VOIP Progress To Be Hobbled By Wiretap Costs?

vaporland writes "This article @ nytimes.com talks about the reasons that development of commercial VOIP may be stifled by the costs required to allow the federal government to listen in on conversations. It is the intention of the FBI, et al, to provide a truly unfunded mandate to force VOIP service providers to develop and provide this wiretap access to them at no cost to the U.S. government, which is to say, the consumer of VOIP will foot the bill for allowing the government to listen in on our phone calls. Perhaps they should just hire some script kiddies to show them how to do it on the cheap?"

Re:Better idea..

[TheRealMindChild]

Not necessarily. If it worked like PGP, the encryption could be done right on the phone. And just like it works today, you could use any phone, not just the phne companys.

Re:Better idea..

[Cato]

Skype already does this, and is of course growing at an amazing rate (see skype.com) - because the signalling and voice data may go through another computer or two before reaching the final computer, all calls are encrypted end to end. Will be interesting to see how the lawmakers deal with Skype (which is Luxembourg based and hence not governed by US regulations, unless it sets up a US subsidiary).

My post of the day (CALEA, VOIP, other stuff)

[telemonster]

Okay, the current system is called CALEA. I believe it consists of a Sun board in a generic box racked out at every landline, wireless and many large hotel (Vegas) switches. If you google for it there were some Phrack articles and other hack scene publications on them. I believe each one has a t1 interface, so that is 24 voice channels it can listen to. Maybe it can only redirect 12, as 12 other channels are required for redirection.

So now Vonage and Packet8 would have to drop these on their switches, assuming they properly support the standards that the CALEA boxes use. They should have the advantage of easily providing this ability from a single point, I'd imagine their servers are all in a few locations.

The funny thing is, you could just get a VOIP endpoint from a provider in a different country and wala, no CALEA. No fuss. Alot of long distance fees, though.

The last job I worked at, supposidly our employer or a related agency listened in on the home telephone conversations of an employee. The rumor I heard was that an employee was under the scope for downloading hacker utilities (a utility that determines if a host is up by pinging it?). Supervisor heard, called employee at home from his cell phone, both got nabbed, the supervisor for tipping off the employee. This was at the Navy's NMCI project. This was the rumor going around, and I don't know who the people were.

When we were younger we found what we guess were illegal phone tapes while xxx-99xx scanning. Too funny.

There are also rumors that CALEA boxes are insecure, have been owned, are connected to the internet and are using public IPs. Another conspiracy theory says they were implemented by companies that are foreign owned and were being unknowingly used to listen in on the president and led to premature release of the Monica Lewinsky audio to reporters. That is all conspiracy theory, search around. You never know, the gov't does some pretty dumb things sometime.

There is a good article in Business 2.0 about drug cartels using the data from phone switches to track federal agents and their people, by cross referencing phone numbers. They used an AS/400.

And in case you didn't know, you can listen to a Popeye's chicken drive thru in Southeastern Virginia live... open http://audio12.hrconnect.com:8000/popeyes.m3u in any mp3 player that supports internet streams/m3u playlists. Enjoy! Don't forget, EST time.

Re:Better idea..

[Alsee]

Surely your last point is prevented by the right to silence and the right not to incriminate yourself?

The US Supreme Court has already revoked your right to remain silent when a police officer asks you your name. Google: Hiibel

And in 2001 the US signed the Cybercrime Treaty, but fortunately the US Senate has not (yet) ratified it. There are a ton of problems with the treaty, from extensive wiretap/data_retention provisions, to requiring the US to issue such warrants and gather evidence and hand it over to foreign police - for activities which are LEGAL in the US (for example France could demand investigations and data for Nazi item auctions), it appears to turn copyright infringment into an extraditable criminal offence, criminalization of vital and fundamental software ("hacking tools").

Oh yeah, and it also says you shall be compelled to divulge your passwords, keys, and other information. And obviously the only way they can do that is by throwing you in prison if you attempt to remain silent.

While the treaty has been signed by 26 european nations, the US, Canada, South Africa, and Japan, it has only been ratified by Lithuania, Croatia, Estonia, Hungary and Albania. Of course Bush and the DOJ support it.

-