This story appeared on Network World at

http://www.networkworld.com/columnists/2006/062606bradner.html

Are VoIP and CALEA incompatible?

'Net Insider

By Scott Bradner, Network World, 06/26/06

Last week I wrote about the potential impact of new FCC wiretapping rules on enterprise network managers. This week the subject is the impact of some of these rules on the Internet itself.

A new report shows it may be nearly impossible to implement comprehensive wiretapping of VoIP without reengineering and rebuilding most of the United States' Internet. Not only would such reengineering be extremely costly, it would also relegate the United States to second- or third-class status in Internet-related technological innovation.

As I mentioned in passing last week, the same FCC orders (see here and here) extending the Communications Assistance for Law Enforcement Act (CALEA) to Internet service providers and enterprise networks also extend the legislation to interconnected VoIP service providers. By interconnected, the FCC means a VoIP service that connects calls to and from telephone networks.

A new report from the Information Technology Association of America (ITAA) examines the security implications of applying CALEA to VoIP. I do not know much about the ITAA and did not learn much from its Web site other than its claim to be "the nation's leading information technology (IT) trade association." But I do know - or at least know of - many of the report's authors: a very impressive collection of security and Internet experts indeed.

The report explains VoIP and why it is not your father's phone network. In your father's phone network - after it had been reengineered at great cost but with little user visibility - wiretapping is done quite easily by functions within the phone switches. When VoIP runs over the Internet, however, it does not follow the same model at all.

For example, instead of voice exchanges running through phone switches, in VoIP the voice-carrying data packets run directly between the two phones engaged in the call. The path these packets take often has little in common with the path taken by the packets used to start and stop the call. The path voice packets take is generally through routers not under the control of the VoIP provider. Even if those routers were equipped to perform wiretapping, they would not know what traffic to intercept. Another difficulty, not mentioned in the report, is that traffic paths in the Internet are almost always asymmetric - traffic in different directions takes different paths. This means there are very few places in the network where an intercept would get the whole conversation.

Of course, you could reengineer the Internet in the United States to keep this from happening. Not only would that cost an astronomical amount, but it also would destroy the ability of Internet users to create applications. I'm sure the phone companies would love to help, as such an Internet would be their dream network. I say "in the United States," because there is no reason to think that much of the rest of the world is dumb enough to destroy the innovative power of the Internet just to enable wiretapping - which might wind up not being all that useful, because the real bad guys would encrypt their communications. There is a lot more in this report, and I recommend it highly. Too bad the FCC will likely ignore what it has to say.

Disclaimer: Ignoring Harvard is what some people do as a hobby. But the above is my opinion to ignore, not Harvard's.