Slashdot Mirror
Groups Slam FCC on Internet Phone Tap Rule
kamikaze-Tech writes "An Associated Press report posted in the Vonage VoIP Forums discusses the new CALEA regulations that will make it easier for
law enforcement to tap Internet phone calls. The article claims that the
new law will also make computer systems more vulnerable to hackers, according to
some digital privacy and civil liberties groups. While the groups don't want
the Internet to be a safe haven for terrorists and criminals, they complain that
expanding wiretapping laws to cover Internet calls -- or Voice over Internet
Protocol (VoIP) -- will create additional points of attack and security holes
that hackers can exploit. VoIP service providers such as Vonage, Skype and
Packet 8 have eighteen months to comply with the new law."
Given that Skype's corporate entity isn't located in the States, it would seem that the FCC doesn't have any control over it.
The article claims that the new law will also make computer systems more vulnerable to hackers, according to some digital privacy and civil liberties groups.
Oh it's a whole metric-fuckton worse than that. The problem the FCC, FBI (insert your favourite alphabet agency here) is that they make the assumption that the criminals that will be using VOIP will COMPLY with FCC.
Voice/IP isn't like traditional the traditional telephone system at all. I can't install my own private telephone network with encrypted lines but with V/IP this is fairly easy to achieve. What's worse, what criminal is really going to open up their private P2P telephone so the government can tap them?
So the measure has absolutely no effect on our ability to catch criminals. Instead we subject the communication of ordinary law abiding citizens to the possibility of them having their perfectly legitimate conversations compromised, be it by a l33t|st or corupt police officers alike.
Simon.
If they want to tap VoIP, they should have to hack it like everyone else.
Isn't that the same CALEA law that also forces router/NIC makers to install FBI backdoors (which can also be compromised by hackers)?
I see a big market soon for do-it-yourself NICs and PC routers...
--- Grow a pair, liberals... stop letting the Republicans bully you!
I don't mind phone tapping at all - as long is there is cause for it's need. However as stated in another posting it is kinda stupid, as if people want to communicate over the net for dodgy dealings, they are certainly not going to use one of the mainstream (or indeed, any) VOIP provider.
If only the UK was able to procecute criminals based on phone tapping, currently it's not allowed (hears gasps of shock).
I can't help but wonder what will happen when someone uses one of these "mandated" security weak points to impair service from one of the larger providers, like Vonage. If the government was warned that it would be a likely outcome of their new law, are they liable for the damages?
Even worse, sniffable (tapable, whatever) by the government means sniffable by a lot of far more clever black-hats. Who is liable for the damages incurred by identity theft? Or are we just never supposed to order anything over the phone again?
I guess 18 months from now it's back to the cell phone only existance for me....
The announcemnt came last week. its a .pdf
95% of all sigs are made up.
This is not as bad as it seems.
As far as Vonage or Packet8 are concerned they will have easier time implementing this then incumbents. It is dead easy to do this with SIP. All that is necessary is to make the SIP server reply with a different voice endpoint to all SIP invites from persons who are under surveilance. As a result the "snooping" equipment is separate and does not encumber primary network infrastructure.
As far as Skype is concerned I could not care less. It will be dead by that time. Same as Kazaa - supernode to freeload ratio will drop beyond the point where the network is sustainable.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
Dear Skype, We, the FCC, require you, a British company, to comply with American laws. If you don't we'll... say Ni! in your general direction. Your Friends The FCC Seriously, they're already giving away free phone calls, and free software from a foriegn country, using foreign servers. The best the FCC can hope for is that they put a line on their download page: Dear American, please don't download our software cause it will upset the FCC and the Feds. Failure to comply will mean that those in charge will think you are a terrorist. You don't want people to think your a terrosit do you? Vonage... well they're pretending to be a phone company, so they might have some luck.
Scared of flying, pointy things snce 1979!
I mean, they'll never find a way around this, right?
All I can say is thank god that the technology doesn't exist to communicate over voice outside of the phone and VoIP channels.
You know, if anyone ever figures out how to do direct PC-to-PC voice service, or if an IM service such as Yahoo ever include voice in their client, we'll all be doomed!
Wait a minute... they could be emailing each other right now! They could be talking to each other on IRC right now, or in a chat room, or through Yahoo messenger, or through MSN messenger, or through....
Yikes. I never realised how much danger we are all in. SOMEONE BLOW UP THE INTERNET NOW!!!!!!1!!!1oneone
The FCC just reclassified broadband as an "information service".
Calea is supposed to apply to telecom.
I sense some cognitive dissonance here, or maybe a simple hyppocritical abuse of power?
BTW.. calea is not a new law, and the rule itself is not a "law" it's a regulation. There are subtle differences.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
People in the computing field like to spur the use of spurious jargons. The less educated they are, the more they like extraneous jargons, such as in the Unix & Perl community. Unlike mathematicians, where in mathematics there are no fewer jargons but each and every one are absolutely necessary. For example, polytope, manifold, injection/bijection/surjection, group/ring/field.., homological, projective, pencil, bundle, lattice, affine, topology, isomorphism, isometry, homeomorphism, aleph-0, fractal, supremum/infimum, simplex, matrix, quaternions, derivative/integral, ... and so on. Each and every one of these captures a concept, for which practical and theoretical considerations made the terms a necessity. Often there are synonyms for them because of historical developments, but never "jargons for jargon's sake" because mathematicians hate bloats and irrelevance.
The jargon-soaked stupidity in computing field can be grouped into classes. First of all, there are jargons for marketing purposes. Thus you have Mac OS "X", Windows "XP", Sun OS to Solaris and the versioning confusion of 4.x to 7 to 8 and also the so called "Platform" instead of OS. One flagrant example is Sun Microsystem's Java stuff. Oak, Java, JDK, JSDK, J2EE, J2SE enterprise edition or no, from java 1.x to 1.2 == Java 2 now 1.3, JavaOne, JFC, Jini, JavaBeans, entity Beans, Awk, Swing... fucking stupid Java and fuck Sun Microsystems. This is just one example of Jargon hodgepodge of one single commercial entity. Marketing jargons cannot be avoided in modern society. They abound outside computing field too. The Jargons of marketing came from business practice, and they can be excusable because they are kinda a necessity or can be considered as a naturally evolved strategy for attracting attention in a laissez-faire economy system.
The other class of jargon stupidity is from computing practitioners, of which the Unix/Perl community is exemplary. For example, the name Unix & Perl themselves are good examples of buzzing jargons. Unix is supposed to be opposed of Multics and hints on the offensive and tasteless term eunuchs. PERL is cooked up to be "Practical Extraction & Reporting Language" and for the precise marketing drama of being also "Pathologically Eclectic Rubbish Lister". These types of jargons exude juvenile humor. Cheesiness and low-taste is their hall-mark. If you are familiar with unixism and perl programing, you'll find tons and tons of such jargons embraced and verbalized by unix & perl lovers. e.g. grep, glob, shell, pipe, man, regex, more, less, tarball, shebang, Schwartzian Transform, croak, bless, interpolation, TIMTOWTDI, DWIM, RFC, RTFM, I-ANAL, YMMV and so on.
There is another class of jargon moronicity, which i find them most damaging to society, are jargons or spurious and vague terms used and brandished about by programers that we see and hear daily among design meetings, online tech group postings, or even in lots of computing textbooks or tutorials. I think the reason for these, is that these massive body of average programers usually don't have much knowledge of significant mathematics, yet they are capable of technical thinking that is not too abstract, thus you ends up with these people defining or hatching terms a-dime-a-dozen that's vague, context dependent, vacuous, and their commonality is often a result of sopho-morons trying to sound big.
Here are some examples of the terms in question:
anonymous functions or lambda or lamba function
closure
exceptions (as in Java)
list, array, vector, aggregate
hash (or hash table) fantastically stupid
rehash (as in csh or tcsh)
regular expression (as in regex, grep, egrep, fgrep)
name space (as in Scheme vs Common Lisp debates)
depth first/breadth first (as in tree traversing.)
operator
operator overloading
polymo
If they don't comply the gestapo will just pressure Visa and MC to deny them accounts on the basis of "aiding the terrorists" - and if they devise some means of getting around it then uncle fed will just rapture their corporate officers to Syria or someplace where they can await prosecution on "money laundering" charges.
You don't fuck with the world police...
that they didn't do this already in other closed-source programs? It is known that Microsoft Windows has them...
Custom electronics and digital signage for your business: www.evcircuits.com
"If you've got nothing to hide then you shouldn't have any objection to select government agencies/individuals listening to your conversations."
If you're making fun of that line, you've got to go a little further; the way you state it is exactly the way the serious supporters of surveillance state it.
E.g.:
If you've got nothing to hide then you shouldn't have any objection to select government agencies/individuals listening to what you whisper in your lover's ear. On the other hand, if you're a member of Al Queda, I could see why you might have a problem with this idea.
If you've got nothing to hide then you shouldn't have any objection to select government agencies/individuals placing cameras in your shower. On the other hand, if you're a member of Al Queda, I could see why you might have a problem with this idea.
If you've got nothing to hide then you shouldn't have any objection to select government agencies/individuals reading your thoughts. On the other hand, if you're a member of Al Queda, I could see why you might have a problem with this idea.
Here in the UK, we have automated keyword monitoring of phone conversations using voice recognition (it is not advised to use the words bomb and Bush in the same sentence) and 1 in 6 calls are automatically recorded regardless of the presence of "keywords". With this is mind, although speculative, it is very, very likely that many Internet sessions are tapped automatically.
It is no more "The big brother is watching" It is now "The big brother is tapping " !
Chris ,
Php Programmers.
Your point is so true. Of course providing a wiretap service through VoIP is a waste of money. Actually, it is more likely to provide malicious hackers with private info of the good guys, than it is going to help intelligence catch the bad guys. (For example, eavedropping random phone conversations is relatively easy access to credit card numbers.) Meanwhile, terrorists could use onion routing/tor networks to communicate virtually untraceble.
The only way to tap on *every* conversation is to kindly ask *everyone* to install the spyware on *every* computer and never turn it off. Did I say "ask kindly"? Make than "mandate".
Now what do we need for the population to accept that? Call it fear, uncertainty and doubt. Stories about pirates. Stories about violence. Stories about war and terrorism.
Hello Nineteen Eighty-Four.
--
Technological progress has merely provided us with more efficient means for going backwards -- Aldous Huxley
Some hacker will graft PGP-style encryption onto SIP. You will simply send your public key in the headers -- it's called Session Initiation Protocol for a reason don'tcha know -- and the far end will encrypt against it. If anybody is listening in, they won't be able to decrypt it. Even better, you wait for sometime after the information has lost its value and publish the private key. Now nobody can even prove you really were the intended recipient.
All the tools required to do this are already available as open source, so it will be an interesting exercise for somebody.
And it will have the beneficial side-effect of killing off SKYPE. Another closed protocol bites the dust, good riddance.
Je fume. Tu fumes. Nous fûmes!
Business dealings; issues with my imperfectly-secured web apps; that incident recently in a pole-dancing club where... um, forget that last one OK?
For the love of God, please learn to spell "ridiculous"!!!
The sad thing is that I genuinely believe that a headline of "Pedohphiles use phones. We need to tap your phone to stop pedophiles." Would easily get 20% of people agreeing.
I guess that the general population just get what they deserve, and the rest of us have to suffer along with them.
Could skype make a version that is only available in the US and is tappable ? There's no reason when I call here from Australia to some other Non-US country that the us feds should be listening to me. For years we've had NONUS sections in debian etc... This shouldn't be any different ?
How secure is the cryptography in Skype anyway? Anybody seen some info on the underlying algorithms they are using?
what this basically means is that some guy will code a decentralised open source voip where you have to dail by ip, open source proxy, maybe name servers for it, etc and everything with a really strong encryption alike ssh, with certificates bouncing around. bravo. just the same idiotic move as killing the napster was.
I personally do want the internet to be a safe haven for criminals. Think of all of the people you know. How many of them are not criminals?
Correct me if I'm wrong but aren't there simple commercial products like Niksun Netdetector that can simply reconstruct VOIP traffic from an Ethereal dump collected by simply by snooping the wire? Is this calling for new technology to collect the traffic or is this saying we want the magic black boxes at every provider to provide an instant tap anytime/anywhere...
News Reporters Make Tasty Polar Bear Treats!
It's time for a decentralized Open Source solution, with open standards. Let's let the FCC try to impose wire tapping requirements on this.
Sometimes I'm happy that the ACLU et al are looking out for me, sometimes they pick the wrong fight. This is exactly one of them. Oh, packet 8 and vonage have 18 months to allow wire tapping? Guess what guys, they already have it. Vonage uses Silantro, its had calea support for at least the last 3 years. Broadworks (the Broadsoft softswitch) has calea as well. The large softswitch vendors all already support it, I think Asterisk even might (although I'm not sure). These things aren't going to make the "Internet more vulnerable to hackers".
Has the ACLU setup CALEA on these systems? I highly doubt it, but I have. At least with broadsoft it is a trivial matter to keep the softswitch entirely firewalled off the internet that unless someone finds a buffer overflow in the sip protocol or rtp protocol that the system is using there is no opportunity for a hacker to get in.
Furthermore, the system supporting CALEA doesn't increase the risk.. IE if someone hacks the SIP protocol stack on a softswitch and takes control of it, well who cares if the box supports CALEA they just got access to all the phonecalls going through that box.
Do you really thing that up til now the FBI et al has had no power to wire tap a VoIP phone? That more than 5 million people in the US are totally able to break whatever law they want (wire fraud, telemarketing scams, plan bank robberies, etc) notice I didn't mention terrorism, just because they have Vonage? Right.
It's time for a decentralized Open Source solution, with open standards. Let's let the FCC try to impose wire tapping requirements on this.
Right on!
-kgj
-kgj
http://mindprod.com/religion/biblestudy.html
Have fun explaining all that, then.
Whether or not this has adverse consequences for security is dependent upon the implementation. If the US follows the EU practice of allowing the operators to see who is going to be intercepted and to arrange for the technical interception, then there will not be a big security risk. The reason for this is that the best way to do it is to use passive splitters and then a separate filtering system, the filtering system should not be connected to anything else. It will be operators doing what they already can do, selecting specific traffic from their network and then sending to the law enforcement agencies. If the FBI want to be able to snoop without the operators knowing about it, then it will get alot more difficult to keep the whole thing safe. It will require remote access, which opens up a can of worms.
With regards to Skype and other non US operators. Whether or not they need to comply with US law depends on their business and where they interconnect to the PSTN. If SkypeOut connects to the US PSTN in the US, then it will have to comply with US law. If SkypeOut connects to the PSTN in Canada, then it will have to comply with Canadian law. For Skype to Skype communications there is no way the US can force skype to intercept something it has no control over.
Does this situation make anyone think of the SAS system in Takedown (The unofficial Hackers 2)
that i have a right to commit any sort of crime i wish over the privacy of my telephone, and am only looking out for *my* best interest when circumventing laws designed to stop me or allow my activities to be monitored.
screw this, another way will be found.
Yeah, yeah I know - abuses and all that. So make encryption a standard feature in gnome-meeting and call it a day.
The problems with terrorists is their antisocial behaviour. I'll admit the US has done some things (dumb and/or repeatedly) to piss off a lot of people.
Terrorism and war has existed for as long as society. It exists in the US, outside the US, before the US existed and will continue to exist long after the US ceases to.
Occasionally some group will blame a certain action of another group for their behaviour.
But the following excuses are just excuses and don't in themselves always justify the reaction.
Their brother/daddy/government/religion/geopolitical group beat up my daddy/governmentreligion/geopolitical group.
The Devil/Bible/Koran/Cereal box/talking monkey made me do it.
They weren't listening to me, so I'll just keep making more noise until they do. As appropriate in politics as a toddlers temper tantrums.
Yea, any Blackberry folks keep telling us that their network is end-to-end secured from the Blackberry to my server. By VPN and SSL, for example, to comply with various legislation such as health care privacy.
But when I confront them and show them Ethereal traces of their POP3 communications with my POP3 server being completely clear text, they look at me with a blank stare.
Just because they say they use encryption doesn't by default mean they are using it correctly.
"I have nothing to hide,"
While I agree with your general sentiment about things not being any of their business, I personally get tired of people making this silly statement. You most certainly do have things to hide; and saying this makes you look logically inconsistent. That means "foolish".
Think I'm wrong? Then please post your real name, address, Social Security Number, and Drivers License number.
So yes, you do have plenty to hide. That's called "privacy". You have a right to it.
Saying that you have "nothing to hide" presumes a right to know everything. The Government doesn't have this (yet). That's a hallmark of a Fascist state. And I wish people would quit presuming that we're in one.
You know, I can't think of a fundamental difference between VOIP traffic and any other IP traffic.
I get the feeling that back door would be useful for more than tapping VOIP.
It's not about stopping them. It's about arresting and convicting them.
The tangential activities that you describe, e.g. communicating, meeting, transferring funds, etc. are the means by which federal officers arrest and convict mobsters/drug dealers/terrorists/etc.
It's very rare to get a conviction on a mobster via a direct mob activity. Instead, the feds use money laundering or tax evasion laws to deal with the mob people so that they can at least do time for _something_. And if they do it multiple times, then they get slapped with RICO and do _real_ time.
franzel
>absolutely no effect on our ability to catch criminals
Criminals smart enough to do things we consider obvious will escape capture by CALEA. No question there.
If most criminals were smart, then we'd catch even fewer of them than we do now. The whole system is geared toward finding and prosecuting dumb criminals.
Wouldn't the solution be to use phones implementing a PGP or
similar solution with the key input by the enduser? Of course
that would cost money and be opposed by the government, but
you would think the market could provide such equipment for
those who feel they need/want it
I really hope one of those companies tells the Fed to take a hike. If they try to prosecute, they can take it all the way to the Supreme Court and hopefully get some justice there.
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
You really think this is a troll?
Obviously you are not a webmaster...
Your misuse of the capslock key has alerted us of your potential terrorist activity involvement. Please come with us for questioning in an undisclosed nation for an undefined period of time.
- The FBI
Wire tapping IP is nothing more than having a sniffer installed on your network. anyone with the right equipment and a weeks worth of training could easily sniff out a VoIP conversation, and replay that conversation using current technologies and no change to the VoIP structure. I have done this myself in classrooms to prove that it could be done (I have been fortunate enough to have a weeks worth of training and access to the right equipment.
I'm unclear as yet the new threat or vulnerabilities mentioned, considering that VoIP is completely vulnerable already to people listening in.
Check out the article here: http://www.wired.com/news/technology/0,1282,68306, 00.html
Voice/IP isn't like traditional the traditional telephone system at all. I can't install my own private telephone network with encrypted lines but with V/IP this is fairly easy to achieve.
It's always been easy to achieve, provided you had a computer at each end. Remember PGPFone?
A: Hel-----lo, its its me, Alice.
B: Huh?
A: Its me me AlAlice *hiss*.
B: I can't ear you ------ ery ell!
A: Well, least at my c-call free is is is.
B: all me on on a land land line, pease!
and you can't depend on it for 911 if your power is out, and even if it isn't, they can't find you, and packet duplication, reordering, lossage, etc will just make it work badly.
Also, when I call a friend with that VoIP monstrosity, sometimes the call gets null routed to an operator because their is not a needed switch translation, sometimes it fails to forward to his cell when he is out and goes to voice mail (but if I call his cell he answers it in one ring), and sometimes I'd be talking to him and hear the VoIP voice mail on the line at the same time.
The Feds listening into to VoIP is the LEAST of your problems.
I can't imagine any criminal wanting to use it.
Just because it CAN be done, doesn't mean it should!
I can't believe Internet Phone companies support tis thing - it's not logical - look at what Free Internet Phone Calls http://calls.forcents.com/ wrote about this in their news section.
Doesn't make any sense does it?