Such a move, said the release, could stall Internet innovation, introduce new cyber security concerns, and expose unsuspecting Americans to law enforcement surveillance. Co-authored by Vint Cerf of Google, Whitfield Diffie of Sun Microsystems and others, the study points out that the architecture of the Internet, which is substantially different from the Public Switched Telephone Network (PSTN), makes determining the location of communication endpoints exceedingly difficult.
The new study finds that VoIP wiretapping would require either a massive re-engineering of the Internet itself or would introduce unacceptable Internet security risks. "The former would have significant negative effects on U.S. ability to innovate, while the latter is simply dangerous," the report finds.
The Federal Communications Commission (FCC) ruled last year that the Communications Assistance to Law Enforcement Act (CALEA) -- a law requiring telephone companies to build wiretap access into their networks -- also applies to broadband Internet and VoIP service providers. ITAA supports a challenge to the FCC ruling now in the DC Circuit Court of Appeals.
The ITAA study says that wiretapping of some VoIP traffic is possible, but only when the VoIP service replicates key aspects of the PSTN. The report notes that intercepting a VoIP call made from a fixed location with a fixed Internet address connecting directly to a big Internet provider's access router is relatively easy to do. "But if any of these conditions is not met, then the problem of assuring interception is enormously harder."
The report suggests that rather than contributing to law enforcement efforts, adding CALEA-style wiretapping capability to VoIP technology could seriously undermine security. Problems include maintaining security at the ISP (many US ISPs are small and lack the infrastructure of the large telephone suppliers), the ease of creating identities on the Internet, the difficulty of securely transmitting the captured signals to law enforcement, and the dangers that would result from building eavesdropping functionality into the network protocols. "Various attacks, including man-in-the-middle alteration of data ... capture of identity information and passwords, and many other pernicious behaviors could well be enabled by CALEA-like accommodations," the report states. Because wiretap targets using VoIP could be mobile and could change Internet identities with relative ease, surveillance efforts could require widespread wiretapping of non-targeted individuals, raising serious privacy concerns.
The ITAA study also observes that while VoIP is the immediate subject of CALEA proponents, VoIP is not the only real-time communication format available on the Internet. Similar law enforcement mandates could be applied in the future to instant messaging, massively multi-player online role-playing games and other types of Internet communications.
