New regulations making it easier for law enforcement to tap Internet phone calls will also make computer systems more vulnerable to hackers, digital privacy and civil liberties groups say.
While the groups don’t want the Internet to be a safe haven for terrorists and criminals, they complain that expanding wiretapping laws to cover Internet calls — or Voice over Internet Protocol (VoIP) — will create additional points of attack and security holes that hackers can exploit.
“Once you enable third-party access to Internet-based communication, you create a vulnerability that didn’t previously exist,” Marc Rotenberg, executive director at the Electronic Privacy Information Center said in an interview Wednesday. “It will put at risk the stability and security of the Internet.”
Acting on appeals from the Justice Department and other law enforcement officials, the Federal Communications Commission voted last week to require providers of Internet phone calls and broadband services to ensure their equipment can allow police wiretaps.
The decision applies to Voice over Internet Protocol providers such as Vonage that use a central telephone company to complete the Internet calls. It also applies to cable and phone companies that provide broadband services.
The companies will have 18 months to comply.
“We recognize that people use different methods for communication and certainly most of the time the people are using the method that they can avoid detection most,” said FBI spokesman Ed Cogswell.
Voice over Internet Protocol technology shifts calls away from wires and switches, instead using computers and broadband connections to convert sounds into data and transmit them via the Internet.
Besides the privacy and security concerns, digital rights experts worry that expansion of the wiretapping law, known as CALEA, will stifle innovation.
“Creativity and innovation will end up moving offshore where programmers outside the U.S. can develop technologies that are not required to address the onerous CALEA requirements,” said Kurt Opsahl, staff attorney at the Electronic Frontier Foundation. “The U.S. companies will face competition from foreign providers who will enjoy an advantage.”
The groups also argue that the FCC doesn’t have the authority to order the companies to make changes to their systems for wiretapping purposes, since CALEA only pertains to telecommunications systems, not information systems like the Internet.
An FCC spokesman declined to comment.
The 1994 Communications Assistance for Law Enforcement Act (CALEA) required the telecommunications industry to build into its products tools that federal investigators can use — after getting court approval — to eavesdrop on conversations.
Lawyers for the Justice Department, FBI and Drug Enforcement Administration asked the FCC in March 2004 to affirm that Voice over Internet Protocol falls under CALEA.