Slashdot Mirror
FCC Affirms VoIP Must Allow Snooping
MarsGov writes "The FCC released an order yesterday that requires all broadband providers and all "interconnected" VoIP providers to implement CALEA — in other words, law enforcement can snoop on your online conversations, both voice and text. While this is no surprise, it makes encryption for VoIP even more urgent."
Oh come on. Like most of it isn't wide open to begin with (Vonage) or run by known lapdogs to the Govmint (Skype). The only way it could be more readily (and easily) monitored (and data mined) would be if it was run by the NSA's favorite lapdog ..... drum roll please ...... AT&T.
Who will guard the guards?
No surprise here at all.
The goverment isn't even willing to get proper warrants to tap regular phone and internet service. VOIP won't be any different.
Look for encryption to be made illeagal for all phone and IP services in the very near future.
This is just another step in the war on the constitution.
DeviantArt Page
NSFWIf they are this forceful in there attempts to spy on citizens, than how long do you think we can use encryption before they ban it (or at least mandate a government backdoor)?
it makes encryption for VoIP even more urgent
Big players like Skype or Google Talk will have to implement weak (gov breakable) cypher. And if you opt to use it you will automatically be in focus.
And of COURSE Skype had to be bought out just months ago by an American company (eBay).
Encryption for VOIP won't help in many scenarios that LEAs are interested in. If you're calling a land line from your VOIP connection, the end point on the land line won't be able to decrypt the conversation, so even if all of the VOIP traffic is encrypted you'll have to go to the PSTN in the clear. AIUI, that's what they mean by "interconnected".
.sig: file not found
VOIP works via packets with data describing the voice traffic, right? Suppose someone made a program to say "watchlist-words" constantly, and send them everywhere. How hard would it be for a terrorist to DDOS the FBI/NSA? I mean, if you randomize it, you can change pitch, volume, etc, as well as words. I have no idea how to do that exactly, but it doesn't seem infeasible.
and there's encryption. When you do find encryption make sure it isn't DES, NSA actually owns the patent on that one.
If Skype bows to FCC pressure (which they will) then they will not provide encryption in their service which means that the people using Skype won't be able to encrypt their calls.
Most people don't really care about encryption or wire tapping, but for those that do you can be sure some offshore service will pop up to fill the void.
Engineering is the art of compromise.
One can learn a lot by knowing:
a. who you call, when you call them, and for how long
b. who calls you, when they call you, and for how long
c. who these other people communicate with
d. what all these phone numbers are associated with (bank accounts, etc.)
My answer? A call to the /. community to organize in each Congressional district. Anybody who wants to assist in putting together these groups, please e-mail me. techroots@storyinmemo.com. If 15 of us in Southern Maine get together, we'll get a meeting. If we, as an organization, speak, we'll be much louder. Anybody, and particularly anybody in Southern Maine, I really want to hear from you. In a world that organizes online, if we can speak in real life too, we as geeks may be the most efficient people to form together.
Let's see if we can't stand a chance in hell of not being oppressed by the government we as a country vote for.
SIG: HUP
If they can tap the VOIP calls, wouldn't encrypting them be the equivalent of voice scramblers and thus illegal?
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Are slashdot readers all using encryption on their existing telephone lines? If not, why does it matter now that it's VOIP?
Sorry, sugar coat it all you want, but that is jsut another variant of the fallacy that "If You're Doing Nothing Wrong There's No Need to Worry". For one you as the average citizen have no idea what kidns of clasified things the FBI does behind your back, or for that matter how that would work in with this issue, two even if there are promises from govt. officials about keeping provacy secure, histroy will tell you that this will either isn't true at all, will not be true for long, or is an honest ida gon awry.
What if you are doing what is "not wrong" tpo the average person and law abiding citizen then? Didn't think of that huh? Look back in history: Sacco and Vanzetti, the Red Scare, people of Japanese DECENT for christ's sake being sent to camps - even internationally things like the Jewish concentration camps in Germany tell you that this is not true all the time, and can not be treated that way safely.
If you believe in privacy, and believe you have "nothing to hide" at the same time, you're a goddammed idiot
Believe me when I say that implementing CALEA in VOIP isn't trivial since the data must be intercepted somewhere.
The questions to be answered are where and how the interception is accomplished - especially in a manner that isn't trivially detectable by the user or client software?
I'll leave the details on detection methods as an exercise for the overly paranoid but, having studied the issue (potential need for CALEA) several years ago and having the client pooh-pooh the need to even plan for it (read management and the almighty budget dollarette) it isn't necessarily simple or cheap or (especially) practical given some poorly-designed networks.
And no - can't tell you who, when or why,
T_O_M
So this is what that Microsoft patent is really for.2 38213
http://yro.slashdot.org/article.pl?sid=06/05/04/2
In all seriousness though, how many people will actually use VOIP to discuss illegal activity. If they know they're being monitored wouldn't they be more likely to use some more secure form of communication? Although, this brings up the question what do people sue to discuss illegal activity NOW if they know that they phones are probably monitored?
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
...is "connected". For the people whom I talk to the most -- family and some cyber-aware friends -- strong encryption on top of VoIP is the way I will go. Don't leave the Internet for the traditional POTS world and the CALEA doesn't apply.
http://www.philzimmermann.com/EN/zfone/index.html
Thank you (again), Phil.
-Charles
Learning HOW to think is more important than learning WHAT to think.
I live in the US, but my VoIP provider is based in Canada. (So is the phone number.) Silly... no matter what, there's always a way around this for anyone that's the least bit determined.
What makes the FCC think that they can make laws about programs that exist OUTSIDE of the US? Why should my VOIP program have security holes because of the big bad terrorists terrorizing the US?
To expand on this point:
What most people don't seem to grasp is the quality of the average government worker. They are human. They will make typos, they will misunderstand things, they will be lazy, etc. There will be instances of "Buttle vs. Tuttle", in which case the innocent will be accidentally treated like the guilty.
This should be our biggest fear when faced with the erosion of our rights and more intrusive actions by the government. You could have done nothing wrong, but still have something to worry about. Now they have more avenues of data....to make more mistakes on.
This no doubt a troll but I'll bite for all the confused kiddies out there who might take this argument seriously. If you lived in the Soviet Union the spies were OK right because if you weren't doing anything illegal you had nothing to hide right? Same for Nazi Germany, and the "legitimate" government of Britain in the American colonies in 1775.
But it's different now you'll protest those were tyrannies and we are in a democracy. Well listen up my friend it's ISN'T that different, the president is in DIRECT violation of the constitution by declaring war on his own whim only Congress can declare war according to the constitution (and no Congresses rubber stamp allowing the president to declare war was not legit), further that war was declared by the president based on lies (see the Downing Street memos), further we are torturing people, and used Napalm or a Napalm like substance on civilians in Fallujah which is war crime, further NSA wiretaps without a court order are a violation of the bill of rights, further we have by FAR the largest prison population in the industrialized world at over 2 million, 100,000s of which are in there for victimless drug crimes, or pissing off their neighbor and being turned in for "sex crimes." Do you start to see why some of us want to be able to communicate without the government butting into our damn business?
Tired of all the isms, don't exploit people as an employer, or a government, mmmmK?
How do you get a patent on a mathematical formula?
Software patents are worded such that the patent doesn't cover but 1. a computer with memory that executes the formula and 2. the method of communicating X, Y, or Z using the formula. Patenting a generic computer with memory preloaded a specific way is possible by buying senators.
Do they even have jurisdiction over this matter? I recall their order implementing a broadcast flag, when they had no ability to do so.
What mandate have they to control the Internet? Their jurisdiction is for the broadcast spectrum.
As the convenience for the government to wiretap increases, the ease for a third party (inside or outside the government) to abuse such a mechanism also increases.
... that's another thing entirely.
There was a debate back in the Clinton era as to whether or not encryption on the Internet needed a "back door" for the FBI. I had thought that the argument regarding the potential problems safeguarding these "master keys" had won out. Having the FBI spying on you with a warrant is one thing, but having organized crime, a private investigator, or some rogue arm of government (quite a few of those these days it seems),
If you trust the government not to abuse this, then consider whether you trust the government to be able to effectively safeguard access to this. Ignoring social engineering (e.g. $), how likely is the government to have every bit of this infrastructure protected against stealthful 3rd party break-ins?
Suddenly blackmail is going to get a lot easier.
It took many decades for the Internet to flower and change the world with its freedoms. It is taking far less for the governments of the world to deflower the Internet and sow the seeds of thought control.
e-mails are only seen by staff.
Who do you think makes the real decisions?
It is called delegation.
"Jim do a position paper on topic X"
Jim does the research, talks to groups, talks to lobbyists, writes the paper. The Congressmen reads the executive summary of Jim's paper and votes that way. If it is important he has Jim brief him on the finer points of topic X.
You want to get smoke blown up your ass? Talk to the Congressman.
You want to get something accomplished? Talk to the correct staff member.
Properly implemented, SIP (common VoIP protocol) works like this:
A='A Party' - the person making the call
B='B Party' - the person receiving the call
P='Proxy' - the VoIP provider
A and B register with P.
A makes a call to B:
. A requests P that it be put through to B
. P contacts B, B's phone rings
. B answers
. P lets A know B's details
. P lets B know A's details
. A and B exchange voice traffic directly, without involving P
This allows latency to remain low when, say, A and B are in Australia and P is on the other side of the world.
To perform a successful wire tap in this scenario, the FCC would need to intercept the data at multiple points, possibly in separate countries.
Alternatively, P can tell A and B that there is too much firewalling in place and that all voice traffic must go via P, but by doing this they are giving the game away... it would be easily detectable by A and or B if they were smart enough to know what was going on.
And to expand on THAT idea a little...
Two weeks ago, no less than THREE government agencies were given FAILING GRADES FOR PROPERLY SECURING THEIR DATA. THREE. The FBI, The Department of Homeland Security, and one other I forget at the moment.
THREE. And these were just the ones investigated.
Two days ago, the IRS was given a "barely passing" grade when it was discovered that their employees STILL answer over 60% of tax filing questions WRONG.
And THESE are the people we want to entrust our most secret daily lives and data to?
Yeah right. I'll take a stereo broadcasting my credit card number into a stadium before I would ever trust the government with one iota of important information..
Particularly given that I am a government contractor and EVERY DAY get to see how incompetent these people really are.
We are the fire that lights our world.. and we are the fire that consumes it.
That's okay. Usually when I plan my terrorist attacks, I don't use VoIP. It pays to just have a spoke wheel conspiracy like we used for the September 11th attacks. That way all communication is done through personal meetings and few people know enough of the plan for it to get leaked even if one of our members is busted.
In fact I am quite happy to see this new FCC order. Don't forget our goals with September 11th was to break America down and give politicians reasons to take the freedoms away from the public. We know that this will destroy the free spirit upon which their economy is built and allow our radical message to flourish.
Long live the FCC!
-Osama
The only road-block is that the other person you're talking to has to have the same setup. For 99% of people, it isn't worth the cost. For businesses & gov't agencies, it certainly is.
(Ring-ring...)
(Ring-ring...)
(Recorded voice) "This is an encrypted telephone call. It appears you do not have a compatible decryption device. Please have a pencil and paper ready, and follow along as I read you some simple instructions. First, write a list of 256 random numbers from 1 to 16. When you have completed this step, press pound."
(scribble-scribble-scribble... bleep.)
(Recorded voice) Now, divide the first number by... six, noting the remainder.
Divide the second number by... twelve, noting the remainder.
Divide the third number by... eight, noting the...
Information wants to be free.
Entertainment wants to be paid.
You just want to be cheap.
Better yet, it is time to either join, form, or support independent political parties. Face the facts, the Democratic - Republican party is funded and controlled by special interests. Special interests make political campaign contributions and pay for advertising. Voters do not. Things will change ONLY when people decide to smarten up and quit being manipulated by the special interest financed advertisements (and that includes internet advertising such as blogs like this one).
'We the People' have seen what decades of power shifting between Democrats and Republicans has accomplished - more government, higher taxes, and less freedom. Out of the entire Congress, there may be one (Ron Paul) or two members that even care about such a thing as the Constitution. Just about all of Congress is made up of Republicans or Democrats. Each party accomplishes the same thing by eroding different freedoms.
Republicans may not be as hard on gun ownership as Democrats, but they are sure hard on the fourth amendment of the Constitution. Both parties support the flooding of our nation with cheap, slave-made goods. Both apparantly have a disregard for human rights. I know that I for one am tired of the years and years of broken promises and false hope that is preached by these two parties. Both of these parties have shown us what they can do for (to) us. We have seen their work. Now, let's try something else.
This election season as well as 2008, it is high time that we as a people support alternative parties such as the Libertarian Party ( http://www.lp.org/ ), Constitution Party( http://www.constitutionparty.org/ ), Green Party ( http://www.gp.org/ ), Veteran's Party, Socialist Party, and any other political party other than the two corrupt lamescream parties that have been duping the people for decades.
I for one support the Constitution Party, Libertarian Party, and Veteran's party (in that order). I will only vote for a "Republicrat" or "Demican" only if there is nobody else on the ballot and there is no write in blank. Even then, I have sometimes abstained from marking a choice. But of course, we will always have some people who insist on voting the "Lessor of Two Evils" because they believe that candidates of other political parties "don't stand a chance of winning."
Tell that to Jim Gilchrist (Founder of Minuteman Project) who ran for Congress under the American Independent Party. He won the most votes on election day and was only done in by absentee ballots (apparantly, the absentee voters never got a chance to hear his message or the election was rigged). Aagree with him or not, he showed that a candidate from an alternative party actually had a good chance of winning. Apparently, the people in that distric in California are sick and tired of the bullsh1t that spew from the Republican/Democratic Party.
I hope that people this election are not so stupid as to give up their freedoms to the sellout lamescream political party that has manipulated them for years. Each time I hear people bitch and moan that Gore should have won the election or that "Democrats" tried to appeal and recount their way to victory, I want to puke. IT MAKES NO DIFFERENCE which one should have, could have or had won, the results are the same. More government, higher taxes, more rules and fewer freedoms for the people. I want limited government, so that is why I vote for candidates of the Constituion and Libertarian parties. I hope people who read this are not stupid enough to throw their vote away on a Republicrat
Dumbass, if the American revolution were taking place today you can be sure Thomas Jefferson would have a cell phone and a laptop and the 4th amendment would be written in such way as to keep government snoops OUT of those devices.
The INTENT of the 4th amendment is to keep the government out of our "houses, papers, and effects" in the 21st century that means electronic files and phone conversations. YOU may want your rights whittled down to bite sized chunks to be swallowed by the leviathan government, not all of us are sanguine for such a fate.
Tired of all the isms, don't exploit people as an employer, or a government, mmmmK?
The cause of terrorism is religious zealots. They're all the same.
That goes for whatever side of the coin you happen to be viewing. All are a bunch of total fools if you ask me.
From some a@@Hole who promises you 17 or WTF ever virgins if you complete some stupid suicide mission.
to
Some Frat Boy who burned his brains out on bourbon & coke and says that he's doing God's will (most people who think they talk to God are viewed to be either insane or a pope).
I got Karma to burn so I'm free to say (to the off topic a@@holes who don't like my sig) that your fascist (jack booted) leader has been responsible for the deaths of more Iraqis than Sadam (Insane) who is currently on trial for such.
Tell me oh fascist dipsticks why we shouldn't send Arbusto to the Hague for trial?
Or we just impeach him then throw him and his crew in jail for perjury (I believe that today that fact is so well established that even you fool ditto heads cannot ignore it) here in the good ol' US of A?
IMHO our founding fathers would tar, feather & ride this asshat and his crew out on a rail if they were around today.
Who will guard the guards?
I regularly use VOIP via Free World Dialup (FWD). This system uses the SIP protocol. FWD servers seem to have frequent outages. To get around this problem, I've found that I can use direct IP to IP dialing and bypass FWD's servers completely. IP dialing is cumbersome, but you can put the dialed addresses in a speed call list and use 2-digit dialing. This works very well. There's a side benefit of no call logging since the provider's server is being bypassed. In theory I can call any SIP phone that's connected to the internet whether they're on Vonage, Packet Eight, or any other network, if I know their IP address.
Right now there are about a half dozen members of our private network. We're all registered with dyndns.org to solve the problem of dynamic addressing. We're all using Sipura Network adapters to connect a regular telephone to the Internet. The Sipura adapters accommodate dialing by hostname or IP address. The latency is lower with direct IP dialing because the voice packets are not routed through FWD's STUN or NAT servers.
This method is more secure since you're not dependent on any VOIP provider. The back doors that they provide for government spying can be bypassed. Encryption would be difficult but not impossible because it would have to be implemented in the Sipura firmware. SIP software phones will also work with direct IP dialing.
Bill Would Outlaw Digital Receiver Recorders:0 8
http://slashdot.org/article.pl?sid=06/05/02/18532
Interested parties, government or otherwise, would be more than welcome to the raw stream; all they would need is to apply for a license to your proprietary Copyright Protection technology (which of course requires that they submit plans & blueprints for each device they wish to license, along with proof of its robustness in thwarting those who would attempt to defeat it and record or otherwise redistribute the content). Then, provided they received the mandatory certification for a licensed device, it'd be a clear voice call like any other. Well, so long as their device key hadn't potentially been compromised by some teenage hacker in Algiers, in which case it would have to be subject to key revocation to preserve the DRM system's integrity.
But they could still license a new device - and that would probably pay off in the long run anyway; older devices that worked with the obsolete DRM release level wouldn't be supported in the then-current revision anyways...
Just followin' the law as it's written, sirs...
Pi Ran Out
The "terrorists" scare me FAR less than people like you. Stay the fuck out of MY phone calls, and electronic files.
Tired of all the isms, don't exploit people as an employer, or a government, mmmmK?
SIP Control Support for Encryption is Limited. There are two main kinds of encryption used in SIP - call setup messages, which can be implemented using TLS (SSL's successor) or left unencrypted, and media channel encryption, which is done end-to-end by the caller and callee, but still gets set up through the SIP controller. Unfortunately, too many of the SIP Session Border Controllers and other packet-handling equipment don't have the horsepower to set up the media-channel crypto. It's especially true for equipment that's scalable renough to handle a whole phone company, as opposed to equipment that's designed to run as a PBX or SOHO VOIP system, so even if your phone can do it, the controller might not ask, (Phil Zimmermann's latest work tries to fix this.)
The really really cool thing about SIP is that you can chain multiple proxy servers together to build things, resolve issues about control, and isolate problems and information domains. It's also good that the handshaking is much simpler and more SMTP-like, as opposed to the evil complexities of leftover ISDN protocols data formats and interactions, and there are a couple of other useful capabiliies, but the basic big win is that you can chain the SIP servers together.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
where this is any different then the cops being allowed to tap regular telephones? Seriously, have they once said that the cops will have unfettered access to this information without a warrant? If not, then I do not see why there is this urgent need for encryption on VoIP. I mean we are talking about the police agencies being able to have the same access to listen to VoIP conversations that they already have to tap every other phone line in America.
Now, I am sure you are all wearing your tin foil caps, but really this is not about some great big brother monitoring scheme. If you are so scared about people listening to your calls, you do not need encryption. Just start talking in code. Afterall, mobsters and just about anyone else committing illegal activity have been doing it for years to avoid being overheard.
I just am afraid I do not see everyone elses great concern in this matter. Of course, my lack of VoIP means that monitoring my calls is already quiet within the realm of possibility. As for the text conversation part, if I were truly concerned about stuff I was saying the last way I would transmit it would be over IM or through e-mail.
"Some days you just can't get rid of a bomb."
Wow! A multi-level contextually appropriate literary reference on /.!
I don't have any mod points today.
Good judgement comes from experience, and experience comes from bad judgement.
- W. Wriston, former Citibank CEO