Sunday, 14 November 2004
FCC to states: Back off VoIP
This week's FCC ruling [pdf], barring states from specifically regulating VoIP providers, is a good thing in the short run, but the long run is uncertain. On the pro side, VoIP providers are unshackled from a maze of state and local taxes and regulations. On the con side, all the eggs are now in one national basket.
Thursday, 5 August 2004
FCC subjects VoIP to CALEA
The FCC acted this week on Uncle Fed's request that it subject VoIP providers to CALEA, the Communications Assistance for Law Enforcement Act. Last month, the FBI asked the Commission to exercise its authority to extend the group of technologies to which the act applies to include VoIP — in other words, to expand the reach of cheap and easy "wiretapping" for Uncle Fed and other law enforcement agencies. (Well, not literally "wiretapping," as I explained in detail a few months ago: "Wiretapping & VoIP.")
Yesterday, the FCC adopted a Notice of Proposed Rulemaking and Declaratory Ruling [pdf] in which it concluded that broadband providers whose facilities can be used for VoIP should be subject to the surveillance rules that govern traditional phone service providers:
[T]he Commission tentatively concludes that CALEA applies to facilities-based providers of any type of broadband Internet access service — including wireline, cable modem, satellite, wireless, and powerline — and to managed or mediated Voice over Internet Protocol ("VoIP") services. These tentative conclusions are based on a Commission proposal that these services fall under CALEA as "a replacement for a substantial portion of the local telephone exchange service."
Now, it wants public comment on implementation:
The Commission seeks comment on telecommunications carriers' obligations under section 103 of CALEA and compliance solutions as they relate to broadband Internet access and VoIP. In particular, the Commission seeks comment on the feasibility of carriers relying on a trusted third party to manage their CALEA obligations and whether standards for packet-mode technologies are deficient and thus preclude carriers from relying on them as safe harbors for complying with CALEA.
The kicker? Broadband providers are expected to bear the full cost of this law government program:
With regard to costs, the Commission tentatively concludes that carriers are responsible for CALEA development and implementation costs for post-January 1, 1995 equipment and facilities; seeks comment on cost recovery issues for wireline, wireless and other carriers; and refers to the Federal-State Separations Joint Board cost recovery issues for carriers subject to Title II of the Communications Act.
The New York Times has coverage: "F.C.C. Supports Surveillance Rules on Internet Calls". See also Declan's column from last week, for background info: "FBI targets Net phoning."
Thursday, 29 July 2004
VoIP regulation debate brewing
The debate over VoIP regulation has been brewing for several years, and it can be a confusing cacophony for anyone tuning in late. The New York Times was kind enough to run a feature article by Stephen Labaton and Matt Richtel on the subject this week ("Battle Brews Over Rules for Phones on Internet"). The article does a nice job of summarizing the points raised by Uncle Fed, the States, the relatively young "pure VoIP" companies, and the established telecommunications behemoths.
Monday, 15 March 2004
FBI proposes expansive broadband "wiretap" rules
Declan McCullaugh and Ben Charny report on C|Net that Uncle Fed issued a proposal for expedited rulemaking [pdf] which would grant him new and expansive "wiretapping" powers for broadband Internet services. In this case, Uncle Fed is backed by the Federal Bureau of Investigations (FBI), Department of Justice (DOJ) and the Drug Enforcement Agency (DEA).
Two months ago, Uncle Fed asked the Federal Communications Commission (FCC) to do this dirty work for him. FCC Chairman Michael Powell paid some lip service to security concerns at the time, but he has apparently let the request languish. (At least, I have not seen the media report any subsequent FCC actions.) Around that time, I blogged on the word wiretap and complained that it makes a poor analogy to surveillance of digital communications ("Wiretapping & VoIP"). I would like to make the same comment again now and point out that Uncle Fed's newest proposal supports my point even more clearly.
I promise to write more on this in the near future. Unfortunately, I do not have time today to write a multi-volume treatise on the dangers these regulations would pose to civil liberties.
Monday, 12 January 2004
Wiretapping & VoIP
Last week, Uncle Fed (specifically, the Department of Justice, the FBI, and the Drug Enforcement Administration (DEA)) asked the FCC to force providers of voice-over-Internet protocol (VoIP) services to provide easy "wiretapping" capability to federal and local authorities. See Declan's report on C|Net: "Feds seek wiretap access via VoIP." A few comments are in order before the press mangles this situation and manages to obscure the facts. (Not to impugn Declan; I thought his article was good.)
Lawyers are in the language business, so we should examine the word wiretap to shed some light on exactly what Uncle Fed is asking for. Webster's Dictionary defines wiretap as an intransitive verb meaning "to tap a telephone or telegraph wire in order to get information." This definition is too circular to be useful at first, but this circularity becomes important later. Dictionary.com's nominal definition is a better starting point: "A concealed listening or recording device connected to a communications circuit." This was an accurate physical description when the term arose, during electric telegraphy's youth.
In those days, telegraphic circuits were hard-wired — that is, each pair of telegraph stations was connected by a single wire with one operator at each end. (Busy pairs of stations were connected by multiple wires, each one having operators at both ends.) Each transmission wire was plugged into a magnet-driven apparatus at each end that translated incoming electric signals into audible sounds and generated outgoing electric signals when the operator pressed a button. For an excellent beginner's text on early telegraphic technology and the economic and cultural developments it spawned, see Tom Standage, The Victorian Internet (1998).
In this environment, police had two options for surreptitious surveillance: (1) force the operator to disclose a message's contents after he received it, or (2) intercept the signal between the stations. Option 1 was inefficient because it was slow (the police had to wait for someone else to translate the message from Morse code and deliver it to them), and operators could not always be trusted to keep surveillance secret. Therefore, laws were passed that made option two mandatory. Telegraph companies were required to cooperate with the installation of a device (the "tap") onto their transmission wires that allowed the police to siphon off a tiny amount of the electric signal between two stations and send that signal to a police-operated station.
Later, switching technology made telegraphy more flexible. A switching device made temporary connections between transmission wires coming into the telegraph station. This allowed one operator (or more, at busy stations) connected to the switch to monitor several incoming wires simultaneously. Wiretap devices evolved in lock-step with switches and were quickly moved inside the switches so that fewer taps could monitor more transmissions without being physically reinstalled over and over. Whether this new configuration continued to qualify as "tapping" a "wire" is debatable. Early switching devices made temporary physical connections between telegraph wires by means of a third wire. Early switch tapping devices siphoned the electric signal off this switching wire, so there is a plausible argument that the term was still an accurate physical descriptor. Today we would understand the tapping devices as monitoring the operation of the switch device, not an individual wire within the switch. While wiretapping remained a reasonably good logical description of the tapping device's function, its accuracy as a physical descriptor was highly questionable.
The point to take from this is that wiretap first became an ambiguous term more than a century ago. Now reconsider Webster's circular definition, "to tap a telephone or telegraph wire in order to get information." Webster probably intended to denote the tapping of a circuit, not a wire, but we can forgive lexicographers for not being electrical engineers. However, Webster's definition unambiguously means eavesdropping on a single transmission or group of transmissions between two specified end points. In my experience, this is how law enforcers, laymen, and journalists all use the term. To convey the idea of collecting more than this information, they use such words as surveillance, eavesdropping, or data sniffing.
If the introduction of circuit switching made wiretap an ambiguous term, then the introduction of packet switching renders it positively useless. Packet switching is the transmission technology underlying the Internet Protocol, which is used for all Internet (and most local area network (LAN)) transmissions. Packet switching involves breaking data down into tiny pieces ("packets") and sending each packet across the network individually. This system eliminates the need for circuit switching, which dedicates a circuit to each transmission for the duration of that transmission. Few transmissions use the circuit continuously, so circuit switching inevitably involves inefficient "down time" for active circuits. Consider, for example, how frequently people pause while talking on the telephone. No information is transmitted during these pauses, but their circuit is monopolized nonetheless. Other callers cannot use this circuit until the first call ends — which forces the phone company to install a sufficient number of circuits to carry the maximum foreseeable number of transmissions simultaneously. This extra infrastructure is expensive to install and maintain.
Packet switching allows a small number of circuits to accommodate many transmissions because each one uses the circuit only while information is being actively sent. During each pause, the circuit is used for other transmissions. Additionally, different packets from the same transmission often take different routes across the network. Intermediate nodes will send packets along different routes to bypass busy sections of the network to avoid delays, among other reasons. Since packets must reach the destination individually, it must contain complete addressing information so that intermediate nodes can route it appropriately.
The same features that make packet switching more efficient than circuit switching also make it cheaper. (Sarcastic aside: This is as close to a "law" as the "science" of economics can offer us.) They also make it much more difficult to monitor communications. By definition, packets of information do not all travel through a packet-switched network by the same route. Therefore, there is no central box inside which to install a tapping device, as there is in circuit-switched networks.
The good news for law enforcers is that there does exist a place where all packets of a transmission must pass through before they are dispersed. That place is wherever the sender connects to the Internet backbone. "Backbone" is the name for high-speed networks that carry most Internet data until that data gets very close to its destination, at which time it is moved to a smaller (and usually private) network. All packets must travel from the sender's computer to the backbone through some identifiable means of transmission, be it in a cable or via wireless transmission in a form such as Wi-Fi.
The bad news for law enforcers is that each computer (or network) that connects to the Internet is connected via its own "pipe." They must install "tapping" devices on the connection used by each individual computer whose users' communications they intend to monitor. This requires that they get much closer to the target of the surveillance than they did with circuit-switched networks. In the old days, they could install tapping devices inside the switch at the telephone company's office. Conceivably they might do something similar at the target's Internet service provider (ISP). The FBI's (since-renamed) Carnivore project was an example of this. Unfortunately, this arrangement monitored traffic from all the ISP's customers, not just the intended surveillance target. In order to separate the target's transmissions from everyone else's, Carnivore has to read all packets that pass through. The only real solution to this problem is to install a device very close to the target — for example, in the cable that physically connects him to his ISP or at the antenna via which he transmits information to his ISP. This poses two main problems. First, the target may notice an unfamiliar device outside his house or office and become aware of the surveillance. Second, it is expensive because the police need to build many more devices and pay officers for the time it takes to install them at disparate locations.
By now, the linguistic difficulty of referring to any surveillance of data transmitted via the Internet as "wiretapping" should be obvious. At this point, I would like to shift direction slightly and briefly address a few related problems.
First, it is far from clear that the FCC has the authority to regulate VoIP as if it were a telecommunication service. It was widely reported last October that a federal judge in Minnesota ruled that VoIP companies provide "information" services, not "telecommunication" services, which means that states cannot regulate them under the Telecommunications Act of 1996. On the other hand, the 9th Circuit ruled earlier that month that the FCC erred in classifying cable broadband as an "information" service rather than a "telecommunication" service.
Second, according to Declan, Uncle Fed wants the FCC to require VoIP providers "to rewire their networks to guarantee police the ability to eavesdrop on subscribers' conversations." This is technically possible only for a few such services. In my understanding, Vonage sells black boxes that take input from a telephone and transmit data through the user's broadband ISP connection to Vonage's network, where Vonage routes it to another Vonage device or to a circuit-switched telephone network. Therefore, Vonage may be able to install devices that "tap" a specified user's conversations. Other services, however, operate in a fundamentally different way. Skype, for example, does not have any communications network at all. Its client software transmits voice data using the same decentralized P2P architecture found in Kazaa, the popular file-sharing client. (Skype was, after all, designed by the makers of Kazaa.) Therefore, Skype has no capability to install tapping devices, even if it wanted to cooperate with a hypothetical FCC order.
Third, as discussed above, to surveil transmissions on a packet-switched network, the police must read all data packets that pass through. If they ignore any individual packet, they may miss a piece of the message they intend to intercept. This makes it an unavoidable certainty that any "packet sniffer" will collect data that is not legally subject to surveillance — it would exceed the scope of all but the most expansive warrants. (Never mind that any warrant so expansive is probably unconstitutional because it would fail to state with particularity the information intended to be collected). Depending on the environment where the sniffer is installed, it may also collect data transmitted by third parties, who are not the intended targets of surveillance and who have a reasonable expectation of privacy in their communications. This is a Fourth Amendment problem of enormous magnitude — one that is well beyond the scope of this weblog.
Fourth, Uncle Fed's own statistics for 2002 show that about 80% of all wiretaps — both federal and state — were for criminal investigations in the course of enforcing drug laws. Only the remaining 20% were used for all other types of investigations. One is left to wonder whether the alarmist language in Uncle Fed's letter to the FCC was disingenuous: "criminals, terrorists, and spies (could) use VoIP services to avoid lawfully authorized surveillance." Uncle Fed tries to make it sound as if wiretaps are already an effective tool against such people when his own statistics show that wiretaps are rarely used against them. It would be another matter entirely if Uncle Fed intended to use VoIP monitoring technology to enforce drug laws. Even then, none of the dope dealers I knew of in college even knew what "broadband" meant — so it was unlikely that any of them had the equipment necessary to use VoIP. Even if drug importers are more sophisticated, the police can still monitor their communications through conventional warrants and responsible police work.
In conclusion, the only thing I can really say is that Uncle Fed's request is problematic, at best — and I am just a guy with an interest in Internet law, not an expert in history, technology, or constitutional law. If Uncle Fed was trying to start a national debate on the merits of Internet surveillance, it is about time we had one. If he thought he could slip this in under the radar, shame on him.
Tuesday, 6 January 2004
VoIP's real value
Pure VoIP players like Vonage tout their low prices, relative to ordinary telephone service (local plus long-distance). When the big telecom players — AT&T, Verizon, and SBC — announced their plans to launch consumer VoIP services, they all cited the cost savings that VoIP provides. Unfortunately, that cost savings may be illusory at worst or artificial at best:
[S]ome critics say a big reason Vonage and other Internet-based phone providers can cut costs is because they do not have to adhere to the same rules and regulations as the conventional telephone companies on whose local and national networks the Internet providers depend. Even an Internet telephony fan like Jeff Pulver, who was formerly on the Vonage board, acknowledged that a substantial amount of cost savings comes from avoiding the taxes, surcharges and access fees used to support the traditional phone network.
This is one major sticking point. Everyone agrees that this is VoIP's major source of cost savings, relative to ordinary telephone service, but nobody agrees on how to handle it. The NYT article points out another artificial cost savings:
The fact that Vonage is not regulated and did not pay to build the national network may obscure the real cost of providing Internet-based phone service. Likewise, the cost to customers is not as low as it may seem. While consumers may pay less each month for Internet telephone service than for regular phone service, they cannot obtain the service unless they first have high-speed Internet access — on which they are likely to spend $40 to $70 a month. So the ability to use Internet phone service may actually require a total monthly outlay of $100 or more.
Add to this VoIP's dependence on the old guard's "last mile" network. Lather, rinse, repeat.
Thursday, 25 December 2003
2003 tech year in review
C|Net has released five year-in-review features, covering open source, utility computing, VoIP, Wi-Fi, and patents. Each one has a summary introduction and links to C|Net articles from the past year. This is a great way to get up to speed for anyone who fell behind in the news.
Tuesday, 28 October 2003
Law driving innovation
The government should occassionally drive innovation. This is especially true when the potential benefits of a new science or technology are great but the probability of developing products based on them within a reasonable time is small. This is an obtuse reference to the old argument that the government should, in some cases, support "pure" research. In most cases, however, government intervention in the market for research and development (R&D) is unwarranted and even destructive. The case for government intervention absolutely breaks down when market forces have already produced the first viable product. Where multiple products compete, there is no plausible argument yet-made for government intervention.
Sometimes, however, government actions shape innovation as the unintended consequence of legitimate actions taken in another sphere. This is happening right now in the area of copyright law. Since the first Congress enacted the first American copyright act in 1789, copyright law has grown in two directions: more complex and more protective of copyright owners' interests. Both trends have deeply affected copyright markets in the last two centuries. Since the 1976 copyright act — the most recent major overhaul to copyright law in this country — the complexity of the law has had a disproportionate impact on the technologies developed to serve the copyright industry. My theoretical opinion and this practical reality collide in the project of two Massachusetts Institute of Technology (MIT) students.
The New York Times reported yesterday that MIT students Keith Winstein and Josh Mandel have developed a system for distributing music via campus information networks that appears to comply with copyright law and partially render moot the grand public debate over file sharing. (Article: With Cable TV at M.I.T., Who Needs Napster?) The project transmits music over MIT's cable television infrastructure in analog form — thereby taking advantage of the bulk licenses that copyright producers routinely grant to television and radio operators and avoiding digital transmission, which triggers the nastier niceties of the copyright act. This new technology adds precisely zero end-user functionality to existing distribution systems (namely, file sharing networks and radio). Its sole purpose was to formally circumvent a distribution mechanism that copyright producers find objectionable. John Schwartz of the NYT writes that "some legal experts say the M.I.T. system mainly demonstrates how unwieldy copyright laws have become." Mike Godwin, senior technology counsel to Public Knowledge, says the students have "sidestepped the stonewall that the music companies have tried to put up between campus users and music sharing."
Copyright law's burgeoning complexity may be the lifeblood of intellectual property lawyers, but it is bad social policy. I admit this as someone currently aspiring to become an IP and cyberlaw lawyer. Another prime example of complexity breeding bad results lies in the recent episode where the Minnesota Public Utilities Commission (MPUC) tried regulate Vonage and other VoIP providers as telephone service providers. The Federal Communications Commission (FCC) long ago penned the legal distinction between "telecommuniction services," which states may regulate, and "information services," which they may not regulate (because such regulations are preempted by federal law. Vonage and other VoIP providers offer consumers and businesses a method of conducting voice communication, which we would ordinarily recognize as "phone calls." The only difference, from the end-user's perspective, is that his phone is plugged into a black box which, in turn, is plugged into the wall, instead of the phone being plugged directly into the wall. The user still dials a number, talks, and listens just as he would with an ordinary telephone. The problem is that the law created two legal categories and treated them differently. As technology allowed, the market made this distinction spurious at best by offering products that straddled the line between the two categories.
In both cases, the complexities of the law drove technology and they way we use it. In the former, copyright law inspired wasteful development of a system that is, at best, as efficient as preexisting systems. In the latter, the law held up development of a highly efficient technology (compared to what it would replace) with wasteful litigation that sought to resolve whether it was really the old technology or something new. The commonality is the resources consumed by the attempt to apply overly complicated laws to new facts. These examples are drawn from this and last week's headlines. I could probably select one example per week over the last five years, with some effort. I think, however, that my point is made.