Feds Want to Tap VoIP

An anonymous reader writes "From the Globe and Mail: The FBI and the U.S. Justice Department have renewed their efforts to wiretap voice conversations carried across the Internet. Federal and local police rely heavily on wiretaps. In 2002, the most recent year for which information is available, police intercepted nearly 2,200,000 conversations with court approval, according to the Administrative Office of the U.S. Courts. Wiretaps for that year cost taxpayers $69.5 million, and approximately 80 per cent were related to drug investigations."

2,200,000?

[John Seminal]

Wow, that is alot of conversations Uncle Sam was listening in on. What I would find to be more interesting is how many arrests were made from those 2,200,000 wiretaps.

Can VoIP be encrypted in such a way that even if it is intercepted, it is useless? What is to stop someone from writing code that does that? Or will the NSA get involved?

tapping UDP is hard

[Anonymous Coward]

What are they going to do, dump all the datagrams, and how are they going to pick the filter parameters? Given dialup and DHCP dynamic IP assignments, this would be like trying to pipette from a firehose. Even NetMeeting's rendevous protocol is dynamic....

At least with this fact in play we'll probably see some more decent voip encryption.

They'll only catch amateurs...

[El]

Wouldn't any real criminal run his VoIP through a VPN or some other encrypted tunnel, thus making difficult for the Feds to know that it is a VoIP session, let alone decrypt it and understand it? See, the problem with PCs is that they are general purpose devices that allow you to execute arbitrary algorithms -- or even add proprietary hardware to do hardware encryption. So, other than knowing what IP address a suspect is talking to, what good is the wiretap going to do them?

How do they propose...

[forevermore]

How do they propose to tap VOIP conversations over private networks? I can understand how federal regulations might get them permission to tap into the networks of the growing VOIP phone providers, but a lot of people (companies, geeks) set up their own internal VOIP networks over IPSEC, secure VLAN's and other such things that would be nearly(?) impossible to detect as VOIP traffic. Not to mention p2p type VOIP clients like those built into the various instant messenging programs that are, well, peer to peer, and don't go through some central server.

Re:2,200,000?

[swb]

Those are the ones that are above board. There was a time when the NSA could tap virtually any conversation they wanted, as they had intercepts between almost all microwave relays. Read "The Puzzle Palace" and be prepared for some interesting stuff.

ipsec

[SHEENmaster]

ipsec, ssh tunneling, and VPN configurations can all prevent this with no change to existing code.

Is anyone else outraged that the feds spent $63 million just wiretapping phones for a black market that they created? 1.) Make a drug black-market. 2.) Spend $63 million wiretapping phone investigating the market. 3.) ??? 4.) profit!

Re:Law Enforcement and Technology

[cyt0plas]

Not true. I have nothing to hide - I still don't wnat Uncle Sam listening to everything I do. Some of us still believe in privacy.

On a side note, sometimes people have things to hide with good reason. A number of the founding fathers lived as long as they did because of Privacy. A number of blacks were better off because records could be kept from corrupt local governments. People have been persecuted by scientology for speaking out against it - sometimes privacy is the only safeguard. Can you honestly say you trust every single person who has access to your data (government or not) to act in your best interest, or at least the best interest of the country. Here's a hint: if the government can beat it, someone else can too.

I'll take my privacy, thank you very much. The only way to stop power from being abused is to not grant it in the first place. Our society is based on individual freedom - for example, the whole "guilty until proven innocent" thing. Our constitution is set up to let the guilty go free rather than imprison the innocent, should a conflict arise. Would placing the burden of proof on the defense (or eliminating the trial altogether) mean fewer criminals went free? Of course! Would more innocent mean be imprisoned? Of course.

Is it worth it? Hardly. From what I hear, though, if you like that sort of thing, Cuba is not hard to get into.

Re:2,200,000?

[cyt0plas]

This is the very nature of cryptography, and the reason for the "Sneak and Peak" provisions of the Patriot Act.

When you roll out the unbreakable crypto (easy - although 1024 _may_ be crackable, 2048 is _not_ - at least yet), they wait for you to leave, break into you location, and install keyloggers, take encryption keys, add backdoors, etc. until they don't need to break your crypto.

Encryption ain't it all tapped out to be...

[UPAAntilles]

Sure, for a few conversations between buddies, encryption would baffle an individual. However, this is the US government-with tons of money to throw around...they'll find ways around encryption. Usama's satellite phone was "encrypted", but the NSA could crack it easily enough. If it becomes a great enough need, the government would find out how to decrypt it. They wouldn't brute force either. When the British found the Enigma machine, the US and British intelligence services reverse engineered it and then used it for the remainder of the war. Same thing would happen here: If the case was high-profile enough, the FBI would find the program used and reverse engineer it so they could thwart the encryption. I'm willing to bet that Nautlius (Blowfish) has already been cracked by the CIA/FBI/NSA, and that they have their own proprietary software for VoIP tapping. The only way to avoid it would be to design your own encryption software, and then make sure it doesn't fall into the US Military's/FBI's/NSA's/CIA's hands. Those agencies employ some of the best hackers/programmers in the field, and it would be near impossible to keep multiple VoIP conversations encrypted without changing software every conversation (and even then, you would have to have every conversation based on the understanding that those may be decrypted later.) This is because of the open structure of the internet.

Update...

[orthancstone]

The unfortunate problem is that since we have crap like the Patriot Act, it isn't as hard for the government to get whatever access it likes. By now, they pretty much DON'T need a reason anymore...

Re:Hyperbole++;

[Anonymous Coward]

What makes you think that Uncle Sam is going to listen to "everything you do"? Remember, this law doesn't give the gov't carte blanche to listen to the conversations of anyone it chooses to. It must show a court of law that there is sufficient reason that you are using the phone lines to commit a felony. All this law does is put VoIP on the same legal standing as traditional phone lines, with regards to wiretapping.

Ummm, have you been asleep for the past two years?

Re:2,200,000?

[pvt_medic]

they got 2,200,000 conversations so that very well could have been listening in for a long time on one person. But I would like to know the wiretap to arrest ratio.

VoIP can easily be encrypted.

The real question is as people more and more get high speed internet access people could easily create their own VoIP set up. One that allows people to directly connect with another computer and talk with the user there. Now granted they already have this, but people add their own encryption scheme, and before you know it there will be no more telephone companies as we know it. My telephone number will be my IP.

clear but theres more

[ironfroggy]

Personally, it seems to me that VoIP is pretty cut and dry in this matter: it is a "telecommunications carrier". It is simply a new medium for the same thing we did on copper lines.

The most difficult (and dangerous) aspect is things like IM services with voice capacity. Actually, anyone two people with microphones and email could evade the police and FBI pretty easily by recording small sound files and emailing them (possibly even encrypting them to be sure). In such a case as this, where communications begin to forgo the use of any third-party to facilitate the information between two people, we will see a lot of hot debate.

When communications as distributed and "P2P" as this become more common place, many questions will be raised. But, we must look at how things would have to be implemented, before we can judge the rules that must be applied to them. Can we mandate that wiretaps must be available even for peer-to-peer exchange of communications? Would we then need to make requests directly to those being tapped, or those they are in contact with, stating they must, for a specified time, transmit all communications to the authoritive agencies for monitoring? Surely, no one would comply! Then, should the ISPs and backbone servers scan all packets for personal communications to or from individuals on a national "Tapped List"? But, what of all the data they would have to peak into to find these few, when most they have no right to touch, except to pass along?

We sail to rough waters. I pray for us all.

Re:That's why we have crypto!

[jmv]

Seriously, I'm the author of Speex (the speech codec) and I'd be willing to help if someone wanted to design an open-source library to encrypt VoIP packets. This is a project I can't do only by myself because I lack the knowledge to use crypto stuff currectly (random stuff, padding, etc).

I think it would be nice to have such a library so that any VoIP application writer can easily integrate the crypto functionality.

Re:Encryption ain't it all tapped out to be...

[dsouth]

Wow, you should really take off the tinfoil hat and read up on cryptography a little before your next post.

The secrecy of a cypher should rely entirely in the key (see D. A. Kerckhoffs). Put another way, knowing the algorithm used should not compromise a good cypher. In fact, most of the better, more trusted cyphers are published, and have been subjected to many many man-years of cryptanalysis without yielding attacks that do much better than brute force key searches (which is why we trust them and conversely why propriatary/homebrew/secret algorithms are shunned).

In the case of blowfish, to my knowledge there are no known attacks that are effective against the full 16-round cypher. There are weak keys, but it's unlikely that such keys are exploitable in practice. So it would seem unlikely (though not impossible) that blowfish has been successfully attacked by NSA. So given a large enough keyspace, the NSA would have to be willing to dedicate a large number of CPUs/FPGAs to a brute force attack. Since blowfish supports keylenghts up to 448bits, such attacks could take a while even with NSA's extensive resources. [In this context, "a while" means effectively never.]

I see good and bad from this article

[tx_kanuck]

The good:
--If there is a wiretap, they are only getting your conversation, and not ever piece of data your computer spits out. It looks like they would need a different warrant for that too.

--The tap would be located not at your ISP, but at your VOIP provider. This helps guarantee privacy for the people not specified in the warrant.

--This places VOIP on more of an equal footing as traditional phone services. If they are legally the same for what they have to provide the cops, they could then argue they are the same legally when it comes to their protection as common carriers.

The bad:
--The VOIP companies would have to re-wire their networks so that all conversations go through a tappable trunk line. That, or they would have to set up infrastructure to siphon off individuals phone calls to a 3rd location (which is what I would prefer. Let the VOIP provider pull a copy of the conversation off the trunk line instead of the cops). This means more $ needed in development and implementation.
--Requlation may (ok, probably will) stifle innovation. By regulating things like how a wiretap is to be done, it will be harder for open source and closed source products to work in multiple countries. This then leads to problems with interoperability between national networks.

Overall, I don't see this as too alarming.

Re:80%??

[Anonymous Coward]

"Weak" drugs (i.e. marijuana) should be regulated and sold just like alcohol. We let drunk drivers kill thousands of people a year, why not high ones? I don't like the idea of life-crippling drugs (i.e. heroin, cocaine) being sold over the counter, though.

This is a little off-topic rant, but the fact that we have drive-through liquor stores just boggles my mind. I understand that it is very convienent for people in a rush or whatever, but that's just asking for people to drive drunk. Drunk driving is totally out of control. I think we should treat them like we treat those prisoners of war in Cuba. It is a real problem and needs a serious kick in the ass to try to get some control over it. Luckily I haven't lost any friends or relatives to it (yet). But, playing the numbers, it is highly likely that sooner or later I will. What are the rules and penalties regarding drunk driving in other countries? I think we are much too lax in the U.S.

Re:So we respond with Nautlius

[Alexei]

Never saw it. My point is, though, that someone in the FBI has probably also seen it. Any law requiring agents to "disconnect (or ditch-and-not-listen-to any recording)" is only a sop to civil-liberties advocates, because the FBI never can be sure if a conversation really is innocent or is simply well-encoded.

Missing the point.

[muonzoo]

Many of the people responding to this thread are missing the big picture.
There will always be a screw-you-I'm-doing-this-the-OSS-way-with-crypto solution available. What does this solution cost? Well you might think it's free.

It isn't.

By adopting some OSS mechanism to communicate with whomever you choose, you impose a burden on the other party, namely, they have to install and have access to the same (or compatible) OSS VoIP software.

While this might be great for you and your hacker buddies, it won't help you call your parents, grandma, or your fiancee. It also won't help you call your doctor, lawyer, investment partner, stock broker or bank.


Wait, there's more going on here.

There are technical implication for the service providers. Most of the better designed VoIP protocols (like SIP [ietf.org], as an example) are all about establishing sessions. There is a location service somewhere that a user-agent (UA) (phone) can find, based on the number or URI that you call. This location service will either proxy your connection request to the other client, or it will redirect your user-agent to contact the other party directly. (Think HTTP 302 response code -- in fact -- SIP uses the same structure).

Once your UA has contacted the other party, some handshaking happens where you try to figure out what CODECs you will use to exchange audio, video, facsimile, IMs etc. Then end result is a collection of sessions directly between the user-agents that called one another.

Let me make that REALLY clear. Beyond the proxy / location service, the VSP (voice provider) is not in ANY way involved in the media flows. Why should it be? It doesn't care.

Enter CALEA requirements -- which are really poorly laid our I might add -- suddenly the VSP must carry the media and relay it to the other party and optionally duplicate each CODEC frame and send it to some black box (or red box [nbxsoftware.com] as the case may be).

This has serious consequences on bandwidth consumption for VSPs.


But they can just do this when there is a tap! (You object)

And I counter with the fact that such an arrangement violates the CALEA requirements that a party subject to monitoring cannot know that they are under surveillance. End result? All media MUST flow through a choke point from which it could be duplicated.

This has catastrophic consequences on the bandwidth a VSP can expect to need to meet their service levels.

This may or may not be a Good Thing. I think it is NOT a Good Thing. One thing is certain, this issue is a very Material Thing for VSPs.

Re:Can I be the first to say...

[Dr_Marvin_Monroe]

You can't rely on that as a protection. As a previous article about fed's use of the OnStar system to bug people in their luxury cars shows, there's been an important movement in the point between "tapping was accessable, so we did it" to "you are required to provide the tap." Yes, criminals will use more secure 1024-bit, perhaps even one-time pads, but the burden is now on EVERYONE else to get searched and siezed.

I see this as a HUGE deal. It doesn't matter that the real criminals will be using real encryption. The problem is that the Fed's want all networks to not only provide the tap, but do the collection work and carry the expense too.... Wire tapping has evolved from "the terminals on the phone were exposed, so we attached" to "you've got to build this capability into the system and carry the cost."

This is insane....no patriot would even consider allowing this.... Let's just pretend that we no longer have a "Bill of Rights".... or just that it simply has a dollar figure at the bottom that we're supposed to mail in....

Re:So we respond with Nautlius

[hbo]

For instance, at the rate we're going, I fully expect to see laws against two people conversing face-to-face and in private in my lifetime.

No need to wait for that. A fictional, but plausible illegal conversation, circa 1865:

Conspirator 1: Psst, John, here's the gun. When are you going to do it?
Conspirator 2: Right after act one of "Our American Cousins!"

Conspiracy is illegal, of course. It the content of a conversation conveys information that furthers a conspiracy, then the conversation is illegal. For example, it would be illegal for me to to tell you when I was going to commit a murder so you could make sure my getaway car, er, horse, was parked outside Ford's theater at the right time.

Re:Bound to happen...

[RevAaron]

Got a judge to OK it? Not really needed anymore, with the PATRIOT and PATRIOT II acts.

They snuck the second PATRIOT act when they caught Hussein. [freeinternetpress.com] Sneaky, that. Who needs a judge for phone taps, financial records, etc? Maybe in Canada!

Re:That's why we have crypto!

[jrockway]

You come over and hand me a disk with your public key on it. Or my friend that I trust signs the key and you push it to the keyserver. Read up on key exchange, it's interesting stuff.

Essentially what happens is this:

1. Everyone makes a key.
2. ???
3. Profit!

Just kidding.

1. Everyone generates a keypair (a private key that decrypts messages, and signs things, and a public key that you give to everyone that verifies that signatures are from the private key [that presumably only you control], and encrypts things to your private key [i.e. you]).
2. Everyone publishes their public keys.
3. You sign someone's key if you know that person is who the key says he is.

Now you want to send a message. You get the public key of the recipient from the keyserver. It happens to be signed by persons A and B. You signed person B's key... therefore you trust that the key is valid (since you trust person B's judgement). Now you encrypt a message to your recipient [with HIS public key], and sign it [by encrypting a hash of the message with YOUR private key].

The receiver gets your public key, applies the trust logic to make sure he really has your key, and verifies that the message is from you.

You had to have your private key to make that signature valid. If someone forged your private key, the signature would not have been valid. Also, if the message was changed, the signature would again be invalidated.

So the recipient decrypts the message with HIS private key, that only he has. Now that person knows that 1) the message was from you and had not ben altered since you signed it (since he decrypted the hash of the message with your public key, which he trusts and the hash validated), and 2) nobody read or the message (only you can read that message, becuase only you have the private key).

So that's how that would work :)

That implies a workaround...

[Mr2cents]

the spooks are already required to disconnect (or ditch-and-not-listen-to any recording) the instant they realize it's a call that is unrelated to the matter being investigated.

So I can, for example, call my dealer, talk a few minutes about my hemaroids, and then I place my order. Wait until that gets out!

Re:Bound to happen...

[gad_zuki!]

The FBI doesn't bother with warrants anymore. They just write themselves national security letters. [reclaimdemocracy.org] On top of that the criteria for getting warrants has fallen dramatically.

Outlawing cryptography

[Baki]

The only way to guarantee being able to tap voip is to generally outlaw and/or regulate cryptography, such as only allowing very weak cryptography, or mandating a scheme where all keys have to be known with the state authorities.

At the same time, such a system (key escrow) will make use of cryptography across national borders impossible, since there is no state or supranational authority (such as the UN) that would be trusted by all national states to keep the keys needed for decryption.

Can you imagine France to use cryptography using keys known by the US authorities? Can you imagine the US using a system whose keys are entrusted to some U.N. authority? In the latter case, if the US would want to get a key in order to decrypt some domestic voip conversation, would the UN allow it?

In other words: if the US really wants to keep this possibility, the only option is to either outlaw cryptography totally, or to mandate a scheme that can only work domestically and outlawing all other forms of cryptography.

Either way, international ecommerce is killed.

I think that the US autorities, whether they like it or not, have to be prepared for a time where they can no longer tap communications at all, or they must accept a severe blow to the global (and thus national) economy.

Was not really a problem

[CrystalFalcon]

One wonders then how it is they were able to deal with crime before the advent of technology.

Actually, they didn't have too hard a time. They found the suspect, and questioned him - using whatever methods were deemed appropriate at the time - until they had a confession.

Easy as pie. No technology needed at all.

Forensics was initially very unpopular with law enforcement, as it meant a sh*tload of extra work, seemingly with no visible payoff. People who advocated it had a hard time keeping their rank.

Power corrupts you know.

I think that was my point. :-)

Power doesn't corrupt neither more nor less than in previous generations, anyway. There is nothing new under the sun when it comes to how good or bad humans behave. Especially in a group.

Re:So we respond with Nautlius

[sketerpot]

I'm thinking VoIP over SSL, although I could be overlooking problems with TCP, UDP, and SSL.

Re:That's why we have crypto!

[Nonesuch]

Seriously, I'm the author of Speex (the speech codec) and I'd be willing to help if someone wanted to design an open-source library to encrypt VoIP packets.

I'd suggest linking against a couple of common block ciphers -- perhaps 3DES, AES, and twofish [schneier.com].

Linking against twofish is trivial -- Niels Ferguson publishes a easy to use free twofish library in portable C. Twofish is unpatented, and the source code is uncopyrighted and license-free; it is free for all uses.

Another more generic option would be to link against the mcrypt [sourceforge.net] GPL library.

This is a project I can't do only by myself because I lack the knowledge to use crypto stuff currectly (random stuff, padding, etc).

I think it would be nice to have such a library so that any VoIP application writer can easily integrate the crypto functionality.

Any good crypto library should handle the difficult crypto stuff for you, the interesting question is how does VoIP handle session keys?.

I can't easily locate documentation on key exchange for the voice channel for VoIP call setup? All I see are a handful of papers on encryption on the SIP protocol.