The Federal Communications Commission (FCC) has issued a “First Report and Order” confirming its expansion of the Communications Assistance to Law Enforcement Act (CALEA) to the Internet. The Electronic Frontier Foundation (EFF) is planning to challenge the rule in court.
The new rule forces Internet broadband providers and “interconnected” Voice-over-IP (VoIP) providers to build backdoors into their networks to make it easier for law enforcement to listen in on private communications. EFF has argued against this expansion of CALEA in several rounds of comments to the FCC.
“A tech mandate requiring backdoors in the Internet endangers the privacy of innocent people, stifles innovation, and risks the Internet as a forum for free and open expression,” said Kurt Opsahl, EFF staff attorney.
From the BroadbandReports article:
As mentioned yesterday, the FCC released an order that allows law enforcement to apply the same wiretap laws used for traditional landlines, to VoIP. Those laws never allowed the monitoring of information systems (broadband), but some legal experts argue the FCC has manipulated and stretched the language to imply such. As it stands, the FCC is forcing ISPs to include network backdoors and rewire their networks to accommodate wiretaps by 2007.
From Susan Crawford blog:
Bottom line: There is no principled distinction between VoIP applications that are “capable” of connecting to the traditional telephone network and any other online application. If VoIP has to be designed in advance to meet the requirements of law enforcement, including demands for standard forms of data and back doors of various kinds, all applications — email, IM, everything — will have to be designed this way.
and further from Susan Crawford:
Under the 1994 CALEA, telecommunications providers –common carriers of telephone communications — must provide certain specific capacities and capabilities to make wiretapping easier for law enforcement. Congress specifically elected to leave out of CALEA’s coverage “information services, such as electronic mail services, or on-line services, such as Compuserve, Prodigy, America On-line or Mead Data, or Internet service providers.” There’s a good deal of legislative history making clear that CALEA’s application was narrowed to telephone carriers in order for it to pass.
On Friday, FCC released its CALEA First Report and Order [warning, large pdf] covering broadband access providers and “interconnected VoIP” providers.
From the EFF article on CALEA:
CALEA, a law passed in the early 1990s, required that all telephone providers build surveillance backdoors into their networks. Due to pressure from EFF and other privacy groups, Congress expressly exempted information services like broadband. But the new details released on September 23rd show that the FCC has decided to ignore Congress’s decision to protect the Internet, instead forcing all “facilities-based” providers of any type of broadband Internet access service, as well as interconnected VoIP services, to make their networks wiretap-ready. According to the FCC, all VoIP communications on a given service must be wiretap-ready if the VoIP service offers the capability for users to connect calls with the public switched telephone network (PSTN), even those communications that do not involve the PSTN.
Server and computer security is interesting enough without this fiasco becoming a reality for network administrators and computer users.