The FCC decision that VoIP must comply with the same wiretapping rules as landlines will open up gaping security holes, "rendering the entire Internet???s application space more vulnerable than it already is," says Internet godfather Vinton Cerf and others.
The Information Technology Association of America has just released a detailed report that examines the implications of applying the federal CALEA wiretapping rules to VoIP, and the findings aren't pretty.
It concludes, "Various attacks, including man-in-the-middle alteration of data (done by attacker interposed between the communication endpoints), capture of identity information and passwords, and many other pernicious behaviors could well be enabled by CALEA-like accommodations."
The report also warns that applying CALEA to VoIP would be bad for business and harm innovation. Because the law would only apply to the U.S. VoIP access and innovation would move offshore. We'd be left behind -- and less secure as well.
The group that wrote the report is made up of technical heavyweights, not only including Cerf. Famed cryptographer Whitfield Diffie of Sun Microsystems, who discovered the concept of public key cryptography, was part of it as well, as are people from Sun, Columbia University, Intel, and even a retired employee of the National Security Agency.
VoIP is already insecure enough, and it seems almost every day there's more news about a VoIP-related exploit or security hole. The last thing we need are new ones, created by the federal government. The FCC is wrong here, and should back off.
