Forgot your password?
typodupeerror
Privacy United States Your Rights Online

Feds Want to Tap VoIP 489

Posted by michael
from the can-i-hear-you-now dept.
An anonymous reader writes "From the Globe and Mail: The FBI and the U.S. Justice Department have renewed their efforts to wiretap voice conversations carried across the Internet. Federal and local police rely heavily on wiretaps. In 2002, the most recent year for which information is available, police intercepted nearly 2,200,000 conversations with court approval, according to the Administrative Office of the U.S. Courts. Wiretaps for that year cost taxpayers $69.5 million, and approximately 80 per cent were related to drug investigations."
This discussion has been archived. No new comments can be posted.

Feds Want to Tap VoIP

Comments Filter:
  • Bound to happen... (Score:4, Insightful)

    by soapbox (695743) on Friday January 09, 2004 @09:59PM (#7935031)
    Well, because there are some legitimate reasons to tap communications of any sort (as in, got a judge to OK it), I figure that it was bound to happen at some point. Though it still creeps me out and makes me eagerly anticipate a nice encrypted VoIP client...
    • by RevAaron (125240) <revaaronNO@SPAMhotmail.com> on Saturday January 10, 2004 @12:13AM (#7935689) Homepage
      Got a judge to OK it? Not really needed anymore, with the PATRIOT and PATRIOT II acts.

      They snuck the second PATRIOT act when they caught Hussein. [freeinternetpress.com] Sneaky, that. Who needs a judge for phone taps, financial records, etc? Maybe in Canada!
    • what warrants? (Score:5, Informative)

      by gad_zuki! (70830) on Saturday January 10, 2004 @01:01AM (#7935874)
      >as in, got a judge to OK it

      Its not 2000 anymore. Thanks to both Patriot acts (didnt you know the second one was passed in a spending bill?) judicial oversight is mostly a thing of the past. The constitutional protections we took for granted are gone. I don't know why John Ashcroft has such a problem with judicial oversight, but he does and Congress and the Executive branch not SCOTUS (as far as I can tell) don't seem to care much.

      This is a very different America than just a couple years ago and we've already seen abuses with the Patriot act being used in non-terror cases like drug trafficking. This just opens up the door to more COINTELPRO and other FBI abuses.

      Encryption is more important now than ever. Maybe when the post-911 hysteria and power grabs are over we can have faith in an iota in due process but right now "trusting your government" is the worst thing you can do. Worse, all justifications for recording communication can apply to all communication. If you agree with this, why not put little mics on every person in the country?

      Not to mention, last I checked PGPfone is a free download and easy to use. If criminals wanted to speak freely they could use that with impunity.
  • by corebreech (469871) on Friday January 09, 2004 @10:00PM (#7935040) Journal
    Nautlius is VoIP that uses Blowfish as the cipher.

    Here's the home page. [berlios.de] Get the software here. [berlios.de] It hasn't been updated in awhile, but maybe now there's more of an incentive to do so.
  • by Unominous Coward (651680) on Friday January 09, 2004 @10:01PM (#7935044)
    1) Good luck identifying VoIP traffic

    2) Good luck decrypting it

    That is all.
    • by Wesley Felter (138342) <wesley@felter.org> on Friday January 09, 2004 @10:10PM (#7935089) Homepage
      The whole point of the article is that the FBI does not want to actually do the tapping. They want Vonage, Packet8, etc. to do the tapping for them.

      If you're using IP-to-IP VoIP instead, the FBI will just use Carnivore.

      If you're using crypto, the FBI will just break into your house/office and backdoor your computer.
  • What happens if... (Score:4, Insightful)

    by phr1 (211689) on Friday January 09, 2004 @10:01PM (#7935046)
    you buy a couple of those Cisco ATA186 VOIP phone adapters (POTS phone jack on one side, ethernet on the other, about $150 each) and route its IP side through your favorite IPSEC VPN box (Netgear makes one for about $150)? Don't you get an untappable phone? Feds would have to ban routing voice traffic through a VPN in order to stop that.
  • 2,200,000? (Score:4, Interesting)

    by John Seminal (698722) on Friday January 09, 2004 @10:02PM (#7935047) Journal
    Wow, that is alot of conversations Uncle Sam was listening in on. What I would find to be more interesting is how many arrests were made from those 2,200,000 wiretaps.

    Can VoIP be encrypted in such a way that even if it is intercepted, it is useless? What is to stop someone from writing code that does that? Or will the NSA get involved?

    • Re:2,200,000? (Score:4, Interesting)

      by swb (14022) on Friday January 09, 2004 @10:05PM (#7935068)
      Those are the ones that are above board. There was a time when the NSA could tap virtually any conversation they wanted, as they had intercepts between almost all microwave relays. Read "The Puzzle Palace" and be prepared for some interesting stuff.

    • Mid-stream they would need to know your encryption key. However it is un-encrypted inside the building on each end so that would be a point to easily tap.
    • Re:2,200,000? (Score:4, Interesting)

      by cyt0plas (629631) * on Friday January 09, 2004 @10:14PM (#7935119) Journal
      This is the very nature of cryptography, and the reason for the "Sneak and Peak" provisions of the Patriot Act.

      When you roll out the unbreakable crypto (easy - although 1024 _may_ be crackable, 2048 is _not_ - at least yet), they wait for you to leave, break into you location, and install keyloggers, take encryption keys, add backdoors, etc. until they don't need to break your crypto.
      • If you set it up right the key changes at set intervals and even the admin doesn't know what it is.
    • Re:2,200,000? (Score:3, Interesting)

      by pvt_medic (715692)
      they got 2,200,000 conversations so that very well could have been listening in for a long time on one person. But I would like to know the wiretap to arrest ratio.

      VoIP can easily be encrypted.

      The real question is as people more and more get high speed internet access people could easily create their own VoIP set up. One that allows people to directly connect with another computer and talk with the user there. Now granted they already have this, but people add their own encryption scheme, and b
  • by Wesley Felter (138342) <wesley@felter.org> on Friday January 09, 2004 @10:02PM (#7935051) Homepage
    I just want to point out that the FBI can currently tap VoIP calls either at the customer side using Carnivore or at the provider's PSTN trunks thanks to CALEA. Really all they're asking for is an easier way to do it.
  • by jrockway (229604) <jon-nospam@jrock.us> on Friday January 09, 2004 @10:03PM (#7935052) Homepage Journal
    That's why I'll continue to encrypt all important (and unimportant!) conversations. For email I always use GPG (regardless of how important the message is). For VoIP, if I ever use it, I'll be sure to send the voice data through encrypted channels. Frankly, there's no excuse for not encrypting everything. Let them make laws; beat them with the tech.

    And when they outlaw the tech, remember that you can learn how to write encryption software yourself. See Ciphersaber [gurus.com]. There you'll learn to write your very own crypto code, and you'll remember how to do it again. I did it a few months ago and could still code something decent up :)

    So don't worry about this. Just encrypt, and when encryption becomes illegal send lots of random data (netcat /dev/urandom) to your friends :) That will never be illegal, and encrypted data is the same as random data without the key!
    • by jmv (93421)
      Seriously, I'm the author of Speex (the speech codec) and I'd be willing to help if someone wanted to design an open-source library to encrypt VoIP packets. This is a project I can't do only by myself because I lack the knowledge to use crypto stuff currectly (random stuff, padding, etc).

      I think it would be nice to have such a library so that any VoIP application writer can easily integrate the crypto functionality.
      • Seriously, I'm the author of Speex (the speech codec) and I'd be willing to help if someone wanted to design an open-source library to encrypt VoIP packets.

        I'd suggest linking against a couple of common block ciphers -- perhaps 3DES, AES, and twofish [schneier.com].

        Linking against twofish is trivial -- Niels Ferguson publishes a easy to use free twofish library in portable C. Twofish is unpatented, and the source code is uncopyrighted and license-free; it is free for all uses.

        Another more generic option would

  • by BigHungryJoe (737554) on Friday January 09, 2004 @10:03PM (#7935053) Homepage
    Feds have had the power to get secret warrents from judges from the FISA court since 1978. These judges have never denied American law enforcement a warrant to surveil a conversation.

    So under the secret and unchecked FISA court, their powers are essentially unlimited.

    This just means they are going through the formality of asking permission - if they don't get it, they'll get it through FISA anyway.
  • by Michael Crutcher (631990) on Friday January 09, 2004 @10:03PM (#7935055)
    For those who won't read the article, here's the the most important part:

    "The FCC should ignore pleas about national security and sophisticated criminals because sophisticated parties will use noncompliant VoIP, available open source and offshore," said Jim Harper of Privacilla.org, a privacy advocacy Web site. "CALEA for VoIP will only be good for busting small-time bookies, small-time potheads and other nincompoops."

    Mr. Harper is absolutely correct, anyone with a little bit of sophistication can think of numerous ways around this legislation. Sorry Unlce Sam but the cat's out of the bag and there is no putting it back. Of course this will still be useful at catching small time drug dealers/users, and is another example of the drug war eating away at civil liberties.

  • by Pyro226 (715818) <Pyro226@hotm[ ].com ['ail' in gap]> on Friday January 09, 2004 @10:03PM (#7935058) Journal
    It's personal. It's private. And it's no one's business but yours. You may be planning a political campaign, discussing your taxes, or having a secret romance. Or you may be communicating with a political dissident in a repressive country. Whatever it is, you don't want your private electronic mail (email) or confidential documents read by anyone else. There's nothing wrong with asserting your privacy. Privacy is as apple-pie as the Constitution.

    The right to privacy is spread implicitly throughout the Bill of Rights. But when the United States Constitution was framed, the Founding Fathers saw no need to explicitly spell out the right to a private conversation. That would have been silly. Two hundred years ago, all conversations were private. If someone else was within earshot, you could just go out behind the barn and have your conversation there. No one could listen in without your knowledge. The right to a private conversation was a natural right, not just in a philosophical sense, but in a law-of-physics sense, given the technology of the time.

    But with the coming of the information age, starting with the invention of the telephone, all that has changed. Now most of our conversations are conducted electronically. This allows our most intimate conversations to be exposed without our knowledge. Cellular phone calls may be monitored by anyone with a radio. Electronic mail, sent across the Internet, is no more secure than cellular phone calls. Email is rapidly replacing postal mail, becoming the norm for everyone, not the novelty it was in the past.

    Until recently, if the government wanted to violate the privacy of ordinary citizens, they had to expend a certain amount of expense and labor to intercept and steam open and read paper mail. Or they had to listen to and possibly transcribe spoken telephone conversation, at least before automatic voice recognition technology became available. This kind of labor-intensive monitoring was not practical on a large scale. It was only done in important cases when it seemed worthwhile. This is like catching one fish at a time, with a hook and line. Today, email can be routinely and automatically scanned for interesting keywords, on a vast scale, without detection. This is like driftnet fishing. And exponential growth in computer power is making the same thing possible with voice traffic.

    Perhaps you think your email is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? If you hide your mail inside envelopes, does that mean you must be a subversive or a drug dealer, or maybe a paranoid nut? Do law-abiding citizens have any need to encrypt their email?

    What if everyone believed that law-abiding citizens should use postcards for their mail? If a nonconformist tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their email, innocent or not, so that no one drew suspicion by asserting their email privacy with encryption. Think of it as a form of solidarity.

    Senate Bill 266, a 1991 omnibus anticrime bill, had an unsettling measure buried in it. If this non-binding resolution had become real law, it would have forced manufacturers of secure communications equipment to insert special "trap doors" in their products, so that the government could read anyone's encrypted messages. It reads, "It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications se

  • tapping UDP is hard (Score:2, Interesting)

    by Anonymous Coward
    What are they going to do, dump all the datagrams, and how are they going to pick the filter parameters? Given dialup and DHCP dynamic IP assignments, this would be like trying to pipette from a firehose. Even NetMeeting's rendevous protocol is dynamic....

    At least with this fact in play we'll probably see some more decent voip encryption.

  • by El (94934) on Friday January 09, 2004 @10:04PM (#7935060)
    Wouldn't any real criminal run his VoIP through a VPN or some other encrypted tunnel, thus making difficult for the Feds to know that it is a VoIP session, let alone decrypt it and understand it? See, the problem with PCs is that they are general purpose devices that allow you to execute arbitrary algorithms -- or even add proprietary hardware to do hardware encryption. So, other than knowing what IP address a suspect is talking to, what good is the wiretap going to do them?
    • Wouldn't any real criminal run his VoIP through a VPN or some other encrypted tunnel ...

      No. Criminals generally do dumb things and get caught, even the more intelligent ones. They only need to make one mistake. That is law enforcements advantage. Crime can be a pretty unforgiving profession.

      Also, who says the amateurs, less sophisticated, less tech savvy aren't worth catching?
    • Wouldn't any real criminal run his VoIP through a VPN or some other encrypted tunnel, thus making difficult for the Feds to know that it is a VoIP session, let alone decrypt it and understand it?

      Of course, that's how it would work theoretically. However, even the most sophisticated enemies of the US government will occasionally slip-up and create soft openings that can be targeted. For instance, IIRC Nazi and Soviet agents both at some point mistakenly reused their one-time pads (or some such), giving the
  • by forevermore (582201) on Friday January 09, 2004 @10:04PM (#7935064) Homepage
    How do they propose to tap VOIP conversations over private networks? I can understand how federal regulations might get them permission to tap into the networks of the growing VOIP phone providers, but a lot of people (companies, geeks) set up their own internal VOIP networks over IPSEC, secure VLAN's and other such things that would be nearly(?) impossible to detect as VOIP traffic. Not to mention p2p type VOIP clients like those built into the various instant messenging programs that are, well, peer to peer, and don't go through some central server.
  • Hmm... (Score:5, Funny)

    by Loki_1929 (550940) * on Friday January 09, 2004 @10:05PM (#7935066) Journal
    I almost feel like setting up two VoIP lines, using one to call the other, then have a perpetually repeating recording playing over the line with every keyword and phrase they could possibly be looking for interspersed with me screaming "HA HA! GOTCHA! GET BACK TO DOING SOMETHING USEFUL!" .

    Hang on, there's a knock at [Lost comm with host]

  • by Saeed al-Sahaf (665390) on Friday January 09, 2004 @10:07PM (#7935077) Homepage
    I think it is a lost cause to try to stem the abuse of freedom and rights that government snoops are swarming around like coyotes around some road kill. But VoIP should be much easier for the Common Man to encrypt a la PGP (yes, I understand it would be some other software solution...) I know, I know, why should we have to? Well, I imagine just discussion of this issue could get you labeled as providing material benefit to "terrorists."
  • ipsec (Score:3, Interesting)

    by SHEENmaster (581283) <travisNO@SPAMutk.edu> on Friday January 09, 2004 @10:07PM (#7935079) Homepage Journal
    ipsec, ssh tunneling, and VPN configurations can all prevent this with no change to existing code.

    Is anyone else outraged that the feds spent $63 million just wiretapping phones for a black market that they created? 1.) Make a drug black-market. 2.) Spend $63 million wiretapping phone investigating the market. 3.) ??? 4.) profit!
  • Skype (Score:2, Informative)

    by Minkey Brines (584079)
    From www.skype.com:

    Skype is free and simple software that will enable you to make free calls anywhere in the world in minutes. Skype, created by the people who brought you KaZaA uses innovative P2P (peer-to-peer) technology to connect you with other Skype users. If you are tired of paying outrageous fees for telephony, Skype is for you!

    Skype is quick and easy to install. Just download it, register, and within minutes you can plug in your PC headset and call your friends on Skype. Skype calls have excellen
    • Re:Skype (Score:2, Funny)

      by relrelrel (737051)
      ironic, seeing as its probably filled with spyware if its from kazaa, and they'd sell to the highest bidder.
    • Skype is spyware (Score:4, Informative)

      by Anonymous Coward on Friday January 09, 2004 @10:45PM (#7935269)
      taken from their "EULA"

      (c) the skype software is utilized and distributed by third parties
      which are unrelated to skyper. you acknowledge that installation of
      the skype software will allow third parties who are not affiliated
      with skyper the ability to access your computer ("outside parties").
      you agree that skyper will not be liable for any damage, claim or loss
      of any kind whatsoever, including but not limited to indirect,
      incidental, special or consequential damages as stated in paragraph
      9(a) above, resulting from any actions or omissions of the outside
      parties.

      Bottom line: Skype is a backdoor to the machines it is installed on -
      for some undisclosed "third parties", not really what you want to hear when it comes to "secure" software egh

  • by scrod (136965) on Friday January 09, 2004 @10:14PM (#7935116) Homepage
    For the past few weeks Cryptome [cryptome.org] has featured a link to an FBI document [why-war.com] detailing the means by which such surveillance might take place. This is all just additional evidence that those wanting real security must implement (or at least verify) it themselves.
  • 80%?? (Score:5, Insightful)

    by EvilDrew (523879) * on Friday January 09, 2004 @10:17PM (#7935129) Homepage
    "Wiretaps for that year cost taxpayers $69.5 million, and approximately 80 per cent were related to drug investigations."

    This would, of course, be a terrific argument in my mind, to just get over ourselves and find a better way to deal with drugs; i.e. make them legal in such a way so that people can have a good time and not pose too much of a threat to society (such as the laws pertaining to alcohol). 'Course that's just my opinion, I could be wrong.

  • Sure, for a few conversations between buddies, encryption would baffle an individual. However, this is the US government-with tons of money to throw around...they'll find ways around encryption. Usama's satellite phone was "encrypted", but the NSA could crack it easily enough. If it becomes a great enough need, the government would find out how to decrypt it. They wouldn't brute force either. When the British found the Enigma machine, the US and British intelligence services reverse engineered it and t
    • by dsouth (241949) on Friday January 09, 2004 @11:13PM (#7935414) Homepage

      Wow, you should really take off the tinfoil hat and read up on cryptography a little before your next post.

      The secrecy of a cypher should rely entirely in the key (see D. A. Kerckhoffs). Put another way, knowing the algorithm used should not compromise a good cypher. In fact, most of the better, more trusted cyphers are published, and have been subjected to many many man-years of cryptanalysis without yielding attacks that do much better than brute force key searches (which is why we trust them and conversely why propriatary/homebrew/secret algorithms are shunned).

      In the case of blowfish, to my knowledge there are no known attacks that are effective against the full 16-round cypher. There are weak keys, but it's unlikely that such keys are exploitable in practice. So it would seem unlikely (though not impossible) that blowfish has been successfully attacked by NSA. So given a large enough keyspace, the NSA would have to be willing to dedicate a large number of CPUs/FPGAs to a brute force attack. Since blowfish supports keylenghts up to 448bits, such attacks could take a while even with NSA's extensive resources. [In this context, "a while" means effectively never.]

      • When the feds find out that a suspected mobster is using strong crypto, they don't call the NSA and have them try to crack it. They get a warrant, break into his house and install a keylogger on his computer, or a tiny bug in his VOIP phone, and tap it that way. Perfect crypto won't protect you from that.

  • Jebus, we need to unleash the pain on these feds. What are they going todo when we start running ipsec tunnels for all our voip connections? What is more scary? The fact that they want to do all of these big brother things? Or that the old techonolgy systems allowed them to do these things?
  • by Graabein (96715) on Friday January 09, 2004 @10:44PM (#7935260) Homepage Journal
    First, please allow me to plug a site I help run: IAXprovider.net [iaxprovider.net], a community site for people running VoIP services on Asterisk [asterisk.org], the open source Linux PBX. We follow this issue closely. Thank you.

    BTW, this same article is also available [com.com] over on news.com.com. Anyway, lemme quote:

    "The agencies have asked the Federal Communications Commission to order companies offering voice over Internet Protocol (VoIP) service to rewire their networks to guarantee police the ability to eavesdrop on subscribers' conversations."

    Think about that one for a minute. How is a VoIP provider going to ensure that? There is only one way, turn off and disable all use of encryption in their VoIP network, unless the provider has access to the keys used.

    Now think of IM networks, email servers, or just about any other Internet service. What are they going to do, outlaw all "non-sanctioned" client software using encryption? Are we gearing up for another Clipper Chip fiasco here?

    FCC chairman Michael Powell has just come down on the side of VoIP providers [cnn.com] saying, in part:

    "Rapidly expanding voice communications over the Internet should be protected from excessive government regulation and from being pigeonholed as simple phone service". He goes on to say "harm from misregulation of VoIP could take "decades to fix."

    "You [can] create a very hostile regulatory environment for voice-over-IP providers in the United States," Powell said.

    He added "there is nothing to stop" the companies from moving to other countries and setting up computer systems to serve U.S. customers.

    Exactly. Welcome to the Internet age.

  • by Ieshan (409693) <ieshan@nOSpAm.gmail.com> on Friday January 09, 2004 @10:59PM (#7935334) Homepage Journal
    Why not develop a cellphone device that changed the sound going in and going out?

    For instance, you could enter a keycode into a program, and it would re-format all voice data into meaningless noise without person X on the other end using the same (or a permutation of) the same code.

    This would make wiretaps useless without... the code.
  • by pherris (314792) on Friday January 09, 2004 @10:59PM (#7935335) Homepage Journal
    From the article:
    Wiretaps for that year cost taxpayers $69.5 million, and approximately 80 per cent were related to drug investigations.
    The WoD (war on drugs) currently costs the US taxpayer $600 per second according to the Drug War Clock [drugsense.org].

    I'm not saying legalize everything, just treat addiction to hard drugs as a medical issue and let medical doctors prescribe for maintance while helping their patients. Marijuana (something much safer than alcohol) needs to be legalized and taxed.

    Get the facts [drugpolicy.org] about marijuana. End the drug war now.

  • by ndogg (158021) <the...rhorn@@@gmail...com> on Friday January 09, 2004 @11:00PM (#7935348) Homepage Journal
    I won't mind as long as:
    1) they have a warrant
    2) they take the cost upon their own shoulders and not upon the company or individuals concerned.

    What this means is that we must be vigilant about the laws surrounding warrants and how they are obtained.
  • by ironfroggy (262096) <ironfroggy AT gmail DOT com> on Friday January 09, 2004 @11:06PM (#7935374) Homepage Journal
    Personally, it seems to me that VoIP is pretty cut and dry in this matter: it is a "telecommunications carrier". It is simply a new medium for the same thing we did on copper lines.

    The most difficult (and dangerous) aspect is things like IM services with voice capacity. Actually, anyone two people with microphones and email could evade the police and FBI pretty easily by recording small sound files and emailing them (possibly even encrypting them to be sure). In such a case as this, where communications begin to forgo the use of any third-party to facilitate the information between two people, we will see a lot of hot debate.

    When communications as distributed and "P2P" as this become more common place, many questions will be raised. But, we must look at how things would have to be implemented, before we can judge the rules that must be applied to them. Can we mandate that wiretaps must be available even for peer-to-peer exchange of communications? Would we then need to make requests directly to those being tapped, or those they are in contact with, stating they must, for a specified time, transmit all communications to the authoritive agencies for monitoring? Surely, no one would comply! Then, should the ISPs and backbone servers scan all packets for personal communications to or from individuals on a national "Tapped List"? But, what of all the data they would have to peak into to find these few, when most they have no right to touch, except to pass along?

    We sail to rough waters. I pray for us all.
  • by tx_kanuck (667833) on Friday January 09, 2004 @11:15PM (#7935420)
    The good:
    --If there is a wiretap, they are only getting your conversation, and not ever piece of data your computer spits out. It looks like they would need a different warrant for that too.

    --The tap would be located not at your ISP, but at your VOIP provider. This helps guarantee privacy for the people not specified in the warrant.

    --This places VOIP on more of an equal footing as traditional phone services. If they are legally the same for what they have to provide the cops, they could then argue they are the same legally when it comes to their protection as common carriers.

    The bad:
    --The VOIP companies would have to re-wire their networks so that all conversations go through a tappable trunk line. That, or they would have to set up infrastructure to siphon off individuals phone calls to a 3rd location (which is what I would prefer. Let the VOIP provider pull a copy of the conversation off the trunk line instead of the cops). This means more $ needed in development and implementation.
    --Requlation may (ok, probably will) stifle innovation. By regulating things like how a wiretap is to be done, it will be harder for open source and closed source products to work in multiple countries. This then leads to problems with interoperability between national networks.

    Overall, I don't see this as too alarming.
  • Keeping Pace (Score:3, Insightful)

    by dropshot (646089) on Friday January 09, 2004 @11:26PM (#7935474)
    Realistically, all the feds are trying to do is keep pace with the advance of technology. They've had the ability to tap phones for as long as they have been around. Even if they were able to listen to and record every single call made, someone still has to transcribe the call. Even with the transcriptions done, someone else has to put the pieces together to make it useful intelligence, otherwise it remains valueless information. Intel work gets HARDER when the mass of data increases exponentially.
  • Missing the point. (Score:5, Interesting)

    by muonzoo (106581) on Friday January 09, 2004 @11:30PM (#7935505) Homepage
    Many of the people responding to this thread are missing the big picture.
    There will always be a screw-you-I'm-doing-this-the-OSS-way-with-crypto solution available. What does this solution cost? Well you might think it's free.

    It isn't.

    By adopting some OSS mechanism to communicate with whomever you choose, you impose a burden on the other party, namely, they have to install and have access to the same (or compatible) OSS VoIP software.

    While this might be great for you and your hacker buddies, it won't help you call your parents, grandma, or your fiancee. It also won't help you call your doctor, lawyer, investment partner, stock broker or bank.


    Wait, there's more going on here.

    There are technical implication for the service providers. Most of the better designed VoIP protocols (like SIP [ietf.org], as an example) are all about establishing sessions. There is a location service somewhere that a user-agent (UA) (phone) can find, based on the number or URI that you call. This location service will either proxy your connection request to the other client, or it will redirect your user-agent to contact the other party directly. (Think HTTP 302 response code -- in fact -- SIP uses the same structure).

    Once your UA has contacted the other party, some handshaking happens where you try to figure out what CODECs you will use to exchange audio, video, facsimile, IMs etc. Then end result is a collection of sessions directly between the user-agents that called one another.

    Let me make that REALLY clear. Beyond the proxy / location service, the VSP (voice provider) is not in ANY way involved in the media flows. Why should it be? It doesn't care.

    Enter CALEA requirements -- which are really poorly laid our I might add -- suddenly the VSP must carry the media and relay it to the other party and optionally duplicate each CODEC frame and send it to some black box (or red box [nbxsoftware.com] as the case may be).

    This has serious consequences on bandwidth consumption for VSPs.


    But they can just do this when there is a tap! (You object)

    And I counter with the fact that such an arrangement violates the CALEA requirements that a party subject to monitoring cannot know that they are under surveillance. End result? All media MUST flow through a choke point from which it could be duplicated.

    This has catastrophic consequences on the bandwidth a VSP can expect to need to meet their service levels.

    This may or may not be a Good Thing. I think it is NOT a Good Thing. One thing is certain, this issue is a very Material Thing for VSPs.
  • by MichaelCrawford (610140) on Friday January 09, 2004 @11:42PM (#7935549) Homepage Journal
    Gentlemen do not read each others' mail.

    -- Secretary of State Henry Stimson

    Speak Freely [fourmilab.ch] is a free (public domain, available in source code form) voice over IP program that can use hard encryption, including "AES, Blowfish, IDEA, and DES with keys as long as 256 bits".

    It's not the easiest program to use, but it does work well. It's development has been discontinued [fourmilab.ch], but you can still get the source code if you get it quickly. I'd like very much to see someone pick up its development, or to at least use its technology in a new program.

  • Mouahahaha (Score:4, Funny)

    by fleener (140714) on Saturday January 10, 2004 @12:19AM (#7935726)
    You may tap my phone. You may monitor my VOIP. You may intercept my e-mails. You may pillage my mail box and scrounge through my trash can. I accept all of these violations of my civil rights so that you can employ one more FBI agent and help stave off George's hemorrhaging unemployment figures. It's a form of entertainment for me, to say silly things in these mediums, just to amuse the man sitting in the van down the street, sipping cold coffee and eating stale donuts.

    But I'll be damned if you're touching my carrier pigeons. I will feed them steroids and fit them with armor, if necessary, to keep you from interfering with my God-given right to private communications.
  • Nothing new (Score:4, Informative)

    by CurMo (172974) on Saturday January 10, 2004 @01:20AM (#7935961)
    All I can say is I worked as a R&D software engineer for Nortel Networks, and this is nothing new.

    We were (and they still are) developing voice-over-ip infrastructure equipment (Succession as they call it) and it was -required- that we implement a way for feds to tap the lines before we could even consider rolling out and selling the product.

    There are a lot of gov't requirements behind the scenes than you might realize (and people can't talk about)...
  • But... (Score:3, Insightful)

    by graveyardduckx (735761) on Saturday January 10, 2004 @01:26AM (#7935994)
    Of those 2.2 million calls reported that were tapped, how many were actually criminals? And how many other calls were tapped illegally by the same groups? It sounds like X-Files to me. The truth is out there.
  • by Baki (72515) on Saturday January 10, 2004 @04:43AM (#7936577)
    The only way to guarantee being able to tap voip is to generally outlaw and/or regulate cryptography, such as only allowing very weak cryptography, or mandating a scheme where all keys have to be known with the state authorities.

    At the same time, such a system (key escrow) will make use of cryptography across national borders impossible, since there is no state or supranational authority (such as the UN) that would be trusted by all national states to keep the keys needed for decryption.

    Can you imagine France to use cryptography using keys known by the US authorities? Can you imagine the US using a system whose keys are entrusted to some U.N. authority? In the latter case, if the US would want to get a key in order to decrypt some domestic voip conversation, would the UN allow it?

    In other words: if the US really wants to keep this possibility, the only option is to either outlaw cryptography totally, or to mandate a scheme that can only work domestically and outlawing all other forms of cryptography.

    Either way, international ecommerce is killed.

    I think that the US autorities, whether they like it or not, have to be prepared for a time where they can no longer tap communications at all, or they must accept a severe blow to the global (and thus national) economy.
  • by serutan (259622) <snoopdoug@geekaz3.1415926on.com minus pi> on Saturday January 10, 2004 @05:30AM (#7936694) Homepage
    80% of the federal wiretaps are to enforce drug laws? Sounds like reducing or eliminating the relevant drug laws would drastically reduce the need for wiretaps, helping to alleviate many of the other issues surrounding the liberal use of government eavesdropping.

    It isn't always just perpetrators who cause the problems and impose costs on society. It's also the mere fact that our lawmakers have decided to make particular activities illegal. Not only do we spend billions enforcing a variety of behavior-restricting rules, we end up creating additional secondary rules that further restrict the rights of everybody and increase the power of the government. The copyright system is another good example. Reducing copyright protection would reduce the need to monitor and control every little electronic activity anybody performs, and to trend toward criminalizing any technology that might threaten the business activities of copyright holders.

    If you suggest eliminating drug or copyright laws, people will immediately envision the streets littered with semi-conscious heroin addicts, or a world without music, literature, film or techical innovation because nobody has any incentive to create anything. Probably neither extreme would actually happen. On the other hand, a picture of a world where average people routinely curtail what they say and do for fear that they might look suspicious to the ubiquitous surveillance system is much more probable. There's already an empirical basis for it.

    We should examine the root laws that spawn these secondary restrictions and determine which ones are really worth enforcing, not just in terms of the financial cost but in terms of the freedoms lost.
  • by IronChef (164482) on Saturday January 10, 2004 @06:07AM (#7936760) Homepage
    I'd just make it illegal to do anything illegal. Problem solved!
  • by Garry Anderson (194949) on Saturday January 10, 2004 @10:56AM (#7937327) Homepage
    They always use false arguments to get surveillance society.

    Quote from article:

    The agencies have asked the Federal Communications Commission to order companies offering voice over Internet Protocol (VoIP) service to rewire their networks to guarantee police the ability to eavesdrop on subscribers' conversations.

    Without such mandatory rules, the two agencies predicted in a letter to the FCC last month that "criminals, terrorists, and spies (could) use VoIP services to avoid lawfully authorized surveillance." The letter also was signed by the Drug Enforcement Administration.


    I have put the following argument many times:

    Ask Security Services in the US, UK, Indonesia (Bali) or anywhere for that matter, to deny this:

    Internet surveillance, using Echelon, Carnivore or back doors in encryption, will not stop terrorists communicating by other means - most especially face to face or personal courier.

    Terrorists will have to do that, or they will be caught.

    Perhaps using mobile when absolutely essential, saying - "Meet you in the pub Monday" (human bomb to target A), or Tuesday (target B) or Sunday (abort).

    The Internet has become a tool for government to snoop on their people - 24/7.

    The terrorism argument is a dummy - total bull*.

    INTERNET SURVEILLANCE WILL NOT BE ABLE TO STOP TERRORISTS - THAT IS SPIN AND PROPAGANDA

    This propaganda is for several reasons, including: a) making you feel safer b) to say the government are doing something and c) the more malicious motive of privacy invasion.

    Please see any one of my posts on this topic [slashdot.org].
  • I wonder... (Score:3, Funny)

    by headqtrs (467875) on Saturday January 10, 2004 @01:39PM (#7938122)
    police intercepted nearly 2,200,000 conversations with court approval

    how many did they intercept without court approval?

The universe is like a safe to which there is a combination -- but the combination is locked up in the safe. -- Peter DeVries

Working...