Groups Slam FCC on Internet Phone Tap Rule

kamikaze-Tech writes "An Associated Press report posted in the Vonage VoIP Forums discusses the new CALEA regulations that will make it easier for law enforcement to tap Internet phone calls. The article claims that the new law will also make computer systems more vulnerable to hackers, according to some digital privacy and civil liberties groups. While the groups don't want the Internet to be a safe haven for terrorists and criminals, they complain that expanding wiretapping laws to cover Internet calls -- or Voice over Internet Protocol (VoIP) -- will create additional points of attack and security holes that hackers can exploit. VoIP service providers such as Vonage, Skype and Packet 8 have eighteen months to comply with the new law."

Is Skype accountable to the FCC?

Given that Skype's corporate entity isn't located in the States, it would seem that the FCC doesn't have any control over it.

Re:Is Skype accountable to the FCC?

[KitesWorld]

The problem is that if they don't comply, the FCC can issue punitive measures on skype's operations within the U.S.

Re:Is Skype accountable to the FCC?

[dnoyeb]

if they connect to any US numbers, there quality will suck without us servers. Plus most of the numbers connected to will be landlines and you can bet the local phone company will jump with joy when asked to find a way to disconnect the VOIP provider.

Re:Is Skype accountable to the FCC?

[Xformer]

From the text of the proposal:

58. We also seek comment on our tentative conclusion that providers of non-managed, or
disintermediated, communications should not be subject to CALEA.166 Non-managed VoIP services, such as peer-to-peer communications and voice enabled Instant Messaging, as currently provided, do not appear to be subject to CALEA for two reasons. First, because they are confined to a limited universe of users solely within the Internet or a private IP-network, they may be more akin to private networks, which Congress expressly excluded from section 103's capability requirements. Therefore, they do not appear to replace a substantial portion of local exchange service; as such they do not appear to fall within the Substantial Replacement Provision. Second, they may be excluded information services under section 103(b)(2)(A) (as discussed above). We seek comment on this issue. Are there other characteristics or distinguishing features that may be used to determine whether a particular class of VoIP service providers is covered under CALEA? One example may be that VoIP service providers are covered under CALEA where their service interconnects to the PSTN.

The bolded portion reflects where Skype themselves say that they are not intended as a replacement for local phone service. Trying to use them for that is silly in most cases, anyway, because in the US you can normally talk to someone a few houses down the street without per-minute charges. Using Skype to connect to your local PSTN in that case would cost $0.02/minute.

If it's found that Skype may fall under the new rules, it's only where it connects to phone networks in the US for incoming and outgoing calls. Wiretap provisions could be done at that point if required, probably by the phone companies providing that connection.

Re:Is Skype accountable to the FCC?

[Phantasmo]

Umm...

From Skype's Terms of Service
8.1
Further, as stated in the Privacy Policy, Skype and/or its local partners may need to provide such data to designated competent authorities upon request, or may need to enter into further activities due to local regulations, for example with regard to the interception of communications, if requested by such authorities.
So, if you're using Skype for the privacy features, dump it and switch to SpeakFreely. Skype CAN wiretap you and never said that it wouldn't.

It's so much worse..

[Ckwop]

The article claims that the new law will also make computer systems more vulnerable to hackers, according to some digital privacy and civil liberties groups.

Oh it's a whole metric-fuckton worse than that. The problem the FCC, FBI (insert your favourite alphabet agency here) is that they make the assumption that the criminals that will be using VOIP will COMPLY with FCC.

Voice/IP isn't like traditional the traditional telephone system at all. I can't install my own private telephone network with encrypted lines but with V/IP this is fairly easy to achieve. What's worse, what criminal is really going to open up their private P2P telephone so the government can tap them?

So the measure has absolutely no effect on our ability to catch criminals. Instead we subject the communication of ordinary law abiding citizens to the possibility of them having their perfectly legitimate conversations compromised, be it by a l33t|st or corupt police officers alike.

Simon.

Re:It's so much worse..

[MattWhitworth]

Agreed. If you've got something big to plan, you don't use an unsecured public medium (criminals and terrrorists have learnt that it's possible to track down your position from a mobile phone call. A Chechen leader was assasinated in this way, and it's how the Madrid bombers were traced).

How does the FCC think it will be able to tap an 128-bit RSA-encrypted private protocol? It can't, and the overwhelming majority of phone taps will be of law-abiding citizens. But that's the way the world works. Just look at DRM

In short, terrorists/criminals/enemies of the state aren't stupid.

Re:It's so much worse..

[Motherfucking+Shit]

Oh it's a whole metric-fuckton worse than that. The problem the FCC, FBI (insert your favourite alphabet agency here) is that they make the assumption that the criminals that will be using VOIP will COMPLY with FCC.

And it gets worse yet. Essentially, all "anti-terrorism," "anti-drug," etc. laws are useless for the purpose for which they're supposedly enacted. Terrorists, drug dealers, and other criminals are, by their very nature, breaking the law. Making their tangential activities (like communicating, meeting, transferring funds...) illegal isn't going to stop them!

In short, attempts to legislate terrorism out of existance are doomed from the start and should be suspect. You can damned well bet that lawmakers are smart enough to know that these laws aren't going to do anything to stop the Bogeyman of the day. They're being passed as "feel good" measures at best, and as attempts to control the law-abiding population at worse.

Making it illegal to carry cigarette lighters onto airplanes doesn't stop a terrorist; a terrorist would find a way to bring an incendiary onboard anyway. Making it illegal to have an untappable VoIP connection doesn't stop a terrorist, either; a terrorist would just setup stunnel or pgpFone end-to-end and chat away.

Sigh. Someday, the United States Congress will be comprised of people who grew up understanding technology...

Re:It's so much worse..

[andreMA]

Someday, the United States Congress will be comprised of people who grew up understanding technology

Don't bet the farm on that.

Re:It's so much worse..

[Bloke+down+the+pub]

If you've got something big to plan, you plainly *do* use an unsecured public medium. You admit yourself that a Chechen leader was assassinated this way, and it's how the Madrid bombers were traced.

That's not a case of they *do*. It's a case of they *did*. The others, assuming they aren't stupid, have probably wised up by now.

Most criminals aren't IT experts. If they were all that clever, they would have regular well-paid jobs and wouldn't need to turn to a life of crime.

Did the directors of Enron need to turn to crime? What about Nick Leeson? And IIRC, OBL has a degree in engineering. How's the "criminal = poor and stupid" theory now?

Re:It's so much worse..

[Threni]

> The problem the FCC, FBI (insert your favourite alphabet agency here) is that
> they make the assumption that the criminals that will be using VOIP will COMPLY
> with FCC.

No, they're relying on the fact that if you have the ability to wiretap data conveyed by companies which provide internet access but not ordinary phone calls then you can keep tabs on criminals who are using VOIP using that company.

> So the measure has absolutely no effect on our ability to catch criminals.

Wrong - every last byte the criminals transmit will be grabbable by the FBI for analysis.

Furthermore, there is absolutely no chance whatsoever that this will be defeated in the long run. The police/FBI *will* legally be able to monitor all communication, it's really as simple as that, as there is no public will to allow people to communicate free from such observation.

Re:It's so much worse..

[dnoyeb]

But you kind of proved the other point with your examples don't you think?

We keep saying that real criminals wouldn't do this, but somehow they seem to keep doing it. So I suppose we can catch the stupid criminals, and the ones we want to frame.

Re:It's so much worse..

[kilodelta]

Not to mention that in large part, mainstream VoIP is nothing but a last mile technology. The call still lands on a public switch near you.

In my case I use Vonage. They make the IP connection to PaeTec's switch in my city and from there the call hits the PSTN. I used that very scenario to push the local PUC into forcing Verizon to port my number faster because it was in fact a regulated to regulate port.

I've confirmed all of my suspicions with both Vonage, PaeTec and Verizon folks that I know and sure enough I got it right.

Law enforcement has had the ability to silently tap lines since the advent of digital switching. I recall when a new #5 ESS was installed in a local community a friend gave us a private tour of the facility. You could sit at the console, bring up a phone number and listen in.
>
From that I can estimate that it is trivial for the ALGA (Acronym Loving Government Agencies) to listen in on your line. In most cases it takes nothing more in the case of VoIP than finding the wire you pulled from the NID and tapping onto that. The more elegant solution is to mirror your conversations to a line hooked into the local PD. Better yet, record it.

We're living in a police state but the police are by and large clueless.

Re:It's so much worse..

[OverkillTASF]

Interesting... Once again, we have a parallel to gun control here. I would assume from the conversation that all parent posts to this would also agree that just as this tangential law won't stop a criminal from communicating, nor will a given gun-ban stop a criminal from obtaining and using an illegal firearm. If you outlaw encrypted VOIP, only criminals will have encrypted VOIP. And the rest of us are screwed.

Re:It's so much worse..

[HD+Webdev]

Don't bet the farm on that.

Very true. It's not like most families that raise 'Political' children try to also teach them technology.

Those children are shown how to use human resources to use people and technology.

Being a politician mostly involves high skills in using other people to accomplish tasks and do the 'understanding' for the politician. That is pretty much the opposite of learning how to understand technology themselves.

Re:It's so much worse..

[badfish99]

The directors of Enron? They were management. There's no way they would have known how to use secure encryption.

Re:It's so much worse..

[DavidTC]

So we'll just Darwin out all the stupid terrorists and assassins.

Sounds like a plan to me. A fucking stupid one.

People are always going to have untappable means of communication. Untappable because they actually cannot be tapped (Strong encryption, people carrying messages by hand.) or just that no one can find out where they are. (Calls between two disposible cell phones, message drops.)

Tapping phones works fine for catching normal criminals. That's because if you know who a criminal is, you can just follow him around anyway until he commits a crime. While criminals are caught using phone taps, very few of them are discovered using phone taps, and in fact that makes no sense. At best, they merely 'spread' one known suspect onto five known guilty parties. Which is good, but doesn't work if we don'thave one suspect to start with.

And we don't know who are planning 'big plans', and we don't know what they're planning. Yes, sometimes we get very lucky and randomly intercept a big plan while doing a tap for some other reason, but that is not a 'success' of a phone tap, it is arguable a 'failure', because we were tapping converstations that weren't relevant to what we were looking for.

Why should the Feds get their own backdoor?

[mikeophile]

If they want to tap VoIP, they should have to hack it like everyone else.

Re:Why should the Feds get their own backdoor?

[Bimo_Dude]

I have nothing to hide, but what I do is NONE OF THEIR FUCKING BUSINESS.

Period.

Cyberstalkers...

[Travoltus]

Isn't that the same CALEA law that also forces router/NIC makers to install FBI backdoors (which can also be compromised by hackers)?

I see a big market soon for do-it-yourself NICs and PC routers...

Sounds fine to me

[domipheus]

I don't mind phone tapping at all - as long is there is cause for it's need. However as stated in another posting it is kinda stupid, as if people want to communicate over the net for dodgy dealings, they are certainly not going to use one of the mainstream (or indeed, any) VOIP provider.

If only the UK was able to procecute criminals based on phone tapping, currently it's not allowed (hears gasps of shock).

Legal consequences?

[soma_0806]

I can't help but wonder what will happen when someone uses one of these "mandated" security weak points to impair service from one of the larger providers, like Vonage. If the government was warned that it would be a likely outcome of their new law, are they liable for the damages?

Even worse, sniffable (tapable, whatever) by the government means sniffable by a lot of far more clever black-hats. Who is liable for the damages incurred by identity theft? Or are we just never supposed to order anything over the phone again?

I guess 18 months from now it's back to the cell phone only existance for me....

Or what?

[el_womble]

Dear Skype, We, the FCC, require you, a British company, to comply with American laws. If you don't we'll... say Ni! in your general direction. Your Friends The FCC Seriously, they're already giving away free phone calls, and free software from a foriegn country, using foreign servers. The best the FCC can hope for is that they put a line on their download page: Dear American, please don't download our software cause it will upset the FCC and the Feds. Failure to comply will mean that those in charge will think you are a terrorist. You don't want people to think your a terrosit do you? Vonage... well they're pretending to be a phone company, so they might have some luck.

Yes! We got those pesky terrorists at last!

[mrRay720]

I mean, they'll never find a way around this, right?

All I can say is thank god that the technology doesn't exist to communicate over voice outside of the phone and VoIP channels.

You know, if anyone ever figures out how to do direct PC-to-PC voice service, or if an IM service such as Yahoo ever include voice in their client, we'll all be doomed!

Wait a minute... they could be emailing each other right now! They could be talking to each other on IRC right now, or in a chat room, or through Yahoo messenger, or through MSN messenger, or through....

Yikes. I never realised how much danger we are all in. SOMEONE BLOW UP THE INTERNET NOW!!!!!!1!!!1oneone

calea is for telecom.but FCC just reclassified net

[plasmacutter]

The FCC just reclassified broadband as an "information service".

Calea is supposed to apply to telecom.

I sense some cognitive dissonance here, or maybe a simple hyppocritical abuse of power?

BTW.. calea is not a new law, and the rule itself is not a "law" it's a regulation. There are subtle differences.

Re:And what makes you think

[Spad]

Well yes, but to be fair to Microsoft they weren't intentional backdoors.

Rephrased for proper effect

"If you've got nothing to hide then you shouldn't have any objection to select government agencies/individuals listening to your conversations."

If you're making fun of that line, you've got to go a little further; the way you state it is exactly the way the serious supporters of surveillance state it.

E.g.:

If you've got nothing to hide then you shouldn't have any objection to select government agencies/individuals listening to what you whisper in your lover's ear. On the other hand, if you're a member of Al Queda, I could see why you might have a problem with this idea.

If you've got nothing to hide then you shouldn't have any objection to select government agencies/individuals placing cameras in your shower. On the other hand, if you're a member of Al Queda, I could see why you might have a problem with this idea.

If you've got nothing to hide then you shouldn't have any objection to select government agencies/individuals reading your thoughts. On the other hand, if you're a member of Al Queda, I could see why you might have a problem with this idea.

Re: Someone blow up the internet

[Tune]

Your point is so true. Of course providing a wiretap service through VoIP is a waste of money. Actually, it is more likely to provide malicious hackers with private info of the good guys, than it is going to help intelligence catch the bad guys. (For example, eavedropping random phone conversations is relatively easy access to credit card numbers.) Meanwhile, terrorists could use onion routing/tor networks to communicate virtually untraceble.

The only way to tap on *every* conversation is to kindly ask *everyone* to install the spyware on *every* computer and never turn it off. Did I say "ask kindly"? Make than "mandate".

Now what do we need for the population to accept that? Call it fear, uncertainty and doubt. Stories about pirates. Stories about violence. Stories about war and terrorism.

Hello Nineteen Eighty-Four.

--
Technological progress has merely provided us with more efficient means for going backwards -- Aldous Huxley

It's obvious what will happen

[ajs318]

Some hacker will graft PGP-style encryption onto SIP. You will simply send your public key in the headers -- it's called Session Initiation Protocol for a reason don'tcha know -- and the far end will encrypt against it. If anybody is listening in, they won't be able to decrypt it. Even better, you wait for sometime after the information has lost its value and publish the private key. Now nobody can even prove you really were the intended recipient.

All the tools required to do this are already available as open source, so it will be an interesting exercise for somebody.

And it will have the beneficial side-effect of killing off SKYPE. Another closed protocol bites the dust, good riddance.

Re: Someone blow up the internet

[mrRay720]

The sad thing is that I genuinely believe that a headline of "Pedohphiles use phones. We need to tap your phone to stop pedophiles." Would easily get 20% of people agreeing.

I guess that the general population just get what they deserve, and the rest of us have to suffer along with them.

Aren't There Commercial Products to Snoop This?

[Evil+W1zard]

Correct me if I'm wrong but aren't there simple commercial products like Niksun Netdetector that can simply reconstruct VOIP traffic from an Ethereal dump collected by simply by snooping the wire? Is this calling for new technology to collect the traffic or is this saying we want the magic black boxes at every provider to provide an instant tap anytime/anywhere...

Idiots

[pavera]

Sometimes I'm happy that the ACLU et al are looking out for me, sometimes they pick the wrong fight. This is exactly one of them. Oh, packet 8 and vonage have 18 months to allow wire tapping? Guess what guys, they already have it. Vonage uses Silantro, its had calea support for at least the last 3 years. Broadworks (the Broadsoft softswitch) has calea as well. The large softswitch vendors all already support it, I think Asterisk even might (although I'm not sure). These things aren't going to make the "Internet more vulnerable to hackers".

Has the ACLU setup CALEA on these systems? I highly doubt it, but I have. At least with broadsoft it is a trivial matter to keep the softswitch entirely firewalled off the internet that unless someone finds a buffer overflow in the sip protocol or rtp protocol that the system is using there is no opportunity for a hacker to get in.

Furthermore, the system supporting CALEA doesn't increase the risk.. IE if someone hacks the SIP protocol stack on a softswitch and takes control of it, well who cares if the box supports CALEA they just got access to all the phonecalls going through that box.

Do you really thing that up til now the FBI et al has had no power to wire tap a VoIP phone? That more than 5 million people in the US are totally able to break whatever law they want (wire fraud, telemarketing scams, plan bank robberies, etc) notice I didn't mention terrorism, just because they have Vonage? Right.

Re:Feed the troll

[cbiltcliffe]

I've followed about 4 or 5 links to see exactly what verse they're referring to with comments, and every one they've twisted to make it say what they want it to say, then said "See?! The Bible can't be right, because it says to !!"

Genesis 24:2-3,9 : Grope sexual organs of one swearing oaths
Read the text. Putting a hand under a thigh is hardly "groping sexual organs". Putting it on top of the thigh would be closer to what they describe it as. Besides, I think this was a cultural thing. Nowadays we shake hands on a deal, they would do this. It's probably rooted in something like holding the person there until the deal is done, and they've sworn their promise to you.

Genesis 25:1-6 : Keeping mistresses is not adultery.
Again, read the text. Nowhere does it say that keeping mistresses is not adultery. It says Abraham had them. It doesn't say whether this was a good or bad thing. It does show that Abraham was human, and subject to the same character flaws as we are.

Genesis 39:7-14 : Woman tries to rape man.
So? What's the point? Have you never seen a demanding woman who happens to want sex? She wanted to have sex with him, and he didn't want to. As geeks, I know this is hard for us to understand, but there are aggressive women out there, who pursue men in this way.

Genesis 47:29 : Joseph ordered to "feel-up" his father.
Jacob didn't want to be buried in Egypt, which was a foreign land. He wanted to be buried at home. So he made his son swear that his body would be taken and buried with his ancestors, using the customary "handshake" of the time. Nowhere does it say "Jacob order Joseph to stroke his dick and promise to take him out of Egypt."

Exodus 12:29 : God kills all first-born babies in Egypt
Egypt at the time was an extremely sinful nation in God's eyes. Children were being brought up in slavery, sex orgies were common, and people were beheaded, stoned or worse, just for saying "No" to the emperor. (Kinda makes Bush Jr. look good, doesn't it?) Assuming that the whole heaven/hell thing is accurate, children brought up in this culture would have no chance of a life in heaven after death. By taking them young, God brought them out of their corrupt environment, and at least some of them wouldn't have been sent to hell. He also probably caught the attention of the people of Egypt, as nothing else had worked so far.

According to Christians, (real ones, not Bush) God wants nothing more than for every human to repent of sin and take forgiveness and, by extension, life after death in heaven. What happens to you on earth is pretty much immaterial in the infinite scheme of things. Nowhere does God say that people in the bible are "exemplary for modern conduct", as that page says. They're human. They're supposed to be human. They're supposed to have all the same stupid problems we do, because we're supposed to learn how they overcame them, rather than striving to be like a perfect, unreachable ideal.

I won't claim to be an expert on the bible. I'm not. There are undoubtedly some references on that page that would stump me, had I looked at all of them, rather than just the few that I did.
That's why I work on computers for a living, rather than preach. I don't want to be an expert on the bible. (It does contain some very good lessons to all of us, though.)

But the fact that I (a non-biblical expert) could pick a few random links, and couterargue every single one of them, shows that maybe the page author doesn't completely know what they're talking about, and isn't taking a few things like cultural difference into account.