Thus spake "Daniel Golding" <dgolding@burtongroup.com>
The amount of money the FBI would need to spend to tap a VoIP call is highest with the first option, intermediate with the second, and lowest with the last. Some services companies are really salivating for the chance to add CALEA hardware to VoIP networks. I won't mention any particular companies here, as they have taken a recent beating on this list. Piling on seems rather cruel.
I'm told that most CALEA warrants only authorize a pen register, not an actual tap. Pen registers are trivial to implement, since the provider's software undoubtedly has an option to produce CDRs for billing or planning purposes. Unfortunately this doesn't cover the case of purely P2P calls which don't have a VoIP provider; if the suspect is using such software, the only way to produce a pen register is with a tap. AFAIK, one of the provisions of CALEA warrants is that the provider can't tell the customer their line is being tapped. The most straightforward VoIP intercept method requires routing the call through an intercept device or bridging unit, which is detectable and hus probably counts as disclosure. Since VoIP packets are routed just like any others, the only workable solution I see is to provide for tapping of all IP links and (by law) require the FBI drop all traffic except what they've got a warrant for. Tapping a SONET or Ethernet link isn't tough, and real-time decoding of packets up to OC12 speeds was doable on COTS PCs several years ago. One US telco built such software specifically to comply with CALEA when the FBI inevitably woke up; it could reassemble selected RTP streams (in real time) and even play them on a POTS line running to an FBI monitoring post. I'd assume that OC48/GE isn't much of a stretch today and that OC192/10GE is feasible with the FBI's funding levels. It'd certainly be easier to tap the customer's access line, but typical DSL/Cable gear may not have such provisions... One thing is very clear, however; if the industry doesn't come up with a working solution first, we will certainly have something unworkable shoved down our throats by Congress, the FCC, and the FBI. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov