VOIP Progress To Be Hobbled By Wiretap Costs?

vaporland writes "This article @ nytimes.com talks about the reasons that development of commercial VOIP may be stifled by the costs required to allow the federal government to listen in on conversations. It is the intention of the FBI, et al, to provide a truly unfunded mandate to force VOIP service providers to develop and provide this wiretap access to them at no cost to the U.S. government, which is to say, the consumer of VOIP will foot the bill for allowing the government to listen in on our phone calls. Perhaps they should just hire some script kiddies to show them how to do it on the cheap?"

Better idea..

[t_allardyce]

Perhaps we should just all (i mean everyone) start using encryption everywhere and make the whole thing pointless just so they give up..

Re:Better idea..

[gl4ss]

correction, encryption is ESSENTIAL if you can't trust the phone company.

Re:Better idea..

[grasshoppa]

And how, exactly, do you prevent people from using encryption?

Hell, there are many ways to even HIDE the fact that encryption is being used. Imagine that on a grander scale ( music streams with hidden conversations, perhaps? ).

No. Guns are physical objects, and in regards to "gangsta"s ( Thurstan Howle III accent please, pinky up ), should rightfully only be sold to adults ( ie: "grownups" ). Encryption is a whole different kettle of fish.

Re:Better idea..

[Billy69]

Maybe that is the point. If, as a lot of people here suggest, VoIP ends up being encrypted at source, then the security/intelligence services might already know they can't decrypt it. The best way to avoid the associated work is to make a big fuss about it, asking for more money, setting lots of (international) press coverage, then the terrorists stop using VoIP (which might be a very valuable tool to them) because they know it is being targeted. Quite a simple plan really.

Re:Better idea..

[arivanov]

And that is just one of the reasons I have banned it as a network admin and will not use it.

In fact, if the letter of law is followed strictly it is already illegal in the UK (quite likely in other countries as well). UK laws mandate that you must be capable of supplying keys for any of your encrypted communications so that police can retroactively decrypt anything encrypted by you. It is called the RIP act. Thanks god, it does not yet have approved guidelines for enforcement as the initial proposal got shot down in flames because it was allowing even the post offices and local counsils to issue requests for keys... Bless his Blunketness for the jolly good idea...

Skype session keys generation and key exchange mechanisms are not documented. In fact they are not publically available so the actual security is a big unknown. Anyway, if the police asks you for the keys you can only say Ugh... and swallow the corresponding 2 year jail sentence. So they are entitled to jail you for using it already at least in one EU country.

Who do you think ultimately pays for it anyway?

Users of VOIP are taxpayers. At least this can be considered a use tax. If a citizen never uses VOIP should they pay for your wiretap? Just a thought.

I forgot...

[ALeavitt]

When did it become the duty of a government to spy on its own citizens and force them to pay for the privelege of being spied on?

Re:I forgot...

[ratamacue]

When government discovered it could make a profit off it. Whether the project is a "success" or not is irrelevant; they will still make a buck on the adminstration costs. The more it costs to implement this tracking system, the bigger the benefit to those in power.

Remember the simple business model of government: You confiscate wealth from some people, you distribute some of it to special interests (either directly or in the form of some public service), and you keep a cut for yourself.

Everything government does and could possibly do follows that simple business model. With that, it's pretty obvious why beaurocrats are so eager to spend tax money, even when it's an obvious waste -- they will profit either way.

Re:I forgot...

[ratamacue]

These same points could be applied to the leaders of business, education, religion and public service groups.

The fundamental difference is that government holds the "right" to initiate force as a means to an end, while private individuals and groups (including business) do not. Interaction through force is what defines government; interaction through voluntary association is what defines private organizations. (Any private individual or group which initiates force without the backing of government is criminal.)

It doesn't matter what type of government you're talking about, or what era. The one thing that seperates government from private groups, and always will, is the ability to initiate force as a means to an end.

remember--only applies to commercial apps

[bodrell]

Any person who rolls their own VOIP can avoid being wiretapped at all. If I were a criminal who wanted to not be detected, I sure as hell wouldn't do my illicit communications over a regular phone, anyway. Much easier to just encrypt text and send it through insecure email. Even if the email is intercepted, who cares?

Public/private keys are great and all, but for organized crime it would work just as well to use a symmetric cipher and just share the keys. If the criminals are all working together, it shouldn't matter if they all know the key.

Anyway, it always rubs me the wrong way when the feds demand to have backdoor access to spy on us. It's bad enough they have the right to tap a phone at all, but now they're trying to make sure that ability is built into the software? No thanks--I'll use an offshore VOIP provider who doesn't have those nasty requirements.

my own service

[mrpuffypants]

What prevents me from writing my own VOIP software and using that? Will it need to be wiretap-emabled as well? What if I use SSH or PGP to secure and authenticate the connections?

Does the government really think that the terrorists are going to sign up for Vonage and not use Skype or their own small app?

VOIP Business Plan?

[Skjellifetti]

I've never understood how the VOIP cos. expect to survive long-term. VOIP is just another TCP/IP protocol like ftp or smtp. The only reason a VOIP connection requires a third party provider is because most of the phone network is still POTS and so VOIP cos are essentially brokers between the POTS and the internet. But eventually, most calls will be peer-to-peer across the internet just like most other IP protocols and there will be no need for VOIP cos.

This makes the whole wiretap thing moot. The VOIP cos. won't survive anyway, so who cares if they die a little earlier because of some silly wiretap requirements?

Re:VOIP Business Plan?

[Jeff+DeMaagd]

If your internet connection goes down, how do you make calls, namely, for 911?

The Internet connections most people have just aren't as reliable as electricity and POTS. It's not uncommon for ISPs to have planned downtime for a few hours every other month or so, but I personally haven't had a down POTS line in years.

Re:VOIP Business Plan?

[Frank+T.+Lofaro+Jr.]

The public switched telephone network will never die.

Packet based systems are too unreliable. You need to be able to reach 911, etc reliably, lives depend on it. How many times packets just get dropped? "Connection timed out" errors, etc? Much more than phone system failures. And with circuit swtiching, you know immediately and with certainty if the next link is up, and can provide feedback right away that the lines are down, allowing immediate rerouting (at best) or giving a notice to the user, such as a fast busy signal (at worst). With IP, you just have to wait for a timeout and then report it down, and it might have just been really overloaded.

Also, dropped packets in an open conversation will cause severe artifacts in the audio. With circuit switching, once the circuit is up, it is up, unless some equipment or lines fail. No loss in quality due to dropped packets, or because your path over the net speed dropped from 64 kbps to 24 kbps due to congestion, and now YOU sound like you have (nasal) congestion to the other end because there isn't enough bandwidth to make the audio sound right.

And if an IP link fails, it takes a while to know. Did the other person go silent, is the line dead, just congested, what? With circuit switching, you can tell immediately.

IP is not the way for telephony.

As long as there is a public telephone network, there will need to be interconnects between it and the Internet.

What about your federal taxes?

[n()_cHIEFz]

which is to say, the consumer of VOIP will foot the bill for allowing the government to listen in on our phone calls.

Ummm, the consumer is going to have to foot the bill one way or another. If the Federal government chips in to pay for it, it's going to come from some form of tax, otherwise it's just going to be a higer bill from your VoIP provider.

What would the Founding Fathers think?

Does it ever occur to anyone to wonder what the reaction of the founding fathers would have been to all this crap?

"Hey, how about we

(1) make sure the government can listen to folks' private conversations, and make 'em pay for the privelige?

(2) restrict political protest to 'free speech zones' where no-one can hear it?

(3) have armed government agents at all ports?

(4) make everyone carry ID documents if they want to travel, and arrange it so we can secretly scan them without the citizen even knowing?

(5) refuse to let someone travel if their name resembles the name of someone we have declared an enemy?

(6) etc etc etc"

Bottom line: do you think the framers would have

(a) enshrined the government's right to do this crap in the constitution, or

(b) enshrined the People's right not to suffer this crap in the constitution?

It baffles me why Americans are not rioting in the streets.

Outdated thinking

[Sanity]

This is yet another example of outdated "tail wagging the dog" thinking. Government regulation of the communication infrastructure is no-longer necessary, and the government is going to have to accept this fact.

How are they going to force non-US VoIP companies to comply with this requirement? It isn't like there aren't already a variety of ways to communicate in a manner that thwarts government snooping, the fact that the old phone system made this relatively easy is no reason to cripple modern communication mechanisms.

The Europeans are laughing all the way to the bank

[danharan]

With allies like Congress, who needs competition?

Put in idiotic, technically dubious and extremely expensive regulations, and watch as start-ups flounder. Meanwhile, watch foreign corporations refine their (simpler) systems and develop low-cost ways to deliver their service.

The US now has a choice to make: paranoia or progress.

Re:Cost of civilization

[e2ka]

I for one, say let's trust the people that we have put in positions of power (for the most part), and let them decide when to use this power.

Which people? You mean the CIA/FBI? Did you vote to give them this power? Did you vote to elect the people who have access to this power? Did you even vote for the person that hired those people?

The beuracracy is thick. Who is in control? I certainly don't feel like I am.

Re:Cost of civilization

[AKnightCowboy]

However, these means are the primary ways of detecting terrorist chatter. If an attack were to happen on US soil for which the planning occurred over VOIP lines, or email, or normal phone lines, and the CIA couldn't prevent it because they couldn't tap lines, then we would all be up in arms.

Instead of trying to detect attacks, how about eliminating the reasons the terrorists have for attacking us in the first place? Everybody has a reason for doing something... find out what their reason is and eliminate it. I imagine their reason has nothing to do with being really evil and wanting to eliminate freedom, so don't even throw that one in the ring. Nobody is really evil, just greedy and motivated by their own self-interests.

Re:Ditch the phone

[Hansu]

they have a reason to bug the phonelines, it's called security. They use it to catch criminals

You misspelled 'invasion of privacy'. I always thought 'innocent until proven guilty' was somewhat dominant idea of US justice system. Obviously I was wrong.
If you actually justify spying of people by the fact that some of them are (or may be) criminals you are stating, that all of them are guilty of a crime, until proven innocent.

Doesn't "hobble" progress

[CurMo]

I was a software engineer on Nortel Network's VoIP "succession" line of products, and I can attest that wiretapping ability is something that was required for us to add.

The issue is with conversations now being transmitted in packets as opposed to analog signals, its impossible to tap the wire conventionally. The only place you could do that is from where the signal is converted back to POTS (plain old telephone service) to the house. Which, in a perfect VoIP world, isn't going to even be an option as people are using things like cable modems as their VoIP gateways (so its digital all the way from the house).

However, I don't think this "feature" hobbled our progress. It was just another feature in an extremely long list of features that were necessary. I don't think it took the engineer more than a week to implement, but possibly its more difficult in different architectures? (A key to Nortels architecture was being able to seemlessly integrate with POTS service, so digital->analog conversion was basically a built-in).

Now, whether I agree with the "feature" or not is a different story, but I won't go into that....

*sigh*

[FireFury03]

*sigh* no it won't kill VoIP because:

• Believe it or not, the whole world doesn't hinge on the US - it may stop development by companies in the US but it won't stop the rest of the world. Once the rest of the world have VoIP the US will _have_ to catch up or be left out in the cold
• The _only_ time you need to go via a 3rd-party VoIP provider is when you're gatewaying to the PSTN. Calls made purely over the internet don't need to go via "VoIP providers", they can be made as end-to-end calls in the same way as you SSH into a machine. You don't even need to pay a provider to route your VoIP calls since the ENUM system lets you translate normal PSTN numbers into VoIP URIs. So unless you're gatewaying to the PSTN I don't see how these laws are enforcable - you can't regulate end users like that. And if your call is ending up on the PSTN it's tappable there anyway.
  
• IMHO eventually (hopefully sooner rather than later) the PSTN will die out in favor or a purely VoIP system. We will nolonger have those hard to remember phone numbers, it will all be tied in with DNS the same as the rest of the internet, so we won't even need PSTN to URI translation systems. i.e. at the moment you can phone IAX2/pabx.nexusuk.org/slashdot and you will get through to the speaking clock running on my VoIP server.

So basically what I'm saying is that VoIP wiretapping regulations seem to be pointless. They can't prevent individuals from encrypting their own traffic when making direct connections to eachother anymore than they can prevent people from using SSH or HTTPS. And the only time 3rd party VoIP providers (who can be regulated) are even needed is when gatewaying to the PSTN, which can be tapped anyway.

Re:take what the government claims with several...

[Zeinfeld]

the same government that claimed a truck full of fertiliser blew up the murragh building in OKC when you can see from the debris field most of the building was blown outwards from the inside, the same government that halted the afghan war and flew out upwards of 6,000 taliban, then resumed the war, same government that claimed the abuses in iraqi prisons were just a few low level grunts, same government that claimed that a helium truck for weather balloons was a mobile bioweapons lab,

Nope, it was not the same government. The OKC bombing was during the Clinton Administration, the Afghan and Iraq wars took place under Bush.

As for the OKC bombing, the debris field looked exactly the way you would expect it to when you place a very, very large truck full of explosives in front of a building. There was a large roughly circular hole in the building with the plack McVeigh's truck was parked at dead center. The far wall stood up to the blast so you would expect the shock wave to bounce off the wall and push debris back out again.

Bush lied about the weather balloons sure, or to be strictly accurate he got Powell to lie for him, just like he has these swift boat perjurers to lie for him. We know what sort of character the man has, he smeared McCain, he smeared McClellan, he is smearing Kerry. But the truth of one conspiracy theory does not make all conspiracy theories true.

As to the phone taps, I have always assumed the government taps, opens mail, plants evidence, hides real evidence, etc, as much as they want to, and warrants and laws be damned.

Which is why procedures to make cryptographic assurance of data integrity are so important. Why do you think that PKI companies are involved in placing the taps? It is so that there a cast iron chain of evidence is possible.

Its bad when O.J. gets away with murdering his wife and a waiter. It is worse when people go to jail for the rest of their life or are executed for crimes they never committed. Having assurance that the evidence is sound is a good thing.

As far as terrorism goes, that is not the main area where wiretaps are useful, never has been. Several terrorist groups have come to grief when they used faulty codes. But even the best transport encryption does not conceal the most useful information - traffic analysis. Knowing who Mohamed Atta called in the six months prior to 9/11 was very useful.

What Al Qaeda are doing today is using pay as you go chips in cheap mobile phones. They discard these regularly, but not regularly enough. The whole 9/11 plot was done using a bizare mixture of sophistication and sloppiness. If as Clarke had urged W had put the country on full terrorism alert instead of going on vacation to cut brush there was a good chance of being lucky.

That is why Al Qaeda have been so quiet of late. They never did have many people and they lost a significant number in the 9/11 attack. They have also had defections after Bin Laden was heard joking about how some of the hijackers did not know it was a suicide mission.