The following text is copyright 2005 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.
More questions than answers
By Scott Bradner
You can't get them all right. Its now been more than a year and a half since I complained that the FCC was trying to deal with the complex issue of wiretapping the Internet "with unseemly haste" and the FCC just released yet another in a series of documents on the topic. This one, like its predecessors, leaves the reader with more questions than answers -- and there are more documents to come.
In March 2004 I reported on a FCC request for comments (RFC) on applying the Communications Assistance for Law Enforcement Act (CALEA) to the Internet and Internet-based services. ("Looking for the dumb ones" - http://www.networkworld.com/columnists/2004/0322bradner.html) The result of that RFC was a "Notice of Proposed Rulemaking" (NPRM) (http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-04-187A1.pdf) published a few months later. (See "FCC chooses middle road on 'Net wiretapping" http://www.networkworld.com/columnists/2004/081604bradner.html.) That NPRM asked for comments on some of the FCC's tentative conclusions. The new document (http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-05-153A1.pdf) represents the FCC's final decision (called an order), based, at least somewhat, on comments received in response to last year's NPRM. The current document also contains a new NPRM and request for comments dealing with a number of topics but is mostly focused on the FCC's conclusion that facilities-based broadband Internet access providers and providers of "interconnected VoIP" are subject to the wiretapping requirements of CALEA.
The logic that the FCC uses is often rather tortured. For example, they say that a VoIP provider that gateways calls to and from the PSTN fits the switching requirement because it "<ITAL>must necessarily</ITAL> use a router or other server to do so." Of course this condition is true of all services offered over the Internet not just interconnected VoIP so where should the boundary be?
You should expect a large pod of lawyers will spend lots of various clients money (including your tax dollars) arguing over the details of the FCC decision and over the authority of the FCC to decide what it did in light of the enabling laws. From my strictly non-lawyer point of view I expect the courts to toss out this set of decisions but that Congress will quickly change the law to produce about the same result.
There is a lot of strangeness in this document. On one had the FCC specifically says that an Internet access provider would have "no CALEA obligations with respect to, for example, the storage functions of its e-mail service" while at the same time implying that the same access provider would have to tap data going into or out of the aforementioned storage. Seems like an irrelevant difference to me.
The FCC definition of an interconnected VoIP provider is strangely worded - if strictly read it says that VoIP providers that both send calls to and receive calls from the PSTN are covered but ones that only go one way are not, nor are ones where the user can use a PSTN gateway provided by a third party as long as the VoIP provider has no specific arrangement for using the gateway.
For you in enterprises, the FCC still considers enterprise networks exempt but has not yet made up its mind about a number of other connectivity providers such as hotels.
This is far from the last word on the topic (including from me - more next week).
disclaimer: Rules like this are music to the ears of law school graduates but I got no input from any of them for the above.