John Morris

1

Hot Topic - IP Services

Wiretapping the Internet

EDUCAUSE

Policy Conference

May 20, 2004John Morris, Center for Democracy and Technology

This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author

2

Wiretapping Basics

• Federal Wiretap Act a/k/a “Title III” (1968), Foreign Intelligence Surveillance Act (1978), and Electronic Communications Privacy Act (1986)

• Title III warrants can apply to anyone (phone companies, ISPs, VoIP providers)

• Can get entire IP stream if needed

3

CALEA Basics (1)

• Communications Assistance to Law Enforcement Act (1994)

• Arose out of concern over transition of PSTN to digital technology

• Requires that telecommunications common carriers (i.e., telephone companies) design wiretap capabilities into their networks

4

CALEA Basics (2)

• Does not apply to “information services”– Internet access service– Internet applications

• ISPs do not have to architect networks to facilitate wiretapping– BUT, ISPs still must comply with Title III

wiretap orders

• FCC has some authority to extend CALEA

5

Joint Petition forExpedited Rulemaking

• Filed with FCC on March 10, 2003, by the FBI, the U.S. Dep’t of Justice, and the Drug Enforcement Agency

• Comment period has ended (but can still submit comments)

• Some action by the FCC is likely this summer

6

Joint Petition Details

• Asks FCC to extend CALEA to broadband Internet access providers

• Asks FCC to extend CALEA to VoIP service providers

• Proposes new regime of pre-deployment review and approval of new Internet technologies

7

Lots of Flavors of VoIP

• CallVantage, Free World Dialup, Vonage, many others

• Examples of VoIP addresses:– sip:290481@fwd.pulver.com– sip:jmorris@iptel.org– (301) 560-4199

8

Basic VoIP Scenarios

• VoIP services provided by Access Provider

• VoIP services provided by Third Party Provider (with media flow-through)

• VoIP services provided by Third Party Provider (with call setup only)

• VoIP services self-provided

9

Major Concerns Raised

• No cost/benefit analysis done on the imposition of CALEA on thousands of ISPs and application service providers

• Major threat to innovation– Will hamstring technology development– Could kill open source projects– Innovation will go overseas– Instead of U.S. tech companies sending jobs overseas,

the companies will move overseas

• More broadly, CALEA is a broken statute

10

Extensions to CALEAare Not Needed

• The needs of law enforcement can and must be addressed by Internet and VoIP industries

• No dispute that law enforcement:– Must be able to investigate criminals and terrorists– Does confront challenges from new technologies

• Broad design mandates are not the answer• Advocates and industry are both open to the

possibility of Congressional action to address concerns of law enforcement

11

The Internet -- and VoIP -- Can Be Wiretapped Today

• Most IP streams can be tapped at one or more points in the network

• Broad commitment within Internet and VoIP industries to cooperate with law enforcement

• Major steps already taken (router design, packet cable and other standards efforts)

12

Law Enforcement Must Adjust to Twenty-First Century Network

• Will in some cases need to sift through Target’s entire IP data stream to pull out SIP messages, media stream

• Will need to understand SIP, other protocols• Will need to adjust to new technologies as they

emerge, along with the rest of the Internet community

• Or else they will miss any minimally sophisticated criminal…….

13

Questions?

John Morris

Center for Democracy & Technology

Washington, D.C.

jmorris (at) cdt.org