According to an article in CNET today: “Internet telephone calls are fast becoming a national security threat that must be countered with new police wiretap rules, according to an FBI proposal presented quietly to regulators this month.”
The CALEA (wire-tapping) laws require telecommunications providers to ensure that their equipment and facilities are capable of “expeditiously isolating and enabling the government, pursuant to a court order or other lawful authorization,” to intercept all communications from a specific customer. Basically, the FBI wants to broaden CALEA to include the Internet and Internet service providers.
Stewart Baker, a partner at Steptoe & Johnson who represents Internet service providers, said “It would be very difficult to set up a network so that you could only intercept voice packets and not the others. The likely result here is that you’ll have modifications that are useful for law enforcement not just for voice packets but for other packets as well.”
So what does this say for encryption? Are VPNs then illegal under CALEA because the FBI (and service providers) cannot ‘wiretap’ them? Does that mean we have to stop using HTTPS (SSL-encrypted HTTP) for credit card transactions and revert to plain old HTTP? What about SSH? Do we have to go back to using Telnet?