North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: S.2281 Hearing (was: Justice Dept: Wiretaps...)

  • From: Sean Donelan
  • Date: Mon Jun 21 01:35:47 2004

On Mon, 21 Jun 2004, John Curran wrote:
> Looks pretty clear to me:  assistance requirements (i.e. the requirement
> to have LI capacity and mechanisms in place in advance) should apply to
> all providers, and in particular, that VoIP providers who do not provide
> direct PSTN access (e.g. FWD, Skype) should not get an exception here
> as specified in the draft bill.

And what would satisfy those law enforcement requirements?  In 10 years
of CALEA, law enforcement has never agreed anything done was good enough
to satisfy CALEA.  Instead, LEAs have repeatly stated all attempts at
compliance so far have been deficient. If LEA thinks everything the PSTN
tried to do was deficient, why does anyone think applying the same regime
to other things will be any more successfull at meeting LEA's requirements?

If law enforcement was trumpeting the success of CALEA, how much money it
saved, how it caught criminals, how it saved lives; there might be a
better argument for extending it to all communications.  The problem is
law enforcement has said CALEA is a failure in its eyes, so why do we
want Congress to expand a broken regime?

What's goofy is when ISPs perform investigations, they use lots of tools
which could be useful to law enforcement.  Some of those tools don't have
a clear equivalent in other types of communication systems.  So law
enforcement asks for things that don't always make sense simply because
that's what is in the order.

Why do both pen registers and mail covers exist?  Because the law followed
the technology.  When law enforcement does a mail cover, they get what
a mail cover includes.  The post office doesn't cover up the return
address on the envelope because law enforcement only had a pen register
order, but not a trap and trace order for the postal envelope.  When
developing systems for the PSTN, it turned out to be easier to collect
the outgoing dialed digits on a phone line than the incoming calling
number (pre-ss7 days).  So the law split called numbers from calling
numbers instead of trying to extend the postal service mail cover into
the telephone.  Trying to force the technology just makes everything
grumpy.  Do you pay a $10,000 fine everytime you fail to include the
return address on a postal letter?

Other technologies have similar natural boundaries.  The US J-STD-25 and
the EU ETSI frameworks are trying to go backwards.  It creates a
very complicated framework.  Great for interception vendors, lousy for
everyone else.  What are the natural boundaries and how do they match
up with people's expectations of privacy or other legal structures?