Networking exec blasts wiretapping rules
Requirements for broader wiretapping on Net phone and broadband connections are too costly, unwieldy, says Global Crossing.
Paul Kouroupas, vice president of regulatory affairs for Global Crossing, strongly criticized the Federal Communications Commission's broadening of a 1994 law--originally intended to cover telephone providers--as disproportionately costly, complex, and riddled with privacy concerns. His company is one of the world's largest Internet backbone providers.
"Our customers are large Fortune 500 companies--not too many of those companies are conducting drug deals or terrorist activities out of Merrill Lynch's offices or using their phones in that way," Kouroupas said at an event here sponsored by the DC Bar Association. "By and large we don't get wiretap requests, yet we're faced with the costs to come into compliance," which he estimated at $1 million.
At issue is an order issued last fall by the Federal Communications Commission that set a deadline of May 14, 2007, by which most broadband and Internet phone providers are required to reengineer their networks for easier snooping by law enforcement. The move expanded the Communications Assistance for Law Enforcement Act, or CALEA, which Congress wrote to impose obligations on telephone companies, but not Internet providers.
Even without the new FCC rules, police have the legal authority to conduct Internet wiretaps, but they have claimed the need for a "standardized" system. The formal broadening of the rules followed lobbying from the FBI, the Drug Enforcement Administration and the Justice Department, which said they needed to be able to eavesdrop more readily on criminals who spurned traditional telephone lines.
Kouroupas questioned repeatedly whether the rules create an appropriate balance between law enforcement needs and communication provider obligations. After all, he said, federal and state courts only signed off on about 1,700 wiretaps last year. (The secret Foreign Intelligence Surveillance Court authorized about 2,000 more, some of which involved terrorism investigations.) If the government doesn't have the budget to finance its own tapping technology, then why, Kouroupas asked, should it have the right to "deputize the telecommunications industry" to do that work?
Tom Beers, an official in the FCC's Homeland Security Bureau, said companies can file for financial assistance in making their systems compliant--but only if they're able to successfully satisfy 11 criteria outlined by the law.
The agency also plans to stand firm with the May 2007 deadline, he said. In fact, the days of "endless" extensions for achieving CALEA compliance are effectively over for any broadband or voice-over Internet protocol company, he said, because most deployed their equipment after October 1998, thereby exempting them from relief.
Kouroupas and Global Crossing aren't alone in balking at the mandate. A group of organizations and companies that included Sun Microsystems, Pulver.com, the American Association of Community Colleges, the Association of American Universities and the American Library Association lodged an appeal against the rules last fall. But a divided appeals court panel upheld the FCC's rules, dismissing the group's argument that Congress never intended CALEA to force broadband providers--and networks at corporations and universities--to build in surveillance hubs for the police.
Since then, confusion has continued to swirl around who must comply with the expanded rules. What if, for example, Global Crossing provided a virtual private network to a corporation, which then went on to install its own equipment that allows for voice-over Internet protocol traffic? If the cops approach Global Crossing for the voice data alone, the company doesn't have ready access to that isolated stream, Kouroupas said, so it would probably be forced to hand over all of the packets traveling over that company's network.
"Is that really allowed?" he asked. "Aren't these wiretaps supposed to be narrowly tailored?"
Maura Quinn, unit chief of the FBI's CALEA Implementation Unit, acknowledged that it's difficult for officials to say authoritatively who is covered and not covered by the law.
"If there's any question of whether you need to comply," Quinn added, "CALEA is the law of the land, and it's expected people will comply with that."