FCC Affirms VoIP Must Allow Snooping

MarsGov writes "The FCC released an order yesterday that requires all broadband providers and all "interconnected" VoIP providers to implement CALEA — in other words, law enforcement can snoop on your online conversations, both voice and text. While this is no surprise, it makes encryption for VoIP even more urgent."

No surprise at all

[slusich]

No surprise here at all.
The goverment isn't even willing to get proper warrants to tap regular phone and internet service. VOIP won't be any different.
Look for encryption to be made illeagal for all phone and IP services in the very near future.
This is just another step in the war on the constitution.

Re:No surprise at all

[ZSpade]

Yet they've been doing this for years. Nothing has really changed. Could you encrypt your old land line telephone? Can you encrypt your cellphone calls? For the most part no. The government has been doing this for years, why should things change now.

Just don't say they're getting worse without really looking at our past. Nothing has gotten worse, only the means to which our "rights" are negated as changed.

Re:No surprise at all

[CastrTroy]

Meanwhile, all the criminals who really know what they're doing will send messages PGP encrypted, or use even more sophisticated methods of encrypting their files, and hiding who the messages are travelling between. Wow, so they can tap Joe sixpack's phone. It's bad that they are mandating this. It's doubly bad that it won't stop any really dangerous criminals.

Re:No surprise at all

[dodobh]

Meanwhile, all the criminals who really know what they're doing will send messages PGP encrypted, or use even more sophisticated methods of encrypting their files, and hiding who the messages are travelling between.

Actually, they will just lobby for their crime to become legalised. Witness Haliburton, RIAA, MPAA, Bush...

Crime is now legal. As long as you can pay off the crooks in power.

Re:No surprise at all

[noidentity]

Once privacy is outlawed, only criminals will have any.

Re:No surprise at all

[solus1232]

I think you are giving criminals too much credit.

Joe sixpack might not be smart enough to commnicate over a secure channel, or simply not communicate over a possibly compromised channel at all (prepaid cell phones anyone?), but why do you think the average criminal would be?

You make it sound like a disproportionate number of law abiding citizens will be affected by this order because real criminals will be smart enough to use encryption. The majority of criminal actions are motivated by a combination of desperation and lack of common sense and thus the average criminal will be less likely to use an anonymous form of communication than the average citizen.

Re:No surprise at all

[TheLetterPsy]

It's doubly bad

You misspelled doubleplusungood.

Encryption?

If they are this forceful in there attempts to spy on citizens, than how long do you think we can use encryption before they ban it (or at least mandate a government backdoor)?

User encryption raises even more flags

[BadassJesus]

it makes encryption for VoIP even more urgent

Big players like Skype or Google Talk will have to implement weak (gov breakable) cypher. And if you opt to use it you will automatically be in focus.

Skype

[CliffSpradlin]

And of COURSE Skype had to be bought out just months ago by an American company (eBay).

It doesn't matter for many VOIP calls

[petard]

Encryption for VOIP won't help in many scenarios that LEAs are interested in. If you're calling a land line from your VOIP connection, the end point on the land line won't be able to decrypt the conversation, so even if all of the VOIP traffic is encrypted you'll have to go to the PSTN in the clear. AIUI, that's what they mean by "interconnected".

Re:It doesn't matter for many VOIP calls

[Jah-Wren+Ryel]

even if they wanted to, LEA don't have the computing power available to monitor every call.

I'm too lazy to dig up the links, so go ahead and mod me for missing my tin-foil-hat...

With all the talk of Bush authorizing international wire-taps on US-to-non-US citizens, it came up that the most probably reason the NSA is involved (see the current case EFF vs ATT) is that the NSA's Echelon system does have the throughput to handle that kind of workload. That Echelon was initially designed to snoop on purely international traffic, but it is just as easily turned on US citizens if the right (or wrong) person wants it to be so.

Just from an algorithmic viewpoint - that kind of workload is going to fall in the "embarrasingly parallel" group which means you can just keep adding PCs to scale-up to a volume of phone calls that is limited only by floorspace and electricity.

DDOS

[ZachPruckowski]

VOIP works via packets with data describing the voice traffic, right? Suppose someone made a program to say "watchlist-words" constantly, and send them everywhere. How hard would it be for a terrorist to DDOS the FBI/NSA? I mean, if you randomize it, you can change pitch, volume, etc, as well as words. I have no idea how to do that exactly, but it doesn't seem infeasible.

There's encryption ......

[i_want_you_to_throw_]

and there's encryption. When you do find encryption make sure it isn't DES, NSA actually owns the patent on that one.

Hard to do encryption commercial services

[EmbeddedJanitor]

For encryption to be secure, you'll need to have end-to-end encryption. That is achievable for an organisation that is running its own VoIP system, but not really so for anything that is based on a commercial offering like Skype.

If Skype bows to FCC pressure (which they will) then they will not provide encryption in their service which means that the people using Skype won't be able to encrypt their calls.

Most people don't really care about encryption or wire tapping, but for those that do you can be sure some offshore service will pop up to fill the void.

traffic analysis

[r00t]

One can learn a lot by knowing:

a. who you call, when you call them, and for how long
b. who calls you, when they call you, and for how long
c. who these other people communicate with
d. what all these phone numbers are associated with (bank accounts, etc.)

Re:traffic analysis

[houghi]

How to avoid this Traffic analysis: Usenet
Post a picture on a newsgroup and put an encrypted message inside of it.
Usenet will distribute it for you. Not possible to see who actually has the correct key and tool to decrypt it.

Post it at one provider and Usenet protocol will see that it arrives with many other providers over all countries.

The sole reason for the picture is so that many people will download it from as many places possible, making a direct link not workable.

See it as the message send out during WWII. Jean has a grand moustache. I repeat. Jean has a grande moustache.

They know something is going out, but they have no idea for whom it is ment or what it means. It even could be just some pictures.

Re:traffic analysis

[Altima(BoB)]

That ethos is actually something that's been in use for quite some time by seemingly many groups, somewhat under our collective noses, Numbers Stations, shortwave radio transmissions with origin unknown that transmit codes of numbers or letters, repeat a few times, then disappear. Most likely they are for undercover operatives with a codebook.

The idea is that it's tough to track their origin (apart from perhaps the language of some of the short messages that accompany them, but even that could be a red herring) and it's impossible to track down who's recieving it. Also, if it's using a one-use key decoding system, it's impossible to decrypt a meaning from it. Finally, most of these stations reappear at regular intervals, there's no real way to tell if one day's message is "all clear" or if it's "commence with the plan tomorrow."

I find them fascinating, and for some reason, chilling to listen to.

Action Time!

[autocracy]

I've read so many things about our government as a whole's actions this year, and I'm really distraught. I walked into my Senator's office today, and discussed meeting with her. Usually, she only takes groups. I assume the same applies for most other Senators and Reps. Letters get ignored, e-mails are only seen by staff... who knows what happens to faxes?

My answer? A call to the /. community to organize in each Congressional district. Anybody who wants to assist in putting together these groups, please e-mail me. techroots@storyinmemo.com. If 15 of us in Southern Maine get together, we'll get a meeting. If we, as an organization, speak, we'll be much louder. Anybody, and particularly anybody in Southern Maine, I really want to hear from you. In a world that organizes online, if we can speak in real life too, we as geeks may be the most efficient people to form together.

Let's see if we can't stand a chance in hell of not being oppressed by the government we as a country vote for.

why is this a big deal?

Are slashdot readers all using encryption on their existing telephone lines? If not, why does it matter now that it's VOIP?

Re:Encrypting is a bad otpoins

[Travelsonic]

While I undersnad that you may have concerns about your privacy, you do not need to worry because you are not doing anything that the FBI will be intersted in.

Sorry, sugar coat it all you want, but that is jsut another variant of the fallacy that "If You're Doing Nothing Wrong There's No Need to Worry". For one you as the average citizen have no idea what kidns of clasified things the FBI does behind your back, or for that matter how that would work in with this issue, two even if there are promises from govt. officials about keeping provacy secure, histroy will tell you that this will either isn't true at all, will not be true for long, or is an honest ida gon awry.

If you aarre, than the system is working and you have no right to complain anywy.

What if you are doing what is "not wrong" tpo the average person and law abiding citizen then? Didn't think of that huh? Look back in history: Sacco and Vanzetti, the Red Scare, people of Japanese DECENT for christ's sake being sent to camps - even internationally things like the Jewish concentration camps in Germany tell you that this is not true all the time, and can not be treated that way safely.

AHA!

[Mr.+Freeman]

So this is what that Microsoft patent is really for.
http://yro.slashdot.org/article.pl?sid=06/05/04/22 38213

In all seriousness though, how many people will actually use VOIP to discuss illegal activity. If they know they're being monitored wouldn't they be more likely to use some more secure form of communication? Although, this brings up the question what do people sue to discuss illegal activity NOW if they know that they phones are probably monitored?

The key word...

[chill]

...is "connected". For the people whom I talk to the most -- family and some cyber-aware friends -- strong encryption on top of VoIP is the way I will go. Don't leave the Internet for the traditional POTS world and the CALEA doesn't apply.

http://www.philzimmermann.com/EN/zfone/index.html

Thank you (again), Phil.

  -Charles

I'll bite troll this is why govt spying is bad

[mrraven]

This no doubt a troll but I'll bite for all the confused kiddies out there who might take this argument seriously. If you lived in the Soviet Union the spies were OK right because if you weren't doing anything illegal you had nothing to hide right? Same for Nazi Germany, and the "legitimate" government of Britain in the American colonies in 1775.

But it's different now you'll protest those were tyrannies and we are in a democracy. Well listen up my friend it's ISN'T that different, the president is in DIRECT violation of the constitution by declaring war on his own whim only Congress can declare war according to the constitution (and no Congresses rubber stamp allowing the president to declare war was not legit), further that war was declared by the president based on lies (see the Downing Street memos), further we are torturing people, and used Napalm or a Napalm like substance on civilians in Fallujah which is war crime, further NSA wiretaps without a court order are a violation of the bill of rights, further we have by FAR the largest prison population in the industrialized world at over 2 million, 100,000s of which are in there for victimless drug crimes, or pissing off their neighbor and being turned in for "sex crimes." Do you start to see why some of us want to be able to communicate without the government butting into our damn business?

Re:I'll bite troll this is why govt spying is bad

[BalanceOfJudgement]

"No government is worth killing or dying for."

Unless you're dying to destroy that government, if it has violated the social contract that allows it to operate.

This government, has. This government, and almost every Western government in the world, is guilty of high treason against its own people.

There will come a day when they pay the price for treason.. and there is only one price for treason.

I can't wait for that day.

Re:I'll bite troll this is why govt spying is bad

[greenrom]

Perhaps today would be a good day for a brief civics lesson. Here is the text of the fourth amendement.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

There is no absolute protection of privacy granted in that amendment. In fact, it wasn't until 1967 in Katz vs. United States when the Supreme Court ruled that the fourth amendment could offer protection against wiretaps, reversing previous rulings that said the opposite. In the Katz ruling, the court extended the definition of "search" to include government intrusion into something in which a person has a reasonable expectation of privacy. Even after the Katz ruling, the fourth amendment only offers protection against unresonable searches. There are still a lot of cases when the government can conduct a search and violate your privacy. One obvious time is when a warrant is obtained for the search after probable cause of a crime is presented to a judge. However, there are other cases where searches are not deemed unreasonable. If a police officer is walking by your house and hears screaming and believes someone is in danger, he can forcefully enter your house without a warrant. There's no violation of the fourth amendment because under the circumstances, entering the house to ensure the saftey of another person is not considdered an "unreasonable" search. If you are stopped for a traffic violation, the police officer is free to shine his flashlight in your window and look around the passenger area. That's because the courts have ruled that if items are within view, there is no expectation of privacy. As for the NSA's warrantless wiretaps, those are certainly in the gray area. The president argues that warrantless wiretaps of international calls are permitted under Article II as part of the military authority granted to the executive branch so long as the wiretaps are used for intellegence gathering related to national security, not criminal investigations. Others argue that the wiretaps are an unreasonable government intrusion when there is an expectation of privacy. Both arguments have merit, and reasonable people can have different opinions on the legality of these wiretaps. This is really an issue that needs to be resolved by the courts.

You seem to have many complaints with the United States government. I doubt there was ever a time in the history of the United States when you would have been happy with this country's laws or actions. In fact, I doubt there was ever a country in the history of the world in which you would be content. However, I hope I'm wrong, and I hope you find a place to live where you will be happy. If you do, I hope your utopia is as perfect as you envision.

Every back door can be abused

[cpu_fusion]

As the convenience for the government to wiretap increases, the ease for a third party (inside or outside the government) to abuse such a mechanism also increases.

There was a debate back in the Clinton era as to whether or not encryption on the Internet needed a "back door" for the FBI. I had thought that the argument regarding the potential problems safeguarding these "master keys" had won out. Having the FBI spying on you with a warrant is one thing, but having organized crime, a private investigator, or some rogue arm of government (quite a few of those these days it seems), ... that's another thing entirely.

If you trust the government not to abuse this, then consider whether you trust the government to be able to effectively safeguard access to this. Ignoring social engineering (e.g. $), how likely is the government to have every bit of this infrastructure protected against stealthful 3rd party break-ins?

Suddenly blackmail is going to get a lot easier.

It took many decades for the Internet to flower and change the world with its freedoms. It is taking far less for the governments of the world to deflower the Internet and sow the seeds of thought control.

How would this work?

[jamesh]

Properly implemented, SIP (common VoIP protocol) works like this:
A='A Party' - the person making the call
B='B Party' - the person receiving the call
P='Proxy' - the VoIP provider

A and B register with P.
A makes a call to B:
. A requests P that it be put through to B
. P contacts B, B's phone rings
. B answers
. P lets A know B's details
. P lets B know A's details
. A and B exchange voice traffic directly, without involving P

This allows latency to remain low when, say, A and B are in Australia and P is on the other side of the world.

To perform a successful wire tap in this scenario, the FCC would need to intercept the data at multiple points, possibly in separate countries.

Alternatively, P can tell A and B that there is too much firewalling in place and that all voice traffic must go via P, but by doing this they are giving the game away... it would be easily detectable by A and or B if they were smart enough to know what was going on.

Compatibility mode

[FLEB]

The only road-block is that the other person you're talking to has to have the same setup. For 99% of people, it isn't worth the cost. For businesses & gov't agencies, it certainly is.

(Ring-ring...)
(Ring-ring...)
(Recorded voice) "This is an encrypted telephone call. It appears you do not have a compatible decryption device. Please have a pencil and paper ready, and follow along as I read you some simple instructions. First, write a list of 256 random numbers from 1 to 16. When you have completed this step, press pound."

(scribble-scribble-scribble... bleep.)

(Recorded voice) Now, divide the first number by... six, noting the remainder.
Divide the second number by... twelve, noting the remainder.
Divide the third number by... eight, noting the...

Use IP to IP Dialing To Bypass VOIP Backdoors

[Junior+Samples]

I regularly use VOIP via Free World Dialup (FWD). This system uses the SIP protocol. FWD servers seem to have frequent outages. To get around this problem, I've found that I can use direct IP to IP dialing and bypass FWD's servers completely. IP dialing is cumbersome, but you can put the dialed addresses in a speed call list and use 2-digit dialing. This works very well. There's a side benefit of no call logging since the provider's server is being bypassed. In theory I can call any SIP phone that's connected to the internet whether they're on Vonage, Packet Eight, or any other network, if I know their IP address.

Right now there are about a half dozen members of our private network. We're all registered with dyndns.org to solve the problem of dynamic addressing. We're all using Sipura Network adapters to connect a regular telephone to the Internet. The Sipura adapters accommodate dialing by hostname or IP address. The latency is lower with direct IP dialing because the voice packets are not routed through FWD's STUN or NAT servers.

This method is more secure since you're not dependent on any VOIP provider. The back doors that they provide for government spying can be bypassed. Encryption would be difficult but not impossible because it would have to be implemented in the Sipura firmware. SIP software phones will also work with direct IP dialing.