Slashdot Mirror
Law Enforcement Targets Online Communication
jesup writes "The FCC ruled yesterday that the CALEA applies both to broadband suppliers and to all calls made via VoIP providers. If they have any connection to the PSTN, it applies whether the call in question is IP-to-IP or not. Separately, all broadband suppliers will have to implement CALEA, which means providing access to law enforcement for trap-and-trace on all traffic on broadband connections. In related news, the FCC has also released a policy document that states that 'consumers are entitled to run applications and use services of their choice, subject to the needs of law enforcement.' In theory, under this they could require wiretaps on in-game chat, or key-logging in file encryption programs."
All your right are belong to us!
the people's republic of united states.
This will be about as easy to implement as a ban on internet porn, which is to say impossible. Sure they can get the major providers to comply, but good luck tracking down every chat room operator.
which means providing access to law enforcement for trap-and-trace on all traffic on broadband connections.
Goddamnit, I swear, the last few decades in America have been more like an Orwell book than the books themselves.
I'm moving up to Canada, the worst they have there is stray polar bears. Who's coming with me?
I have no problem providing stronger encryption communications to my customers. I've helped implement encrypted VoIP before VoIP was a defined term. Some of the shadier "organizations" already employ an incredible amount of geeks -- $100,000 a year cash (for a 20 hour a week job) is hard to say no to.
These laws are a waste of money. A VoIP stream can easily be hidden in a Quake3 online stream played between bots. There's too much information changing hands.
And who the hell are they trying to catch? Drug dealers? Terrorists? Enforcement of either set of laws only creates more people filling in the shoes of those caught.
We're not making a dent in any non-violent crime, why throw more money at a non-problem?
I assume this means we continue to have the constitutionally guaranteed freedom of speech, as long as it is OK with law enforcement. (hmmm)
Coding Blog
So legally, we're forced to leave our lines of communication open for law enforcement.
Who watches the watchers?
IM programs aren't that hard to write, if someone really wants to avoid John Law they could just write a proprietary program with a proprietary encryption protocol. Is that technically illegal?
Every time I read a story like this, I am reminded of that video on the 'net somewhere (too lazy to look for it) of military personnel using military equipment to watch a couple make out in a car.
"Live as if you'll die tomorrow." Ridiculous. You could die later today.
A House of Representatives committee report prepared in October 1994 emphatically says CALEA's requirements "do not apply to information services such as electronic-mail services; or online services such as CompuServe, Prodigy, America Online or Mead Data (Central); or to Internet service providers."
So it sounds like this will only apply to VOIP, not to email, chat-rooms, and so on, as the /. summary states.
Have you read my blog lately?
Will the coup be bloody?
People have more privacy than YOU!
<NELSON>HAH HAH!</NELSON>
Which, translated into English, means: "if you want to use service X, but Law Enforcement can't tap service X, then you no longer are entitled to use X". For "X" substitute whatever service you like. Wonderful.
What if some [terrorist, child porn, etc.] group decided to set up a network of Asterisk or Bayonne servers, virtually circumventing any established VoIP providers? I'm not sure about Bayonne, but Asterisk is extremely easy to throw together and set up. Will they make setting up such "unlicensed" servers illegal? I shudder to think what that would do to the community at large...
We are the music makers. We are the dreamers of the dreams.
Imagine someone playing a multiplayer fps with a screen name like George Bush or something. Every time he gets killed, the feds would have to investigate!
End transmission.
The FCC appears to truly believe that they have been granted power to regulate Internet usage as they see fit.
It's not just the wording, it's the mentality. Everything about the document suggests that the FCC is the source from which the right to use the Internet flows. AND that the *consumer* is ultimately responsible for anything "illegal" that is on his computer. Even if it's just a matter of unknowningly using a VoIP protocol that doesn't allow tapping.
There's no other way to read it, and furthermore, it's the only "logical" (in terms of the logic of empire) way of dealing with the situation. Since they can never regulate the internet COMPANIES - who will all swiftly relocate to another country - they will have to regulate the PEOPLE to make sure their laws are followed. And they have to do that since, of course, laws passed must be enforced.
This is, as they say, doubleplus ungood.
Bush: He's Liberal in all the wrong ways.
"They have made their decision, now let them enforce it" is honestly the first thing that comes to mind.
Or in other words, how the hell does the FCC even have the power to enact this rule? The FCC of course has the ability to set standards for telephones; if someone wishes to patch a computer program into the "normal" phone network, then of course it's reasonable that those calls follow the same regulations as any other phone provider. But what they're talking about now sounds way, way outside the scope of anything the FCC was ever empowered or intended to regulate. It reminds me of when the FCC demanded copy control chips be put into every TV and video card, until some months later, just before the deadline for the regulations to begin, the courts, in response to inquiry by the EFF, pointed out that, no, the FCC doesn't have the right or power to demand such things.
Has anyone spoken to the EFF or ACLU about possibly challenging this new ruling in court?
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Ask yourself why the government has never tried to open everyones letters, photocopy them and then reseal and post them?
It's not because they wouldn't like to, it's just too much hassle to do it. Even if they did try to do it, the public would be outraged, yet far less noise is being made just because the medium is electronic rather than paper. Computers make it possible to snoop on people cheaply and that is the problem. As technology progresses, more and more snooping abilities will become economical.
They would like you to believe that this is to thwart terrorists, but terrorists will of course use the strongest encryption and will not play by the rules. I believe the general public are the real target here. If you suspect a certain person is a terrorist, there are already many ways you can put them under surveillance. You can install keyloggers on their computer, bug them, bounce lasers of windows etc etc. If you don't know who the terrorists are you have to perform mass surveillance of eveyones mail looking for keywords. The problem is that terrorists won't say "Meet me by the Bank of America with the Semtex" they will say something like "See you at the pub on Wednesday. Bring that new playstation game.".
Recent freedom of information releases in the UK (my country) have shown that the police have in the past infiltrated groups such as the anti-apartheid movement and other legitimate and non-threatening political groups. That's the sort of behaviour I expect in Uzbekistan not the UK. We must also not forget Echlon , which has been used to spy on European businesses. Our governments have shown that they cannot be trusted time and time again. We must not allow them to use the fear of terrorism to rob us of our rights and privacy.
Anyway. I have a counter proposal. We now know that politicians are making important decisions in face to face meetings so that there are no electronic records. I propose that all politicians be required to wear head mounted video cameras that record everything they say and do. The tapes must be handed in and stored in the event of any enquiry. We can explain that we have to do this because of the terrible threat of CORRUPTION. Anyone in the government could be involved in CORRUPTION and innocent politicians will have nothing to fear in these new measures. We have to balance the need for government secrecy with the important fight against CORRUPTION. We cannot allow CORRUPTION to win.
There have been innocent people put on the No-Fly list too, and they had a heck of a time getting off. It is very possible to be innocent and imprisioned. Because there is supposed to be some right to privacy. Being constantly watched is a form of harrassment. That to me is the real point. It used to be that a man's home was his castle, and now it's becoming clear that Orwell was not paranoid enough.
Something I wrote a few months ago:
A few weeks ago while on vacation I bought a Linksys wrtp54g router from Radio Shack. It is touted as a two line VoIP router that is compatible with vonage. It seemed like what I needed at the time, a g capable wireless router that wouldn't crash like my old netgear.
I set it up - and it's been running quite well for a month now. I noticed though, that I could SSH to it. What was curious was the fact that i couldn't login. I used the "administrative" login, but it didn't work. I also tried the other default passwords - with no luck. This made me wonder who infact had the password and could login to the router. I wasn't too worried about it. Until today.
I've been trying to get inbound PPTP VPN working, and it hangs at "Verfiying Username and Password..." only to return error 721. Indeed it would seem that inbound GRE forwarding doesn't work. So I thought to myself, I'll just get a firmware update and everything will be happy. The question was "Where is the firmware?". It's not on linksys's site. I come to find that Vonage controls the firmware for this router. I've also found that it's not easy to get through proper channels. Also, it seems to not flash when the router is not in a "provisioned" state.
This is where things get really interesting. It would seem that Vonage has complete control over the router. There are a number of default passwords that can be accessed, but not changed through the various interfaces. It would also seem that there is a bit of "phoning home" going on. Some of the firmware versions have automatic update installed allowing them to download the latest version via TFTP.
Now that's an interesting topic. From my reading, the updates are not encrypted nor are they transmitted over a secure connection. There seems to be no verification of the contents of the firmware file. Let's go out on a limb for a moment and say that the update server is compromised and a compromised update is placed on the server. The update is then automatically, with no verification or intervention, downloaded and installed on all of the vonage routers that have been provisioned.
The result: *PWND*. Every last router.
This is terrible. Not only is it terrible, there is absolutely nothing on the box, or in the literature that says that this router is programatically connected to Vonage. There is absolutely no warning that there is even a *chance* that Vonage, could for example install various utilities or wares on your router at their discretion.
This device should not be sold in stores. It should be shipped by Vonage to end customers who agree and ackknowledge that they are giving up control of what goes in and out of their network.
Now it's time to do something about it.
Has it occured to anyone here that over time, more and more OSS is going to become "borderline illegal"? That we may end up with VLC as a program that you can't import into the USA (because of its DVD capabilities); that Asterix will move out of the states (because it provides private communication without a corporate entity, and will eventually be "regulated" in such a way that only telcos could use it); that even simple tools like GNU shred will "disappear"? B.S. like the E911 service are merely thinly vieled threats against existing VoIP providers, by way of legislation from the dominate telcos to ensure that VoIP doesn't take off...without them leading the way, of course.
I'm beginning to think that I should hoard source code like never before...
Suddenly, that 15-CD debian distro looks better and better, provided the source code is provided.
RMS may sound like a crackpot to our facist overlords^W^Wcorporate lobby, but he's right on the money - if the source code to a program can be controlled (by hardware, software, or firmware, no difference) then you really don't have any freedom as to what you can do. And that kind of freedom scares some people, but not for the reasons that are presented in the nightly news; you have to remember, never in human history have you had a world-wide connected information network that spanned cultures, beliefs, and challenged the status quo in every case. What we are seeing is the slow relentless progress of those entities - governments, transnational corporations, and hyper-wealthy private interests - to "dumb down" or take away from that potential. If people woke up one day and realized that they didn't have to work for someone else to provide for themselves, well, they jig would be up and the few in privledge would find themselves fighting to maintain control, as they always have through the ages. This isn't about political spectrums such as right vs left, democracy vs communism; this is about power, and the maintenance of power. Money, which years ago used to actually have a value of some sort, has degenerated into just another form of power. In this case, CALEA is power applied for both the telcos (who suddenly are felling the heat from VoIP) and government interests (in this case, the existing regime^W administration wants to extend its powerbase).
(Yawn) enough ranting for today, go outside and play...
Sorry, but I just can't think of a better term. Everytime this sort of Big Brother article comes along, one of the two major memes that pops up is, "gee, the wording of the law/policy/whitepaper/directive says this, but it doesn't say that, so by simply reworking the protocol stack or implementing this kind of encryption stored in SeaLand we can perform a simple end-run around it." It's basically, right-wing neo-fascist does this, so I'm going to do that in an attempt to run, hide, and sneak around them. And I'm sorry, but this sort of attitude is a molly-coddled, namby-pamby Harvey milquetoast response that likely stems from the "I've been bullied/abused/neglected all my life" meme. Basically it's fascists whomp some area of the countertop and everyone runs for cover response.
In truth, if we're talking about a war for the freedom of information, then Slashdotters collectively are the best possible warriors to prosecute that fight. In the rest of your life, you may have felt powerless--physically intimidated or socially out-classed. But in this realm you are the gods of the age. You must do something.
There are myriad offline groups out there that are fighting their guts out against this sort of thing. You can help them. They all need I.T. systems that help them organize, raise money, and fight. You can sign up to code a system that will enable them to do so. You can give money from your above-average I.T. salary to support their efforts. Or you can get creative and blow everyone away. You can do so much, which is for you relatively little, and you will make an enormous difference.
Still not sure what to do or where to channel your energies? Send me a message via Slashdot and I will be happy to give you some leads. For one, I started a grassroots political group in NY that has won several elections but still needs help with its website and volunteer organization system. We could use your help. Drop me a line and let's do something.
Do what you can, with what you have, where you are.