FBI seeks Internet telephony surveillance

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: Jeff Pulver <jeff () pulver com>
Date: Thu, 27 Mar 2003 06:20:17 -0500 (EST)
To: Dave Farber <dave () farber net>
Subject: FBI seeks Internet telephony surveillance

Hi Dave,

I thought you might find this story interesting. I'm working on my
FCC petition reply comments that are due on April 2nd. I'm open for
suggestions on the best way to handle the DoJ/FBI "misunderstanding"
about Free World Dialup.

Best regards,

Jeff

---------- Forwarded message ----------
FBI seeks Internet telephony surveillance
from: ( http://www.securityfocus.com/news/3466 )

The Justice Department and the FBI ask regulators for expanded technical
capabilities to intercept Voice Over IP communications... and anything
else that uses broadband.

By Kevin Poulsen, SecurityFocus Mar 27 2003 1:11AM

The FBI and Justice Department are worried that Voice Over IP (VoIP)
applications may become safe havens for criminals to communicate with one
another, unless U.S. regulators make broadband services more vulnerable to
lawful electronic eavesdropping, according to comments filed with the FCC
this month.

The government filing was prompted by the efforts of telecom entrepreneur
Jeffrey Pulver to win a ruling that his growing peer-to-peer Internet
telephony service Free World Dialup is not subject to the regulations that
govern telephone companies.

Free World Dialup has been called "Napster for Phones." It's a free
service aimed at developing Internet telephony as a mainstream alternative
to the public switched telephone network. After an initial investment of
about $250 for a Cisco SIP telephone -- a device that functions much like
a conventional analog phone, but plugs directly into an IP network --
users can "dial" each other over the Internet anywhere in the world at no
cost. Free World Dialup provides a directory service that assigns each
user a virtual telephone number, and sets up each phone call. Since it was
launched in November, the service has gathered over 12,000 users.

If it catches on, FWD could be a nightmare for old-fashioned telephone
companies. Those companies were likely agitated further when Pulver asked
[pdf] the FCC in February for a "declaratory ruling" that his service is
outside the commission's jurisdiction. Pulver argues that FWD is not a
telecommunications service, but is just an Internet application, no
different from e-mail or instant messaging. Verizon, SBC and other phone
companies filed comments in opposition to Puliver's petition.

And on the last day of the public comment period, so did the FBI.

It turns out that one of the regulations from which FWD would be
incidentally exempt is the Communications Assistance for Law Enforcement
Act (CALEA), the federal law that required telecommunications carriers to
modify their networks to be wiretap-friendly for the FBI. Crafted in 1994,
before the Internet was a household word, it's not entirely clear that
CALEA even applies to Voice Over IP , but the government has had some
success persuading companies that it does, or soon will, according to Stu
Baker, a partner in the Washington law firm of Steptoe and Johnson. "Right
now, I think Justice would lose a case trying to apply CALEA to VoIP,"
Baker wrote in an e-mail interview. "But eventually... VoIP will be a
mainstream substitute for the switched network. So a lot of companies are
complying now to avoid a hassle later."

The government worries that Free World Dialup's petition could buck that
trend: if the FCC finds that FWD is free from the plug-and-play wiretap
requirements, other Internet companies handling VoIP traffic might start
thinking they're exempt as well. "The DOJ and FBI are concerned that if
certain broadband telecommunications carriers fail to comply with CALEA
due to a misunderstanding of their regulatory status, criminals may
exploit the opportunity to evade lawful electronic surveillance," reads
the government filing.

Pulver says it's the government that misunderstands the situation. "My
hope is that the DoJ/FBI did not take the time to fully understand what
Free World Dialup is and isn't, and after some proactive education it will
be clear that we don't fall under the definitions," says Pulver. "It is
much easier to build the wiretap function into the access method, which is
infrastructure based, rather than on every Internet application that comes
along."

Easier Broadband Surveillance Sought
Indeed, extending CALEA to cover Free World Dialup and services like it
would likely be futile, says Orif Arkin, founder of Sys-Security Group and
an expert on IP telephony security. Arkin says users determined to skirt
surveillance could easily set up their own ad hoc directory services on
the fly. "It's like a buddy list on instant messaging," says Arkin. "They
just have to build up such a server, and give everyone access to it."

Arkin says the FBI's best bet for spying on VoIP users is to eavesdrop
directly on a target's broadband connection, perhaps using the Bureau's
"Carnivore" DCS-1000 network surveillance tool. With access to the raw
traffic, VoIP phones become exceedingly easy to listen in on. "Those
phones don't have a lot of CPU power, so the communication between the two
ends is not encrypted," Arkin says. "Whoever was to sniff the information
on the uplink or downlink or between those two can hear whatever is said."

That point isn't lost on Justice and the FBI. The government is asking
that, should the FCC not reject FWD's petition outright, the commission at
least delay its decision until after it's ruled on two other broadband
proceedings that the Justice Department filed comments on last year.

In those proceedings, Justice is asking the FCC to reinterpret CALEA as
extending to DSL and cable modem service -- not just telephone calls. It's
also asking the commission to expand the scope of the law to include raw
data communication -- Web surfing, e-mail, and anything else that crosses
the wire. Broadband providers are already obliged to cooperate with
court-ordered surveillance requests; the government's FCC proposals would
go beyond that and require companies to reengineer their networks to make
Internet eavesdropping easier technically, and dirt cheap on a
case-by-case basis. "It would be a major expansion of the CALEA
requirements," says David Sobel, an attorney with the Electronic Privacy
Information Center. "It would really obliterate the distinction between
voice and data."

Opponents of the CALEA expansion include AT&T and the National Cable and
Telecommunications Association. But the government's argument for the
additional capabilities is the same one that persuaded Congress to pass
CALEA in the first place eight years ago, and it only carries more weight
today. "Although we cannot describe in this forum the particular
circumstances, the FBI has sought interceptions of transmissions carried
by broadband technology, including cable modem technology, in
terrorism-related ... investigations involving potentially
life-threatening situations," the Justice Department wrote [pdf] in one of
its filings last year. "Unless carriers are required to ensure such
access, law enforcement surveillance capabilities will suffer a serious
and dangerous gap." If the FCC adopts the government's position, then
broadband's last mile will be the FBI's listening post, and Free World
Dialup will be off the hook.

###


------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/