In many respects, the Internet has been the last frontier of freedom. In a world where governments increasingly control more and more aspects of our lives, cyberspace was the one "place" where one could come and go without being subject to much regulation.
Of course, just as the Wild West gave way to "civilization," it was only a matter of time before the long arm of the law reached into the online world. And it isn't sparing VoIP users.
Some countries ban VoIP completely—either by outright prohibition or by making licensing requirements so difficult to meet and licensing fees so expensive that providers are unable to offer service there. Some countries allow only one or a few providers to operate.
On the other hand, some countries—including Japan, Ireland, and Singapore—have no specific laws pertaining to VoIP. Most countries, however, including the United States, have some laws and restrictions pertaining to VoIP. And it's likely that more are on the way.
The first major federal regulation aimed at VoIP came in 2005 when the Federal Communications Commission (FCC) issued an order requiring VoIP customers to have access to enhanced 911 (E911) services. The order applied to "interconnected" VoIP service providers—those whose users could place and receive calls to and from traditional phone lines. The legislation directed that such providers must deliver 911 calls to the user's local emergency operator as a standard feature of the service.
The first challenge
The E911 requirement created a bit of a challenge for providers. One of the characteristics that makes VoIP attractive to many users is the ability to take your equipment with you and plug it in anywhere there's a broadband Internet connection.
The FCC made the requirement more palatable by dictating that customers are responsible for providing and updating location information; the VoIP provider is only required to provide the customers with a way to keep the information up to date. The order also stated an intention to eventually adopt an advanced E911 solution that could determine customer location without requiring the customer to provide and update the information.
As part of the 911 regulations, the FCC also required that VoIP providers get acknowledgements from subscribers that they had read and understood an advisory outlining the limitations of their E911 service. This is how the legislation first affected many VoIP customers, who received notices from VoIP providers that they must complete the required forms (usually through the provider's Web site) to keep the providers compliant, or the company would cut off their service.
CALEA comes to VoIP
Now another law that affects VoIP is about to go into effect—even though most VoIP customers won't be aware of it. In September 2005, the FCC issued an order requiring VoIP providers to comply with the Communications Assistance for Law Enforcement (CALEA) Act of 1994, which previously applied to traditional phone companies but not VoIP. The compliance deadline is May 14, 2007.
CALEA requires that law enforcement agencies be able, with the proper warrants, to tap into and record voice conversations and to trace the source and destination of calls. The Department of Justice (DOJ), Federal Bureau of Investigation (FBI), and Drug Enforcement Agency (DEA) petitioned the FCC to extend CALEA to IP-based communications. Privacy and civil liberties groups, including the Electronic Frontier Foundation (EFF), American Civil Liberties Union (ACLU), and Electronic Privacy Information Center (EPIC), opposed the expansion of CALEA to cover VoIP services.
The practical effect of CALEA is that VoIP hardware vendors must build wiretapping capability into their equipment, which obviously adds to the cost. In addition, many worry that hackers will be able to exploit this capability to eavesdrop on VoIP calls.
VoIP and record retention
Various state and federal laws require the retention of electronic records in some circumstances—for example, the Sarbanes-Oxley Act (SOX) pertains to publicly traded companies. Many of these laws require the retention of electronic data such as e-mail messages, but not telephone calls. The issue then arises: Do we treat VoIP communications like traditional phone calls or traditional IP communications?
In particular, computers store VoIP voice mail on the hard drive—just like e-mail messages. With the advent of the unified communications model, network users may even receive voice mail and e-mail messages in the same inbox.
Should companies archive VoIP voice mail messages along with e-mail? This could prove costly since audio messages create relatively large files. SOX doesn't address this issue, and neither do most of the laws pertaining to electronic record retention—yet.
The future of VoIP regulation
Given the nature of the legislative process, it's probably safe to say that just as the Internet itself is gradually becoming more regulated, so will VoIP. Currently one of the big cost advantages of VoIP is that it's not subject to all the taxes and fees that we pay for a traditional PSTN line.
For example, in comparing a simple residential phone line and a Lingo VoIP line at the same home, I found that the total cost of the Lingo VoIP line was $25.10 per month, whereas the total cost of the AT&T PSTN line for the same month was $42.12. However, the cost difference was less when you looked at the cost of service itself: $29.00 for AT&T vs. $21.95 for Lingo. The taxes and fees for the AT&T line added up to $13.12, but the taxes and fees on the VoIP line were only $3.15.
As VoIP becomes more popular, you can be sure governments will not only exert more control over its providers and users, but they will also impose more taxes to pay for the enforcement of those regulations. Twenty years from now, we may look back fondly at the days when VoIP was relatively unregulated and untaxed.
Want more tips and tricks to help you plan or optimize your VoIP deployment? Automatically sign up for our free VoIP newsletter, delivered each Monday!
Deb Shinder is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. She currently specializes in security issues and Microsoft products, and she has received Microsoft's Most Valuable Professional (MVP) status in Windows Server Security.
Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 additional books on subjects such as the Windows 2000 and Windows 2003 MCSE exams, CompTIA Security+ exam, and TruSecure's ICSA certification.