On Friday, Jeff Pulver posted his concerns regarding the FCC’s First Report and Order on CALEA.. He ended the post thus: “I welcome your thoughts and extension of this dialogue.” Hence this post.
The following is a quick summary of Jeff’s post:
In this post, I am not arguing that CALEA should not be applicable to IP Communications. This will be decided through the political process. Instead my focus is how should it be done IF we decide to require CALEA?
First, I want you to observe that in PSTN, all calls can be intercepted – not just voice calls. So CALEA is not just a voice requirement. Instead it is an access requirement. Then why this specific focus on VoIP?
Second, I want to bring to your attention that complying to CALEA requirement will not only be expensive for VoIP providers; it will also destroy the basic architectural advantage. As Randell Jesup observes in his comments to Jeff’s post, the only way a VoIP service provider can comply with CALEA is for them to deploy media relays and route all calls through them. This is because CALEA requires that the targets must not be able to discern that they are targets. Now we know that it is routine to use media relays to assist in NAT/FW traversal. But they are used only in the initial segment of the call. After the initial period, the media are sent directly between the end-points. For the intercepted calls, the redirection will not take place and the absence of redirection could be an indication of being intercepted. I read in a New York Times article that at most 2000 or so orders are approved for Call Content interception. Given this low number, it is a high price to route the media through a media relay for all calls. But more importantly, this reduces VoIP architecture to be equivalent to PSTN and will require the same level of effort in designing and maintaining the network.
Third, any end-point can decide to interconnect a VoIP service to PSTN. Does an extraneous act force the VoIP provider to comply with this Order?
From these points it is clear that direct translation of implementation of CALEA in PSTN shouldn’t be taken over to IP. Instead it should be adopted. A VoIP provider has access to the signaling information (part of what is called CII) and the ISP access to the media (what is called CC). But the ISP does not which specific flow needs to be intercepted. So if an intercept order grants access to CII alone, the the order will be executed by the VoIP provider. And if the order grants access to CC, the the order should be submitted to both the VoIP provider as well as the ISP. When the call is initiated, the VoIP provider will provide the IP address and port number to the LEA, which in turn will pass it on to the ISP (in real time), which can intercept the media flow accordingly.
A couple of secondary observations. Some have observed that the media could be encrypted thereby nullifying the benefit of interception. This is a red herring. In PSTN, one could use an encrypted (admittedly a weak one) phone, like STU III. That didn’t preclude from the application of CALEA.
I am a bit puzzled about the jurisdictional boundaries. Consider the case where an intercept order is issued for NJ and the target is connecting from NY. Can the call be intercepted?
It is advantageous to allocate many of the regulatory requirements between VoIP providers and ISP by looking at the PSTN model and ascertaining whether it is levied as an access service or as a voice service.
Posted by aswath at October 16, 2005 03:03 AM
Tom Keating covered the FCC CALEA implications weeks ago - before Pulver's post. Pulver cites the same paragraph as Tom did with very similar analysis.
I'd check out Tom's post - lots of comments and feedback there as well.
http://blog.tmcnet.com/blog/tom-keating/voip/fcc-requires-some-broadband-and-voip-providers-to-accommodate-wiretaps.asp