Gary Audin
Gary Audin is the President of Delphi, Inc. He has more than 40 years of computer, communications and security...
Read Full Bio >>

Gary Audin | January 30, 2011 |


Wiretapping in a Hosted VoIP World

Wiretapping in a Hosted VoIP World You may think that expanded FBI powers won't affect the enterprise. Don't be so sure.

You may think that expanded FBI powers won't affect the enterprise. Don't be so sure.

Wiretapping exists, legally, for the benefit of law enforcement to protect the citizens of the U.S. But what if the wiretapping rules are extended so far that technology innovators must first get approval from the federal government BEFORE offering new technologies that affect wiretapping capabilities? How will the requirements affect hosted/cloud based service providers?

The U.S. promotes a free [from intrusion and government content control] Internet but criticizes countries that operate with a poor human rights record. How can the U.S. be a leader in this case while the FBI does a similar intrusion of communications? Will the changes force cloud providers to only locate their sites in the U.S? What are the ramifications for multi-national enterprises with sites outside the U.S?

Gregory T. Nojeim, who is the senior counsel for the Center for Democracy & Technology posted at The Hill’s Congress Blog, a piece entitled, “New wiretapping mandates could harm privacy, innovation and security". I think the blog is worth reading because it highlights the possible ramifications that may emerge if the FBI gets its way. The following is an excerpt from that blog--the entire thing is worth reading.

The Federal Bureau of Investigation wants statutory authority to control Internet technologies to make them even more intrusive and easier to intercept. According to a New York Times [article], the FBI wants to be able to force innovators to design their communications applications to be wiretap-friendly. The proposal has not yet been made public and is still under discussion among federal agencies, so it is not clear who or what would be covered or what changes the FBI desires. Among other companies, the FBI has mentioned Skype, which provides encrypted VOIP (voice over Internet Protocol) services, and RIM, which makes the popular BlackBerry. Taking the FBI claims at face value, they would be compelled to design their services to ensure government access to unscrambled communications. [Hosted/cloud services will likely be affected as well as enterprise based systems]

If enacted in law, the FBI plan would likely expand electronic surveillance that is already at record levels. In 2009, 2,376 federal and state wiretaps were placed for criminal purposes--more than in any prior year. (And that’s not counting the 1,320 intelligence intercepts in 2009.) On average in 2009, 3,763 communications were intercepted in every criminal wiretap, yet 82 percent of monitored calls were non-incriminating, according to the government’s own data. At the same time, the legal restraints on surveillance have been steadily relaxed--especially since the September 11 attacks. Examples include the 2001 PATRIOT Act, the 2008 FISA Amendments Act, and the steady addition of relatively minor crimes to the list of offenses for which wiretapping is permitted. If the legal standards are weak and the technology of wiretapping is friction-free, where are the limits on government power?

The government already has control over the facilities connecting people to the Internet. In 1994, Congress adopted the Communications Assistance for Law Enforcement Act (CALEA), requiring traditional telephone companies and cellular providers to design their switching equipment to a government-approved standard to facilitate wiretapping. In 2005, those requirements were extended to all providers of broadband Internet access. The latest proposal, however, focuses on the most dynamic parts of the Internet: the diverse services and applications that ride on top of the Internet.... The U.S. has been a global leader. To require government pre-clearance for the innovator making the next great communications application in his garage or dorm room [could block new innovations]. Some current applications would have to change so drastically that they would become unrecognizable to current users. Others might be outlawed altogether.

In essence, the FBI is asking that applications have a built in back door to facilitate government wiretapping. However, such back doors can also be exploited by hackers and identity thieves. This will exacerbate the cyber security challenges we already face.... More back doors means less-secure networks.

The FBI proposal faces an uncertain path. Legislators of both parties already concerned with the size and intrusiveness of government should insist that the FBI fully document not only the problem but also how they expect their solution to work without opening new security vulnerabilities or forcing the redesign of some widespread and valuable services. And those who want the government to facilitate rather than impede job creation among small businesses should not overlook the uncertainty that these proposed mandates would create and the drag they would put on innovation and on the development of new services.

You may think this FBI effort will not impact the enterprise. But consider the VoIP communications that occurs in the financial industry, healthcare and state and local government agencies. Will they have to revise their security and privacy rules to satisfy the FBI? Even if these organizations accept the FBI's changes, what will be the financial costs to comply?


April 19, 2017

Now more than ever, enterprise contact centers have a unique opportunity to lead the way towards complete, digital transformation. Moving your contact center to the cloud is a starting point, quick

April 5, 2017

Its no secret that the cloud offers significant benefits to enterprises - including cost reduction, scalability, higher efficiency, and more flexibility. If your phone system and contact center are

March 22, 2017

As today's competitive business environments push workforces into overdrive, many enterprises are seeking ways of streamlining workflows while optimizing productivity, business agility, and speed.

April 20, 2017
Robin Gareiss, president of Nemertes Research, shares insight gleaned from the firm's 12th annual UCC Total Cost of Operations study.
March 23, 2017
Tim Banting, of Current Analysis, gives us a peek into what the next three years will bring in advance of his Enterprise Connect session exploring the question: Will there be a new model for enterpris....
March 15, 2017
Andrew Prokop, communications evangelist with Arrow Systems Integration, discusses the evolving role of the all-important session border controller.
March 9, 2017
Organizer Alan Quayle gives us the lowdown on programmable communications and all you need to know about participating in this pre-Enterprise Connect hackathon.
March 3, 2017
From protecting against new vulnerabilities to keeping security assessments up to date, security consultant Mark Collier shares tips on how best to protect your UC systems.
February 24, 2017
UC analyst Blair Pleasant sorts through the myriad cloud architectural models underlying UCaaS and CCaaS offerings, and explains why knowing the differences matter.
February 17, 2017
From the most basics of basics to the hidden gotchas, UC consultant Melissa Swartz helps demystify the complex world of SIP trunking.
February 7, 2017
UC&C consultant Kevin Kieller, a partner at enableUC, shares pointers for making the right architectural choices for your Skype for Business deployment.
February 1, 2017
Elka Popova, a Frost & Sullivan program director, shares a status report on the UCaaS market today and offers her perspective on what large enterprises need before committing to UC in the cloud.
January 26, 2017
Andrew Davis, co-founder of Wainhouse Research and chair of the Video track at Enterprise Connect 2017, sorts through the myriad cloud video service options and shares how to tell if your choice is en....
January 23, 2017
Sheila McGee-Smith, Contact Center/Customer Experience track chair for Enterprise Connect 2017, tells us what we need to know about the role cloud software is playing in contact centers today.