by Grant Gross

A Challenge to VoIP Wiretaps

Jan 15, 20062 mins

A federal appeals court should decide this year whether the FBI should have the right to wiretap Internet phone conversations.

In August 2004, the Federal Communications Commission ordered VoIP providers to make it possible for law enforcement agencies to tap the digital calls by 2007. The ruling enforces provisions of the Communications Assistance for Law Enforcement Act, a 1994 law that expanded the obligations of telecom carriers to assist law enforcement with electronic surveillance.

The U.S. Department of Justice argued to the FCC that CALEA for VoIP is necessary to “protect America from terrorists and criminals,” according to a November 2004 DOJ letter to the FCC. The number of VoIP lines in use totals in the tens of millions, according to the largest telecommunication companies.

But last October, telecom trade group CompTel and VoIP provider, along with three privacy advocacy groups, asked the U.S. Court of Appeals for the District of Columbia Circuit to overturn the FCC ruling. They argued that allowing VoIP calls to be wiretapped would introduce security vulnerabilities for customers. For example, unauthorized people could illegally listen to private conversations and steal information, the groups argued. “What the FCC rule does is say, ‘Build surveillance technology into Internet protocol,’” says Susan Landau, a distinguished engineer at Sun Microsystems. “We feel that’s very dangerous and weakens national security rather than strengthens it.”

Creating a way to tap VoIP calls is untenable for companies such as Magellan Health Services, a provider of mental health services based in Avon, Conn. The company operates an internal VoIP system that doesn’t connect to the public phone network, but if the company decides to connect its system outside the company, its conversations would be open to wiretaps. “Since we deal with extremely confidential information concerning people’s mental health issues, we would not support anyone outside Magellan tapping into those conversations,” says Bob Odenheimer, head of IT operations and telecommunications at Magellan.

The potential for personal information being leaked raises liability issues, too, warns Kevin Kalinich, co-national managing director of the technology and professional risks group at Aon Corp. Aon consults with large companies on insurance packages and risk management programs. Many Aon customers are worried about exposing themselves to privacy complaints, he says. “The voice over IP systems don’t have all the technological capabilities to comply with these regulations,” Kalinich says.