Slashdot Mirror
FCC Affirms VoIP Must Allow Snooping
MarsGov writes "The FCC released an order yesterday that requires all broadband providers and all "interconnected" VoIP providers to implement CALEA — in other words, law enforcement can snoop on your online conversations, both voice and text. While this is no surprise, it makes encryption for VoIP even more urgent."
If they are this forceful in there attempts to spy on citizens, than how long do you think we can use encryption before they ban it (or at least mandate a government backdoor)?
it makes encryption for VoIP even more urgent
Big players like Skype or Google Talk will have to implement weak (gov breakable) cypher. And if you opt to use it you will automatically be in focus.
VOIP works via packets with data describing the voice traffic, right? Suppose someone made a program to say "watchlist-words" constantly, and send them everywhere. How hard would it be for a terrorist to DDOS the FBI/NSA? I mean, if you randomize it, you can change pitch, volume, etc, as well as words. I have no idea how to do that exactly, but it doesn't seem infeasible.
and there's encryption. When you do find encryption make sure it isn't DES, NSA actually owns the patent on that one.
If Skype bows to FCC pressure (which they will) then they will not provide encryption in their service which means that the people using Skype won't be able to encrypt their calls.
Most people don't really care about encryption or wire tapping, but for those that do you can be sure some offshore service will pop up to fill the void.
Engineering is the art of compromise.
My answer? A call to the /. community to organize in each Congressional district. Anybody who wants to assist in putting together these groups, please e-mail me. techroots@storyinmemo.com. If 15 of us in Southern Maine get together, we'll get a meeting. If we, as an organization, speak, we'll be much louder. Anybody, and particularly anybody in Southern Maine, I really want to hear from you. In a world that organizes online, if we can speak in real life too, we as geeks may be the most efficient people to form together.
Let's see if we can't stand a chance in hell of not being oppressed by the government we as a country vote for.
SIG: HUP
I have a feeling it's attitude will change this November... or rather "I have a dream". The government has attempted to outlaw encryption for many years... they haven't been successful yet. In fact, the US economy needs encryption. They can't outlaw it. How is everyone going to make online purchases?
To outlaw encryption is to outlaw the exchange of a list of numbers between two citizens... Something not done simply in practice.
Believe me when I say that implementing CALEA in VOIP isn't trivial since the data must be intercepted somewhere.
The questions to be answered are where and how the interception is accomplished - especially in a manner that isn't trivially detectable by the user or client software?
I'll leave the details on detection methods as an exercise for the overly paranoid but, having studied the issue (potential need for CALEA) several years ago and having the client pooh-pooh the need to even plan for it (read management and the almighty budget dollarette) it isn't necessarily simple or cheap or (especially) practical given some poorly-designed networks.
And no - can't tell you who, when or why,
T_O_M
There is a decent scheme for protection from MitM attacks in ZPhone. ... from the ZPhone proposal ...
..."
"The ZRTP protocol has some nice cryptographic features lacking in many other approaches to media session encryption. Although it uses a public key algorithm, it does not rely on a public key infrastructure (PKI). In fact, it does not use persistent public keys at all. It uses ephemeral Diffie-Hellman (DH) with hash commitment, and allows the detection of Man in the Middle (MitM)attacks by displaying a short authentication string for the users to read and compare over the phone. It has perfect forward secrecy, meaning the keys are destroyed at the end of the call, which precludes retroactively compromising the call by future disclosures of key material. But even if the users are too lazy to bother with short authentication strings, we still get fairly decent authentication against a MitM attack, based on a form of key continuity. It does this by caching some key material to use in the next call, to be mixed in with the next call's DH shared secret, giving it key continuity properties analogous to SSH. All this is done without reliance on a PKI, key certification, trust models, certificate authorities, or key management complexity that bedevils the email encryption world. It also does not rely on SIP signaling for the key management, and in fact does not rely on any servers at all. It performs its key agreements and key management in a purely peer-to-peer manner over the RTP packet stream.
So this is what that Microsoft patent is really for.2 38213
http://yro.slashdot.org/article.pl?sid=06/05/04/2
In all seriousness though, how many people will actually use VOIP to discuss illegal activity. If they know they're being monitored wouldn't they be more likely to use some more secure form of communication? Although, this brings up the question what do people sue to discuss illegal activity NOW if they know that they phones are probably monitored?
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
So what? How is this any worse than the Feds tapping your voice-over-copper line? Let's be clear about this... this isn't a loss of freedom -- it's just bringing the current laws in line with the technology.
The fact that this law exists is important. At this point the alternative is having the Bush administration listen in on your conversations without any kind of oversight. I'm glad that there's a law, which can perhaps be repealed rather than having lawless NSA tapping.
e-mails are only seen by staff.
Who do you think makes the real decisions?
It is called delegation.
"Jim do a position paper on topic X"
Jim does the research, talks to groups, talks to lobbyists, writes the paper. The Congressmen reads the executive summary of Jim's paper and votes that way. If it is important he has Jim brief him on the finer points of topic X.
You want to get smoke blown up your ass? Talk to the Congressman.
You want to get something accomplished? Talk to the correct staff member.
I regularly use VOIP via Free World Dialup (FWD). This system uses the SIP protocol. FWD servers seem to have frequent outages. To get around this problem, I've found that I can use direct IP to IP dialing and bypass FWD's servers completely. IP dialing is cumbersome, but you can put the dialed addresses in a speed call list and use 2-digit dialing. This works very well. There's a side benefit of no call logging since the provider's server is being bypassed. In theory I can call any SIP phone that's connected to the internet whether they're on Vonage, Packet Eight, or any other network, if I know their IP address.
Right now there are about a half dozen members of our private network. We're all registered with dyndns.org to solve the problem of dynamic addressing. We're all using Sipura Network adapters to connect a regular telephone to the Internet. The Sipura adapters accommodate dialing by hostname or IP address. The latency is lower with direct IP dialing because the voice packets are not routed through FWD's STUN or NAT servers.
This method is more secure since you're not dependent on any VOIP provider. The back doors that they provide for government spying can be bypassed. Encryption would be difficult but not impossible because it would have to be implemented in the Sipura firmware. SIP software phones will also work with direct IP dialing.
Bill Would Outlaw Digital Receiver Recorders:0 8
http://slashdot.org/article.pl?sid=06/05/02/18532
Interested parties, government or otherwise, would be more than welcome to the raw stream; all they would need is to apply for a license to your proprietary Copyright Protection technology (which of course requires that they submit plans & blueprints for each device they wish to license, along with proof of its robustness in thwarting those who would attempt to defeat it and record or otherwise redistribute the content). Then, provided they received the mandatory certification for a licensed device, it'd be a clear voice call like any other. Well, so long as their device key hadn't potentially been compromised by some teenage hacker in Algiers, in which case it would have to be subject to key revocation to preserve the DRM system's integrity.
But they could still license a new device - and that would probably pay off in the long run anyway; older devices that worked with the obsolete DRM release level wouldn't be supported in the then-current revision anyways...
Just followin' the law as it's written, sirs...
Pi Ran Out
our military will have the guts to turn on the government and fight for the citizen and not the government. :)
Burn baby Burn... So Long, and thanks for all the fish...
That ethos is actually something that's been in use for quite some time by seemingly many groups, somewhat under our collective noses, Numbers Stations, shortwave radio transmissions with origin unknown that transmit codes of numbers or letters, repeat a few times, then disappear. Most likely they are for undercover operatives with a codebook.
The idea is that it's tough to track their origin (apart from perhaps the language of some of the short messages that accompany them, but even that could be a red herring) and it's impossible to track down who's recieving it. Also, if it's using a one-use key decoding system, it's impossible to decrypt a meaning from it. Finally, most of these stations reappear at regular intervals, there's no real way to tell if one day's message is "all clear" or if it's "commence with the plan tomorrow."
I find them fascinating, and for some reason, chilling to listen to.
Yup...