Feeds

Milking the Internet surveillance cash cow

Wiretap-friendly Web

  • alert
  • submit to reddit

SANS - Survey on application security programs

Pundits and policy-makers are arguing over the legal implications of the FBI's recent petition to the FCC about how to implement the Communications Assistance for Law Enforcement Act. But the Bureau's push to get broadband providers covered under CALEA, which currently applies only to telecom carriers, stands to benefit more than just government spies: a domestic eavesdropping industry stands waiting to sell Internet wiretapping tools and services to cable and DSL companies.

Virginia-based Fiducianet is one such company. Company president Michael Warren has worked on CALEA compliance issues for most of his career, first as an FBI agent in charge of bringing telecom companies into line, and today as an entrepreneur. Because CALEA stipulates that telecom carriers must build their networks to be surveillance-ready for law enforcement, Warren's position at the FBI meant that he was responsible for transforming the country's telephone infrastructure. He worked with manufacturers and carriers to design surveillance tools that could be implemented on thousands of switches across the country.

"Companies spend a great deal of money getting ready for intercept requests from law enforcement," he said. "It costs 250 to 350 dollars for a company to process a subpoena, and they get no return on it. Fiducianet can make it faster and cheaper for them." Warren's business - providing large telecom and broadband companies with both the physical infrastructure and policy know-how to process thousands of court orders and subpoenas - is typical of the new breed of CALEA-related services that are springing up to meet a perceived need for quick and fed-friendly surveillance on digital networks.

What makes CALEA particularly ripe for profit is the law's stipulation that networks must be built with backdoors that meet exacting federal specifications. Experts estimate that CALEA compliance has cost three to five billion dollars since the law's passage in 1994, and if the FBI gets its wish this figure will balloon again as cable companies and DSL carriers scramble to comply. Although the comment period on the FCC petition has just begun, VeriSign is already trumpeting deals with large cable companies that want to stay ahead of the compliance curve. On Monday VeriSign announced a deal with Cox Communications to help with wiretaps on some of the cable company's 6.6 million customers.

John Morris, an attorney with the Center for Democracy and Technology, worries that the FBI's petition will mean that "any new technology that might substitute for phone calls needs to be cleared and approved by the FBI before it can be deployed." These new technologies include VOIP and IM, which are often difficult to wiretap. Former federal agents like Warren will have a leg up on the competition in a tech marketplace regulated by law enforcement's needs.

So will large companies like Cisco and VeriSign, who are already marketing CALEA-compliant "solutions" for broadband carriers. Cisco spokesperson John Earnhardt said the company is merely "reviewing and watching" developments with the FCC petition, but the company already sells a product called BLISS for cable VoIP that includes an optional "CALEA server." A Cisco Web page devoted to lawful intercept issues lists California-based SS8 Networks as one of Cisco's "preferred mediation device equipment suppliers." Manufacturer of the CALEAserver product, SS8 is also partnered with Fiducianet, who uses SS8's Xcipio intercept technology to help bring broadband carriers into compliance with a law that isn't yet applicable to them.

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.