The following text is copyright 1999 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.

Tapping the 'Net

by Scott Bradner

Last week I wrote about the debate in the IETF over wiretapping the Internet. Two undercurrents of that debate are worth exploring in greater detail: Legal intercept, as it's euphemistically called, for voice is only the 1st step in the general tapping of the Internet; the desire for intercept may be thwarted by the Internet architecture anyway.

A strong thread that ran through the discussion on the IETF's raven mailing list ( If you don’t know where the mailing list name comes from then re-read your Edgar Allen Poe.) was the fear that the call for voice intercept was only a stalking horse for the real goal of the ability for governments to do general tapping of the Internet. This thread was second only to the thread that claimed that wiretapping violated basic human rights and that governments had no intrinsic right to do this. Unfortunately, however justified this feeling may be, it does not stop governments from making laws that mandate just this sort of thing. And one can expect that laws mandating that Internet service providers be ready to tap any Internet data stream will be soon in coming. Claiming that the governments do not have the right to pass such laws is unlikely to change the fines that the ISPs will have to pay if they fail to comply.

The Internet architecture is basically point to point. Data flows from one edge device, such as a web server, to another, such as a PC running a web browser. In some cases there may be some device in the middle, such as a web proxy, through which some of the data flows but it is not a required part of the architecture. In the case of Internet phone, data almost always flows directly between the endpoints. Signaling information might be sent to some central servers but the data flows directly between the endpoints for normal person to person calls. In the case of conference calls the data does have to go through a central mixing server. The lack of a central data forwarding server in normal phone calls means that there is no easy way to tap IP calls without letting the user know it is happening. At the same time there is no central server to send you a bill. I have been told that some of the regional telephone companies are using the argument that direct point to point IP calls are hard to tap in trying to get the FCC to mandate that the data for all phone calls go through central servers. The side benefit that the telephone company can then bill for it is, of course, secondary.

This architecture, coupled with the availability of good encryption software for the end nodes may mean that people who don't like the idea that the local government, or anyone else, is listening in can keep that from happening.

disclaimer: Harvard's architecture runs from Richardson to Le Corbusier but does not facilitate wiretapping. The above hope is my own.