I must have missed the FCC's announcement 3 days ago that the FCC was going to require certain broadband and VoIP Providers to accommodate wiretaps. The 59-page FCC report is a bit lengthy for me to digest today, so maybe I'll provide a more detailed analysis tomorrow.
A quick speed read seems to indicate the FCC is going to force Internet providers to accomodate wiretaps, but that doesn't include cafes or hotels that use or pay for Internet service. I guess the FCC is targetting the main ISPs and not resellers of Internet service. Here's a very interesting excerpt that sums up who is covered by CALEA wire-tapping rules:
We conclude that CALEA applies to providers of “interconnected VoIP services.” As defined in our recent VoIP E911 Order,107 interconnected VoIP services include those VoIP services that: (1) enable real-time, two-way voice communications; (2) require a broadband connection from the user’s location; (3) require IP-compatible customer premises equipment; and (4) permit users to receive calls from and terminate calls to the PSTN.108 We find that providers of interconnected VoIP services satisfy CALEA’s definition of “telecommunications carrier” under the SRP and that CALEA’s Information Services Exclusion does not apply to interconnected VoIP services. To be clear, a service offering is “interconnected VoIP” if it offers the capability for users to receive calls from and terminate calls to the PSTN; the offering is covered by CALEA for all VoIP communications, even those that do not involve the PSTN. Furthermore, the offering is covered regardless of how the interconnected VoIP provider facilitates access to and from the PSTN, whether directly or by making arrangements with a third party.
Am I wrong in interpreting this definition to not only include Vonage, Packet8, AT&T CallVantage, but also Skype and any other PC-to-PSTN software? Skype falls under (1), (2), and (4) but not necessarily (3), i.e."require IP-compatible customer premises equipment." The FCC is referring to ATAs (analog telephone adaptors), however the term IP-compatible customer premise equipment is "vague enough" that it could apply to a Personal Computer (PC), which Skype does require.
So while Skype was not covered by the e911 rules, it would appear that CALEA extends not just to typical VoIP broadband providers but also Skype whose SkypeOut service touches the PSTN.
Though I would have thought that granting the U.S. government (FBI specifically) the right to force Skype to make their facilities "wiretap-able" would have made major news three days ago. After all, Skype espouses the fact that it offers privacy, encryption, etc. for its Voice over IP. Maybe I am just misinterpreting the FCC order? I'll have to try and read it in its entirety tonight.
Reading a little deeper, I found this quote:
We find that interconnected VoIP service is not subject to the Information Services Exclusion in CALEA.As we have explained, the legislative history contains much discussion of “information services,” but not once did Congress contemplate that any type of voice service would fall into that category... Most significantly, Congress explicitly distinguished between “information services” that are not covered by CALEA and “services or facilities that enable the subscriber to make, receive or direct calls,” which are covered.
I read a bit more, and if I am interpreting this FCC order correctly, I believe that the FCC is now saying that PC-to-PSTN VoIP calls are covered (including SkypeOut calls) but that PC-to-PC calls fall under the classification of "information service" and are not covered by the CALEA's wiretapping rules. This would mean that Skype-to-Skype calls cannot be wiretapped but if you make a SkypeOut phone call, the FCC could request a wiretap at whomever Skype uses to terminate to the PSTN.
Thus, in reality, Skype wouldn't be the one having to allow the FBI into its facilities - rather Level3, Deltathree, and all other termination service providers used by Skype would have to open their doors for an FBI wiretap. Although I wonder if the FBI could force Skype to pass on the username to their termination service providers to make it easier to wiretap a specific Skype user. That info may already even be sent via SIP for billing purposes, but I'd have to confirm that.
