washingtonpost.com
Could Your VoIP Phone Be Tapped?
Civil-liberties groups say the FCC's plans may pose a threat to your privacy and security.

Dennis O'Reilly, PC World
PC World
Saturday, January 28, 2006 12:10 AM

BURLINGAME, CALIFORNIA -- Several privacy and civil-liberties organizations are mounting a legal challenge to prevent VoIP and other Internet-based communications from being subject to taps from law-enforcement agencies.

The group, which includes the Electronic Privacy Information Center (EPIC), the COMPTEL association of communications service providers, the American Civil Liberties Union, and the Electronic Frontier Foundation , says it will fight the FCC's plan to expand the Communications Assistance for Law Enforcement Act (CALEA) of 1994. It filed a brief this week with the U.S. Court of Appeals for the District of Columbia Circuit.

The FCC's final rule, issued on August 5, 2005, would extend CALEA to all Internet-based communications, according to EFF Chairman Brad Templeton, who spoke at this week's Emerging Telephony Conference here, sponsored by O'Reilly Media. Once the FCC issues a final rule, vendors have 18 months to comply with it.

Templeton claims that the CALEA expansion proposed by the FCC would "require that people get permission to innovate" and would also create "regulatory barriers to entry." "The FBI gets veto on new companies," according to Templeton. Another, more threatening aspect of the regulation is its mandate that a "back door" be built into all Internet-communications hardware and software to provide access for law enforcement agencies. This same back door could be exploited by hackers to listen in and record these Internet communications, according to Templeton.

In March 2004 the Department of Justice, the FBI, and the Drug Enforcement Agency petitioned the FCC to expand CALEA to cover Internet-based communications. The original statute applied only to calls made using the public switched telephone network.

The FCC's proposal would require that all VoIP hardware vendors comply with the wiretap mandate within 18 months of the order's effective date, but Templeton claims that many router vendors have already added the wiretap capability to their shipping products, despite the fact that the FCC hasn't yet issued any instructions for doing so. Templeton adds that the cost of implementing this proposal will be passed onto the businesses and consumers who use the products.

Among the politicians opposing the FCC's Internet wiretap plan is Democratic Senator Patrick Leahy of Vermont, the chief sponsor of the original CALEA legislation. Leahy says the Internet was explicitly excluded from the law's surveillance rules, with the understanding that the exclusion could be revisited. However, he claims that extending CALEA to the Internet of today is counter to the intention of Congress.

In a notice posted to the FBI's CALEA Web site yesterday, the FCC promises to release another order that will address such issues as "compliance extensions and exemptions, cost recovery, identification of future services and entities subject to CALEA, and enforcement."

© 2006 PC World Communications, Inc. All rights reserved