October 19, 1999 Web posted at: 10:30 a.m. EDT (1430 GMT) by Carolyn Duffy Marsan

From...

(IDG) -- The Internet engineering community is engaged in heated debate over whether it should develop protocols that would make it easier for law enforcement agencies to intercept communications over the 'Net'.

The issue promises to be the hottest topic at the next Internet Engineering Task Force meeting, which will be held in Washington, D.C., in November. E-mails are flying fast and furious between IETF members about whether wiretapping should be supported in protocols for switches that will combine voice and data traffic for transmission over the 'Net.

A wiretapping capability is already built into many central office telephone switches, and various countries including the U.S. can require carriers to intercept or report on communications at the request of government agencies. However, these requirements do not apply to corporations that run their own PBX telephony systems.

MORE COMPUTING INTELLIGENCE
	IDG.net home page
Network World Fusion home page
Free Network World Fusion newsletters
Where now for the IETF standards process?, 09/20/99
A difference of opinion in the IETF, 03/16/99
Reviews & in-depth info at IDG.net
		IDG.net's bridges & routers page
		IDG.net's hubs & switches page
		IDG.net's network operating systems page
		IDG.net's network management software page
Year 2000 World
Questions about computers? Let IDG.net's editors help you
Subscribe to IDG.net's free daily newsletter for network experts
Search IDG.net in 12 languages
News Radio
	Fusion audio primers
	Computerworld Minute

Corporate network managers also may have new requirements to support wiretapping as the use of encryption technology takes off. When communications are encrypted over the 'Net, carriers can't intercept them. That means the burden to support wiretapping would go to the organization that is sending or receiving the information, experts say.

"Today corporate network managers are not required by federal statute to help support wiretapping," says Scott Bradner, an area director of the IETF and the initiator of the so-called "raven" debate on wiretapping. "But in the future, where the Internet is a converged place where all this stuff runs - telephone, data and video - and law enforcement comes in and wants to intercept some communications, corporate network managers may be directly involved because communications may be going through an encrypted [virtual private network] and an ISP can't do anything because the information is encrypted."

In fact, the issue of liability for wiretapping may influence the type of encryption corporate network managers choose to purchase. If encryption occurs at the desktop level, the network manager can't intercept the communication. But if encryption occurs at a device on the edge of the network, the network manager can intercept the communication on its way to the desktop.

"Corporate IT managers should have two main concerns about this debate," says Christopher Savage, head of the telecom/Internet practice group with Washington, D.C. law firm Cole, Raywid & Braverman. "One is whether their costs are going to go up because the devices they buy have been engineered with special [wiretapping] capabilities. The other is the general concern about security vs. privacy. Corporations are the kinds of entities that like to keep their communications private. If more of the guts of the Internet are built to support wiretapping or interception, then it will be easier for unauthorized interception by hackers."

The wiretapping debate emerged from the IETF's work on protocols that support telephone calls over the Internet. The leadership of the IETF decided to put the issue before the entire organization at the next meeting to determine if there is a consensus among the group's engineers. The IETF members will debate whether the group should develop new protocols or modify existing protocols to support wiretapping. The group will also discuss whether it should post information on how interceptions could be performed without protocol modifications.

The issue is contentious among the IETF's membership, which is largely libertarian and does not support governmental involvement in the Internet. However, IETF members who work for companies that sell telephone switches worry that there will be no market for their combined voice/data switches unless they can support wiretapping over the Internet as they expect it will be required by government agencies.

"The [Internet] protocol doesn't need to be modified in order to be tapped, so the IETF has zero reason to be involved," says Russ Nelson, president of Crynwr Software of Potsdam, N.Y. and a member of the IETF. "Existing packet decoding software is sufficient to the task or can be easily extended."

Nelson says the issue came up because law enforcement agencies see their wiretapping costs going up and want to save money by having the capability built into the Internet. "Law enforcement or any other government activity built into the Internet is not something we can allow," writes one IETF member in an e-mail posted to the group. "It puts too much power into the hands of the government and helps to eliminate what little privacy there is left in this country."