CALEA Calls for IP Providers5/19/2006 8:00 PM Eastern
A new Federal Communications Commission rule requiring nearly all voice-over-Internet Protocol service providers to install systems allowing law-enforcement agencies to tap into suspected criminals’ conversations has gained backing from the cable industry. But it also might force some providers to scramble to meet a hard May 2007 deadline.
Under the May 3 order, VoIP-service providers are now subject to the 1994 Communications Assistance for Law Enforcement Act (CALEA), which gives law-enforcement agencies armed with a court order the ability to listen in on phone conversations among suspected felons. Providers of IP-based phone service must install the systems needed to tap into voice data streams no later than May 14, 2007.
The FCC’s final order applies to all voice-over-Internet Protocol service providers, including those who own their own networks, such as cable operators, and those that offer services that connect callers via the public telephone network, such as Vonage Holdings Corp.
|The Call for Calea|
|What it is: The Communications Assistance for Law Enforcement Act|
|When passed: 1994|
|What it requires: CALEA requires that if provided a court order by a law enforcement authority, a voice provider must cooperate in intercepting calls from a specific subscriber and provide the agency record of those conversations.|
|Who must comply: Under a new FCC ruling, Voice-over-Internet Protocol services must now comply with CALEA along with traditional switched phone service providers.|
|Deadline: No later than May 14, 2007.|
It does not apply to providers that don’t use phone lines, such as Skype Ltd.
The VoIP industry has known for some time that the FCC was planning to require CALEA capability, but the action earlier this month clarified that most VoIP players will have to comply, according to Raj Puri, vice president of VeriSign Inc.’s communications-business development group.
VeriSign has developed NetDiscovery, an outsourcing service that supplies CALEA software, network devices and an around-the-clock bureau to process and deliver wiretap requests. Clients include Vonage, Cox Communications Inc. and Time Warner Cable.
While most expected that VoIP players would come under the CALEA regulations, they weren’t expecting the relatively strict deadline, with few allowances for extensions.
“It’s quite clear that the FCC is convinced the technical solutions and standards are our there, and it’s not such a cost-impacting issue that somehow they have to continue to entertain some significant relief,” Puri noted.
A check of the VoIP players elsewhere indicates varying levels of readiness.
Cablevision Systems Corp.’s Optimum Voice service is already compliant with the new CALEA requirements, with systems provided by its softswitch supplier, Siemens AG, according to spokesman Jim Maiella.
Comcast Corp. already complies with CALEA for its switched-voice service, which reaches just north of 1 million customers. It expects to extend that to the VoIP service as well. “We expect to be able to meet all of the CALEA requirements for VoIP when they go into effect,” spokeswoman Jeanne Russo said.
Verizon Communications Inc.’s VoiceWing VoIP service already has the ability to intercept calls for law-enforcement purposes, but the Bell operator is now examining its facilities to see if it needs upgrades to meet the full CALEA requirements, spokeswoman Bobbi Hinson said.
“It’s an issue of available technology, that we comply as far as humanly possible at this point,” she said. “But there are some additional compliance requirements by May 2007, so we expect to meet that.”
AT&T issued a statement that it is “working to comply with the FCC mandate,” but would not elaborate further.
Adding the wiretap capability is not just a slam dunk. Because voice data packets for a particular conversation are mixing with other packets as they move across a private or Internet network, they must be filtered out to provide the wiretap.
“In a VoIP packet environment, the challenge is essentially, how do you identify the appropriate signaling and the voice traffic related to a particular target?” Puri said.
It turns out that can be done in a couple of places in the network — either in the session border controller, which inspects packets as they enter and leave a provider’s network, or in the provider’s soft switch, when it sets up the VoIP connections between caller and recipient. Software developed by VeriSign Inc. and other providers can intercept the data packets for a target conversation, record them and send them on their way with no major delay to the voice stream, so the call participants are not aware they are being monitored, Puri said.
The cost to put a CALEA system in place varies widely, he added, depending on the size of the VoIP provider’s customer base and the type of equipment it has in its network.