With students looking at steep tuition increases, no one wants to hear about a looming unfunded federal mandate facing universities that are already dangerously over budget. Especially one with a $7 billion dollar price tag. But unfortunately that is exactly what universities across the country are facing, all due to a recent extension of an 11-year-old law. An order issued by the Federal Communications Commission “extends the provisions of a 1994 wiretap law not only to universities, but also to libraries, airports … and commercial Internet access providers,” according to the New York Times.
The order deals primarily with new Voice over Internet Protocol (VoIP) technologies, which allow users to make telephone calls over an Internet connection rather than a traditional telephone line. Basically, it makes it easier for law enforcement authorities to monitor these technologies. Justice Department spokesman Paul Bresson argues that such an order is necessary: “As communications technologies develop, we must ensure that such progress does not come at the expense of our nation’s safety and security.” Proponents of the new regulations argue that terrorists and criminals could use such technologies to keep their activities off investigators’ radar.
The new decision to apply the Communications Assistance for Law Enforcement Act (CALEA) of 1994 to Internet technologies could be very costly indeed. CALEA dealt with telecommunications carriers, requiring them to design systems to meet the wiretapping needs of law enforcement officials per governmental standards.
The San Francisco Chronicle reports that the new application of CALEA could cost universities “many millions of dollars in some cases.” It is possible that the new regulations could require universities to buy and install new switches and routers for their networks, an installation which could necessitate the redesign of their networks to link dozens of buildings together. Conservative estimates say that this computer work could raise tuition costs as much as $450 per student.
But not only are these new regulations costly, they are unnecessary. Law enforcement agencies can already access the contents of VoIP calls as long as they provide a subpoena. The mandate doesn’t provide the ability to access these calls; it only allows officials to more easily capture the conversations. Currently, officials who wish to monitor someone at a university simply work together with campus officials to install the necessary surveillance equipment at specific Internet access sites.
Under the new mandate, universities would be required to install a network that would send all communications to a network operations center before allowing them onto the Internet. This would essentially allow law enforcement officials to access the information easily from a remote location without having to set up individual wiretaps.
University officials are all the more infuriated because it is rare for wiretaps to be placed in college networks in the first place. According to Inside Higher Ed News, of the hundreds of wiretaps placed in 2003, only a dozen involved computer networks, and those dozen “would cover not just those at colleges but those anyplace in the United States. It doesn’t seem as if university networks are particularly a problem for law enforcement officials, so why bother with the new legislation?”
Terry W. Hartle, the senior vice president for public and government affairs at the American Council of Education, agrees. “This is an awful lot of money for very little gain,” he said.
But there is more at stake than how the bill affects universities. It is highly possible that the FCC exceeded its statutory authority in expanding CALEA. When the bill was debated in Congress the first time, many congressmen were nervous about what fell under its umbrella. One House report stated that CALEA’s requirements did “not apply to information services such as electronic-mail services; or online services; or to Internet service providers.” The only way the FCC was able to expand CALEA was to argue that the law’s definition of ‘telecommunications carrier’ included such Internet technologies as broadband and VoIP.
This legal ground is so shaky that two of the four FCC commissioners who voted for the extension acknowledged that the FCC might have taken a “legal risk.” Mark Rotenburg, director of the Electronic Privacy Information Center, said, “the FCC simply does not have the statutory authority to extend the 1994 law for the telephone system to the 21st century Internet.”
Essentially, the FCC has overstepped its authority. Not only is it requiring an already impoverished educational system to fund a mandate that is entirely unnecessary, but they have made their decision on questionable legal grounds.
If the mandate is not appealed, universities across the country will be forced to implement a very expensive new network system. But it is also possible that the door has been opened for future abuses of the law. Couldn’t the FCC’s argument for applying CALEA to VoIP also apply to other Internet applications? If recent appeals succeed, we should be hopeful that we won’t find out.