Law Enforcement Targets Online Communication 300
jesup writes "The FCC ruled yesterday that the CALEA applies both to broadband suppliers and to all calls made via VoIP providers. If they have any connection to the PSTN, it applies whether the call in question is IP-to-IP or not. Separately, all broadband suppliers will have to implement CALEA, which means providing access to law enforcement for trap-and-trace on all traffic on broadband connections. In related news, the FCC has also released a policy document that states that 'consumers are entitled to run applications and use services of their choice, subject to the needs of law enforcement.' In theory, under this they could require wiretaps on in-game chat, or key-logging in file encryption programs."
your rights (Score:3, Funny)
Re:your rights (Score:5, Funny)
Re:your rights (Score:2)
Re:your rights (Score:2)
Nothing to fear (Score:2)
Except your mom finding all your pr0n. And your boss finding out you supported Kerry instead of Bush, getting worried, and not sending you to conferences [slashdot.org]. And the FBI finding out you support Amnesty International - bet you didn't know they're almost a terrorist organization, did you?
--LWM
Re:your rights (Score:3, Insightful)
Re:your rights (Score:4, Informative)
You're correct that CALEA doesn't *authorize* wiretaps - but it does require that providers make calls easily tappable (when they might otherwise be slow, hard or impossible to tap).
And as it applies to VoIP providers, it requires they set things up to allow tapping calls that previously weren't covered (IP-to-IP calls), if the service offers _any_ sort of connection to the PSTN, even through a 3rd party.
TFA has all the footnotes justifying this expansion of powers... Basically if the data goes through a switch or router on a public network, they're covered.
Re:your rights (Score:2)
welcome to (Score:4, Insightful)
Re:welcome to (Score:5, Insightful)
--
Use your bluetooth phone as a modem for Linux [arpx.net]
Re:welcome to-BarkaLand. (Score:2)
Right... (Score:5, Insightful)
Re:Right... (Score:5, Insightful)
Yes sir! We will comply with your "family first" and "anti-terrorism" chat room rools even though they violate our First Amendment rights! Tb shpx lbhefrys lbh snfpvfg cvtf! Oh sorry, my fingers were on the wrong keys. Yes, "USA! USA! USA! Down with terrorists and porno!"
Jura gur shpx ner jr tbvat gb fgnaq hc gb gur snfpvfg shpxref naq svanyyl gryy gurz gb trg shpxrq? Sorry, the keys are slippery.
Re:Right... (Score:3, Funny)
Re:Right... (Score:4, Informative)
For those too lazy to do rot13... (Score:3, Funny)
Lrf fve! Jr jvyy pbzcyl jvgu lbhe "snzvyl svefg" naq "nagv-greebevfz" pung ebbz ebbyf rira gubhtu gurl ivbyngr bhe Svefg Nzraqzrag evtugf! Go fuck yourself you fascist pigs! Bu fbeel, zl svatref jrer ba gur jebat xrlf. Lrf, "HFN! HFN! HFN! Qbja jvgu greebevfgf naq cbeab!"
When the fuck are we going to stand up to the fascist fuckers and finally tell them to get fucked? Fbeel, gur xrlf ner fyvccrel.
Re:For those too lazy to do rot13... (Score:2)
Thanks for the laugh, that was a good one.
Re:For those too lazy to do rot13... (Score:2)
No right clicks and decoders.
Just 1 line on my
alias rot13="tr A-Za-z N-ZA-Mn-za-m"
Re:Right... (Score:4, Funny)
And you're not alone.
The following organizations have proudly joined the fight for freedom:
MAtrOx, microsoST, ALexa, INTerpol, Avanti, LIBerAty alliNnce, HUeS aircraft, Sara lEe, INgsoc
Who else will join The Fight?
Re:Right... (Score:2)
Re:Right... (Score:2)
Re:Right... (Score:2)
As to the VoIP I would assume a wiretap order would be required.
-nB
Re:Right... (Score:3, Interesting)
No.
Won't they need to get a court order to wire tap even with VoIP?
Yes and no. Mostly no, these days. They need a warrant, but they can get them after the fact, and from secret courts.
And how would that work in a chat room where lots of good citizens are talking?
If it's like interception of email, they're supposed to just ignore what anyone says unless they're talking to the person being tapped. I leave it up to your imagination just how ti
Gahrewjhrjkhare (Score:5, Insightful)
Goddamnit, I swear, the last few decades in America have been more like an Orwell book than the books themselves.
I'm moving up to Canada, the worst they have there is stray polar bears. Who's coming with me?
Re:Gahrewjhrjkhare (Score:5, Funny)
Re:Gahrewjhrjkhare (Score:2)
Re: Your sig (Score:2)
Re:Gahrewjhrjkhare (Score:2)
Re:Gahrewjhrjkhare (Score:2)
Re:Gahrewjhrjkhare (Score:2, Informative)
Reasons to go black market IT (Score:5, Insightful)
These laws are a waste of money. A VoIP stream can easily be hidden in a Quake3 online stream played between bots. There's too much information changing hands.
And who the hell are they trying to catch? Drug dealers? Terrorists? Enforcement of either set of laws only creates more people filling in the shoes of those caught.
We're not making a dent in any non-violent crime, why throw more money at a non-problem?
Re:Reasons to go black market IT (Score:5, Insightful)
I know your question is partly rhetorical. But it's such a good one, I'll answer.
Social control.
The people in power today are anxious to return to the J Edgar Hoover days of federal "law" "enforcement," when federal agents could be employed as a goon squad for servicing the needs of the dominant political and economic interests backing the government.
To make this good, they need eliminate oversight (such as judicial review), and expand their powers (limiting civil and human rights). As far as I can see, this has basically been the sole law enforcement agenda of both Bush and Clinton - the only difference was the intensity with which they pursued it.
Re:Reasons to go black market IT (Score:4, Interesting)
Re:Reasons to go black market IT (Score:3, Interesting)
I agree. If you really want to hide your communications, just roll your own communications programs and/or roll your own encryption. Although you might not create the strongest encryption scheme for the "law enforcement" folks to spy on you they have to federally funded script kiddies. I'm sure they have scripts to crack main stream encryptions. If you were one of "them" wouldn't you just go after the low hanging fruit first?
It's kinda like the car alarm theory, your alarm doesn't have to prevent th
Re:Reasons to go black market IT (Score:2)
Watch a COPS TV show lately, perchance? Sure, there are some criminals who are smart and intelligent enough to CYA. But most seem to be really really stupid, and have the means to avoid prosecution in any number of ways, but still manage to get themselves caught.
Even more or less simple computer-wipe killswitches wouldn't be difficult if a tiny bit of forethought went into criminal malfesence, but 99% of the population isn't anywhere near technically savy enough.
Re:Reasons to go black market IT (Score:2)
You might have good security practices, a well-implemented firewall, security policy, and backup practices, so you're worried about the roving gangs with big guns. But the sheriff is most worried about the little lady walking out of the saloon getting her purse stolen, and that's okay.
Re:Reasons to go black market IT (Score:2, Insightful)
Since the laws won't do anything about intelligent criminals, and the dumb ones aren't a big threat, I think the real target of the laws is otherwise-law-abiding civilians.
Why? (Score:2)
Re:Reasons to go black market IT (Score:2, Interesting)
Assume a 20k/s VoiP stream. A CD could be used as a OTP for about 9 hours,.
Set up a secure generation site somewhere, make a dozen CD-RWs, run them to computers all over a city.
Each diskless computer boots off the CD using a custom Linux distro that takes up maybe 50 megs, and the rest is encrypted data. It boots up, sucks
Cockroach Response (Score:5, Interesting)
In truth, if we're talking about a war for the freedom of information, then Slashdotters collectively are the best possible warriors to prosecute that fight. In the rest of your life, you may have felt powerless--physically intimidated or socially out-classed. But in this realm you are the gods of the age. You must do something.
There are myriad offline groups out there that are fighting their guts out against this sort of thing. You can help them. They all need I.T. systems that help them organize, raise money, and fight. You can sign up to code a system that will enable them to do so. You can give money from your above-average I.T. salary to support their efforts. Or you can get creative and blow everyone away. You can do so much, which is for you relatively little, and you will make an enormous difference.
Still not sure what to do or where to channel your energies? Send me a message via Slashdot and I will be happy to give you some leads. For one, I started a grassroots political group in NY that has won several elections but still needs help with its website and volunteer organization system. We could use your help. Drop me a line and let's do something.
Re:Reasons to go black market IT (Score:3, Insightful)
You may have a problem when they make it illegal and make you choose between 50 years in jail or not doing it.
encryption is legal, and can be wiretapped. (Score:3, Informative)
This won't be a problem. All it means is they have to go to my clients when they want a wiretap. The hook will be in all my code to do the wiretap, but you can't do it at the phone company because all you get is a stream of unintelligible bytes.
Freedom of speech, as long as the cops OK it (Score:4, Insightful)
Re:Freedom of speech, as long as the cops OK it (Score:3, Informative)
My internet sex life is ruined! (Score:2, Funny)
Secure Lines (Score:3, Interesting)
Re:Secure Lines (Score:3, Interesting)
Why, as soon as the VOIP provider embeds CALEA support in the client applet that it sends to your phone, sir!
> It's not architecturally necessary, but I'd like that kind of encapsulated/authenticated voip client. End-to-end encryption of every call.
What you propose isn't architecturally necessary. But neither is it architecturally sufficient.
Unless you're proposing to...
a) write yo
Re:Secure Lines (Score:2)
Re:Secure Lines (Score:2)
It's been a long time. Thanks for the memories. That'll give me something to do while waiting for... wait a sec...
Ah, much better. That'll be a great way to pass the time waiting for the next bit of Paranoia XP [costik.com], and between turns of Paranoia Live [paranoia-live.net]. (I'm happy! Are you happy?)
Military Misuse (Score:5, Interesting)
Who watches the watchers?
IM programs aren't that hard to write, if someone really wants to avoid John Law they could just write a proprietary program with a proprietary encryption protocol. Is that technically illegal?
Every time I read a story like this, I am reminded of that video on the 'net somewhere (too lazy to look for it) of military personnel using military equipment to watch a couple make out in a car.
Re:Military Misuse (Score:2)
Damn MSCE dropouts! (Score:2, Interesting)
Re:Military Misuse (Score:4, Funny)
"06 - 26"
"This is 06."
"Uh, we've got activity out here but I don't think we really need to report it"
"What do you see?"
"Ah, appears to be fornication in a converitble"
(laughter)
"Do a target score, and I'll be there in a second"
(laughter)
"Ah, we're taping it."
"White Hawk 26 - Alpha 1 1 Uniform"
"Ah, this is 26"
"Roger, I'm gonna need that tape from you, and an additional..."
"Roger, we'll make copies for everyone."
Our tax dollars hard at work.
Re:Military Misuse (Score:2)
Or just use good-old talk encapsulated with OpenSSL.
And for file transfers, there's always scp or https (with client certificates).
I'm sure someone could rig something up really quick to do point to point audio wrapped in TLS (via OpenSSL). Or just set up a VPN between firewalls and use Netmeeting, OpenPhone, or GnomePhone.
I'd bet someone already has.
Re:Military Misuse (Score:2)
Not necessarily applicable to non-telecom uses (Score:5, Informative)
A House of Representatives committee report prepared in October 1994 emphatically says CALEA's requirements "do not apply to information services such as electronic-mail services; or online services such as CompuServe, Prodigy, America Online or Mead Data (Central); or to Internet service providers."
So it sounds like this will only apply to VOIP, not to email, chat-rooms, and so on, as the /. summary states.
Yup (Score:2)
Re:Not necessarily applicable to non-telecom uses (Score:2)
Re:Not necessarily applicable to non-telecom uses (Score:5, Informative)
However, if you read the 59-page PDF [fcc.gov] of the CALEA ruling, you'll see CALEA applies to broadband operators in general. You're correct that it doesn't apply to email services - so hotmail doesn't have to deal with CALEA, but your ISP does.
Also, they state on page 20 that CALEA doesn't apply to the storage of email at your ISP. This is true. However, they state CALEA does apply to the "switching and transmission" component of the ISP's service. So they can't ask for a copy of your stored email - but they CAN ask to tap all the traffic to and from your PC.
Re:Not necessarily applicable to non-telecom uses (Score:2)
So they can't ask for a copy of your stored email - but they CAN ask to tap all the traffic to and from your PC.
I connect to gmail using https. There goes the usefulness of that.
Re:Not necessarily applicable to non-telecom uses (Score:2)
Re:Not necessarily applicable to non-telecom uses (Score:2)
I just wonder one thing... (Score:5, Insightful)
Will the coup be bloody?
Re:I just wonder one thing... (Score:5, Insightful)
Re:I just wonder one thing... (Score:3, Insightful)
It's a sad state of affairs in our government here. If these intrusions keep up at this rate the fabled 'joe six pack' will most certainly come to notice. Be it through known monitoring of his IM sessions, the tracking of his grocery purchases with his 'x saver' card, the easy availability of his cell-phone and SMS contents, the broadcast flag on his football games or the RFID in his walmart purchased jockey shorts.
Re:I just wonder one thing... (Score:2)
In Soviet Russia... (Score:5, Funny)
<NELSON>HAH HAH!</NELSON>
wiretaps (Score:3, Insightful)
Re:wiretaps (Score:2)
Re:wiretaps (Score:2)
-nB
Re:wiretaps (Score:2)
*flips madly through his codebook*
Let's see... The Norwegians are attacking via kayak?
No, wait, it's a Wednesday... The pork at the department picnic is undercooked, try the potato salad instead?
Oops, odd numbered year... Um... Oh my God! Purple doggies are tracing CIA operative Park Wilmington! Those damn purple dogs; I thought we took care of them in Guatemala! I never should have trusted the operative who said he was sure the one that fell over the cliff was dead
Needs of Law Enforcement (Score:5, Insightful)
Which, translated into English, means: "if you want to use service X, but Law Enforcement can't tap service X, then you no longer are entitled to use X". For "X" substitute whatever service you like. Wonderful.
Re:Needs of Law Enforcement (Score:2)
Maybe if we all started our own VoIP provider and called to make sure it's okay, they'd get the point...
Re:Needs of Law Enforcement (Score:3, Interesting)
What I want to know is this: what authority does the FCC have to dictate what apps I use on a privately owned network?
What about DIY PBXs? (Score:5, Insightful)
Re:What about DIY PBXs? (Score:2)
Re:What about DIY PBXs? (Score:2)
Re:What about DIY PBXs? (Score:2)
so dump the PSTN (Score:2)
Piss 'em off! (Score:3, Interesting)
This wouldn't be too difficult to do--you could print normal-looking business cards with a short key printed on the back in UV-reactive ink. (That's invisible ink to those of you in Rio Linda.)
As for meeting the people you need to give pads to, need I remind you that this is Slashdot? I'll see most of you at the next big scifi/anime/gaming/tentacle porn convention.
Imagine the possibilities (Score:5, Funny)
Re:Imagine the possibilities (Score:2)
We of the EU (Score:3, Interesting)
What with these new Spiffy morality and Communications laws
I would like to thank your politicians from the bottom of my heart for my recent pay rise .
Though i do feel sympathy for the thousands of unemployed they are attempting to create in their efforts to secure the votes
This is damned creepy (Score:5, Insightful)
The FCC appears to truly believe that they have been granted power to regulate Internet usage as they see fit.
It's not just the wording, it's the mentality. Everything about the document suggests that the FCC is the source from which the right to use the Internet flows. AND that the *consumer* is ultimately responsible for anything "illegal" that is on his computer. Even if it's just a matter of unknowningly using a VoIP protocol that doesn't allow tapping.
There's no other way to read it, and furthermore, it's the only "logical" (in terms of the logic of empire) way of dealing with the situation. Since they can never regulate the internet COMPANIES - who will all swiftly relocate to another country - they will have to regulate the PEOPLE to make sure their laws are followed. And they have to do that since, of course, laws passed must be enforced.
This is, as they say, doubleplus ungood.
Re:This is damned creepy (Score:3, Funny)
Re:This is damned creepy (Score:2)
One saving grace... (Score:2)
That is, as we saw with the broadcast flag, the courts can put the smackdown on the FCC when it gets out of bounds.
"They have made their decision... (Score:5, Interesting)
Or in other words, how the hell does the FCC even have the power to enact this rule? The FCC of course has the ability to set standards for telephones; if someone wishes to patch a computer program into the "normal" phone network, then of course it's reasonable that those calls follow the same regulations as any other phone provider. But what they're talking about now sounds way, way outside the scope of anything the FCC was ever empowered or intended to regulate. It reminds me of when the FCC demanded copy control chips be put into every TV and video card, until some months later, just before the deadline for the regulations to begin, the courts, in response to inquiry by the EFF, pointed out that, no, the FCC doesn't have the right or power to demand such things.
Has anyone spoken to the EFF or ACLU about possibly challenging this new ruling in court?
Attack on Privacy (Score:5, Insightful)
It's not because they wouldn't like to, it's just too much hassle to do it. Even if they did try to do it, the public would be outraged, yet far less noise is being made just because the medium is electronic rather than paper. Computers make it possible to snoop on people cheaply and that is the problem. As technology progresses, more and more snooping abilities will become economical.
They would like you to believe that this is to thwart terrorists, but terrorists will of course use the strongest encryption and will not play by the rules. I believe the general public are the real target here. If you suspect a certain person is a terrorist, there are already many ways you can put them under surveillance. You can install keyloggers on their computer, bug them, bounce lasers of windows etc etc. If you don't know who the terrorists are you have to perform mass surveillance of eveyones mail looking for keywords. The problem is that terrorists won't say "Meet me by the Bank of America with the Semtex" they will say something like "See you at the pub on Wednesday. Bring that new playstation game.".
Recent freedom of information releases in the UK (my country) have shown that the police have in the past infiltrated groups such as the anti-apartheid movement and other legitimate and non-threatening political groups. That's the sort of behaviour I expect in Uzbekistan not the UK. We must also not forget Echlon [wikipedia.org], which has been used to spy on European businesses. Our governments have shown that they cannot be trusted time and time again. We must not allow them to use the fear of terrorism to rob us of our rights and privacy.
Anyway. I have a counter proposal. We now know that politicians are making important decisions in face to face meetings so that there are no electronic records. I propose that all politicians be required to wear head mounted video cameras that record everything they say and do. The tapes must be handed in and stored in the event of any enquiry. We can explain that we have to do this because of the terrible threat of CORRUPTION. Anyone in the government could be involved in CORRUPTION and innocent politicians will have nothing to fear in these new measures. We have to balance the need for government secrecy with the important fight against CORRUPTION. We cannot allow CORRUPTION to win.
Re:Attack on Privacy (Score:2, Insightful)
I have to stop now. Nurse is coming to take my crayons away.
This is what happens.... (Score:2)
Guess what - Vonage already complies (Score:5, Informative)
A few weeks ago while on vacation I bought a Linksys wrtp54g router from Radio Shack. It is touted as a two line VoIP router that is compatible with vonage. It seemed like what I needed at the time, a g capable wireless router that wouldn't crash like my old netgear.
I set it up - and it's been running quite well for a month now. I noticed though, that I could SSH to it. What was curious was the fact that i couldn't login. I used the "administrative" login, but it didn't work. I also tried the other default passwords - with no luck. This made me wonder who infact had the password and could login to the router. I wasn't too worried about it. Until today.
I've been trying to get inbound PPTP VPN working, and it hangs at "Verfiying Username and Password..." only to return error 721. Indeed it would seem that inbound GRE forwarding doesn't work. So I thought to myself, I'll just get a firmware update and everything will be happy. The question was "Where is the firmware?". It's not on linksys's site. I come to find that Vonage controls the firmware for this router. I've also found that it's not easy to get through proper channels. Also, it seems to not flash when the router is not in a "provisioned" state.
This is where things get really interesting. It would seem that Vonage has complete control over the router. There are a number of default passwords that can be accessed, but not changed through the various interfaces. It would also seem that there is a bit of "phoning home" going on. Some of the firmware versions have automatic update installed allowing them to download the latest version via TFTP.
Now that's an interesting topic. From my reading, the updates are not encrypted nor are they transmitted over a secure connection. There seems to be no verification of the contents of the firmware file. Let's go out on a limb for a moment and say that the update server is compromised and a compromised update is placed on the server. The update is then automatically, with no verification or intervention, downloaded and installed on all of the vonage routers that have been provisioned.
The result: *PWND*. Every last router.
This is terrible. Not only is it terrible, there is absolutely nothing on the box, or in the literature that says that this router is programatically connected to Vonage. There is absolutely no warning that there is even a *chance* that Vonage, could for example install various utilities or wares on your router at their discretion.
This device should not be sold in stores. It should be shipped by Vonage to end customers who agree and ackknowledge that they are giving up control of what goes in and out of their network.
Now it's time to do something about it.
Corporate Interests Meddling in OSS (Score:5, Insightful)
I'm beginning to think that I should hoard source code like never before...
Suddenly, that 15-CD debian distro looks better and better, provided the source code is provided.
RMS may sound like a crackpot to our facist overlords^W^Wcorporate lobby, but he's right on the money - if the source code to a program can be controlled (by hardware, software, or firmware, no difference) then you really don't have any freedom as to what you can do. And that kind of freedom scares some people, but not for the reasons that are presented in the nightly news; you have to remember, never in human history have you had a world-wide connected information network that spanned cultures, beliefs, and challenged the status quo in every case. What we are seeing is the slow relentless progress of those entities - governments, transnational corporations, and hyper-wealthy private interests - to "dumb down" or take away from that potential. If people woke up one day and realized that they didn't have to work for someone else to provide for themselves, well, they jig would be up and the few in privledge would find themselves fighting to maintain control, as they always have through the ages. This isn't about political spectrums such as right vs left, democracy vs communism; this is about power, and the maintenance of power. Money, which years ago used to actually have a value of some sort, has degenerated into just another form of power. In this case, CALEA is power applied for both the telcos (who suddenly are felling the heat from VoIP) and government interests (in this case, the existing regime^W administration wants to extend its powerbase).
(Yawn) enough ranting for today, go outside and play...
Re:Just a test - I think SlashDOt let me do someth (Score:2)
Re:An Antidiuvean Slashdotter speaks.. (Score:2)
I believe you're looking for Antediluvian, though you obviously know what it means (Before the Flood for anybody else too lazy to pull up a dictionary).
It's easy to mix up ante, the latin word for "before" and anti, the Greek word for opposite. English has enough spelling inconsistencies that, seeing a word start with Ante-, it is a perfectly reasonable assumption to think that it might be just a strange special case. God knows I did before I took Latin 1. It should be a requirement for anybody whose fiel
Re:An Antidiluvean Slashdotter speaks... (Score:2)
And the reason we still use phones is for that nice little 5+ 9s of reliability that cutesy VoIP is still reaching for. I also won't loose my call center to the latest worm outbreak.
The real question is... (Score:2)
Re:Umm.... TFH? (Score:3, Insightful)
Wait until a friend of yours is coerced in submitting your name as a suspected terrorist. Recall the McCarthy era and heed your warning. Apathy towards civil rights is terrible, and it's a problem you'll find when it affects you.
Again, recall the McCarthy era [wikipedia.org]
Re:Umm.... TFH? (Score:4, Insightful)
Re:the law and mathematics (Score:3, Insightful)
problem is that the government has the legal authority and power to do just that. Government has a legal monopoly on violence and the non defensive use of force which they are supposed to use with a lot more discretion than this ruling shows. This is no different than if the FCC said they had a right to post an agent in my home who would look over my shoulder as I typed 'just in case' I am suspec