November 6, 2007

New Jersey Law Journal

Traditional telephone privacy is strictly sheltered by existing case law and statute, while VoIP is arguably unprotected in many instances.

Internet Law

How Safe Are E-Telephone Calls?

A concealed cost of VoIP service may be the user's privacy

By Jonathan Bick

Bick is of counsel to WolfBlock Brach Eichler of Roseland and is an adjunct professor of Internet law at Pace Law School and Rutgers Law School. He is also the author of 101 Things You Need To Know About Internet Law [Random House 2000].

            Internet telephony or Voice over Internet Protocol (VoIP) to refer to voice traffic carried over Internet Protocol (IP)-based broadband Internet networks. VoIP providers proffer telephone services for about $25 per month, which is appreciably less than traditional phone plan (See www.vonage.com and www.att.com). A concealed cost of VoIP service may be the user's privacy. Traditional telephone privacy is strictly sheltered by existing case law and statute, while VoIP is arguably unprotected in many instances.

            VoIP facilitates oral communications conveyed via circuit-switched networks to and from IP networks, and vice versa. To perform this undertaking, VoIP converts ordinary audio telephone signals into data packets that are sent over the Internet using Internet Protocol.

            There are three types of VoIP services: computer-to-computer, telephone-to-computer and telephone-to-telephone. Each VoIP transaction necessitates the phone communication to be converted to Internet digital data for some period of time. It is this transformation from voice communication to data that allows more access to the communicated content by third parties and allows courts to use data privacy-protection standards, rather than communication-privacy protection standards, which traditionally results in more privacy protection.

            From the eavesdroppers perspective, the transformation from communication to digital data allows for more wiretapping potential. Traditional wiretapping requires physical access to the telephone line and access to some type of hardware device designed to receive and decode telephone audio signals. VoIP wiretapping merely requires a personal computer and access to the Internet. Software that enables VoIP wiretapping is available at no charge on the Internet. Consequently, any unencrypted VoIP communications are subject to third party identification and interception.

            Additionally, VoIP normally includes a call-manager system, which authenticates users, establishes connections and logs information about user calls for billing purposes. Unfortunately, this information may be compromised remotely by third parties.

            Since the U.S. Supreme Court, in Katz v. United States, 389 U.S. 347 (1967), held that the wiretapping of a public telephone booth violated the Fourth Amendment and constituted a search and seizure, courts have routinely forbidden third parties from tapping or monitoring oral communications. However, the courts have just as consistently permitted the tracking, storing and selling of data, including Internet data packets. This means that the law protects the privacy of oral communications, yet also protects a data processor's right to track, store and sell data. Applying existing law to VoIP technology is difficult, because no factual or legal distinction exists between VoIP and data.

            Even the Federal Communications Commission has yet to classify VoIP services as either "telecommunications services" or "information services." As noted by the court in Vonage Holdings Corp. v. Minn. Pub. Util. Comm'n, 290 F. Supp. 2d 993 (2003), if the VoIP services are categorized as "telecommunications services," then they are regulated by the FCC under the 1996 Telecom Act. On the other hand, if they are categorized as "information services," they are not regulated by the 1996 Telecom Act. Such classification would like be persuasive in determining VoIP status for privacy protect matters.

            Both governmental and nongovernmental third parties may engage in wiretapping. Courts have found telephone communications are protected from privacy invasions in two principal ways; by the protections set forth in Katz and by the Federal Wiretap Act of 1968 18 U.S.C. §§ 2510-2521 (2004).

            In Katz, parties to a voice conversation are entitled to a "reasonable expectation of privacy" from governmental searches. The Court established a two-part test: a person must exhibit a subjective expectation of privacy, and that expectation must be one that society is prepared to recognize as reasonable. Fourth Amendment privacy protections only insulate individuals from governmental privacy encroachments. The protection only applies to search and seizure effectuated by a private party if “the private party acted as an instrument or agent of the Government.” Skinner v. Railway Labor Executives' Ass'n, 489 U.S. 602(1989).

            The Federal Wiretap Act prevents unauthorized nongovernmental third-party interception of telephone communications, unless the interceptor is in possession of a court order or either of the involved parties in the communication has provided consent. The Federal Wiretap Act was Congress' response to the Katz opinion, and was an attempt to prevent electronic surveillance of oral telephone communications without a court order.

            Employing Federal Wiretap Act privacy protection is the traditional means of protecting telephone conversations from unauthorized nongovernmental third-party interceptors. Litigation may be properly initiated in the event of unlawful third-party interceptions of telephone communications under the Wiretap Act, unless the interceptor has a court order or the consent of either party involved in the conversation.

            The Federal Wiretap Act affords protection to electronic data communications. However, the act has been amended to reduce privacy protection for electronic data. In particular, Congress passed the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (the USA PATRIOT Act). The Patriot Act expanded the government's ability to conduct electronic data surveillance.

            VoIP are data rather than oral communications. Data communication privacy is not protected as oral telephone communications. Despite the fact that the Federal Wiretap Act's protective provisions apply equally to oral and data communications, courts have permitted the interception of Internet data under the Wiretap Act more readily than the interception of oral telephone communications. This is because data senders normally consent to the interception of end-user data for purposes of data mining, whereas telephone users rarely consent to third-party interception of telephone conversations. Additionally, since Internet data communications are more likely to be stored on third-party computers, arguing that the sender intended to preserve the communications confidentiality is difficult. It should also be noted that the Federal Wiretap Act only applies to communications intercepted contemporaneously with transmission; Internet communications are normally stored prior to receipt.