About S. 2281, the VoIP Regulatory Freedom Act of 2004 - Here's some more specific background on the issue:
ACLU Letter to the Senate Commerce, Science and Transportation Commitee Expressing Concerns about S. 2281, the VOIP Regulatory Freedom Act of 2004 (7/21/2004)
The Honorable John McCain
Chairman, Senate Commerce, Science and Transportation Committee
The Honorable Ernest F. Hollings
Ranking Minority Member
Senate Commerce, Science and Transportation Committee
Re: S. 2281, the VOIP Regulatory Freedom Act of 2004
Dear Chairman McCain and Ranking Member Hollings:
We write to express our concerns about S. 2281, the VoIP Regulatory Freedom Act of 2004, specifically, the issue of extending the Communications Assistance to Law Enforcement Act (CALEA) to voice over Internet protocol (VoIP) applications. While S. 2281 appears to NOT extend CALEA to VoIP, that is not entirely clear, and we understand there may be some amendments in markup to explicitly to do so. We urge you to reject any extension of CALEA to VoIP, as it is unnecessary, unwise, and would lead to a serious loss of privacy. We do, however, urge you to support the McCain amendment which maintains the status quo and requires a report from the GAO and the FCC on many aspects of the advisability of extending CALEA to VoIP.
Background
In 1968, Congress passed Title III of the Omnibus Crime Control And Safe Streets Act ("Title III") to establish clear procedures for obtaining the necessary judicial authorization to conduct electronic surveillance.[1] Smith v. Maryland was the first case in which the Supreme Court construed the strict requirements of Title III.[2] In doing so, the Smith court delineated the distinction between evidence collected by a pen register, which only records the numbers dialed by a telephone,[3] and evidence recorded by wiretap, which records the entire content of a vocal conversation.[4] According to Smith, the Fourth Amendment does not protect information collected by a pen register; whereas, it does protect conversations recorded by wiretap.[5]
In response to the Smith Court's distinction between pen registers and wiretaps and new developments in telecommunication and personal computer technology, Congress amended Title III in 1986 when it passed the Electronic Communications Privacy Act ("ECPA").[6] ECPA made two critical changes to Title III. First, ECPA broadened the coverage of Title III to include electronic communication technologies such as e-mail, fax, mobile telephone, and paging.[7] Second, ECPA created a hierarchy of government standards to account for the Smith distinction. The standard for obtaining a wiretap is higher than the standard for obtaining a pen register.[8] Title III, as amended over the years, continues to govern the procedures law enforcement must follow to obtain surveillance warrants.
Recognizing the rapid deployment of new telecommunications and Internet protocol ("IP") technology since the last amendment to Title III, Congress passed the Communications Assistance for Law Enforcement Act ("CALEA") in 1994 to preserve law enforcement's ability to conduct constitutionally valid searches in the modern technological era.[9] Among other things, CALEA requires all "telecommunications carriers"- such as AT&T, who transmit wire or electronic communication as common carriers for hire-to fit their networks with the ability to accommodate authorized electronic surveillance, i.e., make their networks wiretap-ready. [10] In passing CALEA, however, Congress carefully exempted from regulation non-telecommunication providers of information services, such as AOL.[11]
This year, law enforcement filed a joint petition[12] to the Federal Communications Commission ("FCC"), urging the commission to enact CALEA-implementation rules that reach some information services, specifically voice over Internet protocols (VoIP). Law enforcement hopes the FCC will require VoIP service providers to make their networks wiretap-ready.[13] Because Congress specifically exempted information services such as VoIP from CALEA, the FCC has no authority to do so. As a result, S. 2281 seeks to clarify what authority the FCC possesses in this area.
S. 2281directs VoIP service providers to provide assistance to law enforcement "not less than that required of information service providers."[14] It further bars the FCC from enacting any regulation of VoIP that is not specifically authorized under the bill. When read together these two sections make clear that S. 2281 does not authorize the imposition of CALEA on VoIP and bars the FCC from doing so by regulation. This sensible distinction between telecommunications services and information services gives VoIP the necessary freedom to develop without, as we discuss below, hindering law enforcement. The proposed McCain amendment further clarifies that the bill does not authorize extension of CALEA to VoIP by requiring further study on the issue.
CALEA Should Not Be Extended to Cover VoIP Applications
Because we understand there may be amendments proposed to specifically extend CALEA to VoIP applications, we address here the reasons why such amendments should be rejected.
First, ECPA allows law enforcement to obtain surveillance warrants for the entire range of IP applications, making the extension of CALEA to VoIP unnecessary. ECPA requires that all communications providers, including those offering VoIP, comply with a lawful wiretap order[15] and the communications industry has fully complied with that legal requirement. Furthermore, law enforcement has provided no evidence to suggest that wiretapping existing, non-CALEA-compliant IP networks has been more difficult than wiretapping CALEA-compliant public switched telephone networks ("PSTN"). Thus, there is no compelling reason to extend CALEA to VoIP.
Second, extending CALEA to the Internet would endanger the privacy of every American. Building in a "back-door" to provide easy access for law enforcement also creates a loophole that can be exploited by hackers, criminals and terrorists. Furthermore, over the last decade, law enforcement has used its ability to set standards to push for increasing amounts of information under more limited trap and trace orders that are not supposed to contain the content of calls. As the line between content and location information blurs with greater Internet communications, this problem will only grow worse.
Third, applying CALEA to the Internet presents a possibly insurmountable technical nightmare. Telephone networks run on the same PSTN standard regardless of carrier; whereas, different Internet service providers employ different network designs. This non-standard architecture would make application of CALEA to VoIP an expensive proposition and perhaps technically impossible. Additionally, service providers cannot easily isolate VoIP applications and leave the remainder of IP applications unaltered. Therefore, applying CALEA to VoIP would inevitably mean giving law enforcement the ability to snoop on all Internet communications. According to Stewart Baker, former General Counsel for the National Security Agency, "It would be difficult to set up a network so that you could only intercept voice packets and not the others. The likely result here is that you'll have modifications that are useful for law enforcement not just for voice packet but for other packets as well."[16]
Finally, retrofitting VoIP networks with interception capability would be cost prohibitive for VoIP service providers. When Congress enacted CALEA in 1994, it allowed the Attorney General to reimburse telecommunications carriers for their compliance costs. This fact, however, does not comfort VoIP service providers for two reasons. First, the current fiscal landscape suggests that Congress will likely not reimburse VoIP service providers. To compensate for the increased expenditure, VoIP service providers will have to pass the costs on to consumers. Increased consumer prices would destroy VoIP's main attraction: low cost. Second, even if Congress decided to reimburse VoIP service providers, the initial upfront costs of compliance may be too great to bear. In a developing technology sector such as VoIP, capital is best spent on research and development.[17] Everyone benefits from more efficient, cheaper services. Ultimately these higher costs defeat the entire purpose of CALEA because they drive the development of VoIP to other, less costly, countries. Worse, they have the potential to deprive America of a burgeoning new industry and the jobs it creates.
Because wholesale importation of PSTN standards to the Internet would be a nightmare, it is only prudent that further study be undertaken to understand what problems law enforcement may have, as well as possible implementation strategies that would be less cumbersome. The McCain amendment lays the groundwork by maintaining the current situation while requiring studies from the GAO and the FCC. We therefore urge support of this amendment.
Conclusion
The Internet has become a vibrant force for free speech and expression, largely because Congress has wisely seen fit to leave it largely unregulated. Given the distinctions between the Internet and the PSTN, merely extending a regulatory scheme designed for the PSTN to the Internet could have disastrous consequences, as well as being unnecessary. For all of these reasons, we urge you to reject any amendments to extend CALEA to VoIP, and make that Congressional intent clear. No such extension should occur without further study and debate.
Sincerely, Laura W. Murphy
Director
Marvin J. Johnson
Legislative Counsel
Cc: Committee Members
|
