WARNING: The FCC Extends CALEA's reach to the Intern et

["David Farber" <dave () farber net>]

_______________ Forward Header _______________
Subject:        WARNING: The FCC Extends CALEA's reach to the Internet
Author: Jeff Pulver <jeff () pulver com>
Date:           14th October 2005 7:33:37 am

Hi Dave,

This CALEA issue looks pretty serious to Jonathan and me.

After considering the consequences of the CALEA order, we decided to
address it as best as we could. While we appreciate the "needs" of law
enforcement, we believe the FCC went a bit too far in the language of the
CALEA order.

Hopefully the blogosphere won't stay quiet on the subject either...the
implications are just too great to ignore.

Just wanted to make sure you saw the blog entry I posted about this today.
I have copied it below.

Looking forward to seeing you next month at the Peripheral Visionaries'
Summit.

Best regards, Jeff

=====

WARNING: The FCC Extends CALEA's reach to the Internet
 <http://pulverblog.pulver.com/archives/003193.html>

If you recall, back on August 5th, the FCC adopted its First Report and
Order on Communications Assistance for Law Enforcement Act and Broadband
Access and Services.  We finally saw the text of the Order some 7 weeks
later on September 23.  Back in early August, we had suspected that the
FCC would likely adopt an Order imposing some degree of CALEA obligations
upon either "managed" or "interconnected" VoIP services.

The perceived logic was that the FCC would have to adopt new CALEA
obligations for "Information Services" if it was going to adopt an Order
in the Wireline Broadband Services proceeding that would designate DSL and
other wireline Broadband Internet access services as "Information
Services" and therefore no longer subject to Title II Telecom regulations.
If the FCC had simply played its definitional shell game, relabeling
Internet access services as "Information Services" not "Telecom Services"
and moving wireline Internet access services out of Title II and into
Title I, then, in one fell swoop, the FCC might have lost the current
authority to impose CALEA obligations on these newly designated
non-Telecom, non-Title II services.  In order to assuage concerns from
DOJ/FBI/DEA, the FCC had to simultaneously ensure that CALEA would
continue to apply without interruption to these redesignated services.
Thus, the FCC adopted (even if it did not release and, maybe, had not
fully fleshed out its rationale for) the CALEA Order for VoIP services,
concurrent with adoption of the Wireline Broadband Order.

We noticed something rather disturbing in the Order, but something which
I, at least, was afraid to articulate for fear that saying it out loud
would make it real.  It seems, the FCC Order may have gone well beyond
what DOJ/FBI/DEA had requested, in terms of the scope of CALEA's
imposition on Internet-based communications.  Having heard no one else
flag this potentially devastating blow to the Internet, I opted to keep my
mouth shut and hoped that I had misinterpreted a few alarming sentences
from the Order.

You see, DOJ/FBI/DEA had only petitioned the FCC to extend CALEA to
"managed" VoIP services.  Now, "managed" is a term that could be subject
to varying interpretations, but I felt somewhat comfortable that purer,
peer-to-peer Internet communications, without managed support from an
intermediating service provider, would not fall under the ambit of CALEA
(normal, lawful, Fourth Amendment-compliant, subpoena processes, of
course, would provide government with lawful intercept authority).

It seems, the FCC (at whose suggestion, I know not) went well beyond the
request of DOJ/FBI/DEA and ordered that CALEA apply to "interconnected"
VoIP services, similar to the services subject to the FCC's earlier Order
imposing E-911 obligations upon "interconnected" VoIP services.  But wait,
it gets even more extreme.  It seems that the CALEA rules might actually
extend beyond "interconnected" VoIP services and arguably apply more
broadly to services that traverse the Internet and are simply "capable" of
touching the PSTN.  Paragraph 39 of the CALEA Order is particularly
troubling.  I have been reluctant to flag this potential problem to the
world just yet, but if construed broadly, privacy and freedom on the
public Internet are truly jeopardized and this is the first effort by a
regulatory body to regulate pure Internet-based services, even those that
do not interconnect with the public switched telephone network.

Here is, perhaps, the most disturbing section of the CALEA Order:

"Para 39. We conclude that CALEA applies to providers of 'interconnected
VoIP services' [as defined in the FCC VoIP E911 Order]. We find that
providers of interconnected VoIP services satisfy CALEA's definition of
"telecommunications carrier" under the SRP and that CALEA's Information
Services Exclusion does not apply to interconnected VoIP services. To be
clear, a service offering is "interconnected VoIP" if it offers the
CAPABILITY (emphasis added) for users to receive calls from and terminate
calls to the PSTN; THE OFFERING IS COVERED BY CALEA FOR ALL VOIP
COMMUNICATIONS, EVEN THOSE THAT DO NOT INVOLVE THE PSTN (emphasis added).
Furthermore, the offering is covered regardless of how the interconnected
VoIP provider facilitates access to and from the PSTN, whether directly or
by making arrangements with a third party."

Obviously, it is very hard to argue for such vague principles as liberty
and privacy against the backdrop of government's desire to control
potential terrorist threats, even against unnecessary and overly-intrusive
encroachment on the Internet.  I would be the last to oppose government's
attempts to protect our national security, but there are lawful processes
in place that allow government access to communications without adopting
regulatorily-imposed micro-management of the Internet and its enabling
technologies and configurations. Companies subject to US law already have
to comply with government-issued subpoena.  What information can CALEA get
at that a valid subpoena could not?  The real problem with CALEA's broad
extension to the Internet is not the intrusive nature of the law so much
as the cost of compliance and allowing government to micro-manage
technology?

One illogical point (which creeps into all of the recent efforts to
regulate IP-based communications) is that the regulatory hook used to
impose CALEA on the Internet is the fact that the IP application being
intercepted is the "voice" application.  Email, text message, video
streams all remain beyond the scope of CALEA, as does every foreign
provider of VoIP, at least for the moment.  Governments around the world
still look to the US for direction and the steps the FCC takes have the
effect of dragging the global industry and the regulatory super-structure
into a negative tailspin.

I think it is also important to note that the only people whom the
FCC-mandated regulation of the Internet will catch are either law-abiding
users who do not need to be caught within CALEA's net or the stupidest of
criminals, unable to figure out how to stay beyond the reach of the
regulatory net by, for instance, using any of the countless communications
means or applications other than those of US-based voice application
providers.

I am now reaching out to you, fellow Internet entrepreneurs, innovators,
enthusiasts, members of the blogosphere. What should our strategy be to
protect the Internet from government intrusion?  Do we seek clarification
from the FCC to narrow the scope of this Order?  Do we sue the FCC for
over-broad application of the CALEA statute?  Is CALEA the best issue upon
which to halt the regulatory creep upon the Internet?  Frankly, lawful
intercept is the one social good that does not readily lend itself to
market solutions.  The industry will obviously develop better emergency
response and disabilities access solutions, but the market alone might not
compel every application or service provider or vendor or end-user to use
technology and solutions that will allow for lawful intercept.  For this
reason, it might be problematic to use CALEA as vehicle to stop government
interference with the Internet.  I welcome your thoughts and extension of
this dialogue.

###

-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/