Groups challenge FCC's VOIP wiretapping rules

A group of privacy advocates and technology companies on Tuesday filed court papers to challenge a ruling by the U.S. Federal Communications Commission (FCC), saying it overstepped its authority by requiring VOIP (voice over Internet Protocol) providers to allow wiretapping by law enforcement agencies.

Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft Free IT resource Attend the SOA Executive Forum: Breaking SOA Bottlenecks SOAExecForum.com/may2007 Sponsored by InfoWorld

The groups, including advocacy groups the Center for Democracy and Technology (CDT) and the Electronic Frontier Foundation (EFF), argued that an FCC's ruling on VOIP could introduce security vulnerabilities into VOIP services, could drive up costs for customers, and could open up additional Internet applications, such as instant messaging, to wiretap rules.

The August 2004 FCC ruling requires VOIP providers, by early 2007, to build in technology that complies with a 1994 telephone wiretapping law called the Communications Assistance for Law Enforcement Act (CALEA). But adding such functionality to VOIP could introduce security holes by increasing the complexity of the code, and it could open up vulnerabilities to sophisticated hackers, said Susan Landau, a distinguished engineer at Sun Microsystems Inc.

"What the FCC rule does is say, 'Build surveillance technology into Internet Protocol,'" she said. "We feel that's very dangerous and weakens national security rather than strengthens it."

The groups filed paperwork to begin a challenge to the FCC ruling Tuesday in the U.S. Court of Appeals for the District of Columbia Circuit. Groups joining Sun, CDT and EFF in the challenge were the American Library Association; Pulver.com, provider of a free computer-to-computer VOIP service; the Electronic Privacy Information Center (EPIC), a privacy advocacy group; and CompTel, a telecom trade group representing competitive local exchange carriers, or CLECs.

The FCC declined to comment on the challenge. The U.S. Department of Justice and the U.S. Federal Bureau of Investigation (FBI) have argued, however, that their surveillance efforts are "compromised" without CALEA rules for VOIP.

The American Council on Education filed its own challenge to the VOIP CALEA rules Monday. The CDT's challenges comes a day after the Washington Post reported that the FBI has looked into hundreds of rules violations in cases involving its surveillance of U.S. residents.

By adopting the VOIP wiretapping rule, the FCC backtracked on an earlier decision to treat computer-to-computer VOIP much like it treats other Internet-related communication, as an unregulated information service, the groups said. The FCC overstepped limits in the CALEA law exempting information services, and federal law enforcement agencies have not shown they need additional help to intercept online communications, said John Morris, staff counsel for the CDT.

"The FCC had to go through huge contortions to try to get around that specific exemption," Morris said.

Building in wiretapping functionality will cost money both to for-profit VOIP providers and to organizations such as public libraries offering free Internet access to patrons, the groups said. And while law enforcement authorities have not asked for CALEA to apply to other Internet applications, it opens the door, said Morris.

"We believe ... that this extension of CALEA to a certain category of VOIP is really the first step to extending CALEA to a huge diversity of services on the Internet," Morris said. "It's clear to us that if the CALEA mandate can be imposed on VOIP, it will imposed on things like instant messaging and Xbox Live."