Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds Want to Tap VoIP

Posted by michael on from the can-i-hear-you-now dept.

An anonymous reader writes "From the Globe and Mail: The FBI and the U.S. Justice Department have renewed their efforts to wiretap voice conversations carried across the Internet. Federal and local police rely heavily on wiretaps. In 2002, the most recent year for which information is available, police intercepted nearly 2,200,000 conversations with court approval, according to the Administrative Office of the U.S. Courts. Wiretaps for that year cost taxpayers $69.5 million, and approximately 80 per cent were related to drug investigations."

13 of 489 comments (clear)

  1. So we respond with Nautlius by corebreech · · Score: 4, Informative

    Nautlius is VoIP that uses Blowfish as the cipher.

    Here's the home page. Get the software here. It hasn't been updated in awhile, but maybe now there's more of an incentive to do so.

    --
    Is this truly the only Earth I can live on?
    1. Re:So we respond with Nautlius by LostCluster · · Score: 5, Informative

      You don't need encryption for protection from wiretaps in those situations, the spooks are already required to disconnect (or ditch-and-not-listen-to any recording) the instant they realize it's a call that is unrelated to the matter being investigated.

      The analog phone network is pretty physically secure (messing with the wires through town will attract police, and the central offices are pretty secure places) so there's really not that much risk of an unauthorized analog wiretap.

      The system's pretty good as it is, the spooks just want to make sure technology doesn't take away what's one of their strongest tools for stopping crimes before they get any worse.

    2. Re:So we respond with Nautlius by pla · · Score: 4, Informative

      For instance, at the rate we're going, I fully expect to see laws against two people conversing face-to-face and in private in my lifetime.

      We already have them. Look up some of the provisions of the RICO act, it might surprise you.

    3. Re:So we respond with Nautlius by miu · · Score: 3, Informative
      You don't need encryption for protection from wiretaps in those situations, the spooks are already required to disconnect (or ditch-and-not-listen-to any recording) the instant they realize it's a call that is unrelated to the matter being investigated.

      The rule that the cops have to stop listening when they determine that the communication does not concern the warrant only applies to real time communications, such as PSTN voice calls. They do not apply to interceptions of voice mail, email, VOIP and other electronic communications.

      The major difference in interception of non-real time communicatons is that all communications are by necessity captured, the work of searching the captured communications is split into different areas of responsibility. The preliminary team winnows the raw communication to only those sections that relate to the warrant, the second team encounters the cleaned communication with just the portion that that is revelvant to the warrant, and sometimes produces a precis that will be used in prosecution of a case or to obtain further warrants. So at some point some person will be listening to you talk about your embarassing health problems.

      Before PA1 and PA2 it was difficult to get a warrant for non real time communications and had a limited number of crimes for which it was even possible to obtain such a warrant (the Title III warrant of which you might have heard).

      USC 18 section 2516 for the nity grity.

      Anyone who knows anything about human nature realizes that these tap capabilities will be abused for a variety of reasons (most much more banal than political), so we need to have auditability and accountability for all taps - people who will abuse tap capabilities that they have access to will probably not get a warrant to do so.

      There is also CALEA (which has different rules - most likely those that govern PSTN voice calls), which may or may not apply to various forms of electronic communications. Legal at my employer is still unsure, but thinks it is likely that at least some forms of VOIP are subject to CALEA.

      --

      [Set Cain on fire and steal his lute.]
  2. Can I be the first to say... by Unominous+Coward · · Score: 3, Informative

    1) Good luck identifying VoIP traffic

    2) Good luck decrypting it

    That is all.

    --
    "Smoking helps you lose weight - one lung at a time" -- A. E. Neumann
  3. Why does this matter? by BigHungryJoe · · Score: 4, Informative

    Feds have had the power to get secret warrents from judges from the FISA court since 1978. These judges have never denied American law enforcement a warrant to surveil a conversation.

    So under the secret and unchecked FISA court, their powers are essentially unlimited.

    This just means they are going through the formality of asking permission - if they don't get it, they'll get it through FISA anyway.

  4. The most important quote by Michael+Crutcher · · Score: 5, Informative
    For those who won't read the article, here's the the most important part:

    "The FCC should ignore pleas about national security and sophisticated criminals because sophisticated parties will use noncompliant VoIP, available open source and offshore," said Jim Harper of Privacilla.org, a privacy advocacy Web site. "CALEA for VoIP will only be good for busting small-time bookies, small-time potheads and other nincompoops."

    Mr. Harper is absolutely correct, anyone with a little bit of sophistication can think of numerous ways around this legislation. Sorry Unlce Sam but the cat's out of the bag and there is no putting it back. Of course this will still be useful at catching small time drug dealers/users, and is another example of the drug war eating away at civil liberties.

  5. Official government documents... by scrod · · Score: 4, Informative

    For the past few weeks Cryptome has featured a link to an FBI document detailing the means by which such surveillance might take place. This is all just additional evidence that those wanting real security must implement (or at least verify) it themselves.

  6. This has far-reaching implications by Graabein · · Score: 4, Informative
    First, please allow me to plug a site I help run: IAXprovider.net, a community site for people running VoIP services on Asterisk, the open source Linux PBX. We follow this issue closely. Thank you.

    BTW, this same article is also available over on news.com.com. Anyway, lemme quote:

    "The agencies have asked the Federal Communications Commission to order companies offering voice over Internet Protocol (VoIP) service to rewire their networks to guarantee police the ability to eavesdrop on subscribers' conversations."

    Think about that one for a minute. How is a VoIP provider going to ensure that? There is only one way, turn off and disable all use of encryption in their VoIP network, unless the provider has access to the keys used.

    Now think of IM networks, email servers, or just about any other Internet service. What are they going to do, outlaw all "non-sanctioned" client software using encryption? Are we gearing up for another Clipper Chip fiasco here?

    FCC chairman Michael Powell has just come down on the side of VoIP providers saying, in part:

    "Rapidly expanding voice communications over the Internet should be protected from excessive government regulation and from being pigeonholed as simple phone service". He goes on to say "harm from misregulation of VoIP could take "decades to fix."

    "You [can] create a very hostile regulatory environment for voice-over-IP providers in the United States," Powell said.

    He added "there is nothing to stop" the companies from moving to other countries and setting up computer systems to serve U.S. customers.

    Exactly. Welcome to the Internet age.

    --
    And remember kids: Never trust a computer you can actually lift.
  7. Skype is spyware by Anonymous Coward · · Score: 4, Informative

    taken from their "EULA"

    (c) the skype software is utilized and distributed by third parties
    which are unrelated to skyper. you acknowledge that installation of
    the skype software will allow third parties who are not affiliated
    with skyper the ability to access your computer ("outside parties").
    you agree that skyper will not be liable for any damage, claim or loss
    of any kind whatsoever, including but not limited to indirect,
    incidental, special or consequential damages as stated in paragraph
    9(a) above, resulting from any actions or omissions of the outside
    parties.

    Bottom line: Skype is a backdoor to the machines it is installed on -
    for some undisclosed "third parties", not really what you want to hear when it comes to "secure" software egh

  8. Re:Bound to happen... by stephanruby · · Score: 4, Informative

    Technically, the PATRIOT acts still require a judge to ok the warrants. It's just that the criterion for issuing such warrants is much much lower now.

  9. what warrants? by gad_zuki! · · Score: 4, Informative

    >as in, got a judge to OK it

    Its not 2000 anymore. Thanks to both Patriot acts (didnt you know the second one was passed in a spending bill?) judicial oversight is mostly a thing of the past. The constitutional protections we took for granted are gone. I don't know why John Ashcroft has such a problem with judicial oversight, but he does and Congress and the Executive branch not SCOTUS (as far as I can tell) don't seem to care much.

    This is a very different America than just a couple years ago and we've already seen abuses with the Patriot act being used in non-terror cases like drug trafficking. This just opens up the door to more COINTELPRO and other FBI abuses.

    Encryption is more important now than ever. Maybe when the post-911 hysteria and power grabs are over we can have faith in an iota in due process but right now "trusting your government" is the worst thing you can do. Worse, all justifications for recording communication can apply to all communication. If you agree with this, why not put little mics on every person in the country?

    Not to mention, last I checked PGPfone is a free download and easy to use. If criminals wanted to speak freely they could use that with impunity.

  10. Nothing new by CurMo · · Score: 4, Informative

    All I can say is I worked as a R&D software engineer for Nortel Networks, and this is nothing new.

    We were (and they still are) developing voice-over-ip infrastructure equipment (Succession as they call it) and it was -required- that we implement a way for feds to tap the lines before we could even consider rolling out and selling the product.

    There are a lot of gov't requirements behind the scenes than you might realize (and people can't talk about)...