Slashdot Mirror
Law Enforcement Targets Online Communication
jesup writes "The FCC ruled yesterday that the CALEA applies both to broadband suppliers and to all calls made via VoIP providers. If they have any connection to the PSTN, it applies whether the call in question is IP-to-IP or not. Separately, all broadband suppliers will have to implement CALEA, which means providing access to law enforcement for trap-and-trace on all traffic on broadband connections. In related news, the FCC has also released a policy document that states that 'consumers are entitled to run applications and use services of their choice, subject to the needs of law enforcement.' In theory, under this they could require wiretaps on in-game chat, or key-logging in file encryption programs."
A House of Representatives committee report prepared in October 1994 emphatically says CALEA's requirements "do not apply to information services such as electronic-mail services; or online services such as CompuServe, Prodigy, America Online or Mead Data (Central); or to Internet service providers."
So it sounds like this will only apply to VOIP, not to email, chat-rooms, and so on, as the /. summary states.
Have you read my blog lately?
This has nothing to do with freedom of speech. Perhaps you are thinking of a different part of the Bill of Rights? The forth amendment is probably more applicable.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
Not such a good idea eh? I myself was just thinking about moving down south a few hundred miles to Seattle ... cuz the King of Canada has authorized some of the same crap ... It appears that involuntary compliance was in the fine print of the North American Free Trade Agreement (NAFTA, eh?)
Something I wrote a few months ago:
A few weeks ago while on vacation I bought a Linksys wrtp54g router from Radio Shack. It is touted as a two line VoIP router that is compatible with vonage. It seemed like what I needed at the time, a g capable wireless router that wouldn't crash like my old netgear.
I set it up - and it's been running quite well for a month now. I noticed though, that I could SSH to it. What was curious was the fact that i couldn't login. I used the "administrative" login, but it didn't work. I also tried the other default passwords - with no luck. This made me wonder who infact had the password and could login to the router. I wasn't too worried about it. Until today.
I've been trying to get inbound PPTP VPN working, and it hangs at "Verfiying Username and Password..." only to return error 721. Indeed it would seem that inbound GRE forwarding doesn't work. So I thought to myself, I'll just get a firmware update and everything will be happy. The question was "Where is the firmware?". It's not on linksys's site. I come to find that Vonage controls the firmware for this router. I've also found that it's not easy to get through proper channels. Also, it seems to not flash when the router is not in a "provisioned" state.
This is where things get really interesting. It would seem that Vonage has complete control over the router. There are a number of default passwords that can be accessed, but not changed through the various interfaces. It would also seem that there is a bit of "phoning home" going on. Some of the firmware versions have automatic update installed allowing them to download the latest version via TFTP.
Now that's an interesting topic. From my reading, the updates are not encrypted nor are they transmitted over a secure connection. There seems to be no verification of the contents of the firmware file. Let's go out on a limb for a moment and say that the update server is compromised and a compromised update is placed on the server. The update is then automatically, with no verification or intervention, downloaded and installed on all of the vonage routers that have been provisioned.
The result: *PWND*. Every last router.
This is terrible. Not only is it terrible, there is absolutely nothing on the box, or in the literature that says that this router is programatically connected to Vonage. There is absolutely no warning that there is even a *chance* that Vonage, could for example install various utilities or wares on your router at their discretion.
This device should not be sold in stores. It should be shipped by Vonage to end customers who agree and ackknowledge that they are giving up control of what goes in and out of their network.
Now it's time to do something about it.
Original poster here.
You're correct that CALEA doesn't *authorize* wiretaps - but it does require that providers make calls easily tappable (when they might otherwise be slow, hard or impossible to tap).
And as it applies to VoIP providers, it requires they set things up to allow tapping calls that previously weren't covered (IP-to-IP calls), if the service offers _any_ sort of connection to the PSTN, even through a 3rd party.
TFA has all the footnotes justifying this expansion of powers... Basically if the data goes through a switch or router on a public network, they're covered.
Ah yes, Canada, land of the free, where thought crimes are severely punished.
If you mod me down, I shall become more powerful than you can possibly imagine.
It's kinda like what america used to be when you guys had rights, though we still have to put up with the easterners for a while before we separate.
I'm not anti-social, I'm anti-idiot.
I come from the recently naturalized class of people in america and for 2 years after 9/11 all messages from abroad came unsealed in a plastic bag. I guess after they realized birthday cards and christmas cards weren't evil they stopped.
If you think mass invasions of privacy aren't perpertrated by the government you are mistaken.
This won't be a problem. All it means is they have to go to my clients when they want a wiretap. The hook will be in all my code to do the wiretap, but you can't do it at the phone company because all you get is a stream of unintelligible bytes.