The following text is copyright 2003 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.

 

More of life under observation

 

By Scott Bradner

 

For some reason some people think that the Internet could be a wiretap-free zone.  While that might be nice, don't hold your breath.

 

"Legal intercept," the more accurate but more complex term for wiretapping by law enforcement organizations, has been around in the telephone business since day zero but currently the legal picture of wiretapping of Internet communications is quite muddy.

 

It is arguably the case that the major U.S. law dealing with legal intercept, the 1994 Communications Assistance for Law Enforcement Act (CALEA), does not actually provide a clear legal foundation for wiretapping some types of Internet communications.   For example, people who should know what they are talking about have predicted that the U.S. government would lose a test case trying to apply CALEA to voice over IP (VoIP).  But that does not mean that the FBI agrees with that analysis or will avoid asking for VoIP intercepts.  Back in March, the FBI and the U.S. Department of Justice expressed their own view in a comment they filed response to a Federal Communications Commission (FCC) request for comment about regulating VoIP.  But, even if the courts were to rule that CALEA does not cover VoIP and other Internet applications I can not imagine Congress not passing a new law in very short order in these days of anti-terror fervor that would make the authority to wiretap unambiguous and, probably, far too easy to invoke. So I expect that any freedom from monitoring we might think we have will be fleeting, if indeed, Internet service providers have not been cooperating fully with surveillance requests for quite a while now.

 

But a number of recent news reports have me quite puzzled. It looks like the FBI wants to go about the business of being big-brother in the most illogical way.  The reports are that the FBI wants VoIP service providers to be the ones to execute the surveillance.  This makes very little sense.  VoIP runs as just another application over the Internet -- it's just bits  -- thus, anyone, even the bad guys, can be a VoIP provider.  Does the FBI want to have to go to, and trust, thousands of individual VoIP service providers to get the tapping done?  Additionally, the basic architecture of VoIP is such that the packets carrying the voice do not pass though any central server so there is no central place to monitor them.  All other Internet-based applications also are just bits over the net and anyone can set up a server. It is illogical  to approach monitoring from the server side.

 

The only logical approach is to do the monitoring in the Internet access network. (See http://www.ietf.org/internet-drafts/draft-baker-slem-architecture-01.txt for an example of how this can be done.) This is not to say that I'm fond of the idea nor is meant to say that history has shown that all government authorities are always trustable but it is the only logical way to do what, the laws will say, must be done.  But I fear the alternative is laws that tell ISPs to restrict who can run servers and to put restrictions on the permitted service architectures -- that would destroy the Internet and hand it over to the phone companies, the folks who know how to work in that kind of environment.

 

disclaimer:   Harvard predates, and I fully expect will outlast, the phone companies and has not expressed an opinion on this topic.