Slashdot Mirror
FCC Rules VoIP Must Be Tappable
pengie2 writes "The FCC has unanimously approved the U.S. Justice Department's bid to expand CALEA to broadband and VoIP networks, according to reports from SecurityFocus and News.com. This means, following a mandatory public comment period, service providers will have to wire their networks for easy law enforcement surveillance, the way phone companies do now. The feds have wanted this for a long time." Ebon Praetor adds a link to Reuters' version, writing "In addition, the FCC has decided that the push-to-talk, or walkie-talkie, functions available on phones from Nextel should also be subject to the same tapping regulations that regular phones are."
And here's a way to do it:
http://www.fourmilab.ch/javascrypt/
For freedom loving Americans only! Terrorists need not apply.
I'm probably at the karma cap. Mod up a funny troll instead, it lightens the mood
...which in this case is the VoIP provider. For example, let's say you have Vonage - the taps would occur there. They aren't going to bother sniffing packets, they're going to tap the stream at the CO, same as they would do with a landline.
Ditto for Nextel's PTT stuff.
Of course, you could use a VoIP provider that is based outside the US. That is going to present a problem for law enforcement.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Voice Encryption Tools
I still like PGPfone tho... for pure historical reasons.
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
128 Bit encryption - easy to code your own algorythm, easy to impliment, and easy to use. Are the feds Reaallly gonna spend all that time breaking conversations? Cause I know if they were already breaking emails, theyd be awful busy...
Physics is nothing like religion. If it was, we'd have an easier time trying to raise money!
Yes.
TCPDump & VOMIT
http://vomit.xtdnet.nl/
Next question.
Learning HOW to think is more important than learning WHAT to think.
Obviously you aren't familar with the proposal. The tapping is done by VoIP service providers. They know what traffic is VoIP (basically all of it) and what is not.
It's not like the FBI has an easy time of obtaining a wire tap. In fact, they've got to jump through a number of complicated hoops in order to get permission to do so.
Under 18 USCA 2518, the FBI has to apply for a warrant from a court before it can obtain a wire tap. This isn't your ordinary search warrant either. In the criminal justice realm, it's referred to as a "superwarrant."
There's a limit on how long the government can tap your phone for before it has to go back and re-apply. In addition, they've got to show a) the type of information the tap is going to obtain, and b) that there's no other way to get the kind of information they're looking for, other than a wiretap.
There are a few caveats for situations involving national security, organized crime, and immanent danger of death or serious injury, but even there, the agency intercepting the wire communications has to apply for a superwarrant within 48 hours of starting the tap.
Oh, and if they tap you, or try to get a warrant and fail, they've got to let you know within 90 days of ceasing surveilance (or of the denial of the warrant application).
It's not like the government is running around tapping your phone lines willy-nilly.
--AC
Is it illegal to write a small voice chat application with some encryption without a backdoor for the feds?
From a cursory glance at the article, it says nothing about what the user can do with their client-side computer. This ruling is basically for the backbone/network.
It's worth noting that VoIP has a small market through the PC, and most likely they're not referring to people who use Voice over Instant Messaging. Much more people use VoIP through telephone services, and perhaps in the future, in embedded technologies.
If you are a service provider (read charge money) you have to provide the feds the ability to wiretap/look at email/im when they present a warrant.
Nextel PTT has been CALEA compliant for years.
http://www.askcalea.net/
This is nothing new.
From the FAQ:
Who must be CALEA-compliant?
All telecommunications carriers as defined by Section 102(8) of CALEA. Basically, this includes all entities engaged in the transmission of switching of wire or electronic communications as a common carrier for hire.
Who must be CALEA-compliant?
All telecommunications carriers as defined by Section 102(8) of CALEA. Basically, this includes all entities engaged in the transmission of switching of wire or electronic communications as a common carrier for hire.
It's not paranoia. These days people are being arrested for carrying anti-Bush signs.
Test 1 2 3 4
Tame.
EU is currenly planning 1-3 year mandatory data retention for all Internet traffic data. The process is right now at the member states' goverments (E.g. the Finnish goverment just decided to support the initiative but the parliament has to still agree..) So for all Europeans, contacting your MP would be a very good idea..
More info here:
Statewatch - EU and Data retention
V.
Already done m8. Check out these ones. DharmaPhone http://www.datavoice.es/DharmaPhone/en/default.htm
PicoPhone http://www.vitez.it/picophone/
PGPPhone http://www.pgpi.org/products/pgpfone/
Hope you feel safe, 'cause if you gave up all those rights for ... whatever it was you got, then you just got angloed down, mi amigo.
Yeah, right.
Doesn't it make you feel good to know that our freedoms are protected by politicans, lawyers and journalists.
Canada's Department of Justice is pushing for the same thing: see the Lawful Access Consultation document about the Canadian government's plans to insure that it can tap your phone, regardless your telephony technology.
For those of you who don't RTFA, note that the VoIP tapping in question refers to "managed" VoIP, which means VoIP that "touches" the PSTN. Computer-to-computer VoIP calls are not covered by the FCC's decision.
While I do trust you can dump the data and listen to it... Nobody ever said VoIP was secure. (At least not yet)
If you have drop outs and use ethereal you'll notice that on the IAX side the packet timestamps will slip. This is caused by voicepulse not upgrading their servers. IAX should have consistent 20ms steps. While on the SIP side you should see 160ms steps with ZERO slips in time from packet to packet. ANY slipage causes audio drop outs.
bkw_ @ #asterisk on irc.freenode.net
"It's much more powerful and effective to send a message encrypted with good asymmetric key cryptography."
which stands out like a dogs balls.
steganography and platen codes are about the only way to convey information innocuously.
About the only way for encrypted data to be transmitted innocuously is if it would be innocuous to transfer large amounts of 'static' (or noise or very large random numbers). But somehow I doubt that any covert listener would fail to notice, and be suspicious of such data transfers.
'uh yeah me and my friend are exchanging humungous random numbers for our, uh, computer game. Yeah'.
right.
(one of the strengths of this sort of 'encryption' is that it is uncomputably strong; its simply not possible for a methodical (or algorithmic or computational) process to 'decrypt' a platen code).
In the free world the media isn't government run; the government is media run.
As the cliche goes, if you're not a criminal, you have nothing to worry about.
Of course you have something to worry about. It may not be criminal but can still be used for character assasination and misused in too many other ways.
Do we have a right to keep criminal conversations private? No.
You have a right to privacy, full stop. There is no clause stating I waive that right so somebody can judge the conversation's legality. You either have a right to privacy or you don't.
Nice in theory. Think back in early 90's when phil was getting nailed for pgp. The FTC was doing their job and getting ready to put him away for a long time. Then the NSA stepped in and told FTC to do nothing. When FTC balked, they apparently showed them somethings. After a day, all charges were dropped. This is a historical fact.
Take the above as you will and apply it against what you suggested.
I prefer the "u" in honour as it seems to be missing these days.
The milk law is only for unpasteurized raw milk, I think it's a holdover consumer protection law from days when unethical businessmen would try to save money by not pasteurizing milk. The wheat board is a collective monopoly sponsored by the government, it's an easy way to boost prices without a direct subsidy. For some goofy reason politicians see farming as a noble profession that makes them worthy of huge amounts of governmental support. I really don't understand this but it's pretty common in the developed world.
Degaussing scares the bad magnetism out of the monitor and fills it with good karma.
The Swiss are the "Helvetians", so Switzerland would be the "Conferederation of Helvetians" or CH.
t ml
http://www.straightdope.com/mailbag/mhelvetians.h
a free open source VOIP program becomes an illegal program, even if it doesn't interoperate with commercial VOIP...
We're not there (yet anyway). From the news.com article:
the FCC did not grant the police agencies' request to extend CALEA to cover instant messaging and VoIP programs that are not "managed"--a reference to peer-to-peer programs like the original version of Skype and Pulver.com's Free World Dialup, which do not use the public telephone network.
That doesn't mean they won't try in the future, of course, but voice chat in Unreal Tournament isn't illegal yet...
I hear ya... people tend to over-complicate air navigation a lot.
When I got my pilots license, in the Toronto / Central Ontario region, THE best navigation aid was a plain old road map.
Depending on the purpose of the flight (screwing around or actually going somewhere), and where you were going, it was generally easier to follow the 401 (4 lane highway) than it was to figure out a bearing/heading. That part of the province has got a whack of highways that are pretty easy to distinguish from the air.
It would have been quite trivial for them to figure out where they had to go from visual cues... as long as they knew roughly where they were in relation to where they were going. (roughly north-west, etc.).
$0.02 (CDN)
I think it's also important to keep in mind that not all terrorists are the same... there are some that are the planners, and some that are the implementors.
In this case, the morons (or fanatics, or whatever you want to call them) are the ones that actually DO THE DEED.
When did Sadaam or Bin Laden ever actually DO the deed? They generally thought it out (with lots of staff/assistance, I'm sure) and took credit for it after the fact.
And don't kid yourself... as has been mentioned in the news over the past few days, terrorist intel-gathering and communication skills seem to be quite excellent.
There's also been discussions of how they use various international ISP's for email addresses, where the addresses are used once or twice, and there's still the element of "old school" physical delivery of messages involved.
$0.02 (CDN)
Fine. Lets forget all the "What if's".
The Patriot act is in fact being used in copyright cases and other trivial cases. Everyone swore up and down that these "extrodinary" provisions would only be used against terrorists.
What about the numerous cases of people being falsely arrested (with judges throwing out those arrests as unlawful) merely for the content of their speech?
What about the far larger number of people being intimidated and oppressed through threats of exactly those unlawful arrests?
What about COINTELPRO and countless other cases of the FBI and others spying on law-abiding americans for purely political purposes?
You know what I think? I think we needed a hell of a lot more "What if's" before the Patriot act was passed. I think we need a lot more "What if's" in general. Sure the government exists to serve and benefit us. Sure things are proposed for our benefit. But there is a general urge for the government to expand its power and control, and to use that power and control wherever convient. Just because they are the "good guys" don't mean it would be a good idea to, for example, exempt them from Bill-of-Rights restrictions. Sure it would help police catch criminals if they didn't have to get search warrants and whatnot. Hey, they're the goodguys and they are only trying to catch criminals, right? Why not let them search your house and anyone else's house at will without a warrant? Any problem with them coming in and trashing YOUR house is only a "What if", right?
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
The FCC ruling effects service providers - not private networks.
Since most, if not all, service provider VOIP networks have controlled access - then this is very doable from a voice tapping perspective.
The problem comes into play when you are talking about the wider internet and non-controlled access. End users could encrypt their data communications - even using IP tunneling in the form of VPN (virtual private network) in addition to multiple layers of encryption.
The authorities could sniff the packets - but wouldn't get much useful information. Further decryption would be required - which negates the 'instant access' that Federal Agents are seeking, and used to with the PSTN (public switched telephone network).
With the ubiquity of VPN - I think it would be problematic to bring a 'no encryption' rule into effect; businesses would squawk at the loss of flexibility and attendant profitability.
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain