A group of privacy advocates and technology companies on Tuesday filed court papers to challenge a ruling by the U.S. Federal Communications Commission (FCC), saying it overstepped its authority by requiring VoIP providers to allow wiretapping by law enforcement agencies.

The groups, including advocacy groups the Center for Democracy and Technology (CDT) and the Electronic Frontier Foundation (EFF), argued that an FCC's ruling on VoIP could introduce security vulnerabilities into VoIP services, could drive up costs for customers, and could open up additional Internet applications, such as instant messaging, to wiretap rules.

The August 2004 FCC ruling requires VoIP providers, by early 2007, to build in technology that complies with a 1994 telephone wiretapping law called the Communications Assistance for Law Enforcement Act (CALEA). But adding such functionality to VoIP could introduce security holes by increasing the complexity of the code, and it could open up vulnerabilities to sophisticated hackers, said Susan Landau, a distinguished engineer at Sun.

"What the FCC rule does is say, 'Build surveillance technology into Internet Protocol,'" she said. "We feel that's very dangerous and weakens national security rather than strengthens it."

The groups filed paperwork to begin a challenge to the FCC ruling Tuesday in the U.S. Court of Appeals for the District of Columbia Circuit. Groups joining Sun, CDT and EFF in the challenge were the American Library Association; Pulver.com, provider of a free computer-to-computer VoIP service; the Electronic Privacy Information Center (EPIC), a privacy advocacy group; and CompTel, a telecom trade group representing competitive local exchange carriers, or CLECs.

The FCC declined to comment on the challenge. The U.S. Department of Justice and the U.S. Federal Bureau of Investigation (FBI) have argued, however, that their surveillance efforts are "compromised" without CALEA rules for VOIP.

The American Council on Education filed its own challenge to the VoIP CALEA rules Monday. The CDT's challenges comes a day after the Washington Post reported that the FBI has looked into hundreds of rules violations in cases involving its surveillance of U.S. residents.

By adopting the VoIP wiretapping rule, the FCC backtracked on an earlier decision to treat computer-to-computer VoIP much like it treats other Internet-related communication, as an unregulated information service, the groups said. The FCC overstepped limits in the CALEA law exempting information services, and federal law enforcement agencies have not shown they need additional help to intercept online communications, said John Morris, staff counsel for the CDT.

The IDG News Service is a Network World affiliate.