On Mon, 21 Jun 2004, John Curran wrote:
Looks pretty clear to me: assistance requirements (i.e. the requirement to have LI capacity and mechanisms in place in advance) should apply to all providers, and in particular, that VoIP providers who do not provide direct PSTN access (e.g. FWD, Skype) should not get an exception here as specified in the draft bill.
And what would satisfy those law enforcement requirements? In 10 years of CALEA, law enforcement has never agreed anything done was good enough to satisfy CALEA. Instead, LEAs have repeatly stated all attempts at compliance so far have been deficient. If LEA thinks everything the PSTN tried to do was deficient, why does anyone think applying the same regime to other things will be any more successfull at meeting LEA's requirements? If law enforcement was trumpeting the success of CALEA, how much money it saved, how it caught criminals, how it saved lives; there might be a better argument for extending it to all communications. The problem is law enforcement has said CALEA is a failure in its eyes, so why do we want Congress to expand a broken regime? What's goofy is when ISPs perform investigations, they use lots of tools which could be useful to law enforcement. Some of those tools don't have a clear equivalent in other types of communication systems. So law enforcement asks for things that don't always make sense simply because that's what is in the order. Why do both pen registers and mail covers exist? Because the law followed the technology. When law enforcement does a mail cover, they get what a mail cover includes. The post office doesn't cover up the return address on the envelope because law enforcement only had a pen register order, but not a trap and trace order for the postal envelope. When developing systems for the PSTN, it turned out to be easier to collect the outgoing dialed digits on a phone line than the incoming calling number (pre-ss7 days). So the law split called numbers from calling numbers instead of trying to extend the postal service mail cover into the telephone. Trying to force the technology just makes everything grumpy. Do you pay a $10,000 fine everytime you fail to include the return address on a postal letter? Other technologies have similar natural boundaries. The US J-STD-25 and the EU ETSI frameworks are trying to go backwards. It creates a very complicated framework. Great for interception vendors, lousy for everyone else. What are the natural boundaries and how do they match up with people's expectations of privacy or other legal structures?