« Peggy Miles on Internet Broadcasting: | Main | This week in my corner of the Blogosphere: »

October 14, 2005

WARNING: The FCC Extends CALEA's reach to the Internet

If you recall, back on August 5th, the FCC adopted its First Report and Order on Communications Assistance for Law Enforcement Act and Broadband Access and Services. We finally saw the text of the Order some 7 weeks later on September 23. Back in early August, we had suspected that the FCC would likely adopt an Order imposing some degree of CALEA obligations upon either "managed" or "interconnected" VoIP services.

The perceived logic was that the FCC would have to adopt new CALEA obligations for "Information Services" if it was going to adopt an Order in the Wireline Broadband Services proceeding that would designate DSL and other wireline Broadband Internet access services as "Information Services" and therefore no longer subject to Title II Telecom regulations. If the FCC had simply played its definitional shell game, relabeling Internet access services as "Information Services" not "Telecom Services" and moving wireline Internet access services out of Title II and into Title I, then, in one fell swoop, the FCC might have lost the current authority to impose CALEA obligations on these newly designated non-Telecom, non-Title II services. In order to assuage concerns from DOJ/FBI/DEA, the FCC had to simultaneously ensure that CALEA would continue to apply without interruption to these redesignated services. Thus, the FCC adopted (even if it did not release and, maybe, had not fully fleshed out its rationale for) the CALEA Order for VoIP services, concurrent with adoption of the Wireline Broadband Order.

We noticed something rather disturbing in the Order, but something which I, at least, was afraid to articulate for fear that saying it out loud would make it real. It seems, the FCC Order may have gone well beyond what DOJ/FBI/DEA had requested, in terms of the scope of CALEA's imposition on Internet-based communications. Having heard no one else flag this potentially devastating blow to the Internet, I opted to keep my mouth shut and hoped that I had misinterpreted a few alarming sentences from the Order.

You see, DOJ/FBI/DEA had only petitioned the FCC to extend CALEA to "managed" VoIP services. Now, "managed" is a term that could be subject to varying interpretations, but I felt somewhat comfortable that purer, peer-to-peer Internet communications, without managed support from an intermediating service provider, would not fall under the ambit of CALEA (normal, lawful, Fourth Amendment-compliant, subpoena processes, of course, would provide government with lawful intercept authority).

It seems, the FCC (at whose suggestion, I know not) went well beyond the request of DOJ/FBI/DEA and ordered that CALEA apply to "interconnected" VoIP services, similar to the services subject to the FCC's earlier Order imposing E-911 obligations upon "interconnected" VoIP services. But wait, it gets even more extreme. It seems that the CALEA rules might actually extend beyond "interconnected" VoIP services and arguably apply more broadly to services that traverse the Internet and are simply "capable" of touching the PSTN. Paragraph 39 of the CALEA Order is particularly troubling. I have been reluctant to flag this potential problem to the world just yet, but if construed broadly, privacy and freedom on the public Internet are truly jeopardized and this is the first effort by a regulatory body to regulate pure Internet-based services, even those that do not interconnect with the public switched telephone network.

Here is, perhaps, the most disturbing section of the CALEA Order:

"Para 39. We conclude that CALEA applies to providers of 'interconnected
VoIP services' [as defined in the FCC VoIP E911 Order]. We find that
providers of interconnected VoIP services satisfy CALEA's definition of
"telecommunications carrier" under the SRP and that CALEA's Information
Services Exclusion does not apply to interconnected VoIP services. To be
clear, a service offering is "interconnected VoIP" if it offers the
CAPABILITY (emphasis added) for users to receive calls from and terminate
calls to the PSTN; THE OFFERING IS COVERED BY CALEA FOR ALL VOIP
COMMUNICATIONS, EVEN THOSE THAT DO NOT INVOLVE THE PSTN (emphasis added).
Furthermore, the offering is covered regardless of how the interconnected
VoIP provider facilitates access to and from the PSTN, whether directly or
by making arrangements with a third party."

Obviously, it is very hard to argue for such vague principles as liberty and privacy against the backdrop of government's desire to control potential terrorist threats, even against unnecessary and overly-intrusive encroachment on the Internet. I would be the last to oppose government's attempts to protect our national security, but there are lawful processes in place that allow government access to communications without adopting regulatorily-imposed micro-management of the Internet and its enabling technologies and configurations. Companies subject to US law already have to comply with government-issued subpoena. What information can CALEA get at that a valid subpoena could not? The real problem with CALEA's broad extension to the Internet is not the intrusive nature of the law so much as the cost of compliance and allowing government to micro-manage technology?

One illogical point (which creeps into all of the recent efforts to regulate IP-based communications) is that the regulatory hook used to impose CALEA on the Internet is the fact that the IP application being intercepted is the "voice" application. Email, text message, video streams all remain beyond the scope of CALEA, as does every foreign provider of VoIP, at least for the moment. Governments around the world still look to the US for direction and the steps the FCC takes have the effect of dragging the global industry and the regulatory super-structure into a negative tailspin.

I think it is also important to note that the only people whom the FCC-mandated regulation of the Internet will catch are either law-abiding users who do not need to be caught within CALEA's net or the stupidest of criminals, unable to figure out how to stay beyond the reach of the regulatory net by, for instance, using any of the countless communications means or applications other than those of US-based voice application providers.

I am now reaching out to you, fellow Internet entrepreneurs, innovators, enthusiasts and members of the blogosphere. What should our strategy be to protect the Internet from government intrusion? Do we seek clarification from the FCC to narrow the scope of this Order? Do we sue the FCC for over-broad application of the CALEA statute? Is CALEA the best issue upon which to halt the regulatory creep upon the Internet? Frankly, lawful intercept is the one social good that does not readily lend itself to market solutions. The industry will obviously develop better emergency response and disabilities access solutions, but the market alone might not compel every application or service provider or vendor or end-user to use technology and solutions that will allow for lawful intercept. For this reason, it might be problematic to use CALEA as vehicle to stop government interference with the Internet. I welcome your thoughts and extension of this dialogue.


Tags: , ,

Share this post:

Digg | del.icio.us | Reddit | Newsvine | Google Bookmark | Yahoo MyWeb | StumbleUpon

Posted by jeff on October 14, 2005 06:25 AM | Permalink

Additional resources: Watch PrimeTime TV Shows | Watch the Jeff Pulver Show | Jeff's Qik Videos

Comments

Posted by: injection molding at June 18, 2009 10:41 AM

A perfect example of the Bush administrations' anti-trade philosophy, this Statute will have the effect of driving all internet related services offshore beyond the reach of CALEA.

It could be argued that this forced outsourcing of internet interconnectivity poses a much more serious and immediate threat to American values and freedoms than any pack of unwashed, uneducated bomb-throwers on the other side of the planet could ever pose.

The "War on Terror" is nothing less than a war on freedom. Unlike all the previously over-hyped and unsuccessful "wars" against everything from drugs to poverty, the government has a chance to actually WIN this one.

Heaven help us!

Posted by: Tholidor at July 9, 2006 10:48 AM

Hopefully some more people will get in this.

Posted by: QuickRob at October 17, 2005 10:37 PM

This was commented on at TMC's VoIP blog:
http://blog.tmcnet.com/blog/tom-keating/voip/fcc-requires-some-broadband-and-voip-providers-to-accommodate-wiretaps.asp

Parts of my comments from there: "They state elsewhere that if you're covered for some calls, you're covered for the entire service. So, if you're Skype, and you're covered because of PSTN interconnect (even via a 3rd party contract), you're covered for ALL calls."

and concerning that it would be tough to tap (CALEA-style) IP-to-IP calls (such as Skype, or even FWD IP-to-IP):

"Overall it's crystal-clear to me. They don't say anywhere it has to be easy to do, just that you have to do it. If you can't, well that's your problem - you're out of business (in the US).

The reality (both for Vonage and Skype) is that IP-to-IP calls would have to go through a proxy that can tap the streams. And *if* CALEA requires that it not be obvious to the caller that it's being tapped, then ALL calls will have to go through a proxy. Which means added costs for the service provider and added delay for the user. (Skype may not have added costs directly, but increased loading on their subscribers with open ports for proxying)."

Go read the entire thread of 7 or 8 comments.

Posted by: Randell Jesup at October 14, 2005 04:15 PM

Post a comment




Remember Me?