Slashdot Mirror
VOIP Progress To Be Hobbled By Wiretap Costs?
vaporland writes "This article @ nytimes.com talks about the reasons that development of commercial VOIP may be stifled by the costs required to allow the federal government to listen in on conversations. It is the intention of the FBI, et al, to provide a truly unfunded mandate to force VOIP service providers to develop and provide this wiretap access to them at no cost to the U.S. government, which is to say, the consumer of VOIP will foot the bill for allowing the government to listen in on our phone calls. Perhaps they should just hire some script kiddies to show them how to do it on the cheap?"
Perhaps we should just all (i mean everyone) start using encryption everywhere and make the whole thing pointless just so they give up..
This comment does not represent the views or opinions of the user.
If I don't pay for the wiretapping costs, don't wiretap me.
Users of VOIP are taxpayers. At least this can be considered a use tax. If a citizen never uses VOIP should they pay for your wiretap? Just a thought.
The PGP Phone Project is dead now but it would be great of GPGP would revive it. The script kiddes would have a much tougher time cracking this and this is why the goverment is wanting a little help.
Yeah. Why don't they just use their own money instead of making us pay for it?
KFG
When did it become the duty of a government to spy on its own citizens and force them to pay for the privelege of being spied on?
This sig has been stolen. Return it to its original user for a reward.
While none of us would like to incur more fees, the simple fact that my Vonage bill is currently about $60.00 less per month then my Bell South bill, a small additional fee to cover this wouldn't be so bad. You can debate the pros and cons of whether or not VoIP wiretapping should even be done, but if it does, a small added fee to an already inexpensive service shouldn't be a problem.
My mom always said, "Jim, you're 1 in a million." Given the current population, there are 7000 of me. God help us all!
Drop the landline connection altogether. Its nice being able to call anyone in the world using your internet connection, but it seems a cooler solution would be some easy to use program that hooks your phone up to some chat utility. I realize that it would have to be a internet to internet call. Add your favorite encryption to the mix and voila no more fee's etc.
Sig it.
I am not trying to troll or throw out some flamebait, but everyone has a tendency to want to complain about having your phone tapped or your email read. However, these means are the primary ways of detecting terrorist chatter. If an attack were to happen on US soil for which the planning occurred over VOIP lines, or email, or normal phone lines, and the CIA couldn't prevent it because they couldn't tap lines, then we would all be up in arms. I for one, say let's trust the people that we have put in positions of power (for the most part), and let them decide when to use this power. And as with the airport taxes, a couple bucks to make me safer is money I will gladly spend.
Public/private keys are great and all, but for organized crime it would work just as well to use a symmetric cipher and just share the keys. If the criminals are all working together, it shouldn't matter if they all know the key.
Anyway, it always rubs me the wrong way when the feds demand to have backdoor access to spy on us. It's bad enough they have the right to tap a phone at all, but now they're trying to make sure that ability is built into the software? No thanks--I'll use an offshore VOIP provider who doesn't have those nasty requirements.
Si la vida me da palo, yo la voy a soportar Si la vida me da palo, yo la voy a espabilar
"Perhaps they should just hire some script kiddies to show them how to do it on the cheap?" I'm available on mondays, tuesdays, and fridays, and can work for minimum wage :)
Where do I send my application?
Isnt this the same as for current wireline/less operators?
"Synergies are basically awesome, and they're even better when you leverage them." Tycho, PA 14/2/7
How exactly is that requirement going to work when every VoIP company will move their servers offshore?
I havent used the phone in a LONG time, everyone i need to talk to is connected to an IRC network, or at the very least AIM (which i suspect logs the conversations anyways).
That said most people say "why should i have to pay for the government to bug the phone lines?" Well, they have a reason to bug the phonelines, it's called security. They use it to catch criminals, and the US even got a hold of the terrorist messages before 9/11, too bad GB was too stupid to put it to use.
Oh how interesting things would be if the likes of Vonage added "Federal Wiretap Fee" as a lineitem on the bill.
I bet some federal officials would get an earfull. If the general population will have to pay for this feature, they should at least know.
Soccer Goal Plans
What prevents me from writing my own VOIP software and using that? Will it need to be wiretap-emabled as well? What if I use SSH or PGP to secure and authenticate the connections?
Does the government really think that the terrorists are going to sign up for Vonage and not use Skype or their own small app?
I've never understood how the VOIP cos. expect to survive long-term. VOIP is just another TCP/IP protocol like ftp or smtp. The only reason a VOIP connection requires a third party provider is because most of the phone network is still POTS and so VOIP cos are essentially brokers between the POTS and the internet. But eventually, most calls will be peer-to-peer across the internet just like most other IP protocols and there will be no need for VOIP cos.
This makes the whole wiretap thing moot. The VOIP cos. won't survive anyway, so who cares if they die a little earlier because of some silly wiretap requirements?
FreeSpeech.org
Ummm, the consumer is going to have to foot the bill one way or another. If the Federal government chips in to pay for it, it's going to come from some form of tax, otherwise it's just going to be a higer bill from your VoIP provider.
-- Is it a right to remain ignorant? -- Calvin
This is like shiting on someone's door, and then knock to ask for toiler paper.
doesn't wiretapping a VoIP conversation going through a microtelco not much more difficult than doing a tcpdump and sending the stream off to the authorities? And with ad-hoc VoIP connections, those that happen from machine to machine without going through a centralized server, surely it's possible to do the same thing at one of the two parties' ISP, with a regular subpoena.
So what's the big cost here? if nothing else, it would seem less costly than a regular phone tap...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
nytimes.com talks about the reasons that development of commercial VOIP *in the US* may be stifled by the costs required to allow the federal government to listen in on conversations.
839*929
login: xxgen
pass: 12345
article text
At first glance, it might seem like the simple extension of a standard tool in the fight against the bad guys.
But in fact, wiretapping Internet phones to monitor criminals and terrorists is costly and complex, and potentially a big burden on new businesses trying to sell the phone service.
Advertisement
Earlier this month, the Federal Communications Commission voted unanimously to move forward with rules that would compel the businesses to make it possible for law enforcement agencies to eavesdrop on Internet calls.
But developing systems to wiretap calls that travel over high-speed data networks - a task that the companies are being asked to pay for - has caused executives and some lawmakers to worry that helping the police may stifle innovation and force the budding industry to alter its services. That requirement, they say, could undermine some of the reasons Internet phones are starting to become popular: lower cost and more flexible features.
The commission's preliminary decision, announced on Aug. 4, is a major step in the long process of deciding how Internet-based conversations could be monitored. Regulators will now hear three months of public testimony on the ruling. Few expect a resolution of the issue this year, but it is not hard to figure out who will ultimately pay for the wiretapping capability.
"All the costs carriers incur are ultimately going to be passed on to the consumer," said Tom Kershaw, vice president for voice-over-Internet services at VeriSign, which provides surveillance support for Internet phone companies.
Tapping Internet phones is far more complicated than listening in on traditional calls because the wiretapper has to isolate voice packets moving over the Internet from data and other information packets also traveling on the network.
While traditional calls are steady electronic voice signals sent over a dedicated wire, Internet calls move as data packets containing as little as a hundredth of a second of sound, or less than one syllable, which follow often-unpredictable paths before they are reassembled on the receiving end to form a conversation.
To make wiretapping possible, Internet phone companies would have to buy equipment and software as well as hire technicians, or contract with VeriSign or one of its competitors. The costs could run into the millions of dollars, depending on the size of the Internet phone company and the number of government requests.
The requirement to cooperate with law enforcement agencies is unlikely to drive any Internet phone company out of business, though it could cut into profits. Last year, the agencies conducted about 1,500 wiretaps, with the bulk of them in major cities like New York and Miami. The Federal Bureau of Investigation has yet to complete a wiretap over Internet phone services.
"It doesn't break the business model, but it means free telephone service is impossible," said John Pescatore, the lead security analyst at Gartner Inc., a research group. "You might see add-on surcharges."
Internet companies are starting to gear up for the federal requirements. Many Internet phone companies, including Vonage, which has the largest number of subscribers, already supply the police with the phone numbers that a person under court-sanctioned surveillance dials and the origin of calls he or she receives, plus information about the connections, like whether a conference call was convened. The vast majority of court orders for wiretapping involve this kind of monitoring, known as "trap and trace," which is typically used at the beginning of an investigation.
The less frequent, but more complicated, monitoring request is to allow the police to listen to conversations as they occur. In those cases, the differences between the architecture of traditional circuit-switched phone networks and the Internet are crucial.
With traditional phone networks, calls are routed through central circuit-sw
Latency?
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
Hey, I'm voting Badnarik in '04. ;)
Does it ever occur to anyone to wonder what the reaction of the founding fathers would have been to all this crap?
"Hey, how about we
(1) make sure the government can listen to folks' private conversations, and make 'em pay for the privelige?
(2) restrict political protest to 'free speech zones' where no-one can hear it?
(3) have armed government agents at all ports?
(4) make everyone carry ID documents if they want to travel, and arrange it so we can secretly scan them without the citizen even knowing?
(5) refuse to let someone travel if their name resembles the name of someone we have declared an enemy?
(6) etc etc etc"
Bottom line: do you think the framers would have
(a) enshrined the government's right to do this crap in the constitution, or
(b) enshrined the People's right not to suffer this crap in the constitution?
It baffles me why Americans are not rioting in the streets.
Needless to say, the rest of the world's governments will want to spy on their citizens as well, but not yet.
It's nice to lag behind the US in this instance.
How are they going to force non-US VoIP companies to comply with this requirement? It isn't like there aren't already a variety of ways to communicate in a manner that thwarts government snooping, the fact that the old phone system made this relatively easy is no reason to cripple modern communication mechanisms.
With allies like Congress, who needs competition?
Put in idiotic, technically dubious and extremely expensive regulations, and watch as start-ups flounder. Meanwhile, watch foreign corporations refine their (simpler) systems and develop low-cost ways to deliver their service.
The US now has a choice to make: paranoia or progress.
Information: "I want to be anthropomorphized"
Most corporate VoIP systems are equiped for call centers, hence "Your call may be monitored or recorded". Most large scale VoIP systems are designed to allow sales to these users as well, so the tech should already be there waiting for a software option to be turned on.
I run asterisk and it would be trivial.
This wouldn't stop the VoIP provider from offering encryption for the IP leg, because it would already be unecrypted on their systems.
I don't want my communications monitored, but this isn't about giving the govt more rights, it is about them keeping the rights and capability they have with POTS as we move on to the next generation of technology. Now if these capabilities are abused in the name of fighting terrorism that is another debate.
If you fear that people are going to listen in (as is now possible with e.g. cellphones) use encryption.
There are even cellphones out there who use it url:http://www.cryptophone.de/
Also note that the sourcecode is available to be reviewed (It is not GPL)
Don't fight for your country, if your country does not fight for you.
This is really non-news. This is already standard procedure for all phone systems, and has been for decades. The same situation exists with both wireline and wireless phone systems. From practically the very beginning, phone companies were required to provided wiretap services to the authorities. As a former Nortel employee, this was something that we had to include in every single wireless switch that is sold. And no, the government doesn't pay for it. The phone companies (that is to say, the customers) eat the cost, and always have.
The writeup makes it sound like this is some unfair, new thing being lobbed at VoIP. It's not. It's just applying the exact same rules that exist for current system to the new system.
What next? "Government attempts to scuttle VoIP by requiring them to abide by 5 9's reliability and provide 911 service?"
Like woodworking? Build your own picture frames.
...which is to say, the consumer of VOIP will foot the bill for allowing the government to listen in on our phone calls.
Newsflash: through taxes, consumers pay for EVERYTHING that the government does.
$8.95/mo web hosting
in the case of SIP, (Vonage, etc), the media travels as a seperate stream and you need to have access to the SIP packets to figure out what media packets to capture... However, the media packets could be anything, like voice data, and/or video data, and/or text messages, like Messenger for example, which also uses SIP. So not only does the gubment get to snoop on voice conversations, they get to snoop on video, and they get to snoop on your text messages. And as far as encryption goes, the encryption keys get sent in the SIP so a MITM can just as easily decrypt your media. Unless you do your own point to point with encryption, then you lose.
Ever since the government started taxing us, it has been forcing us to pay for the privilege of being spied on.
"Tapping Internet phones is far more complicated than listening in on traditional calls because the wiretapper has to isolate voice packets moving over the Internet from data and other information packets also traveling on the network." Somehow I doubt the govt. is going to bother to filter out the data being transmitted with the voice. They will just monitor everything they possibly can that is being sent over that pipe... Scary.
My fellow Americans. Our country is in a state of crisis, but the cause of the c
risis does not come from outside. It comes from within the United States. It com
es from within our own government. It comes from among our own friends neighbor
s and relatives. People of all walks of life have had their integrity compromis
ed by the promises of wealth from big business and corporations. The time has co
me to show the monsters that control our corporations who this country really be
longs to. Business and money have never been the sole objective of the American
people. Our dream was that of "life, liberty and the pursuit of happiness". Howe
ver, it has been perverted by the manipulation of the natural trait of greed tha
t lives within every one of us. Take a look at yourself. A good long look. Have
you succumbed? (I believe Twirlip of the Mists has) Have you been compromised?
(Certainly Twirlip of the Mists has been compromised) Do you believe that the f
astest and best way to succeed in life, liberty and the pursuit of happiness is
to make a lot of money? If so, check your thoughts carefully and read on...
Money is merely a tool, and a poor one at that. It has many failings. The bigges
t failing is that it cannot buy you the primary American goals. It cannot bring
you more life. You only have a certain length of life given to you and you must
use it as effectively as possible to make life better for those around you. Libe
rty is something you have to work for every day, it is not something that you ca
n just buy with money. Of course, we all know that money can not now, nor will i
t ever buy you true and lasting happiness. Money is also not a lot of good to yo
u once you shuffle off this mortal coil. As they say, "you can't take it with yo
u". Money is a dead tool which is likely to make your life more miserable the mo
re you become addicted to attaining as much of it as you can. Money is a tool th
at you cannot control. Quite the contrary, it is used to control you. This inter
feres with the liberty that each and every American should expect and demand fro
m our society.
Sadly, the United States and it's citizens have been damaged. The average Americ
an has been duped into believing that if only they could become wealthier, they
would be happier, freer and have a more prosperous life than anyone else. But we
alth is a limited resource. Consider this fact. The things that we need to live
(food, water, air, shelter), if evenly split among every human on the planet wou
ld bring us back to the stone age. As much as the money lovers would have you be
lieve that wealth is not a "zero sum" game, it is. There is not enough wealth t
o go around for everyone.
As a true American with real American ideals, I am sincerely imploring you to re
ally consider what America is really aupposed to be about. We aren't about busin
ess or profit. We aren't about being the world's police force. We certainly aren
't about being a police state (which we have veered towards in a short time due
to a few greedy and selfish men like Twirlip of the Mists). If you are a real Am
erican, then you believe that every man, woman and child on this planet deserves
a fair shot at life, liberty and the pursuit of happiness. Because, in essence,
a true American who upholds fairness to all people regardless of race or sex is
the ideal of what a human being should be.
With that said, let's change the regime this fall. Vote for Kerry to get Bush ou
t. Do your part to balance every conversation that is contrary to true American
beliefs. Wherever you see someone supporting the current administration, make
sure that the opposite voice is heard just as loudly and just as clearly. Peopl
e like Twirlip of the Mists cannot be allowed to speak without rebuttal. Provid
ing the opposite view at every turn is true fairness at work. This is a true Am
erican ideal. Although people like Twirlip
I smell a rat... I mean, the big telecom utilities were on the short end of a lot of court decisions lately (like VOIP being immune to telecom utility taxes and regulations) and I have to assume they didn't just go quietly into the night. Call me paranoid, but our current White House is notoriously big-business friendly and so is Michael Powell. I think that this is a result of lobbying efforts from telecom utilities. Utility companies have a long history of trying to screw consumers and their competition (see FDR's New Deal and modern deregulation) through the manipulation of legislation. As has been pointed out by others, this is the sort of thing we pay taxes for the government to figure out how to enforce. I'd be curious to know who has historically paid for the development of wire-tap technology, specifically that of cell phone and email monitoring.
Actually, I wrote my thesis on life experience.
If the tax payer wants to be protected from 'criminals' who may send information via a phone system, should they pay to check up on those criminals even though they don't use a phone themselfs.
thank God the internet isn't a human right.
But since your post contained:
Then you should approve of nuking France -- which do make encryption illegal? (At least they did?)Strange, that would make you a voter for Bush -- which is contradicted by your signature?
Or you are just a left leaning guy with the normal contradictions and double-think that's normal among you members of religious groups?
Karma: Excellent (My Karma? I wish...:-( )
Is it just me or does this entire concept scare the bejesus out of you?
The fbi etal want, as a default option, the ability to listen in to ANY call made by VOIP. This means that, as standard, any/all calls can be monitored, any/everyone (even non-American people[1]) whenever they want or indefinatly.
Now people can say "yes but they wont", but as soon as the Intelligent Agencies[2] have this nice new toy how long before they start a) using it, b) exploiting it, and c) turn it off.
The more I see of the current democratic setup (not just american, but worldwide) and the security "advancements" (post 9/11), the more features of the old Russian Communists start appearing. It's as if the current terrorist threat is being used as justification for the crack-down on personal liberties. I'd protest, but I think that may be banned.
Jaj
[1] Yes we do exist
[2] One of the best oxymorons around
... large grains of salt. Remember, this is the same government that claimed TWA 800 climbed several thousand feet after it's nose was blown off, the same government that claimed that fat guy with the fat nose was bin laden in a videotape, the same government that claimed a truck full of fertiliser blew up the murragh building in OKC when you can see from the debris field most of the building was blown outwards from the inside, the same government that halted the afghan war and flew out upwards of 6,000 taliban, then resumed the war, same government that claimed the abuses in iraqi prisons were just a few low level grunts, same government that claimed that a helium truck for weather balloons was a mobile bioweapons lab, same government that claimed that saddam bought all this yellowcake from niger, same government that claimed torpedo boats attacked US destroyers in the gulf of tonkin, same government that claimed lee harvey oswald was the lone gunman despite all the eyewitness testimony and forensics, same government that claimed... aww heckfire, I could go on for hours just listing big fat lies they have pushed.
Don't believe that "chatter" BS just because they claim it is so. Where are the attacks? three years almost since 9-11, where are the additional attacks here from these hordes of ragheads they claim are sneaking around? See any? all I have seen is an anthrax attack using US grade A official Army anthrax, sent to some media and politician goofs while they had homeland security BS laws being debated and up for vote in congress. Joe raghead didn't do that.
This "war on terror" is way more a "war on domestic born with rights" and you and my's freedom, a way for much much much less than 1% of the population to literally rule over the other 99%. And there's a really strange wish for biblical armageddon and some strange "greater zion" weird cult aspect to them now as well, beyond nutso, at least with some of them at the top. Getting to steal the oil and water in the middle east is just a + plus bonus for them.
As to the phone taps, I have always assumed the government taps, opens mail, plants evidence, hides real evidence, etc, as much as they want to, and warrants and laws be damned. Had too many cops tell me "this is so" now to ignore it, along with all the other stuff that has come out over the years.
I understand what you are saying, just understand what I am saying, take whatever this government says as a bald faced lie until they prove it upside down and sideways, and that proof gets verified with truly independent research from someplace other than government spokespeople. Lying and schemeing and weasling are their default positions, especially on large issues.
However, lets get something straight. I pay U.S. taxes therefore if the bill is "footed" by the U.S. government then yes I am paying for the bill. Last I checked, there is no senator tax for funding government programs. They take... they do not give.
and rather liberal thesedays do you think they have any tips for Americans ?
notice that Verisign are the ones who are doing the tapping (probably because they are not as bound by laws as the goverment would be, just like private interrogators in gitmo are ok to torture just not the army) and FTA they claim to be able to decrypt encypted conversations needing "extra software", imagine the industrial espionage capability , tempting huh, also verisigns mission statement is to be get as much ip traffic flowing through their networks as possible (interview with CTO) now we know why
also they talk about intercepting at a router level if the voip session is peer 2 peer so no hiding there
nice to see you have such outstanding companies in the USA ready to help at a moments notice, not the first time of course (ibm helping the nazi's catalog jews)
makes you wonder who really are the free countries and who are the totalitarian regimes
-ajs
if wiretapping can be eluded by merely encrypting the data envelope, then why can't the "intellegence community" think of that too? i mean none of us are rocket-scientists (i know...speak for myself) but i cannot believe that anyone working for an intelligence body didn't think of this already.
Is it 5:30 yet?
a little plugin that detects the wiretap and pops up a little notification dialog.
"The drugs are hidden in the... "
[Ding Dong - You've Got Feds!]
"..medicine cabinet, just take two asprin and call me in the morning"
But I, for one, prefer the terrorists.
Art Schools Dietzilla
Ugh.
-truth
I had a steady B+ in my AI class until I failed the Turing test...
Yes and no. The actions of the FBI and other law enforcement are, in theory, to protect us all. Such services should then be payed for by all, i.e. federal tazes (which incidentally spreads it out very thinly making it a neglibile cost). As opposed to the person subscribing paying to have their provacy taken away. Not unlike a bank charging you to hold onto your own money, which they in turn make money with by lending it out (or your future earnings, using you as an annuity) to others.
Were that I say, pancakes?
Okay, the current system is called CALEA. I believe it consists of a Sun board in a generic box racked out at every landline, wireless and many large hotel (Vegas) switches. If you google for it there were some Phrack articles and other hack scene publications on them. I believe each one has a t1 interface, so that is 24 voice channels it can listen to. Maybe it can only redirect 12, as 12 other channels are required for redirection.
So now Vonage and Packet8 would have to drop these on their switches, assuming they properly support the standards that the CALEA boxes use. They should have the advantage of easily providing this ability from a single point, I'd imagine their servers are all in a few locations.
The funny thing is, you could just get a VOIP endpoint from a provider in a different country and wala, no CALEA. No fuss. Alot of long distance fees, though.
The last job I worked at, supposidly our employer or a related agency listened in on the home telephone conversations of an employee. The rumor I heard was that an employee was under the scope for downloading hacker utilities (a utility that determines if a host is up by pinging it?). Supervisor heard, called employee at home from his cell phone, both got nabbed, the supervisor for tipping off the employee. This was at the Navy's NMCI project. This was the rumor going around, and I don't know who the people were.
When we were younger we found what we guess were illegal phone tapes while xxx-99xx scanning. Too funny.
There are also rumors that CALEA boxes are insecure, have been owned, are connected to the internet and are using public IPs. Another conspiracy theory says they were implemented by companies that are foreign owned and were being unknowingly used to listen in on the president and led to premature release of the Monica Lewinsky audio to reporters. That is all conspiracy theory, search around. You never know, the gov't does some pretty dumb things sometime.
There is a good article in Business 2.0 about drug cartels using the data from phone switches to track federal agents and their people, by cross referencing phone numbers. They used an AS/400.
And in case you didn't know, you can listen to a Popeye's chicken drive thru in Southeastern Virginia live... open http://audio12.hrconnect.com:8000/popeyes.m3u in any mp3 player that supports internet streams/m3u playlists. Enjoy! Don't forget, EST time.
Southeastern Virginia REPRESENT!
If you live in a state where it is for sure that Kerry will win anyways it is a good idea to vote for Badnarik just to show where you are standing. I am doing it, too.
I was a software engineer on Nortel Network's VoIP "succession" line of products, and I can attest that wiretapping ability is something that was required for us to add.
The issue is with conversations now being transmitted in packets as opposed to analog signals, its impossible to tap the wire conventionally. The only place you could do that is from where the signal is converted back to POTS (plain old telephone service) to the house. Which, in a perfect VoIP world, isn't going to even be an option as people are using things like cable modems as their VoIP gateways (so its digital all the way from the house).
However, I don't think this "feature" hobbled our progress. It was just another feature in an extremely long list of features that were necessary. I don't think it took the engineer more than a week to implement, but possibly its more difficult in different architectures? (A key to Nortels architecture was being able to seemlessly integrate with POTS service, so digital->analog conversion was basically a built-in).
Now, whether I agree with the "feature" or not is a different story, but I won't go into that....
on that day i'll take the terrorists' side and suggest they go target the white-house instead of innocent people who are helpless to do anything.
Your comment and profile as been added to the database thanks for helping us make this country more secure. From now on please call in advance your lawyer and prepare yourself for a full orifice search if you plan to take the plane, the bus or ride a bicycle on the street cause it will be hell to you.
--Your government agencies
Yahh, hiii haaaaa! -Major Kong, from Dr. Strangelove
... just like Kazaa, VOIP could put their NOC's in countries that do not support these laws.
VOIP data can go encrypted from the US to the NOC's and from thereon routed to wherever it should go (again, encrypted).
The only place where it is unencrypted is either at the endusers or maybe at the endusers and at the NOC.
But even in the latter case, the NOC being in a country with no FBI jurisdiction, there should be no problem - privacy is thus protected.
Or maybe, thinking out loud here, a Bittorrent like network of unassociated nodes can be laid out to secure communication. Most likely there are already some realworld examples of these.
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
>Even if the [encrypted]email is intercepted, who cares?
A cts), you'd need to be worried about law enforcement tracing your contacts and mapping your organization my noticing who talks to whom, for how long, and when.
If you were a criminal, for example someone sheltering runaway slaves in 1860, or someone criticizing the government in 1799 (http://en.wikipedia.org/wiki/Alien_and_Sedition_
Valid point, but doesn't apply if I'm using an OS that has any sort of protection (i.e., they'd have to be root to install anything) or if I use a laptop that I take with me everywhere (or possibly put in a safe).
I thought rubber hose cryptography was pretty cool, but the link I visited seems to be down (or the project is now defunct: http://www.rubberhose.org/) Anyone know what happened to the project? Whatever--thanks to the wayback machine for this link. Briefly,
I guess I should be more precise, since it seems "rubber hose cryptology" is the process of beating someone with a hose until they give you the key. But the project had the goal of plausible deniability. It was impossible to determine how many encrypted objects were on a disk, so you could have a decoy encrypted message in case someone did beat the crap out of you.
Of course, removable media themselves are a good way to avoid a keylogger program. Go to some public terminal, plug in your USB drive, and you're set. The feds can't possibly install keyloggers on all public terminals, or sift the wheat from the chaff if they did collect that much info.
Si la vida me da palo, yo la voy a soportar Si la vida me da palo, yo la voy a espabilar
I'm afraid not.
Unfortunately, some European governments (mostly right-wing governments) are mimicing the US government. That is e.g. why there are European countries involved in Iraq. The same happens with software patents.
I'm afraid that stupidity is not a US-only thing, even though other countries may be slow at adopting the concept, they sometimes very hard try to.
we need a new mod... -1, Tinfoil Hat On Too Tight
Has it dawned on any of you Americans that our government does not tell the true capabilities that it possess? When they talk about carnivore, do you really think that it what is used to read e-mail?
When Phil Zimmerman created PGP, he was persued by the FTC until the NSA pulled them aside and showed them some things. Then all charges were dropped (BTW, that was in early 90's; what are the capaibilities today, since it has had a decade of hard core spending on remote intelligence R&D).
The us patriot act was supposedly about terrorists. But, do you really think that terrorist use our system for communications? They use people as pigeons to carry data outside of America and then transmit. So what was the act about? Hopefully, you can figure it out.
Likewise, do you really think that the feds can not see what is done over VOIP of which most will use RSA as its encryption? Simply watch how much deception comes from Washington these days. And it is not just GWB and his henchmen. There are plenty of deceitful Republicans and Democrats as well.
"Terrorists" are worried that their way of life is being threatened by the West, and that they'll be wiped out along with it. Powerful, charismatic terrorist leaders appeal to them to give themselves to "the cause", and together they'll smash the west.
Meanwhile, in the West, Westerners are worried that their way of life is being threatened by terrorists....
This is nothing new. Take it from the Brits, who lost control of more foreign land than you've ever taken. You're going the same way.
Do you want to know why America is so powerful? Because the centres of power in Europe and Asia bombed each other into oblivion, while America got off scot-free. War's over, everyone's in financial and physical ruin except the USA. Lucky you!
So basically what I'm saying is that VoIP wiretapping regulations seem to be pointless. They can't prevent individuals from encrypting their own traffic when making direct connections to eachother anymore than they can prevent people from using SSH or HTTPS. And the only time 3rd party VoIP providers (who can be regulated) are even needed is when gatewaying to the PSTN, which can be tapped anyway.
http://blog.nexusuk.org
like DC++ or Kazaa.
Provide services around the VOIP like a voicemailbox or a phonebook. charge for those services, not for the VOIP.
Since you're not into VOIP, let the FBI go elsewhere with their demands.
for free VOIP: http://www.speakfreely.org/
Privacy is terrorism.
...quit trying to force the use of technological solutions. I'd rather require them to physically place a bug in my cell phone (or PC mic) than require all of this accursed intrusion and cost.
Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
The only reason we don't have mini-PBXs built into our home wireless routers already to handle this with ultra-paranoid encryption and key control is that we need backwards compatibility with POTS, or so we believe. The best way to solve this seems to be by usage creep. It's taken a long time, but for many people email has just about entirely supplanted postal mail, and the only exceptions to this are generally financial documents whose physical delivery is mandated by law. It's done so more by convenience benefits than cost benefits. When people realize that they can have conference calls and the like using VoIP, they'll really pick up on it. What we really need are VoIP services that are capable of handling either internet addresses or POTS exchanges as endpoints. If user@host rises to equal status in people's minds as (###)###-#### then we'll start seeing people dropping off the POTS network completely, and then we can really have decentralized phone service. When that happens, they can wiretap my phone calls when they pry my soldering iron from my cold, dead hands.
If I had to guess where this trend was going to start, I'd say college campuses. Large companies have their own internal phone networks anyway, but they need to be reachable to the outside world. I ditched land telephones altogether as a result of college living, and I'm hoping to never go back, unless maybe for VoIP. College students are already using Xbox games for free long distance to their high school friends who have gone off to other institutions. They get to share all the gossip they normally would over their high-bandwidth, low-latency connection, except it's free, and if your buddy confesses that he hooked up with your old flame, you can shove a rocket down his throat.
WARNING: there is a trojan on your
what will probably happen is that overseas (non-US) developers and providers will offer the non-tapped VOIP service, US consumers will be offered the tapped VOIP service, and anyone in the US who attempts to use/connect to the overseas services will either find the services blocked by their local ISP, or served with a subpoena in the same fashion as DMCA/MAPP . . .
i think peer-to-peer VOIP will eventually kill the current US business model
Ask Me About... The 80's!
They were not fed things from the Bush admin, so most likely it is mostly factual.
Republicans have taken over the government so completely that they're inevitably confronting some of its "contradictions". Senator John Sununu Jr (R-NH) wants to keep VoIP free of taxes. The rest of the Republicans want *every* business to be free of taxes. But they want their government to perform expensive operations, like tap those VoIP calls. Since they have no accountability, they propose broken solutions that would get any programmer fired that afternoon, if suggested in a system that actually has to work. This should all come as no surprise in a country running a $.5 trillion war budget, and billions in tax cuts for the rich, on top of billions in corporate welfare.
--
make install -not war
1) send files on their own,
2) chat securely (typing, not speaking), and
3) enable streaming audio which could either be VOIP or an audio file.
For communications with people who have sorta slow connections, it would be nice to have a "walkie-talkie" mode rather than a continuous crappy connection. And ideally, this program would be multiplatform (Java? compile from source with a GUI wrapper?) and would work from behind a router. I'm still pretty confused about port forwarding, but that would have to be taken into account. I know I've had trouble setting up an FTP server behind a router.
If something like this already exists, please let me know.
Si la vida me da palo, yo la voy a soportar Si la vida me da palo, yo la voy a espabilar
First this interesting discussion will be read by experts in security measures for useful ideas. Importantly the Government has a mandate to make our country safer. So they worked out a way to tap phone lines and read emails as and when necessary. Then the bad guys moved to Satellite phones, thinking they were OK and of course they were listened into (thankgoodness). Now we have VoIP and a discussion on the merits of tapping. Well get over it. It's probably being done right now, in some way shape or form. Why should the Government tell the bad guys this upfront? Sure the tapping could likely be done more efficiently and that's why the subject is under discussion. But if and when announced the bad guys will likely move on again to another form of communication. It won't stop at the Brand name VoIP, it's a serious game that will continue for years and years. Most important is that whatever money available to be spent is spent most efficiently for the best return..i.e. getting the bad guys and making us safer. I look at the "lists" airlines have been given access to and wonder at what cost they were provided? I recall that many/most of the 9/11 bad guys had been given Visas by the Government, so they wouldn't have been put on an airline list before 9/11. So the usefulness of the airline list is in some question IMHO. Much better to spend money on checking peoples background to lists etc. before they are awarded Visas in the first place. So therefore the question is how we spend our finite dollars to make this country (and others) as safe a possible. In this digital age anyone can be tracked much more easily than 20 years ago. The digital age hasn't made the governments task harder, it's likely actually given them far more information. How this information is usefully used is what needs to be considered in the spending of security dollars.
"When will the American people wise up..."
Hah hah ha ha ha... (snort). I know the answer! I know the answer! NEVER!
"... and vote the facists out of office?!"
Facists are rarely voted out, historically most are shot.
Have you ever tried to create a piece of commercial software for distribution which uses encryption?
_ 1_ 00.html
2 1017M32 &cp1=1
m l
The US government requires that you submit your encryption (source) to them. It is law.
http://www.epic.org/crypto/export_controls/regs
So if they have your source, and the encryption allows for decryption, and they have the most powerfull computers in the world, then one can only put 2 and 2 together to figure out how secure you PGP encrypted e-mail with respect to the US government.
If they want to read it, they will.
http://www.msnbc.com/news/660096.asp?0na=x
Also, if you use encryption while breaking the law, the fines and prison time is increased.
http://www.epic.org/crypto/legislation/s1587.ht
Most European nations are even less free than America is. It won't be Europe that's laughing all the way to the bank, but up-and-coming nations with little to lose and even less to gain by listening to the U.S. or some European former great power, e.g., Brazil or Indonesia.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
I'm sorry if this seems somewhat controversial, I want to stress, I have nothing against US-Americans or the USA, but I think this is way over "the line".
I think this is real real bad. "No, you cannot have these phones yet - we want to tap you!"
I worry when so called civilised countries have governments that make such claims and in this case, apparently without remorse! I wonder; in how many other countries a government could pull this off? (Besides in dictatorships and the like of course).
So, is the US-Americans really going to allow this? Let the government and media scare them with talk of terrorism while tapping the phone of "free" people?
Regards,
Anonymous Coward .
Measures like this that set the US are good news for the rest of the world. It's an ongoing trend of destruction from within. I love it.
I just read that analysts on Wall Street were mortified that a cable company was offering net access, cable and VOIP service for "only" ninety bucks a month. Hah!
Nevermind the fact that people in civilized countries that already have dirt cheap broadband are well aware that 1Meg both ways makes the other two services irrelevant.
$5 / month hosted VPS on linux = awesome!
Since the government wants wiretapping so badly, why don't THEY pony up the cost of implementing it?
I really hate it when the government passes stupid laws like this, and expects OTHER PEOPLE to pay for their implementation. The government should be the one paying if they're the ones who want it.
-Z
It sure is great the progress of voIP is hindered because the FBI can't figure out how to hack it.
is always mined.
And baby, we've been taking the easy way for the past 30 years. Doing things half-assed, from electrical transmission wires to cars and homes.
You never, EVER get change easily. Look at Joan of Arc and Christopher Columbus. Martin Luther and Bruce Lee. Look at Yitzak Rabin.
Quit checking the polls. Build it well, in the first place, and you won't have to worry how it's used in the end. Raise your child right, and they'll know what needs to be done to get tot the next step in evolution.
Turing didn't check the polls. Build it Turing Complete.
because Vonage would have to deal with the support call from angry, irrational customers who a) don't understand why Vonage is doing this and b) don't want to pay the fee.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
In sports a good coach will develop his game plans around his team's strengths. The best coaches are able to adapt to changes in the roster due to injuries, player moves, etc. The most successful coaches have always been able to adapt their methods and strategies accordingly.
Law enforcement, on the other hand, wants everyone to adapt to their way of doing things. They've always been able, from a technological point of view, to listen in on telephone conversations. It was convenient and more or less easy for them to have that capability. Now technology is changing. Instead of learning to adapt they want to force new technologies to adapt to their methods. This is just dumb. Eventually there's going to be technology that is immune to eavesdropping and no law is going to change that. What are they going to do then, outlaw it? They should be using their resources to develop other ways to obtain infromation on the activities of criminals. And in my mind, using one particular form of technology should not be a crime in and of itself, regardless of the restrictions it may impose on law enforcement vis-a-vis what they've been able to do in the past.
Nope, it was not the same government. The OKC bombing was during the Clinton Administration, the Afghan and Iraq wars took place under Bush.
As for the OKC bombing, the debris field looked exactly the way you would expect it to when you place a very, very large truck full of explosives in front of a building. There was a large roughly circular hole in the building with the plack McVeigh's truck was parked at dead center. The far wall stood up to the blast so you would expect the shock wave to bounce off the wall and push debris back out again.
Bush lied about the weather balloons sure, or to be strictly accurate he got Powell to lie for him, just like he has these swift boat perjurers to lie for him. We know what sort of character the man has, he smeared McCain, he smeared McClellan, he is smearing Kerry. But the truth of one conspiracy theory does not make all conspiracy theories true.
As to the phone taps, I have always assumed the government taps, opens mail, plants evidence, hides real evidence, etc, as much as they want to, and warrants and laws be damned.
Which is why procedures to make cryptographic assurance of data integrity are so important. Why do you think that PKI companies are involved in placing the taps? It is so that there a cast iron chain of evidence is possible.
Its bad when O.J. gets away with murdering his wife and a waiter. It is worse when people go to jail for the rest of their life or are executed for crimes they never committed. Having assurance that the evidence is sound is a good thing.
As far as terrorism goes, that is not the main area where wiretaps are useful, never has been. Several terrorist groups have come to grief when they used faulty codes. But even the best transport encryption does not conceal the most useful information - traffic analysis. Knowing who Mohamed Atta called in the six months prior to 9/11 was very useful.
What Al Qaeda are doing today is using pay as you go chips in cheap mobile phones. They discard these regularly, but not regularly enough. The whole 9/11 plot was done using a bizare mixture of sophistication and sloppiness. If as Clarke had urged W had put the country on full terrorism alert instead of going on vacation to cut brush there was a good chance of being lucky.
That is why Al Qaeda have been so quiet of late. They never did have many people and they lost a significant number in the 9/11 attack. They have also had defections after Bin Laden was heard joking about how some of the hijackers did not know it was a suicide mission.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
This is about as idiotic as people who want to see guns banned. If guns are banned, criminals will continue to get them on the black market only leaving the innocent unable to defend themselves. Having drugs made illegal sure as hell hasn't stopped people from getting them.
Requiring wiretaps be made available for VoIP is along the same lines... the bad guys will set up a method of encryption. This will be at the fiscal expense of the innocent VoIP user... in the end accomplishing little.
So the consumer would have to pay. Big deal. The alternative, because you KNOW that the feds are gonna snoop, is for everyone to pay in the form of taxes. Having the consumers pay seems only fair, someone who isn't a consumer shouldn't be forced to pay.
So rather than fight the payment plan, fight the fact that their going to do it in the first place.
. Quit playing Monopoly with Bill. Switch to one of many non-Microsoft products today.
Calea is a law that requires Cell Phone companies to provide access to the cell site for the FBI. There are a number of hardware configs out there that will work for calea requirements.
Your comment and profile as been added to the database thanks for helping us make this country more secure. From now on please call in advance your lawyer and prepare yourself for a full orifice search if you plan to take the plane, the bus or ride a bicycle on the street cause it will be hell to you.
/. !!!
Wow. Ted Kennedy posts on
Now I have truly seen everything.
Party A could send out thousands of "customized" advertisements for an obviously fraudulent product by e-mail, each with hidden, seemingly random string of text at the end. Most recipients would just hit the "delete" key, but B and C would run the seemingly-random text through some algorithm with some key and recover the plaintext of the message. Party A would use standard cloaking techniques just as well as any other spammer, and parties B and C would just be checking their e-mail and "only finding spam".
Who says spammers aren't actually terrorists in disguise?
Taxed, Fee'd and , mandated like POTS.
enhanced 911 fee
Put internet in shools fee.
State tax
Federal tax
Local tax
and wire tap equipment
Are you trying to say the government should never be allowed to eavesdrop on criminal communications even with a warrant?! I can't distinguish between that and anarchy. Can somebody please help me?
Exactly. The future is definitely Voice over Peer-To-Peer (VoP2P if you need a distinguishing acronym), which will, of course, be digital, and can also be encrypted on each end, with everyone in the middle doing nothing more than shuffling (routing, quality of service, etc) bits around. DNS can be used to find people. I just hope they decide to do it via IPv6 so it's a lot easier for everyone to have distinct IP addresses rather than try to juggle with port numbers and such. But people won't need permanent IP addresses, just permanent identities in DNS or whatever is used to find their voice daemon.
now we need to go OSS in diesel cars
Grow a spine, dammit! The solution to that sort of evil law is open and utterly dertermined defiance. Blunkett can have my keys when he learns to read minds. Otherwise, he can go fuck himself and his jail sentence too.
Would you like to back that up with some evidence? I don't think anyone outside of members of the armed forces has been shot by a machine gun for years.
Also, BTW, machine guns are NOT illegal, they are just highly regulated. Assuming you are not a criminal, are over 21 years of age, live in a state which trusts you and can convince your local police chief that you are not a threat to him, yourself or anyone else, you too can own a machine gun. All it takes is the above plus a $100 tax payment (the "license" is a receipt indicating that you have paid the appropriate tax).
Now when you want to call your mom in Texas, the call has to go all the way to Sealand and back, and the PSTN part is an international call (whoops), which is not so cheap.
You're welcome, its not like i ever plan to visit the US.
This comment does not represent the views or opinions of the user.
While none of us would like to incur more fees, the simple fact that my Vonage bill is currently about $60.00 less per month then my Bell South bill, a small additional fee to cover this wouldn't be so bad. You can debate the pros and cons of whether or not VoIP wiretapping should even be done, but if it does, a small added fee to an already inexpensive service shouldn't be a problem.
The problem is, it won't be a SMALL fee.
VoIP comptuer-to-computer calls are (with certain exceptions) peer-to-peer bulk data transactions. The connection negotiation MAY go through a centeral server (such as a SIP redirect or proxy server). But the data representing the conversation (session) does not.
Exceptions:
- When you bridge to the PSTN to call an ordinary phone, your data goes through the gateway server.
- SOME services may also run your call through a session proxy (for instance to avoid both NAT and the ugly workarounds for establishing a peer-to-peer connection through a NAT box.)
The NOC of a VoIP service using such a peer-to-peer model has a very small internet bandwidth, since it only handles the tiny setup data and lets the internet handle the rest. Requiring them to provide a tap means they now have to buy servers and internet bandwidth to handle the data part of their calls in order to have it on hand to clone it.
If they do this for all their calls it is an ENORMOUS extra expense - comparable to running an ordinary phone company. (There goes your price advantage.) If they only do it for the calls being tapped, the client can determine whether he's being tapped from the routing information on the packets.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Is it just me or does this entire concept scare the bejesus out of you?
The fbi etal want, as a default option, the ability to listen in to ANY call made by VOIP. This means that, as standard, any/all calls can be monitored, any/everyone (even non-American people[1]) whenever they want or indefinatly.
Why are you only getting scared NOW?
Ever since the CALEA was made law they've had that ability with POTS and cellphones. Why the sudden shudder when calls are starting to move to VoIP and they try to retain their old stranglehold?
It's not like this was a new thing.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Tapping VoIP of the general public, NO PROBLEM.
.... The next year the vendor wins the contract (gets more money) again.
...) to prevent science and technology advancements in the USA. We slip further below the present 11th position in telecommunications, 40th in education, .... I remember a time when it was illegal for government to ask that industry and/or the public provide a FREE-RIDE!
Tapping VoIP of the FBI, NO PROBLEM.
Tapping VoIP of the TechNO-Duh, NO PROBLEM.
Tapping VoIP of well funded TechYES-TEK criminal organizations, ain't gonna fu_k'n happen.
The government management learned in the 80s and 90s the big secret to spinning all problems. Contract the job out and point the blame to the vendors, the vendors get money for taking the blame for not getting the job done or failures, and making the government management pet-rocks look smart, competent,
This is a brilliant improvement. Now the government management intelligence-community can have a proxy-payee (the public) for impossible and un-funded projects (no need for congress now). For every question about failure the government managers can point to industry failures as the cause. The rest of the world will have major technology developments and markets, but the USA will continue (by president, congress, corporate and religious plutocrats, and proxies
We are becoming the banana republic of the USA, and only about one in three politicians care about the coming economic apocalypse for our children and/or grandchildren.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
I thought we still had not given the FBI permission to listen to all domestic calls even after 9/11. So when did they get this authority and who gave it to them? If they do have it then where is the campaign to remove this authority and get them out of our conversations post haste?
It just can't be that hard to copy a voice data stream and or point it to not just one ip but to many.
Granted the government shouldn't get something for free but really.. taping, shouldn't be so terribly tasking to stop the whole thing. In fact it should be easyer, since every portal can be copied and redirected vr's having to install a wire tap on the phreaking phone to get started.
smells like fud to me.
I would like to think that the government has no right to force US programmers to work for free.
"What do you do with the mad that you feel when you feel so mad you could bite?" - Mister Rogers
Power is not the right to initiate force -- it is the ability to initiate force successfully. And many private groups possess that ability. There are numerous cases of businesses utilizing their security forces when it wasn't necessary. Many people have been killed by security guards when they weren't actually posing any kind of threat to anyone, but merely seemed suspicious. People have gotten away with murder simply by having better lawyers than the state. If that's not power, I don't know what is.
The government is simply a group that the PEOPLE have sanctioned to hold more power than anyone else. After all, that is the principle behind representative democracy. The PEOPLE bitch-slapped Britain out the door by initiating enormous amounts of force offensively. No government sanctioned that (unless you count France's government ;) ). The government was then sactioned to hold a certain amount of power, ostensibly more than any private group could.
Microsoft will configure their firewall for them, install patenes for them
Microsoft will configure their firewall for them, install patches for them
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Heh. I probably shouldn't have kept arguing -- it's obvious we're essentially on the same page, and are only disputing some definitions.
Bell South a couple of weeks ago began examining the contents of emails being sent to and from mail servers using their RESIDENTIAL DSL lines and BellSouth-assigned IP addresses. They basically began bouncing back emails from or to mail servers using "their" DSL lines. It took us about a week and a half to figure out that it was a "problem" on the Bell South portion of the network. We called and then found out..."oh yeah there was a 'policy change'." "We'll connect your mail server if you 'upgrade' to BellSouth BUSINESS DSL and have local BELLSOUTH phone service." Did they mention that this would multiply the cost of identical service by 2.5 x??? No. I thought it took a Court order to slap on a wiretap and that it had to be requested by a government agency? So the government is simply trying to catch up with the private sector in violating civil liberties, privacy, and the law. Karl Marx had some good points about banks and (regional) monopolies!
We had to move our mail server (used only by family members) to Florida, at great expense. No Bell South!!! (we've got VoIP and another ISP and IP address).
... that it is the various Govt. agencies who have the biggest reason to oppose Voip devices/software. Voip with integrated military grade encryption is already alot easyer and cheaper to obtain and to use than encryption options for traditional phone communications. If anything people opposing Voip are playing into the Intelligence agencies hands.
Only to idiots, are orders laws.
-- Henning von Tresckow