Slashdot Mirror
VoIP Wiretapping
pisqon writes "VoIP News has an article discussing a U.S. government decision that will extend wiretapping regulations to the Internet. From the article: 'The Federal Communications Commission voted 5-0 last week to prohibit businesses from offering broadband or Internet phone service unless they provide police with backdoors for wiretapping access. Formal regulations are expected by early next year.'" Update: 03/28 04:52 GMT by Z : As several readers have pointed out, this story is a mite out of date. Good conversation in the comments, though.
See, that doesn't make sense.
A criminal needing to communicate privately can do it a number of ways.. being encrypted email.. encrypted IM..
How can wiretaps even be remotely useful anymore? Unless you catch someone who is being stupid and talking on a potentially insecure phone line about something he shouldn't have done..
there are so many other ways that are much safer, doesn't make sense
Excuse me, I don't mean to impose, but I am the ocean
Date: August 9, 2004
Why is this "news"?
http://fudge.org
Surprisingly, a lot of criminals get caught that way. It's a pretty big hassle to make sure that everything is 100% encrypted, secure, etc. Most of them slip up once, and then it's all over.
Mandatory backdoors in software... Looks like I will be buying some Microsoft stock.
But maybe there is more to it?
Congress gave telephone companies $500 million to buy new equipment to comply with CALEA. Why should Internet companies not receive the same treatment? Is it because Verizon, SBC and the other former Bells have well-connected lobbying outposts in Washington, D.C.--but Vonage, 8x8 and other VoIP start-ups do not?
According to the article, congress gave telcom companies $500,000,000 to enforce the laws they passed? Why doesn't the government give me money to enforce their pollution laws, so I can get my car fixed up. Instead I have to pay to comply with the law.
People must be aware they are giving something up here. They are giving away freedom. What if some day comes, when a David Duke wins the white house? Congress is filled with people who vote along lobbyist lines. And we end up with laws that remove our consitutional rights- like having police wiretap without a warrent or snoop around the library to see what we are reading. What if they take away our 2nd amendment rights, first by requiring registration, than banning assult style wepons, then slowly, state by state, taking away wepons you already own. What if the states decide to put up a camera on every street corner.... then one day in your house.
The point is the founding fathers did not add the Bill or Rights because it sounded like a nice set of rights. They added those Rights so the people could fight an overbearing government if the need ever came. What if England had decided the colony could not have any guns, and decided that neighbors must report what other neighbors say. We would not be a country today, we would be English. The founding fathers gave people certain Rights to make sure we stay free.
Those that give away those Rights are comminting suicide for the rest of us. They are chaining us all. Rossoue was right "Man is born free, yet everywhere he is in chains". People, don't give you your rights!
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
The FBI plays mean tricks on people. My Aunt and her husband wanted for murder, embezzlement, and some more minor crimes. They both ran away in the early eighties. Agents called my grandmother's house pretending to be doctors and told her the her daughter was in a New York hostipal in critical condition. They had her phone tapped and were hoping that if she knew where Connie was that she would call her back and they'd be able to trace the call. The point of tapping phones is that they're one of the most widely used means of communication.
LE needs to face up to the fact that their job is going to get harder, and there's just nothing they can do about it. Either they'll have to intercept communications by other-than-remote means (i.e. break into someone's house and install a bug), or socially engineer around crypto, or just somehow gather evidence about crimes by means completely different than intercepting communication.
It's a shame. There are probably legitimate uses for wiretapping, where it can be used to obtain information about actual crimes. But so much goodwill has been squandered (e.g. the drug war, etc) that I doubt many people will care about the loss of this tool. The terrorist angle probably helps a little, but people are getting pretty jaded about that too.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
How can wiretaps even be remotely useful anymore? Unless you catch someone who is being stupid and talking on a potentially insecure phone line about something he shouldn't have done..
:P
As far as VOIP goes, it's very significant that it allows you to cross the line between the internet and the telephone network and breaks the government tracking of that relatively closed system on a global scale. The internet isn't just implemented in a fashion that is open and relatively uncontrolled, it is also destroying the existing control of another network by interfacing with it. Would you really not expect a response from the governments who have benefited from that control?
Outside the VOIP thing, even if you can't crack into someones communications, I can think of lots of benefits in being able to monitor their lines if you're trying to investigate them. Unless they're flooding their channel with a constant encrypted data stream to you can track the timing of their communications. You can track where the communications are being relayed from and to. And you can track what they communicate anytime they access systems that are outside the closed system they would presumably be using for their communications.
I'd suggest you stay away from a life of crime... you don't seem to have a very good understanding of the dangers involved
-1 Uncomfortable Truth
Skype CEO Niklas Zennstrom told me last fall that "we do not have any legal obligation to provide any means for interception" in his company's VoIP software. How will you force a company based in Luxembourg to insert backdoors in its software when it has no obligation to do so?
This doesn't qualify as an official statement from Skype, but it pretty much says it all, I think.
For pure IP telephony, though, the obvious way to wiretap is to tweak the call setup, so instead of the voice channel going from Alice to Bob, there are two voice channels, from Alice-to-KGB and KGB-to-Bob. Even if there's end-to-end encryption on the voice channel (which is sadly lacking in too many implementations), that doesn't stop the wiretap from working, because the KGB is an endpoint and has the key. If you have an adequate public key infrastructure, you can prevent this by authenticating the call setup messages. But if you don't have that, you're toast; in some cases you can use SSH-like "remember the signature key they used last time" protocols, or you can read your Diffie-Hellman authentication message over the phone if you recognize the other person's voice, but for tricks like that, your VOIP software needs to give you visibility into and ideally control over that process.
So regulatable VOIP service providers, who handle the database lookup portion of calls in countries with wiretap-greedy spooks, may be forced to pay extra to develop wiretap-friendly control software. An intermediate step, which the FBI has been all too successfull in getting US regulators to approve, is to get visibility into the call setup process, similar to old-fashioned pen registers, so they at least know who's talking to whom, and can often get that from the telcos without a formal warrant, using some less-stringent process like an administrative subpoena, and often with gag orders forbidding the telco to tell the wiretap victim.
That's a big problem with closed applications such as Skype, by the way - even if they use some good crypto algorithms, which they say they do, you can't tell what they're doing with them, and whether they're leaking authentication information. (Too bad, because they're a non-US provider who might be harder to bully, at least if they build some corporate separation between their software developers and their VOIP-to-Telco service providers, which I'm not sure if they have.)
Asterisk is open-source, which has the advantage that you can see if something like that is built in, and also has the advantage that it's usually operated by end-users, not by service providers. The SIP protocol family is designed to support proxies and indirection which are useful in building services where some bits are managed by one entity and some by another, e.g. PBXs at both ends, a directory service provider or two in the middle, maybe some voicemail providers or conferencing servers or whatever - it's a big step up from the old H.323 protocols, which pretty much required building closed systems.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
"Personally, I don't have a problem with the security thing. It's just for the police, and I personally don't have anything to hide from them."
Presumably you're not a pretty girl, then. Thanks to Safety Cap (253500) for this story of a on-duty cop copying nudie pics for his off-duty enjoyment.
But that's only one cop. Click for the Top 10 List of Police Database Abuses.
It includes such charming cop activities as "Prosecutor's Office Uses Database to Smear Prosecutor's Political Opponent", "Police Lieutenant Charged With Abusing Database to Influence Elections", and "Cop Uses Database to Find Woman's Unlisted Phone Number -- Gives It to Woman's Ex"
But that's just local cops you say? We can trust the FBI, you say? Well, Martin Luther King couldn't.
And the FBI even tried to get the Mafia to silence Dick Gregory when he spoke against narcotic trafficking. And framed environmental activists. Not to mention COINTELPRPO, or the FBI helping Chicago police murder Fred Hampton in cold blood.
But that's all in the past you say? Well, if two years ago is "the past".
But you have nothing to hide, so I guess you're safe.
Tell that to "[m]ost of the 110,000 persons removed for reasons of 'national security' [who] were school-age children, infants and young adults not yet of voting age" forced by the U.S government to move to:
* Manzanar War Relocation Center
* Tule Lake War Relocation Center
* Heart Mountain War Relocation Center
* Minidoka War Relocation Center
* Topaz War Relocation Center
* Poston War Relocation Center
* Gila River War Relocation Center
* Granada War Relocation Center
* Rohwer War Relocation Center
* and Jerome War Relocation Center
You, know, mostly I let the links speak for themselves. I'm going to deviate from that this time, and I'll get modded down for it, but sometimes you just have to say it.
You don't deserve to vote. You don't deserve the nation created by Jefferson and Madison and Washington. You don't deserve to inherit the legacy of the brave men and women who sacrificed their lives to make America (more or less) free.
YOU DON'T DESERVE TO BE AN AMERICAN.
It's one thing if you realize that government is always a threat to liberty, and weighing the alternatives, reluctantly decide to cede more power to the government.
But you aren't doing that. With the whole frigging internet at your finger-tips -- much more than Thomas Jefferson ever had -- you can't even be bothered to type into Google "police surveillance abuse" and read the fucking history of your own fucking country.
Instead, you just blithely assume that since what you're doing isn't illegal yet that since you're not on a watch-list yet that the color your skin or your accent or your politics aren't "suspicious" yet, you can sit back fat and happy without giving thought to how this might affect others or even -- governments and laws do change -- yourself in the future.
And yet you get to go into a voting booth and pull the lever because of people who did know better and who made the hard choices and who often die
Opinions on the Twiddler2 hand-held keyboard?
Privacy is not the diametric to freedom, it is a freedom.
Privacy is the freedom to control access to information about yourself and your behavior from those who you would rather not know it because it is embarrassing, incriminating, or simply against your wishes.
Freedom is not synonymous with an open society either, in fact an fully open society is the least free (libre) arrangement of human interaction because there isn't any haven from the will of others to impose themselves or their ideas upon you. No thought may go unchecked by the group, no dream unconfirmed to the mores of the society at large.
You cleave to the idea that there is the 'truly moral' while simultaneously evoking that the 'government is us', which I find a little silly.
If the government is in fact 'us', then the tyranny of the mass is reason enough to demand and safeguard our privacy, and insist on something less than an fully open society.
If there is a 'truly moral' way of living, then there cannot be a government of the people, for the people, and by the people because it would imply either that this moral truth is known by people, thereby rendering moot the need for government at all, or that in the absence of this knowledge personally, the collective acts of a nation can be somehow conformed to a superior standard of conduct, which betrays the notion that the people are self-governing, since they do not possess the knowledge of the moral truth themselves and are instead being governed by the ideology that is external to them.
It is a logical fallacy that we are somehow "safe" from a sub-set of the population that is opposed to a particular behavior or belief and is empowered to act with authority to eliminate that behavior.
There is an enormous difference between what is moral and what is legal. Legality is the thing of government and of power. Morality is the thing of humanity and of ethics.
What is criminal today can overnight become legal, and vice versa, simply by the caprice of a majority of 538 human beings in the District of Columbia. That isn't a complaint, it is a fact. To live under the illusion that you aren't potentially a target of someone's bias, prejudice, or ideological action is really pretty foolish.
I'm sure that few people in the Arab-American or American-Islamic communities realized they would become the enemy, subject to seizure, torture, imprisonment without charge, and social stigma simply for the way the looked, who they spent time with, the books they read, or the location of their religious centers on September 10th 2001. They likely felt just as most Japanese-Americans did on December 6th 1941.
Just because what you do is "what everyone is doing" doesn't make it morally OK. It makes it popular. It was popular to ignore the Nazi rise to power and the lynchings in the deep south and the Inquisition, too. None of those are considered morally OK. Morality, when viewed through the lens of history, generally is the opposition to power being abused, not the tacit acquiescence to brutality.
Living a life shrouded in secrecy isn't an un-free life if you are doing it because you choose not to share the intimate details of your life, not because you have to. Living a life under surveillance and scrutiny by anonymous actors who believe they are above reproach and constantly on the lookout for any small breech of one of a myriad of civil and criminal laws that no one can abide by is not freedom. When everything is a crime and the enforcers pick and choose to whom and when the law will apply, that is not government by the people. When you think that what you are doing is truly morally OK, and that the government will never think you aren't, you are living a life that is not free.
Want to read my stuff? Go ahead and crack it - no warrant necessary.
Get the rabbit installed on a machine behind your firewall
==> http://freenet.sourceforge.net/
Faster than freenet
==> http://www.i2p.net/
Encrypt Jabber
==> http://www.vanemery.com/Linux/Jabber/jabberd.html
Onion Routing
==> http://tor.eff.org/
Emerging Network To Reduce Orwellian Potency Yield
==> http://entropy.stop1984.com/
Free Internet telephony
==> http://skype.com/
GNU-ified P2p
==> http://www.gnu.org/software/gnunet/
DO NOT DENY yourself about 2 hours @ InfoAnarchy.org
OMG! ==> http://www.infoanarchy.org/wiki/index.php/Main_Pag e
LearnLearnLearnLearn ==> http://en.wikipedia.org/wiki/Cryptography
=================EMAIL ENCRYPTION===============
GPG (Free PGP)
==> http://gnupg.org/
Integrated with Thunderbird
==> http://enigmail.mozdev.org/
Mutt can't be beat as a mailreader and integrates GPG wonderfully.
==> http://mutt.blackfish.org.uk/
==> http://www.mutt.org/links.html
==> http://wiki.mutt.org/index.cgi?UserPages
!!! Please do not immediately send newly created keys to the keyservers (as many HOWTOs instruct new users to). They are already overflowing with "test keys" and other people's experiments from over the years THAT HAVE NO EXPIRATION and will never be deleted. These keys are "orphans" and most will never be used. As keyservers sync together, and most keys are never deleted once submitted - GET YOUR KEY SETUP CORRECTLY AND HAVE PRACTICE WITH IT BEFORE SENDING IT OFF TO THE KEYSERVERS!!! Otherwise storage requirements will continue to grow and using these in the future will become more difficult FOR ALL. Please, if you are just starting out with PGP or GPG or GnuPG or anything similar (the last two are in fact the same thing) use manual key distribution to begin (ascii armor your public key with
$ gpg --export --armor my@email.address.org
and copy and paste it into an email body or attach it to an email
$ gpg --export --armor my@email.address.org > myPubKey.txt
to gain practice with GPG before uploading your key. This way if you need to create another you won't have uploaded your mistakes. Many choices need to be made and it's worth getting things right before "going public" with your new digital ID. Experiment with yourself and a few different email accounts or with some friends first.)
SET AN EXPIRATION OF 2-5 YEARS OR SO AND MAKE SURE YOU HAVE YOUR PREFERENCES THE WAY YOU LIKE THEM BEFORE SENDING TO A KEYSERVER! Better yet is to HOST YOUR KEY ON YOUR WEBSITE (or try using http://biglumber.com/ instead to host your key and help c