Slashdot Mirror
FCC Rules VoIP Must Be Tappable
pengie2 writes "The FCC has unanimously approved the U.S. Justice Department's bid to expand CALEA to broadband and VoIP networks, according to reports from SecurityFocus and News.com. This means, following a mandatory public comment period, service providers will have to wire their networks for easy law enforcement surveillance, the way phone companies do now. The feds have wanted this for a long time." Ebon Praetor adds a link to Reuters' version, writing "In addition, the FCC has decided that the push-to-talk, or walkie-talkie, functions available on phones from Nextel should also be subject to the same tapping regulations that regular phones are."
I guess me and my terrorist buddies will just have to go back to using encrypted email.
Encryption should be so much easier with VOIP, since the data is already digital...
PGP Phone. I don't care if it's law enforcement or not. I want to place a phone call in privacy and frankly I don't trust a huge organisation like the police to use their powers sparingly.
Encryption is the way gents.
Simon.
Immigration Canada
What's going to happen as voice service becomes more and more decentralized? What about Skype? AIM? Streaming ogg files over a SSH tunnel or IPsec?
What about open source VoIP packages? Is anyone who sets one up suddenly a "provider?"
Does voice chat over AIM / MSN messanger need to be tappable yet? How long till they go after this.
Is it illegal to write a small voice chat application with some encryption without a backdoor for the feds?
I'm sorry but there is no way to stop people from comunicating privately over the internet if they want to. Its a losing battle, thats costing companies that do fine work, such as VoIP far too much money.
...which in this case is the VoIP provider. For example, let's say you have Vonage - the taps would occur there. They aren't going to bother sniffing packets, they're going to tap the stream at the CO, same as they would do with a landline.
Ditto for Nextel's PTT stuff.
Of course, you could use a VoIP provider that is based outside the US. That is going to present a problem for law enforcement.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Nevertheless, we also have a compelling public interest in keeping Big Brother from using the backdoor to enforce stuff that goes beyond keeping the peace and encroaches on our fundamental (and hard earned!) liberties.
The bottom line is that blocking all law enforcement access to these technologies is going to cost people their lives, but letting the pigs sniff around where they don't belong is going to ruin everyone's life. This is just another balancing act in the giant circus we call a democratic society.
So, rather than moaning about one side of this argument or another, doesn't it make sense to focus on getting just the right sweet spot in between?
Oh there are plenty of ways to get around that sort of stuff, besides I wouldn't think most terrorists are using one of the big 5 american ISPs atleast not on both ends.
How about encrypt and encode your messages into images and then post them on places like fark or deviantart? Simple enough. I'm not stupid why would a terrorist be?
How about our good friends in the government get off their lazy asses and start passing legislations that will make people hate us less not more?
This keeps coming up here on /. whenever the FCC talks about "VoIP". They're not talking about all computer-to-computer peer-to-peer realtime audio connects, they're talking about VoIP services that result in a network of people you can "dial" that more or less resemble a phone network. It's those that they're regulating and basically putting on the same playing field as existing phone services.
Last time I looked into the statistics, the FBI (or was it the CIA?) released some basic statistics about their phone tapping activities (such as how many, reasons for taps (such as drugs), etc) and they listed the number of times they encountered encrypted taps (it wasn't a very high percentage). What shocked me was the line that said the encryption never prevented them from listening to the conversations. So all this talk about encrypted VoIP is probably just a waste of time. Why do you think the NSA finally stopped pressuring the government to classify strong encrypting as a weapon (and thus limited by export laws) around 2000? Do you think it was because they had a change of heart, or that they figured a way to crack pretty much any encryption (PGP included) and no longer worry about losing control? I'm thinking the latter is more likely. So, when VoIP becomes common don't expect PGP et al to protect you from a snooping government. It will probably keep your neighbor from listening, but that's about it.
Space for rent, inquire within
The police will get a warrant with your name on it and take it to your ISP and tell them to tap your VoIP traffic. Your ISP will recognize it the same way your receivers client recognizes it. If it's encrypted the police will know you are using encryption. If your worth enough to them, they'll crack it.
They've had it all along for the landlines, there's no reason to think they'd change their mind at this juncture.
If you criminalize privacy, only criminals will have privacy.
engineers are all basically high-functioning autistics who have no idea how normal people do stuff
Just speak in Navajo pig latin with a Klingon accent.
See if they can make this illegal.
Why zero-value ... well when you are using a dedicated (real/virtual) circuit/channel, then wire tapping is no/little problem. However, encrypted virtual channel VoIP may not be easily tapped, and (I suspect) there are a few ways to very the path/packet. So, if you don't/can't tap the access/origination circuit and/or the destination termination, then .... VoIP in a sort of encrypt-jumping and path-hopping algorithm may be a little tough to tap. ... pick your path through 37 points/jumps and you use radio-protocol (the Rogere-Wilco-Out stuff) for the time delay problem. ... you might catch something horrible or there is a pregnant pause ... in technology innovation.
>
Then again there is always PGP encrypted P2P
>
Controlling Technology is like fucking without a condom
>
I am sure this will help monitor the common law abiding citizens. Just like Gun-Control keeps guns away from criminals and their organizations.
>
Then again maybe the above ain't no problem to tap. We should all always know that we are being monitored for the good of the nation and blessings of god.
>
OldHawk777
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
Obviously you aren't familar with the proposal. The tapping is done by VoIP service providers. They know what traffic is VoIP (basically all of it) and what is not.
It's not like the FBI has an easy time of obtaining a wire tap. In fact, they've got to jump through a number of complicated hoops in order to get permission to do so.
Under 18 USCA 2518, the FBI has to apply for a warrant from a court before it can obtain a wire tap. This isn't your ordinary search warrant either. In the criminal justice realm, it's referred to as a "superwarrant."
There's a limit on how long the government can tap your phone for before it has to go back and re-apply. In addition, they've got to show a) the type of information the tap is going to obtain, and b) that there's no other way to get the kind of information they're looking for, other than a wiretap.
There are a few caveats for situations involving national security, organized crime, and immanent danger of death or serious injury, but even there, the agency intercepting the wire communications has to apply for a superwarrant within 48 hours of starting the tap.
Oh, and if they tap you, or try to get a warrant and fail, they've got to let you know within 90 days of ceasing surveilance (or of the denial of the warrant application).
It's not like the government is running around tapping your phone lines willy-nilly.
--AC
The feds have access to existing phone lines, they have access to internet traffic, why shouldn't they also have access to VoIP traffic?
Eventually VoIP will be like email, with the option to use PGP or another form of encryption at both ends.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
I recently experienced some serious drop-out problems with my VoicePulse VOIP service.. So I decided to take some packet dumps and see what I could determine with ethereal.
Well, the protocol analysis was excellent. And, sure enough, the dump of the data produced an audio file easily played with XMMS. I was shocked at how easy this was (and once again at how good ethereal is). I no longer have any illusions of privacy due to the 'obscurity' or complexity of the protocols.
So, next time your VOIP provider plays dumb over drop outs, give them a protocol analysis and an audio record of the problem.
Yay!
...
*a few minutes pass*
Your Rights Online: FCC Rules VoIP Must Be Tappable
Boo!
--
Power to the Peaceful
It's not paranoia. These days people are being arrested for carrying anti-Bush signs.
Test 1 2 3 4
That's what you've been taught. That's what you've learned. That's what you've been led to believe.
What makes you think the government doesn't have some technology you can't even fathom?
If they were that far ahead, I'd be writing this from prison.
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
"How about our good friends in the government get off their lazy asses and start passing legislations that will make people hate us less not more?"
People have been hating us since the beginning. That King George was pretty pissed off. Then there's that whole Hawaii thing. Or the Phillipines. So what makes the present special?
I seriously doubt the government has some uber-leet technology that lets them crack any encryption. Encryption can do two things and two things only.
1. Encryption can secure a communications link. Properly used Alice can talk to Bob with reasonable protection from Eve tapping the link halfway between them.
2. Encryption can secure stored data. Properly used, Alice could protect the files on her keychain should Eve filch it out of her purse.
Encryption will not:
1. Secure the ends of a link. If Eve physically installs a keylogger in Alice's keyboard then it doesn't matter what crypto she uses. Come to think of it, the old saw applies: all bets are off if an attacker has physical access to a terminal.
2. Preclude treachery and incompetence. Law enforcement may have threatened the other end of your link who is letting them see everything in return for light treatment. A while back, NPR ran a story about police officers who took over a kiddy porn website and roped in a pile of customers. Encryption doesn't help if the other end of the conversation isn't who you think it is. Maybe the other side left his passphrase taped under his keyboard. "Rubber-hose cryptanalysis" is what they call it when the police starting leaning on you.
3. Prevent the government from taking an interest in you. Certain uses of it may even draw their interest. Staying out of view of larger predators is often the best defense.
4. Conceal the existence of the link. Often the government only needs to prove Alice talked to Bob on 7/24/02 at 3:24p.
5. Somewhat OT but something else encryption doesn't do: Allow Alice to share data with Bob while simultaneously preventing Bob from divulging it to Eve. Both #1 and #2 apply. Bonus points if you understand what this scenario applies to.
What this all boils down to is that encryption is largely ineffective against old-fashioned police work. It is also worth noting that Al Queda and others are notorious for using low-tech communications and isolated organizational cells. Don't give those hunting you terminals and only the minimum in physical links to play with. If you're a criminal, try to work alone if possible and keep your mouth shut. If you are a crook or a terrorist, communications are the least of your problems. Your partners in crime and your own mouth are far more dangerous.
We are only talking about centralized networks. This is not likely to pertain to or be enforceable regarding decentralized or private networks. So if my company has a voip tunnel with another company then it all works well.
Why can't someone and his criminal buddies just set up a SIP-based VOIP channel between them and encrypt the traffic? Seems safer that way....
Or better yet-- there are areas where VOIP would be *required by law* to be encrypted, such as between doctors discussing information protected under the HIPAA act.
LedgerSMB: Open source Accounting/ERP
Hope you feel safe, 'cause if you gave up all those rights for ... whatever it was you got, then you just got angloed down, mi amigo.
Yeah, right.
...what will happen when major telcos start employing quantum cryptography...
... the ... eeeeeagle ... soar!
Ashcroft: All telecommunications are belong to us - intercept...intercept!
Techie: But Johnny, you canna change the laws of physics
Ashcroft (non-musically): Let the eeeeeagle soar!
Techie: But...
Ashcroft (in the style of Homer making a point): I said let
...and, on the seventh day, God switched off his Mac.
Is anyone else out there starting to get angry? How long until the Deparment of Homeland Security implants RFID chips in our necks? How long until employees are forced to get their employer's logo tattooed on their face after changing their last name and waiving all of their human rights in the employment contract.
Geeez..... what kind of America are we living in?
America, previously land of the free, now home of the Corporate controlled puppet government run by lawyers with the best healthcare taxpayer money can buy.
They give a class in that at the CIA.
Slashdot Eds Link Anonymous Posts With Logged Posts
They Are Vermin Feeding On Each Other's Feces.
I Hate \.
Frankly this wire tapping business has gone on long enough.
Any time a person picks up a phone to call someone, there is a subtle change in his thinking if he thinks he might be surreptitiously monitored. There are certain things you just don't say.
How is this different from meeting with someone on the street, perhaps to organize some political effort? If you think you may be overheard, it changes what you say.
(Thinking from a two hundred year old perspective,) the difference is that on the street, you can see who is listening. You know what is being said.
Secret wire taps by a third party subvert the entire process that granting the political freedom of assembly was intended to protect. If I want to speak to someone on the phone, law enforcement should be absolutely limited to compromising that other party in order to get in on the conversation. If there is a second party on the phone, I should get a little flashing light informing me that there is another listener.
I would just switch to Skype, except I have no idea how secure their encryption is either.
I wrote a really bitchy blog entry about this a while back right here, if you care.
How science works. It consists of open, institutional critisism by qualified peers. The larger the community, the more people can and will contribute critisism.
In a world where this does not exist, it will invariably lead to many bad ideas, ideas that are not abandoned. Even though you may recruit the best brains on the planet, they are still just humans, and they can't perform without this critical component of how science works.
That's why I'm pretty sure that no major breakthroughs will happen in secrecy.
Smaller breakthroughs, OTOH, can happen in secrecy. It is conceivable that Shor's algorithm will be implemented on a secret quantum computer, but only after the civil society has done most of the work. They will certainly try.
Just take a look at the most hefty project we know was done in secrecy: Manhattan Project. They had the best brains. Still it was not very fundamental science, and many of the participants got bored out of their minds. It was definately not technology I can't fathom.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
yes, it would mean that, and if p2p and alleged "terrorist" and kiddie pornographers completely take advantage of anonymous wifi and various things like that I expect them to outlaw the encryption and unhackable access in various forms. I wouldn't put it past them to eventually require a unique access IP to be tied to a named human, at all times.
Governments are weird and will go to some lengths and spare no expense (all the money is theirs, they just let you use some of it when they want to) to enforce police actions of any sort once they set their collective minds to it. Look at merre olde englande, roving vans to catch people receiving unpaid-for "illegal" TV broadcasts. Geez, look at what is happening in china now and some other places, and who is in the thick of enforcing any amount of government surveillence and censoring and control-good old 'merkin based globalist corporations, all the name brand guys. Look who owns the implantable human tracker microchip, the one called "digital demon" in slang terms- "friendly open source"IBM.
I have no doubt the future will be forced global big brother,massive scale, with little differences between so called nations and global big business, the lines are blurring daily. We are just "human resources" to governments and global bigcos, to buy and sell and command and control, and to do that, they want to track their inventory-to surveil- and to monitor and to enter into databases what their inventory is doing. Encryption, "free" P2P, etc falls well outside those efforts, so eventually they will be outlawed entirely. Look at the proposals for mandatory blackboxes in the cars, and charging a per mile tax/fee will be one day behind that one. Internal passports-coming soon to a checkpoint near you. Newspeak in the media,and don't go against them, lest you become an untermenschen "detainee" and lose any remnants of human-ness.
We are in the "wild wild west" days of the net right now, a few years from now, I don't think it will exist like it does currently. The handwriting, as they say, is on the wall. Free and open and uncensored communication with "the masses" guy is the biggest threat global corporate government faces, so.... they will deal with it whatever it takes.
How many people predicted 3 years ago the sally and molly kidpack were going to get sued for song trading? I know I did, and got roundly accused of tinfoil hat-itis, because "no one is ever going to sue normal small time end users". Got told that a lot of times.
Oh well
There's ways to still communicate semi securely, and the ones who need to do it will do it, but universally? As soon as it gets just a scosh easier and more prevalent so as to start to threaten to become commonplace, expect a rather severe crackdown and smackdown.
Isn't the FCC appointed by the executive branch along with the bulk of the secretary level people at the DOJ? So the Executive branch is asking the Excutive branch to give the Executive branch the power to tap our phones... and the Executive branch unanimously approved it's own actions... The legislation that comes out of this will look seriously inbred... for good reason.
...But I digress. TREMBLE PUNY HUMANS!ONE DAY MY SPECIES WILL DESTROY YOU ALL!
Possibly. But since you seem to acknowledge that a given population has a contrary view point, do they have a valid reason?
but I have no problem with the FBI being able to monitor conversation between criminals.
Sure. I'd venture that on a pure principle level, most people don't.
The problems usually begin with what "criminal" means. The ones who write the law have a pretty good idea of how they want the law to be used, and at the start everyone thinks it's a super idea. "Criminal" is written pretty broadly, trying to cover "the bad guys".
As the cliche goes, if you're not a criminal, you have nothing to worry about. If you're paranoid, I'd guess you shut up anytime a cop comes within hearing distance.
Later on, however, the enforcers would really like to make use of this provision because it's pretty potent. So the definition of "the bad guys" shifts a little through any number of legitimate means, such as changing the scope of what a criminal is to adding new crimes that fall under the original scope.
Then, a set of events takes place and all of the sudden it's really bad to be a "terrorist". And a terrorist is sort of loosely defined, but definitely someone who is against "the state" and what it represents, using any and all means at their disposal, including disinformation and propaganda.
Do we have a right to privacy? Sure. Do we have a right to keep criminal conversations private? No. Is this subject to abuse? Sure. Will we be abused by criminals who conspire in private? Of course.
What's a "criminal conversation"? Because history assures us with countless examples that those who make the decision on what a "criminal conversation" is rarely do it with YOUR best interests in mind.
Is discussing with other like minded individuals your displeasure with the current George W. Bush administration and planning activities to educate the public on the facts and what they can do to kick him out of office a "criminal conversation"?
Want an example? The PATRIOT act, which did away with such minor things like habeous corpus (considered by many to be the cornerstone of our justice system and made no one above the law, one of the fundamental checks and balances ) and passed to deal with "extraordinary threat" in these "extraordinary times"..... being used for a copyright case. Legislation that bypasses most of the fundamental US Constitutional rights would NEVER be applied to anything frivolous.
Given the choice between giving criminals the freedom to conspire in private or the ability of the FBI to wiretap criminals, I've no problem opting for the former.
This is the beauty of the whole thing right here. Trivial means in the form of encryption exist that totally negate any benefit law enforcement would gain from such legislation. Most likely, these days, all the necessary tools exist on your computer right now (openssl).
The only people that this would be of assistance against are... well, idiots. Since you know you're going to be discussing things of particular interest to law enforcement, and they have the means to intercept it, it's in your interest to encrypt your communications. So, from a practical sense, the only information you're going to get out of this is that two people spoke to each other which is useless in court.
So... now what? We now have a system in place that's capable of catching none but the most utterly incompetent criminals and can be abused by the government against law abiding citizens.
I know! Let's outlaw encryption. That'll learn 'em.
In any case, the net is a public place. Nothing there is private.
This seems to be particularly specious reasoning. By the same token I can say that the entire planet is a public place, ther
and this is why i quit reading slashdot.
ironic paradox intended
I wonder how many slashdotters are black?
Black people have always known that our rights are revokable. It seems to me that only when it starts happening to white people that small things like "civil liberties" get to be a problem.
I expect this post to be marked troll or flamebait at best, but it's truly not meant to be that way. It's just the way I see the world because my husband doesn't even tell me how many times he gets pulled over by the police anymore. It's a routine occurence, not worth notice anymore.
Our church group is decidedly anti-Bush. I think most black folks are, despite the photo-op pics you'll see everywhere. Anyway, we had police officers taping our services now again because our preacher speaks out against the corrupt politics in our city and nation.
There is no need to protest because no one in authority cares and is probably behind it anyway. We simply did the next best thing and got a local cable station to air our services. No more police, they can just set the VCR now.
I see young men get harrassed by the police and their pockets turned out because their skin is dark. I know better than to go to the movies with a large purse or maybe even a purse at all on a crowded weekend day, because no matter how large the white woman's purse in front of me, mine will be the one to be searched.
As far as I can see, white people for too long have thought they were immune from this type of thing. It's probably not even the slashdot crowd. It's be the parents and the grandparents of the slashdot crowd.
I saw a post earlier here that asked, who will begin the revolution? I think it will begin right here.
Whoever thinks that they are going to wiretap all VoIP networks at the FBI is living in dreamland. Let's take a brief look at a quick VoIP system that I'm going to design. I'll even publish the source code, right here on Slashdot. It will take me a few seconds to write:
/dev/dsp|nc localhost 7000"
# smallvoip.sh
# VoIP software capable of bypassing FBI wiretap regulations.
# Warning: use or posession of this software may be a federal crime in the United States of America. Download this software at your own risk.
# Copyright 2004, 0x0d0a, released under the GPL
# Usage: smallvoip remote-username remote-ip-address
# You must have a shell account on the remote machine.
# Run on each of the two machines involved in the call.
# Duplex audio support required.
# TODO: pass through lame or oggenc for better bandwidth usage. This will make the second line slightly longer.
# LIMITATIONS: only one user per host at once
# I recommend setting up public-key ssh authentication with this software.
nc -l -p 7001 >/dev/dsp &
ssh -R 7000:`hostname`:7001 $1@$2 "cat
Hmm. My high-security, encrypted Internet phone doing VoIP.
Now, I have to ask the people in charge of Homeland Security: do you really, truly, honestly think that you have *any* hope of keeping anyone from writing such a two-line program? Any *IX user with a bit of experience could write this piece of software. In addition, the fact that it contains voice data is completely undetectable to the outside world, so there is no practical way to "catch" someone using such a system.
It is true that this is a very simple program, but it can also be very easily extended into a full-blown encrypted voice communication program, without the minor limitations here that make this annoying for day-to-day use. In addition, there are a vast number of extant Internet systems for communicating that cannot be wiretapped by the FBI -- PGP/GPG contains no back doors to allow wiretapping of email communications. Frost (on the Freenet platform) can disguise the very fact that an association exists between two users. These systems are rarely used, but they are also not hard to deploy, and if the FBI insists on forcing conventional voice communication to be breakable, there is little incentive not to use systems such as the one that I have demonstrated here.
May we never see th
I don't understand how this is enforcable - VoIP is an end-to-end system - no middlemen are needed. How are they going to stop me doing VoIP over an IPSEC connection?
http://blog.nexusuk.org
The guy was disobeying the cop who told him to go back to the licensed protest area. He refused to OBEY THE LAW.
Heay genius, if this guy violated the law then why the hell did the judge throw out the the case and scold the officer for the arrest?
He was arrested. Simple as that.
Yes, exactly! And it was an UNLAWFUL ARREST!
It was the officer who failed to obey the law!
The person who was arrested was a law-abiding victim of a false arrest.
However we are not talking about some rouge cop who made a mistake. He was obeying directives given to the entire police force. The Whitehouse administration/secret dervice issued these orders.
And if you keep reading you'll see we are hardly talking about a single arrest. We are talking about a multiple arrests at multiple places and multiple times. We are also talking about countless other people being intimidated and oppressed with threats of (unlawful) arrests. It has been a systematic willfull supression of speech and a violation of civil rights.
I'll give karma points if you can tell me how any cop walking down the street can just tell you to throw a book away.
Oh goodie! I get free karma points! Oh wait, I hit the karma-cap ages ago.
Try reading the bottom half of page two of the link. The part where the Crawford police cheif says that you can be arrested for wearing a button that simply says "Peace". Presumably you'd be just as arrestable for prominently carrying a book with a big-fat "Peace" on the cover.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
VOIP services such as Jeff Pulver's Free World Dialup operate as a peer to peer connection. The server is only there to establish the connection. It should be easy enough to encrypt the end points.
I personally use FWD to circumvent local toll charges from the money grubbing phone companies for calls made to a friend across town just outside of the localling area.
Perhaps I'm parenoid, but I don't need Home World Security, the FBI, or anybody else having the ability to monitor my VOIP calls. I'm also disturbed by the extensive key stroke logging that takes place at FWD. Every call that I initiate or receive whether or not completed gets logged. I had thought of circumventing the logging by simply running my own server, in effect establishing my own private network.
As far as making communications secure, I can do this now through an encrypted VPN connection. If VOIP wire tapping actually materializes, new secure protocols (VOIPs://, or PGP for VOIP) will surely rise to meet this challange.
The FCC ruling effects service providers - not private networks.
Since most, if not all, service provider VOIP networks have controlled access - then this is very doable from a voice tapping perspective.
The problem comes into play when you are talking about the wider internet and non-controlled access. End users could encrypt their data communications - even using IP tunneling in the form of VPN (virtual private network) in addition to multiple layers of encryption.
The authorities could sniff the packets - but wouldn't get much useful information. Further decryption would be required - which negates the 'instant access' that Federal Agents are seeking, and used to with the PSTN (public switched telephone network).
With the ubiquity of VPN - I think it would be problematic to bring a 'no encryption' rule into effect; businesses would squawk at the loss of flexibility and attendant profitability.
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain