Trouble Ahead: CALEA and VoIP
Sandra Upson writes in IEEE Spectrum:
Last year, the FBI let it be known on Capitol Hill that it would like to extend CALEA to virtually any Internet-based application that allows two people to communicate. Naturally, as VoIP becomes ubiquitous, law enforcement would like to maintain the ability to wiretap. Consumers continue to switch in growing numbers to VoIP services like Skype, and leading companies like Microsoft and Apple have added VoIP features to their videoconferencing software. Both have embedded VoIP in their instant-messaging applications, and the Microsoft Xbox game machine has built into it a way for players to chat during a game, a feature that teenagers sometimes use as a way of making free and convenient phone calls.
But stretching CALEA to encompass all possible VoIP architectures could significantly restrict the number of lawful VoIP system architectures in the United States. That would render it less useful and more vulnerable, claims a June 2006 Information Technology Association of America report, "Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP" [.pdf] The report suggests that the physical security of networking equipment may be compromised, because VoIP provider employees, who may have minimal experience with wiretapping, will need to reconfigure the equipment themselves, possibly introducing problems or exposing it to tampering by others.