CALEA and Ownerless Networks. AKA FCC Mandated Hacking?

Over the past several weeks, I've been getting a tremendous number of e-mails asking what various community networks should do to be CALEA compliant. CALEA has generated so much worry, given it's complete nonsensicalness to many networks, that I felt that putting out a public statement and generating debate around these issues was certainly needed.

For many community wireless networks, CALEA, the Communications Assistance to Law Enforcement Act, mandates hacking into privately owned hardware for many community wireless groups in order to be in compliance with its requirements. It is ironic that an act to aid law enforcement would insist on such draconian measures -- for many community wireless groups, the question arises, do I engage in civil disobedience by not filling out my CALEA forms, or do I hack into privately owned computer hardware?

Most of the problem arises from the FCC's decidedly narrow understanding of community networking and non-standard business models. As someone who went to DC and spoke with numerous FCC staff about these issues over the past couple years, I can state categorically that they've purposefully ignored the following massive problem:

CALEA is predicated upon the idea that you have a dichotomy between end-user, on the one hand, and ISP, on the other. As the FCC states:

CALEA was intended to preserve the ability of law enforcement agencies to conduct electronic surveillance by requiring that telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities. Common carriers, facilities-based broadband Internet access providers, and providers of interconnected Voice over Internet Protocol (VoIP) service – all three types of entities are defined to be “telecommunications carriers” for purposes of CALEA.

The problem arises when you have any system that follows a slightly different business model than the single payer, single line norm used by telecom incumbents. What happens when a group of friends get together and buys a single line that is then shared among them? What happens when an apartment building buys a line and shares it? What happens when a community or neighborhood gets a line and shares it? What happens when a community, buys a whole bunch of lines, uses a whole bunch of independently-owned equipment, and shares bandwidth among all participants?

Who "owns" an ownerless network? Because that (non)entity is required by CALEA to provide surveillance capabilities on that network. One may as well ask, "who owns the Internet?" because ownerless neworks, whether at the local or global level pose much the same problem -- it's impossible to create centralized surveillance capabilities on a decentralized, often ad-hoc, network that spans numerous users, gateways, providers, and equipment owners.

The problem is that when the FCC drew up CALEA, they didn't take into account that alternative network infrastructures and business models other than the ISP/end-user one. This is rather stunning since the Internet itself doesn't follow the ISP/end-user model and simply doesn't apply for ownerless networks. I'm not saying ignore CALEA, I'm saying that it simply doesn't apply to these types of networks and technologies and that the only way to do what the FCC is requiring would be to illegally hack into the hardware and ISP accounts of ownerless network participants.

In the end, as anyone who has been immersed in telephony technologies knows, CALEA represents an unenforceable mandate. If anything, CALEA has sped up the development of VoIP encryption technologies, creating circumstances whereby it will be even more difficult for law enforcement officials to legally surveille their targets. What CALEA does, through its requirements, is create the circumstances whereby ordinary citizens -- the ones who may not be tech-savvy enough to utilize encrypted VoIP communications -- can have their conversations monitored wholesale. CALEA creates a de facto telecommunication panopticon while, at the same time, causing serious consternation among many of the most innovative networking initiatives across the country.