Thanks for your response! I don't disagree with your representation of the law (or the practice of the FBI) as it applies to traditional telecommunications carriers. They're clearly covered by CALEA.
But Apple, Google, Facebook, Twitter, etc. are simply not telecommunications carriers. That's the whole point. CALEA as enacted in 1994 doesn't apply to them, and even the FCC didn't try to apply CALEA to them when subsequently expanding the law. This is why both the FBI director and the FBI general counsel said in the last two weeks they want Congress to rewrite the law to cover those companies.
CALEA applies to "facilities-based broadband Internet
access providers and providers of interconnected Voice over Internet Protocol (VoIP)." Pure TCP/IP services are not "interconnected." See page #2 of the FCC's order: http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-06-56A...
If you're saying that the FBI sometimes gets judges and companies to go beyond what the law allows, you may be right. On the other hand, companies are under no obligation to comply, as we see in this new lawsuit: http://news.cnet.com/8301-13578_3-57577958-38/google-fights-...
It's worth noting that I got dragged into this project when the District Court ruled that "information service providers" were subject to regulation under CALEA. This kicked off a huge project to bring the IP network into compliance.
It's not a stretch to imagine an situation where a company decides to fight and loses, thus looping in a huge number of companies that might imagine that they aren't telecom providers, but a court decides they are.
There is a very fine line between SMS and iMessage. Apple provides servers that store and forward messages, and it'd be hard to argue with a straight face that a court should "think different" when comparing AT&T and Apple. Judges aren't dumb and they will pay close attention to the "substance test" when deciding if a company is providing a "telecommunications service" in a ruling.
So then, how long before there is an open-source, distributed key management system, that lets you store public keys of all your friends' phones, and end encrypted texts/etc with them, and which acts basically as only a key exchange service?
... I guess CALEA could be made to force them to MITM anyone doing key exchanges. Damn.
But Apple, Google, Facebook, Twitter, etc. are simply not telecommunications carriers. That's the whole point. CALEA as enacted in 1994 doesn't apply to them, and even the FCC didn't try to apply CALEA to them when subsequently expanding the law. This is why both the FBI director and the FBI general counsel said in the last two weeks they want Congress to rewrite the law to cover those companies.
CALEA applies to "facilities-based broadband Internet access providers and providers of interconnected Voice over Internet Protocol (VoIP)." Pure TCP/IP services are not "interconnected." See page #2 of the FCC's order: http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-06-56A...
If you're saying that the FBI sometimes gets judges and companies to go beyond what the law allows, you may be right. On the other hand, companies are under no obligation to comply, as we see in this new lawsuit: http://news.cnet.com/8301-13578_3-57577958-38/google-fights-...