Ten years ago, congress enacted the Communications Assistance for Law Enforcement Act, otherwise known as CALEA. That bills opening paragraph mandates that "a telecommunications carrier shall ensure that its equipment, facilities, or services ... are capable of ... delivering intercepted communications and call-identifying information to the government." The camels nose had officially entered the building.
As last month ended, the FCC was inviting comments on extending the reach of CALEA into the new territory of voice over IP. That proposition, I believe, entails unreasonable costs for unimpressive benefits.
Tapping conventional circuit-switched telephone communications is literally childs play. While still in grade school, for example, Data General engineer Carl Alsing set up a telephone listening post with an old pair of headphones in his familys basement coal bin (as later related in Tracy Kidders 1981 book, "The Soul of a New Machine"). Alsings not the only engineer who tells stories of getting started by exploring the telephone system.
Once established, the link between two points on a circuit-switched system endures until the talking ends. Capture the content, and youve captured the conversation. Packet-switched systems like the Internet are much more difficult to monitor because they take many liberties in repackaging data. Pauses are compressed away, and sequences of packet delivery may not correspond to the order of origination. Other packets, exchanged among many parties, are traversing almost every IP network segment at any given time. An intended recipients communication device has no trouble in reassembling packets of interest and transducing the bits (if applicable) into speech, but would-be interceptors face a much more difficult task.
This leads me to several concerns about any notion that CALEA entitles the government to demand accommodation by VOIP providers. First, it seems likely that any VOIP tapping capability will require added equipment and processing power. Whether I pay for it in taxes or in telecom user fees, Ill get the bill one way or another. Second, this will certainly not improve the efficiency of systems and very likely will result in wasting bandwidth on metadata of no use to service consumers. Third, I fear added friction in introducing new technologies: Protocol improvements might be delayed by the need to update monitoring techniques.
Fourth is the question of what a law enforcement agency will do with an intercepted conversation that turns out to be, for example, in Arabic. Its widely reported that the NSA, CIA and FBI all fall well short of the needed number of Arabic speakers to translate even unencrypted communications intercepted in that language or its six major families of dialects. What if intercepted conversations use even the simplest code? Dollars that go into interception are not available for hiring translators, analysts or cryptologists.
I want to remind the FCC, and other agencies, that CALEAs second major clause states: "This title does not authorize any Law Enforcement agency or officer ... to prohibit the adoption of any equipment, facility, service or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services." Just because something cant feasibly be intercepted doesnt mean the technology is proscribed. VOIP is arguably untappable by reasonable means.
Law enforcers have found conventional wiretaps quite cost-effective, as we noted in eWEEKs editorial last week. But conventional surveillance and bugging may offer higher ROI than rebuilding the Internet around CALEAs demands.
CALEA also expressly acknowledges a citizens option to use encryption: "A telecommunications carrier shall not be responsible for decrypting, or ensuring the governments ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication." As noted by "citizen crypto" advocate Philip Zimmermann, its up to users to establish their use of encryption as the norm so that dumb ideas like VOIP-tapping are prevented from taking root.
Technology Editor Peter Coffee can be reached at firstname.lastname@example.org.