Interesting People mailing list archives
WARNING: The FCC Extends CALEA's reach to the Intern et
From: "David Farber" <dave () farber net>
Date: Sun, 16 Oct 2005 12:42:45 -0500
_______________ Forward Header _______________ Subject: WARNING: The FCC Extends CALEA's reach to the Internet Author: Jeff Pulver <jeff () pulver com> Date: 14th October 2005 7:33:37 am Hi Dave, This CALEA issue looks pretty serious to Jonathan and me. After considering the consequences of the CALEA order, we decided to address it as best as we could. While we appreciate the "needs" of law enforcement, we believe the FCC went a bit too far in the language of the CALEA order. Hopefully the blogosphere won't stay quiet on the subject either...the implications are just too great to ignore. Just wanted to make sure you saw the blog entry I posted about this today. I have copied it below. Looking forward to seeing you next month at the Peripheral Visionaries' Summit. Best regards, Jeff ===== WARNING: The FCC Extends CALEA's reach to the Internet <http://pulverblog.pulver.com/archives/003193.html> If you recall, back on August 5th, the FCC adopted its First Report and Order on Communications Assistance for Law Enforcement Act and Broadband Access and Services. We finally saw the text of the Order some 7 weeks later on September 23. Back in early August, we had suspected that the FCC would likely adopt an Order imposing some degree of CALEA obligations upon either "managed" or "interconnected" VoIP services. The perceived logic was that the FCC would have to adopt new CALEA obligations for "Information Services" if it was going to adopt an Order in the Wireline Broadband Services proceeding that would designate DSL and other wireline Broadband Internet access services as "Information Services" and therefore no longer subject to Title II Telecom regulations. If the FCC had simply played its definitional shell game, relabeling Internet access services as "Information Services" not "Telecom Services" and moving wireline Internet access services out of Title II and into Title I, then, in one fell swoop, the FCC might have lost the current authority to impose CALEA obligations on these newly designated non-Telecom, non-Title II services. In order to assuage concerns from DOJ/FBI/DEA, the FCC had to simultaneously ensure that CALEA would continue to apply without interruption to these redesignated services. Thus, the FCC adopted (even if it did not release and, maybe, had not fully fleshed out its rationale for) the CALEA Order for VoIP services, concurrent with adoption of the Wireline Broadband Order. We noticed something rather disturbing in the Order, but something which I, at least, was afraid to articulate for fear that saying it out loud would make it real. It seems, the FCC Order may have gone well beyond what DOJ/FBI/DEA had requested, in terms of the scope of CALEA's imposition on Internet-based communications. Having heard no one else flag this potentially devastating blow to the Internet, I opted to keep my mouth shut and hoped that I had misinterpreted a few alarming sentences from the Order. You see, DOJ/FBI/DEA had only petitioned the FCC to extend CALEA to "managed" VoIP services. Now, "managed" is a term that could be subject to varying interpretations, but I felt somewhat comfortable that purer, peer-to-peer Internet communications, without managed support from an intermediating service provider, would not fall under the ambit of CALEA (normal, lawful, Fourth Amendment-compliant, subpoena processes, of course, would provide government with lawful intercept authority). It seems, the FCC (at whose suggestion, I know not) went well beyond the request of DOJ/FBI/DEA and ordered that CALEA apply to "interconnected" VoIP services, similar to the services subject to the FCC's earlier Order imposing E-911 obligations upon "interconnected" VoIP services. But wait, it gets even more extreme. It seems that the CALEA rules might actually extend beyond "interconnected" VoIP services and arguably apply more broadly to services that traverse the Internet and are simply "capable" of touching the PSTN. Paragraph 39 of the CALEA Order is particularly troubling. I have been reluctant to flag this potential problem to the world just yet, but if construed broadly, privacy and freedom on the public Internet are truly jeopardized and this is the first effort by a regulatory body to regulate pure Internet-based services, even those that do not interconnect with the public switched telephone network. Here is, perhaps, the most disturbing section of the CALEA Order: "Para 39. We conclude that CALEA applies to providers of 'interconnected VoIP services' [as defined in the FCC VoIP E911 Order]. We find that providers of interconnected VoIP services satisfy CALEA's definition of "telecommunications carrier" under the SRP and that CALEA's Information Services Exclusion does not apply to interconnected VoIP services. To be clear, a service offering is "interconnected VoIP" if it offers the CAPABILITY (emphasis added) for users to receive calls from and terminate calls to the PSTN; THE OFFERING IS COVERED BY CALEA FOR ALL VOIP COMMUNICATIONS, EVEN THOSE THAT DO NOT INVOLVE THE PSTN (emphasis added). Furthermore, the offering is covered regardless of how the interconnected VoIP provider facilitates access to and from the PSTN, whether directly or by making arrangements with a third party." Obviously, it is very hard to argue for such vague principles as liberty and privacy against the backdrop of government's desire to control potential terrorist threats, even against unnecessary and overly-intrusive encroachment on the Internet. I would be the last to oppose government's attempts to protect our national security, but there are lawful processes in place that allow government access to communications without adopting regulatorily-imposed micro-management of the Internet and its enabling technologies and configurations. Companies subject to US law already have to comply with government-issued subpoena. What information can CALEA get at that a valid subpoena could not? The real problem with CALEA's broad extension to the Internet is not the intrusive nature of the law so much as the cost of compliance and allowing government to micro-manage technology? One illogical point (which creeps into all of the recent efforts to regulate IP-based communications) is that the regulatory hook used to impose CALEA on the Internet is the fact that the IP application being intercepted is the "voice" application. Email, text message, video streams all remain beyond the scope of CALEA, as does every foreign provider of VoIP, at least for the moment. Governments around the world still look to the US for direction and the steps the FCC takes have the effect of dragging the global industry and the regulatory super-structure into a negative tailspin. I think it is also important to note that the only people whom the FCC-mandated regulation of the Internet will catch are either law-abiding users who do not need to be caught within CALEA's net or the stupidest of criminals, unable to figure out how to stay beyond the reach of the regulatory net by, for instance, using any of the countless communications means or applications other than those of US-based voice application providers. I am now reaching out to you, fellow Internet entrepreneurs, innovators, enthusiasts, members of the blogosphere. What should our strategy be to protect the Internet from government intrusion? Do we seek clarification from the FCC to narrow the scope of this Order? Do we sue the FCC for over-broad application of the CALEA statute? Is CALEA the best issue upon which to halt the regulatory creep upon the Internet? Frankly, lawful intercept is the one social good that does not readily lend itself to market solutions. The industry will obviously develop better emergency response and disabilities access solutions, but the market alone might not compel every application or service provider or vendor or end-user to use technology and solutions that will allow for lawful intercept. For this reason, it might be problematic to use CALEA as vehicle to stop government interference with the Internet. I welcome your thoughts and extension of this dialogue. ### ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- WARNING: The FCC Extends CALEA's reach to the Intern et David Farber (Oct 16)