The U.S. government wants the ability to listen in on wireless conversations. Critics claim the move could actually make Internet-based communications more vulnerable to attacks.
The Federal Communications Commission (FCC) announced earlier this month that it intends to expand a mid-1990s ruling that allows law enforcement officers to wiretap conventional phone lines.
Now it wants to apply the ruling to certain broadband and voice-over-Internet (VOIP) providers as well.
The FCC announcement has outraged not only civil libertarians, but also a coalition of broadband providers and Internet associations, who are worried that the government’s move could actually threaten national security, as well as dampen industry innovation.
Enacted in 1994, the Communications Assistance for Law Enforcement Act (CALEA) empowered the FBI to dictate technical standards for phone companies built-in wiretapping capabilities. The current proposed expansion comes on the heels of requests from the FBI, Department of Justice, and Drug Enforcement Administration to include broadband.
The proposal’s critics argue that, given the enormous amount of data and critical infrastructure now carried on the Internet – including information on gas and oil pipelines and electrical grids – building snoop-friendly “back doors” jeopardizes security measures a decade in the making.
Until now, civil liberties groups have succeeded in exempting the Internet from the original legislation. And they’re not giving in. A raft of technology companies and industry associations have lined up against the rule change (see Notebook) – and are prepared to challenge it in federal court.
They’re also quick to point out that their argument against expanding CALEA doesnt stem from an ideological opposition to wiretapping.
“Were not suggesting that law enforcement shouldnt have access to Internet communications,” says John Morris, staff counsel for the Center for Democracy and Technology (CDT), which has filed a lengthy legal brief opposing the FCCs action. “Our focus is arguing that CALEA is a bad way of going about getting that access.”
Sun Microsystems engineer and security specialist Susan Landau lays out the national security argument: “What applying CALEA to VOIP means is not that law enforcement can do wiretaps under legal authorization, but that government officials have the right to design the standards for wiretapping…That means theyre in the Internet protocols. It doesnt matter whether you use the publicly switched Internet or private networks that use the Internet protocols – youve introduced a vulnerability.”
Landau believes this vulnerability endangers national security because the same wiretapping capabilities provided for government law enforcement officials could be used by others – including criminals or terrorists.
To make the point, Landau cites recent attacks on Taiwans Internet infrastructure, originating from China and Korea. Although they weren’t linked to government surveillance, Landau says they underline the challenge of keeping networks secure.
“What you will get is [attacks from] organized crime and well-funded organizations like Al-Qaeda that come on infrastructure,” Landau says.
Others worry about possible repercussions in two additional areas: innovation and economics. CDT’s John Morris fears that some day entrepreneurs may have to hire lawyers and navigate FBI labyrinths to win approval for new devices before they can bring them to market.
“That is guaranteed to slow down innovation on the Internet – and even more guaranteed to drive innovation offshore,” says Morris
The full-text FCC ruling, which is scheduled to released later this month, does not cover technical issues, only compliance. The commission plans to develop its technical guidelines within the next two months and release a second order.
In the broader perspective, some critics see this rule expansion as a result of law enforcements misunderstanding of broadband technologies. They argue that a qualitative difference exists between traditional telephone networks, which route communications through central hubs, and VOIP systems, such as Skype, that employ a peer-to-peer model. People may use VOIP as a substitute for land-line calls (which is the legal reasoning behind the FCCs ruling) – but the underlying technologies are vastly different: VOIP is a portable technology thats untethered from underlying networks and sometimes doesn’t even involve a fixed telephone number.
“I would hope that theres no expectation that youre going to be able to route all voice communications through central control points in order to accommodate the potential need for wiretapping,” says Mark Uncapher, senior vice president and counsel for the Information Technology Association of America. “It would be a real impediment to have to operate that way.”
Uncapher and other VOIP advocates point out that, ironically, by focusing on CALEA, law enforcement agencies may be missing a more promising quarry: the new technologys digital storage potential, which could change the nature of surveillance.
“Law enforcement is used to looking at it in a certain way. With VOIP we need to get beyond that,” says Jim Kohlenberger, executive director of the Voice on the Net Coalition, which represents companies ranging from Skype to Intel to AT&T. Rather than having those guys out there in truck with cold coffee and headphones on, imagine if they could automatically get that conversation right to their desktop, stored and routed just like e-mail. It would give them better and more capabilities.
When the full FCC proposal is released later this month, a court battle seems imminent. If a legal challenge is successful, federal law enforcement agencies may well petition Congress to pass dedicated legislation to accomplish the same end.
Meanwhile, the shifting clouds of CALEA hang over broadband providers. As the CDT has observed in its legal brief: “Regulatory uncertainty is the enemy of innovation.”
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today