CNET News is reporting that new legislation being drafted by FBI will require ISPs to wiretap conversations and force makers of networking gear to alter their hardware to accommodate that capability. As I mentioned in September of last year, the 1994 Communications Assistance for Law Enforcement Act (CALEA) is ill suited to address the needs of the Internet. While the new legislation could address those problems, it may also eliminate safeguards that are best left in place.
The CNET article outlines four major points from the 27 page report. First, router and switch manufacturers will need to upgrade their equipment to support Internet wiretapping. Second, law enforcement authorities will be able to expand wiretapping beyond VoIP to other Internet services, such as IM. Third, ISPs will be required to sift customer communications to identify only VoIP calls. Finally, the legislation would eliminate the legal requirements for the Justice Department to annually publish a "public notice of the actual number of communication interceptions."
Moving wiretapping from the application to the infrastructure makes economic sense by eliminating the duplicate costs of implementing the technology at the application layer. At the same time, extending wiretapping to other forms of communication brings CALEA into the Internet age. It makes no sense to tap a Vonage call, for example, and not a Skype call or an IM session.
But if the government is going to receive additional capabilities, the security measures and legislation had better be in place to protect against the abuse of those powers. Think of the damage hackers could inflict if they gained access to that surveillance port.
Forgoing the requirement to publish the number of communication interceptions is precisely the wrong step. The public must be given the confidence that the FBI won't repeat the privacy fiasco of that other three-letter government agency.