Feeds

Easy VoIP wiretaps coming soon

FCC poised to require CALEA compliance

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Virtually everything done via TCP/IP, with the (for now) exception of instant messaging, is on its way to becoming wiretap-friendly, thanks to a tentative 5-0 decision by the US Federal Communications Commission (FCC) on Wednesday.

Thanks to relentless lobbying and fear-mongering by law enforcement outfits and the companies that sell surveillance equipment to them, all broadband communications, including VoIP, will have to be modified to allow the Feds to patch in easily and immediately, in order to comply with the 1994 Communications Assistance to Law Enforcement Act (CALEA).

VoIP schemes that work only between computers will not be affected. Only so-called 'managed' services - those that allow VoIP and PSTN to communicate - will have to comply. Instant messaging is also exempt, although the Feds lobbied ruthlessly for its inclusion, and will no doubt continue until the government finally gives it to them.

Encrypted VoIP is available, but only through pricey services geared towards corporate clients. It is possible that the FCC action might result in the development of inexpensive encryption solutions for more basic VoIP services, perhaps via TLS (Transport Layer Security), though it is difficult to imagine extending encryption to calls where VoIP and PSTN are communicating.

Other regulatory disputes involving VoIP were not considered in Wednesday's vote. Additionally, 'push to talk' walkie-talkie mobile phone services are equally affected by the CALEA, the FCC has decided. It does not appear that broadband and VoIP providers will receive assistance with the costs of implementing CALEA compliance, unless Congress decides to come to their rescue.

The public comment period for VoIP CALEA compliance is still open, but with such a strong bias visible in Wednesday's preliminary vote, it is highly unlikely that anything can alter the FCC's direction. Final approval is all but certain. ®

Thomas C Greene is the author of Computer Security for the Home and Small Office, a comprehensive guide to system hardening, malware protection, online anonymity, encryption, and data hygiene for Windows and Linux.

Internet Security Threat Report 2014

More from The Register

next story
Brits: Google, can you scrape 60k pages from web, pleeease
Hey, c'mon Choc Factory, it's our 'right to be forgotten'
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
FCC, Google cast eye over millimetre wireless
The smaller the wave, the bigger 5G's chances of success
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.