Sunday, March 22, 2009

Wiretapping VoIP and PoC


I originally wrote this entry on August 5, 2004 and published it on blogs.sun.com.


In a 5-0 preliminary ruling, the FCC has extended the wiretapping requirements of CALEA (Communications Assistance for Law Enforcement Act) to VoIP (Voice over IP) and PoC (Push-to-talk on Cellular).


(The preliminary rulling does not affect, non-service-provided, peer-to-peer VoIP.)


See Tim Wu's blog for a brief on the economic and legal issues the ruling raises.


See Declan McCullagh and Ben Charny's report on news.com for a report and related material.


ACLU, Americans for Tax Reform, and Center for Democracy and Technology have already expressed their reservations against extending the CALEA to the Internet service providers.


What I want to highlight here briefly is some of the technical difficulties of wiretapping on the Internet as opposed to the traditional PSTN networks.


The major difficulty arises because of the built-in routing flexibilities in the Internet. In other words, what makes the Internet resilient to local failures also makes it harder to wiretap.


Packets can take different routes. For example, RTP (the real-time transport protocol), the most common protocol for conveying VoIP packets, does not require a reservation model along the lines of RSVP. The main thing about RTP as compared to TCP is that it does not retransmit "droped" or "lost" packets composing its "voice" or other media payloads.


Some of these difficulties of wiretapping could lead to business models where consumer devices have modules capable of actively participating in wiretapping. These business models are broken from the start.


Requiring that such devices be put in the consumer's hands may discourage use of the Internet and make it more expensive. Furthermore, alternate non-conforming but smart devices could be installed to defeat the purpose of wiretapping or to skirt it all together.


Taking the non-device-dependent approach, the level of coordination required for wiretapping on the network, through firewalls and other intermediaries, not to mention through a variety of routers and switches, is truly mind boggling.


Wiretapping solutions (independent of end-point device participation) will only be available at considerable cost. (As recorded in Declan McCullagh and Ben Charny's report on news.com, Verizon Wireless' lukewarm response to the FCC's preliminary ruling confirms these difficulties.)


Same technical issues and difficulties hold for Wiretapping PoC.


Finally, while congress appropriated $500 million to reimburse traditional PSTN phone companies for CALEA compliance, such compensation will apparently not be available to VoIP and PoC providers.


No comments:

Post a Comment