Cox closes wiretap hole for VoIP

Posted by: Ice

Cox closes wiretap hole for VoIP - 04/05/04 07:29 PM

Police can now wiretap Internet phone calls on Cox Communications' network, kicking off a new era for law enforcement.

The cable and broadband provider turned to security specialist VeriSign to supply the know-how, the latter announced Monday.

Law enforcement officers can now eavesdrop on every call made by Cox's nearly 1 million voice over Internet Protocol (VoIP) phone subscribers. Police can already tap calls on 12 of Cox's 13 telephone markets because they rely on traditional phone equipment equipped with eavesdropping abilities. But in December, Cox deployed VoIP, a much cheaper alternative that uses the unregulated Internet. Roanoke, Va., is the first of several small markets where Cox is deploying VoIP technology.

There is no requirement to tap Net phone calls yet, but all broadband providers are feeling pressure from a far-reaching FBI proposal that would require compliance with the 1994 Communications Assistance for Law Enforcement Act (CALEA). This act requires telecommunications carriers to rewire their networks to government specifications to provide police with guaranteed access for wiretaps.

Cable operators "realize they are going to have to do it one day," a VeriSign representative said.

VeriSign Vice President Raj Puri said VeriSign is talking with "all the major cable companies selling VoIP" but did not announce any additional deals Monday.

Cable operator Comcast offers broadband phone service that uses a mixture of VoIP and traditional phone switches. Time Warner Cable and Cablevision are VoIP-only.

Telephone services are playing an increasingly important role for U.S. cable companies, which are winning new customers by offering low-priced bundles of broadband, television and phone services. Traditional phone companies have responded with a "triple play" of services of their own.

Cnet News
Posted by: Gremelin

Re: Cox closes wiretap hole for VoIP - 04/05/04 08:40 PM

Lol, weeve lives there!
Posted by: Phatal

Re: Cox closes wiretap hole for VoIP - 04/05/04 09:16 PM

In all the excitement about moving telephony to the Internet, it turns out there’s a downside: a loss of one’s privacy rights. According to a paper to be published in the Michigan Law Review this summer, the traditional U.S. legal standard for conducting wiretaps does not apply to what is called stored communications. Normally consisting of such things as e-mail, credit card receipts, and telephone records of who was called and when, the category of stored communications might well include voice over Internet protocol (VoIP) calls, if they are archived in the same way e-mails are.

If VoIP calls are considered stored communications, law enforcement officials would not be held to the stringent burden of evidence required to conduct wiretaps, which is stricter even than the requirements to search a home. In stark contrast, the standard for examining stored communications is much lower.

In the Michigan Law Review paper, Peter P. Swire, a professor at Ohio State University’s Michael E. Moritz College of Law, notes that entering someone’s home requires the police to show “probable cause” that evidence of a crime is contained inside. That standard is grounded in the U.S. Constitution’s Fourth Amendment, which protects citizens from “unreasonable searches and seizures.” To wiretap someone’s telephone, law enforcement must not only have probable cause, but also show that it has exhausted any alternatives to conducting the wiretap.

To review stored communications, on the other hand, the government can get a court order under the much lower standard that such records are “relevant to a legitimate law enforcement inquiry.” Indeed, one provision of the controversial USA Patriot Act, passed by the U.S. Congress in the wake of 9/11, “allows the government to secretly get many stored records without any order from a judge,” says Swire.

That VoIP is the future of telephony almost no one doubts anymore. [See “Internet Telephony: Switching to Unswitched,” IEEE Spectrum, January 2004.] In the United States alone, about 300 000 households already buy VoIP telephone service from their cable providers, and many millions more worldwide have downloaded telephony software from services like Free World Dialup and Skype. Hundreds of thousands more buy VoIP service from companies like Vonage, whose fees are about half those of traditional carriers, such as Verizon or Sprint.

There are even schemes to create IP-based cellphone networks. One, by Flarion Technologies Inc. of Bedminster, N.J., is being tested by a major cellular carrier this month.

But with VoIP, telephone calls become little more than audio files, which VoIP software can store in the same way that Adobe Photoshop makes pictures and Microsoft Word makes text documents. It is a virtue of the digital universe we live in that such files can, and probably will, be routinely kept on the servers of our employers and telephony providers.

This feature of VoIP software exposes its Achilles’ heel. Stored records have, by longstanding decisions of the U.S. Supreme Court, no “reasonable expectation of privacy.” As a result, searching of those records with much the same purpose as a wiretap can be conducted without VoIP calls having any Fourth Amendment protection.

Swire served as chief counselor for privacy in the Clinton administration’s Office of Management and Budget, a position that no longer exists. He points out that European privacy law gives more legal protection to stored communications than U.S. law does. The standard there is still lower, however, than that for wiretaps of traditional phone calls.

How easy or hard true VoIP wiretaps would be technically, as opposed to legally, is an open question. The Communications Assistance for Law Enforcement Act of 1994 (CALEA) requires traditional telephone carriers to make their networks available to law enforcement—to facilitate, in other words, the limited number of traditional wiretaps currently conducted.

To what extent that law applies to nontraditional VoIP carriers is a matter that will be determined by Federal Communications Commission regulation, the courts, or further legislation. But that law would apply only to VoIP calls while they are in progress, not the stored versions of them that can reside on the hard disks and backup tapes of Internet providers and system owners.

In corporate settings some phone conversations are already stored, notes Deb Kline, a spokesperson for Avaya Inc., a Basking Ridge, N.J, manufacturer of VoIP equipment. Chief among stored calls are those to sales and customer service that are recorded “for quality assurance.”

What is more, some companies—stock brokerages, for example—are required by law to store e-mail and instant messaging; as VoIP technology becomes more widely deployed, phone conversations may also be included.

On the other hand, none of the phone carriers currently archives conversations, though it’s possible that some might opt to do so soon as a customer service. Some conference calling services offer this feature already.

Daniel Berninger, an independent technology analyst in Washington, D.C., who was involved in several VoIP start-ups, including Vonage and Free World Dialup, says that while some systems, such as Vonage, have central gateways through which all VoIP traffic passes, most systems do not. Packets just fly through the Internet in all directions. If the CALEA bill or other rules apply, such central storage points would have to be created by the systems that don’t have them.

Once telephone conversation files exist, they will be no harder to get hold of than e-mail archives. As students of high-profile cases like the Enron debacle know, unless files are deliberately destroyed, they’ll be sitting on hard disks and archive tapes just waiting to be accessed in times of flood, fire, or felony.

Original article: http://www.spectrum.ieee.org/WEBONLY/wonews/mar04/0304priv.html