The Federal Communications Commission is about to introduce new regulations that will give law-enforcement agencies the ability to tap Internet-based voice calls to help thwart terrorism. However, some security experts worry that the Commission's mandate might actually be a driving force in creating underground technology that would make it easier for hackers to gain illegal access to calls make through Voice over Internet Protocol (VoIP) services.
ADVERTISEMENT
According to Frost & Sullivan security-industry analyst Shirley Hunt, there are two main concerns with the FCC creating these regulations. "First of all, the FCC's wiretapping initiative is going to drive the evolution of criminal technology," she said. "Secondly, law enforcement will have to deal with the issue of call encryption."
Hunt explained that call encryption can be both a legitimate business security tool and a means for masking criminal activity. Once the FCC issues the new regulations and VoIP services can be wiretapped just as easily as regular landlines, financial groups, government agencies, high-level corporate officers and even individual consumers all are going to want to protect themselves against potential wiretapping by encrypting their voices.
"But if the government says encryption is stopping them from tapping in to phone calls, is this not a violation of the right to privacy?" Hunt asked. Moreover, if the encryption of voice calls is curtailed or not allowed under the new FCC regulations, then the door stays ajar for criminals, industrial spies and Internet terrorists looking to eavesdrop on sensitive business, financial and government telephone conversations.
Time Frame Questioned
Other analysts say it might be too early to draw any conclusions on these encryption and privacy issues. Some think the FCC is giving law-enforcement agencies carte blanche. Ron Cowles, vice president at Gartner (NYSE: IT - news), believes that it is still too early to draw any conclusions. "All we really have to go on is the original FCC [statement about the mandate]," Cowles said. "But the implication is that law-enforcement officials got together and put together their wish-list for wiretapping."
Cowles pointed out that there already has been a lot of important weigh-in from key industry players. "The FCC is going too far, or not far enough, depending on where you sit," Cowles observed. "But the commission has had a lot of industry participants working on this and has been very good at relying on industry input."
Cowles explained that the FCC is basically trying to replace the old system under which police departments or other law-enforcement agencies could do a wiretap after getting a court order.
"In the old days, all you had to do is clip some monitoring device onto the mainframe and you'd have it," Cowles noted. "But now everything gets packetized, which makes it a lot more difficult. These are the kinds of issues that the commission will be working through, and the FCC's final order will have to address this."
Compliance with the mandate will begin within 18 months of the final release of the order, which is expected any day now, Cowles noted. "But there's a lot of work to be done in the meantime."
Peer-to-Peer Calls
Whatever the commission eventually decides to do, law enforcement is going to have a tough time tapping peer-to-peer network calls, such as those offered by Skype, noted Hunt. Some of these services, given their highly distributed architectures, are not easily penetrated.
"It is not easy to differentiate Skype calls from any other kind of Internet traffic," Hunt said. "Someone using Skype to call the U.S. from overseas can't be tapped. There is no way for law enforcement to get into that network. And many services originate overseas, so you have global security issues as well."
Given the global nature of the technology's use, Hunt believes that if law enforcement were to block Skype as an alternative to not being able to listen to calls made through the service, a huge political backlash would develop. China, for example, recently suffered a worldwide backlash in the media for blocking Skype's VoIP service -- primarily, analysts say, for business reasons, not political ones.
While some VoIP providers, in the interest of privacy, might resist attempts by law-enforcement agencies to tap their networks and listen to their customers' voice calls, some vendors are collaborating with law-enforcement agencies to facilitate the catching of criminals.
"Sprint is actively working with the FBI to streamline the integration of VoIP technologies into the existing infrastructure and help the industry adopt a reasonable, cost-effective approach to assisting law enforcement to perform their duties," said Sprint Business Systems spokeswoman Julie Coker. "The company has actively participated in several FCC queries requesting comment from the industry, and Sprint's comments are filed on the Public Comments section of FCC Web site," she said.
Sprint is also an active participant in the VoIP Security Alliance -- an industry association of VoIP security providers, major carriers, enterprise users of VoIP and government agencies. Thus, some I.T. managers could worry that VoIP wiretaps would increase the cost of enterprise-class VoIP deployments.
"As with most federal regulations, there is always a cost associated with compliance requirements," Coker responded. "The intent here would be to meet these requirements within the Sprint network environment, which would be a value-added service to Sprint customers, so that the cost and level of effort for an I.T. manager to comply would not be significant."
Take It on Faith
As mentioned above, the mandate is generating concern that criminals will stay ahead in the game by continually developing counter-measures to thwart whatever technologies the FCC decides must be deployed to enable the tapping of Internet-based voice calls. "That is the main issue surrounding anything that law enforcement does with technology," Hunt noted. "The criminals always seem to be ahead."
Besides technology, criminals also have other advantages, Hunt added. "The criminals also have more options than law enforcement has, which not only has to operate within the law but also must be sensitive to social issues," he observed. "Even so, law enforcement needs to keep up with the criminals as best they can."
Cowles thinks technology might still give law enforcement an edge over criminals. "It might be that there'll be ways that the bad guys will figure out how to avoid these things, but you got to have a little faith in the industry," Cowles advised. "It has already been forthcoming on a lot of things, such as E911 connections and so forth."
Cowles is certain that whatever solutions the industry eventually proposes to the FCC, the regulations will be far more reasonable than just working under a government mandate where bureaucrats determine what law enforcers will be doing. "In this case, it is the industry that is doing the right things by being forthcoming and providing solutions," he said.
http://news.yahoo.com/s/nf/20050929/tc_nf/38089;_ylt=Ar0D28JnKLTA3iBrwnLDA6gjtBAF;_ylu=X3oDMTBiMW04NW9mBHNlYwMlJVRPUCUl
ADVERTISEMENT
According to Frost & Sullivan security-industry analyst Shirley Hunt, there are two main concerns with the FCC creating these regulations. "First of all, the FCC's wiretapping initiative is going to drive the evolution of criminal technology," she said. "Secondly, law enforcement will have to deal with the issue of call encryption."
Hunt explained that call encryption can be both a legitimate business security tool and a means for masking criminal activity. Once the FCC issues the new regulations and VoIP services can be wiretapped just as easily as regular landlines, financial groups, government agencies, high-level corporate officers and even individual consumers all are going to want to protect themselves against potential wiretapping by encrypting their voices.
"But if the government says encryption is stopping them from tapping in to phone calls, is this not a violation of the right to privacy?" Hunt asked. Moreover, if the encryption of voice calls is curtailed or not allowed under the new FCC regulations, then the door stays ajar for criminals, industrial spies and Internet terrorists looking to eavesdrop on sensitive business, financial and government telephone conversations.
Time Frame Questioned
Other analysts say it might be too early to draw any conclusions on these encryption and privacy issues. Some think the FCC is giving law-enforcement agencies carte blanche. Ron Cowles, vice president at Gartner (NYSE: IT - news), believes that it is still too early to draw any conclusions. "All we really have to go on is the original FCC [statement about the mandate]," Cowles said. "But the implication is that law-enforcement officials got together and put together their wish-list for wiretapping."
Cowles pointed out that there already has been a lot of important weigh-in from key industry players. "The FCC is going too far, or not far enough, depending on where you sit," Cowles observed. "But the commission has had a lot of industry participants working on this and has been very good at relying on industry input."
Cowles explained that the FCC is basically trying to replace the old system under which police departments or other law-enforcement agencies could do a wiretap after getting a court order.
"In the old days, all you had to do is clip some monitoring device onto the mainframe and you'd have it," Cowles noted. "But now everything gets packetized, which makes it a lot more difficult. These are the kinds of issues that the commission will be working through, and the FCC's final order will have to address this."
Compliance with the mandate will begin within 18 months of the final release of the order, which is expected any day now, Cowles noted. "But there's a lot of work to be done in the meantime."
Peer-to-Peer Calls
Whatever the commission eventually decides to do, law enforcement is going to have a tough time tapping peer-to-peer network calls, such as those offered by Skype, noted Hunt. Some of these services, given their highly distributed architectures, are not easily penetrated.
"It is not easy to differentiate Skype calls from any other kind of Internet traffic," Hunt said. "Someone using Skype to call the U.S. from overseas can't be tapped. There is no way for law enforcement to get into that network. And many services originate overseas, so you have global security issues as well."
Given the global nature of the technology's use, Hunt believes that if law enforcement were to block Skype as an alternative to not being able to listen to calls made through the service, a huge political backlash would develop. China, for example, recently suffered a worldwide backlash in the media for blocking Skype's VoIP service -- primarily, analysts say, for business reasons, not political ones.
While some VoIP providers, in the interest of privacy, might resist attempts by law-enforcement agencies to tap their networks and listen to their customers' voice calls, some vendors are collaborating with law-enforcement agencies to facilitate the catching of criminals.
"Sprint is actively working with the FBI to streamline the integration of VoIP technologies into the existing infrastructure and help the industry adopt a reasonable, cost-effective approach to assisting law enforcement to perform their duties," said Sprint Business Systems spokeswoman Julie Coker. "The company has actively participated in several FCC queries requesting comment from the industry, and Sprint's comments are filed on the Public Comments section of FCC Web site," she said.
Sprint is also an active participant in the VoIP Security Alliance -- an industry association of VoIP security providers, major carriers, enterprise users of VoIP and government agencies. Thus, some I.T. managers could worry that VoIP wiretaps would increase the cost of enterprise-class VoIP deployments.
"As with most federal regulations, there is always a cost associated with compliance requirements," Coker responded. "The intent here would be to meet these requirements within the Sprint network environment, which would be a value-added service to Sprint customers, so that the cost and level of effort for an I.T. manager to comply would not be significant."
Take It on Faith
As mentioned above, the mandate is generating concern that criminals will stay ahead in the game by continually developing counter-measures to thwart whatever technologies the FCC decides must be deployed to enable the tapping of Internet-based voice calls. "That is the main issue surrounding anything that law enforcement does with technology," Hunt noted. "The criminals always seem to be ahead."
Besides technology, criminals also have other advantages, Hunt added. "The criminals also have more options than law enforcement has, which not only has to operate within the law but also must be sensitive to social issues," he observed. "Even so, law enforcement needs to keep up with the criminals as best they can."
Cowles thinks technology might still give law enforcement an edge over criminals. "It might be that there'll be ways that the bad guys will figure out how to avoid these things, but you got to have a little faith in the industry," Cowles advised. "It has already been forthcoming on a lot of things, such as E911 connections and so forth."
Cowles is certain that whatever solutions the industry eventually proposes to the FCC, the regulations will be far more reasonable than just working under a government mandate where bureaucrats determine what law enforcers will be doing. "In this case, it is the industry that is doing the right things by being forthcoming and providing solutions," he said.
http://news.yahoo.com/s/nf/20050929/tc_nf/38089;_ylt=Ar0D28JnKLTA3iBrwnLDA6gjtBAF;_ylu=X3oDMTBiMW04NW9mBHNlYwMlJVRPUCUl