FCC approves Net-wiretapping taxes

CNET News.com | May 3, 2006
By Declan McCullagh and Anne Broache, Staff Writers

WASHINGTON--Broadband providers and Internet phone companies will have to pick up the tab for the cost of building in mandatory wiretap access for police surveillance, federal regulators ruled Wednesday.

The Federal Communications Commission voted unanimously to levy what likely will amount to wiretapping taxes on companies, municipalities and universities, saying it would create an incentive for them to keep costs down and that it was necessary to fight the war on terror. Universities have estimated their cost to be about $7 billion.

"The first obligation is...the safety of the people," said FCC Commissioner Michael Copps, a Democrat. "This commission supports efforts to protect the public safety and homeland security of the United States and its people."

Federal police agencies have spent years lobbying for mandatory backdoors for easy surveillance, saying "criminals, terrorists and spies" could cloak their Internet communications with impunity unless centralized wiretapping hubs become mandatory. Last year, the FCC set a deadline of May 14, 2007, for compliance. But universities, libraries and some technology companies have filed suit against the agency, and arguments before a federal court are scheduled for Friday.

"We're going to have a lot of fights over cost reimbursement," Al Gidari, a partner at the law firm of Perkins Coie, who is co-counsel in the lawsuit, said in an interview after the vote. "It continues the lunacy of their prior order and confirms they've learned nothing from what's been filed" in the lawsuit, he said.

The original 1994 law, called the Communications Assistance for Law Enforcement Act, or CALEA, authorized $500 million to pay telecommunications carriers for the cost of upgrading their networks to facilitate wiretapping. Some broadband and voice over Internet Protocol (VoIP) providers had hoped that they'd be reimbursed as well. 

Jonathan Askin, general counsel of Pulver.com, likened Wednesday's vote to earlier FCC rules extending 911 regulations to VoIP. "It essentially imposed a mandate on the industry without giving the industry the necessary support to abide by the rules--and the same thing seems to be happening here," Askin said.

Even without the CALEA regulations, police have the legal authority to conduct Internet wiretaps--that's precisely what the FBI's Carnivore system was designed to do. Still, the FBI has argued, the need for "standardized broadband intercept capabilities is especially urgent in light of today's heightened threats to homeland security and the ongoing tendency of criminals to use the most clandestine modes of communication."

The American Council on Education, which represents 1,800 colleges and universities, estimates that the costs of CALEA compliance could total roughly $7 billion for the entire higher-education community, or a tuition hike of $450 for every student in the nation. Documents filed in the lawsuit challenging the FCC's rules put the cost at hundreds of dollars per student.

But during Wednesday's vote, commissioners dismissed those concerns as unfounded. "I am not persuaded merely by largely speculative allegations that the financial burden on the higher-education community could total billions of dollars," said FCC Commissioner Deborah Taylor Tate, a Republican.

The FCC's initial ruling last fall had left open the question of whether broadband and VoIP providers would be reimbursed for rewiring their networks and upgrading equipment to comply with CALEA.

Another open question is what portion of a university's or library's network must be rendered wiretap-friendly. One possibility is that only the pipe (or pipes) connecting a school with the rest of the Internet must be made CALEA-compliant. Another is that the entire network would be covered.

The FCC adopted its second order on Wednesday but released only a two-page summary, which didn't offer much clarity. In its initial ruling last year, the FCC said only that it had reached "no conclusions" about exactly what universities and libraries would have to do, prompting a flurry of comments filed with the agency and the federal lawsuit. (Plaintiffs in the lawsuit include Sun Microsystems, the American Civil Liberties Union, the Center for Democracy and Technology, the American Library Association, the American Council on Education and VoIP firm Pulver.com.)

Commissioner Copps acknowledged that there is "still some clarity to be provided" for library and university network operators, but he suggested that additional clarity would not be forthcoming from the FCC. Instead, "all those agencies and offices of government who are involved in CALEA implementation should be working together to provide clarity there to avoid confusion and possibly expenses for these institutions," Copps said.

At the Computers, Freedom and Privacy conference here Wednesday, John Morris of the Center for Democracy and Technology said libraries and universities are still left with more questions than answers.

"There's some serious uncertainty about how it will really play out for universities," Morris said. Even if the FCC technically calls for Internet interception at the edge of a campus network, that likely won't be enough to satisfy law enforcement demands for all of an individual student's network traffic, including on-campus activities, he added.

Injecting additional uncertainty is whether the FCC's action is legal. It represents what critics call an unreasonable extension of CALEA--which was designed to address telephone features such as three-way calling and call waiting--to the Internet.

A House of Representatives committee report (click here for PDF) prepared in October 1994 emphatically says CALEA's requirements "do not apply to information services such as electronic-mail services; or online services such as CompuServe, Prodigy, America Online or Mead Data (Central); or to Internet service providers."

When Congress was debating CALEA, then-FBI Director Louis Freeh reassured nervous senators that the law would be limited to telephone calls. "So what we are looking for is strictly telephone--what is said over a telephone?" Sen. Larry Pressler, R-S.D., asked during one hearing.

Freeh replied: "That is the way I understand it. Yes, sir."

Two of the four FCC commissioners who voted for the initial CALEA ruling last fall acknowledged that the federal government was on shaky legal ground. The FCC's regulation is based on arguing that the law's definition of "telecommunications carrier" applies to broadband and VoIP providers.

Then-FCC Commissioner Kathleen Abernathy, a Republican, said, "Because litigation is as inevitable as death and taxes, and because some might not read the statute to permit the extension of CALEA to the broadband Internet access and VoIP services at issue here, I have stated my concern that an approach like the one we adopt today is not without legal risk."

The FCC is no stranger to having its decisions rejected by a federal appeals court that can be hostile to what it views as regulatory overreaching. Last May, for instance, the FCC's "broadcast flag" was unceremoniously tossed out by the U.S. Court of Appeals for the D.C. Circuit.