Slashdot Mirror
Law Enforcement Targets Online Communication
jesup writes "The FCC ruled yesterday that the CALEA applies both to broadband suppliers and to all calls made via VoIP providers. If they have any connection to the PSTN, it applies whether the call in question is IP-to-IP or not. Separately, all broadband suppliers will have to implement CALEA, which means providing access to law enforcement for trap-and-trace on all traffic on broadband connections. In related news, the FCC has also released a policy document that states that 'consumers are entitled to run applications and use services of their choice, subject to the needs of law enforcement.' In theory, under this they could require wiretaps on in-game chat, or key-logging in file encryption programs."
When will I see the first voip provider which sends a Java client applet to my phone (not a PC) with the call? It's not architecturally necessary, but I'd like that kind of encapsulated/authenticated voip client. End-to-end encryption of every call.
--
make install -not war
So legally, we're forced to leave our lines of communication open for law enforcement.
Who watches the watchers?
IM programs aren't that hard to write, if someone really wants to avoid John Law they could just write a proprietary program with a proprietary encryption protocol. Is that technically illegal?
Every time I read a story like this, I am reminded of that video on the 'net somewhere (too lazy to look for it) of military personnel using military equipment to watch a couple make out in a car.
"Live as if you'll die tomorrow." Ridiculous. You could die later today.
Use one-time pads for all your online communications. Of course, these are no good if you send them via an ordinary electronic medium. You need physical contact with the person who's getting the pads to ensure a secure exchange.
This wouldn't be too difficult to do--you could print normal-looking business cards with a short key printed on the back in UV-reactive ink. (That's invisible ink to those of you in Rio Linda.)
As for meeting the people you need to give pads to, need I remind you that this is Slashdot? I'll see most of you at the next big scifi/anime/gaming/tentacle porn convention.
"The newly born animals are then whisked off for a quick run through a giant baking oven." --heard on Food Network
We of the EU , The common Wealth and all other nations in the world would like to thank the USA . ,we will likely see a sharp rise in investment and customers (and already have in many cases ) .
.. um I mean Save the souls of their good people .
What with these new Spiffy morality and Communications laws
I would like to thank your politicians from the bottom of my heart for my recent pay rise .
Though i do feel sympathy for the thousands of unemployed they are attempting to create in their efforts to secure the votes
The only things certain in war are Propaganda and Death. You can never be sure which is which though
No.
Won't they need to get a court order to wire tap even with VoIP?
Yes and no. Mostly no, these days. They need a warrant, but they can get them after the fact, and from secret courts.
And how would that work in a chat room where lots of good citizens are talking?
If it's like interception of email, they're supposed to just ignore what anyone says unless they're talking to the person being tapped. I leave it up to your imagination just how tightly agents stick to that rule.
I agree. If you really want to hide your communications, just roll your own communications programs and/or roll your own encryption. Although you might not create the strongest encryption scheme for the "law enforcement" folks to spy on you they have to federally funded script kiddies. I'm sure they have scripts to crack main stream encryptions. If you were one of "them" wouldn't you just go after the low hanging fruit first?
It's kinda like the car alarm theory, your alarm doesn't have to prevent the vehicle from being stolen, it just has to make it sufficiently difficult so the thief doesn't want to bother.
At least for now.....
What if my "authorized, standard encryption algorithm" is poorly implemented?
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
In fairness, this has pretty much been the goal and intent of law enforcement pretty much forever. In fact, the idea that laws (and the enforcement thereof) are in any way for the benefit of the citizenry is a pretty recent concept, historically speaking.
"They have made their decision, now let them enforce it" is honestly the first thing that comes to mind.
Or in other words, how the hell does the FCC even have the power to enact this rule? The FCC of course has the ability to set standards for telephones; if someone wishes to patch a computer program into the "normal" phone network, then of course it's reasonable that those calls follow the same regulations as any other phone provider. But what they're talking about now sounds way, way outside the scope of anything the FCC was ever empowered or intended to regulate. It reminds me of when the FCC demanded copy control chips be put into every TV and video card, until some months later, just before the deadline for the regulations to begin, the courts, in response to inquiry by the EFF, pointed out that, no, the FCC doesn't have the right or power to demand such things.
Has anyone spoken to the EFF or ACLU about possibly challenging this new ruling in court?
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Assume a 20k/s VoiP stream. A CD could be used as a OTP for about 9 hours,.
Set up a secure generation site somewhere, make a dozen CD-RWs, run them to computers all over a city.
Each diskless computer boots off the CD using a custom Linux distro that takes up maybe 50 megs, and the rest is encrypted data. It boots up, sucks in the CD, and erases it. (And you then shred it.)
Yes, if the power fails, you're in trouble, but a lack of communications for five minutes is better than prison. You can always just do the 'talk using vague references on the phone' trick. Or the boss can carry an emergency wallet-sized CD. (You could have a UPS, but the best security would be to power off the computer for anything.)
You could either do a shared system, where all the CDs are the same, or you could just have each computer be able to talk to a central site, and that site reencode and send it out elsewhere. (The later is not only more secure, but let's you send out the disks less often, and on a more random schedule, as each individually run out. Might be overkill, though.)
For even more security, you could send more than two CD via multiple means, and XOR them together. Thus requiring feds to intercept two CDs and duplicate them without you noticing. Or three or four.
And the nice thing about a OTP is that it's fast.
I suspect that organized crime is perfectly happy with purchasing throw-away cell phones, however.
If corporations are people, aren't stockholders guilty of slavery?
What I want to know is this: what authority does the FCC have to dictate what apps I use on a privately owned network?
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
I know. I'm working on it.
Sorry, but I just can't think of a better term. Everytime this sort of Big Brother article comes along, one of the two major memes that pops up is, "gee, the wording of the law/policy/whitepaper/directive says this, but it doesn't say that, so by simply reworking the protocol stack or implementing this kind of encryption stored in SeaLand we can perform a simple end-run around it." It's basically, right-wing neo-fascist does this, so I'm going to do that in an attempt to run, hide, and sneak around them. And I'm sorry, but this sort of attitude is a molly-coddled, namby-pamby Harvey milquetoast response that likely stems from the "I've been bullied/abused/neglected all my life" meme. Basically it's fascists whomp some area of the countertop and everyone runs for cover response.
In truth, if we're talking about a war for the freedom of information, then Slashdotters collectively are the best possible warriors to prosecute that fight. In the rest of your life, you may have felt powerless--physically intimidated or socially out-classed. But in this realm you are the gods of the age. You must do something.
There are myriad offline groups out there that are fighting their guts out against this sort of thing. You can help them. They all need I.T. systems that help them organize, raise money, and fight. You can sign up to code a system that will enable them to do so. You can give money from your above-average I.T. salary to support their efforts. Or you can get creative and blow everyone away. You can do so much, which is for you relatively little, and you will make an enormous difference.
Still not sure what to do or where to channel your energies? Send me a message via Slashdot and I will be happy to give you some leads. For one, I started a grassroots political group in NY that has won several elections but still needs help with its website and volunteer organization system. We could use your help. Drop me a line and let's do something.
Do what you can, with what you have, where you are.
You should've played more Civilization.
:)
Sure, Democracy is a great government to head for during the middle game, but towards the end game, you pretty well have to go for some sort of facist or authoritarian government to keep corruption under control while you use your armies to sieze control of the world.
So who can fault our government for just trying to win?