Slashdot Mirror
VoIP Wiretapping
pisqon writes "VoIP News has an article discussing a U.S. government decision that will extend wiretapping regulations to the Internet. From the article: 'The Federal Communications Commission voted 5-0 last week to prohibit businesses from offering broadband or Internet phone service unless they provide police with backdoors for wiretapping access. Formal regulations are expected by early next year.'" Update: 03/28 04:52 GMT by Z : As several readers have pointed out, this story is a mite out of date. Good conversation in the comments, though.
At least we can all rest safely knowing that there's no way "bad guys" could utilize the same provisions to listen in on personal conversations over IP!
I can understand requiring backdoors to VoIP telephones, but to the internet and instant messaging clients too? Pretty soon good old fasioned postal service will be the only way to truly privately communicate. They can't open personal letters, can they?
What about netmeeting and other such protocols for voice/video over IP? would these be affected by these new laws?
Seems that the real savvy shady types would run their own VOIP in lieu of commercial services - unless you could encrypt between the end users, somewhat difficult given a commercial POTS/VoIP bridge. Anyone who knows what they're talking about want to sound off on this?
Encryption is a very important part of VoIP - without it, anyone on the network could rather easily sniff the conversations. I am guessing whatever access is wanted here includes the keys to decrypt the conversations.
Personally, I don't have a problem with the security thing. It's just for the police, and I personally don't have anything to hide from them. If it makes our country safer, sure, but the bulleted list in the article is a bunch of good points. Some of which I highlight below: Your request to the FCC said that broadband and VoIP companies may raise prices to "recover their CALEA implementation costs from their customers." How do you square higher prices with President Bush's speech in March calling for "affordable broadband" for all Americans? Congress gave telephone companies $500 million to buy new equipment to comply with CALEA. Why should Internet companies not receive the same treatment? Is it because Verizon, SBC and the other former Bells have well-connected lobbying outposts in Washington, D.C.--but Vonage, 8x8 and other VoIP start-ups do not? Don't get me wrong, I'd prefer a secure form of encryption, and I'd want to be sure that only the authorities have such access (like via the ISP directly?), but I'm not opposed to wiretaps, I'm just looking for equity and consistency.
See, that doesn't make sense.
A criminal needing to communicate privately can do it a number of ways.. being encrypted email.. encrypted IM..
How can wiretaps even be remotely useful anymore? Unless you catch someone who is being stupid and talking on a potentially insecure phone line about something he shouldn't have done..
there are so many other ways that are much safer, doesn't make sense
Excuse me, I don't mean to impose, but I am the ocean
Surprisingly, a lot of criminals get caught that way. It's a pretty big hassle to make sure that everything is 100% encrypted, secure, etc. Most of them slip up once, and then it's all over.
as soon as the VOIP software offers encrpytion plugins on both side of the line, wiretapping is just as feasable as reading encrypted email or viewing ssh-terminal sessions...
this won't work... the most likely thing that will happen is that the service providers will leave the country. Or worse, that companies outside will be more competitive and push local companies out of the market.
What's to prevent a company in India from making this software for willing costumers to use?
______________________________________________
sigamajig...
keep that finger in that leaking dyke, we wouldnt want all the water to rush out
ever think the "bad guys" are the people listening not the people talking ? whatever USA can tap all they like the bad guys will just use any number of public encryption methods to talk, you would think the gov would realize this, but "intelligence" isn't something they seem to be blessed with
But maybe there is more to it?
Congress gave telephone companies $500 million to buy new equipment to comply with CALEA. Why should Internet companies not receive the same treatment? Is it because Verizon, SBC and the other former Bells have well-connected lobbying outposts in Washington, D.C.--but Vonage, 8x8 and other VoIP start-ups do not?
According to the article, congress gave telcom companies $500,000,000 to enforce the laws they passed? Why doesn't the government give me money to enforce their pollution laws, so I can get my car fixed up. Instead I have to pay to comply with the law.
People must be aware they are giving something up here. They are giving away freedom. What if some day comes, when a David Duke wins the white house? Congress is filled with people who vote along lobbyist lines. And we end up with laws that remove our consitutional rights- like having police wiretap without a warrent or snoop around the library to see what we are reading. What if they take away our 2nd amendment rights, first by requiring registration, than banning assult style wepons, then slowly, state by state, taking away wepons you already own. What if the states decide to put up a camera on every street corner.... then one day in your house.
The point is the founding fathers did not add the Bill or Rights because it sounded like a nice set of rights. They added those Rights so the people could fight an overbearing government if the need ever came. What if England had decided the colony could not have any guns, and decided that neighbors must report what other neighbors say. We would not be a country today, we would be English. The founding fathers gave people certain Rights to make sure we stay free.
Those that give away those Rights are comminting suicide for the rest of us. They are chaining us all. Rossoue was right "Man is born free, yet everywhere he is in chains". People, don't give you your rights!
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
*How can wiretaps even be remotely useful anymore? Unless you catch someone who is being stupid and talking on a potentially insecure phone line about something he shouldn't have done..*
a lot of people are stupid, when they're high on drugs they're even more stupid.
anyways, this is not about deciding if wiretaps are useful or not, it's just about deciding that you don't get out of the wiretapping requirement simply because you use this new technique called voip to provide the end line to the user.
does this apply only to voip services that connect to pots?
world was created 5 seconds before this post as it is.
Personally, I don't have a problem with the security thing. It's just for the police, and I personally don't have anything to hide from them.
The USA is not designed to have a transparent citizenship. The USA was designed for government to be transparent. Everything our founding fathers did was designed for maximum personal freedom, maximum personal privacy, and to minimize the chance of government curruption. And over the past 20 years, under republican control, we have lost many rights your grandparents took for granted.
During WWII we locked up anyone who had slanted eyes because they *might* sympathize with the enemy. We tried countless times to kill Casto. We assasinated the head of state of Chili. Lets face it, the USA does not have a good history when it comes to human rights. Whenever someone with money thinks someone without money is a threat, the powers that be make life a living hell on everyone.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
"At least we can all rest safely knowing that there's no way "bad guys" could utilize the same provisions to listen in on personal conversations over IP!"
On both analog lines, as well as "digital" people have been able to scramble their communications. Failure to do so resides with the clients, not the middle. As P2P has taught us, the honor system doesn't work.
One could always use two VOIP providers. Call on one, have the other party call back on a second VOIP, and run two simultaneous half-duplex conversations. VOIP 1 would handle voice from A to B and VOIP 2 would handle B to A. Unless the wire tap is on the ISP (and the feds can merge the two separate streams) they would only get to listen to half the conversation.
Two wrongs don't make a right, but three lefts do.
Well yes, that is mean... But it's somewhat less mean than murder and embezzlement...
But the point stands that this will only catch small-timers that aren't smart enough to set up encrypted communications.
Anyone who thinks that big organized crime doesn't have their own IT guys who know this stuff forwards and backwards, and set up secure communications and encrypted storage for their bosses is a fool.
N.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
...is that when white-hat cops get legal court orders for good VOIP wiretaps, smart "bad guys" will be using the phone to chat about the weather, and using encrypted P2P messaging to do their real communication.
Time and resources will go into collecting and analysing the recorded voice conversations, which will be wasted, and oftentimes nobody will be bothered to think of other ways wiretap targets may be communicating.
LE needs to face up to the fact that their job is going to get harder, and there's just nothing they can do about it. Either they'll have to intercept communications by other-than-remote means (i.e. break into someone's house and install a bug), or socially engineer around crypto, or just somehow gather evidence about crimes by means completely different than intercepting communication.
It's a shame. There are probably legitimate uses for wiretapping, where it can be used to obtain information about actual crimes. But so much goodwill has been squandered (e.g. the drug war, etc) that I doubt many people will care about the loss of this tool. The terrorist angle probably helps a little, but people are getting pretty jaded about that too.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I think the real problem with this battle is that there is no battle. We are fighting ourselves.
Accepting the idea that the government is somehow a separate population from the people is what starts making that idea truth. WE ARE THE GOVERNMENT.
I am not afraid of the people who make and enforce the laws because I know that there are more of us than them, and there always will be. I trust society will do what's in it's own best interests to ensure justice is met. I realize that I might have to face injustice during the interim. But I'm not going to change what I do, or do it more secretly under the shroud of codes and encryption.
Open communications are the key to an open and free society. If you want society to be closed and secretive, then by all means, encrypt your illegal activities.
The real freedom fighters are out there in the open, are not afraid to do things that they know are illegal because they know that what they are doing is morally right, and damn the law. They know that if they get arrested or something, 4 more people will fill their place.
I don't give a damn about government bureaucrats getting their jollies listening to my conversations. Go right ahead. But if they try to take my freedom away, the fight will be public because people will miss me. If you're living in the shadows, shrouded in codes and secrecy, no one will miss you when you one day disappear.
Cool! Amazing Toys.
How can wiretaps even be remotely useful anymore? Unless you catch someone who is being stupid and talking on a potentially insecure phone line about something he shouldn't have done..
:P
As far as VOIP goes, it's very significant that it allows you to cross the line between the internet and the telephone network and breaks the government tracking of that relatively closed system on a global scale. The internet isn't just implemented in a fashion that is open and relatively uncontrolled, it is also destroying the existing control of another network by interfacing with it. Would you really not expect a response from the governments who have benefited from that control?
Outside the VOIP thing, even if you can't crack into someones communications, I can think of lots of benefits in being able to monitor their lines if you're trying to investigate them. Unless they're flooding their channel with a constant encrypted data stream to you can track the timing of their communications. You can track where the communications are being relayed from and to. And you can track what they communicate anytime they access systems that are outside the closed system they would presumably be using for their communications.
I'd suggest you stay away from a life of crime... you don't seem to have a very good understanding of the dangers involved
-1 Uncomfortable Truth
backdoor installation option:
check [ ] to install the FBI backdoor,
check [ ] to install the EU backdoor,
check [ ] to install the Mossad backdoor,
check [ ] to install the Osama backdoor, or
check [ ] to install self compiled open source VoiP software without backdoors.
Privacy is terrorism.
Unfortunately, those really are irrelevant, being that they're rarely the type of criminal that authorities ever bother getting a wiretap warrant on.
On an install of Mepis some months ago, I found skype installed and set up. I believed then as I do now that if the Mepis developer or developers were getting any commission or compensation for providing a fully working skype setup by default, then it was a good thing as distro developers need all the support they can get. But some time last year when skype was hitting
One of the problems I continually run into in trusting skype is that the source code is not open. Skype hit upon a winner, and good for them. I'm not expecting them to make source code available so competitors can copy them and then compete. Or so end users may get some advantage by getting the source.
But when it comes to encryption, encryption products or services live or die by peer review. Other products have been shown to be faulty and insecure after peer review by professionals in the encryption field finding faults in the design or implementation or both. With skype, the only way to verify that their design and implementation of encryption is secure is by permitting other professionals in the encryption field to peer review the design and implementation. This would require their viewing of some or all of the source code for the client or end user app. Otherwise, at no point in time should anyone consider using skype for even normal conversations, since most people include financial or banking details, or other sensitive information while conducting personal telephone calls due to the more likely requirement for physical presence requirements for a telephone tap.
One of the downsides of telecoms jumping in on the voip bandwagon is that eventually enough people will be using non-secure voip that a threshold will be reached where the courts decide that no one should have a reasonable expectation of privacy during any call, and thus lowering the bar to the level of cordless phones and permissible interception and recording of such calls.
Skype may have a great service. From what I've read in the recent past about the number of new downloads of the client, Skype has a really great service. But one shouldn't expect any privacy at all, or that Skype can substitute for a land line phone in terms of permissible intercepting (and presence requirements for land lines) unless Skype opens up at least the encryption portion and someone like Zimmerman and others peer review the service and then announce that there is no reason for concern
I look forward to the time that we have end-to-end encryption just like we have (so far) end to end encryption with SSH, SSL, and similar technologies. I also look forward to seeing a report on Skype by Zimmerman and other peer reviewers. Until then, "trust us" is not enough for me, although Skype may be the service that escapes regulation and paves the way for future secure conversations. And if that happens, thanks Skype.
If there is a backdoor in VOIP, what is to stop vonage employees from listening in and recording conversations for their own shits and giggles?
How long before some 14 year old genius hacker discovers the VOIP backdoors and exploits and records converstations and posts them on the net to make a point?
There is a reason why network security exists... Its not perfect... but without it... we're in a world of shit.
And now our government wants us to install backdoors in everthing we use on the net? So much for security.
This decision is irrelevant to SkypeOut. Those calls can be tapped once they hit the PSTN.
i forget
When every advance in technology carries a government-imposed requirement that the police must not be hampered in any way, that is what you call a police state. The police - law enforcement agencies - have enough power already to do their jobs effectively.
Privacy is not the diametric to freedom, it is a freedom.
Privacy is the freedom to control access to information about yourself and your behavior from those who you would rather not know it because it is embarrassing, incriminating, or simply against your wishes.
Freedom is not synonymous with an open society either, in fact an fully open society is the least free (libre) arrangement of human interaction because there isn't any haven from the will of others to impose themselves or their ideas upon you. No thought may go unchecked by the group, no dream unconfirmed to the mores of the society at large.
You cleave to the idea that there is the 'truly moral' while simultaneously evoking that the 'government is us', which I find a little silly.
If the government is in fact 'us', then the tyranny of the mass is reason enough to demand and safeguard our privacy, and insist on something less than an fully open society.
If there is a 'truly moral' way of living, then there cannot be a government of the people, for the people, and by the people because it would imply either that this moral truth is known by people, thereby rendering moot the need for government at all, or that in the absence of this knowledge personally, the collective acts of a nation can be somehow conformed to a superior standard of conduct, which betrays the notion that the people are self-governing, since they do not possess the knowledge of the moral truth themselves and are instead being governed by the ideology that is external to them.
It is a logical fallacy that we are somehow "safe" from a sub-set of the population that is opposed to a particular behavior or belief and is empowered to act with authority to eliminate that behavior.
There is an enormous difference between what is moral and what is legal. Legality is the thing of government and of power. Morality is the thing of humanity and of ethics.
What is criminal today can overnight become legal, and vice versa, simply by the caprice of a majority of 538 human beings in the District of Columbia. That isn't a complaint, it is a fact. To live under the illusion that you aren't potentially a target of someone's bias, prejudice, or ideological action is really pretty foolish.
I'm sure that few people in the Arab-American or American-Islamic communities realized they would become the enemy, subject to seizure, torture, imprisonment without charge, and social stigma simply for the way the looked, who they spent time with, the books they read, or the location of their religious centers on September 10th 2001. They likely felt just as most Japanese-Americans did on December 6th 1941.
Just because what you do is "what everyone is doing" doesn't make it morally OK. It makes it popular. It was popular to ignore the Nazi rise to power and the lynchings in the deep south and the Inquisition, too. None of those are considered morally OK. Morality, when viewed through the lens of history, generally is the opposition to power being abused, not the tacit acquiescence to brutality.
Living a life shrouded in secrecy isn't an un-free life if you are doing it because you choose not to share the intimate details of your life, not because you have to. Living a life under surveillance and scrutiny by anonymous actors who believe they are above reproach and constantly on the lookout for any small breech of one of a myriad of civil and criminal laws that no one can abide by is not freedom. When everything is a crime and the enforcers pick and choose to whom and when the law will apply, that is not government by the people. When you think that what you are doing is truly morally OK, and that the government will never think you aren't, you are living a life that is not free.
Modern telephony equipment already has easy ways for those who run the equipment to snoop. The only thing that stops them are wiretapping laws (thought there are execeptions for testing and maintainence purposes).
http://www.washingtontimes.com/national/20050322-1 10506-1261r.htm
it appears that these are the criminals we should be chasing. I think the public should wire tap congress and these idiots who make up these stupid laws. My prediction - There will be a mass exodus of ex- patriots that leave this country for greener pastures if this NON-SENSE doesn't end. Since your average freedom lover is clearly losing rights. For all you people who justify this, all I can say is your part of the problem.
I disagree. It's a bit tougher to regulate endpoints when they can be anywhere in the world. It's a huge problem because assumed solutions like this one would not work well at all. Any amount of encryption would prevent real-time surveillance by a third party. Just think about the amount of computing power that must be used to decrypt voice packets with 128-bit encryption schemes or above. It's ridiculous and not even worth it due to the amount of time it would take.
If I install encryption in Asterisk in my home, and get VoIP dialtone from, say, iConnectHere, am *I* required to give the keys to a backdoor to the FBI? If I resell encrypted VoIP dialtone from my Asterisk server to Americans with VoIP terminals, am I then required to open the backdoor? If I run my server offshore, how can they stop me? Won't this regulation have the effect of any national anticrypto law: driving the crypto out of the jurisdiction, but not its effects?
--
make install -not war
We need secure VoIP!
SIP telephony is similar to HTTP. It's ordinarily unencrypted. But it can be tunnelled through any secure connection. Since there are open-source SIP clients in existence, it ought to be trivial to create a secure SIP using openSSL or some other cryptography library. It also ought to be possible to create a similar secure version of the IAX protocol {Inter-Asterisk eXchange} for when you have hardware SIP phones: use SIP from phone to PC running Asterisk, and S-IAX to the next link in the chain.
Depending upon the protocol, you would either use permanent public and private key pairs per person, or temporary session keys. Exchange of used session keys would give plausible deniability {since nobody can prove your correspondent didn't have the encrypting key when you sent them the message; so it might be total bollocks that they made up for reasons that don't concern you}.
Besides getting around Big Brother and the surveillance state, this sort of thing will also be useful in jurisdictions where governments are trying to ban VOIP altogether.
Je fume. Tu fumes. Nous fûmes!