More of life under observation

'Net Insider By Scott Bradner, Network World
August 11, 2003 12:07 AM ET

. What's this?

Some people think the Internet could be a wiretap-free zone. While that might be nice, don't hold your breath.

"Legal intercept," the more accurate but more complex term for wiretapping by law enforcement organizations, has been around in the telephone business since day zero. But currently, the legal picture of wiretapping Internet communications is quite muddy.

It is arguably the case that the major U.S. law dealing with legal intercept, the 1994 Communications Assistance for Law Enforcement Act (CALEA), does not actually provide a clear legal foundation for wiretapping some types of Internet communications. For example, people who should know what they are talking about have predicted that the U.S. government would lose a test case trying to apply CALEA to voice over IP (VoIP). But that does not mean the FBI agrees with that analysis or will avoid asking for VoIP intercepts.

In March, the FBI and the U.S. Department of Justice expressed their views in response to an FCC request for comment about regulating VoIP. But, even if the courts were to rule that CALEA does not cover VoIP and other Internet applications, I cannot imagine Congress not passing a new law in very short order in these days of anti-terror fervor that would make the authority to wiretap unambiguous and, probably, far too easy to invoke. So I expect that any freedom from monitoring we might think we have will be fleeting, if ISPs have not been cooperating fully with surveillance requests for quite a while now.

Related Content

But a number of recent news reports have me quite puzzled. It looks like the FBI wants to go about the business of being Big Brother in the most illogical way. The reports are that the FBI wants VoIP service providers to execute the surveillance. This makes very little sense. VoIP runs as just another application over the Internet - it's just bits - thus, anyone, even the bad guys, can be a VoIP provider. Does the FBI want to have to go to, and trust, thousands of individual VoIP service providers to get the tapping done?

Additionally, the basic architecture of VoIP is such that the packets carrying the voice do not pass through any central server, so there is no central place to monitor them. All other Internet-based applications also are just bits over the 'Net and anyone can set up a server. It is illogical to approach monitoring from the server side.

The only logical approach is to do the monitoring in the Internet access network (see this Internet draft) for an example of how this can be done). This is not to say that I'm fond of the idea, nor is this meant to say that history has shown that all government authorities are always trustable. But it is the only logical way to do what, the laws will say, must be done.

Still, I fear the alternative is laws that tell ISPs to restrict who can run servers and to put restrictions on the permitted service architectures - that would destroy the Internet and hand it over to the phone companies, the folks who know how to work in that kind of environment.

Disclaimer: Harvard predates, and I fully expect will outlast, the phone companies. It has not expressed an opinion on this topic.

Read more about security in Network World's Security section.