By Jeffrey Krauss,
President of Telecommunications
and Technology Policy
Law enforcement agencies have now realized that voice-over-Internet Protocol (VoIP) technology creates big problems for them, both legal and technical. First, it isn't clear that they have the legal authority to employ wiretaps on VoIP calls. Second, there are some peculiar technical issues. The Justice Department and the FBI have filed a petition with the FCC, asking for some specific rules for VoIP carriers, and the FCC has asked for comments on the petition.

The first request asks the FCC to determine that VoIP is subject to the Communications Assistance for Law Enforcement Act (CALEA). CALEA establishes the legal duty of telecommunications service providers to provide law enforcement with the ability to accomplish lawfully-authorized intercepts. And that is a big problem for the FBI, because the FCC doesn't seem to think that VoIP is a telecommunications service.

As you recall, over the last few years there has been a big dispute over whether cable modem service is a telecommunications service or an information service. While it may not be 100 percent settled, the consensus now is that cable modem service is an information service under existing FCC policies.

A few weeks ago, the FCC released a decision that Free World Dialup (FWD) is an information service, not a telecommunications service. That decision was easy, because FWD is a service using VoIP technology that is available for free, not for hire, and does not interconnect to the public switched telephone network. The FCC has not yet made any decisions about whether the many other flavors of VoIP are telecommunications services or not. But the handwriting is on the wall, and it is highly likely that the FCC will eventually decide that any voice service that either originates or terminates in a VoIP terminal will be classified as an information service, not telecommunications.

So the FBI's Plan A is to ask the FCC to interpret the words "telecommunications service" in CALEA to mean something different than "telecommunications service" in the Communications Act. The petition asks the FCC to interpret "telecommunications service" to include VoIP for the purposes of CALEA, even if the FCC should later decide that VoIP is an "information service" for the purposes of regulating it under the Communications Act. In other words:

"When I use a word," Humpty Dumpty said, in a rather scornful tone, "it means just what I choose it to mean, neither more nor less."

"The question is," said Alice, "whether you can make words mean so many different things."

"The question is," said Humpty Dumpty, "which is to be master–that's all." –Alice in Wonderland, by Lewis Carroll

And if that fails, what about Plan B? They don't say so, but you can expect that law enforcement will approach the Congress to amend CALEA.

But there are some technical issues to be considered also. In its purest and simplest form, a VoIP service provider never touches the voice packets. It merely provides a database that lists the IP addresses of those subscribers that are "present" on the Internet. It's up to the software in the VoIP terminals to arrange to send streams of voice packets to one another, and the packets need never be physically routed through the database owner. So if an FBI agent were to serve a wiretap subpoena on, say, the Free World Dialup folks, it's not clear what the FWD folks could do except perhaps supply the then-current IP address of the subject of the wiretap. Then the FBI would have to figure out that that IP address was assigned by, for example, the local cable company, and serve them with a subpoena to get actual access to the voice packets.

By the way, the PacketCable standard used by cable companies to provide VoIP was designed with CALEA in mind, so compliance should not be a problem for cable operators.

There is another peculiar technical/legal issue to consider. CALEA covers "intercepted communications," which means recording the content of a call, but it also covers "call identifying information," which means recording the originating and terminating phone numbers, and the starting and ending time of the call. The law identifies devices such as "pen registers" and "trap and trace devices" for gathering call-identifying information. There is an easier burden for the FBI to satisfy in seeking a "call identifying" subpoena, compared with a "communications interception" subpoena, because it is less of an intrusion on personal privacy.

These pen registers and trap and trace devices were designed to work in telephone company central offices. You could hang one on the subject's local loop, and record who he called without recording what was said. With VoIP, that may not be possible. Call identifying information occurs at a number of different possible locations in IP packets, and it seems to be impossible to extract call identifying information without recording the full contents of the packets. Or so the privacy advocates claim.

The FCC proceeding on these issues should be quite controversial: law enforcement on one side, privacy advocates opposing them, and traditional phone companies, cable operators and other VoIP providers all having their own differing interests. I know that the privacy advocates almost always lose.

Have a comment? Contact Jeff via e-mail at: