Slashdot Mirror
Feds Want to Tap VoIP
An anonymous reader writes "From the Globe and Mail: The FBI and the U.S. Justice Department have renewed their efforts to wiretap voice conversations carried across the Internet. Federal and local police rely heavily on wiretaps. In 2002, the most recent year for which information is available, police intercepted nearly 2,200,000 conversations with court approval, according to the Administrative Office of the U.S. Courts. Wiretaps for that year cost taxpayers $69.5 million, and approximately 80 per cent were related to drug investigations."
"The FCC should ignore pleas about national security and sophisticated criminals because sophisticated parties will use noncompliant VoIP, available open source and offshore," said Jim Harper of Privacilla.org, a privacy advocacy Web site. "CALEA for VoIP will only be good for busting small-time bookies, small-time potheads and other nincompoops."
Mr. Harper is absolutely correct, anyone with a little bit of sophistication can think of numerous ways around this legislation. Sorry Unlce Sam but the cat's out of the bag and there is no putting it back. Of course this will still be useful at catching small time drug dealers/users, and is another example of the drug war eating away at civil liberties.
The right to privacy is spread implicitly throughout the Bill of Rights. But when the United States Constitution was framed, the Founding Fathers saw no need to explicitly spell out the right to a private conversation. That would have been silly. Two hundred years ago, all conversations were private. If someone else was within earshot, you could just go out behind the barn and have your conversation there. No one could listen in without your knowledge. The right to a private conversation was a natural right, not just in a philosophical sense, but in a law-of-physics sense, given the technology of the time.
But with the coming of the information age, starting with the invention of the telephone, all that has changed. Now most of our conversations are conducted electronically. This allows our most intimate conversations to be exposed without our knowledge. Cellular phone calls may be monitored by anyone with a radio. Electronic mail, sent across the Internet, is no more secure than cellular phone calls. Email is rapidly replacing postal mail, becoming the norm for everyone, not the novelty it was in the past.
Until recently, if the government wanted to violate the privacy of ordinary citizens, they had to expend a certain amount of expense and labor to intercept and steam open and read paper mail. Or they had to listen to and possibly transcribe spoken telephone conversation, at least before automatic voice recognition technology became available. This kind of labor-intensive monitoring was not practical on a large scale. It was only done in important cases when it seemed worthwhile. This is like catching one fish at a time, with a hook and line. Today, email can be routinely and automatically scanned for interesting keywords, on a vast scale, without detection. This is like driftnet fishing. And exponential growth in computer power is making the same thing possible with voice traffic.
Perhaps you think your email is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? If you hide your mail inside envelopes, does that mean you must be a subversive or a drug dealer, or maybe a paranoid nut? Do law-abiding citizens have any need to encrypt their email?
What if everyone believed that law-abiding citizens should use postcards for their mail? If a nonconformist tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their email, innocent or not, so that no one drew suspicion by asserting their email privacy with encryption. Think of it as a form of solidarity.
Senate Bill 266, a 1991 omnibus anticrime bill, had an unsettling measure buried in it. If this non-binding resolution had become real law, it would have forced manufacturers of secure communications equipment to insert special "trap doors" in their products, so that the government could read anyone's encrypted messages. It reads, "It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications se
This message is encrypted with Quad ROT-13 to protect the author's copyright under the DMCA.
That's nice for you, but I wouldn't trade my privacy in silly conversations for the (illusion of) safety in America. Neither would a lot of other people. The problem is, you can't just trade your privacy by endorsing wiretaps. You're trading everyone's privacy. Perhaps you'd like to write a letter allowing the government to listen to all the conversations they want, read your emails, and rifle through your files, but don't speak for the rest of the country.
The whole point of the article is that the FBI does not want to actually do the tapping. They want Vonage, Packet8, etc. to do the tapping for them.
If you're using IP-to-IP VoIP instead, the FBI will just use Carnivore.
If you're using crypto, the FBI will just break into your house/office and backdoor your computer.
Not true. I have nothing to hide - I still don't wnat Uncle Sam listening to everything I do. Some of us still believe in privacy.
On a side note, sometimes people have things to hide with good reason. A number of the founding fathers lived as long as they did because of Privacy. A number of blacks were better off because records could be kept from corrupt local governments. People have been persecuted by scientology for speaking out against it - sometimes privacy is the only safeguard. Can you honestly say you trust every single person who has access to your data (government or not) to act in your best interest, or at least the best interest of the country. Here's a hint: if the government can beat it, someone else can too.
I'll take my privacy, thank you very much. The only way to stop power from being abused is to not grant it in the first place. Our society is based on individual freedom - for example, the whole "guilty until proven innocent" thing. Our constitution is set up to let the guilty go free rather than imprison the innocent, should a conflict arise. Would placing the burden of proof on the defense (or eliminating the trial altogether) mean fewer criminals went free? Of course! Would more innocent mean be imprisoned? Of course.
Is it worth it? Hardly. From what I hear, though, if you like that sort of thing, Cuba is not hard to get into.
Contact Me (got tired of viruses emailing me).
Maybe I'm calling my doctor about a health problem I don't care anyone else to know about (rash? std? hemmrhoids?), or I'm feeling lonely and decide to call up a phone sex company, or I'm on the phone with a significant other talking about private matters, etc.
There are plenty of topics I could be chatting about on the phone that have zero sinister/criminal element but are extremely personal and undesirable to have eavesdroppers.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
This would, of course, be a terrific argument in my mind, to just get over ourselves and find a better way to deal with drugs; i.e. make them legal in such a way so that people can have a good time and not pose too much of a threat to society (such as the laws pertaining to alcohol). 'Course that's just my opinion, I could be wrong.
You don't need encryption for protection from wiretaps in those situations, the spooks are already required to disconnect (or ditch-and-not-listen-to any recording) the instant they realize it's a call that is unrelated to the matter being investigated.
The analog phone network is pretty physically secure (messing with the wires through town will attract police, and the central offices are pretty secure places) so there's really not that much risk of an unauthorized analog wiretap.
The system's pretty good as it is, the spooks just want to make sure technology doesn't take away what's one of their strongest tools for stopping crimes before they get any worse.
One wonders then how it is they were able to deal with crime before the advent of technology.
For instance, at the rate we're going, I fully expect to see laws against two people conversing face-to-face and in private in my lifetime. It seems to me that every argument for intrusive wiretapping technologies applies equally well to a conversation held on, say, a beach somewhere.
By the way, I hate to say it, but your faith in law enforcement following the rules here, e.g., disconnecting after realizing the call isn't germane to their investigation, is positively retro. A day doesn't pass that doesn't seen yet another law enforcement officer exposed as being corrupt.
Power corrupts you know.
Is this truly the only Earth I can live on?
Wow, you should really take off the tinfoil hat and read up on cryptography a little before your next post.
The secrecy of a cypher should rely entirely in the key (see D. A. Kerckhoffs). Put another way, knowing the algorithm used should not compromise a good cypher. In fact, most of the better, more trusted cyphers are published, and have been subjected to many many man-years of cryptanalysis without yielding attacks that do much better than brute force key searches (which is why we trust them and conversely why propriatary/homebrew/secret algorithms are shunned).
In the case of blowfish, to my knowledge there are no known attacks that are effective against the full 16-round cypher. There are weak keys, but it's unlikely that such keys are exploitable in practice. So it would seem unlikely (though not impossible) that blowfish has been successfully attacked by NSA. So given a large enough keyspace, the NSA would have to be willing to dedicate a large number of CPUs/FPGAs to a brute force attack. Since blowfish supports keylenghts up to 448bits, such attacks could take a while even with NSA's extensive resources. [In this context, "a while" means effectively never.]