Slashdot Mirror
VoIP Wiretapping
pisqon writes "VoIP News has an article discussing a U.S. government decision that will extend wiretapping regulations to the Internet. From the article: 'The Federal Communications Commission voted 5-0 last week to prohibit businesses from offering broadband or Internet phone service unless they provide police with backdoors for wiretapping access. Formal regulations are expected by early next year.'" Update: 03/28 04:52 GMT by Z : As several readers have pointed out, this story is a mite out of date. Good conversation in the comments, though.
As long as wireteps for VOIP phones fall under the regulations for wiretaps on normal phones, I don't see any reason that it shouldn't be allowed. Otherwise VIOP will be seen as a haven for criminals trying to circumvent weiretaps instead of a legitimate technology
Don't you hate pants?
Being that VoIP originates from the callers machine digitally, it would be easy to add encryption to the transmission. Please comment, do any current VoIP services clients or other free/open-source clients already offer this feature?
Excuse me, I don't mean to impose, but I am the ocean
At least we can all rest safely knowing that there's no way "bad guys" could utilize the same provisions to listen in on personal conversations over IP!
I can understand requiring backdoors to VoIP telephones, but to the internet and instant messaging clients too? Pretty soon good old fasioned postal service will be the only way to truly privately communicate. They can't open personal letters, can they?
What about netmeeting and other such protocols for voice/video over IP? would these be affected by these new laws?
Remember the "can't export crypto technology" era?
Those who did their crypto development outside USA
were exempt from the restriction (mostly), ie,
since they wouldn't have to export code in an
electronic form.
Perhaps software-only VoIP systems like Skype
will be exempt from the FCC's "must provide a
backdoor" ruling.
Has Skype made any statement on its position?
Personally, I don't have a problem with the security thing. It's just for the police, and I personally don't have anything to hide from them. If it makes our country safer, sure, but the bulleted list in the article is a bunch of good points. Some of which I highlight below: Your request to the FCC said that broadband and VoIP companies may raise prices to "recover their CALEA implementation costs from their customers." How do you square higher prices with President Bush's speech in March calling for "affordable broadband" for all Americans? Congress gave telephone companies $500 million to buy new equipment to comply with CALEA. Why should Internet companies not receive the same treatment? Is it because Verizon, SBC and the other former Bells have well-connected lobbying outposts in Washington, D.C.--but Vonage, 8x8 and other VoIP start-ups do not? Don't get me wrong, I'd prefer a secure form of encryption, and I'd want to be sure that only the authorities have such access (like via the ISP directly?), but I'm not opposed to wiretaps, I'm just looking for equity and consistency.
Date: August 9, 2004
Why is this "news"?
http://fudge.org
The difference between VOIP and regular telephones is that with VOIP its not too difficult to add a layer of encryption transparantly, which would easily foil any wiretapping.
Just encrypt the audio in whatever software you use...
That way, just like PGP or S/MIME encrypted email, they'll be able to see who you called and at what time, but not what you said.
Perhaps now is the time to make sure VoIP offerings can be easily encrypted - before they are taken up by the masses. If high grade opportunistic encryption was available it might jsut be used, whereas to trya nd introduce it retrospectively... well we all know how successful that has been with email.
as soon as the VOIP software offers encrpytion plugins on both side of the line, wiretapping is just as feasable as reading encrypted email or viewing ssh-terminal sessions...
this won't work... the most likely thing that will happen is that the service providers will leave the country. Or worse, that companies outside will be more competitive and push local companies out of the market.
What's to prevent a company in India from making this software for willing costumers to use?
______________________________________________
sigamajig...
Does this mean that protocols supporting (or requiring) strong encryption are basically forbidden by that, since there's no way they could be wiretapped?
Mandatory backdoors in software... Looks like I will be buying some Microsoft stock.
keep that finger in that leaking dyke, we wouldnt want all the water to rush out
ever think the "bad guys" are the people listening not the people talking ? whatever USA can tap all they like the bad guys will just use any number of public encryption methods to talk, you would think the gov would realize this, but "intelligence" isn't something they seem to be blessed with
But maybe there is more to it?
Congress gave telephone companies $500 million to buy new equipment to comply with CALEA. Why should Internet companies not receive the same treatment? Is it because Verizon, SBC and the other former Bells have well-connected lobbying outposts in Washington, D.C.--but Vonage, 8x8 and other VoIP start-ups do not?
According to the article, congress gave telcom companies $500,000,000 to enforce the laws they passed? Why doesn't the government give me money to enforce their pollution laws, so I can get my car fixed up. Instead I have to pay to comply with the law.
People must be aware they are giving something up here. They are giving away freedom. What if some day comes, when a David Duke wins the white house? Congress is filled with people who vote along lobbyist lines. And we end up with laws that remove our consitutional rights- like having police wiretap without a warrent or snoop around the library to see what we are reading. What if they take away our 2nd amendment rights, first by requiring registration, than banning assult style wepons, then slowly, state by state, taking away wepons you already own. What if the states decide to put up a camera on every street corner.... then one day in your house.
The point is the founding fathers did not add the Bill or Rights because it sounded like a nice set of rights. They added those Rights so the people could fight an overbearing government if the need ever came. What if England had decided the colony could not have any guns, and decided that neighbors must report what other neighbors say. We would not be a country today, we would be English. The founding fathers gave people certain Rights to make sure we stay free.
Those that give away those Rights are comminting suicide for the rest of us. They are chaining us all. Rossoue was right "Man is born free, yet everywhere he is in chains". People, don't give you your rights!
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Fuck the police!
Yes, USA... please make the competition for new technologies easier for other countries, while slowing down your own technologists and innovators. That's so smart. But did it work for the T-Rex? /rant
Did I miss something here? John Ashcroft isn't the AG anymore either. Not that this isn't odious, but uhm what's new?
It's already been done... /joking
Get your Unix fortune now!
Personally, I don't have a problem with the security thing. It's just for the police, and I personally don't have anything to hide from them.
The USA is not designed to have a transparent citizenship. The USA was designed for government to be transparent. Everything our founding fathers did was designed for maximum personal freedom, maximum personal privacy, and to minimize the chance of government curruption. And over the past 20 years, under republican control, we have lost many rights your grandparents took for granted.
During WWII we locked up anyone who had slanted eyes because they *might* sympathize with the enemy. We tried countless times to kill Casto. We assasinated the head of state of Chili. Lets face it, the USA does not have a good history when it comes to human rights. Whenever someone with money thinks someone without money is a threat, the powers that be make life a living hell on everyone.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
"At least we can all rest safely knowing that there's no way "bad guys" could utilize the same provisions to listen in on personal conversations over IP!"
On both analog lines, as well as "digital" people have been able to scramble their communications. Failure to do so resides with the clients, not the middle. As P2P has taught us, the honor system doesn't work.
One could always use two VOIP providers. Call on one, have the other party call back on a second VOIP, and run two simultaneous half-duplex conversations. VOIP 1 would handle voice from A to B and VOIP 2 would handle B to A. Unless the wire tap is on the ISP (and the feds can merge the two separate streams) they would only get to listen to half the conversation.
Two wrongs don't make a right, but three lefts do.
And I can't resist it... the only guy to lose his senate seat to a dead guy. What an asshat.
BTW, even though Ashcroft is gone, that does not mean that many people he hired are gone. The people he advanced to leadership positions are now the ones running the show. Think about that. That is how a shadow government forms. Right now Ashcroft is probably in some high level burrocrat's office lighting up a cigarette while influencing world events.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
They can't open personal letters, can they?
Sure they can. A warrant is a temporary suspension of your normal rights, after having proven reasonable suspicion to a court of law. If you're going to quote me the amendment, it is unlawful search and seizure. As long as they go through the proper channels, they can know what toothpaste you use, and how many condoms are left in your bedroom drawer. [Bad geek joke] For anyone here, that means all of them [/joke]
Kjella
Live today, because you never know what tomorrow brings
parent modded troll? wow, someone needs to get a life.
I have a little tip some of you may be forgetting. Modems can connect point to point without a need for an ISP. (just like Fax machines). The encryption part is easy as well. Any other problem after that, as GEEKS you should be able to figure out.
.....NOT to be American........
I don't even feel sorry for you a$$holes. You voted for $hit. Now you can roll in it.
Maybe this will usher in 'security' sales by the bells. How does traditional wiretap law work against VoIP insecurity? I see this as one way the Bell's are going to save some business and VoIP won't wipe out POTS. Leading to a fine balance of VoIP and traditional switched networks. Just a guess, but was my first gut response.
--- Old Time NeXThead
Skype's development team sends a visual response.
I think the real important thing about privacy is feeling you have it. That is, having the freedom to do whatever you want without some secret police force coming to your door and taking you to the gulag.
Open communications are the key to furthering open society (freedom). Closed communications of any kind our the bretheren of closed society. If you're going to do something illegal, take responsibility for your actions and say something. If everyone did that, no one could be arrested because everyone would be arrested.
In my mind, there is no use for secrecy because secrecy is a farce. Secrecy is what people use to exclude others, to hide, etc. I don't understand why people in America get so worked up about hiding stuff and their privacy from the government. The government is us. So rather than doing that illegal thing you like to do in private, share it with the world, find all the other people who do that same illegal thing and celebrate it.
Don't pretend that you are normal and law abiding if you aren't. Then, see how society changes around you to accept your behavior. Society is the sum of all parts, and if you are keeping your embarassing/illegal life under the covers, such things will only become more illegal and unacceptable. You see, it's not the behavior, but the fact that you're sneaking around that makes people not accept your behavior.
If what you are doing is truely morally OK, then a lot of people will be doing it also. And if they aren't already, then they will start doing it. If it's not morally ok, you will go to jail.
It's the grey areas, the fringe, that most of the privacy advocates fight for. I understand. The idea is that freedom walks a razor line and each side is constantly trying to tip it down the slope of the other person. I'm telling you though, if you don't ACT free, the people who are against freedom have already won. If you have to encrypt all of your communications, you have LOST and they have WON. Sure, your shit is secure and no one is reading it. But you are living a life shrouded in secrecy, a life that is not free.
Cool! Amazing Toys.
Though, I just don't like the backdoor being required, it's just creepy. I mean I don't mind if you bug my regular phone because the box is on the outside of the house and it's not my responbility (according the the phone book, depsite the customer acess panel). However, if there's gonna be a backdoor what stops them from adding their own "spyware" which truly spies and gives it back to the feds. I'd rather have them intercept it, I mean sure they can overhear it but at least they not using a mandatory backdoor.
I mean who knows, what if someone finds these backdoors and then starts using it to tap my conversations and then use them to blackmail me If I saying something or grab my credit card number. They exploitive potential of these backdoors in my opinion is enormous. I just don't like it.
But hey, that's they post-9/11 world for ya.
In America, you spam computers In Soviet Russia, computers spam you!
...is that when white-hat cops get legal court orders for good VOIP wiretaps, smart "bad guys" will be using the phone to chat about the weather, and using encrypted P2P messaging to do their real communication.
Time and resources will go into collecting and analysing the recorded voice conversations, which will be wasted, and oftentimes nobody will be bothered to think of other ways wiretap targets may be communicating.
if not VOIP then people will write somethingelse to replace it that is secure. VOIP is shit quality voice over a crappy network, I reject VoIP calls and make people use landlines.
There was an unknown error in the submission.
LE needs to face up to the fact that their job is going to get harder, and there's just nothing they can do about it. Either they'll have to intercept communications by other-than-remote means (i.e. break into someone's house and install a bug), or socially engineer around crypto, or just somehow gather evidence about crimes by means completely different than intercepting communication.
It's a shame. There are probably legitimate uses for wiretapping, where it can be used to obtain information about actual crimes. But so much goodwill has been squandered (e.g. the drug war, etc) that I doubt many people will care about the loss of this tool. The terrorist angle probably helps a little, but people are getting pretty jaded about that too.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
We welcome our new Soviet Cheka/KGB overloards..
I think the real problem with this battle is that there is no battle. We are fighting ourselves.
Accepting the idea that the government is somehow a separate population from the people is what starts making that idea truth. WE ARE THE GOVERNMENT.
I am not afraid of the people who make and enforce the laws because I know that there are more of us than them, and there always will be. I trust society will do what's in it's own best interests to ensure justice is met. I realize that I might have to face injustice during the interim. But I'm not going to change what I do, or do it more secretly under the shroud of codes and encryption.
Open communications are the key to an open and free society. If you want society to be closed and secretive, then by all means, encrypt your illegal activities.
The real freedom fighters are out there in the open, are not afraid to do things that they know are illegal because they know that what they are doing is morally right, and damn the law. They know that if they get arrested or something, 4 more people will fill their place.
I don't give a damn about government bureaucrats getting their jollies listening to my conversations. Go right ahead. But if they try to take my freedom away, the fight will be public because people will miss me. If you're living in the shadows, shrouded in codes and secrecy, no one will miss you when you one day disappear.
Cool! Amazing Toys.
Big question is: although crime benefits from a little discretion, maybe not all criminals are fully aware of security.
So,When is FBI going to send out those letters stating that I must appear at XXX address to get my personal ID number TATTOOED on my forearm?
(It won't hurt,just a little pinch...)
For pure IP telephony, though, the obvious way to wiretap is to tweak the call setup, so instead of the voice channel going from Alice to Bob, there are two voice channels, from Alice-to-KGB and KGB-to-Bob. Even if there's end-to-end encryption on the voice channel (which is sadly lacking in too many implementations), that doesn't stop the wiretap from working, because the KGB is an endpoint and has the key. If you have an adequate public key infrastructure, you can prevent this by authenticating the call setup messages. But if you don't have that, you're toast; in some cases you can use SSH-like "remember the signature key they used last time" protocols, or you can read your Diffie-Hellman authentication message over the phone if you recognize the other person's voice, but for tricks like that, your VOIP software needs to give you visibility into and ideally control over that process.
So regulatable VOIP service providers, who handle the database lookup portion of calls in countries with wiretap-greedy spooks, may be forced to pay extra to develop wiretap-friendly control software. An intermediate step, which the FBI has been all too successfull in getting US regulators to approve, is to get visibility into the call setup process, similar to old-fashioned pen registers, so they at least know who's talking to whom, and can often get that from the telcos without a formal warrant, using some less-stringent process like an administrative subpoena, and often with gag orders forbidding the telco to tell the wiretap victim.
That's a big problem with closed applications such as Skype, by the way - even if they use some good crypto algorithms, which they say they do, you can't tell what they're doing with them, and whether they're leaking authentication information. (Too bad, because they're a non-US provider who might be harder to bully, at least if they build some corporate separation between their software developers and their VOIP-to-Telco service providers, which I'm not sure if they have.)
Asterisk is open-source, which has the advantage that you can see if something like that is built in, and also has the advantage that it's usually operated by end-users, not by service providers. The SIP protocol family is designed to support proxies and indirection which are useful in building services where some bits are managed by one entity and some by another, e.g. PBXs at both ends, a directory service provider or two in the middle, maybe some voicemail providers or conferencing servers or whatever - it's a big step up from the old H.323 protocols, which pretty much required building closed systems.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
backdoor installation option:
check [ ] to install the FBI backdoor,
check [ ] to install the EU backdoor,
check [ ] to install the Mossad backdoor,
check [ ] to install the Osama backdoor, or
check [ ] to install self compiled open source VoiP software without backdoors.
Privacy is terrorism.
You can easily run point to point encryption over a VPN (H.323 and SIP over IPSEC tunnels) to encrypt your VOIP communication. One potential concern, however, is that the computationally intensive nature of IPSec processing could add unacceptable latency to IP voice packets, but if you have decent broadband it most likely would not be a problem.
An alternative would be to use encryption in IAX2, which a man named Mark Spencer is already working on. Running IAX over stunnel would probably be feasible if both sides of a tunnel were machines.
In short: Secure, standards-based Internet telephony is a reality today, ready to be exploited in the next wave of Internet applications.
Theres no way they can do this transparently - the obvious method people think of, man-in-the-middle could easily be thwarted if the two callers just read eachother a portion of their key/hash at the start of the call, try man-in-the-middling that! This is only barely viable on proper VoIP services. Things like skype and open source programs as well as encrypted email and IM arn't going to be touchable by them.
This comment does not represent the views or opinions of the user.
I use Skype quite a bit. How can Skype VIOP be regulated as it's just software? Also, it's encypted as well.
There is only one way to fix this. For our big brother government to ban all fucking VIOP software and applications. That, or a new release must be made with back doors for tapping via your IP address and sniffing the packets.
Life is not for the lazy.
WWJD? JWRTFM!
small extension:
WWJD? IANAD, but I think JWRTFM!
either D for deity, or IANGAM, I leave this up you to guess *h*
is what the gov. is now, not our society. Over time, Americans were allowed to be so, but patriot act removed that. Problem is that patriot act ii gave the gov. the ability to create new hidden laws. Basically, we are operating much the way that USSR used to; they were allowed to spy on their citizens if it was for the common good. (for the nazi type out there, yes, I know that patriot act is an acrinom and should be capitalized).
I prefer the "u" in honour as it seems to be missing these days.
"LE needs to face up to the fact that their job is going to get harder, and there's just nothing they can do about it. Either they'll have to intercept communications by other-than-remote means (i.e. break into someone's house and install a bug), or socially engineer around crypto, or just somehow gather evidence about crimes by means completely different than intercepting communication"
All the above can be abused. There's nothing inherent in them that prevents abuse...just like wiretapping. As far as "face up to the fact"? That's fine, as long as society is willing to accept the consequences of that decision. There's no such thing as a consequence free decision, but a lot of people act as though there is (especially here. e.g. copyright violaters). Or "three strikes, your out".
On an install of Mepis some months ago, I found skype installed and set up. I believed then as I do now that if the Mepis developer or developers were getting any commission or compensation for providing a fully working skype setup by default, then it was a good thing as distro developers need all the support they can get. But some time last year when skype was hitting
One of the problems I continually run into in trusting skype is that the source code is not open. Skype hit upon a winner, and good for them. I'm not expecting them to make source code available so competitors can copy them and then compete. Or so end users may get some advantage by getting the source.
But when it comes to encryption, encryption products or services live or die by peer review. Other products have been shown to be faulty and insecure after peer review by professionals in the encryption field finding faults in the design or implementation or both. With skype, the only way to verify that their design and implementation of encryption is secure is by permitting other professionals in the encryption field to peer review the design and implementation. This would require their viewing of some or all of the source code for the client or end user app. Otherwise, at no point in time should anyone consider using skype for even normal conversations, since most people include financial or banking details, or other sensitive information while conducting personal telephone calls due to the more likely requirement for physical presence requirements for a telephone tap.
One of the downsides of telecoms jumping in on the voip bandwagon is that eventually enough people will be using non-secure voip that a threshold will be reached where the courts decide that no one should have a reasonable expectation of privacy during any call, and thus lowering the bar to the level of cordless phones and permissible interception and recording of such calls.
Skype may have a great service. From what I've read in the recent past about the number of new downloads of the client, Skype has a really great service. But one shouldn't expect any privacy at all, or that Skype can substitute for a land line phone in terms of permissible intercepting (and presence requirements for land lines) unless Skype opens up at least the encryption portion and someone like Zimmerman and others peer review the service and then announce that there is no reason for concern
I look forward to the time that we have end-to-end encryption just like we have (so far) end to end encryption with SSH, SSL, and similar technologies. I also look forward to seeing a report on Skype by Zimmerman and other peer reviewers. Until then, "trust us" is not enough for me, although Skype may be the service that escapes regulation and paves the way for future secure conversations. And if that happens, thanks Skype.
If there is a backdoor in VOIP, what is to stop vonage employees from listening in and recording conversations for their own shits and giggles?
How long before some 14 year old genius hacker discovers the VOIP backdoors and exploits and records converstations and posts them on the net to make a point?
There is a reason why network security exists... Its not perfect... but without it... we're in a world of shit.
And now our government wants us to install backdoors in everthing we use on the net? So much for security.
Available at http://www.speakfreely.org/.
Has encryption built in. Been around since waaay before management-type boofheads through VoIP was cool..
Why is it that that the government always wants a magic back door into any digital communication method ? the crypto horse left the barn ten years ago and has had three generations of kids now. It's a little late.
-- $G
When every advance in technology carries a government-imposed requirement that the police must not be hampered in any way, that is what you call a police state. The police - law enforcement agencies - have enough power already to do their jobs effectively.
That had been a hot topic on http://www.vonage-forum.com/ for a while now
During WWII we locked up anyone who had slanted eyes because they *might* sympathize with the enemy.
Actually only the japanese (still shameful), and for all I know not in all states.
We tried countless times to kill Casto. That's plain silly, if the US gov had really wanted that to happen, it would've happened. Oh, and it's Castro btw.
We assasinated the head of state of Chili.
"Chili" where's that? Is it hot there?
spelling... Israel ...
Lets face it, the USA does not have a good history when it comes to human rights.
That's just plain stupid, there might be reasons for concerns recently but we're stil a nation of free people with a constitution, the seperation of powers and a government of checks and balances. A constitution that has enabled us to dynamically self improve, that has allowed the government to self modify for over 200 years. No other government in the world has that record. The US is an incredibly stable and robust system that also happens to be for, by and of the people.
Whenever someone with money thinks someone without money is a threat, the powers that be make life a living hell on everyone.
this pretty much gives you away as a person that has no real experience in the real world. Full of sloganized BS that's being fed to you. Go out in the real world, get a real job, do some real community, charity, political or even commercial work. You'll see it's not always as black and white as you think it is.
Yes sir folks, get it here now. Encrypt-VOIP! The greatest security measures to prevent eavesdropping of your private conversations! Seamless, works with any VOIP service! Transparent! You never know you're using it! Secure! 256 bit encryption keeps your conversation safe from prying eyes or ears! Random key generation ensures that your conversation is encrypted in a different way each time (not just different keys, but different combinations of encryption algorithms too)! Get yours today! Introductory low price: $19.99 (S&H and applicable taxes not included).
As long as the requirements for getting a tap warrent or whatever are just as strict as they are for PSTN, this isnt a problem.
For the techincal side (given that the providers being targeted under this law all have central servers somewhere one would assume), all they need is to plug a big storage device into their network and set things up to dump the audio stream for the phonecalls they are allowed to tap as it passes through the network (either still compressed with whatever compression the phones use or totally uncompressed). Then, provide whatever piece of software is needed to uncompress and listen to the phone calls and thats all the FBI needs.
Modern telephony equipment already has easy ways for those who run the equipment to snoop. The only thing that stops them are wiretapping laws (thought there are execeptions for testing and maintainence purposes).
Sarcasm aside, I'm glad that we still have the right to own homeland security rifles.
All they have to do is buy sniffer or download one of those ethereal network package and do packet capture on the VOIP. The big problem is that consumer VOIP doesnt use the provider backbones, instead consumer VOIP does an address lookup then use the ISP broadband network to reach the calling party.
The Government's "Genius" Plan:
1. ???
2. Control all of the internet.
3. Profit!
This is perfectly acceptable. There are a lot of bad people in the world, like terrorists, who might use VoIP instead of talking on the normal telephone because of lack of wiretapping. If VoIP provides the same service as the normal telephone, then it stands to reason that it should fall under the same rules.
I disagree. It's a bit tougher to regulate endpoints when they can be anywhere in the world. It's a huge problem because assumed solutions like this one would not work well at all. Any amount of encryption would prevent real-time surveillance by a third party. Just think about the amount of computing power that must be used to decrypt voice packets with 128-bit encryption schemes or above. It's ridiculous and not even worth it due to the amount of time it would take.
With Verizon's lobbying power, do you think VOIP will be 'round long?
I figure, build a better mouse trap, get a better mouse. We'll ALWAYS have secure communications available, even if they're annoying. It would, of course, be appropriate for our government (FCC, TSA, DHS) to STAY THE FUCK OUT OF OUR TECHNOLOGY.
But, what the hell do I know, I'm just a terrorist.
Zhrodague.net - I do projects and stuff too.
So they really think that anyone smart enough to use VoIP for their 'terrorist communications' wouldnt be smart enough to use (encrypted) point-to-point SIP, instead of going thru a commercial VoIP-to-PSTN provider?
Since obviously we can't use Vonage or equivalent privately.
sulli
RTFJ.
Want to read my stuff? Go ahead and crack it - no warrant necessary.
Get the rabbit installed on a machine behind your firewall
==> http://freenet.sourceforge.net/
Faster than freenet
==> http://www.i2p.net/
Encrypt Jabber
==> http://www.vanemery.com/Linux/Jabber/jabberd.html
Onion Routing
==> http://tor.eff.org/
Emerging Network To Reduce Orwellian Potency Yield
==> http://entropy.stop1984.com/
Free Internet telephony
==> http://skype.com/
GNU-ified P2p
==> http://www.gnu.org/software/gnunet/
DO NOT DENY yourself about 2 hours @ InfoAnarchy.org
OMG! ==> http://www.infoanarchy.org/wiki/index.php/Main_Pag e
LearnLearnLearnLearn ==> http://en.wikipedia.org/wiki/Cryptography
=================EMAIL ENCRYPTION===============
GPG (Free PGP)
==> http://gnupg.org/
Integrated with Thunderbird
==> http://enigmail.mozdev.org/
Mutt can't be beat as a mailreader and integrates GPG wonderfully.
==> http://mutt.blackfish.org.uk/
==> http://www.mutt.org/links.html
==> http://wiki.mutt.org/index.cgi?UserPages
!!! Please do not immediately send newly created keys to the keyservers (as many HOWTOs instruct new users to). They are already overflowing with "test keys" and other people's experiments from over the years THAT HAVE NO EXPIRATION and will never be deleted. These keys are "orphans" and most will never be used. As keyservers sync together, and most keys are never deleted once submitted - GET YOUR KEY SETUP CORRECTLY AND HAVE PRACTICE WITH IT BEFORE SENDING IT OFF TO THE KEYSERVERS!!! Otherwise storage requirements will continue to grow and using these in the future will become more difficult FOR ALL. Please, if you are just starting out with PGP or GPG or GnuPG or anything similar (the last two are in fact the same thing) use manual key distribution to begin (ascii armor your public key with
$ gpg --export --armor my@email.address.org
and copy and paste it into an email body or attach it to an email
$ gpg --export --armor my@email.address.org > myPubKey.txt
to gain practice with GPG before uploading your key. This way if you need to create another you won't have uploaded your mistakes. Many choices need to be made and it's worth getting things right before "going public" with your new digital ID. Experiment with yourself and a few different email accounts or with some friends first.)
SET AN EXPIRATION OF 2-5 YEARS OR SO AND MAKE SURE YOU HAVE YOUR PREFERENCES THE WAY YOU LIKE THEM BEFORE SENDING TO A KEYSERVER! Better yet is to HOST YOUR KEY ON YOUR WEBSITE (or try using http://biglumber.com/ instead to host your key and help c
So, which are we again, that good guys or the bad guys?
//Information does not want to be free; it wants to breed.
Great post! I just used my last real mod point earlier today, but I'll give you +2 insightful on the MQR standard.
--MarkusQ
If I install encryption in Asterisk in my home, and get VoIP dialtone from, say, iConnectHere, am *I* required to give the keys to a backdoor to the FBI? If I resell encrypted VoIP dialtone from my Asterisk server to Americans with VoIP terminals, am I then required to open the backdoor? If I run my server offshore, how can they stop me? Won't this regulation have the effect of any national anticrypto law: driving the crypto out of the jurisdiction, but not its effects?
--
make install -not war
I give you another one. Very nice post!
Pspvideo9 is the one for "prove all numbers ar significant.
If what you say, because i am only what i do. We shall see then.
What about a VoIP client/server system that utilized Zimmerman's PGP idea, the public keys would be stoed on a directory server, and data would be encrypted client-side before transmition. I suppose that a plugin could be developed for Skype?
-- There are 10 types of people in the world: Those who understand binary, And those who don't.
We need secure VoIP!
SIP telephony is similar to HTTP. It's ordinarily unencrypted. But it can be tunnelled through any secure connection. Since there are open-source SIP clients in existence, it ought to be trivial to create a secure SIP using openSSL or some other cryptography library. It also ought to be possible to create a similar secure version of the IAX protocol {Inter-Asterisk eXchange} for when you have hardware SIP phones: use SIP from phone to PC running Asterisk, and S-IAX to the next link in the chain.
Depending upon the protocol, you would either use permanent public and private key pairs per person, or temporary session keys. Exchange of used session keys would give plausible deniability {since nobody can prove your correspondent didn't have the encrypting key when you sent them the message; so it might be total bollocks that they made up for reasons that don't concern you}.
Besides getting around Big Brother and the surveillance state, this sort of thing will also be useful in jurisdictions where governments are trying to ban VOIP altogether.
Je fume. Tu fumes. Nous fûmes!
using audio steganography
Ask me about my vow of silence!
You see if you are smart it is just about 100% chance you will NOT be caught.
Most of the time the Criminals are stupid or lazy and they are the ones that are caught. The stupid criminals are the ones we read about. The smart ones are never caught.
I am sure we have all talked about criminal cases with our other geek friends ands come up with over a dozen different ways to do the crime and not be caught.
If there is a backdoor in VOIP, what is to stop vonage employees from listening in and recording conversations for their own shits and giggles?
Boredom.
A long time ago, when cordless phones were beginning to be popular and they all operated at 49MHz, I got a scanner.
After a while, I got sick of listening to the parks department talk about lawn mowers, and the police department talk about donuts. So I nuked that stuff, and programmed it for cordless phones.
And let me tell you that there was nothing more insipid to hear than a phone call between a boy and a girl. The rest of the calls were just as bad: Dinner at 6? You want me to bring home pizza or chicken? Yes, I'd like to drop off the kids tomorrow morning. No, it just started this shimmy-ing in the front-end, but only when... Martha, just like I said, the man at the bank says...
And that's just the purposeful calls. The vast majority of telephone calls are just mindless banter between two equally-mindless nits, with no clear objective or reason.
I listened to a few calls, for a few days, and then never got back to doing it. It wasn't fun. Nobody ever said anything interesting. I went back to playing video games, listening to music, and doing the BBS thing with my (then) copious spare time.
You're too fucking BORING to be worried about privacy.
Kid-proof tablet..
Market demand will drive VoIP encryption.
End-to-end data will be encrypted end-to-end, or at least from the customer computer to the IP/telco interface.
Switching data will be encrypted from the customer end to the switch.
The first will stop pretty much all wiretapping of all actual converstations, provided the call never entered the traditional telephone network.
All other cases will still be breakable by court order, since the VoIP providers will be a party to the encryption and will have the keys.
VoIP or no VoIP, smart bad guys, be they terrorists, drug dealers, or others, will encrypt as much as possible end-to-end. The not so smart ones will still be vulnerable to wiretaps.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
hahahahahaha... i'm sure that is very true :)
But there are other things that you can listen to on the phone. Credit card orders... Social Security numbers, Banking info, buisness info, trade secrets... etc
There is a lot more than just boy girl talk but... heheh funny point and i think its well said.
Nobody with the capability to do so has enough time to bother waiting for a credit card number to be spoken over the phone, unless they're targetting a certain individual.
I'll say it again: Nobody has time for that shit. There's just way too much noise.
If they're just fishing, they'd do better with a part-time job at one of any number of retail establishments which:
a) accepts credit cards or checks
b) lacks security cameras
And they know it.
And if someone is being targeted for fraud or identity theft or whatever, then there's so many other ways to gather goods. Public records, trash, and mailboxes are all such wealthy and available sources of such information and materials that listening to phone calls is rather passe' by comparison.
So. I guess I'm just not very worried, with current technology, about civilian snoopage on my telephone. I'm not uncomfortable relaying anything over it.
And try though I might, I don't know why any law-abiding person would be.
Kid-proof tablet..
...over.