FCC Affirms VoIP Must Allow Snooping

MarsGov writes "The FCC released an order yesterday that requires all broadband providers and all "interconnected" VoIP providers to implement CALEA — in other words, law enforcement can snoop on your online conversations, both voice and text. While this is no surprise, it makes encryption for VoIP even more urgent."

VOIP

[rodgster]

Oh come on. Like most of it isn't wide open to begin with (Vonage) or run by known lapdogs to the Govmint (Skype). The only way it could be more readily (and easily) monitored (and data mined) would be if it was run by the NSA's favorite lapdog ..... drum roll please ...... AT&T.

Re:VOIP

[grimwell]

Haha yes, failed foreign policy is to blame for terrorists

So you believe a country's actions on the world stage are without consequences?

Not trolling, just curious to what you think are root cause(s) of terrorism... religion?

Re:VOIP

[rodgster]

You sir are an idiot.

Re:VOIP

[heinousjay]

I didn't say a country's actions don't have consequences. That's inferring words that don't exist.

I believe in personal responsibility. I blame people who commit wrong acts for those acts. I don't care what the so-called mitigating circumstances are. It doesn't absolve any responsibility.

I have no interest in fixing blame, because that doesn't fix problems. Feel free to continue somehow believing that people that commit horrific acts are justified because someone else committed a horrific act. That'll lead us all into hell, because that means that retaliation is just as justified.

Obviously the majority Slashdot community agrees with the idea that retaliation is fine. I suspect they only feel this way as long as it's against something successful. Bizarre attitude to me, but I try to hold everyone to the same standard.

I have a feeling this will be interpreted to mean a million things I don't mean at all, but that's the nature of this particular stupidity - people will do anything to rationalize such an irrational belief.

Re:VOIP

[grimwell]

I didn't say a country's actions don't have consequences. That's inferring words that don't exist.

Your statement "Haha yes, failed foreign policy is to blame for terrorists" implied you didn't believe failed foreign policy was a root cause of terrorism.

I wasn't looking to fix blame, I am interested in what you think is/are root cause(s) of terrorism. Your statement implied it isn't foreign policy. Is it your belief that terrorism "just exists" there is no underlaying cause or reason? Or is it just one act of retaliation after another? Wouldn't that mean a country's policy of continued retaliation isn't working, perhaps even flawed?

Feel free to continue somehow believing that people that commit horrific acts are justified because someone else committed a horrific act. That'll lead us all into hell, because that means that retaliation is just as justified.

I believe Ghandi said it best: An eye for an eye, leads to a blind world.

I never said or implied that horrific acts were justified. What are your feelings on the atomic bombings of Hiroshima and Nagasaki?

I have a feeling this will be interpreted to mean a million things I don't mean at all
Yes, that is a weakness of language... it isn't always the precise instrument that it needs to be. Its still an analog world.

Re:VOIP

[jahudabudy]

I have no interest in fixing blame, because that doesn't fix problems. Feel free to continue somehow believing that people that commit horrific acts are justified because someone else committed a horrific act.

I don't think the statement "Failed foreign policy is the root of terrorism." in any way implies that horrific terroristic acts are somehow justified by this. I agree 100% with your philosophy of personal accountability.
However, given the obvious fact that there are people out there willing to commit acts you and I (and lots of others) find reprehensible, discovering what motivates these people is much more than an attempt to fix blame. Generally, discovering the root cause of a problem is the best way to fix it. Maybe failed foreign policy is NOT the root cause; but we are better off exploring this as a possible cause than ignoring it as a possibility because some people think it gives the terrorist an acceptable excuse.

Re:VOIP

[Kelsen]

I never said or implied that horrific acts were justified. What are your feelings on the atomic bombings of Hiroshima and Nagasaki?

Probably the bravest, most difficult, smartest things that has ever been done. Saved something on the order of a million Japanese lives, half a million American lives; I know, I know, those numbers are low, but I'm trying to be gentle.

What does those bombings have to do with the (off-topic) subject at hand? Is this simply a non-sequiter, or did you have something in mind?

RFT!!!
Dave Kelsen
--
I've reached that age in life when I surreptitiously ogle my co-worker -- a smokin'-hot blonde Russian chick with legs that go on for days -- and all I can think is, "Man, I wish I could get her to say, 'Boris! Is Moose and Squirrel!'" -- Allen Lindsey

Re:VOIP

[grimwell]

What does those bombings have to do with the (off-topic) subject at hand? Is this simply a non-sequiter, or did you have something in mind?

Nothing really.

Heinousjay said Feel free to continue somehow believing that people that commit horrific acts are justified because someone else committed a horrific act.

And the atomic bombings of WWII came to mind. It was a horrific act but it was an act most Americans believe was justified. (note: I am *not* implying or saying it was or was not justified) Believing Heinousjay to be an American, I was curious to his view on it. I guess I was attempting to check the consistency of his beliefs.

No surprise at all

[slusich]

No surprise here at all.
The goverment isn't even willing to get proper warrants to tap regular phone and internet service. VOIP won't be any different.
Look for encryption to be made illeagal for all phone and IP services in the very near future.
This is just another step in the war on the constitution.

Re:No surprise at all

[ZSpade]

Yet they've been doing this for years. Nothing has really changed. Could you encrypt your old land line telephone? Can you encrypt your cellphone calls? For the most part no. The government has been doing this for years, why should things change now.

Just don't say they're getting worse without really looking at our past. Nothing has gotten worse, only the means to which our "rights" are negated as changed.

Re:No surprise at all

This is just another step in the war on the constitution.

You'd think this would be an easy war; the thing is only paper, you'd think a match or a lighter would suffice. Hell, the thing's so old a stiff breeze would probably finish this.

Re:No surprise at all

[CastrTroy]

Meanwhile, all the criminals who really know what they're doing will send messages PGP encrypted, or use even more sophisticated methods of encrypting their files, and hiding who the messages are travelling between. Wow, so they can tap Joe sixpack's phone. It's bad that they are mandating this. It's doubly bad that it won't stop any really dangerous criminals.

Re:No surprise at all

[iminplaya]

...only the means to which our "rights" are negated as changed.

Not really. It's just happening at a faster pace now.

Re:No surprise at all

[sconeu]

Yeah, but I still think that a 1st, 2nd, 4th, and 5th Amendment argument could be made against banning encryption.

Re:No surprise at all

[TubeSteak]

Could you encrypt your old land line telephone? Can you encrypt your cellphone calls? For the most part no.

I don't know how you got moderated up.

There have been landline/cell/satellite phone encryption products available for years.

http://www.security-isg.com/index_profi6-24eng.htm

The only road-block is that the other person you're talking to has to have the same setup. For 99% of people, it isn't worth the cost. For businesses & gov't agencies, it certainly is.

A quick google search will turn up many more examples, from all over the world.

Re:No surprise at all

[Nazo-San]

Amendment I

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.

Very iffy here. I can be said that they are indeed prohibiting free speech because they have basically made it so that there is no such thing as privacy. Anything you say today can and will be held against you any time before the statute of limitations runs out because anything you say is public domain and not private. Honestly, I don't even use phones much, and certainly not for any kind of illegal activities, but, just the thought that someone could easily just set up a little receiver and listen in on my conversations makes me very unconfortable. I don't mind as much the thought that the government could do it since at least they won't do things like steal personal information for identity theft, but, it does make me a little uncomfortable knowing that they have declared the right to listen to anything I say any time they darned well feel like it on any such service.

Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Fourth is hard to argue for, but, it is very clear that by REQUIRING such a thing they are making it extremely clear that they intend to violate the fourth amendment. The only reason to require that encryption not be used is if you plan to look at the actual data yourself. Otherwise they wouldn't care whether there is encryption or not.

Here's a question. What is the OFFICIAL domain of the FCC? It sounds to me rather as if they have stepped outside of their legal domain and overstepping their actual rights of power by mandating that encryption not be used for VoIP. Does anyone know their official powers?

Re:No surprise at all

[BalanceOfJudgement]

"About the FCC

The Federal Communications Commission (FCC) is an independent United States government agency, directly responsible to Congress. The FCC was established by the Communications Act of 1934 and is charged with regulating interstate and international communications by radio, television, wire, satellite and cable. The FCC's jurisdiction covers the 50 states, the District of Columbia, and U.S. possessions."

I'm pretty sure the "wire, satellite, and cable" part didn't used to be there. How they expanded their powers themselves, I don't know. Although, it would only require an order from the President to do so, not something voted on by Congress (being that Commissions are considered authorized by the President as an extension of his job as Executive of the Congress' orders)"

Re:No surprise at all

[Nazo-San]

First of all, it seems I misread the article somehow. I thought for some reason it said that the FCC made encryption of VoIP illegal. Sorry about that. Needless to say, I was upset and reacted hastily. I like the idea of VoIP and planned to go that route in the future, but, first it needs encryption. Analog may not be great, but, it's a lot harder to illegally tap an analog phoneline than it is to snoop some packets.

Anyway, that article doesn't really help me very much. I understand that the FCC was appointed to regulate communications (that's the thing, it applies to all communications, which is why everything from phones to tv to satellites get thrown in the equation.) But, they must have reasonable limitations on that regulation. Otherwise, what stops them from basically taking over the US communication entirely?

Re:No surprise at all

Here's a question. What is the OFFICIAL domain of the FCC? It sounds to me rather as if they have stepped outside of their legal domain and overstepping their actual rights of power by mandating that encryption not be used for VoIP. Does anyone know their official powers?

The CALEA law itself gives the FCC the authority for this. The full text is referenced at the Wikipedia link. Try reading it if you have more questions about it.

Re:No surprise at all

[BalanceOfJudgement]

"Otherwise, what stops them from basically taking over the US communication entirely?"

What stops them, indeed. In their opinion, nothing. In the President's opinion, nothing.

So, unless the American people themselves stand up and say "Screw you, bitches", well, your answer is...

Nothing.

Re:No surprise at all

[Nazo-San]

I had actually already read the article. It doesn't actually discuss the FCC's specific powers. This isn't a coincidence, the article is about the CALEA, not the FCC.

I must say though, this is just another of the multitudes of things that scare me about my home country. I am thinking more and more often lately that this country is turning into such a big-brother is always watching you to make sure you always stick to the letter of the book in everything you do that I just don't know if I really want to spend my whole life here. The purpose of such laws was supposed to be to protect our rights, but, between things like DMCA and CALEA they just keep taking away more and more rights one by one. Taken seperately, each of these little laws don't do much, but, all together they are starting to limit what we can do to the point that a future in which the government controls your every move is starting to look frighteningly closer to possible than it should.

Re:No surprise at all

[ZSpade]

ZSpade: "Could you encrypt your old land line telephone? Can you encrypt your cellphone calls? For the most part no."

TubeSteak: "For 99% of people, it isn't worth the cost."

I know this, but as you pointed out yourself it isn't worth it for most people. What VoIP had the potential to do was to make it easy for people to encrypt. Now with these new laws it will probably be about as difficult and costly as it was before with other aforementioned technologies.

Re:No surprise at all

"Meanwhile, all the criminals who really know what they're doing..."

[emphasis mine]

Strange how often this phrase comes up. I realize the poster did not mean it this way, but this is exactly what the government wants people to think and will most likely be the next stage of attack. Criminals use crypto, and all do.

"...will send messages PGP encrypted, or use even more sophisticated methods of encrypting their files, and hiding who the messages are travelling between."

Strangely, PGP is really simply good for convenience and simplicity (one passphrase), remote communication where you've never met the person (nothing person to person in meatspace) such that only a non-secure communication channel (verify the person, make sure hash agrees--hell, probably easier to plan a man in a middle attack here soon given real-time communication processing and human voice prompting advances) or a trusted other person (key sign off) enables the crypto.

iow, frankly, if you want security, you'd be using totally unbreakable one-time pads and securing the pad with some decent standard password crypto (DES3 at minimum). Any business or friend communication that I want secure, I've actually met the person at least once. With DVDs, the next gen recordable DVD, LTO2 or LTO3 drives, and the like, even a large hard drive, that's a hell of a lot of data before you need to generate a new pad.

Re:No surprise at all

[Bluejay42]

CALEA is not meant to subvert wiretapping laws. It is meant to apply the existing wiretapping processes to the online world. If a warrant is attaigned to wiretap a PSTN line, the process is pretty straightforward: the authorities contact the local phone company and get the tap setup. What do the authorities do if that person uses a VoIP service instead of a PSTN line? They are asking for the same access to wiretap as they have with PSTN.

Note that I am not arguing the merits of wiretaps, or the illegality of domestic, non-judge-approved wiretaps: just the original motives behind CALEA.

Re:No surprise at all

[arminw]

.... Analog may not be great, but, it's a lot harder to illegally tap an analog phoneline than it is to snoop some packets.....

The only part of the POTS system still analog is the small part from your phone to the CO or the neighborhood multiplexer box. After that it is all digital and your conversation can be sent to any other phone in the world, in addition to the one you are talking to. The days when a technician comes out, climbs a pole and connects a pair of alligator clips to your phone line are long gone. If law enforcement gets a warrant the phone company sends your signal to the phone of the designated agent where it is recorded. Unless encrypted, your digital VOIP signal is subject to the same scrutiny as the analog ones. Only the technology is newer. In practice, it does not appear more likely that most honest people will encrypt their digital phone calls any more than they now encrypt their analog calls. Those who DO have deep dark secrets will always be able to keep the snoops from finding them out easily.

Re:No surprise at all

[bvdbos]

It's been possible to encrypt your mobile calls for quite some years now with cryptophone, a product from Ron Gongrijp.

Re:No surprise at all

[moogle001]

Do you really believe the government doesn't have ways of cracking common encryption techniques if it wants to? Regardless, as has already been pointed out, this is nothing different than regular phones being tapped. If you want to moan about attacks on the constitution, point your fingers at Bush's *illegal* wiretapping and not the FCC.

Re:No surprise at all

[dodobh]

Meanwhile, all the criminals who really know what they're doing will send messages PGP encrypted, or use even more sophisticated methods of encrypting their files, and hiding who the messages are travelling between.

Actually, they will just lobby for their crime to become legalised. Witness Haliburton, RIAA, MPAA, Bush...

Crime is now legal. As long as you can pay off the crooks in power.

Re:No surprise at all

[Jafar00]

Yet they've been doing this for years. Nothing has really changed.

You are right and wrong. They have been doing it for years, but before the Patriot Act they had to have due cause and a warrant from a judge and they had to give him a very good reason.
Now, all that is gone and they don't have to have a good reason to do it. They just have to say its part of an investigation and they get rubber stamped approval on the spot. Or in some cases not even that.

Re:No surprise at all

[Nikker]

True, you could set up a phoney Mic driver that encrypts the actual audio and sends it out as wav format(or whatever) client would strip the headders and unencrypt using key that could be send via IM or other client - server negotiation. This way everything that is overheard is really just noise. Possibly even come up with an encryption followed by an algorythim that would make it sound like regular audible sounds (speach, music, telemarketing). Again the ease-dropping still occurs but either noise occurs with encryption or possibly SPAM like conversation is sent where data is manipulated to seem like pre-set conversations if possible. Higly compressable matrix's would be a good solution. To break it down VOIP is just sending 1's and 0's like evreything else as long as there is a constant agreement between both sides it will work. I guess we just have to do it...

Re:No surprise at all

I've seen one of the originals in the National Archives. It's now badly faded (it was thrown into the bottom of a drawer for the first decades) and sealed up in a hazy inert atmosphere, like the last remnant of a forgotten alien civilization. Sad but fitting.

Re:No surprise at all

[noidentity]

Once privacy is outlawed, only criminals will have any.

Re:No surprise at all

[solus1232]

I think you are giving criminals too much credit.

Joe sixpack might not be smart enough to commnicate over a secure channel, or simply not communicate over a possibly compromised channel at all (prepaid cell phones anyone?), but why do you think the average criminal would be?

You make it sound like a disproportionate number of law abiding citizens will be affected by this order because real criminals will be smart enough to use encryption. The majority of criminal actions are motivated by a combination of desperation and lack of common sense and thus the average criminal will be less likely to use an anonymous form of communication than the average citizen.

Re:No surprise at all

[Tatsh]

Absolutely what I was thinking. I'm thinking that soon the only people allowed to encrypt or crack (disassemblers to be made illegal soon also) ANYTHING will be the government.

For now, I use Skype to talk to some people. And I speak in different languages on it than English sometimes. I should now change that to all the time.

I completely agree with the government being unwilling to get warrants to tap lines nowadays. The government would simply ask you why you don't want to be monitored. I think that's ridiculous. Look for the government saying something like "What are you doing if you disagree with being monitored without warrant?"

I know there are some people here who will agree with that statement, stating that the government seems to be unable to issue 1000 warrants at once and by the time they do, the "criminal" gets away.

Re:No surprise at all

The amount of power held by the US government today (especially the federal government) absolutely dwarfs the amount of power US citizens were subject to only 100 years ago. Every year there are thousands more laws on the books than the year before, and every year government secures more power and revenue than the year before. Government power has been expanding at light speed more or less since Lincoln was president, some would say even before that.

I'd say absolutely, things are unquestionably worse today. And undoubtedly, the level of oppression will be higher 20 years from today, and higher yet in 40 years. Look at the big picture, not the details -- the level of oppression is increasing, not holding steady (and definitely not receding).

If you really want to make it simple, look at the history of government spending. The more government spends, the more powerful its special "right" to employ coercion must be, and therefore, the higher the level of oppression. It's not rocket science, it's common sense.

Re:No surprise at all

[TheLetterPsy]

It's doubly bad

You misspelled doubleplusungood.

Re:No surprise at all

[Professor_UNIX]

Meanwhile, all the criminals who really know what they're doing will send messages PGP encrypted, or use even more sophisticated methods of encrypting their files, and hiding who the messages are travelling between.

Your average criminal, even high level mafia bosses, aren't that bright when it comes to encryption. I think you're giving them too much credit.

Re:No surprise at all

[moro_666]

In Soviet Russia, the criminals don't use messages, they have the AK47 Bulletin Board

Heck, half of them wouldn't know how to turn on a computer, but they sure do know where the trigger is.

Re:No surprise at all

[1u3hr]

To break it down VOIP is just sending 1's and 0's like evreything else as long as there is a constant agreement between both sides it will work. I guess we just have to do it

Follow the link in the summary to Phil Zimmermann's page on Zfone. He's already done it.

Re:No surprise at all

[mrogers]

Do you really believe the government doesn't have ways of cracking common encryption techniques if it wants to?

Yes, I believe that. Cryptanalysis is an international science - take the recent SHA-1 collision attack, for example. I'm sure the NSA would love a backdoor into the world's encryption systems, but luckily the NSA realises that there are plenty of talented cryptographers in other countries who would be able to find and exploit any such backdoor, damaging the business and military interests of America and its allies.

As long as a significant fraction of the world's cryptanalysts are located outside of Fort Meade, the NSA's best bet is to recommend the strongest cryptosystems it knows about.

Re:No surprise at all

[IAmTheDave]

Once privacy is outlawed, only criminals will have any.

You mean like guns? Regulations like this have never been about catching criminals. They've always been about legislating law-abiding citizens into submission.

Take away guns, now only the government has guns. Citizens can't rise up.

Take away privacy, only the government has privacy/secrecy. Government no longer by the people.

Denial of privacy - as in the illegalization of guns - is never to protect against the common criminal. It's to sieze power, hold dominion over the people, and remove every glimmer of hope that they have.

I hate it when history repeats itself and the sheep-like general populace refuses to see it.

Re:No surprise at all

[Intangion]

before they got warrants
before they couldn't/didn't tap as many things
before they didnt have nsa survelliance stations right next door to msn, yahoo data centers

before they upheld the illusion of caring about the constitution

Re:No surprise at all

[camperdave]

I am by no means a cryptanalyst, and I have ony a vague clue as to how DES works, but how many 256 bit primes are there?

Re:No surprise at all

[BandwidthHog]

But I thought the justification for all this was to catch terrorists? They are generally considered to be thorough and crafty enough to take these sorts of precautions. The typical late night mugging doesn’t involve groups of conspirators hatching their plot from remote locations.

And your assertion that the average law-abiding citizen will be unaffected by this depends on how you define ‘affected.’ If I mount a video camera in your bathroom but never act (that you know of) on the footage I receive, have you been affected?

Re:No surprise at all

[Ludedude]

"It's doubly bad that it won't stop any really dangerous criminals."

I think you meant to say that it's doubleplus ungood...

Re:No surprise at all

[KlomDark]

All of them.

Re:No surprise at all

[idontgno]

With DVDs, the next gen recordable DVD, LTO2 or LTO3 drives, and the like, even a large hard drive, that's a hell of a lot of data before you need to generate a new pad.

And unless you know of a way to make your pad medium cleanly self-destruct on command, and your correspondent's copy too, the first search warrant at either end hands the authorities the keys to the kingdom. OTP is, indeed, brilliantly secure, as long as your pad is inviolate. Which is by no means guaranteed.

Re:No surprise at all

[einhverfr]

You are right wrt common criminals, but criminal syndications, such as the Mafia or Al'Qaeda are different. They rely on communication methods, and so are increasingly better at avoiding detection.

BTW, I have no problem with wiretapping VOIP conversation, provided than appropriate warrants are obtained and that appropriate levels of judicial oversight are involved. I see this as no different than coming into my house to search it. Come on in, but only if you have a warrant.

Re:No surprise at all

[geekoid]

Except the government put key length restriction on PGP.

Re:No surprise at all

Take away guns, now only the government has guns. Citizens can't rise up.

Comments like this never fail to amaze/amuse me.
Citizens can't even get their shit together enough to elect someone they want in power, or to email their representative. To pretend that the only thing stopping the people rising up and changing the world is a lack of guns is just hilarious.
But yes. I'm sure you're right. If only guns were avaliable, the revolution would take place right now.. right as soon as this TV show is finished and I'm done scratching my balls and drinking my beer...

Encryption?

If they are this forceful in there attempts to spy on citizens, than how long do you think we can use encryption before they ban it (or at least mandate a government backdoor)?

Re:Encryption?

[Nikker]

I don't see the big deal here. The reason why evreyone hasn't switched already is because of legacy hardware (POTS). If VOIP gets big then evreyone will be using IP which likely means it will be sent via a common network (umm INet). People don't use Google Talk beause you can't call *anyone* for free. Once enough people learn to use IP services and impliment it in their homes (router, handsets) then your provider is as simple as a menu selection, eventually completely free services will emerge. WIFI cell phones, PDA's, home phones, have all the same benifits, they don't rely on ma Bell, et al to run them. Now maybe evreyone will run them...

Re:If they must allow snooping

[iminplaya]

Ummm...that's "they might be told..."

User encryption raises even more flags

[BadassJesus]

it makes encryption for VoIP even more urgent

Big players like Skype or Google Talk will have to implement weak (gov breakable) cypher. And if you opt to use it you will automatically be in focus.

Re:User encryption raises even more flags

Skype doesn't give a crap what US law says... they aren't a US company.

Re:User encryption raises even more flags

[SoloFlyer2]

They are now... Ebay bought them not long ago...

Re:User encryption raises even more flags

[shutdown+-p+now]

Unlike Skype, GTalk uses an extension to an open protocol, Jabber, which already supports strong encryption.

Re:User encryption raises even more flags

[stinerman]

By that logic, since Yahoo and Google listen to the Chinese government, they must be Chinese companies.

Emacs email hook

[SeanMon]

(add-hook 'mail-setup-hook 'spook)

Re:Emacs email hook

[Vyvyan+Basterd]

It's sadly outdated. The words were compiled back when the Taliban and Uncle Saddam were friends of the US. No one cares about the red anymore.

Skype

[CliffSpradlin]

And of COURSE Skype had to be bought out just months ago by an American company (eBay).

Re:Skype

[mattjb0010]

It makes no difference. IANAL and IANA but under Australian law, a company operating in Australias has to abide by Australian law in its Australian operations, and I imagine it would be the same s/Australia/America/g

It doesn't matter for many VOIP calls

[petard]

Encryption for VOIP won't help in many scenarios that LEAs are interested in. If you're calling a land line from your VOIP connection, the end point on the land line won't be able to decrypt the conversation, so even if all of the VOIP traffic is encrypted you'll have to go to the PSTN in the clear. AIUI, that's what they mean by "interconnected".

Re:It doesn't matter for many VOIP calls

[l2718]

Note that even if they wanted to, LEA don't have the computing power available to monitor every call. On the other hand, analysing the call graph is quite tractable and completely orthogonal to the content. Enryption won't protect you from the government knowing who you're taking to!

Re:It doesn't matter for many VOIP calls

[Jah-Wren+Ryel]

even if they wanted to, LEA don't have the computing power available to monitor every call.

I'm too lazy to dig up the links, so go ahead and mod me for missing my tin-foil-hat...

With all the talk of Bush authorizing international wire-taps on US-to-non-US citizens, it came up that the most probably reason the NSA is involved (see the current case EFF vs ATT) is that the NSA's Echelon system does have the throughput to handle that kind of workload. That Echelon was initially designed to snoop on purely international traffic, but it is just as easily turned on US citizens if the right (or wrong) person wants it to be so.

Just from an algorithmic viewpoint - that kind of workload is going to fall in the "embarrasingly parallel" group which means you can just keep adding PCs to scale-up to a volume of phone calls that is limited only by floorspace and electricity.

Re:It doesn't matter for many VOIP calls

[x2A]

hehe, I actually -like- throwing in probably trigger words into my phone conversations, although i guess for real effect, maybe play some recordings of bin laden down the phone, cause some computers and some general somewhere to start overheating :-D

Re:It doesn't matter for many VOIP calls

No, but protocols and processes that are commonly used alongside encryption will - look at how Tor and Freenet function.

I try and initiate a VOIP phonecall, the encrypted stream passes to hostA, then hostB, then hostC, then hostD, the final and receiving host, encrypted with different sets of keys along each step of the way, as well as the whole way via an end-to-end set of keys. If I'm being wiretapped, who does it appear I am calling? The next time I call the same VOIP number, the transitionary hosts will be different. Indeed, they will be random each time, and will not be directly observable by either the source or destinations. Nor will any intermediate host know who the source and destination hosts are.

All the criminals* conducting the spying will see is a lovely grey static whitenoise pattern, sending out to random hosts via random addresses with no seeming structure or order.

*Yes, warrantless wiretapping is an act of treason as no law has yet been passed that superseeds or amends the Constitution. Bush, the NSA, the FBI or anyone else who engages in this are not just merely criminals, they are also traitors ( given their status of being directly affiliated with government ).

Re:It doesn't matter for many VOIP calls

[steve_l]

Presumably the reason that there is that big NSA facility in Yakima, WA is the same reason that much of the manhattan project was done up there: lots of electrons from the big reservoir/hydro system in that state and the Columbia river.

Even so, cracking moderate decryption is much more intensive than trying to do speech recognition on unencrypted streams, and as the amount of data increases, it only gets worse. Email is much easier to read.

What echelon (and this new ATT intercept does) is have the ability to intercept packets that are routed over different paths, so even if packets go different ways, they could still get the stream.

Re:It doesn't matter for many VOIP calls

[Detritus]

Presumably the reason that there is that big NSA facility in Yakima, WA is the same reason that much of the manhattan project was done up there: lots of electrons from the big reservoir/hydro system in that state and the Columbia river.

No, the NSA's electric bill isn't that large.

They are interested in quiet, as in RF interference, sites with a good view of interesting geosynchronous communications satellites.

DDOS

[ZachPruckowski]

VOIP works via packets with data describing the voice traffic, right? Suppose someone made a program to say "watchlist-words" constantly, and send them everywhere. How hard would it be for a terrorist to DDOS the FBI/NSA? I mean, if you randomize it, you can change pitch, volume, etc, as well as words. I have no idea how to do that exactly, but it doesn't seem infeasible.

Re:DDOS

I don't think they do blanket VoIP logging. More like they (already) think you're suspicious and add a tap to your record.

Re:DDOS

[ZachPruckowski]

As I understand the phone tapping situation, they listen in if you drop X amount of "flagged" words, like "terror" or "bomb" or "kill Bush" or whatever. Assuming the plan is the same with VOIP, if a trojan/rootkit/zombie/whatever starts flooding the pipes with packet streams with those words in different synthesized voices, it'd get picked up. And if they did it right, only the government would know, because they could aim the packet stream anywhere, including computers without VOIP, so most of the packets would bounce off some hardware firewall after getting picked up.

Re:DDOS

Now if everyone ran a program in the background that sent out random packets of listed words.. the government would be running about looking at fake leads. To bad that wouldn't teach them a lesson to leave the public be.

Re:DDOS

[dbIII]

How hard would it be for a terrorist to DDOS the FBI/NSA?

Very hard when you don't even have the technology to build a timing device.

It's best to look at this issue in a mature manner istead of a comic book manner - realise that disorganised bunches of angry people can create havoc instead of going after a giant organisation of supervillians. There's a reason why Bin Laden was in Sudan and then Afganistan - not enough of a "terror network" to hide anywhere other than in areas of chaos where anyone could hide. Most of the people supposedly connected to him would have sold him out - but the enemy of your enemy can still be your enemy.

Re:DDOS

[ZachPruckowski]

Well we saw one or two spammers take down that big blog site today, as well as bluesecurity. I mean, all you need is a few botnets, right?

Re:DDOS

[x2A]

There was a virus that spread through emails that included various probably trigger words in the email that would cause them to be submitted for further analysis, in the hope that each email would get flagged by the automated-listening-in devices, bringing it down (or at least making it struggle a lil)

Not that we'd know if it was affective, but I liked the idea very much :-)

Re:DDOS

[smartsaga]

Than and you can also do traffic hiding a la bittorrent along with that and you are set. Then just send your encrypted traffic everywhere along with the packets of whatever it is that you are downloading or uploading on bittorent - of course, there has to be a method that ensures the actual recipient receives all the packets of the conversation. Look at the concept, I know its very vague, but it would use something that is already out there and its hard to "filter" or "block".

I know, I know, sounds a bit to crazy to use for real time voice communications, but it could at least work for voicemail... right?

And, why not use something like SSH to mask conversations between two (privacy concious) points? People that care enough for privacy to use encryption would go to the trouble of setting up such a thing anyways (or buy it - from somewhere). Let's hope ISPs dont; start banning encrypted traffic or certain ports all at once (more than some already do).

Trivial stuff on your conversations? Somthing private? That you did what!!!?? What's for dinner? They listen to that anyways on your cellphone or landline, so who cares? Right? The average John Doe who looks for the "any Key" "key"? Huh? Didn't think so.

Still, fsck them for being metiches!!!

Metiches - errr... well, those who don't have any business listening to private stuff. Yeah... something like that.

Have a good one.

Re:DDOS

I like to drop a "start the jihad now" or "kill bush" in all of my conversations. I have no plans of terrorism (I think the last fist fight I was in was 9th grade), but I like the idea of wasting some a-holes time in the NSA. I am very happy, but my life is vanilla and it is funny if they waste time investigating me when they are phone snooping To bad it is my money paying them. Try it it is fun!

Re:DDOS

[DogBotherer]

"it doesn't seem infeasible"

That's "it seems feasible" in plain text!

Ad at the Top about Some Intrusion Detection S/W

[Esion+Modnar]

First time I've seen AOL, Urinal Cakes, and Lexmark mentioned in the same (digital) breath. Curiously appropriate for the topic of brazen government intrusion into our lives and Constitution (soon to be treated like a urinal cake).

See, it ties in.

There's encryption ......

[i_want_you_to_throw_]

and there's encryption. When you do find encryption make sure it isn't DES, NSA actually owns the patent on that one.

Re:There's encryption ......

[foreverdisillusioned]

No one uses plain DES anymore; it was broken decades ago. 3DES is fairly secure, but slow as hell. No point in using i3DES except maybe for legacy support. AES is probably good enough to guard against casual (i.e. mass) surveillence, though personally I would go wth Blowfish or Twofish due to faster large-key performance and the fact AES is likely to be cracked first by virtue of the fact that it's a government standard now and people on both sides of the fence will be trying like mad to crack it (either to gain an advantage or to prove it can withstand attack X.)

Re:There's encryption ......

[CastrTroy]

How do you get a patent on a mathematical formula? Really that's all any encryption is. I don't understand how the NSA could own a patent on the DSA algorithm.

Re:There's encryption ......

[samurphy21]

The same way you get a patent on a diesel engine. That's just made up of levers, inclined planes and hydrocarbon explosions.

The same way you get a patent on a drawing of Mickey Mouse. It's just pen markings on a cellulose sheet.

Re:There's encryption ......

[Esion+Modnar]

NSA actually owns the patent on that one.

What does owning the patent on an encryption system have to do with its strength? If I owned the patent on the one-time pad, does that mean I have somehow got a magical ability to crack it?

Not saying NSA owns DES (I don't know who does), but even if they did, its ownership doesn't necessarily confer any special abilities.

Re:There's encryption ......

[__aaijsn7246]

Don't forget the attacks which have been discovered against AES! Twofish forever! Or better yet, layer algos on top of each other.

Re:There's encryption ......

[x2A]

About the same way you can patent business practices

Re:There's encryption ......

[jZnat]

It means that the NSA invented DES. If you want to be safe from the NSA's illegal wiretapping, you'd probably want to avoid its encryption algorithms due to more likely inclusions of backdoors than in something like Blowfish.

Re:There's encryption ......

[number11]

The same way you get a patent on a drawing of Mickey Mouse.

You can't get a patent on a drawing of Mickey Mouse.

You can probably get a copyright. Maybe you can register your drawing as a trademark. But no patent.

Re:There's encryption ......

[number11]

Yes, firefox is indeed greater than women. Can women block pops up for you? No.

I don't know about you, but in my experience there are certainly women who can block pop ups for you.

Re:There's encryption ......

[samurphy21]

Yeah, you're correct.. Bad example. I should have said "the same way you can patent a method for cooking chicken" or something. If one puts a mathematical expression together in such a way that it generates a new form of encryption, then its trivial to patent that. Its the inventor's IP, since no one else thought of doing it the same way. It no different than a recipe or a piece of software or some new type of radio, they're all made up of base components.

Re:There's encryption ......

[Detritus]

DES was invented by IBM, with technical assistance from the NSA. Any patents on DES would have expired by now.

DES is still useful for low-grade material. It will keep out the riff-raff.

Re:There's encryption ......

[CastrTroy]

But you aren't allowed to patent recipes. You can't even trademark them or copyright them. Well you could probably copyright them, but it doesn't stop people from using your recipe. You're also not allowed to patent mathematical formulae. Just because your formula has a really good application, doesn't mean you should be able to patent it. Imagine of Georg Ohm had patented the V=IR. Well, then anybody who wanted to use any kind of electical circuit would be out of luck.

Re:There's encryption ......

[samurphy21]

You can patent a recipe. The trick is being able to prove novelty and nonobviousness. You couldn't patent putting a chicken in a 400' oven, but you could probably patent a method of spin drying the chicken, inserting hand woven leek clusters in its body cavity, then cooking in a jet powered roasting tube for 10-15 minutes or until golden brown.

Similar with the mathematical formula. The nonobviousness of mathematical functions used to create an encryption schema are what make it patentable whereas V=IR might not be. And just because someone didn't patent something, doesn't mean it's not patentable. You can get patents for just about everything these days, if you can meet the minimum standards.

Hard to do encryption commercial services

[EmbeddedJanitor]

For encryption to be secure, you'll need to have end-to-end encryption. That is achievable for an organisation that is running its own VoIP system, but not really so for anything that is based on a commercial offering like Skype.

If Skype bows to FCC pressure (which they will) then they will not provide encryption in their service which means that the people using Skype won't be able to encrypt their calls.

Most people don't really care about encryption or wire tapping, but for those that do you can be sure some offshore service will pop up to fill the void.

Re:Hard to do encryption commercial services

[ckedge]

But skype takes audio from my OS and transmits it. My OS gets it from the hardware - which may in fact just be a VM. What's to prevent me and whomever I'm talking to from running a small utility that encryts the audio before it's given to the OS from my VM? What if this utility was widely distributed and everyone used it.

You gotta love "the dumb network" (or what's it called, end to end*). They can't stop us.

(*) http://en.wikipedia.org/wiki/End-to-end_principle

Re:Hard to do encryption commercial services

[nead]

The encrypted audio would be horribly destroyed by the software DSP and you wouldn't hear anything understandable, at all.

Re:Hard to do encryption commercial services

[germansausage]

Why is that? As long as the encrypted audio fit into the same bandwidth as regular audio it should be fine, no?

Re:Hard to do encryption commercial services

[ad0gg]

Because the codec is designed for voice. Though they can try use nonless codec(like the ones used for faxes) and run the audio stream over that and in theory that should work but it would be biggest pain in the ass. Just ask anyone in the voip industry(vonage etc) about modems and faxes.

Re:Hard to do encryption commercial services

For encryption to be secure, you'll need to have end-to-end encryption

Why do you assume that you will be secure just because a process is followed?

Re:Hard to do encryption commercial services

[westlake]

you can be sure some offshore service will pop up to fill the void.

and if they have cut a deal wirh the CIA or the Russian Mafia, what then?

it amazes me when Geek paranoia stops at the U.S. border.

Re:Hard to do encryption commercial services

"For encryption to be secure, you'll need to have end-to-end encryption. That is achievable for an organisation that is running its own VoIP system, but not really so for anything that is based on a commercial offering like Skype."

Why not? This is being done today. I don't know much about Skype; I tend to stay away from proprietary and closed offerings of things I care about. But much of VOIP is end to end. My extremely limited understanding of SIP is that the provider simply acts as middle-man and the conversation is then handed off after the initial negotiation (a little like my equally horrific understanding of how most IM systems work).

In any case, what you suppose can't be done is achievable now. Open source SIP client, SIP provider (yes, even a commercial one), and Zfone. Same for the VOIP user on the other end. Done. No need to run your own VOIP system or the like.

Little window with colored button lights green, you're encrypted. If not, your SIP VOIP friendly conversation ain't.

Now, this doesn't stop someone from then redirecting their SIP client to their cell phone or some unencrypted bridge, but if it's client to client, you simply ask if they are talking from their machine or not.

Re:Hard to do encryption commercial services

[anagama]

I have vonage. Faxes work fine. In 4 months of service, I had only one day with difficulty (solved by temporarily setting my fax to "overseas" mode). I'm not a heavy fax user, but it is a steady 2-5 (combined in/out) per weekday.

Re:Hard to do encryption commercial services

[the_doctor_23]

If Skype bows to FCC pressure (which they will) then they will not provide encryption in their service which means that the people using Skype won't be able to encrypt their calls.

Skype never disclosed the internals of their crypto, didn't allow the user to employ their own keys and /or crypto modules and avoided anwering questions concerning crypto or reasons for anti-softiceing skype on the forums. All this looks highly suspicious to me and I would not be surprised if there was some kind of interception capabilities already included.
That's why I do not use Skype or ever will.

traffic analysis

[r00t]

One can learn a lot by knowing:

a. who you call, when you call them, and for how long
b. who calls you, when they call you, and for how long
c. who these other people communicate with
d. what all these phone numbers are associated with (bank accounts, etc.)

Re:traffic analysis

[houghi]

How to avoid this Traffic analysis: Usenet
Post a picture on a newsgroup and put an encrypted message inside of it.
Usenet will distribute it for you. Not possible to see who actually has the correct key and tool to decrypt it.

Post it at one provider and Usenet protocol will see that it arrives with many other providers over all countries.

The sole reason for the picture is so that many people will download it from as many places possible, making a direct link not workable.

See it as the message send out during WWII. Jean has a grand moustache. I repeat. Jean has a grande moustache.

They know something is going out, but they have no idea for whom it is ment or what it means. It even could be just some pictures.

Re:traffic analysis

[is+as+us+Infinite]

That what I thought all those auto-generated pseudo-text 'spam' messages were. I remember reading an article about people just randomly 'ddos'ing or 'crapflooding' usenet, but that didn't make much sense to me. Why would someone just flood the entire usenet with random meaningless junk. I mean, I can understand pyramid schemes, spamvertising, and such, but choosing to purchase hardware/hardware processing just to fill people's newsgroups with nothing? Obviously useless. So, I think you've hit the nail on the head, here. People are using usenet to communicate.

I don't know how, or with what encryption, or to what end, but it's surely effective because it's still going on...

Of course, it could just be vandalism, but the best way to act under the radar always comes with an easy excuse. Don't quote me on that. Or if you do, make sure you include something like, "The day's denizens easily descended from the rafters and Josie Apples took her place amongst the roses like dawn. Telling Neil Rethspen of its daily spoonings, there wasn't anything else that she didn't take with her. Up into the cavern they climbed, daylight creeping behind Kelly Wendel as Beth Arnold took the stand."

See you on usenet!

Re:traffic analysis

[Altima(BoB)]

That ethos is actually something that's been in use for quite some time by seemingly many groups, somewhat under our collective noses, Numbers Stations, shortwave radio transmissions with origin unknown that transmit codes of numbers or letters, repeat a few times, then disappear. Most likely they are for undercover operatives with a codebook.

The idea is that it's tough to track their origin (apart from perhaps the language of some of the short messages that accompany them, but even that could be a red herring) and it's impossible to track down who's recieving it. Also, if it's using a one-use key decoding system, it's impossible to decrypt a meaning from it. Finally, most of these stations reappear at regular intervals, there's no real way to tell if one day's message is "all clear" or if it's "commence with the plan tomorrow."

I find them fascinating, and for some reason, chilling to listen to.

Re:traffic analysis

[smchris]

I think you are right. But it just means the government will want umpteen more billions for the research and deployment of systems to sift through usenet porn for suspicious bit patterns. It would surprise me if research grants aren't already out there.

That makes me wonder whether spam with short "random" words that contain messages can fly under the radar more easily.

Re:traffic analysis

[houghi]

Usenet, poor mans "Numers Station".

Great

[iminplaya]

Now that we've all realized that the gornment's next step wil be to disallow any indecipherable info on the net, what's left to discuss that hasn't already been discussed on the YRO threads?...Hey! How 'bout them Cubs? I mean them White Sox.

Re:Great

[SpecBear]

It would be interesting to see them try force the banks to turn off SSL on their sites.

On the plus side, banning indecipherable information should put a stop to a large portion of spam, a significant number of slashdot postings, and a few overly buzzworded web sites.

Re:Great

[iminplaya]

It would be interesting to see them try force the banks to turn off SSL on their sites.

The banks already turn over any requested information without batting an eye. The SSL is used to protect them from us, not the government or data miners.

Action Time!

[autocracy]

I've read so many things about our government as a whole's actions this year, and I'm really distraught. I walked into my Senator's office today, and discussed meeting with her. Usually, she only takes groups. I assume the same applies for most other Senators and Reps. Letters get ignored, e-mails are only seen by staff... who knows what happens to faxes?

My answer? A call to the /. community to organize in each Congressional district. Anybody who wants to assist in putting together these groups, please e-mail me. techroots@storyinmemo.com. If 15 of us in Southern Maine get together, we'll get a meeting. If we, as an organization, speak, we'll be much louder. Anybody, and particularly anybody in Southern Maine, I really want to hear from you. In a world that organizes online, if we can speak in real life too, we as geeks may be the most efficient people to form together.

Let's see if we can't stand a chance in hell of not being oppressed by the government we as a country vote for.

Re:Action Time!

Get that shit posted on the front page, dude.

Re:Action Time!

[BalanceOfJudgement]

Hey,

I've been thinking of doing the same thing in my district (Montgomery County, Maryland, just 15 minutes north of Washington, DC).

I wouldn't say any kind of demonstration or "march" would be in the slightest effective; politicians stopped paying attention to those years ago. However, paying a "visit" to a few local politicians might get some eyebrows raised.

We should talk.

Is there a way to message privately here? I'm quite certain that posting my email address here would result in more email than my server can handle within about 45 seconds.

Re:Action Time!

The U.S. can only be changed from within. Us foreigners just watch the Bush administration stripping you guys of rights and no one seem to do a darn about it. All the best in your efforts in turning the tide.

Re:Action Time!

[Xiroth]

Make a journal entry dedicated to it and turn on comments so people can discuss it.

I'd like to see you yanks get working on this. Perhaps it's time for we Aussies to do something similar, with all the crap our politicians are spinning these days.

Re:Action Time!

[rhendershot]

Bravo!

Truly an interesting idea and certainly not a scenario your congressperson has ever faced before. Think of it? An organized, um, *group* of people all professing a belief in similar things and the *might* to hold your elected official to account!

And you'll have the millions of dollars to pad the way like the other special interest groups, I'm sure....

EFF: http://www.eff.org/
DownsizeDC: http://www.downsizedc.org/ - Make Congress read every word of every bill they create before they vote on it.
Urge your Representative and your Senators to sponsor DownsizeDC.org's "Read the Bills Act" (RTBA).

Re:Action Time!

[Godeke]

"Usually, she only takes groups." ... with piles of cash. Welcome to your government, now go home.

Re:Action Time!

[mattboy99]

The Bush administration has been ignoring most of the things already in the law. So it woudln't matter if congress is on our side at this point.

CALEA?

[StikyPad]

Now the FCC's pushing that stuff? Look, I don't have ED, but even if I did, I wouldn't ask the FCC for help.

But just out of curiosity, how much are they asking for 60?

Voice Scramblers?

[MBCook]

I was under the impression that it was illegal in the US to use voice scramblers to mask your telephone calls.

If they can tap the VOIP calls, wouldn't encrypting them be the equivalent of voice scramblers and thus illegal?

Re:Voice Scramblers?

[Watson+Ladd]

No. Courts are reluctant to extend laws by analogy. IANAL, but I am fairly certian that this is the case.

Re:Voice Scramblers?

[atrus]

Since when is it illegal?

Re:Voice Scramblers?

[Detritus]

They are not illegal. The problem is that the market for them is very limited and vendors who sell 95% of their output to the government are wary of ending up on the NSA's shit-list.

Zfone isn't secure

[Watson+Ladd]

A man-in-the-middle attack works very well. Before jumping on the crypto bandwagon let's make sure the goverment can't break it without significant effort. Like the algorithms they themselves use.

Re:Zfone isn't secure

[Watson+Ladd]

Suit B is strong. Sorry for the ambiguity.

Re:Zfone isn't secure

There is a decent scheme for protection from MitM attacks in ZPhone. ... from the ZPhone proposal ...

"The ZRTP protocol has some nice cryptographic features lacking in many other approaches to media session encryption. Although it uses a public key algorithm, it does not rely on a public key infrastructure (PKI). In fact, it does not use persistent public keys at all. It uses ephemeral Diffie-Hellman (DH) with hash commitment, and allows the detection of Man in the Middle (MitM)attacks by displaying a short authentication string for the users to read and compare over the phone. It has perfect forward secrecy, meaning the keys are destroyed at the end of the call, which precludes retroactively compromising the call by future disclosures of key material. But even if the users are too lazy to bother with short authentication strings, we still get fairly decent authentication against a MitM attack, based on a form of key continuity. It does this by caching some key material to use in the next call, to be mixed in with the next call's DH shared secret, giving it key continuity properties analogous to SSH. All this is done without reliance on a PKI, key certification, trust models, certificate authorities, or key management complexity that bedevils the email encryption world. It also does not rely on SIP signaling for the key management, and in fact does not rely on any servers at all. It performs its key agreements and key management in a purely peer-to-peer manner over the RTP packet stream. ..."

Huh?

We will be in touch, comrad.

why is this a big deal?

Are slashdot readers all using encryption on their existing telephone lines? If not, why does it matter now that it's VOIP?

Re:why is this a big deal?

[SilverJets]

I was wondering the same thing. What's the big deal...so they can tap your VOIP conversation. Whoop-dee-doo, they can already tap your "normal" telephone conversation, how is this any different?

And if you use a cell phone, shouldn't you be more paranoid about Joe Schmo tapping into your cell phone conversation with the equipment he bought on Ebay?

Re:why is this a big deal?

[zephos]

Because in the case of Computer-to-Computer calls it is easy enough to build encryption seamlessly into the software you use to make calls. Imagine if Skype by default encrypted all Skype calls. As a geek I could use Skype with all non-geek friend safely and my friends who have no extra-effort of knowledge to do so.

I've tried convincing friends [even some geek friends] to encrypt their emails and IMs but laziness is hard to overcome. Sending my parents an encrypted IM or email is next to impossible because the encryption isn't hidden to them.

And it is possible. Using SSL is hidden from the user. They don't have to manage keys or even know that it is going on at all. Everyone uses SSL encryption for that reason when using sensitive websites, the technology is there to use it elsewhere in the digital world. The software just has to be smart about it. [This is why I'm convinced gaim should come with the gaim-encryption or gaim-otr plugins by default].

Re:why is this a big deal?

[TACNailed]

When the Nazis arrested the Communists, I said nothing; after all, I was not a Communist. When they locked up the Social Democrats, I said nothing; after all, I was not a Social Democrat. When they arrested the trade unionists, I said nothing; afterall, I was not a trade unionist. When they arrested the Jews, I said nothing; after all, I was not a Jew. When they arrested me, there was no longer anyone who could protest. It is a big deal.

Re:why is this a big deal?

[Moflamby-2042]

It matters because it becomes obvious what must follow to make this effective. If CALEA is applied then the company must provide methods to tap any communication.

An interpretation of the law away implies all attempts to prevent monitoring the essential data of a call is illegal. That is, obfuscation, misdirection, encryption can be seen as circumvention attempts to CALEA. How much more ridiculous is it to prevent encryption than to make it illegal to break encryption via already existing DMCA?

And even if it can't be interpreted that far by the courts, then what of the next law as soon as it's claimed "CALEA is ineffective since all <evildoers> are communicating using encryption which is so easy over the internet!".

So the reason it's a big deal is that it shows a generalization of the POTS tapping and pushes it into the internet domain (as they're a mixture of both). After it gets there no protocol or method of communication using the Internet is safe from this march. This generalization shows no limitations to including more mundane aspects of everyday life when technology would allow it.

Re:why is this a big deal?

So, your response is that it matters because you are needlessly paranoid.

In all seriousness, you're making shit up. You're hypothesizing potential laws that may come into place after this law, and making up abuses that you suspect might occur.

Re:why is this a big deal?

[gatzke]

"...no protocol or method of communication using the Internet is safe from this..."

So POTS was safe?

So your mail is safe?

So you can't be bugged?

Hell, your machine is not Tempest proof, so they could park a van out front and watch as you surf pron.

Court orders can get surveillance on you no matter what.

Anything you do online you should assume anyone could have access to. If you are trying to be clandestine, sending an email is not the right way to do it.

They have had POTS devices that you snap on for encryption for years overseas, but they are totally illegal here. That scares me a bit, but you can always just talk in some sort of encryption / code and hope for the best.

You don't like it? Build your own internet and make your own rules. Or don't use this internet. Or find some way around that you think is secure. If they want to listen to you, they will.

Re:why is this a big deal?

[Hatta]

Are slashdot readers all using encryption on their existing telephone lines?

No, I have to take pains to discuss anything sensitive through a safe channel. If I could encrypt my telephone I would.

If not, why does it matter now that it's VOIP?

Because discussing sensitive matters is now much easier thanks to technology. What's so hard to understand about that?

Re:why is this a big deal?

[geekoid]

Because a backdoor in software can be cracked and that opens up conversation to anybody.

Re:Encrypting is a bad otpoins

[Travelsonic]

While I undersnad that you may have concerns about your privacy, you do not need to worry because you are not doing anything that the FBI will be intersted in.

Sorry, sugar coat it all you want, but that is jsut another variant of the fallacy that "If You're Doing Nothing Wrong There's No Need to Worry". For one you as the average citizen have no idea what kidns of clasified things the FBI does behind your back, or for that matter how that would work in with this issue, two even if there are promises from govt. officials about keeping provacy secure, histroy will tell you that this will either isn't true at all, will not be true for long, or is an honest ida gon awry.

If you aarre, than the system is working and you have no right to complain anywy.

What if you are doing what is "not wrong" tpo the average person and law abiding citizen then? Didn't think of that huh? Look back in history: Sacco and Vanzetti, the Red Scare, people of Japanese DECENT for christ's sake being sent to camps - even internationally things like the Jewish concentration camps in Germany tell you that this is not true all the time, and can not be treated that way safely.

Amerca, the last bastion of Freedom in the

[ScrewMaster]

... oh, never mind.

Who cares what THIS FCC says...

I have a feeling it's attitude will change this November... or rather "I have a dream". The government has attempted to outlaw encryption for many years... they haven't been successful yet. In fact, the US economy needs encryption. They can't outlaw it. How is everyone going to make online purchases?

To outlaw encryption is to outlaw the exchange of a list of numbers between two citizens... Something not done simply in practice.

CLAEA for VOIP isn't "trivial"

[T_O_M]

Believe me when I say that implementing CALEA in VOIP isn't trivial since the data must be intercepted somewhere.

The questions to be answered are where and how the interception is accomplished - especially in a manner that isn't trivially detectable by the user or client software?

I'll leave the details on detection methods as an exercise for the overly paranoid but, having studied the issue (potential need for CALEA) several years ago and having the client pooh-pooh the need to even plan for it (read management and the almighty budget dollarette) it isn't necessarily simple or cheap or (especially) practical given some poorly-designed networks.

And no - can't tell you who, when or why,
T_O_M

Re:CLAEA for VOIP isn't "trivial"

[Fatal67]

This is a death knell for companies that are just software based and don't actually provide the network used by their customers. Unless they have every call route through their servers (every packet), they can't meet CALEA requirements.

Of course, they could just pay the phone and cable companies to do this service for them. Mightily amusing.

Re:CLAEA for VOIP isn't "trivial"

The gotcha for companies that want to connect on-net calls (i.e. not Vonage) is that normally with SIP calls, the RTP media goes point-to-point. In order to comply with CALEA, it has to be undetectable to the tapee. That means that you can't just route the call through a relay (where the media are siphoned off) when tapped - you have to route through a CALEA-enabled relay all the time, just in case you get one of the 5 VoIP tap warrants they issue a year. This is no big deal for the Comcasts (all packets go through their CMTSs) or Vonages (all or almost all traffic touches the PSTN i.e. a relay server), but it's a big deal for those that support direct RTP traffic (i.e. FreeWorldDialup, etc).

For the moment, FreeWorldDialup is exempt - until they connect to the PSTN. It used to be the rule only applied to calls starting or ending on the PSTN, so you could tap at the gateways - but last year the FCC changed things so if ANY of your calls start/end on PSTN, then ALL calls (including on-net IP-to-IP calls) are subject to CALEA. And they changed things so you can't work with a 3rd-party for PSTN gateways access - they consider that to make your network "connected" to the PSTN.

Re:CLAEA for VOIP isn't "trivial"

[glittermage]

Although a VoIP provider that is not interconnected to the PSTN may not need to be CALEA compliant under current rules ALL facilities-based broadband providers must be CALEA compliant. So tap the Internet connection for all their traffic not just the VoIP calls.

Re:CLAEA for VOIP isn't "trivial"

The questions to be answered are where and how the interception is accomplished - especially in a manner that isn't trivially detectable by the user or client software?

I'm sure the government can figure out how to use tcpdump.

Re:CLAEA for VOIP isn't "trivial"

[Aceticon]

Believe me when I say that implementing CALEA in VOIP isn't trivial since the data must be intercepted somewhere.

Simple, all non-open source VOIP implementations have to include an IRC control console which connects to a specific, password protected IRC channel in Undernet and waits for commands from a human controller, for example "redirect [ip-address]"

As an added bonus they can have the "ddos [ip-adress]" command and aknowledge reception of any command by saying "Yes, master!".

Re:CLAEA for VOIP isn't "trivial"

So? Just make the software check for a warrant from a police wiretapping server, and if necessary route the call through the special server. No, this doesn't completely satisfy all requirements. But it works, and 99.99% of people would never notice anything strange about it.

Software requirements are interpreted creatively like this in the business world all the time. If it works well enough almost all of the time, then ship it and move on to the next problem. Why suddenly try to be anal about some bullshit wiretapping requirements?

oh yeah...

[foreverdisillusioned]

And if you're doing something REALLY evil, you'd best use an OTP. If you just need to transmit text, you can fit enough entropic pad material on a DVD to last you a very, very long time. You'd need to combine it with a passphrase, though, and/or ensure that the pad is disguised as or embedded in something else.

AHA!

[Mr.+Freeman]

So this is what that Microsoft patent is really for.
http://yro.slashdot.org/article.pl?sid=06/05/04/22 38213

In all seriousness though, how many people will actually use VOIP to discuss illegal activity. If they know they're being monitored wouldn't they be more likely to use some more secure form of communication? Although, this brings up the question what do people sue to discuss illegal activity NOW if they know that they phones are probably monitored?

Re:AHA!

[Dance_Dance_Karnov]

use prepaid cell phones (wth cash of course, and only use them once and then throw it down a sewer drain) and talk ambigiously.

Re:AHA!

We use PGP to discuss our illegal activities, not 9, as it's pure crap.

-AC-

Re:AHA!

[advocate_one]

memorise and destroy your crib sheet as well... this idiot didn't...

Big F'ing Deal

So what? How is this any worse than the Feds tapping your voice-over-copper line? Let's be clear about this... this isn't a loss of freedom -- it's just bringing the current laws in line with the technology.

The fact that this law exists is important. At this point the alternative is having the Bush administration listen in on your conversations without any kind of oversight. I'm glad that there's a law, which can perhaps be repealed rather than having lawless NSA tapping.

Re:Big F'ing Deal

[Ash-Fox]

> How is this any worse than the Feds tapping your voice-over-copper line?

I don't have the spare bandwith for them.

> The fact that this law exists is important.

You do know that the US government knew about the September 11th attacks in advanced, right?

How is this going to help anything for the people?

Re:Big F'ing Deal

[geekoid]

"You do know that the US government knew about the September 11th attacks in advanced, right?"

no they didn't.

Re:Big F'ing Deal

[Ash-Fox]

> no they didn't.

Google kthnxbye

The key word...

[chill]

...is "connected". For the people whom I talk to the most -- family and some cyber-aware friends -- strong encryption on top of VoIP is the way I will go. Don't leave the Internet for the traditional POTS world and the CALEA doesn't apply.

http://www.philzimmermann.com/EN/zfone/index.html

Thank you (again), Phil.

  -Charles

Re:The key word...

[chill]

Thank you (again), Phil.

Well, I just read the EULA and I want to retract that statement. Thanks for nothing, Phil. Nothing like selling out, is there? Ka-ching!

  -Charles

Re:The key word...

[cipher264]

It starts out kind of okay, and then gets *sketchy* later. See section 3, reporting bugs

the EULA:

Source Code For Internal Review License Agreement

ATTENTION: The files you are about to download contain the source code for certain Zfone software products owned by Phil Zimmermann & Associates LLC ("Zimmermann) at http://philzimmermann.com/ (spelled with 2 Ns!). Zimmermann is making these source code files available to you for specific limited purposes and you may use these source code files only for these purposes. You should read these license terms carefully and decide whether you are willing to agree to these license terms.

* If you are not willing to agree to these license terms, Zimmermann is not willing to provide the Source Code to you and you must not proceed with the download. By proceeding with the download you are consenting to all of the terms contained herein.

* The Source Code (including its structure, organization, and other non-literal elements) is protected by copyright laws in the United States and other countries. Zimmermann owns and retains all right, title, and interest in and to Source Code, including all copyrights, patents, trade secret rights, trademarks, and other intellectual property rights therein. The unauthorized reproduction or distribution of this copyrighted work is illegal, and may result in civil or criminal liability.

DEFINITIONS:

"Source Code" means the source code for the Zfone software provided pursuant to this Agreement.

"You/you" means the individual person installing or using the Source Code on his or her own behalf; or, if the Source Code is being downloaded or installed on behalf of an organization, such as an employer, "you" means the organization for which the Source Code is downloaded or installed, and the person installing or using the Source Code represents that he or she has the authority to do so on your behalf.

LICENSE TERMS

1. What You Can Do. Under this license, you have the right to:

(a) download the Source Code files and make a reasonable number of copies as necessary to exercise the rights granted below;

(b) review the Source Code in these Source Code files in order to verify that there are no unknown vulnerabilities or the like and in order to make your own assessment of the security features of the Zfone software;

(c) compile the Source Code for the Zfone software program into an executable code version of the program;

(d) run the executable code version solely in order to assist in your testing and cryptographic analysis of the security features of the Zfone software; and

(e) modify the Source Code in the course of exercising the rights granted above.

2. What You Cannot Do. Under this license you do not have the right to, and you may not:

(a) modify the Source Code beyond what is allowed above;

(b) make copies of the Source Code files beyond what is allowed above;

(c) remove or alter any notices in the Source Code files relating to patents, copyrights, trademarks, or other proprietary rights;

(d) give (meaning sell, loan, distribute, or transfer) the Source Code files, as originally provided by Zimmermann or as modified by you or anyone else, to anyone else (unless you are downloading the Source Code files in the course of performing duties for your employer, in which case you can share the Source Code files with fellow employees as long as you do not make additional copies and otherwise comply with these license terms);

(e) use executable code versions of the Zfone software program created by compiling these Source Code files for any purpose or reason other than verifying that there are no unknown vulnerabilities or the like or otherwise making your own assessment of the integrity of the Source Code and the security feat

Re:Encrypting is a bad otpoins

Yeah, and if the FBI (or NSA or whoever) aren't doing anything illegal, then they should have no reason to hide who they are wiretapping...

Yeah... but it's still cheaper than SBC

[cdtoad]

so encrypt your calls or create your own private language.

Yeah... just like 911 requirements

[zoid.com]

And all sorts of other regulations that the FCC is trying to figure out how to requore for VOIP. They don't get it. If they require it for the likes of vonage then it really won't do anything except cost these companies millions. The only way they can force this is to outlaw the internet. It's funny to watch the FCC try to force old rules on a new medium (new? wow... its not new anymore).

Re:Yeah... just like 911 requirements

[jdog1016]

Yet, but at the same time, it is extremely important that 911 will work on VoIP if the technology is going to have any chance at all of becoming mainstream.

Choose a VOIP provider outside the US

[pilotcam]

I live in the US, but my VoIP provider is based in Canada. (So is the phone number.) Silly... no matter what, there's always a way around this for anyone that's the least bit determined.

Re:Choose a VOIP provider outside the US

[BlueStrat]

I live in the US, but my VoIP provider is based in Canada. (So is the phone number.) Silly... no matter what, there's always a way around this for anyone that's the least bit determined.

What's to stop them from passing legislation to prevent those in the US from using a non-US based VOIP provider and/or using encryption? I can't see them allowing such common-sense work-arounds.

Cheers!

Strat

Re:Choose a VOIP provider outside the US

[westlake]

Silly... no matter what, there's always a way around this for anyone that's the least bit determined.

You think the Feds might ask for help from their counterparts in Canada?
Who won't lose any sleep over whatever happens to that annoying little twit routing his calls through Toronto.

Re:Choose a VOIP provider outside the US

[Ash-Fox]

> Who won't lose any sleep over whatever happens to that annoying little twit routing his calls through Toronto.

America.

CALEA

[Solokron]

CALEA has been around for quite some time. Carriers can be fined very heavily for not integrating it. It was quite mandatory setting up CALEA serial line on the Cisco routers back when I worked for AT&T Wireless (now Cingular) and I setup a few dozen of them.

Again....

[Doytch]

What makes the FCC think that they can make laws about programs that exist OUTSIDE of the US? Why should my VOIP program have security holes because of the big bad terrorists terrorizing the US?

Re:Encrypting is a bad otpoins

[NoseSocks]

To expand on this point:
What most people don't seem to grasp is the quality of the average government worker. They are human. They will make typos, they will misunderstand things, they will be lazy, etc. There will be instances of "Buttle vs. Tuttle", in which case the innocent will be accidentally treated like the guilty.
This should be our biggest fear when faced with the erosion of our rights and more intrusive actions by the government. You could have done nothing wrong, but still have something to worry about. Now they have more avenues of data....to make more mistakes on.

I'll bite troll this is why govt spying is bad

[mrraven]

This no doubt a troll but I'll bite for all the confused kiddies out there who might take this argument seriously. If you lived in the Soviet Union the spies were OK right because if you weren't doing anything illegal you had nothing to hide right? Same for Nazi Germany, and the "legitimate" government of Britain in the American colonies in 1775.

But it's different now you'll protest those were tyrannies and we are in a democracy. Well listen up my friend it's ISN'T that different, the president is in DIRECT violation of the constitution by declaring war on his own whim only Congress can declare war according to the constitution (and no Congresses rubber stamp allowing the president to declare war was not legit), further that war was declared by the president based on lies (see the Downing Street memos), further we are torturing people, and used Napalm or a Napalm like substance on civilians in Fallujah which is war crime, further NSA wiretaps without a court order are a violation of the bill of rights, further we have by FAR the largest prison population in the industrialized world at over 2 million, 100,000s of which are in there for victimless drug crimes, or pissing off their neighbor and being turned in for "sex crimes." Do you start to see why some of us want to be able to communicate without the government butting into our damn business?

Re:I'll bite troll this is why govt spying is bad

[BalanceOfJudgement]

"No government is worth killing or dying for."

Unless you're dying to destroy that government, if it has violated the social contract that allows it to operate.

This government, has. This government, and almost every Western government in the world, is guilty of high treason against its own people.

There will come a day when they pay the price for treason.. and there is only one price for treason.

I can't wait for that day.

Re:I'll bite troll this is why govt spying is bad

[TubeSteak]

Many people seem confused about the status of Iraq.
Iraq is a conflict, the result of an "authorization to use force".

Nobody declared war.

Not the President, not Congress.

Iraq, like Vietnam, is not a Capital "W" War.

They talk about "war" in the media, but it isn't a War.

The only "War Powers" the President has is the power (more like a requirement) to report to Congress on the progress of the situation/troops in Iraq.

The Global War On Terror != Iraq
GWOT is like the War On Drugs, or the War on Poverty.

Re:I'll bite troll this is why govt spying is bad

[greenrom]

Perhaps today would be a good day for a brief civics lesson. Here is the text of the fourth amendement.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

There is no absolute protection of privacy granted in that amendment. In fact, it wasn't until 1967 in Katz vs. United States when the Supreme Court ruled that the fourth amendment could offer protection against wiretaps, reversing previous rulings that said the opposite. In the Katz ruling, the court extended the definition of "search" to include government intrusion into something in which a person has a reasonable expectation of privacy. Even after the Katz ruling, the fourth amendment only offers protection against unresonable searches. There are still a lot of cases when the government can conduct a search and violate your privacy. One obvious time is when a warrant is obtained for the search after probable cause of a crime is presented to a judge. However, there are other cases where searches are not deemed unreasonable. If a police officer is walking by your house and hears screaming and believes someone is in danger, he can forcefully enter your house without a warrant. There's no violation of the fourth amendment because under the circumstances, entering the house to ensure the saftey of another person is not considdered an "unreasonable" search. If you are stopped for a traffic violation, the police officer is free to shine his flashlight in your window and look around the passenger area. That's because the courts have ruled that if items are within view, there is no expectation of privacy. As for the NSA's warrantless wiretaps, those are certainly in the gray area. The president argues that warrantless wiretaps of international calls are permitted under Article II as part of the military authority granted to the executive branch so long as the wiretaps are used for intellegence gathering related to national security, not criminal investigations. Others argue that the wiretaps are an unreasonable government intrusion when there is an expectation of privacy. Both arguments have merit, and reasonable people can have different opinions on the legality of these wiretaps. This is really an issue that needs to be resolved by the courts.

You seem to have many complaints with the United States government. I doubt there was ever a time in the history of the United States when you would have been happy with this country's laws or actions. In fact, I doubt there was ever a country in the history of the world in which you would be content. However, I hope I'm wrong, and I hope you find a place to live where you will be happy. If you do, I hope your utopia is as perfect as you envision.

Re:I'll bite troll this is why govt spying is bad

[mrraven]

Just because you put lipstick on a pig doesn't mean it's not a pig. And calling an illegal war a legal conflict is like arguing over what the meaning of is, is... or trying to justify torture, it just makes you like an asshole. The U.S. has engaged in many illegal wars since WWII under the auspices of "police actions" like Korea and Vietnam under both Dems and Reps, this is bi-partisan badness.

Re:I'll bite troll this is why govt spying is bad

[TubeSteak]

The reason these semantics are relevant, is because calling it a War legitimizes the White House Power Grab(tm).

Bush says: It's a War
The media says: It's a War!!
Everyone says: It's a War!!11

Now that it's been established in the public mind that we're at War, you can justify almost anything for "the war effort". How many people have had their criticisms shouted down by idiots yelling "how dare you say/criticize/question {XYZ] during a time of War."

Ultimately, if the U.S. Congress had formally declared War, I imagine they would have taken their oversight responsibilities a bit more seriously.

Re:I'll bite troll this is why govt spying is bad

[mrraven]

Or you could just walk away from it and let it collapse of it's own weight. Or to put it in slashdot speak some of us interpret governments as blockages and route around them.

Akido works too you know, sometimes meeting stupid force with more stupid force only leaves two pointlessly bruised and injured people. If you want to pirate music, or do drugs, or encrypt, or look at porn just do it already, they just don't have that many cops, really our own "internal cops" as William Burroughs put it is a bigger block than the thinly spread actual cops.

I've been to a lot of protests in my day yet recently I'm coming to the conclusion that the best revenge is not to fight the assholes but just live the way you want to live and ignore the assholes. See also the temporary autonomous zone:

http://www.hermetic.com/bey/taz_cont.html

See also the postcarbon institute which is people putting in gardens working on solar power and figuring other ways to "re-localize" and live outside leviathan/empire/molach.

http://www.postcarbon.org/

Really our effort is better put into figuring out how to practically live in a sustainable, peaceful way,that preserves knowledge and global culture in the 21st century, rather than to fight the dying dinosaur governments.

Re:I'll bite troll this is why govt spying is bad

[mrraven]

If we let them get off with calling it a conflict then the president can declare what are in fact wars and just not call them wars and flagrantly violate the constitution, that makes things WORSE, not better. Far better to say hey look Mr. Prez you started a WAR in flagrant violation of the powers granted you in the constitution, therefore not only is your war illegitimate but so are your so called war powers, ALL null and void.

This WAR is based on lies and a flagrant violation of the constitution lets stop the damn thing and save some lives and treasure to boot.

Re:I'll bite troll this is why govt spying is bad

[arturs]

This no doubt a troll but I'll bite for all the confused kiddies out there who might take this argument seriously. If you lived in the Soviet Union the spies were OK right because if you weren't doing anything illegal you had nothing to hide right?

Of course it's not true. Many, many people were jailed and even killed innocently, without having done anything illegal. You could never be sure if someone turns you in and for what. The system needed victims, the officers needed to show they are efficient, and the result was a nightmare for everybody. In the peak period os Stalinism it was hard to find a family who hasn't been hurt by the regime in some way. These were normal people, not dissidents in any way!

Re:I'll bite troll this is why govt spying is bad

[BalanceOfJudgement]

It's interesting you bring up just walking away...

I have spent an inordinate amount of time figuring out what "walking away" really means, in the Daniel-Quinn sense of the phrase. If you haven't read his work, he basically advocates that the best way to get out of all this insanity is just to well, get out of it.. walk away. The government, this culture, cannot control what does not willingly play the same game. If I choose to just live on a small piece of land growing tomatoes all day, what are they going to do, outlaw growing tomatoes and dedicate $12 million to capturing me? What kind of public outroar would that cause?

But "walking away" has other meanings, too.

For example, when the "Iraq War" started, people on both sides argued about whether it was "right" or "wrong" to invade a nation preemtively - but the implicit statement was, on both sides, that it was even an issue worth talking about. The first thing people inside this culture do, when presented with an issue, is look for evidence why one way or another of looking at it, is correct.

Well, walking away basically would mean.. don't. To say "it's not my war" would be an overstatement - it's not even my conceptual cup of tea. Our culture is so busy controlling and touching everything, everywhere, all the time, that walking away begins to mean, just living the life that is within 1000 feet of you and stop living everyone else's life for them.

But I digress.

In practice, to "walk away" would simply mean leaving this civilization behind and living the way you want to, away from it all. There's still plenty of open land that can be used to such a purpose, though it still be 'owned' by this government, such as it is. If fairly purchased and gently used, they'll never have any reason to pay attention to you, until they realize you're convincing everyone else to walk away too by giving them a far superior way of life.

But at that point, the governments of the world would be doomed anyway.

Ideally, I would much prefer to just walk away. And for most, that is what I would advocate, and that is what I want to give to my family and my children and all those I care about.

Re:I'll bite troll this is why govt spying is bad

You're absolutely right. Oppression is oppression, whether it's imposed by a direct democracy, democratic republic, monarchy, tyranny, communist state, or a local warlord. I can't believe there are people who actually claim that the process of government matters more than the outcome.

Given the choice between a limited monarchy and an oppressive democracy, I'll take the monarchy in a heartbeat. I don't give a damn what the process was -- oppression is oppression. If you are reading this and my ideals anger you, then I suggest you consider taking those blinders off.

Re:I'll bite troll this is why govt spying is bad

[geekoid]

I'm sorry, Which conflict started under a dem president?

Re:I'll bite troll this is why govt spying is bad

[geekoid]

"..1000 feet of you and stop living everyone else's life for them."

sadly, that never works. When some asshole decides to do something that impacts people out side his 1000 feet, the ideal breaks down.

Big Brother is still watching you

[Dacmot]

There's no encryption government agencies can't crack given enough time, which in their case is usually significantly less than one would think. It's a false sense of absolute privacy. Probably not worthless effort though; it'll probably prevent your neighbour (and your friendly neighbourhood cracker) from tapping your line.

Re:Big Brother is still watching you

Wrong. One-time pad. If done correctly (totally random, total secret keys used once) can never be cracked. Ever.

Re:Big Brother is still watching you

Well, technically it would eventually be cracked given enough time. It's just that the sun will have burned out long before that happens.

Re:Big Brother is still watching you

[moosehooey]

That's incorrect. The nature of one-time-pad is that, given the right "key", the message could decrypt to any given plaintext, with equal probability.

Re:Big Brother is still watching you

Technically cracking it is irrelevant. The problem is that you can't know that you cracked it. It is, shall we say, epistemologically secure.

Re:Big Brother is still watching you

[swilver]

Actually, there is plenty of encryption options that would be completely unfeasible to crack, even by all the governments in this world combined.

By buying senators.

[tepples]

How do you get a patent on a mathematical formula?

Software patents are worded such that the patent doesn't cover but 1. a computer with memory that executes the formula and 2. the method of communicating X, Y, or Z using the formula. Patenting a generic computer with memory preloaded a specific way is possible by buying senators.

True Encryption CAN be outlawed.

[woolio]

They can't outlaw it. How is everyone going to make online purchases?

I think you're being a bit naieve.

I can forsee this:

The US Govt outlaws all encryption schemes not "approved" by the NSA. Only the "approved" schemes involve the use of a "master public key" (owned by the NSA) that can decrypt the data (something like the regular public/private key schemes with a master "backdoor"). Commerce still continues and THEY can intercept anything they want...

And of course, since all encryption protocols would be "known" by the NSA, anything they can't easily decrypt would be instantly flagged and followed up. Of course, only "terrorists" would be using non-approved encryption schemes.

Now of course, the whole idea that anything encrypted could be decrypted with a single master key sounds completely silly.... But truth is stranger than fiction -- look at DVD technology!

Now I don't believe the above scenarion would be any more helpful in catching evildoers... But it would be an excellent want to spend extra money and give to friends in the security business, more business. The public would praise it as a way to *prevent* terrorism (lol!). Such a scenario could also be sold as a way to protect the children from online predators....

I haven't been reading Bradbury, perhaps I should.

Re:True Encryption CAN be outlawed.

[arminw]

....The US Govt outlaws all encryption schemes not "approved" by the NSA....

I though the govt. already tried to implement this sort of thing by something called the Clipper Chip. It was shot down by big business. Most people don't care whether the govt. listens to their conversations. How many, easily listened to cell phones are there now? If the govt. wants to hear my wife call me and tell me what to get at the grocery store on my way home, WHO CARES? All these privacy intrusions will not make us one bit safer against those who would communicate their evil plans to one another. Why those in govt. think it will is beyond my comprehension.

Re:True Encryption CAN be outlawed.

[rhendershot]

>> WHO CARES?

but if your wife calls you to tell you that Senator AzzHat is going to be downtown near where the bus station used to be so you better jack your backside into that old bomb of a car if you want to be able to tear or race through 2nd st cause it will all be blocked off and nothing but a tank will get through... and she needs lots of cash (for the penny ante poker game and you forgot to get coinage yesterday). And asks you to please feed your rocket (the dog) before you go looking for that rifle and armor (some MMORPG you play)....

Perhaps if the conversation were such, and if some Fed took notice, and you found yourself sitting in a little room, you might then care?

Re:True Encryption CAN be outlawed.

[Ash-Fox]

> Now I don't believe the above scenarion would be any more helpful in catching evildoers...

Of course it will, it's not like the US Government knew in advanced about the 9/11 attac... Oh wait, nevermind.

The FCC exceeds its boundaries regularly

[E-Sabbath]

Do they even have jurisdiction over this matter? I recall their order implementing a broadcast flag, when they had no ability to do so.

What mandate have they to control the Internet? Their jurisdiction is for the broadcast spectrum.

Re:The FCC exceeds its boundaries regularly

1. They are not attempting to control the Internet. This is merely one use of the Internet.

2. The CALEA law gives the FCC the authority to make these rules. From the document:

"A telecommunications carrier shall ensure that any interception of communications or access to call-identifying information effected within its switching premises can be activated only in accordance with a court order or other lawful authorization and with the affirmative intervention of an individual officer or employee of the carrier acting in accordance with regulations prescribed by the Commission."

The Commission that is being referred to is the FCC, as defined near the beginning of the document.

I know it has been said plenty of times before, but try reading TFA sometime. It took me less than a minute to follow the link to Wikipedia for the summary of CALEA, which contained another link to the actual text of the law where I found the answer to your question. Stop expecting other people to track down information that you can find for yourself with a little effort.

Re:The FCC exceeds its boundaries regularly

[cybercrime]

Whether FCC has jurisdiction over this or not was argued today in front of the Court of Appeals for the District of Columbia. Sounds like a ruling is expected before September. Here's an AP article about this morning's argument.

Foreign commerce

[tepples]

Why should my VOIP program have security holes because of the big bad terrorists terrorizing the US?

Because your VOIP company does business with one or more U.S. residents, and "The Congress shall have Power ... To regulate Commerce with foreign Nations".

Every back door can be abused

[cpu_fusion]

As the convenience for the government to wiretap increases, the ease for a third party (inside or outside the government) to abuse such a mechanism also increases.

There was a debate back in the Clinton era as to whether or not encryption on the Internet needed a "back door" for the FBI. I had thought that the argument regarding the potential problems safeguarding these "master keys" had won out. Having the FBI spying on you with a warrant is one thing, but having organized crime, a private investigator, or some rogue arm of government (quite a few of those these days it seems), ... that's another thing entirely.

If you trust the government not to abuse this, then consider whether you trust the government to be able to effectively safeguard access to this. Ignoring social engineering (e.g. $), how likely is the government to have every bit of this infrastructure protected against stealthful 3rd party break-ins?

Suddenly blackmail is going to get a lot easier.

It took many decades for the Internet to flower and change the world with its freedoms. It is taking far less for the governments of the world to deflower the Internet and sow the seeds of thought control.

Re:Every back door can be abused

[cpu_fusion]

I know it is bad form to reply to one's own post, but I would like to point to the "Clinton era" encryption strategy with a (faulty) back door. That was the "clipper chip", and you can read about it here.

The point is ... whatever the backdoor mechanism the government mandates, it will be vulnerable to third-party abuse.

Illegal Voice Scramblers?

"I was under the impression that it was illegal in the US to use voice scramblers to mask your telephone calls."

Why would you think that?

Tor for misdirection on who you are talking to?

[AnyoneEB]

Can you make VOIP calls over Tor? Wait, no, too slow, right?

Nothing like a group of a few poweful men...

[OzPhIsH]

Nothing like a group of a few poweful men enforcing their whim on us, ensuring that they can continue to stay in control over the masses. Passing laws, rules, regulations, and restricitons that pretty much none of us want, without consulting us, and barely even informing us.

Can't you just smell that freedom?

Can we please quit voting for the establishment now? Please? With a cherry? For the children?

Staff are more important than the Congressmen

e-mails are only seen by staff.
Who do you think makes the real decisions?

It is called delegation.
"Jim do a position paper on topic X"
Jim does the research, talks to groups, talks to lobbyists, writes the paper. The Congressmen reads the executive summary of Jim's paper and votes that way. If it is important he has Jim brief him on the finer points of topic X.

You want to get smoke blown up your ass? Talk to the Congressman.
You want to get something accomplished? Talk to the correct staff member.

How would this work?

[jamesh]

Properly implemented, SIP (common VoIP protocol) works like this:
A='A Party' - the person making the call
B='B Party' - the person receiving the call
P='Proxy' - the VoIP provider

A and B register with P.
A makes a call to B:
. A requests P that it be put through to B
. P contacts B, B's phone rings
. B answers
. P lets A know B's details
. P lets B know A's details
. A and B exchange voice traffic directly, without involving P

This allows latency to remain low when, say, A and B are in Australia and P is on the other side of the world.

To perform a successful wire tap in this scenario, the FCC would need to intercept the data at multiple points, possibly in separate countries.

Alternatively, P can tell A and B that there is too much firewalling in place and that all voice traffic must go via P, but by doing this they are giving the game away... it would be easily detectable by A and or B if they were smart enough to know what was going on.

Re:How would this work?

Alternatively, P can tell A and B that there is too much firewalling in place and that all voice traffic must go via P, but by doing this they are giving the game away... it would be easily detectable by A and or B if they were smart enough to know what was going on.

Instead, P tells all callers at all times that they have to route through P, killing any good performance unless P (or one of P's relays) is "close" to either A or B.

Re:How would this work?

[DigiShaman]

You just discribed Skype in detail. Now add to the fact the transmission from PC to PC is encrypted.

If the FCC has their way, they will create a law that mandates all VOIP traffic go through "P" (central server) so it can be monitored. As such, it would also make P2P illigal too. You know ISPs would love this, in fact back up the plan as they *hate* P2P users.

Re:How would this work?

I work for Lawful Intercept VOIP system in a (very, very) large telecommunications manufacturer. I can assure that it's possible to intercept your calls without that it can be detected in the scenario above. This is done by a Session Border Controller (see http://en.wikipedia.org/wiki/Session_Border_Contro ller).

Re:How would this work?

[jamesh]

ummm... isn't that what I said??? The point is that not only is it bad for performance, it's easily detectable by either end.

Re:Encrypting is a bad otpoins

[BalanceOfJudgement]

And to expand on THAT idea a little...

Two weeks ago, no less than THREE government agencies were given FAILING GRADES FOR PROPERLY SECURING THEIR DATA. THREE. The FBI, The Department of Homeland Security, and one other I forget at the moment.

THREE. And these were just the ones investigated.

Two days ago, the IRS was given a "barely passing" grade when it was discovered that their employees STILL answer over 60% of tax filing questions WRONG.

And THESE are the people we want to entrust our most secret daily lives and data to?

Yeah right. I'll take a stereo broadcasting my credit card number into a stadium before I would ever trust the government with one iota of important information..

Particularly given that I am a government contractor and EVERY DAY get to see how incompetent these people really are.

Terrorist attacks

That's okay. Usually when I plan my terrorist attacks, I don't use VoIP. It pays to just have a spoke wheel conspiracy like we used for the September 11th attacks. That way all communication is done through personal meetings and few people know enough of the plan for it to get leaked even if one of our members is busted.

In fact I am quite happy to see this new FCC order. Don't forget our goals with September 11th was to break America down and give politicians reasons to take the freedoms away from the public. We know that this will destroy the free spirit upon which their economy is built and allow our radical message to flourish.

Long live the FCC!

-Osama

Re:Terrorist attacks

[ringnoanswer]

Umm.. The FCC and especially the despicable shill for AT&T and Verizon, the FCC Chairman Kevin Martin care only about killing VoIP entirely and setting him/themselves up for fat, do nothing consulting gigs when their terms are over.

Re:Terrorist attacks

[brxndxn]

Whoever marked parent as flamebait is an idiot, imo. OP's being satrical and making a good point - kind of like the way Stephen Colbert became famous.

Oh ya.. feel free to mark THIS post as flamebait.

Re:Terrorist attacks

[Ash-Fox]

> Don't forget our goals with September 11th was to break America down and give politicians reasons to take the freedoms away from the public. We know that this will destroy the free spirit upon which their economy is built and allow our radical message to flourish.

You forgot that the American government (and some others) knew in advanced about the September 11th attacks.

Re:Terrorist attacks

[geekoid]

"...American government ..."
no they didn't. To say so is ludicrious in the extreme.

"...(and some others) ..."
Sure, the terrorists.

Re:Terrorist attacks

[Ash-Fox]

> "...American government ..."
> no they didn't. To say so is ludicrious in the extreme.

I bestow the power of google on you.

Wikipedia also has some relevent information too.

Compatibility mode

[FLEB]

The only road-block is that the other person you're talking to has to have the same setup. For 99% of people, it isn't worth the cost. For businesses & gov't agencies, it certainly is.

(Ring-ring...)
(Ring-ring...)
(Recorded voice) "This is an encrypted telephone call. It appears you do not have a compatible decryption device. Please have a pencil and paper ready, and follow along as I read you some simple instructions. First, write a list of 256 random numbers from 1 to 16. When you have completed this step, press pound."

(scribble-scribble-scribble... bleep.)

(Recorded voice) Now, divide the first number by... six, noting the remainder.
Divide the second number by... twelve, noting the remainder.
Divide the third number by... eight, noting the...

why is this a big deal?-TC

"I've tried convincing friends [even some geek friends] to encrypt their emails and IMs but laziness is hard to overcome. Sending my parents an encrypted IM or email is next to impossible because the encryption isn't hidden to them."

Trusted Computing (not to be confused with DRM) will take care of this problem.

Choose a VOIP provider outside the US-Piracy.

"What's to stop them from passing legislation to prevent those in the US from using a non-US based VOIP provider and/or using encryption? I can't see them allowing such common-sense work-arounds."

I realize the "what if so and so passes legislation" is a common argument around here. The fundamental flaws with that argument is "who's going to obey it?", and "who's going to enforce it?". Otherwise it's just words on paper.

This is not providing the Guvmint access...

[splashd]

I'm as paranoid as the next guy, but CALEA is not providing unbridled access by the government to VOIP phone calls, just the equivalent ability they have in the switched world to monitor calls--with a court order for criminal investigation.

We're so jaded these days that we assume that the big brother government is listening to all, but the reality is that there are still strict controls, despite some exceptions via the Patriot Act, that protect the average Joe.

Re:This is not providing the Guvmint access...

Someone hasn't been paying attention to the news lately.

Here We go Again

[cyberscan]

Better yet, it is time to either join, form, or support independent political parties. Face the facts, the Democratic - Republican party is funded and controlled by special interests. Special interests make political campaign contributions and pay for advertising. Voters do not. Things will change ONLY when people decide to smarten up and quit being manipulated by the special interest financed advertisements (and that includes internet advertising such as blogs like this one).

'We the People' have seen what decades of power shifting between Democrats and Republicans has accomplished - more government, higher taxes, and less freedom. Out of the entire Congress, there may be one (Ron Paul) or two members that even care about such a thing as the Constitution. Just about all of Congress is made up of Republicans or Democrats. Each party accomplishes the same thing by eroding different freedoms.

Republicans may not be as hard on gun ownership as Democrats, but they are sure hard on the fourth amendment of the Constitution. Both parties support the flooding of our nation with cheap, slave-made goods. Both apparantly have a disregard for human rights. I know that I for one am tired of the years and years of broken promises and false hope that is preached by these two parties. Both of these parties have shown us what they can do for (to) us. We have seen their work. Now, let's try something else.

This election season as well as 2008, it is high time that we as a people support alternative parties such as the Libertarian Party ( http://www.lp.org/ ), Constitution Party( http://www.constitutionparty.org/ ), Green Party ( http://www.gp.org/ ), Veteran's Party, Socialist Party, and any other political party other than the two corrupt lamescream parties that have been duping the people for decades.

I for one support the Constitution Party, Libertarian Party, and Veteran's party (in that order). I will only vote for a "Republicrat" or "Demican" only if there is nobody else on the ballot and there is no write in blank. Even then, I have sometimes abstained from marking a choice. But of course, we will always have some people who insist on voting the "Lessor of Two Evils" because they believe that candidates of other political parties "don't stand a chance of winning."

Tell that to Jim Gilchrist (Founder of Minuteman Project) who ran for Congress under the American Independent Party. He won the most votes on election day and was only done in by absentee ballots (apparantly, the absentee voters never got a chance to hear his message or the election was rigged). Aagree with him or not, he showed that a candidate from an alternative party actually had a good chance of winning. Apparently, the people in that distric in California are sick and tired of the bullsh1t that spew from the Republican/Democratic Party.

I hope that people this election are not so stupid as to give up their freedoms to the sellout lamescream political party that has manipulated them for years. Each time I hear people bitch and moan that Gore should have won the election or that "Democrats" tried to appeal and recount their way to victory, I want to puke. IT MAKES NO DIFFERENCE which one should have, could have or had won, the results are the same. More government, higher taxes, more rules and fewer freedoms for the people. I want limited government, so that is why I vote for candidates of the Constituion and Libertarian parties. I hope people who read this are not stupid enough to throw their vote away on a Republicrat

Re:Here We go Again

[celotil]

I hope that people this election are not so stupid as to give up their freedoms to the sellout lamescream political party that has manipulated them for years. Each time I hear people bitch and moan that Gore should have won the election or that "Democrats" tried to appeal and recount their way to victory, I want to puke. IT MAKES NO DIFFERENCE which one should have, could have or had won, the results are the same. More government, higher taxes, more rules and fewer freedoms for the people. I want limited government, so that is why I vote for candidates of the Constituion and Libertarian parties. I hope people who read this are not stupid enough to throw their vote away on a Republicrat

You, the true patriots of America, the people who will stand and fight their own government to save the freedoms they have now and liberate the freedoms you had before PATRIOT, have until sometime between the start of July and the end of September 2008.

I predict, as I'm sure a few other people have done, that sometime between those dates, there will be another "terrorist attack" on United States soil.

I don't want this to happen, and I already weep for the people who will die in this event, but I believe that your government will, if not directly take part, at least allow this to happen.

Why?

Take a good long look at September 11, 2001. Take another good long look at the bombings in London on July 7, 2005.

I repeat, I don't want this to happen. I am filled with rage and sorrow right now at the people who presented the official reports on 9/11 and 7/7, and the people who used these and earlier governmental and departmental reports to justify such things as the PATRIOT act, extensive wire-tapping without judicial process, and the mistreatment of anyone deemed to be an "enemy combatant".

The thought even occurs to me that this next attack might happen in a "token" ally country, like Canada, or my home, Australia, set up to look like a Muslim or other religion-based attack from the "axis of evil".

Second prediction - Within hours of the attack, the FBI or Department of Homeland Security will have a prepared statement that says they know who performed the attacks and how. Within 48 hours, probably less, they will state that they have conclusive evidence to prove their earlier statement.

There will be no oversight on this evidence from a third, impartial party to verify and confirm the previous statements. Any actual evidence of the attacks will be removed as quickly as possible from the public eye "in the interests of preventing further panic and allowing the people to recover quickly and get on with their lives".

This clean up will remove the real evidence of what happened, just like what happened after September 11, and I presume happened very shortly after July 7. Two to three years later there will be a government sponsored report on what happened, and it will be as full of holes and ommissions as the official report on September 11 is.

More freedoms will be lost. In all likelyhood most of the changes will happen behind the scenes, nibbling away at what freedoms US citizens have now. There will be no grand gesture on the part of the government to look after and protect its people by removing mass amounts of rights and privileges. The grand gesture was the "terrorist attack", orchestrated by those capable of doing so in order to shake up and ready the people's minds to a gentle lessening of freedoms.

People in westernised countries are being terrorised every day, but it's not by foreigners. The terror is coming from inside their own heads, their imaginations, and the people putting the imagery in

Re:Here We go Again

[celotil]

I'm probably going to get into big trouble for that post, and it's off-topic too. Sorry. ;)

Okay, you've got VoIP and want to use it securely? Don't just encrypt, encode.

"I'll meet you after work at the pub" could be said as "I'm going shopping after work for Green Eggs and Ham".

Yeah, pretty obvious it's bullshit but that was an off the cuff example, and I'm still pissed about 9/11 and 7/7.

And no telling the other person over the phone, "codebook page 12", when you start the conversation. Somebody steals a copy of the codebook and pffft, there goes security.

Have a system for using the codes, like say, days of the year equal certain pages in the book, and if there's ever any suspicion of compromise then you very simply call the other person, say "trash mag" and hang up.

The other person knows to throw away their codebook and meet you in person to obtain another if there's no spare, and it'll drive the secret security, or NSA or whoever is watching you, absolutely nuts looking for the phrase "trash mag". :)

Thomas Jefferson with a cell phone would have done

[mrraven]

Dumbass, if the American revolution were taking place today you can be sure Thomas Jefferson would have a cell phone and a laptop and the 4th amendment would be written in such way as to keep government snoops OUT of those devices.
The INTENT of the 4th amendment is to keep the government out of our "houses, papers, and effects" in the 21st century that means electronic files and phone conversations. YOU may want your rights whittled down to bite sized chunks to be swallowed by the leviathan government, not all of us are sanguine for such a fate.

Count me in (eom)

[RareButSeriousSideEf]

Mail have you.

Re: Cause of terrorism

[rodgster]

The cause of terrorism is religious zealots. They're all the same.

That goes for whatever side of the coin you happen to be viewing. All are a bunch of total fools if you ask me.

From some a@@Hole who promises you 17 or WTF ever virgins if you complete some stupid suicide mission.

to

Some Frat Boy who burned his brains out on bourbon & coke and says that he's doing God's will (most people who think they talk to God are viewed to be either insane or a pope).

I got Karma to burn so I'm free to say (to the off topic a@@holes who don't like my sig) that your fascist (jack booted) leader has been responsible for the deaths of more Iraqis than Sadam (Insane) who is currently on trial for such.

Tell me oh fascist dipsticks why we shouldn't send Arbusto to the Hague for trial?

Or we just impeach him then throw him and his crew in jail for perjury (I believe that today that fact is so well established that even you fool ditto heads cannot ignore it) here in the good ol' US of A?

IMHO our founding fathers would tar, feather & ride this asshat and his crew out on a rail if they were around today.

Doesn't matter, you live in a dictatorship now.

President Bush has quietly claimed the authority to disobey more than 750 laws enacted since he took office, asserting that he has the power to set aside any statute passed by Congress when it conflicts with his interpretation of the Constitution.

http://www.boston.com/news/nation/washington/artic les/2006/04/30/bush_challenges_hundreds_of_laws/

Encrypted or not.. CALEA

[ringnoanswer]

Folks.. CALEA is implemented in the application core of a VoIP providers network. Encryption (TLS and SRTP) is generally maintained between the Session Border Controller "SBC" (edge of core) and the VoIP end point (customer premise). About the only thing that many VoIP providers will have to change is to "hairpin" media back to the core for calls between end user, VoIP endpoints. The rest of the existing architecture and common routing methodology lends itself well to CALEA.

Re:Encrypted or not.. CALEA

So if all of a sudden your VOIP calls become choppy and laggy, you might not want to talk about your basement gardening project.

Tor for Voice

[Kadin2048]

Not Tor as it's currently implemented, no. I think the latency is way too high, even under ideal conditions (something that's perceptibly slow for HTTP traffic isn't going to fly with SIP packets). However that doesn't mean that you couldn't, at some point in the future -- maybe today -- set up something Tor-like for voice. The problem would be finding enough high speed and low-latency nodes to provide any real security, while also not injecting tons of latency into the call.

For one-way transmission it's probably easily doable, since you could buffer the stream heavily on the receiving end, but that wouldn't be too pleasant a way to have a two-way conversation.

Use IP to IP Dialing To Bypass VOIP Backdoors

[Junior+Samples]

I regularly use VOIP via Free World Dialup (FWD). This system uses the SIP protocol. FWD servers seem to have frequent outages. To get around this problem, I've found that I can use direct IP to IP dialing and bypass FWD's servers completely. IP dialing is cumbersome, but you can put the dialed addresses in a speed call list and use 2-digit dialing. This works very well. There's a side benefit of no call logging since the provider's server is being bypassed. In theory I can call any SIP phone that's connected to the internet whether they're on Vonage, Packet Eight, or any other network, if I know their IP address.

Right now there are about a half dozen members of our private network. We're all registered with dyndns.org to solve the problem of dynamic addressing. We're all using Sipura Network adapters to connect a regular telephone to the Internet. The Sipura adapters accommodate dialing by hostname or IP address. The latency is lower with direct IP dialing because the voice packets are not routed through FWD's STUN or NAT servers.

This method is more secure since you're not dependent on any VOIP provider. The back doors that they provide for government spying can be bypassed. Encryption would be difficult but not impossible because it would have to be implemented in the Sipura firmware. SIP software phones will also work with direct IP dialing.

Arguably correct, two ways

[jd]

First, STU phones have indeed been around for ages. I believe the military use STU III, which gives them public-key encryption. The biggest problem is that the people often natter on the unsecured connection first, which not only tells any attackers whose keys are being used but some of the content of the message they are trying to break. Commercial scramblers, for low-grade security, have been around longer but probably are nowhere near as secure.

Second, you can trivially encrypt an ordinary telephone very easily. Feed the handset into the microphone input of your soundcard. Apply a stream cipher to the recorded input. Play the output through the soundcard and into the base of the telephone. Not quite public-key standard, but I'll bet you STU phones just send the encryption key by public key and actually use a stream cipher for the data itself.

It may be possible to put an eliptic curve cipher into hardware - an ASIC, or something, then place an ADC one side and a DAC the other. Then you'd have true end-to-end public encryption hardware for a phone. You'd need to have one group of chips for the incoming and the other for the outgoing, then have some means of entering the public and private keys.

Not sure you could encrypt a mobile phone very easily - you'd need to rip a lot of it apart, unless you could code something in Java and have the sound go through the applet. It would kill the battery, even if there were some way to do that, though.

The trick with VoIP is to produce a degree of randomness very similar to a commercial scrambler. (Same, actually, for landline encryption.) The idea there would be to use what appeared - to all intents and purposes - to be lawful encryption technology for phones. (Well, technically it ALL is, but the Government is less likely to want to tangle with the corporate sector. They have more money than geeks.) If it cannot be distinguished from a commercial scrambler (except that their usual scripts won't break the code) then it'll probably not worry anyone too much. Except for those in the NSA who like selling industrial trade secrets on the side.

The reason you want to mimic the signature of another system is that it'll make it harder for said authorities to justify finding out what this new crypto tech is. If it looks the same, and the exhaustive key search is incomplete, then there isn't anything to suggest a new tech exists to obtain. And, face it, beurocrats are as lazy as everyone else. They're paranoid, too, so don't play on the paranoia, but DO engineer towards the lazy.

Re:Arguably correct, two ways

Did you even read the fucking link before opening your yapper and vomiting all over the keyboard?

Not scrambled, copy protected!

[RareButSeriousSideEf]

If Barbara Boxer's bill passes prohibiting open & clear protocols for "internet streaming broadcasts," well then you wouldn't be scrambling voice, you'd be DRM'ing the stream.

Bill Would Outlaw Digital Receiver Recorders:
http://slashdot.org/article.pl?sid=06/05/02/185320 8

Interested parties, government or otherwise, would be more than welcome to the raw stream; all they would need is to apply for a license to your proprietary Copyright Protection technology (which of course requires that they submit plans & blueprints for each device they wish to license, along with proof of its robustness in thwarting those who would attempt to defeat it and record or otherwise redistribute the content). Then, provided they received the mandatory certification for a licensed device, it'd be a clear voice call like any other. Well, so long as their device key hadn't potentially been compromised by some teenage hacker in Algiers, in which case it would have to be subject to key revocation to preserve the DRM system's integrity.

But they could still license a new device - and that would probably pay off in the long run anyway; older devices that worked with the obsolete DRM release level wouldn't be supported in the then-current revision anyways...

Just followin' the law as it's written, sirs...

Thank Goodness

[glittermage]

Now the state and local governments can wiretap the Department of Homeland Security Internet connections to catch kiddie porn surfers. I feel a lot safer.

Re:Thomas Jefferson with a cell phone would have d

[greenrom]

Hey dipshit, exctly what rights are being whittled away here? In case you weren't aware, any police agency can get a wiretap after showing probable cause to a judge and getting a warrant. Before 1967, they didn't even need to do that. The only thing this ruling does is ensure that the infrastructure is in place to allow them to obtain wiretaps on VOIP calls in EXACTLY THE SAME WAY THEY'VE BEEN DOING FOR YEARS WITH PSTN CALLS.

If they had telephones in the 1700s, the 4th amendment may well have read "houses, papers, effects, and telephones". So what imact would that addition have? None. As I said in my first posting, the supreme court already recognizes that telephone calls are covered under the 4th amendment. My point was that the 4th amendment never granted absolute protection against any government search or seizure. There have always been circumstances where searches and seizures are legally permitted.

Every civilized society relinquishes a certain amount of personal freedom to their government in order to estabilish an orderly society in which laws can be enforced. Nations with elected governments tend to have the most personal freedom (i.e. The USA, most of Europe, etc.). Less democratic governments tend to offer less personal freedom (i.e. China, Cuba, etc). There are a few "perfect" places in the world where governmental structure is so weak that you don't have to fear any government invasion into your personal life, but I wouldn't want to live there. In countries like that, you'd be too busy figuring out how you're going to get your goats back from the neighboring villiage that stole them from you without being speared to death. If that sounds good to you, great. Personally, I prefer to live in a country where there's a slight chance someone might listen in to one of my phone calls.

As an interesting side note, you might be interested to know that it's much more likely that your phone calls are being listened to by someone who isn't affiliated with the government at all. I design telephone network equipment for a living, and occasionally I've had to go to central offices when customers have had problems with our products. Every time I've been in a central office, the guys working there have "monitored the lines for quality". This is totally legal under the electronic communications privacy act of 1984. However, in my experience "monitoring lines for quality" could easily be mistaken for "I'm bored, let's drop some DS0s out to this speaker and see if we can find a juicy conversation for my own amusement." People working in central offices at night seem to get the most amusement out of drunks and people having phone sex, so if you want to make sure nobody listens to your conversation, talk about something really boring.

Person to person

[moa+hunter]

I probably dont know what im talking about but -

If you had a device that "attached" to a handset - then couldnt you encrypt/scramble your voice using a set cipher within the device and then have whoever you are calling have a similar device with the same cipher key that decodes your voice?

From what I know (which isn't much) no-one should be able to break the cipher at all unless they physically get hold of one of the handset devices... because the cipher is simply randomly encrypting your voice there is no mathmatical way to break it...

Of course this would only really work if both people had the device etc etc and is therefore not a very practical solution to phone encryption.

Re:Thomas Jefferson with a cell phone would have d

[mrraven]

The "terrorists" scare me FAR less than people like you. Stay the fuck out of MY phone calls, and electronic files.

Encryption

[Skapare]

I don't know the specifics of the protocol, but I'd bet encryption could be added, anyway, without touching the firmware. The other party would need to be doing the same thing. At some point when you dial direct IP to IP, it has to be making a connection (TCP or SCTP) or sending a datagram (UDP or DDRP). This traffic would be routed through the encryption machine which would encrypt it by a select means and forward it on to the destination. One fairly obvious form of encryption would IPsec. Linux also supports, through netfilter, intercepting TCP connections intended for elsewhere, with an ioctl() to get the address info where it should be going. Then the intercept process can open a real connection to there and pass traffic along, encrypting what is sent, and decrypting what is received.

Re:Encryption

[MultisSanguinisFluit]

Might get the first person arrested, but the right to use encryption is a freedom of speech issue, so after the case makes its way up to the SC, the charge will get thrown out.

We have the right to express ourselves, be it in plain or ciphertext.

Re:Encryption

[Ash-Fox]

Using a VPN would suffice.

Use Zfone

[Kamiza+Ikioi]

"If Skype bows to FCC pressure (which they will) then they will not provide encryption in their service which means that the people using Skype won't be able to encrypt their calls."

http://www.philzimmermann.com/EN/zfone/

From the link: "Zfone uses a new protocol called ZRTP, which is better than the other approaches to secure VoIP, because it achieves security without reliance on a PKI, key certification, trust models, certificate authorities, or key management complexity that bedevils the email encryption world. It also does not rely on SIP signaling for the key management, and in fact does not rely on any servers at all. It performs its key agreements and key management in a purely peer-to-peer manner over the RTP packet stream. It interoperates with any standard SIP phone, but naturally only encrypts the call if you are calling another ZRTP client. This new protocol has been submitted to the IETF as a proposal for a public standard, to enable interoperability of SIP endpoints from different vendors."

If it's digital, its encrypt-able. They can monitor everything they want, but as long as VoIP goes through an internet connection (which is the whole point of VoIP), it's encrypt-able. The same goes for all things over the internet.

Remember, the NSA is already monitoring lots of internet and phone traffic. They're blanket tapping us all. Right now, if my connection is going out over an AT&T line, they are watching me. No longer is it just paranoia that we're all being watched. If you want privacy, don't just encrypt your phone conversations. Encrypt your searches, encrypt your email, encrypt your downloads, encrypt your files. The NSA may be able to see the traffic, but you can prevent them from red flagging you by your content.

It is no longer akin to an act of civil disobedience to run encryption, it is a survival tactic for what another poster called Joe Sixpack (aka Joe Bloe, John Smith, Average Joe).

Re:Use Zfone

[shmlco]

"...but you can prevent them from red flagging you by your content."

Yeah, all that encrypted content doesn't raise any flags at all...

Re:Ad at the Top about Some Intrusion Detection S/

[thealsir]

Why is this modded offtopic? The constitution is almost a urinal cake already. The government just wants more justification for intrusion into everyone's lives - the real crooks will continue to use throwaway cell phones and ad-hoc voip protocols.

Push-To-Talk, yes, full VOIP, no even close

[billstewart]

Tor's not designed for realtime. It does try to be faster than some of the previous similar designs, but it's going for the "fast enough for comfortable web surfing" version of fast, not the kind of 150-millisecond latency 50ms jitter sorts of behaviour you'd need to not sound like M-M-Max HhhHHHeadroom.

But you could do push-to-talk sorts of voice, if you're into that.

Hopefully when the revolution comes...

[Jackie_Chan_Fan]

our military will have the guts to turn on the government and fight for the citizen and not the government. :)

Burn baby Burn... So Long, and thanks for all the fish...

SIP Protocols and Encryption and 3-Way calls

[billstewart]

First of all, you don't want to attack the strong links when there are weak links that'll get what you need. A Wiretap is a 3-Way-Call with the Univited Party on Mute. So you don't try to break the cryto, you try to make sure you're on the call.

SIP Control Support for Encryption is Limited. There are two main kinds of encryption used in SIP - call setup messages, which can be implemented using TLS (SSL's successor) or left unencrypted, and media channel encryption, which is done end-to-end by the caller and callee, but still gets set up through the SIP controller. Unfortunately, too many of the SIP Session Border Controllers and other packet-handling equipment don't have the horsepower to set up the media-channel crypto. It's especially true for equipment that's scalable renough to handle a whole phone company, as opposed to equipment that's designed to run as a PBX or SOHO VOIP system, so even if your phone can do it, the controller might not ask, (Phil Zimmermann's latest work tries to fix this.)

The really really cool thing about SIP is that you can chain multiple proxy servers together to build things, resolve issues about control, and isolate problems and information domains. It's also good that the handshaking is much simpler and more SMTP-like, as opposed to the evil complexities of leftover ISDN protocols data formats and interactions, and there are a couple of other useful capabiliies, but the basic big win is that you can chain the SIP servers together.

Re:SIP Protocols and Encryption and 3-Way calls

[jamesh]

A Wiretap is a 3-Way-Call with the Univited Party on Mute

that's even more easily detectable than routing via the proxy. If you're the 'bad guy', you will have a SIP device that can notify you that it has been asked to send a copy of all traffic to a 3rd party. As the cops, not letting the 'bad guy' know that you are on to them is a requirement to being able to catch them red handed.

Re:SIP Protocols and Encryption and 3-Way calls

[billstewart]

Sorry, took a while to understand your note - I consider the term "bad guy" to apply to the wiretapper, not the target :-)

Re:SIP Protocols and Encryption and 3-Way calls

[jamesh]

That's a fair point. I should have defined them more clearly as the distinction is indeed blurry :)

Surely just for yanks?!

[Dokbua]

I hope they will keep the un-crippled versions for us un-americans! I though you guys were suppose to be the worlds upkeeper of personal freedom and all that. Sheesh!!!

Re:Surely just for yanks?!

[pe1chl]

There are already many other western countries that want to implement such laws, or already have.

It is very apparent that this "freedom" thing wears off very quickly. Twenty years ago, the governments that now want to listen-in on everything were pointing at the communist workd and telling us how bad the situation was over there.
Citizens would be monitored by the STASI and nobody was able to move in freedom. You could not go on the street without your Ausweis.
How bad were those communist governments made out to be, and how good was the western world where everyone was free.

Turns out that this freedom only was an excuse for the government to get support for the cold war. The communists had to be kept away, and freedom was the candy to give to the citizens.

Now that there are other (presumed) threats to the western world, and freedom does not fit in the plan as well as it did during the cold war, the who thing is discarded in a moment. Why do you worry about being tapped when you are not a terrorist? Why do you oppose against wearing an ID at all times? Freedom is no longer convenient to the men in power, and it is now simply taken away from us.

Re:Surely just for yanks?!

[Dokbua]

Does this article from yesterday not answer your questions?

Guess you didn't read my post or parent post.

[jd]

Oh well. Anyways, this is slashdot - nobody RTFA here, especially when we know more than the journalists (which is 99.9% of the time). The bottom line is that there's bugger all any agency can do to block encrypted VoIP or encrypted phone calls because (as I pointed out) you can insert the crypto device prior to wherever they mandate the backdoor. If they backdoor the ISP, then encrypt the link. IPSec is good enough for most people. If they backdoor ALL VoIP software, then encrypt the microphone and headset the way I outlined.

I don't NEED to read the article to know that no problem exists outside the minds of the foolish and the lazy. Anyone else can be as secure as they damn well please. (But what if they outlaw such methods? Duh, read my post. You don't leave your methods in plain-sight, you hide them. All you need is the signature of your data to look like something they'd be ok with.)

Normally, I wouldn't respond to trolls that are so unoriginal, but this is an important issue and some poor fool might think there's something to be scared of. The ONLY thing to fear is fear itself, the rest is subject to logical thought.

Re:Thomas Jefferson with a cell phone would have d

[greenrom]

Wow. I tend to be more afraid of people who actually wish to do harm to me or others. It's too bad you find ideas to be more threatening than acts of violence. I'm afraid you're doomed to a life of fear. There are relatively few people in this world who would wish you harm, but it will always be easy to find people you disagree with.

Re:Encrypting is a bad otpoins

[Kreigaffe]

... flamebait? Oh come on, can't you people read the sarcasm dripping off this.. man!

Reminds me of a quote I heard

[Ravear]

strong encryption on top of VoIP is the way I will go.

"The Internet interprets the US Congress as system damage and routes around it." [source: Jeanne DeVoto.]

Constitutional right to privacy

[David+Jao]

Here is the text of the fourth amendement.... There is no absolute protection of privacy granted in that amendment.

I think you could use a civics lesson yourself. Here is the text of the ninth amendment:

The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

Re:Constitutional right to privacy

[greenrom]

The 9th amendment says that just because a right isn't specifically granted in the constitution doesn't mean it is disallowed. However, congress can further restrict your rights by passing laws so long as they don't violate the rights enumerated in the constitution. In every state murder is a crime, yet the constitution says nothing about a person's right to murder. The 9th amendment doesn't make murder legal. Likewise, congress is free to enact laws that restrict your privacy rights or even grant others like the FCC authority to restrict your rights so long as they don't enact a law that conflicts with the rights specifically enumerated in the constitution.

Re:Constitutional right to privacy

[David+Jao]

Thought exercise: given what you just said, does the ninth amendment have any effect on the federal government at all?

If yes, what effect does it have? Be specific.

If no, why is the ninth amendment in the Constitution?

Tags of evil stupidity

[jrieth50]

This is WAY off topic, but I wasn't sure where else to put it.

Can someone please stop the morons who put 'stupid' and 'evil' as a tag on every other story? It's distracting, childish, and clusterf***s Slashdot's front page.

It's just a cowards way of avoiding posting an actual comment and getting modded into oblivion.

Re:Tags of evil stupidity

Oh noes! How dare so many people express their opinion to collectively make a tag of 'evil' appear!!

Ah, but in a post-911 world...

[J.+Dunlap]

[insert drivel here]

Nice

[GuloGulo2]

Now that you've uselessly paraphrased that tired cliche, explain why.

"It is a big deal."

Why?

GP aksed why you care about tapping VoIP when tapping phones is currently trivial.

You responded by spouting nonsense. Answer the question please.

Encryption

[nurb432]

Ummm if they have ruled that its *required* to support snooping, if you use encryption ( and get caught ) it would/could be considered obstruction of justice.

Wont matter what you are saying, the fact you encrypted is enough to get you arrested.

What's all the outrage for?

[caudron]

Law enforcement can already tap land lines, and that is a priviledge they should have. Despite claims to the contrary, tapping lines (after the appropriate warrant has been secured) is a valuable law enforcement tool. All the FCC is saying is that VOIP lines are not somehow exempt from the same actions.

Keep the fight where it belongs: Warrantless tapping. The issue is law enforcement tapping lines without judicual oversight, not extending their tapping powers to VOIP.

Tom Caudron
http://tom.digitalelite.com/

Re:What's all the outrage for?

[Detritus]

The outrage is that the government is now demanding that systems be designed or modified to make it easy for them to tap calls. This is new.

In the old days, the telephone company had to cooperate with an agent with a warrant, but they were under no obligation to make it easy for the agent to tap a call.

This is like the police department demanding that all door lock manufacturers provide them with a master key, so that they don't have to go to the effort of breaking down people's doors when they execute a search warrant.

Re:What's all the outrage for?

[Pfhorrest]

It's one thing for a warrant to grant police the right to { monitor your communications | search your home } in search of incriminating evidence.

It's another thing entirely to require that { phone systems | houses } be built in such a way that it's particularly convenient for them to do so.

Re:What's all the outrage for?

[geekoid]

unless the path the communiction takes is to a non US server, then they don't need warrants. Considering the way the internet works, you won't be able to prove wether or not your connection at the time went outside the US.
Effectivly making Warrants unneeded.

Can someone show me...

[thebdj]

where this is any different then the cops being allowed to tap regular telephones? Seriously, have they once said that the cops will have unfettered access to this information without a warrant? If not, then I do not see why there is this urgent need for encryption on VoIP. I mean we are talking about the police agencies being able to have the same access to listen to VoIP conversations that they already have to tap every other phone line in America.

Now, I am sure you are all wearing your tin foil caps, but really this is not about some great big brother monitoring scheme. If you are so scared about people listening to your calls, you do not need encryption. Just start talking in code. Afterall, mobsters and just about anyone else committing illegal activity have been doing it for years to avoid being overheard.

I just am afraid I do not see everyone elses great concern in this matter. Of course, my lack of VoIP means that monitoring my calls is already quiet within the realm of possibility. As for the text conversation part, if I were truly concerned about stuff I was saying the last way I would transmit it would be over IM or through e-mail.

Re:Encrypting is a bad otpoins

[dramaley]

>Japanese DECENT

I would agree that the Japanese people as a group are fairly decent; those that i have met have been decent anyway. I don't think it is worth shouting about it like that though.

Sure, you bitch about this.

[EddyPearson]

You bitch at the govenment for this, then some people come along and bomb two big towers in NY and you won't shut the fuck up. Make up your mind.
I KNOW the police monitor text messages and voice calls in the UK. I also know that I could say PRETTY much anything i wanted and unless it involved bombs or planes, I'd have no trouble with the police.

Re:Sure, you bitch about this.

[loqi]

I also know that I could say PRETTY much anything i wanted and unless it involved bombs or planes, I'd have no trouble with the police.

What's your point here, exactly? That monitoring is a Very Good Thing because it will only impact the naughty terrorists?

Re:Sure, you bitch about this.

[EddyPearson]

My point is, these restrictions are here to keep us safe, not in a vote winning kind of way, but a way that might stop people getting hurt. Also, there is no nanny state issue here, as these policies are not abused.

Re:Sure, you bitch about this.

[loqi]

My point is, these restrictions are here to keep us safe, not in a vote winning kind of way, but a way that might stop people getting hurt.

Well, if it might stop people getting hurt, I guess my rights aren't all that important.

Also, there is no nanny state issue here, as these policies are not abused.

You state that like it's a fundamental law of nature. It's not. Giving the government more power over its citizens is always bringing up a potential nanny state issue. You might be able to sleep easily trusting your government (and all subsequent incarnations of it) to do the right thing, but a lot of us don't have so much faith. I have absolutely no idea how much any of these monitoring schemes are being abused. It's not like it would be obvious if they were.

Encrypted VoIP?

It won't matter - because the government will force the FCC to force net carriers to either tell it's customers that they must provide ways to decrypt the traffic to comply with CALEA, or they will drop them as customers.

It's not like they give a rat's ass about you having phone sex with your girlfriend.

Free Speech

[nurb432]

"Free speech" relates to speaking in public without fear of governmental retribution, not hiding your speech in layers of encryption, removing it from the public.

Encryption between 2 private parties is a privacy issue, not a free speech issue.

While i happen to agree that its wrong to restrict our speech, the cause for encryption will fail in court using that as the basis for its defence.

Yes, I could

[brunes69]

There is currenrly no law on the books at all that says you have to speak in clear coherent sentences on the phone. Any two parties can at any time devise a shared "encryption" scheme for their conversation such that no one evesedropping would have any idea what they were talking about. This can either be in the form of an articifial language, or as mobsters use, special keywords in the conversation. Regardless, as long as you have a secure way to transmit the keys between the two pariers, it's the same thing as OTP encryption.

Now, if they do pass a law barring encryption over VOIP lines, it would cover not only automatic electronic encryption, but likely this as well. A step backwards.

Funny, underrated, impressive

[marcus]

Wow! A multi-level contextually appropriate literary reference on /.!

I don't have any mod points today.

Re: Cause of terrorism

[grimwell]

The cause of terrorism is religious zealots. They're all the same.

That goes for whatever side of the coin you happen to be viewing. All are a bunch of total fools if you ask me.

Agreed, religious extremism is a dangerous thing. It can make it easier to prevert "the faith". Could it not also be argued that a state's interactions with an overly religious state would have a factor on the "production" of terrorists?

I guess what I'm saying is terrorism looks to be the reaction part of the "for every action there is an equal an opposite action" equation aka Blowback.

Was/Is the IRA terrorists or how about the Chechen rebels? Are either of them religious zealots? Were the terrorist in the 1972 Munich Olympics tragedy religios zealots? Is the insurgency in Iraq terrorists and religious zealots?

Is Bin Laden's real goal to spread Islam or get USA out of Saudi & Middle East. Islam happens to be the dominant religion in the region, so wouldn't it make recuiting sense to appeal to them? Look at what the GOP has done by appealing to the religious right in the US.

Its not that religion is the cause of terrorism, but it has been used to recuit people to terrorism.

Go back to Analog

[s31523]

Here is a good way to talk "securely", especially when laws are put in place to limit the amount of encryption on the VOIP traffic. Build a "phone" that does the following: 1.) Record your message digitally. 2.) Encrypt the digital recording. 3.) Pipe the digital stream through an analog amplifier (think of playing a data CD through your stereo), and send this through as "voice" 4.) The receiver "hears" this (kinda like analog modem) and does the reverse. Yes, this is stupid, but that is what things will come to in order to get secure communications....

Overseas VOIP

[kyoko21]

Just find an overseas VOIP carrier and make your calls that way. There are plenty of overseas voip carriers and they are more than willing to take your money via paypal :-)

Re:Thomas Jefferson with a cell phone would have d

[mrraven]

I agree to disagree with you agent Smith...

They don't care about criminals

They don't care about criminals. It's the Joe Sixpacks who vote and who are the big masses that they are most afraid of.

Crime has nothing to do with spying the population. It's the fear that the population will revolt due to bad rulers - in other words, it is yet another way for popualation control.

Re:Thomas Jefferson with a cell phone would have d

[mrraven]

p.s. 1 in 5 Americans die of hear attacks. "Terrorists" are literally about 8 zilionth on my list of fears. YOU are the one afraid of the wrong things my friend, and willing to crush our 200+ year old precious civil liberties because of it... Have fun and enjoy that Big mac after work asshole, make sure you get the extra large helping of "freedom fries" and the milkshake...

Use SIP

Use SIP, not some locked in crap. Then you can search for VoIP providers that will terminate your SIP connections. For example, you can set up Asterisk PBX (classic or the @Home version), then have it terminated for a PSTN connection. Same thing for dial-in. Get a number and then use it. There are plenty of VoIP providers. Heck, you can go to non-US providers (like the Canadian http://les.net/ ) if you worry about FCC.

Also, it is MUCH easier to tap a PSTN line than VoIP. Especially SIP. Now, if you encrypt the SIP connection (not very difficult even if RTP protocol doesn't have it built in - hint: IPSec)

Re:Use SIP

[cayenne8]

You know...unless you're phoning overseas...I don't see the point to having any of these services. I get free long distance on my cell phone, and I never run over the daytime minutes...and I can carry it wherever I go.

Why bother with VOIP at all?

Re:Thomas Jefferson with a cell phone would have

[Godeke]

So, people at the phone company amuse themselves by abusing the monitoring clause. Therefore we should not worry about abuses of government in terms of monitoring its citizens. Logic, meet "greenrom". No, come back Logic, why are you fleeing?

Perhaps a quick look at *why* the wiretap laws were being an issue at the time of the privacy ruling in regards to telephone calls (quick hint: it has to do with abuses of the wiretaps by a government trolling the population's conversations for less than respectable purposes) would help coax logic back into the building?

This country has had some rough patches where those in power have used their power to monitor those they did not like. The wiretap law update happened after one of those patches. Some would say we are in another rough patch, where rules are not being honored. Articles like this just reinforce the tinfoil hat population's views of "OMG: the want to ownzer my privacy".

Re:Thomas Jefferson with a cell phone would have d

[mrraven]

P.P.S. it's not your ideas that scare me, it's the fact that you work for the phone company and don't believe in freedom and thus can do very real physical things to make us ALL a more un-free society, brrrrrrrrrr...

Re: The Fourth Order is for NSA

Have you read the Fourth Order? Can you say NSA, CIA, FBI etc. It means
using a trusted third party one can get around the law for court orders since
you are giving them permission.

"Fourth order permits telecommunications carriers the option of using Trusted third parties (TTPS) to assist in meeting their CALEA obligations and providing LEAS the electronic surveillance information those agencies require in an acceptable format."

Infrastructure in place...

[ModestMotorhead]

I do think this is related to the Bush Administration's call for tax free incentives on broadband. When all telecommunications are over a wired network and can be more easily tracked (tv, phone, internet) with CALEA and [certainly] other secret operations that do similar tracking, the push for reasonable encryption over all [or as many] services as possible will be of dire importance.

Re:Encrypting is a bad otpoins

[Travelsonic]

Funny way to point out my typos, I needed that after the day I had. ^_^

They do and don't

[phorm]

You know ISPs would love this, in fact back up the plan as they *hate* P2P users.

They don't like heavy P2P downloaders which use up bandwidth, but they do like having the extra % of their customers that joined on the premise that they want to download movies or music.

Trust me, I know a lot of people who think the primary use of the internet is for getting music and checking email.

It matters because it is an expected upgrade

[Sloppy]

If not, why does it matter now that it's VOIP?

Desire and feasibility.

Prior to widespread acceptance of email, there really was no easy and convenient way to effortlessly have an encrypted conversation with someone. But once you had a computers -- your computer, not a service provider's computer -- working with the plaintext, adding encryption became pretty easy. Now we live in a world where encrypted email is pretty darn easy, and there are standards and defacto standards for doing it. (Though the popularity of webmail has thrown a monkeywrench into the situation.)

VoIP offers the same promise. End-to-end encryption with VoIP is a thing should be easy to add. People generally want it (though nongeeks aren't very passionate about it), and the overall technology is mature and trivially easy with today's machines, so it is expected.

An expectation's lack of fulfulment is always noteworthy. Imagine if cheap cold-fusion power was discovered but people's monthly energy bills didn't go down: people would talk about it. Lack of security with VoIP is about that interesting.

How about Kennedy, Johnson and Clinton?

[mrraven]

Vietnam started under Kennedy, and Lyndon Johnson escalated it for starters, two million (a third of a holocausts) worth of Vietnamese dead as well as 57,000 young Americans drafted, most bitterly against their will. Furthermore Clinton supported a disastrous invasion of Somalia, fired missiles at the Sudan and Iraq, led a NATO coalition that bombed Serbia, and caused easily 500,000 Iraqis to die in intense misery due to his sanctions against Iraq that his callous secretary of state Madeline Albright, said were "worth it," on 60 Minutes in the 90s.

Although I consider myself to be on "left" being pro gay rights, pro choice, pro environment, pro co-op, pro organic food, anti-war, etc, I'm under no delusion that the Dems are ANY better on the issue of war than the Repigs. In fact give me a good isolationist paleo-con/Libertarian like the people at antiwar.com, Pat Buchanan, Ron Paul, or Paul Craig Roberts, ANY day of the week over either Hilary or Kerry who both of whom have campaigned within the last year on a platform of more troops, FUCK that.

On the whole all the Dems give you is the same war mongering as Repigs, the same bought off by the corporations policies, and they are often even MORE priggish and uptight than Republicans about song lyrics, video games, etc. The DLC has completely ruined the Dems, (though the rot obviously goes back to the Kennedy era) and the current crop of me too don't challenge Bush on his illegal wars and shredding of the constitution Dems ought to be DEEPLY ashamed of themselves.