|
Moving forward on tapping internet calls { August 23 2004 } Original Source Link: (May no longer be active)
http://www.nytimes.com/2004/08/23/technology/23wiretap.htmlhttp://www.nytimes.com/2004/08/23/technology/23wiretap.html
August 23, 2004
The Call Is Cheap. The Wiretap Is Extra.
By KEN BELSON
At first glance, it might seem like the simple extension of a standard tool in the fight against the bad guys.
But in fact, wiretapping Internet phones to monitor criminals and terrorists is costly and complex, and potentially a big burden on new businesses trying to sell the phone service.
Earlier this month, the Federal Communications Commission voted unanimously to move forward with rules that would compel the businesses to make it possible for law enforcement agencies to eavesdrop on Internet calls.
But developing systems to wiretap calls that travel over high-speed data networks - a task that the companies are being asked to pay for - has caused executives and some lawmakers to worry that helping the police may stifle innovation and force the budding industry to alter its services. That requirement, they say, could undermine some of the reasons Internet phones are starting to become popular: lower cost and more flexible features.
The commission's preliminary decision, announced on Aug. 4, is a major step in the long process of deciding how Internet-based conversations could be monitored. Regulators will now hear three months of public testimony on the ruling. Few expect a resolution of the issue this year, but it is not hard to figure out who will ultimately pay for the wiretapping capability.
"All the costs carriers incur are ultimately going to be passed on to the consumer," said Tom Kershaw, vice president for voice-over-Internet services at VeriSign, which provides surveillance support for Internet phone companies.
Tapping Internet phones is far more complicated than listening in on traditional calls because the wiretapper has to isolate voice packets moving over the Internet from data and other information packets also traveling on the network.
While traditional calls are steady electronic voice signals sent over a dedicated wire, Internet calls move as data packets containing as little as a hundredth of a second of sound, or less than one syllable, which follow often-unpredictable paths before they are reassembled on the receiving end to form a conversation.
To make wiretapping possible, Internet phone companies would have to buy equipment and software as well as hire technicians, or contract with VeriSign or one of its competitors. The costs could run into the millions of dollars, depending on the size of the Internet phone company and the number of government requests.
The requirement to cooperate with law enforcement agencies is unlikely to drive any Internet phone company out of business, though it could cut into profits. Last year, the agencies conducted about 1,500 wiretaps, with the bulk of them in major cities like New York and Miami. The Federal Bureau of Investigation has yet to complete a wiretap over Internet phone services.
"It doesn't break the business model, but it means free telephone service is impossible," said John Pescatore, the lead security analyst at Gartner Inc., a research group. "You might see add-on surcharges."
Internet companies are starting to gear up for the federal requirements. Many Internet phone companies, including Vonage, which has the largest number of subscribers, already supply the police with the phone numbers that a person under court-sanctioned surveillance dials and the origin of calls he or she receives, plus information about the connections, like whether a conference call was convened. The vast majority of court orders for wiretapping involve this kind of monitoring, known as "trap and trace," which is typically used at the beginning of an investigation.
The less frequent, but more complicated, monitoring request is to allow the police to listen to conversations as they occur. In those cases, the differences between the architecture of traditional circuit-switched phone networks and the Internet are crucial.
With traditional phone networks, calls are routed through central circuit-switching stations, which connect long-haul phone networks and the wires that go into homes and offices. Typically, phone carriers have installed dedicated servers at or near the switches, which can isolate conversations from a specific phone number and send them to police agencies in a standardized format. In 1994, when federal wiretapping laws were revised, Congress initially set aside $500 million to help carriers pay for this extra equipment to route calls to the police.
In tapping an Internet phone, police first need to find out which company is responsible for maintaining the phone number. That could be a big phone company, a cable company, an Internet phone provider or peer-to-peer services that match callers but do not aid in the transmission of the call. Law enforcement agencies could also ask broadband providers to isolate voice streams on their networks that are traveling to and from a specific location.
"In the circuit-switch world, the caller and content were in the domain of a single carrier," said Julius P. Knapp, a deputy chief in the Office of Engineering and Technology at the Federal Communications Commission. "In the Internet world, you have to identify who is in the best position to get the information."
Once the F.B.I. determines the suspect's Internet phone provider, it orders the company to program its servers to intercept specified calls to and from the suspect's phone. When a phone call is not tapped, the server sends the call to its destination. When a call is to be tapped, the phone company's server instructs an Internet router to make a copy of the call and send it to the law enforcement agency.
The task is complicated because the phone provider has to use special software to sniff out specific voice packets from among all the data packets traveling from the suspect's connection. Unlike traditional phone taps, this process does not reveal the caller's location, because users can plug their Internet phone modems into any broadband connection, even overseas.
But like any security check, this monitoring can slow networks and even degrade the quality of the call. It could also potentially intercept data packets along with other types of voice packets - from cellphones, for example - a possibility that alarms privacy groups worried that the police will collect information beyond their authority.
"The potential for misuse is pretty broad because what you are doing is a form of packet-sniffing," said Lee Tien, a staff lawyer at the Electronic Frontier Foundation in San Francisco. "The problem is that if you are using a sniffer box to perform the interception, you may handle all the traffic going through. In the end, a packet sniffer gets you everything."
Some groups, like the American Civil Liberties Union, say law enforcement agencies are trying to turn phone companies into government spies. Law enforcement groups and service providers, however, say software is sufficiently sophisticated to only siphon relevant calls. They also say that having the companies take charge of finding a solution should allay suspicion that the government is trying to overstep its authority.
The F.B.I. is not trying to use the wiretap law "to dip into the Internet," said one senior official at the bureau.
Another issue involves decoding encrypted conversations. It is easier to encrypt digital conversations than those in an analog format, and a growing number of Internet phone providers are encrypting their calls. Unscrambling the calls requires another piece of software.
"It's an added layer of complexity," said Richard Tworek, the chief executive of Qovia, which provides software to Internet service providers to make sure the networks are running properly.
The biggest challenge, Mr. Tworek and others say, is tracking down phone conversations that are connected by peer-to-peer software. This software essentially piggybacks on the networks of its users; calls are not connected at a central location. To trace such calls, investigators would have to sift through trillions of packets at routers that channel data around Internet networks - a daunting task, industry experts say.
This type of peer-to-peer calling is still emerging, so the threat is rather remote. But some companies that offer this software operate overseas, so they fall outside the jurisdiction of the United States government. The communications commission's recent ruling does not cover this type of peer-to-peer communication.
Industry experts, though, expect this decentralized form of Internet phone service to spread, which will require even more sophisticated Internet wiretapping solutions. About that challenge, Mr. Tworek could only say, "It's a huge headache."
Copyright 2004 The New York Times Company
|
|
