« Do Managed Services Make Sense? | Main

Innovation and Legislation

It often seems as if legislation is written to address technical issues that existed years prior. As noted in a soon-to-be-published e-newsletter for Network World, this has been a chronic problem for many years. With issues from intellectual property rights to the deployment of new telecommunications system capabilities, implementors run the risk of being out of compliance with regulations if they use systems that provide "best practices" for their business.

As soon as it is available, we'll provide the URL for the archived version of the above-mentioned newsletter. In the meantime, we invite your comments and discussion on how you deal with this issue - and how regulatory compliance has (or has not) affected the productivity of your business.


Your recent article "Does the wiretapping law stretch to Skype?" brings to mind some discussions and experiences I've had on this and related topics. When I was working for a telecoms manufacturer a couple of years ago, we discussed the applicability of CALEA to our switching & routing equipment. The general consensus was that wiretapping of voice calls had to be done as close to the endpoints as possible; there are just too many alternate paths for the "voice traffic of interest" once it gets into the SP network, and identifying it becomes increasingly difficult the further it gets from the endpoints.

So how do you track down the source or destination point of the "voice traffic of interest"? For traffic coming from people's homes or small businesses, the SP can lookup the cable/DSL modem MAC address, the IP address assigned by their DHCP server, or the VC in use. Of course, with multiple users in the same home or small business behind a firewall/NAT/router, more than the "voice traffic of interest" would have to be captured, identified, and culled.

For enterprise users, the law enforcement authorities would have to work with the internal IT staff to identify the "voice traffic of interest" using similar means - their MAC or IP address, primarily. And as with consumer network connections, more than the "voice traffic of interest" would have to be captured (likely via port mirroring on a switch), identified, and culled. What about the privacy rights of everyone else whose traffic is captured?

This reminds me of when we first setup a firewall for an enterprise Internet connection back in 1999. We started looking at the logs of websites that people were going to, and found someone was regularly hitting some porn sites. Working backwards from their internal IP address and checking the records of our DHCP server, we were able to identify the culprit and report him to his manager. Not all that hard to do on an internal network that you manage and control.

But how do you allow law enforcement authorities to do this? They'd have to get a court order to work with the IT staff to monitor the internal network to capture the traffic of a "person of interest" - which probably will result in a that person getting tipped off to the surveillance, or in too many other persons' traffic being captured, or in the "traffic of interest" not being captured at all - what if the target is moving around using an enterprise wireless network with a VoIP phone?

In short, because there are so many means and devices to use for voice communications, I don't see how CALEA can be effectively applied to VoIP traffic. The connections used are all virtual, temporary, and potentially mobile. If I'm using Skype with headset and a laptop or a Vonage IP phone, I can go to work, home, a hotel, the local coffee shop - anywhere a wired or wireless Internet connection is available - and make calls without anyone being able to track them unless I'm being followed around by someone with a wireless packet capture device that can only be effective when I use a non-encrypted wireless network. A no-win situation!

The bottom line is that E911 funds should come from a local general tax, not a tax on any number of communications devices that might want to tap the E911 services in the event of an emergency. It's already outdated to believe that these services should be funded exclusively by fees on POTS/cell customers.

Regarding USF -- this is ridiculous. It's another example of bad government. Having phone service isn't a right. It's a privilege. If you want it and you live in an area where providing it is difficult, it shouldn't be guaranteed. Besides, aren't we talking the 2% factor again? That is, 98% of the U.S. population can get access to modern communications. It's the 2% who live in a swamp or on the other side of a 10,000' mountain range with no electricity or running water. If they want communications, let them buy a ham radio and get a license. Either that or they can fund a satellite earth station capable of some kind of two way communication. Why in the heck would our government create a massive, billion dollar kickback fund with all sorts of loop holes on who qualifies to receive "help" when providing service of last resort to "unprofitable" areas. Something's rotten.

Contrast the USF with "universally funded" police, fire and ambulance service. Do we really believe the individual living in the middle of a swamp or near that mountain range has equivalent access to these services? Why don't we have to pay for a police/fire substation and a helicopter pad near these folks? Oh -- that's a risk of their choice? Well then so to goes the phone service.

Granted -- these are extreme .00001% examples but I don't see much difference between that and a rural area with 10 people/square mile. If they want phone service, let them form a coop. Didn't they do this for electricity? Where's the electricity USF? How was 99.999% of the U.S. wired for electric and how are those lines maintained without an electricity USF?

Also -- I thought cable and DSL connections paid into this fund. If VOIP rides on an already-taxed connection, is this new rule about VOIP USF double taxation?

Post a comment