Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds Want to Tap VoIP

Posted by michael on from the can-i-hear-you-now dept.

An anonymous reader writes "From the Globe and Mail: The FBI and the U.S. Justice Department have renewed their efforts to wiretap voice conversations carried across the Internet. Federal and local police rely heavily on wiretaps. In 2002, the most recent year for which information is available, police intercepted nearly 2,200,000 conversations with court approval, according to the Administrative Office of the U.S. Courts. Wiretaps for that year cost taxpayers $69.5 million, and approximately 80 per cent were related to drug investigations."

8 of 489 comments (clear)

  1. They'll only catch amateurs... by El · · Score: 4, Interesting

    Wouldn't any real criminal run his VoIP through a VPN or some other encrypted tunnel, thus making difficult for the Feds to know that it is a VoIP session, let alone decrypt it and understand it? See, the problem with PCs is that they are general purpose devices that allow you to execute arbitrary algorithms -- or even add proprietary hardware to do hardware encryption. So, other than knowing what IP address a suspect is talking to, what good is the wiretap going to do them?

    --

    "Freedom means freedom for everybody" -- Dick Cheney

  2. How do they propose... by forevermore · · Score: 4, Interesting

    How do they propose to tap VOIP conversations over private networks? I can understand how federal regulations might get them permission to tap into the networks of the growing VOIP phone providers, but a lot of people (companies, geeks) set up their own internal VOIP networks over IPSEC, secure VLAN's and other such things that would be nearly(?) impossible to detect as VOIP traffic. Not to mention p2p type VOIP clients like those built into the various instant messenging programs that are, well, peer to peer, and don't go through some central server.

    --
    Do you really need reason for beer? Wingman Brewers
  3. Re:Law Enforcement and Technology by cyt0plas · · Score: 5, Interesting

    Not true. I have nothing to hide - I still don't wnat Uncle Sam listening to everything I do. Some of us still believe in privacy.

    On a side note, sometimes people have things to hide with good reason. A number of the founding fathers lived as long as they did because of Privacy. A number of blacks were better off because records could be kept from corrupt local governments. People have been persecuted by scientology for speaking out against it - sometimes privacy is the only safeguard. Can you honestly say you trust every single person who has access to your data (government or not) to act in your best interest, or at least the best interest of the country. Here's a hint: if the government can beat it, someone else can too.

    I'll take my privacy, thank you very much. The only way to stop power from being abused is to not grant it in the first place. Our society is based on individual freedom - for example, the whole "guilty until proven innocent" thing. Our constitution is set up to let the guilty go free rather than imprison the innocent, should a conflict arise. Would placing the burden of proof on the defense (or eliminating the trial altogether) mean fewer criminals went free? Of course! Would more innocent mean be imprisoned? Of course.

    Is it worth it? Hardly. From what I hear, though, if you like that sort of thing, Cuba is not hard to get into.

    --
    Contact Me (got tired of viruses emailing me).
  4. clear but theres more by ironfroggy · · Score: 4, Interesting

    Personally, it seems to me that VoIP is pretty cut and dry in this matter: it is a "telecommunications carrier". It is simply a new medium for the same thing we did on copper lines.

    The most difficult (and dangerous) aspect is things like IM services with voice capacity. Actually, anyone two people with microphones and email could evade the police and FBI pretty easily by recording small sound files and emailing them (possibly even encrypting them to be sure). In such a case as this, where communications begin to forgo the use of any third-party to facilitate the information between two people, we will see a lot of hot debate.

    When communications as distributed and "P2P" as this become more common place, many questions will be raised. But, we must look at how things would have to be implemented, before we can judge the rules that must be applied to them. Can we mandate that wiretaps must be available even for peer-to-peer exchange of communications? Would we then need to make requests directly to those being tapped, or those they are in contact with, stating they must, for a specified time, transmit all communications to the authoritive agencies for monitoring? Surely, no one would comply! Then, should the ISPs and backbone servers scan all packets for personal communications to or from individuals on a national "Tapped List"? But, what of all the data they would have to peak into to find these few, when most they have no right to touch, except to pass along?

    We sail to rough waters. I pray for us all.

    --
    Question
    http://www.ironfroggy.com/
  5. Re:Encryption ain't it all tapped out to be... by dsouth · · Score: 5, Interesting

    Wow, you should really take off the tinfoil hat and read up on cryptography a little before your next post.

    The secrecy of a cypher should rely entirely in the key (see D. A. Kerckhoffs). Put another way, knowing the algorithm used should not compromise a good cypher. In fact, most of the better, more trusted cyphers are published, and have been subjected to many many man-years of cryptanalysis without yielding attacks that do much better than brute force key searches (which is why we trust them and conversely why propriatary/homebrew/secret algorithms are shunned).

    In the case of blowfish, to my knowledge there are no known attacks that are effective against the full 16-round cypher. There are weak keys, but it's unlikely that such keys are exploitable in practice. So it would seem unlikely (though not impossible) that blowfish has been successfully attacked by NSA. So given a large enough keyspace, the NSA would have to be willing to dedicate a large number of CPUs/FPGAs to a brute force attack. Since blowfish supports keylenghts up to 448bits, such attacks could take a while even with NSA's extensive resources. [In this context, "a while" means effectively never.]

  6. I see good and bad from this article by tx_kanuck · · Score: 4, Interesting

    The good:
    --If there is a wiretap, they are only getting your conversation, and not ever piece of data your computer spits out. It looks like they would need a different warrant for that too.

    --The tap would be located not at your ISP, but at your VOIP provider. This helps guarantee privacy for the people not specified in the warrant.

    --This places VOIP on more of an equal footing as traditional phone services. If they are legally the same for what they have to provide the cops, they could then argue they are the same legally when it comes to their protection as common carriers.

    The bad:
    --The VOIP companies would have to re-wire their networks so that all conversations go through a tappable trunk line. That, or they would have to set up infrastructure to siphon off individuals phone calls to a 3rd location (which is what I would prefer. Let the VOIP provider pull a copy of the conversation off the trunk line instead of the cops). This means more $ needed in development and implementation.
    --Requlation may (ok, probably will) stifle innovation. By regulating things like how a wiretap is to be done, it will be harder for open source and closed source products to work in multiple countries. This then leads to problems with interoperability between national networks.

    Overall, I don't see this as too alarming.

    --
    Now, if that makes sense to anyone, could you please explain it to me? I think I've confused myself.
  7. Missing the point. by muonzoo · · Score: 4, Interesting

    Many of the people responding to this thread are missing the big picture.
    There will always be a screw-you-I'm-doing-this-the-OSS-way-with-crypto solution available. What does this solution cost? Well you might think it's free.

    It isn't.

    By adopting some OSS mechanism to communicate with whomever you choose, you impose a burden on the other party, namely, they have to install and have access to the same (or compatible) OSS VoIP software.

    While this might be great for you and your hacker buddies, it won't help you call your parents, grandma, or your fiancee. It also won't help you call your doctor, lawyer, investment partner, stock broker or bank.


    Wait, there's more going on here.

    There are technical implication for the service providers. Most of the better designed VoIP protocols (like SIP, as an example) are all about establishing sessions. There is a location service somewhere that a user-agent (UA) (phone) can find, based on the number or URI that you call. This location service will either proxy your connection request to the other client, or it will redirect your user-agent to contact the other party directly. (Think HTTP 302 response code -- in fact -- SIP uses the same structure).

    Once your UA has contacted the other party, some handshaking happens where you try to figure out what CODECs you will use to exchange audio, video, facsimile, IMs etc. Then end result is a collection of sessions directly between the user-agents that called one another.

    Let me make that REALLY clear. Beyond the proxy / location service, the VSP (voice provider) is not in ANY way involved in the media flows. Why should it be? It doesn't care.

    Enter CALEA requirements -- which are really poorly laid our I might add -- suddenly the VSP must carry the media and relay it to the other party and optionally duplicate each CODEC frame and send it to some black box (or red box as the case may be).

    This has serious consequences on bandwidth consumption for VSPs.


    But they can just do this when there is a tap! (You object)

    And I counter with the fact that such an arrangement violates the CALEA requirements that a party subject to monitoring cannot know that they are under surveillance. End result? All media MUST flow through a choke point from which it could be duplicated.

    This has catastrophic consequences on the bandwidth a VSP can expect to need to meet their service levels.

    This may or may not be a Good Thing. I think it is NOT a Good Thing. One thing is certain, this issue is a very Material Thing for VSPs.

  8. Re:Can I be the first to say... by Dr_Marvin_Monroe · · Score: 4, Interesting

    You can't rely on that as a protection. As a previous article about fed's use of the OnStar system to bug people in their luxury cars shows, there's been an important movement in the point between "tapping was accessable, so we did it" to "you are required to provide the tap." Yes, criminals will use more secure 1024-bit, perhaps even one-time pads, but the burden is now on EVERYONE else to get searched and siezed.

    I see this as a HUGE deal. It doesn't matter that the real criminals will be using real encryption. The problem is that the Fed's want all networks to not only provide the tap, but do the collection work and carry the expense too.... Wire tapping has evolved from "the terminals on the phone were exposed, so we attached" to "you've got to build this capability into the system and carry the cost."

    This is insane....no patriot would even consider allowing this.... Let's just pretend that we no longer have a "Bill of Rights".... or just that it simply has a dollar figure at the bottom that we're supposed to mail in....