Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Privacy

VoIP Wiretapping 284

pisqon writes "VoIP News has an article discussing a U.S. government decision that will extend wiretapping regulations to the Internet. From the article: 'The Federal Communications Commission voted 5-0 last week to prohibit businesses from offering broadband or Internet phone service unless they provide police with backdoors for wiretapping access. Formal regulations are expected by early next year.'" Update: 03/28 04:52 GMT by Z : As several readers have pointed out, this story is a mite out of date. Good conversation in the comments, though.
This discussion has been archived. No new comments can be posted.

VoIP Wiretapping

Comments Filter:
  • Only makes sense (Score:3, Interesting)

    by SithGod ( 810139 ) <dcanders@umich.edu> on Sunday March 27, 2005 @04:50PM (#12061771) Homepage Journal
    As long as wireteps for VOIP phones fall under the regulations for wiretaps on normal phones, I don't see any reason that it shouldn't be allowed. Otherwise VIOP will be seen as a haven for criminals trying to circumvent weiretaps instead of a legitimate technology
    • by QuantumSpritz ( 703080 ) on Sunday March 27, 2005 @04:53PM (#12061780)
      Seems that the real savvy shady types would run their own VOIP in lieu of commercial services - unless you could encrypt between the end users, somewhat difficult given a commercial POTS/VoIP bridge. Anyone who knows what they're talking about want to sound off on this?
    • by Eric(b0mb)Dennis ( 629047 ) on Sunday March 27, 2005 @04:55PM (#12061791)
      See, that doesn't make sense.

      A criminal needing to communicate privately can do it a number of ways.. being encrypted email.. encrypted IM..

      How can wiretaps even be remotely useful anymore? Unless you catch someone who is being stupid and talking on a potentially insecure phone line about something he shouldn't have done..

      there are so many other ways that are much safer, doesn't make sense
      • by kaiser423 ( 828989 ) on Sunday March 27, 2005 @04:59PM (#12061817)
        Surprisingly, a lot of criminals get caught that way. It's a pretty big hassle to make sure that everything is 100% encrypted, secure, etc. Most of them slip up once, and then it's all over.
      • Re:Only makes sense (Score:5, Interesting)

        by EvanED ( 569694 ) <evaned@gm3.14159ail.com minus pi> on Sunday March 27, 2005 @05:04PM (#12061845)
        There are theives who leave their wallets at the scene of the robbery. Or who buy something with their credit card immediately before holding someone up. Or who call the police to tell them that their marijuana cache has been stolen. It's asking a lot to have them be careful with encryption.

        Sure, you're not gonna catch Danny Ocean that way (sorry, just saw Ocean's 12 last night), but you will get 95% of people you're after.
      • by gl4ss ( 559668 )
        *How can wiretaps even be remotely useful anymore? Unless you catch someone who is being stupid and talking on a potentially insecure phone line about something he shouldn't have done..*

        a lot of people are stupid, when they're high on drugs they're even more stupid.

        anyways, this is not about deciding if wiretaps are useful or not, it's just about deciding that you don't get out of the wiretapping requirement simply because you use this new technique called voip to provide the end line to the user.

        does th
      • Re:Only makes sense (Score:5, Informative)

        by nmb3000 ( 741169 ) on Sunday March 27, 2005 @05:19PM (#12061926) Journal
        How can wiretaps even be remotely useful anymore?

        Very simple. Phones are still very widely used and as others have pointed out, wiretaps often still provide evidence to be used in a trial. Preventing VoIP phones from being able to be tapped is just inhibiting our ability to prosecute criminals effectively.

        Just because there are other, better ways to communicate secretly, it certainly doesn't mean your average theif, drug dealer, income tax evader, or whatever uses them. Phones are easily accessible, cheap, a very large majority of people have them. Obviously they are an ideal and often the first thought of way to communicate.
      • Re:Only makes sense (Score:5, Interesting)

        by CSMastermind ( 847625 ) <freight_train10@hotmail.com> on Sunday March 27, 2005 @05:21PM (#12061938)
        The FBI plays mean tricks on people. My Aunt and her husband wanted for murder, embezzlement, and some more minor crimes. They both ran away in the early eighties. Agents called my grandmother's house pretending to be doctors and told her the her daughter was in a New York hostipal in critical condition. They had her phone tapped and were hoping that if she knew where Connie was that she would call her back and they'd be able to trace the call. The point of tapping phones is that they're one of the most widely used means of communication.
        • by Nogami_Saeko ( 466595 ) on Sunday March 27, 2005 @05:30PM (#12061977)
          Well yes, that is mean... But it's somewhat less mean than murder and embezzlement...

          But the point stands that this will only catch small-timers that aren't smart enough to set up encrypted communications.

          Anyone who thinks that big organized crime doesn't have their own IT guys who know this stuff forwards and backwards, and set up secure communications and encrypted storage for their bosses is a fool.

          N.
          • Anyone who thinks that big organized crime doesn't have their own IT guys who know this stuff forwards and backwards, and set up secure communications and encrypted storage for their bosses is a fool.

            Obligatory Sneakers quote:
            Martin: Organized crime?
            Cosmo: Hah. Don't kid yourself. It's not that organized.
      • by ShieldW0lf ( 601553 ) on Sunday March 27, 2005 @05:43PM (#12062035) Journal
        How can wiretaps even be remotely useful anymore? Unless you catch someone who is being stupid and talking on a potentially insecure phone line about something he shouldn't have done..

        As far as VOIP goes, it's very significant that it allows you to cross the line between the internet and the telephone network and breaks the government tracking of that relatively closed system on a global scale. The internet isn't just implemented in a fashion that is open and relatively uncontrolled, it is also destroying the existing control of another network by interfacing with it. Would you really not expect a response from the governments who have benefited from that control?

        Outside the VOIP thing, even if you can't crack into someones communications, I can think of lots of benefits in being able to monitor their lines if you're trying to investigate them. Unless they're flooding their channel with a constant encrypted data stream to you can track the timing of their communications. You can track where the communications are being relayed from and to. And you can track what they communicate anytime they access systems that are outside the closed system they would presumably be using for their communications.

        I'd suggest you stay away from a life of crime... you don't seem to have a very good understanding of the dangers involved :P
      • Anyone who really minds about security will take care of it himself and NOT rely on the 'secure network', promises by the providers etc. A part of being paranoid is _exactly_ that you do not trust your security in the hands of others. Personally, wherever I am in the world, I download an ssh client on personal web space that I know is not compromised, and I am far from a security freak.

        Big question is: although crime benefits from a little discretion, maybe not all criminals are fully aware of security.

      • If you're going to propose that this is a bad idea and there are much safer ways to do this, you'd better back up your statement...

        Even those things you mentioned above (email, im) seem just plain silly because the medium you're talking through requires delay.. on the phone you actually hear the person you're talking to on the other side.
    • That only makes sense if you believe that unrestricted monitoring of private communications between U.S. citizens is legitimate. Personally, I don't. Allowing one bad regulation to justify another bad regulation is unreasonable in and of itself.
      • Re:Only makes sense (Score:3, Informative)

        by Atzanteol ( 99067 )
        That only makes sense if you believe that unrestricted monitoring of private communications between U.S. citizens is legitimate.

        Then it's a good thing that we don't. Read up [cornell.edu].
  • Uhh, VoIP is digital (Score:4, Interesting)

    by Eric(b0mb)Dennis ( 629047 ) on Sunday March 27, 2005 @04:51PM (#12061773)
    Being that VoIP originates from the callers machine digitally, it would be easy to add encryption to the transmission. Please comment, do any current VoIP services clients or other free/open-source clients already offer this feature?
    • Encryption is a very important part of VoIP - without it, anyone on the network could rather easily sniff the conversations. I am guessing whatever access is wanted here includes the keys to decrypt the conversations.
    • by Op911 ( 593600 )
      Isn't skype supposed to be encrypted? Thought that was one of the big deals about it (Besides the sound quality) http://www.skype.com/ [skype.com]
    • by paul248 ( 536459 ) on Sunday March 27, 2005 @05:06PM (#12061859) Homepage
      We have Vonage at home, and I know that it's definitely not encrypted. I've played with using Ethereal to record a conversation, and it's able to decode the RTP streams into plain audio files, one for each direction. So, all you need to wiretap Vonage is a computer sitting between the source and destination.
    • Boring!!! (Score:3, Informative)

      by ImaLamer ( 260199 )
      It's already been done [pgpi.org]... /joking
    • Hm. Even if the content is encrypted, one could still conduct traffic analysis since each forwarding system has to know where to forward the packet.

      Granted, there may be a way to use client-level multihop source routing with encryption so that each stage only knows the next link the client wants the packet forwarded to, but that's a step that may be less obvious to take than merely encryption of content. Running a server that permitted this might also be rare enough to raise red flags.
      • If I'm not mistaken, that's how Skype works. All the voice data is encrypted and routed through peers. Though whether it's truly multihop ("each stage only knows the next link the client wants the packet forwarded to") I don't know for sure...
  • by Seumas ( 6865 ) on Sunday March 27, 2005 @04:52PM (#12061775)
    At least we can all rest safely knowing that there's no way "bad guys" could utilize the same provisions to listen in on personal conversations over IP!
  • Internet too? (Score:5, Insightful)

    by DreadPiratePizz ( 803402 ) on Sunday March 27, 2005 @04:52PM (#12061776)
    I can understand requiring backdoors to VoIP telephones, but to the internet and instant messaging clients too? Pretty soon good old fasioned postal service will be the only way to truly privately communicate. They can't open personal letters, can they?
    • every letter you send is scanned by a NMR device giving a pattern of ink. the letter can then be digitally "unfolded" and read (it helps protect your privacy to write on both sides of the paper and then fold it in an unusual way - see any oragami textbook for further details). in practice the letters aren't read but scanned by OCR and fed into the usual federal database for screening for keywords.
      • Do you have any references for this? I'd like to read further if this is backed up by something and not just a conspiracy theory.

        So come on, cite some material we can look at here to back up your claims.

        Thanks!
        • oh come on! it's a joke. I reference origami textbooks ffs :-)
        • I've seen video footage on something like discovery or PBS once about regular mail and how these machines can open letters and look inside without destroying the paper or glue, as long as it is shut again within a fraction of a second it seems. They opened them at what seemed to be like the regular place you lick and glue shut on a normal envelope.
          I don't think they where really reading the letters or contents, but they were able to sniff for certain chemicals and flag those letters for closer inspection.
    • Pretty soon good old fasioned postal service will be the only way to truly privately communicate.

      This is precisely why tools such as PGP are so important. Without them how could you possibly have any notion that your communications are actually private?
      • >This is precisely why tools such as PGP are so important. Without them how could you possibly have any notion that your communications are actually private?

        yes and it only works with open source code you've inspected and compiled yourself - anything else will be required to have such a backdoor installed for the government to use.
    • by Kjella ( 173770 ) on Sunday March 27, 2005 @05:22PM (#12061939) Homepage
      They can't open personal letters, can they?

      Sure they can. A warrant is a temporary suspension of your normal rights, after having proven reasonable suspicion to a court of law. If you're going to quote me the amendment, it is unlawful search and seizure. As long as they go through the proper channels, they can know what toothpaste you use, and how many condoms are left in your bedroom drawer. [Bad geek joke] For anyone here, that means all of them [/joke]

      Kjella
    • I can understand requiring backdoors to VoIP telephones, but to the internet and instant messaging clients too?

      Why should one particular medium be immune? People have gone to jail because of fatal disclosures in their email. IM isn't particularly different in that respect.

      Pretty soon good old fasioned postal service will be the only way to truly privately communicate. They can't open personal letters, can they?

      They can open anything, if they can show enough probable cause [answers.com] to get a warrant. (The Patrio

    • Re:Internet too? (Score:5, Interesting)

      by Degrees ( 220395 ) <.em.hcsireg. .ta. .seerged.> on Sunday March 27, 2005 @09:02PM (#12062975) Homepage Journal
      They can't open personal letters, can they?
      Of course they can. They are not supposed to, but they can, and do.

      I vividly remember my dad going into a rage when his mail was being read by the local post office. He went to the mailbox, and I followed him (I was a little kid, it was natural for me to follow.) Had the letter in his hand, shaking it, saying "Look at this! Look at this! These bastards are reading my mail!" The whole top of the letter had been ripped open, and then taped shut.

      At the time, he was a semi-high mucky-muck in the Republican Party in California. If the letter came from from party headquarters, some democrat (presumably) opened the letter and read it. After opening and reading it, they'd tape it shut, rubber stamp it with "sorry, damaged in handling", and send it on. Complaints to the local Post Master were ignored (federal government workers, at least at that time, were almost all Democrat, for some strange reason....) For a little more information, see the paragraph under Hobbies list here [comcast.net].

      Privacy invasion is more subtle now, but there is zero reason to think things have changed for the better since then.

  • netmeeting (Score:4, Insightful)

    by mattyrobinson69 ( 751521 ) on Sunday March 27, 2005 @04:53PM (#12061779)
    What about netmeeting and other such protocols for voice/video over IP? would these be affected by these new laws?
    • Re:netmeeting (Score:5, Informative)

      by PedanticSpellingTrol ( 746300 ) on Sunday March 27, 2005 @04:55PM (#12061798)
      That's what the Justice Department was asking for, but the FCC ruled that the wiretap laws only apply to systems that interface with the PSTN.

      For now....

      • Re:netmeeting (Score:3, Informative)

        by Whyte ( 65556 )
        Depending on the circumstances, DoJ can always apply for a FISA pen trap and trace warrant. Due to FISA changes by the non-sunsetting sections of Title 2 of the USA PATRIOT Act, the procedural differences between PSTN and "other" communications mediums have pretty much disappeared entirely. Even content warrants under FISA can avail themselves of these changes (which is scary seeing as how what electronic content actually is isn't well defined in law).
  • by ivi ( 126837 ) on Sunday March 27, 2005 @04:54PM (#12061783)

    Remember the "can't export crypto technology" era?

    Those who did their crypto development outside USA
    were exempt from the restriction (mostly), ie,
    since they wouldn't have to export code in an
    electronic form.

    Perhaps software-only VoIP systems like Skype
    will be exempt from the FCC's "must provide a
    backdoor" ruling.

    Has Skype made any statement on its position?
    • by Mike deVice ( 769602 ) on Sunday March 27, 2005 @05:45PM (#12062049)
      From TFA:

      Skype CEO Niklas Zennstrom told me last fall that "we do not have any legal obligation to provide any means for interception" in his company's VoIP software. How will you force a company based in Luxembourg to insert backdoors in its software when it has no obligation to do so?

      This doesn't qualify as an official statement from Skype, but it pretty much says it all, I think.

    • Comment removed based on user account deletion
  • by chiapetofborg ( 726868 ) on Sunday March 27, 2005 @04:55PM (#12061789) Homepage
    Personally, I don't have a problem with the security thing. It's just for the police, and I personally don't have anything to hide from them. If it makes our country safer, sure, but the bulleted list in the article is a bunch of good points. Some of which I highlight below: Your request to the FCC said that broadband and VoIP companies may raise prices to "recover their CALEA implementation costs from their customers." How do you square higher prices with President Bush's speech in March calling for "affordable broadband" for all Americans? Congress gave telephone companies $500 million to buy new equipment to comply with CALEA. Why should Internet companies not receive the same treatment? Is it because Verizon, SBC and the other former Bells have well-connected lobbying outposts in Washington, D.C.--but Vonage, 8x8 and other VoIP start-ups do not? Don't get me wrong, I'd prefer a secure form of encryption, and I'd want to be sure that only the authorities have such access (like via the ISP directly?), but I'm not opposed to wiretaps, I'm just looking for equity and consistency.
    • by John Seminal ( 698722 ) on Sunday March 27, 2005 @05:14PM (#12061902) Journal
      That is what Isreal has been doing for how many years? Somehow, there is always an endless supply of people willing to blow themseleves up in a final statement of resistance. Often, taking your loved ones with them.

      Personally, I don't have a problem with the security thing. It's just for the police, and I personally don't have anything to hide from them.

      The USA is not designed to have a transparent citizenship. The USA was designed for government to be transparent. Everything our founding fathers did was designed for maximum personal freedom, maximum personal privacy, and to minimize the chance of government curruption. And over the past 20 years, under republican control, we have lost many rights your grandparents took for granted.

      During WWII we locked up anyone who had slanted eyes because they *might* sympathize with the enemy. We tried countless times to kill Casto. We assasinated the head of state of Chili. Lets face it, the USA does not have a good history when it comes to human rights. Whenever someone with money thinks someone without money is a threat, the powers that be make life a living hell on everyone.

      • Re: (Score:3, Insightful)

        Comment removed based on user account deletion

      • And over the past 20 years, under republican control, we have lost many rights your grandparents took for granted.


        We lost rights under republican control? Um... Communications Decency Act, DMCA, Child Online Protection Act, Clipper Chip, crypto export restrictions? Remember all those blue ribbons all over the web during the late 90s? Any of this ring a bell? The democrats are certainly a second close.

    • by Anonymous Coward
      You don't have a problem with the concept of universal government surveillance, historically the dream of dictatorships and totalitarian regimes, you do have a problem if it raises the cost of your broadband access? Thanks for succinctly explaining how Bush was elected twice.
    • by orthogonal ( 588627 ) on Sunday March 27, 2005 @06:51PM (#12062414) Journal
      "Personally, I don't have a problem with the security thing. It's just for the police, and I personally don't have anything to hide from them."

      Presumably you're not a pretty girl, then. [slashdot.org] Thanks to Safety Cap (253500) for this story of a on-duty cop copying nudie pics for his off-duty enjoyment.

      But that's only one cop. Click for the Top 10 List of Police Database Abuses [g4tv.com].

      It includes such charming cop activities as "Prosecutor's Office Uses Database to Smear Prosecutor's Political Opponent", "Police Lieutenant Charged With Abusing Database to Influence Elections", and "Cop Uses Database to Find Woman's Unlisted Phone Number -- Gives It to Woman's Ex"

      But that's just local cops you say? We can trust the FBI, you say? Well, Martin Luther King [thirdworldtraveler.com] couldn't.

      And the FBI even tried to get the Mafia [thirdworldtraveler.com] to silence Dick Gregory when he spoke against narcotic trafficking. And framed environmental activists [thirdworldtraveler.com]. Not to mention COINTELPRPO [thirdworldtraveler.com], or the FBI helping Chicago police murder Fred Hampton in cold blood [providence.edu].

      But that's all in the past you say? Well, if two years ago [labournet.net] is "the past". [sfgate.com]

      But you have nothing to hide, so I guess you're safe.

      Tell that to "[m]ost of the 110,000 persons removed for reasons of 'national security' [who] were school-age children, infants and young adults not yet of voting age" [pbs.org] forced by the U.S government to move to:
      * Manzanar War Relocation Center
      * Tule Lake War Relocation Center
      * Heart Mountain War Relocation Center
      * Minidoka War Relocation Center
      * Topaz War Relocation Center
      * Poston War Relocation Center
      * Gila River War Relocation Center
      * Granada War Relocation Center
      * Rohwer War Relocation Center
      * and Jerome War Relocation Center

      You, know, mostly I let the links speak for themselves. I'm going to deviate from that this time, and I'll get modded down for it, but sometimes you just have to say it.

      You don't deserve to vote. You don't deserve the nation created by Jefferson and Madison and Washington. You don't deserve to inherit the legacy of the brave men and women who sacrificed their lives to make America (more or less) free.

      YOU DON'T DESERVE TO BE AN AMERICAN.


      It's one thing if you realize that government is always a threat to liberty, and weighing the alternatives, reluctantly decide to cede more power to the government.

      But you aren't doing that. With the whole frigging internet at your finger-tips -- much more than Thomas Jefferson ever had -- you can't even be bothered to type into Google "police surveillance abuse" and read the fucking history of your own fucking country.

      Instead, you just blithely assume that since what you're doing isn't illegal yet that since you're not on a watch-list yet that the color your skin or your accent or your politics aren't "suspicious" yet, you can sit back fat and happy without giving thought to how this might affect others or even -- governments and laws do change -- yourself in the future.

      And yet you get to go into a voting booth and pull the lever because of people who did know better and who made the hard choices and who often die
  • by Fudge.Org ( 7036 ) on Sunday March 27, 2005 @04:55PM (#12061796) Homepage Journal
    Date: August 9, 2004

    Why is this "news"?
    • Why is this "news"?

      Are you implying that things that have happened in the past aren't news? It may not be new news, but it's still news...Then again, I'm sure with some digging somebody can find the original /. article about this that was posted in August (and September, and again in October)... : p
      • No, it's not new news. Or even new news. ;-) I didn't do an exhaustive search but I found this article on /. [slashdot.org] The links contained here point to the exact same copy that was on news.com by Declan that was later covered and published as "Fahrenheit FBI" [com.com] This appears to be the text picked up as new news by the crack team of editors here at /. for this pointless blurb. What a difference 5 whole days (several months ago) can make?
  • Encryption (Score:2, Interesting)

    by slifox ( 605302 )
    The difference between VOIP and regular telephones is that with VOIP its not too difficult to add a layer of encryption transparantly, which would easily foil any wiretapping.

    Just encrypt the audio in whatever software you use...
  • So encrypt it (Score:3, Interesting)

    by Albanach ( 527650 ) on Sunday March 27, 2005 @04:56PM (#12061803) Homepage
    While it's connecting to POTS there's not a lot anyone can do, indeed I'm surprised this isn't already the case. However for computer to computer calls via SIP or one of the many other protocols encryption of the actual voice data should be possible.

    That way, just like PGP or S/MIME encrypted email, they'll be able to see who you called and at what time, but not what you said.

    Perhaps now is the time to make sure VoIP offerings can be easily encrypted - before they are taken up by the masses. If high grade opportunistic encryption was available it might jsut be used, whereas to trya nd introduce it retrospectively... well we all know how successful that has been with email.

  • by xlurker ( 253257 ) on Sunday March 27, 2005 @05:01PM (#12061825) Homepage
    now necessarily using "ssh" but everyone should know how that is meant...

    as soon as the VOIP software offers encrpytion plugins on both side of the line, wiretapping is just as feasable as reading encrypted email or viewing ssh-terminal sessions...

    this won't work... the most likely thing that will happen is that the service providers will leave the country. Or worse, that companies outside will be more competitive and push local companies out of the market.

    What's to prevent a company in India from making this software for willing costumers to use?

  • Crypto? (Score:3, Interesting)

    by shutdown -p now ( 807394 ) on Sunday March 27, 2005 @05:02PM (#12061831) Journal
    Does this mean that protocols supporting (or requiring) strong encryption are basically forbidden by that, since there's no way they could be wiretapped?
  • by joey_knisch ( 804995 ) on Sunday March 27, 2005 @05:02PM (#12061833)
    Mandatory backdoors in software... Looks like I will be buying some Microsoft stock.
  • hahaha (Score:3, Insightful)

    by Anonymous Coward on Sunday March 27, 2005 @05:03PM (#12061835)

    keep that finger in that leaking dyke, we wouldnt want all the water to rush out

    ever think the "bad guys" are the people listening not the people talking ? whatever USA can tap all they like the bad guys will just use any number of public encryption methods to talk, you would think the gov would realize this, but "intelligence" isn't something they seem to be blessed with

    • Re:hahaha (Score:3, Funny)

      by drinkypoo ( 153816 )

      keep that finger in that leaking dyke, we wouldnt want all the water to rush out

      Besides, some people actually pay good money to do things like this.

  • by John Seminal ( 698722 ) on Sunday March 27, 2005 @05:04PM (#12061843) Journal
    But I think phone calls should be private, and the only way for a police department or FBI to wiretap should be with a court order. There should be hoops to jump through, and it should not be easy to do.

    But maybe there is more to it?

    Congress gave telephone companies $500 million to buy new equipment to comply with CALEA. Why should Internet companies not receive the same treatment? Is it because Verizon, SBC and the other former Bells have well-connected lobbying outposts in Washington, D.C.--but Vonage, 8x8 and other VoIP start-ups do not?

    According to the article, congress gave telcom companies $500,000,000 to enforce the laws they passed? Why doesn't the government give me money to enforce their pollution laws, so I can get my car fixed up. Instead I have to pay to comply with the law.

    People must be aware they are giving something up here. They are giving away freedom. What if some day comes, when a David Duke wins the white house? Congress is filled with people who vote along lobbyist lines. And we end up with laws that remove our consitutional rights- like having police wiretap without a warrent or snoop around the library to see what we are reading. What if they take away our 2nd amendment rights, first by requiring registration, than banning assult style wepons, then slowly, state by state, taking away wepons you already own. What if the states decide to put up a camera on every street corner.... then one day in your house.

    The point is the founding fathers did not add the Bill or Rights because it sounded like a nice set of rights. They added those Rights so the people could fight an overbearing government if the need ever came. What if England had decided the colony could not have any guns, and decided that neighbors must report what other neighbors say. We would not be a country today, we would be English. The founding fathers gave people certain Rights to make sure we stay free.

    Those that give away those Rights are comminting suicide for the rest of us. They are chaining us all. Rossoue was right "Man is born free, yet everywhere he is in chains". People, don't give you your rights!

    • I think the real problem with this battle is that there is no battle. We are fighting ourselves.

      Accepting the idea that the government is somehow a separate population from the people is what starts making that idea truth. WE ARE THE GOVERNMENT.

      I am not afraid of the people who make and enforce the laws because I know that there are more of us than them, and there always will be. I trust society will do what's in it's own best interests to ensure justice is met. I realize that I might have to face injusti
      • is what the gov. is now, not our society. Over time, Americans were allowed to be so, but patriot act removed that. Problem is that patriot act ii gave the gov. the ability to create new hidden laws. Basically, we are operating much the way that USSR used to; they were allowed to spy on their citizens if it was for the common good. (for the nazi type out there, yes, I know that patriot act is an acrinom and should be capitalized).
    • But I think phone calls should be private, and the only way for a police department or FBI to wiretap should be with a court order.

      And that's what CALEA gives them. So in this case you actually agree with the government, even if you don't realize it.

      According to the article, congress gave telcom companies $500,000,000 to enforce the laws they passed? Why doesn't the government give me money to enforce their pollution laws, so I can get my car fixed up.

      You're not a monopoly with an army of lobbyists.
    • They don't need to take away 2nd amendment rights. The average gun-owner sides with those taking away rights. This is why the "2nd Amendment" violent uprising scenario won't occur - to the average red-state gun nutter, these are good times.
  • Did I miss something here? John Ashcroft isn't the AG anymore either. Not that this isn't odious, but uhm what's new?
    • The man leaves, but the stench remains.

      And I can't resist it... the only guy to lose his senate seat to a dead guy. What an asshat.

      BTW, even though Ashcroft is gone, that does not mean that many people he hired are gone. The people he advanced to leadership positions are now the ones running the show. Think about that. That is how a shadow government forms. Right now Ashcroft is probably in some high level burrocrat's office lighting up a cigarette while influencing world events.

  • by G4from128k ( 686170 ) on Sunday March 27, 2005 @05:18PM (#12061919)
    One could always use two VOIP providers. Call on one, have the other party call back on a second VOIP, and run two simultaneous half-duplex conversations. VOIP 1 would handle voice from A to B and VOIP 2 would handle B to A. Unless the wire tap is on the ISP (and the feds can merge the two separate streams) they would only get to listen to half the conversation.
  • by lax-goalie ( 730970 ) on Sunday March 27, 2005 @05:30PM (#12061978)
    ...is that when white-hat cops get legal court orders for good VOIP wiretaps, smart "bad guys" will be using the phone to chat about the weather, and using encrypted P2P messaging to do their real communication.

    Time and resources will go into collecting and analysing the recorded voice conversations, which will be wasted, and oftentimes nobody will be bothered to think of other ways wiretap targets may be communicating.
  • by Sloppy ( 14984 ) * on Sunday March 27, 2005 @05:38PM (#12062014) Homepage Journal
    All this does, is show how desperately infeasible it is, for law enforcement to continue to be able to rely on wiretapping. Their request, which essentially is to have a USA-mandated and USA-controlled backdoor in every cryptographic library in the world, is the only way to be able to guarantee that nobody is ever able stream information that they won't be able to access. (Well, it's the only way short of a cryptanalysis breakthrough that makes the whole concept of 'backdoors' obsolete.) But of course, this is impossible, for both practical and jurisdictional reasons. I mean, they haven't even been able to keep me from playing DVDs on my computer.

    LE needs to face up to the fact that their job is going to get harder, and there's just nothing they can do about it. Either they'll have to intercept communications by other-than-remote means (i.e. break into someone's house and install a bug), or socially engineer around crypto, or just somehow gather evidence about crimes by means completely different than intercepting communication.

    It's a shame. There are probably legitimate uses for wiretapping, where it can be used to obtain information about actual crimes. But so much goodwill has been squandered (e.g. the drug war, etc) that I doubt many people will care about the loss of this tool. The terrorist angle probably helps a little, but people are getting pretty jaded about that too.

  • BOHICA.... (Score:3, Funny)

    by pair-a-noyd ( 594371 ) on Sunday March 27, 2005 @05:40PM (#12062021)
    We welcome our new Soviet Cheka/KGB overloards..
  • identification (Score:2, Interesting)

    by fred133 ( 449698 )
    So,When is FBI going to send out those letters stating that I must appear at XXX address to get my personal ID number TATTOOED on my forearm?
    (It won't hurt,just a little pinch...)
    • Re:identification (Score:3, Interesting)

      by t_allardyce ( 48447 )
      What? allowing you to actually see your personal ID? thats so last decade, nowdays they just take your finger and iris scan and keep it all locked up in a database (McDonalds can see it, not you).
  • by billstewart ( 78916 ) on Sunday March 27, 2005 @05:47PM (#12062059) Journal
    Most VOIP protocols, like most P2P file-sharing programs and many Instant Messaging systems, use some kind of centralized directory server to handle database lookups and initial connection messages, and end-to-end connections directly between the end users to carry the actual conversation. For VOIP-to-telco gateways, wiretapping is easy, because you can do it at the telco end and just add some database support.

    For pure IP telephony, though, the obvious way to wiretap is to tweak the call setup, so instead of the voice channel going from Alice to Bob, there are two voice channels, from Alice-to-KGB and KGB-to-Bob. Even if there's end-to-end encryption on the voice channel (which is sadly lacking in too many implementations), that doesn't stop the wiretap from working, because the KGB is an endpoint and has the key. If you have an adequate public key infrastructure, you can prevent this by authenticating the call setup messages. But if you don't have that, you're toast; in some cases you can use SSH-like "remember the signature key they used last time" protocols, or you can read your Diffie-Hellman authentication message over the phone if you recognize the other person's voice, but for tricks like that, your VOIP software needs to give you visibility into and ideally control over that process.

    So regulatable VOIP service providers, who handle the database lookup portion of calls in countries with wiretap-greedy spooks, may be forced to pay extra to develop wiretap-friendly control software. An intermediate step, which the FBI has been all too successfull in getting US regulators to approve, is to get visibility into the call setup process, similar to old-fashioned pen registers, so they at least know who's talking to whom, and can often get that from the telcos without a formal warrant, using some less-stringent process like an administrative subpoena, and often with gag orders forbidding the telco to tell the wiretap victim.

    That's a big problem with closed applications such as Skype, by the way - even if they use some good crypto algorithms, which they say they do, you can't tell what they're doing with them, and whether they're leaking authentication information. (Too bad, because they're a non-US provider who might be harder to bully, at least if they build some corporate separation between their software developers and their VOIP-to-Telco service providers, which I'm not sure if they have.)

    Asterisk is open-source, which has the advantage that you can see if something like that is built in, and also has the advantage that it's usually operated by end-users, not by service providers. The SIP protocol family is designed to support proxies and indirection which are useful in building services where some bits are managed by one entity and some by another, e.g. PBXs at both ends, a directory service provider or two in the middle, maybe some voicemail providers or conferencing servers or whatever - it's a big step up from the old H.323 protocols, which pretty much required building closed systems.

  • by Fuzzums ( 250400 ) on Sunday March 27, 2005 @05:48PM (#12062062) Homepage
    backdoor installation option:

    check [ ] to install the FBI backdoor,
    check [ ] to install the EU backdoor,
    check [ ] to install the Mossad backdoor,
    check [ ] to install the Osama backdoor, or

    check [ ] to install self compiled open source VoiP software without backdoors.
  • You can easily run point to point encryption over a VPN (H.323 and SIP over IPSEC tunnels) to encrypt your VOIP communication. One potential concern, however, is that the computationally intensive nature of IPSec processing could add unacceptable latency to IP voice packets, but if you have decent broadband it most likely would not be a problem.

    An alternative would be to use encryption in IAX2, which a man named Mark Spencer is already working on. Running IAX over stunnel would probably be feasible if bo
  • Theres no way they can do this transparently - the obvious method people think of, man-in-the-middle could easily be thwarted if the two callers just read eachother a portion of their key/hash at the start of the call, try man-in-the-middling that! This is only barely viable on proper VoIP services. Things like skype and open source programs as well as encrypted email and IM arn't going to be touchable by them.
  • skype encryption? (Score:4, Insightful)

    by Anonymous Coward on Sunday March 27, 2005 @06:23PM (#12062238)
    Skype CEO Niklas Zennstrom told me last fall that "we do not have any legal obligation to provide any means for interception" in his company's VoIP software. How will you force a company based in Luxembourg to insert backdoors in its software when it has no obligation to do so?


    On an install of Mepis some months ago, I found skype installed and set up. I believed then as I do now that if the Mepis developer or developers were getting any commission or compensation for providing a fully working skype setup by default, then it was a good thing as distro developers need all the support they can get. But some time last year when skype was hitting /. and word of mouth and the skype site hinted or stated that a Linux client was in the works, along with "skype-out", the only concern would be, is the call encrypted end to end? I looked at Vonage's site, and searched their site using their search tool for "encryption" and "security" and came up empty on the subject of encrypting calls. Some time after, Vonage stated they would make it possible for intercepting the calls, as all calls flow through their network at some point. This is the reason I took a closer look at skype.

    One of the problems I continually run into in trusting skype is that the source code is not open. Skype hit upon a winner, and good for them. I'm not expecting them to make source code available so competitors can copy them and then compete. Or so end users may get some advantage by getting the source.

    But when it comes to encryption, encryption products or services live or die by peer review. Other products have been shown to be faulty and insecure after peer review by professionals in the encryption field finding faults in the design or implementation or both. With skype, the only way to verify that their design and implementation of encryption is secure is by permitting other professionals in the encryption field to peer review the design and implementation. This would require their viewing of some or all of the source code for the client or end user app. Otherwise, at no point in time should anyone consider using skype for even normal conversations, since most people include financial or banking details, or other sensitive information while conducting personal telephone calls due to the more likely requirement for physical presence requirements for a telephone tap.

    One of the downsides of telecoms jumping in on the voip bandwagon is that eventually enough people will be using non-secure voip that a threshold will be reached where the courts decide that no one should have a reasonable expectation of privacy during any call, and thus lowering the bar to the level of cordless phones and permissible interception and recording of such calls.

    Skype may have a great service. From what I've read in the recent past about the number of new downloads of the client, Skype has a really great service. But one shouldn't expect any privacy at all, or that Skype can substitute for a land line phone in terms of permissible intercepting (and presence requirements for land lines) unless Skype opens up at least the encryption portion and someone like Zimmerman and others peer review the service and then announce that there is no reason for concern

    I look forward to the time that we have end-to-end encryption just like we have (so far) end to end encryption with SSH, SSL, and similar technologies. I also look forward to seeing a report on Skype by Zimmerman and other peer reviewers. Until then, "trust us" is not enough for me, although Skype may be the service that escapes regulation and paves the way for future secure conversations. And if that happens, thanks Skype.
  • by Jackie_Chan_Fan ( 730745 ) on Sunday March 27, 2005 @06:24PM (#12062244)
    If there is a backdoor in VOIP, what is to stop vonage employees from listening in and recording conversations for their own shits and giggles?

    How long before some 14 year old genius hacker discovers the VOIP backdoors and exploits and records converstations and posts them on the net to make a point?

    There is a reason why network security exists... Its not perfect... but without it... we're in a world of shit.

    And now our government wants us to install backdoors in everthing we use on the net? So much for security.

  • Why is it that that the government always wants a magic back door into any digital communication method ? the crypto horse left the barn ten years ago and has had three generations of kids now. It's a little late.
  • Police State (Score:4, Insightful)

    by PingXao ( 153057 ) on Sunday March 27, 2005 @06:40PM (#12062337)
    When every advance in technology carries a government-imposed requirement that the police must not be hampered in any way, that is what you call a police state. The police - law enforcement agencies - have enough power already to do their jobs effectively.
  • by jonwil ( 467024 ) on Sunday March 27, 2005 @07:05PM (#12062487)
    As long as the requirements for getting a tap warrent or whatever are just as strict as they are for PSTN, this isnt a problem.

    For the techincal side (given that the providers being targeted under this law all have central servers somewhere one would assume), all they need is to plug a big storage device into their network and set things up to dump the audio stream for the phonecalls they are allowed to tap as it passes through the network (either still compressed with whatever compression the phones use or totally uncompressed). Then, provide whatever piece of software is needed to uncompress and listen to the phone calls and thats all the FBI needs.
  • by sulli ( 195030 ) * on Sunday March 27, 2005 @09:05PM (#12062988) Journal
    Since obviously we can't use Vonage or equivalent privately.
  • US Bill of Rights [archives.gov]

    [ Amendment IV ]
    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    Want to read my stuff? Go ahead and crack it - no warrant necessary.

    Get the rabbit installed on a machine behind your firewall
    ==> http://freenet.sourceforge.net/ [sourceforge.net]
    Faster than freenet
    ==> http://www.i2p.net/ [i2p.net]
    Encrypt Jabber
    ==> http://www.vanemery.com/Linux/Jabber/jabberd.html [vanemery.com]
    Onion Routing
    ==> http://tor.eff.org/ [eff.org]
    Emerging Network To Reduce Orwellian Potency Yield
    ==> http://entropy.stop1984.com/ [stop1984.com]
    Free Internet telephony
    ==> http://skype.com/ [skype.com]
    GNU-ified P2p
    ==> http://www.gnu.org/software/gnunet/ [gnu.org]


    DO NOT DENY yourself about 2 hours @ InfoAnarchy.org [infoanarchy.org]
    OMG! ==> http://www.infoanarchy.org/wiki/index.php/Main_Pag e [infoanarchy.org]

    LearnLearnLearnLearn ==> http://en.wikipedia.org/wiki/Cryptography [wikipedia.org]

    =================EMAIL ENCRYPTION===============
    GPG (Free PGP)
    ==> http://gnupg.org/ [gnupg.org]
    Integrated with Thunderbird
    ==> http://enigmail.mozdev.org/ [mozdev.org]
    Mutt can't be beat as a mailreader and integrates GPG wonderfully.
    ==> http://mutt.blackfish.org.uk/ [blackfish.org.uk]
    ==> http://www.mutt.org/links.html [mutt.org]
    ==> http://wiki.mutt.org/index.cgi?UserPages [mutt.org]

    !!! Please do not immediately send newly created keys to the keyservers (as many HOWTOs instruct new users to). They are already overflowing with "test keys" and other people's experiments from over the years THAT HAVE NO EXPIRATION and will never be deleted. These keys are "orphans" and most will never be used. As keyservers sync together, and most keys are never deleted once submitted - GET YOUR KEY SETUP CORRECTLY AND HAVE PRACTICE WITH IT BEFORE SENDING IT OFF TO THE KEYSERVERS!!! Otherwise storage requirements will continue to grow and using these in the future will become more difficult FOR ALL. Please, if you are just starting out with PGP or GPG or GnuPG or anything similar (the last two are in fact the same thing) use manual key distribution to begin (ascii armor your public key with

    $ gpg --export --armor my@email.address.org

    and copy and paste it into an email body or attach it to an email

    $ gpg --export --armor my@email.address.org > myPubKey.txt

    to gain practice with GPG before uploading your key. This way if you need to create another you won't have uploaded your mistakes. Many choices need to be made and it's worth getting things right before "going public" with your new digital ID. Experiment with yourself and a few different email accounts or with some friends first.)

    SET AN EXPIRATION OF 2-5 YEARS OR SO AND MAKE SURE YOU HAVE YOUR PREFERENCES THE WAY YOU LIKE THEM BEFORE SENDING TO A KEYSERVER! Better yet is to HOST YOUR KEY ON YOUR WEBSITE (or try using http://biglumber.com/ [biglumber.com] instead to host your key and help c

  • Search Me (Score:3, Insightful)

    by Doc Ruby ( 173196 ) on Sunday March 27, 2005 @10:31PM (#12063466) Homepage Journal
    If I install encryption in Asterisk in my home, and get VoIP dialtone from, say, iConnectHere, am *I* required to give the keys to a backdoor to the FBI? If I resell encrypted VoIP dialtone from my Asterisk server to Americans with VoIP terminals, am I then required to open the backdoor? If I run my server offshore, how can they stop me? Won't this regulation have the effect of any national anticrypto law: driving the crypto out of the jurisdiction, but not its effects?
  • by ajs318 ( 655362 ) <.sd_resp2. .at. .earthshod.co.uk.> on Monday March 28, 2005 @08:32AM (#12065286)
    We need secure VoIP!

    SIP telephony is similar to HTTP. It's ordinarily unencrypted. But it can be tunnelled through any secure connection. Since there are open-source SIP clients in existence, it ought to be trivial to create a secure SIP using openSSL or some other cryptography library. It also ought to be possible to create a similar secure version of the IAX protocol {Inter-Asterisk eXchange} for when you have hardware SIP phones: use SIP from phone to PC running Asterisk, and S-IAX to the next link in the chain.

    Depending upon the protocol, you would either use permanent public and private key pairs per person, or temporary session keys. Exchange of used session keys would give plausible deniability {since nobody can prove your correspondent didn't have the encrypting key when you sent them the message; so it might be total bollocks that they made up for reasons that don't concern you}.

    Besides getting around Big Brother and the surveillance state, this sort of thing will also be useful in jurisdictions where governments are trying to ban VOIP altogether.

Technology is dominated by those who manage what they do not understand.

Working...