Slashdot Mirror
Groups Slam FCC on Internet Phone Tap Rule
kamikaze-Tech writes "An Associated Press report posted in the Vonage VoIP Forums discusses the new CALEA regulations that will make it easier for
law enforcement to tap Internet phone calls. The article claims that the
new law will also make computer systems more vulnerable to hackers, according to
some digital privacy and civil liberties groups. While the groups don't want
the Internet to be a safe haven for terrorists and criminals, they complain that
expanding wiretapping laws to cover Internet calls -- or Voice over Internet
Protocol (VoIP) -- will create additional points of attack and security holes
that hackers can exploit. VoIP service providers such as Vonage, Skype and
Packet 8 have eighteen months to comply with the new law."
Given that Skype's corporate entity isn't located in the States, it would seem that the FCC doesn't have any control over it.
The article claims that the new law will also make computer systems more vulnerable to hackers, according to some digital privacy and civil liberties groups.
Oh it's a whole metric-fuckton worse than that. The problem the FCC, FBI (insert your favourite alphabet agency here) is that they make the assumption that the criminals that will be using VOIP will COMPLY with FCC.
Voice/IP isn't like traditional the traditional telephone system at all. I can't install my own private telephone network with encrypted lines but with V/IP this is fairly easy to achieve. What's worse, what criminal is really going to open up their private P2P telephone so the government can tap them?
So the measure has absolutely no effect on our ability to catch criminals. Instead we subject the communication of ordinary law abiding citizens to the possibility of them having their perfectly legitimate conversations compromised, be it by a l33t|st or corupt police officers alike.
Simon.
If they want to tap VoIP, they should have to hack it like everyone else.
Isn't that the same CALEA law that also forces router/NIC makers to install FBI backdoors (which can also be compromised by hackers)?
I see a big market soon for do-it-yourself NICs and PC routers...
--- Grow a pair, liberals... stop letting the Republicans bully you!
I don't mind phone tapping at all - as long is there is cause for it's need. However as stated in another posting it is kinda stupid, as if people want to communicate over the net for dodgy dealings, they are certainly not going to use one of the mainstream (or indeed, any) VOIP provider.
If only the UK was able to procecute criminals based on phone tapping, currently it's not allowed (hears gasps of shock).
I can't help but wonder what will happen when someone uses one of these "mandated" security weak points to impair service from one of the larger providers, like Vonage. If the government was warned that it would be a likely outcome of their new law, are they liable for the damages?
Even worse, sniffable (tapable, whatever) by the government means sniffable by a lot of far more clever black-hats. Who is liable for the damages incurred by identity theft? Or are we just never supposed to order anything over the phone again?
I guess 18 months from now it's back to the cell phone only existance for me....
The announcemnt came last week. its a .pdf
95% of all sigs are made up.
This is not as bad as it seems.
As far as Vonage or Packet8 are concerned they will have easier time implementing this then incumbents. It is dead easy to do this with SIP. All that is necessary is to make the SIP server reply with a different voice endpoint to all SIP invites from persons who are under surveilance. As a result the "snooping" equipment is separate and does not encumber primary network infrastructure.
As far as Skype is concerned I could not care less. It will be dead by that time. Same as Kazaa - supernode to freeload ratio will drop beyond the point where the network is sustainable.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
Dear Skype, We, the FCC, require you, a British company, to comply with American laws. If you don't we'll... say Ni! in your general direction. Your Friends The FCC Seriously, they're already giving away free phone calls, and free software from a foriegn country, using foreign servers. The best the FCC can hope for is that they put a line on their download page: Dear American, please don't download our software cause it will upset the FCC and the Feds. Failure to comply will mean that those in charge will think you are a terrorist. You don't want people to think your a terrosit do you? Vonage... well they're pretending to be a phone company, so they might have some luck.
Scared of flying, pointy things snce 1979!
I mean, they'll never find a way around this, right?
All I can say is thank god that the technology doesn't exist to communicate over voice outside of the phone and VoIP channels.
You know, if anyone ever figures out how to do direct PC-to-PC voice service, or if an IM service such as Yahoo ever include voice in their client, we'll all be doomed!
Wait a minute... they could be emailing each other right now! They could be talking to each other on IRC right now, or in a chat room, or through Yahoo messenger, or through MSN messenger, or through....
Yikes. I never realised how much danger we are all in. SOMEONE BLOW UP THE INTERNET NOW!!!!!!1!!!1oneone
The FCC just reclassified broadband as an "information service".
Calea is supposed to apply to telecom.
I sense some cognitive dissonance here, or maybe a simple hyppocritical abuse of power?
BTW.. calea is not a new law, and the rule itself is not a "law" it's a regulation. There are subtle differences.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
If they don't comply the gestapo will just pressure Visa and MC to deny them accounts on the basis of "aiding the terrorists" - and if they devise some means of getting around it then uncle fed will just rapture their corporate officers to Syria or someplace where they can await prosecution on "money laundering" charges.
You don't fuck with the world police...
that they didn't do this already in other closed-source programs? It is known that Microsoft Windows has them...
Custom electronics and digital signage for your business: www.evcircuits.com
"If you've got nothing to hide then you shouldn't have any objection to select government agencies/individuals listening to your conversations."
If you're making fun of that line, you've got to go a little further; the way you state it is exactly the way the serious supporters of surveillance state it.
E.g.:
If you've got nothing to hide then you shouldn't have any objection to select government agencies/individuals listening to what you whisper in your lover's ear. On the other hand, if you're a member of Al Queda, I could see why you might have a problem with this idea.
If you've got nothing to hide then you shouldn't have any objection to select government agencies/individuals placing cameras in your shower. On the other hand, if you're a member of Al Queda, I could see why you might have a problem with this idea.
If you've got nothing to hide then you shouldn't have any objection to select government agencies/individuals reading your thoughts. On the other hand, if you're a member of Al Queda, I could see why you might have a problem with this idea.
Your point is so true. Of course providing a wiretap service through VoIP is a waste of money. Actually, it is more likely to provide malicious hackers with private info of the good guys, than it is going to help intelligence catch the bad guys. (For example, eavedropping random phone conversations is relatively easy access to credit card numbers.) Meanwhile, terrorists could use onion routing/tor networks to communicate virtually untraceble.
The only way to tap on *every* conversation is to kindly ask *everyone* to install the spyware on *every* computer and never turn it off. Did I say "ask kindly"? Make than "mandate".
Now what do we need for the population to accept that? Call it fear, uncertainty and doubt. Stories about pirates. Stories about violence. Stories about war and terrorism.
Hello Nineteen Eighty-Four.
--
Technological progress has merely provided us with more efficient means for going backwards -- Aldous Huxley
Some hacker will graft PGP-style encryption onto SIP. You will simply send your public key in the headers -- it's called Session Initiation Protocol for a reason don'tcha know -- and the far end will encrypt against it. If anybody is listening in, they won't be able to decrypt it. Even better, you wait for sometime after the information has lost its value and publish the private key. Now nobody can even prove you really were the intended recipient.
All the tools required to do this are already available as open source, so it will be an interesting exercise for somebody.
And it will have the beneficial side-effect of killing off SKYPE. Another closed protocol bites the dust, good riddance.
Je fume. Tu fumes. Nous fûmes!
Business dealings; issues with my imperfectly-secured web apps; that incident recently in a pole-dancing club where... um, forget that last one OK?
For the love of God, please learn to spell "ridiculous"!!!
The sad thing is that I genuinely believe that a headline of "Pedohphiles use phones. We need to tap your phone to stop pedophiles." Would easily get 20% of people agreeing.
I guess that the general population just get what they deserve, and the rest of us have to suffer along with them.
Could skype make a version that is only available in the US and is tappable ? There's no reason when I call here from Australia to some other Non-US country that the us feds should be listening to me. For years we've had NONUS sections in debian etc... This shouldn't be any different ?
I personally do want the internet to be a safe haven for criminals. Think of all of the people you know. How many of them are not criminals?
If I was in the UK I'd be calling someone up just to say "bomb" and "Bush" in the same sentence. If they want to mark me as a terrorist, they can go right ahead. I'll protect me freedoms and liberties, and they won't be able to scare me that easily.
Thankfully nothing like that would ever happen in Australia. We haven't invented the telephone yet.
Correct me if I'm wrong but aren't there simple commercial products like Niksun Netdetector that can simply reconstruct VOIP traffic from an Ethereal dump collected by simply by snooping the wire? Is this calling for new technology to collect the traffic or is this saying we want the magic black boxes at every provider to provide an instant tap anytime/anywhere...
News Reporters Make Tasty Polar Bear Treats!
It's time for a decentralized Open Source solution, with open standards. Let's let the FCC try to impose wire tapping requirements on this.
Any closed-source cryptography is not at all secure.
Je fume. Tu fumes. Nous fûmes!
Sometimes I'm happy that the ACLU et al are looking out for me, sometimes they pick the wrong fight. This is exactly one of them. Oh, packet 8 and vonage have 18 months to allow wire tapping? Guess what guys, they already have it. Vonage uses Silantro, its had calea support for at least the last 3 years. Broadworks (the Broadsoft softswitch) has calea as well. The large softswitch vendors all already support it, I think Asterisk even might (although I'm not sure). These things aren't going to make the "Internet more vulnerable to hackers".
Has the ACLU setup CALEA on these systems? I highly doubt it, but I have. At least with broadsoft it is a trivial matter to keep the softswitch entirely firewalled off the internet that unless someone finds a buffer overflow in the sip protocol or rtp protocol that the system is using there is no opportunity for a hacker to get in.
Furthermore, the system supporting CALEA doesn't increase the risk.. IE if someone hacks the SIP protocol stack on a softswitch and takes control of it, well who cares if the box supports CALEA they just got access to all the phonecalls going through that box.
Do you really thing that up til now the FBI et al has had no power to wire tap a VoIP phone? That more than 5 million people in the US are totally able to break whatever law they want (wire fraud, telemarketing scams, plan bank robberies, etc) notice I didn't mention terrorism, just because they have Vonage? Right.
Any closed-source cryptography is not at all secure.
Correction: any cryptography that relies on being closed-source is not at all secure. A commercial implementation of RSA can be just as secure as an open-source version, modulo the risk of dumb programmer errors.
For the love of God, please learn to spell "ridiculous"!!!
It's time for a decentralized Open Source solution, with open standards. Let's let the FCC try to impose wire tapping requirements on this.
Right on!
-kgj
-kgj
The only way to verify the integrity of any software -- especially, but not just security software -- is to read and understand the source code. Software vendors know this too, so if they won't show you the source code they are as good as admitting that their software is insecure.
Je fume. Tu fumes. Nous fûmes!
From a Skype VoIP FAQ:
How does Skype protect my privacy?
Skype is encrypted end-to-end because it uses the public Internet to transport your voice calls and text messages and sometimes these calls are routed through other peers. Skype encryption ensures that no other party can eavesdrop on your call or read your instant messages.
Skype uses the Advanced Encryption Standard (AES, also known as Rijndael) which is used by U.S. Government organizations to protect sensitive information. Skype uses 256-bit encryption, which has a total of 1.1 x 1077 possible keys, in order to actively encrypt the data in each Skype call or instant message. Skype uses 1024 bit RSA to negotiate symmetric AES keys. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates.
So.. it seems they are using 256 bit AES for encryption.
I don't know about this user public key part.. seeing how I don't have to carry around a private key and can just login from anywhere with my username/password, that key seems to not be used for identifying users.
The problems with terrorists is their antisocial behaviour. I'll admit the US has done some things (dumb and/or repeatedly) to piss off a lot of people.
Terrorism and war has existed for as long as society. It exists in the US, outside the US, before the US existed and will continue to exist long after the US ceases to.
Occasionally some group will blame a certain action of another group for their behaviour.
But the following excuses are just excuses and don't in themselves always justify the reaction.
Their brother/daddy/government/religion/geopolitical group beat up my daddy/governmentreligion/geopolitical group.
The Devil/Bible/Koran/Cereal box/talking monkey made me do it.
They weren't listening to me, so I'll just keep making more noise until they do. As appropriate in politics as a toddlers temper tantrums.
I've followed about 4 or 5 links to see exactly what verse they're referring to with comments, and every one they've twisted to make it say what they want it to say, then said "See?! The Bible can't be right, because it says to !!"
Genesis 24:2-3,9 : Grope sexual organs of one swearing oaths
Read the text. Putting a hand under a thigh is hardly "groping sexual organs". Putting it on top of the thigh would be closer to what they describe it as. Besides, I think this was a cultural thing. Nowadays we shake hands on a deal, they would do this. It's probably rooted in something like holding the person there until the deal is done, and they've sworn their promise to you.
Genesis 25:1-6 : Keeping mistresses is not adultery.
Again, read the text. Nowhere does it say that keeping mistresses is not adultery. It says Abraham had them. It doesn't say whether this was a good or bad thing. It does show that Abraham was human, and subject to the same character flaws as we are.
Genesis 39:7-14 : Woman tries to rape man.
So? What's the point? Have you never seen a demanding woman who happens to want sex? She wanted to have sex with him, and he didn't want to. As geeks, I know this is hard for us to understand, but there are aggressive women out there, who pursue men in this way.
Genesis 47:29 : Joseph ordered to "feel-up" his father.
Jacob didn't want to be buried in Egypt, which was a foreign land. He wanted to be buried at home. So he made his son swear that his body would be taken and buried with his ancestors, using the customary "handshake" of the time. Nowhere does it say "Jacob order Joseph to stroke his dick and promise to take him out of Egypt."
Exodus 12:29 : God kills all first-born babies in Egypt
Egypt at the time was an extremely sinful nation in God's eyes. Children were being brought up in slavery, sex orgies were common, and people were beheaded, stoned or worse, just for saying "No" to the emperor. (Kinda makes Bush Jr. look good, doesn't it?) Assuming that the whole heaven/hell thing is accurate, children brought up in this culture would have no chance of a life in heaven after death. By taking them young, God brought them out of their corrupt environment, and at least some of them wouldn't have been sent to hell. He also probably caught the attention of the people of Egypt, as nothing else had worked so far.
According to Christians, (real ones, not Bush) God wants nothing more than for every human to repent of sin and take forgiveness and, by extension, life after death in heaven. What happens to you on earth is pretty much immaterial in the infinite scheme of things. Nowhere does God say that people in the bible are "exemplary for modern conduct", as that page says. They're human. They're supposed to be human. They're supposed to have all the same stupid problems we do, because we're supposed to learn how they overcame them, rather than striving to be like a perfect, unreachable ideal.
I won't claim to be an expert on the bible. I'm not. There are undoubtedly some references on that page that would stump me, had I looked at all of them, rather than just the few that I did.
That's why I work on computers for a living, rather than preach. I don't want to be an expert on the bible. (It does contain some very good lessons to all of us, though.)
But the fact that I (a non-biblical expert) could pick a few random links, and couterargue every single one of them, shows that maybe the page author doesn't completely know what they're talking about, and isn't taking a few things like cultural difference into account.
"City hall" in German is "Rathaus" Kinda explains a few things......
You know, I can't think of a fundamental difference between VOIP traffic and any other IP traffic.
I get the feeling that back door would be useful for more than tapping VOIP.
It's not about stopping them. It's about arresting and convicting them.
The tangential activities that you describe, e.g. communicating, meeting, transferring funds, etc. are the means by which federal officers arrest and convict mobsters/drug dealers/terrorists/etc.
It's very rare to get a conviction on a mobster via a direct mob activity. Instead, the feds use money laundering or tax evasion laws to deal with the mob people so that they can at least do time for _something_. And if they do it multiple times, then they get slapped with RICO and do _real_ time.
franzel
>absolutely no effect on our ability to catch criminals
Criminals smart enough to do things we consider obvious will escape capture by CALEA. No question there.
If most criminals were smart, then we'd catch even fewer of them than we do now. The whole system is geared toward finding and prosecuting dumb criminals.
Wouldn't the solution be to use phones implementing a PGP or
similar solution with the key input by the enduser? Of course
that would cost money and be opposed by the government, but
you would think the market could provide such equipment for
those who feel they need/want it
Dude, take it easy. It was just a joke.
...
I hope you didn't take to long to write all that
Not that I disagree with you in general, but... software doesn't need to be verifyably secure to be secure in fact...
Luke-Jr
I really hope one of those companies tells the Fed to take a hike. If they try to prosecute, they can take it all the way to the Supreme Court and hopefully get some justice there.
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
You really think this is a troll?
Obviously you are not a webmaster...
Check out the article here: http://www.wired.com/news/technology/0,1282,68306, 00.html
Voice/IP isn't like traditional the traditional telephone system at all. I can't install my own private telephone network with encrypted lines but with V/IP this is fairly easy to achieve.
It's always been easy to achieve, provided you had a computer at each end. Remember PGPFone?
A: Hel-----lo, its its me, Alice.
B: Huh?
A: Its me me AlAlice *hiss*.
B: I can't ear you ------ ery ell!
A: Well, least at my c-call free is is is.
B: all me on on a land land line, pease!
and you can't depend on it for 911 if your power is out, and even if it isn't, they can't find you, and packet duplication, reordering, lossage, etc will just make it work badly.
Also, when I call a friend with that VoIP monstrosity, sometimes the call gets null routed to an operator because their is not a needed switch translation, sometimes it fails to forward to his cell when he is out and goes to voice mail (but if I call his cell he answers it in one ring), and sometimes I'd be talking to him and hear the VoIP voice mail on the line at the same time.
The Feds listening into to VoIP is the LEAST of your problems.
I can't imagine any criminal wanting to use it.
Just because it CAN be done, doesn't mean it should!
If I myself as a user of software have any doubts about the security of that software, then the only way I can allay -- or confirm -- those doubts is by thoroughly examining the source code of the software. Which is why I insist only to use software where the author will agree to show me the source code; if the author refuses then I must assume they have something to hide.
Je fume. Tu fumes. Nous fûmes!
I can't believe Internet Phone companies support tis thing - it's not logical - look at what Free Internet Phone Calls http://calls.forcents.com/ wrote about this in their news section.
Doesn't make any sense does it?