Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds Want to Tap VoIP

Posted by michael on from the can-i-hear-you-now dept.

An anonymous reader writes "From the Globe and Mail: The FBI and the U.S. Justice Department have renewed their efforts to wiretap voice conversations carried across the Internet. Federal and local police rely heavily on wiretaps. In 2002, the most recent year for which information is available, police intercepted nearly 2,200,000 conversations with court approval, according to the Administrative Office of the U.S. Courts. Wiretaps for that year cost taxpayers $69.5 million, and approximately 80 per cent were related to drug investigations."

24 of 489 comments (clear)

  1. So we respond with Nautlius by corebreech · · Score: 4, Informative

    Nautlius is VoIP that uses Blowfish as the cipher.

    Here's the home page. Get the software here. It hasn't been updated in awhile, but maybe now there's more of an incentive to do so.

    --
    Is this truly the only Earth I can live on?
    1. Re:So we respond with Nautlius by LostCluster · · Score: 5, Informative

      You don't need encryption for protection from wiretaps in those situations, the spooks are already required to disconnect (or ditch-and-not-listen-to any recording) the instant they realize it's a call that is unrelated to the matter being investigated.

      The analog phone network is pretty physically secure (messing with the wires through town will attract police, and the central offices are pretty secure places) so there's really not that much risk of an unauthorized analog wiretap.

      The system's pretty good as it is, the spooks just want to make sure technology doesn't take away what's one of their strongest tools for stopping crimes before they get any worse.

    2. Re:So we respond with Nautlius by pla · · Score: 4, Informative

      For instance, at the rate we're going, I fully expect to see laws against two people conversing face-to-face and in private in my lifetime.

      We already have them. Look up some of the provisions of the RICO act, it might surprise you.

    3. Re:So we respond with Nautlius by karnal · · Score: 2, Informative

      "The analog phone network is pretty physically secure"

      From a certain standpoint, yes it is.

      However, I could probably get a white van, possibly get a few "magnetic phone logos" for the side, and dress up in a blue suit. Grab one of those locking devices for the phone company side of your phone box (outside the house, apartment, etc) and place a tap there. Transmit via wireless (even low power would allow me to sit on the street somewhere, perhaps acting as if I was on a cell phone...) and voila.

      Now, this would take a splash of social engineering, as well as the time on my hands to do such a thing....

      Oh, as for them being required to ditch and not listen to, would you truly trust that? I know that people are all human... one thing they would do (whether it disturbs you or not) is probably listen and chuckle at you from afar....

      --
      Karnal
    4. Re:So we respond with Nautlius by miu · · Score: 3, Informative
      You don't need encryption for protection from wiretaps in those situations, the spooks are already required to disconnect (or ditch-and-not-listen-to any recording) the instant they realize it's a call that is unrelated to the matter being investigated.

      The rule that the cops have to stop listening when they determine that the communication does not concern the warrant only applies to real time communications, such as PSTN voice calls. They do not apply to interceptions of voice mail, email, VOIP and other electronic communications.

      The major difference in interception of non-real time communicatons is that all communications are by necessity captured, the work of searching the captured communications is split into different areas of responsibility. The preliminary team winnows the raw communication to only those sections that relate to the warrant, the second team encounters the cleaned communication with just the portion that that is revelvant to the warrant, and sometimes produces a precis that will be used in prosecution of a case or to obtain further warrants. So at some point some person will be listening to you talk about your embarassing health problems.

      Before PA1 and PA2 it was difficult to get a warrant for non real time communications and had a limited number of crimes for which it was even possible to obtain such a warrant (the Title III warrant of which you might have heard).

      USC 18 section 2516 for the nity grity.

      Anyone who knows anything about human nature realizes that these tap capabilities will be abused for a variety of reasons (most much more banal than political), so we need to have auditability and accountability for all taps - people who will abuse tap capabilities that they have access to will probably not get a warrant to do so.

      There is also CALEA (which has different rules - most likely those that govern PSTN voice calls), which may or may not apply to various forms of electronic communications. Legal at my employer is still unsure, but thinks it is likely that at least some forms of VOIP are subject to CALEA.

      --

      [Set Cain on fire and steal his lute.]
  2. Can I be the first to say... by Unominous+Coward · · Score: 3, Informative

    1) Good luck identifying VoIP traffic

    2) Good luck decrypting it

    That is all.

    --
    "Smoking helps you lose weight - one lung at a time" -- A. E. Neumann
    1. Re:Can I be the first to say... by Anonymous Coward · · Score: 1, Informative

      They don't have to exchange keys before hand if they use Diffie-Hellman, and all the monitoring in the world won't help unless they have enormous computational power.

      Use this -

      #include /* Usage: dh base exponent modulus */
      typedef unsigned char u;u m[1024],g[1024],e[1024],b[1024];int n,v,d,z,S=129;a(
      u *x,u *y,int o){d=0;for(v=S;v--;){d+=x[v]+y[v]*o;x[v]=d;d=d>>8; }}s(u *x){for(
      v=0;(v=m[v])a(x,m,-1);}r(u *x){d=0;for(v=0;v0;n++){for(z=4;z--;)a(y,y ,1);x[n]|=32;y[S-1]|=x[n]-48-(x[n]>96)*39;}}p(u *x){for(n=0;!x[n];)n++;for(;n159)*7,48+(x[n]&15)+7 *((x[n]&15)>9));
      printf("\n");}main(int c,char **v){h(v[1],g);h(v[2],e);h(v[3],m);bzero(b,S);b[
      S-1]=1;for(n=S*8;n--;){if(e[S-1]&1)M(b,g);M(g,g);r (e);}p(b);}

  3. Why does this matter? by BigHungryJoe · · Score: 4, Informative

    Feds have had the power to get secret warrents from judges from the FISA court since 1978. These judges have never denied American law enforcement a warrant to surveil a conversation.

    So under the secret and unchecked FISA court, their powers are essentially unlimited.

    This just means they are going through the formality of asking permission - if they don't get it, they'll get it through FISA anyway.

  4. The most important quote by Michael+Crutcher · · Score: 5, Informative
    For those who won't read the article, here's the the most important part:

    "The FCC should ignore pleas about national security and sophisticated criminals because sophisticated parties will use noncompliant VoIP, available open source and offshore," said Jim Harper of Privacilla.org, a privacy advocacy Web site. "CALEA for VoIP will only be good for busting small-time bookies, small-time potheads and other nincompoops."

    Mr. Harper is absolutely correct, anyone with a little bit of sophistication can think of numerous ways around this legislation. Sorry Unlce Sam but the cat's out of the bag and there is no putting it back. Of course this will still be useful at catching small time drug dealers/users, and is another example of the drug war eating away at civil liberties.

  5. Skype by Minkey+Brines · · Score: 2, Informative

    From www.skype.com:

    Skype is free and simple software that will enable you to make free calls anywhere in the world in minutes. Skype, created by the people who brought you KaZaA uses innovative P2P (peer-to-peer) technology to connect you with other Skype users. If you are tired of paying outrageous fees for telephony, Skype is for you!

    Skype is quick and easy to install. Just download it, register, and within minutes you can plug in your PC headset and call your friends on Skype. Skype calls have excellent sound quality and are highly secure with end-to-end encryption. Best of all, Skype does not require you to reconfigure your firewall or router--it just works!

  6. Official government documents... by scrod · · Score: 4, Informative

    For the past few weeks Cryptome has featured a link to an FBI document detailing the means by which such surveillance might take place. This is all just additional evidence that those wanting real security must implement (or at least verify) it themselves.

  7. Re:"Two hundred years ago.." by 2short · · Score: 2, Informative

    I'd say they did say something about them:
    <br><br>
    "The right of the people to be secure in their persons, houses, <b>papers</b>, and effects, against unreasonable searches and seizures, shall not be violated..."
    <br><br>
    I'd have to agree with the original poster that the only reason "conversations" isn't in the list is that no one imagined they could be unreasonably "searched" in the first place.

  8. This has far-reaching implications by Graabein · · Score: 4, Informative
    First, please allow me to plug a site I help run: IAXprovider.net, a community site for people running VoIP services on Asterisk, the open source Linux PBX. We follow this issue closely. Thank you.

    BTW, this same article is also available over on news.com.com. Anyway, lemme quote:

    "The agencies have asked the Federal Communications Commission to order companies offering voice over Internet Protocol (VoIP) service to rewire their networks to guarantee police the ability to eavesdrop on subscribers' conversations."

    Think about that one for a minute. How is a VoIP provider going to ensure that? There is only one way, turn off and disable all use of encryption in their VoIP network, unless the provider has access to the keys used.

    Now think of IM networks, email servers, or just about any other Internet service. What are they going to do, outlaw all "non-sanctioned" client software using encryption? Are we gearing up for another Clipper Chip fiasco here?

    FCC chairman Michael Powell has just come down on the side of VoIP providers saying, in part:

    "Rapidly expanding voice communications over the Internet should be protected from excessive government regulation and from being pigeonholed as simple phone service". He goes on to say "harm from misregulation of VoIP could take "decades to fix."

    "You [can] create a very hostile regulatory environment for voice-over-IP providers in the United States," Powell said.

    He added "there is nothing to stop" the companies from moving to other countries and setting up computer systems to serve U.S. customers.

    Exactly. Welcome to the Internet age.

    --
    And remember kids: Never trust a computer you can actually lift.
  9. Re:Hyperbole++; by faedle · · Score: 2, Informative

    Hmm.. where have I heard this before?

    Oh yeah.

    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. -- Fourth Amendment, Constitution of the United States

    You should look at what "probable cause" used to mean, legally, in the United States. Tapping phones because they "suspect" somebody might be dealing drugs or be a terrorist is a long way from "probable cause." If you have "probable cause", you can (and should be able to) arrest somebody.

    Nowadays, you don't even have to have "suspicion" that an individual can be involved. You can just tap all phones within x square yards of where drugs are being sold, and you can get a blanket warrant from a judge for everybody's phone.

    Sounds pretty far away from what Jefferson et. al. had in mind when they penned those words.

    Oh, and also, the Tenth comes to mind here.. nowhere in the Constitution is the Federal Government granted the right to tap telephones, therefore they don't have it. But that's another issue entirely.

  10. Skype is spyware by Anonymous Coward · · Score: 4, Informative

    taken from their "EULA"

    (c) the skype software is utilized and distributed by third parties
    which are unrelated to skyper. you acknowledge that installation of
    the skype software will allow third parties who are not affiliated
    with skyper the ability to access your computer ("outside parties").
    you agree that skyper will not be liable for any damage, claim or loss
    of any kind whatsoever, including but not limited to indirect,
    incidental, special or consequential damages as stated in paragraph
    9(a) above, resulting from any actions or omissions of the outside
    parties.

    Bottom line: Skype is a backdoor to the machines it is installed on -
    for some undisclosed "third parties", not really what you want to hear when it comes to "secure" software egh

    1. Re:Skype is spyware by Anonymous Coward · · Score: 1, Informative

      Paragraph 2:
      (c) The Skype Software and Services may be incorporated into, and may
      incorporate, technology, software and services owned and controlled by
      third parties. Use of such third party software or services is subject
      to the terms and conditions of the applicable third party license
      agreements, and you agree to look solely to the applicable third party
      and not to Skyper to enforce any of your rights. ...When installed on
      your computer, the Skype Software periodically communicates with
      Skyper servers...

  11. Re:Encryption ain't it all tapped out to be... by martyn+s · · Score: 2, Informative

    Actually, you're wrong, there are TRUE random number generators. There's no such thing as a SOFTWARE random number generator, but there are certainly random number generators, for example, a die (dice). They even make random number generators using the random movement of molecules as a source that can be hooked up to your computer for true random number generation.

  12. Re:I don't believe that you understand encryption. by jesser · · Score: 2, Informative

    they rely on known calculations that are extremely difficult (astronomically computationally expensive) to run backwards

    Not quite. They're believed to be extremely difficult to run backwards. And there are some subtleties beyond that... read "A Personal View of Average-Case Complexity" from Russell Impagliazzo's page.

    --
    The shareholder is always right.
  13. Re:Hmm... by Jah-Wren+Ryel · · Score: 2, Informative

    That would be the modern version of the emacs spook mode. Except the idea is to add a little spookiness to ALL conversations, making global keyword matching useless.

    Contrary to another reply, the FBI doesn't need to prove squat to a judge anymore. The patriot act, and other related below-the-radar legislation, has things to the point where they pretty much just write a note to themselves saying, "this is terrorist related" -- but if they feel like being more official they can take it to a FISA judge, who have rubberstamped every single wiretap request ever made of them. Plus, if they aren't planning on using the info in court - you know a little COINTELPRO type action or worse, then they don't even have to go through any charade at all.

    --
    When information is power, privacy is freedom.
  14. Re:Bound to happen... by stephanruby · · Score: 4, Informative

    Technically, the PATRIOT acts still require a judge to ok the warrants. It's just that the criterion for issuing such warrants is much much lower now.

  15. what warrants? by gad_zuki! · · Score: 4, Informative

    >as in, got a judge to OK it

    Its not 2000 anymore. Thanks to both Patriot acts (didnt you know the second one was passed in a spending bill?) judicial oversight is mostly a thing of the past. The constitutional protections we took for granted are gone. I don't know why John Ashcroft has such a problem with judicial oversight, but he does and Congress and the Executive branch not SCOTUS (as far as I can tell) don't seem to care much.

    This is a very different America than just a couple years ago and we've already seen abuses with the Patriot act being used in non-terror cases like drug trafficking. This just opens up the door to more COINTELPRO and other FBI abuses.

    Encryption is more important now than ever. Maybe when the post-911 hysteria and power grabs are over we can have faith in an iota in due process but right now "trusting your government" is the worst thing you can do. Worse, all justifications for recording communication can apply to all communication. If you agree with this, why not put little mics on every person in the country?

    Not to mention, last I checked PGPfone is a free download and easy to use. If criminals wanted to speak freely they could use that with impunity.

    1. Re:what warrants? by velo_mike · · Score: 2, Informative
      IV. The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

      I don't see anything about "unless we think you're a drug dealer" or "null and void if we accuse you of terrorism" so there were protections there at one time.

      VI In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the state and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the assistance of counsel for his defense.

      Seems to me that stashing people it Guantanamo bay runs afoul of this one.

      The grandparent was correct - the executive branch is ignoring the constitution and unfortunately, SCOTUS is sleeping through this.

      --

      At the bottom of the endless pile of paper work which characterizes all regulation lies a gun.
      Alan Greenspan

  16. Nothing new by CurMo · · Score: 4, Informative

    All I can say is I worked as a R&D software engineer for Nortel Networks, and this is nothing new.

    We were (and they still are) developing voice-over-ip infrastructure equipment (Succession as they call it) and it was -required- that we implement a way for feds to tap the lines before we could even consider rolling out and selling the product.

    There are a lot of gov't requirements behind the scenes than you might realize (and people can't talk about)...

  17. The AFP do more wiretaps, yet are strangely silent by Gunz · · Score: 2, Informative

    The Australian Federal police, do more wiretaps than the American three letter abbreivated law divisions, yet this hasnt become an issue yet. Technology is slightly slower to take up than other countries, but it is getting there. The AFP have almost limiteless resources and It would be interesting to see their take on this situation. Hell they might already be doing it for all I know. References: http://www.alp.org.au/media/0902/20002179.html