The Information Technology Association of America (ITAA) has issued a report on “Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP” (21-page PDF) by Steven Bellovin, Matt Blaze, Ernest Brickell, Clinton Brooks, Vinton Cerf, Whitfield Diffie, Susan Landau, Jon Peterson, and John Treichler. This report comes at a time when the FCC and courts have already ruled that VoIP and facilities-based broadband providers must provide lawful interception capabilities under CALEA for VoIP services that are “interconnected” with the publicly-switched telephone network (PSTN).
The report effectively argues that in order to extend CALEA compliance to VoIP, “it is necessary either to eliminate the flexibility that Internet communications allow—thus making VoIP essentially a copy of the PSTN—or else introduce serious security risks to domestic VoIP implementations. The former would have significant negative effects on
The report gives a good basic explanation of VoIP (which comes in a variety of possible flavors), an explanation of pre-CALEA wiretapping and current CALEA wiretapping (including cellular telephone wiretapping and roving wiretaps), and then describes the similarities and differences between the Internet and the PSTN.
It then describes the issues of security raised by applying CALEA to VoIP and the risks to innovation created by applying CALEA to VoIP.
Two of the key problems for applying CALEA to VoIP are:
- VoIP mobility. A VoIP phone can be plugged in anywhere on the Internet, for non-facilities-based VoIP providers like Vonage. The network that connects the VoIP phone to the Internet—which is the one in a position to intercept the call data--need not be the network of the VoIP provider, or have any relationship with the VoIP provider.
- VoIP identity agility. A VoIP user can have multiple VoIP providers and easily switch between them from moment to moment. The owner of the Internet access network is not in a position to know who a VoIP user is purchasing VoIP services from. They are in a position to be able to intercept and detect what VoIP providers the user connects to directly, but not if the VoIP user is using encrypted traffic through proxies.
Further problems are caused by the fact that the communications between two VoIP phones is peer-to-peer, and the routing of a call at the IP layer can change in mid-call. Because of the former issue, the call contents may not traverse the VoIP provider's network, and thus it will not be in a position to intercept (unless it behaves like the PSTN, forcing the call contents to also come through its network, using SIP proxies/RTP relays). In order to truly be able to intercept all VoIP calls using VoIP as it is designed, there would have to be cooperation between the VoIP user’s access provider of the moment (which could be any Internet provider—a WiFi hotspot, a friend’s ISP, a hotel’s Internet connection) and the VoIP provider being used—but law enforcement may not be in a position to know either of these. The kind of cooperation required would have to be very rapid, with interception equipment and systems already in place and able to eavesdrop wherever the voice traffic may flow, upon appropriate request. This would require extensive coordination across every VoIP and Internet provider in the
And the FCC has ordered that it be in place by May 14, 2007. There’s no way that’s remotely possible--note that the FCC gave ordinary wireline telephone companies over a decade to implement CALEA in the PSTN, and it has been an extremely difficult and expensive process. At best, by the deadline facilities-based VoIP providers will be able to provide interception for call traffic that goes across their own networks, and apparently be forced to do that for all traffic (or else there would be a way to distinguish calls being rerouted for interception from all other calls). And if that's the only kind of VoIP that is permitted, VoIP innovation is stifled.
One company that has been pushing hard for these extensions of CALEA is Verisign. They have been doing so because they want to act as the one-stop-shop for
UPDATE July 7, 2006: I've updated the above text in light of Charles' comment, to make it more accurate about interception by forcing VoIP calls to route through the VoIP provider's network.