Slashdot Mirror
Law Enforcement Targets Online Communication
jesup writes "The FCC ruled yesterday that the CALEA applies both to broadband suppliers and to all calls made via VoIP providers. If they have any connection to the PSTN, it applies whether the call in question is IP-to-IP or not. Separately, all broadband suppliers will have to implement CALEA, which means providing access to law enforcement for trap-and-trace on all traffic on broadband connections. In related news, the FCC has also released a policy document that states that 'consumers are entitled to run applications and use services of their choice, subject to the needs of law enforcement.' In theory, under this they could require wiretaps on in-game chat, or key-logging in file encryption programs."
All your right are belong to us!
the people's republic of united states.
This will be about as easy to implement as a ban on internet porn, which is to say impossible. Sure they can get the major providers to comply, but good luck tracking down every chat room operator.
which means providing access to law enforcement for trap-and-trace on all traffic on broadband connections.
Goddamnit, I swear, the last few decades in America have been more like an Orwell book than the books themselves.
I'm moving up to Canada, the worst they have there is stray polar bears. Who's coming with me?
I have no problem providing stronger encryption communications to my customers. I've helped implement encrypted VoIP before VoIP was a defined term. Some of the shadier "organizations" already employ an incredible amount of geeks -- $100,000 a year cash (for a 20 hour a week job) is hard to say no to.
These laws are a waste of money. A VoIP stream can easily be hidden in a Quake3 online stream played between bots. There's too much information changing hands.
And who the hell are they trying to catch? Drug dealers? Terrorists? Enforcement of either set of laws only creates more people filling in the shoes of those caught.
We're not making a dent in any non-violent crime, why throw more money at a non-problem?
I assume this means we continue to have the constitutionally guaranteed freedom of speech, as long as it is OK with law enforcement. (hmmm)
Coding Blog
Now, not only am I afraid to look at porn on the internet, I can't even cyber in peace!
When will I see the first voip provider which sends a Java client applet to my phone (not a PC) with the call? It's not architecturally necessary, but I'd like that kind of encapsulated/authenticated voip client. End-to-end encryption of every call.
--
make install -not war
So legally, we're forced to leave our lines of communication open for law enforcement.
Who watches the watchers?
IM programs aren't that hard to write, if someone really wants to avoid John Law they could just write a proprietary program with a proprietary encryption protocol. Is that technically illegal?
Every time I read a story like this, I am reminded of that video on the 'net somewhere (too lazy to look for it) of military personnel using military equipment to watch a couple make out in a car.
"Live as if you'll die tomorrow." Ridiculous. You could die later today.
A House of Representatives committee report prepared in October 1994 emphatically says CALEA's requirements "do not apply to information services such as electronic-mail services; or online services such as CompuServe, Prodigy, America Online or Mead Data (Central); or to Internet service providers."
So it sounds like this will only apply to VOIP, not to email, chat-rooms, and so on, as the /. summary states.
Have you read my blog lately?
Will the coup be bloody?
People have more privacy than YOU!
<NELSON>HAH HAH!</NELSON>
The sad thing is that any criminal/terrorist organization is going to encrypt any communication they want to keep secret. There are plenty of alternatives for passing secret messages such as posting coded messages in plain sight on public forums (even /.!). This is going to have more impact on Joe Citizen's privacy than on criminal behaviour.
When all else fails, run.
Which, translated into English, means: "if you want to use service X, but Law Enforcement can't tap service X, then you no longer are entitled to use X". For "X" substitute whatever service you like. Wonderful.
Lrf fve! Jr jvyy pbzcyl jvgu lbhe "snzvyl svefg" naq "nagv-greebevfz" pung ebbz ebbyf rira gubhtu gurl ivbyngr bhe Svefg Nzraqzrag evtugf! Go fuck yourself you fascist pigs! Bu fbeel, zl svatref jrer ba gur jebat xrlf. Lrf, "HFN! HFN! HFN! Qbja jvgu greebevfgf naq cbeab!"
When the fuck are we going to stand up to the fascist fuckers and finally tell them to get fucked? Fbeel, gur xrlf ner fyvccrel.
I've abandoned my search for truth; now I'm just looking for some useful delusions.
What if some [terrorist, child porn, etc.] group decided to set up a network of Asterisk or Bayonne servers, virtually circumventing any established VoIP providers? I'm not sure about Bayonne, but Asterisk is extremely easy to throw together and set up. Will they make setting up such "unlicensed" servers illegal? I shudder to think what that would do to the community at large...
We are the music makers. We are the dreamers of the dreams.
Use one-time pads for all your online communications. Of course, these are no good if you send them via an ordinary electronic medium. You need physical contact with the person who's getting the pads to ensure a secure exchange.
This wouldn't be too difficult to do--you could print normal-looking business cards with a short key printed on the back in UV-reactive ink. (That's invisible ink to those of you in Rio Linda.)
As for meeting the people you need to give pads to, need I remind you that this is Slashdot? I'll see most of you at the next big scifi/anime/gaming/tentacle porn convention.
"The newly born animals are then whisked off for a quick run through a giant baking oven." --heard on Food Network
Imagine someone playing a multiplayer fps with a screen name like George Bush or something. Every time he gets killed, the feds would have to investigate!
End transmission.
We of the EU , The common Wealth and all other nations in the world would like to thank the USA . ,we will likely see a sharp rise in investment and customers (and already have in many cases ) .
.. um I mean Save the souls of their good people .
What with these new Spiffy morality and Communications laws
I would like to thank your politicians from the bottom of my heart for my recent pay rise .
Though i do feel sympathy for the thousands of unemployed they are attempting to create in their efforts to secure the votes
The only things certain in war are Propaganda and Death. You can never be sure which is which though
The FCC appears to truly believe that they have been granted power to regulate Internet usage as they see fit.
It's not just the wording, it's the mentality. Everything about the document suggests that the FCC is the source from which the right to use the Internet flows. AND that the *consumer* is ultimately responsible for anything "illegal" that is on his computer. Even if it's just a matter of unknowningly using a VoIP protocol that doesn't allow tapping.
There's no other way to read it, and furthermore, it's the only "logical" (in terms of the logic of empire) way of dealing with the situation. Since they can never regulate the internet COMPANIES - who will all swiftly relocate to another country - they will have to regulate the PEOPLE to make sure their laws are followed. And they have to do that since, of course, laws passed must be enforced.
This is, as they say, doubleplus ungood.
Bush: He's Liberal in all the wrong ways.
What if my "authorized, standard encryption algorithm" is poorly implemented?
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
"They have made their decision, now let them enforce it" is honestly the first thing that comes to mind.
Or in other words, how the hell does the FCC even have the power to enact this rule? The FCC of course has the ability to set standards for telephones; if someone wishes to patch a computer program into the "normal" phone network, then of course it's reasonable that those calls follow the same regulations as any other phone provider. But what they're talking about now sounds way, way outside the scope of anything the FCC was ever empowered or intended to regulate. It reminds me of when the FCC demanded copy control chips be put into every TV and video card, until some months later, just before the deadline for the regulations to begin, the courts, in response to inquiry by the EFF, pointed out that, no, the FCC doesn't have the right or power to demand such things.
Has anyone spoken to the EFF or ACLU about possibly challenging this new ruling in court?
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Ask yourself why the government has never tried to open everyones letters, photocopy them and then reseal and post them?
It's not because they wouldn't like to, it's just too much hassle to do it. Even if they did try to do it, the public would be outraged, yet far less noise is being made just because the medium is electronic rather than paper. Computers make it possible to snoop on people cheaply and that is the problem. As technology progresses, more and more snooping abilities will become economical.
They would like you to believe that this is to thwart terrorists, but terrorists will of course use the strongest encryption and will not play by the rules. I believe the general public are the real target here. If you suspect a certain person is a terrorist, there are already many ways you can put them under surveillance. You can install keyloggers on their computer, bug them, bounce lasers of windows etc etc. If you don't know who the terrorists are you have to perform mass surveillance of eveyones mail looking for keywords. The problem is that terrorists won't say "Meet me by the Bank of America with the Semtex" they will say something like "See you at the pub on Wednesday. Bring that new playstation game.".
Recent freedom of information releases in the UK (my country) have shown that the police have in the past infiltrated groups such as the anti-apartheid movement and other legitimate and non-threatening political groups. That's the sort of behaviour I expect in Uzbekistan not the UK. We must also not forget Echlon , which has been used to spy on European businesses. Our governments have shown that they cannot be trusted time and time again. We must not allow them to use the fear of terrorism to rob us of our rights and privacy.
Anyway. I have a counter proposal. We now know that politicians are making important decisions in face to face meetings so that there are no electronic records. I propose that all politicians be required to wear head mounted video cameras that record everything they say and do. The tapes must be handed in and stored in the event of any enquiry. We can explain that we have to do this because of the terrible threat of CORRUPTION. Anyone in the government could be involved in CORRUPTION and innocent politicians will have nothing to fear in these new measures. We have to balance the need for government secrecy with the important fight against CORRUPTION. We cannot allow CORRUPTION to win.
I dunno, I'm not doing anything illegal, why should I be scared?
Wait until a friend of yours is coerced in submitting your name as a suspected terrorist. Recall the McCarthy era and heed your warning. Apathy towards civil rights is terrible, and it's a problem you'll find when it affects you.
Again, recall the McCarthy era
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
There have been innocent people put on the No-Fly list too, and they had a heck of a time getting off. It is very possible to be innocent and imprisioned. Because there is supposed to be some right to privacy. Being constantly watched is a form of harrassment. That to me is the real point. It used to be that a man's home was his castle, and now it's becoming clear that Orwell was not paranoid enough.
....when you elect fascist republicans to office who don't believe in a right to privacy...or in any of your rights at all. We are all criminals in their minds. Mod me as flamebate...I dare you...but its true. And inciteful ;-)
I know. I'm working on it.
Something I wrote a few months ago:
A few weeks ago while on vacation I bought a Linksys wrtp54g router from Radio Shack. It is touted as a two line VoIP router that is compatible with vonage. It seemed like what I needed at the time, a g capable wireless router that wouldn't crash like my old netgear.
I set it up - and it's been running quite well for a month now. I noticed though, that I could SSH to it. What was curious was the fact that i couldn't login. I used the "administrative" login, but it didn't work. I also tried the other default passwords - with no luck. This made me wonder who infact had the password and could login to the router. I wasn't too worried about it. Until today.
I've been trying to get inbound PPTP VPN working, and it hangs at "Verfiying Username and Password..." only to return error 721. Indeed it would seem that inbound GRE forwarding doesn't work. So I thought to myself, I'll just get a firmware update and everything will be happy. The question was "Where is the firmware?". It's not on linksys's site. I come to find that Vonage controls the firmware for this router. I've also found that it's not easy to get through proper channels. Also, it seems to not flash when the router is not in a "provisioned" state.
This is where things get really interesting. It would seem that Vonage has complete control over the router. There are a number of default passwords that can be accessed, but not changed through the various interfaces. It would also seem that there is a bit of "phoning home" going on. Some of the firmware versions have automatic update installed allowing them to download the latest version via TFTP.
Now that's an interesting topic. From my reading, the updates are not encrypted nor are they transmitted over a secure connection. There seems to be no verification of the contents of the firmware file. Let's go out on a limb for a moment and say that the update server is compromised and a compromised update is placed on the server. The update is then automatically, with no verification or intervention, downloaded and installed on all of the vonage routers that have been provisioned.
The result: *PWND*. Every last router.
This is terrible. Not only is it terrible, there is absolutely nothing on the box, or in the literature that says that this router is programatically connected to Vonage. There is absolutely no warning that there is even a *chance* that Vonage, could for example install various utilities or wares on your router at their discretion.
This device should not be sold in stores. It should be shipped by Vonage to end customers who agree and ackknowledge that they are giving up control of what goes in and out of their network.
Now it's time to do something about it.
Has it occured to anyone here that over time, more and more OSS is going to become "borderline illegal"? That we may end up with VLC as a program that you can't import into the USA (because of its DVD capabilities); that Asterix will move out of the states (because it provides private communication without a corporate entity, and will eventually be "regulated" in such a way that only telcos could use it); that even simple tools like GNU shred will "disappear"? B.S. like the E911 service are merely thinly vieled threats against existing VoIP providers, by way of legislation from the dominate telcos to ensure that VoIP doesn't take off...without them leading the way, of course.
I'm beginning to think that I should hoard source code like never before...
Suddenly, that 15-CD debian distro looks better and better, provided the source code is provided.
RMS may sound like a crackpot to our facist overlords^W^Wcorporate lobby, but he's right on the money - if the source code to a program can be controlled (by hardware, software, or firmware, no difference) then you really don't have any freedom as to what you can do. And that kind of freedom scares some people, but not for the reasons that are presented in the nightly news; you have to remember, never in human history have you had a world-wide connected information network that spanned cultures, beliefs, and challenged the status quo in every case. What we are seeing is the slow relentless progress of those entities - governments, transnational corporations, and hyper-wealthy private interests - to "dumb down" or take away from that potential. If people woke up one day and realized that they didn't have to work for someone else to provide for themselves, well, they jig would be up and the few in privledge would find themselves fighting to maintain control, as they always have through the ages. This isn't about political spectrums such as right vs left, democracy vs communism; this is about power, and the maintenance of power. Money, which years ago used to actually have a value of some sort, has degenerated into just another form of power. In this case, CALEA is power applied for both the telcos (who suddenly are felling the heat from VoIP) and government interests (in this case, the existing regime^W administration wants to extend its powerbase).
(Yawn) enough ranting for today, go outside and play...
Sorry, but I just can't think of a better term. Everytime this sort of Big Brother article comes along, one of the two major memes that pops up is, "gee, the wording of the law/policy/whitepaper/directive says this, but it doesn't say that, so by simply reworking the protocol stack or implementing this kind of encryption stored in SeaLand we can perform a simple end-run around it." It's basically, right-wing neo-fascist does this, so I'm going to do that in an attempt to run, hide, and sneak around them. And I'm sorry, but this sort of attitude is a molly-coddled, namby-pamby Harvey milquetoast response that likely stems from the "I've been bullied/abused/neglected all my life" meme. Basically it's fascists whomp some area of the countertop and everyone runs for cover response.
In truth, if we're talking about a war for the freedom of information, then Slashdotters collectively are the best possible warriors to prosecute that fight. In the rest of your life, you may have felt powerless--physically intimidated or socially out-classed. But in this realm you are the gods of the age. You must do something.
There are myriad offline groups out there that are fighting their guts out against this sort of thing. You can help them. They all need I.T. systems that help them organize, raise money, and fight. You can sign up to code a system that will enable them to do so. You can give money from your above-average I.T. salary to support their efforts. Or you can get creative and blow everyone away. You can do so much, which is for you relatively little, and you will make an enormous difference.
Still not sure what to do or where to channel your energies? Send me a message via Slashdot and I will be happy to give you some leads. For one, I started a grassroots political group in NY that has won several elections but still needs help with its website and volunteer organization system. We could use your help. Drop me a line and let's do something.
Do what you can, with what you have, where you are.
the law will never be above mathematics. they can have my private key when they pry it from my cold dead hand.
problem is that the government has the legal authority and power to do just that. Government has a legal monopoly on violence and the non defensive use of force which they are supposed to use with a lot more discretion than this ruling shows. This is no different than if the FCC said they had a right to post an agent in my home who would look over my shoulder as I typed 'just in case' I am suspected of a crime in the future. It is a trespass by the government before reasonable suspicion that a crime will be or has been commited.
What happened to the good old days when a wire tap actually meant just that, permission to actually tap into the wire at someone's residence when there was reasonable suspicion of a crime, and the recordings didn't have to be served up on a silver platter to the FBI or whatever other alphabet soup agency wants to increase their funding with a headline this month.
Wire tap was never meant to mean that we be compelled to act against ourselves even prior to the suspicion that a crime has ever even been commited let alone that we have commited it. The effect of this and the slippery slope that we have been on for many decades is that wiretaps are in effect in place on everyone before any suspicion, before any consideration of facts, you are wire tapped because you are human and likely to commit a crime at some point in your life. And in this age of ever growing burden of law and regulation it is becoming ever more likely that the assumption of guilt will take the place of presumption of innocence because of practical considerations.
Innocent as long as we obey, otherwise guilty. Thankfully, there is still room enough left to keep your head down and stay out of trouble for the most part, but God help those of us that want the world to be a better place. We are liable to find a world of hurt for our troubles. But I suppose that every generation has had its enemies in the state, look at the racial civil rights movement, look at the progressives, look back further and you'll see a whole lot of people in power that abuse their authority for no other reason than to hold on to it as long as they can.
In the end there will always be more of us than them as long as you choose to belong to the human race rather than some small minded group that focuses on our differences rather than what we have in common. And even with technology a minority can't hold power over a majority forever.
I just hope in my lifetime I don't see any more Americans convinced that they need to give up their Rights and dignity for some false promise of security.
This won't be a problem. All it means is they have to go to my clients when they want a wiretap. The hook will be in all my code to do the wiretap, but you can't do it at the phone company because all you get is a stream of unintelligible bytes.