephone service to comply with a 1994 telephone wiretapping law called the Communications Assistance for Law Enforcement Act (CALEA). The U.S. Department of Justice and the FBI, in requesting the ruling, argued that their surveillance efforts are “compromised” without CALEA rules for VoIP.”
Thanks to Brian Honan for sending the referenced article to the VoIPSec e-mail forum.