John, While I agree that not many domestic (or EU) vendors will offer services contrary to the law in this area, do you truly believe this won't simply cause companies that really want to make money in this market to move to places where the laws are less difficult? Afterall, I can get pretty good fiber connectivity in Malaysia or other parts of Asia/SoPac without really needing to worry much about any sort of LI procedures. As long as the company offering the services does so via a web site and can collect on credit card billings (even if they have to keep rotating shell companies that do the billings), money can be made without dealing with US regulations. Frankly, the harder DOJ works on pushing this LI crap down our throats, the more damage they will do to US internet industry and consequently the more job-loss they will create. Terrorists that are sophisticated enough to be a real threat already know how to: 1. Cope with lawful intercept through disinformation and other tactics. 2. Encrypt the communications (voice or otherwise) that they don't want intercepted -- It's just not that hard any more. I think the only advantage to DOJ working this hard on LI capabilities is that it may raise public awareness of the issue, and, may help get better cryptographic technologies more widely deployed sooner. Other than that, I think it's just a lose all the way around. Owen --On Sunday, June 20, 2004 09:43:32 PM -0400 John Curran <jcurran@istaff.org> wrote:
At 8:20 PM -0400 6/20/04, John Todd wrote:
I think that while the debate about CALEA's short-term legislative extension to cover VoIP services is certainly interesting and scary, I fail to see how it will be relevant in the coming years as the market progresses. Because of the quickly growing diversity of VoIP technology, interconnection methods, and customer/vendor hierarchies, I do not believe it will be possible to enforce (or even legislate) an interception policy that is effective without extensive and draconian technical and legal methods.
JT -
It's not just the US Goverment with interest in this matter. Lawful Intercept has basis in both EU directives and laws of many member states. The last RIPE meeting had a very good presentation by Jaya Baloo on this particular topic, and I'll note that describes an ETSI framework for a lot more than just facilitating VoIP intercept:
<http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-eof-etsi. pdf> As I noted earlier, the coming reality of abundant, ad-hoc, encrypted, p2p communication is going to eventually make efforts to facilitate just VoIP intercept seem quaint, unless we all recognize that only most obtuse criminal will be likely to have their communications uncovered in this manner.
There's likely to be disagreement on how far away that day is; based on different views of technology availability and criminal behavior. As long as facilitating lawful intercept has a reasonable cost and perceived benefit tradeoff, there will be significant pressure to come up with viable architectures for deployment. In the US, this may take the direction of simply facilitation of VoIP intercept, or could be something more inclusive such as the architecture as outlined by ETSI for mail, transport headers, and entire packet streams.
Finally, it is not simply through tax or regulatory measures that governments can seek compliance. Not many firms are going to offer services contrary to law in this area if the consequences are defined as criminal violations, since most corporate officers dislike the potential consequences.
/John