FCC Rules VoIP Must Be Tappable
pengie2 writes "The FCC has unanimously approved the U.S. Justice Department's bid to expand CALEA to broadband and VoIP networks, according to reports from SecurityFocus and News.com. This means, following a mandatory public comment period, service providers will have to wire their networks for easy law enforcement surveillance, the way phone companies do now. The feds have wanted this for a long time." Ebon Praetor adds a link to Reuters' version, writing "In addition, the FCC has decided that the push-to-talk, or walkie-talkie, functions available on phones from Nextel should also be subject to the same tapping regulations that regular phones are."
PGP Phone. I don't care if it's law enforcement or not. I want to place a phone call in privacy and frankly I don't trust a huge organisation like the police to use their powers sparingly.
Encryption is the way gents.
Simon.
What's going to happen as voice service becomes more and more decentralized? What about Skype? AIM? Streaming ogg files over a SSH tunnel or IPsec?
What about open source VoIP packages? Is anyone who sets one up suddenly a "provider?"
The police will get a warrant with your name on it and take it to your ISP and tell them to tap your VoIP traffic. Your ISP will recognize it the same way your receivers client recognizes it. If it's encrypted the police will know you are using encryption. If your worth enough to them, they'll crack it.
They've had it all along for the landlines, there's no reason to think they'd change their mind at this juncture.
I recently experienced some serious drop-out problems with my VoicePulse VOIP service.. So I decided to take some packet dumps and see what I could determine with ethereal.
Well, the protocol analysis was excellent. And, sure enough, the dump of the data produced an audio file easily played with XMMS. I was shocked at how easy this was (and once again at how good ethereal is). I no longer have any illusions of privacy due to the 'obscurity' or complexity of the protocols.
So, next time your VOIP provider plays dumb over drop outs, give them a protocol analysis and an audio record of the problem.