Global Crossing Blasts CALEA Extension

by on November 21, 2006 · 2 comments

Via Jim Lippard (who’s a GC employee), here’s a story about Global Crossing’s criticism of the FCC’s decision to extend the 1994 Communications Assistance for Law Enforcement Act to IP-based networks:

The agency also plans to stand firm with the May 2007 deadline, he said. In fact, the days of “endless” extensions for achieving CALEA compliance are effectively over for any broadband or voice-over Internet protocol company, he said, because most deployed their equipment after October 1998, thereby exempting them from relief.

Kouroupas and Global Crossing aren’t alone in balking at the mandate. A group of organizations and companies that included Sun Microsystems, Pulver.com, the American Association of Community Colleges, the Association of American Universities and the American Library Association lodged an appeal against the rules last fall. But a divided appeals court panel upheld the FCC’s rules, dismissing the group’s argument that Congress never intended CALEA to force broadband providers–and networks at corporations and universities–to build in surveillance hubs for the police.

Since then, confusion has continued to swirl around who must comply with the expanded rules. What if, for example, Global Crossing provided a virtual private network to a corporation, which then went on to install its own equipment that allows for voice-over Internet protocol traffic? If the cops approach Global Crossing for the voice data alone, the company doesn’t have ready access to that isolated stream, Kouroupas said, so it would probably be forced to hand over all of the packets traveling over that company’s network.

“Is that really allowed?” he asked. “Aren’t these wiretaps supposed to be narrowly tailored?”

It seems to me that this is just the tip of the iceberg. Government agencies have demanded a “standardized” system to conduct wiretaps, but this demand flies in the face of the end-to-end principle. The Internet’s architecture is specifically designed so that Global Crossing doesn’t need to know or care what kinds of applications are being used by end users. That means it’s logically impossible to build a tool that will allow them to decode any VoIP stream. Instead, they’ll be forced to scour the Internet for new VoIP applications and then write a new piece of software to decode each one. Given the extraordinary diversity of the Internet, that’s a huge and probably futile task.

Moreover, it’s logical to assume that criminals will tend to use using encrypted VoIP applications, which (short of a breakthrough in cryptography or carelessness on the criminals’ part) will never be tappable no matter what Global Crossing does.

So I’m baffled as to what the FCC thinks it’s accomplishing. Unless they’re willing to force some fundamental changes in the architecture of the Internet, or to ban encryption software, what they seem to be trying to accomplish is simply impossible.

Of course, the bureaucrats don’t care if their demands are vague, unreasonable, or even impossible:

Maura Quinn, unit chief of the FBI’s CALEA Implementation Unit, acknowledged that it’s difficult for officials to say authoritatively who is covered and not covered by the law.

“If there’s any question of whether you need to comply,” Quinn added, “CALEA is the law of the land, and it’s expected people will comply with that.”

  • http://www.digitalproductions.co.uk Crosbie Fitch

    Why not simply permit law enforcement to tap into a transport protocol of their choice, plug the data stream fire hose in their gobs of Petabyte disk drives and let them analyse it at their leisure and own expense?

    Requiring that data transporters discern meaning to the noise they’re transporting is like demanding that cake manufacturers determine what universe each purchaser of a fairy cake could extrapolate.

    A wily data transporter would provide all easily detectable VoIP transmissions, and generate digital noise for the expected proportion of VoIP traffic that is conducted via obscure means.

    If your task is impossible, then checking you have carried out your task may also be impossible.

    Moreover, if you suspect your client just likes to see big disk farms and can’t actually receive a fraction of the data let alone process it, then simply record 1% for authenticity and generate the remainder on demand and use the disk farms for something else.

    Must be some Sisyphean law going here?

    If you ask for the impossible you may well receive the impossible.

  • http://www.digitalproductions.co.uk Crosbie Fitch

    Why not simply permit law enforcement to tap into a transport protocol of their choice, plug the data stream fire hose in their gobs of Petabyte disk drives and let them analyse it at their leisure and own expense?

    Requiring that data transporters discern meaning to the noise they’re transporting is like demanding that cake manufacturers determine what universe each purchaser of a fairy cake could extrapolate.

    A wily data transporter would provide all easily detectable VoIP transmissions, and generate digital noise for the expected proportion of VoIP traffic that is conducted via obscure means.

    If your task is impossible, then checking you have carried out your task may also be impossible.

    Moreover, if you suspect your client just likes to see big disk farms and can’t actually receive a fraction of the data let alone process it, then simply record 1% for authenticity and generate the remainder on demand and use the disk farms for something else.

    Must be some Sisyphean law going here?

    If you ask for the impossible you may well receive the impossible.

Previous post:

Next post: