FCC Affirms VoIP Must Allow Snooping

MarsGov writes "The FCC released an order yesterday that requires all broadband providers and all "interconnected" VoIP providers to implement CALEA — in other words, law enforcement can snoop on your online conversations, both voice and text. While this is no surprise, it makes encryption for VoIP even more urgent."

VOIP

Oh come on. Like most of it isn't wide open to begin with (Vonage) or run by known lapdogs to the Govmint (Skype). The only way it could be more readily (and easily) monitored (and data mined) would be if it was run by the NSA's favorite lapdog ..... dr

No surprise at all

No surprise here at all.
The goverment isn't even willing to get proper warrants to tap regular phone and internet service. VOIP won't be any different.
Look for encryption to be made illeagal for all phone and IP services in the very near future.
This is just another step in the war on the constitution.

Re:No surprise at all

Yet they've been doing this for years. Nothing has really changed. Could you encrypt your old land line telephone? Can you encrypt your cellphone calls? For the most part no. The government has been doing this for years, why should things change now.

Just don't say they're getting worse without really looking at our past. Nothing has gotten worse, only the means to which our "rights" are negated as changed.

Re:No surprise at all

Meanwhile, all the criminals who really know what they're doing will send messages PGP encrypted, or use even more sophisticated methods of encrypting their files, and hiding who the messages are travelling between. Wow, so they can tap Joe sixpack's phone. It's bad that they are mandating this. It's doubly bad that it won't stop any really dangerous criminals.

Re:No surprise at all

Meanwhile, all the criminals who really know what they're doing will send messages PGP encrypted, or use even more sophisticated methods of encrypting their files, and hiding who the messages are travelling between.

Actually, they will just lobby for their crime to become legalised. Witness Haliburton, RIAA, MPAA, Bush...

Crime is now legal. As long as you can pay off the crooks in power.

Re:No surprise at all

Once privacy is outlawed, only criminals will have any.

Re:No surprise at all

I think you are giving criminals too much credit.

Joe sixpack might not be smart enough to commnicate over a secure channel, or simply not communicate over a possibly compromised channel at all (prepaid cell phones anyone?), but why do you think the average criminal would be?

You make it sound like a disproportionate number of law abiding citizens will be affected by this order because real criminals will be smart enough to use encryption. The majority of criminal actions are motivated by a combination of desperation and lack of common sense and thus the average criminal will be less likely to use an anonymous form of communication than the average citizen.

Re:No surprise at all

But I thought the justification for all this was to catch terrorists? They are generally considered to be thorough and crafty enough to take these sorts of precautions. The typical late night mugging doesn’t involve groups of conspirators hatching th

Re:No surprise at all

It's doubly bad

You misspelled doubleplusungood.

Funny, underrated, impressive

Wow! A multi-level contextually appropriate literary reference on /.!

I don't have any mod points today.

Re:No surprise at all

Could you encrypt your old land line telephone? Can you encrypt your cellphone calls? For the most part no.

I don't know how you got moderated up.

There have been landline/cell/satellite phone encryption products available for years.

http://www.security-isg. [security-isg.com]

Compatibility mode

The only road-block is that the other person you're talking to has to have the same setup. For 99% of people, it isn't worth the cost. For businesses & gov't agencies, it certainly is.

(Ring-ring...)
(Ring-ring...)
(Recorded voice) "This is an encrypted telephone call. It appears you do not have a compatible decryption device. Please have a pencil and paper ready, and follow along as I read you some simple instructions. First, write a list of 256 random numbers from 1 to 16. When you have completed this step, press pound."

(scribble-scribble-scribble... bleep.)

(Recorded voice) Now, divide the first number by... six, noting the remainder.
Divide the second number by... twelve, noting the remainder.
Divide the third number by... eight, noting the...

Encryption?

If they are this forceful in there attempts to spy on citizens, than how long do you think we can use encryption before they ban it (or at least mandate a government backdoor)?

Hard to do encryption commercial services

For encryption to be secure, you'll need to have end-to-end encryption. That is achievable for an organisation that is running its own VoIP system, but not really so for anything that is based on a commercial offering like Skype.

If Skype bows to FCC pressure (which they will) then they will not provide encryption in their service which means that the people using Skype won't be able to encrypt their calls.

Most people don't really care about encryption or wire tapping, but for those that do you can be sure some offshore service will pop up to fill the void.

Re:Hard to do encryption commercial services

I have vonage. Faxes work fine. In 4 months of service, I had only one day with difficulty (solved by temporarily setting my fax to "overseas" mode). I'm not a heavy fax user, but it is a steady 2-5 (combined in/out) per weekday.

User encryption raises even more flags

it makes encryption for VoIP even more urgent

Big players like Skype or Google Talk will have to implement weak (gov breakable) cypher. And if you opt to use it you will automatically be in focus.

Skype

And of COURSE Skype had to be bought out just months ago by an American company (eBay).

It doesn't matter for many VOIP calls

Encryption for VOIP won't help in many scenarios that LEAs are interested in. If you're calling a land line from your VOIP connection, the end point on the land line won't be able to decrypt the conversation, so even if all of the VOIP traffic is encrypted you'll have to go to the PSTN in the clear. AIUI, that's what they mean by "interconnected".

Re:It doesn't matter for many VOIP calls

Note that even if they wanted to, LEA don't have the computing power available to monitor every call. On the other hand, analysing the call graph [wikipedia.org] is quite tractable and completely orthogonal to the content. Enryption won't protect you from the governmen

Re:It doesn't matter for many VOIP calls

even if they wanted to, LEA don't have the computing power available to monitor every call.

I'm too lazy to dig up the links, so go ahead and mod me for missing my tin-foil-hat...

With all the talk of Bush authorizing international wire-taps on US-to-non-US citizens, it came up that the most probably reason the NSA is involved (see the current case EFF vs ATT) is that the NSA's Echelon system does have the throughput to handle that kind of workload. That Echelon was initially designed to snoop on purely international traffic, but it is just as easily turned on US citizens if the right (or wrong) person wants it to be so.

Just from an algorithmic viewpoint - that kind of workload is going to fall in the "embarrasingly parallel" group which means you can just keep adding PCs to scale-up to a volume of phone calls that is limited only by floorspace and electricity.

DDOS

VOIP works via packets with data describing the voice traffic, right? Suppose someone made a program to say "watchlist-words" constantly, and send them everywhere. How hard would it be for a terrorist to DDOS the FBI/NSA? I mean, if you randomize it, you can change pitch, volume, etc, as well as words. I have no idea how to do that exactly, but it doesn't seem infeasible.

Re:DDOS

As I understand the phone tapping situation, they listen in if you drop X amount of "flagged" words, like "terror" or "bomb" or "kill Bush" or whatever. Assuming the plan is the same with VOIP, if a trojan/rootkit/zombie/whatever starts flooding the pipes

There's encryption ......

and there's encryption. When you do find encryption make sure it isn't DES, NSA actually owns the patent on that one.

Re:There's encryption ......

No one uses plain DES anymore; it was broken decades ago. 3DES is fairly secure, but slow as hell. No point in using i3DES except maybe for legacy support. AES is probably good enough to guard against casual (i.e. mass) surveillence, though personally

By buying senators.

How do you get a patent on a mathematical formula?

Software patents are worded such that the patent doesn't cover but 1. a computer with memory that executes the formula and 2. the method of communicating X, Y, or Z using the formula. Patenting a generi

traffic analysis

One can learn a lot by knowing:

a. who you call, when you call them, and for how long
b. who calls you, when they call you, and for how long
c. who these other people communicate with
d. what all these phone numbers are associated with (bank accounts, etc.)

Re:traffic analysis

How to avoid this Traffic analysis: Usenet
Post a picture on a newsgroup and put an encrypted message inside of it.
Usenet will distribute it for you. Not possible to see who actually has the correct key and tool to decrypt it.

Post it at one provider and Usenet protocol will see that it arrives with many other providers over all countries.

The sole reason for the picture is so that many people will download it from as many places possible, making a direct link not workable.

See it as the message send out during WWII. Jean has a grand moustache. I repeat. Jean has a grande moustache.

They know something is going out, but they have no idea for whom it is ment or what it means. It even could be just some pictures.

Re:traffic analysis

That ethos is actually something that's been in use for quite some time by seemingly many groups, somewhat under our collective noses, Numbers Stations, [wikipedia.org] shortwave radio transmissions with origin unknown that transmit codes of numbers or letters, repeat a few times, then disappear. Most likely they are for undercover operatives with a codebook.

The idea is that it's tough to track their origin (apart from perhaps the language of some of the short messages that accompany them, but even that could be a red herring) and it's impossible to track down who's recieving it. Also, if it's using a one-use key decoding system, it's impossible to decrypt a meaning from it. Finally, most of these stations reappear at regular intervals, there's no real way to tell if one day's message is "all clear" or if it's "commence with the plan tomorrow."

I find them fascinating, and for some reason, chilling to listen to.

Action Time!

I've read so many things about our government as a whole's actions this year, and I'm really distraught. I walked into my Senator's office today, and discussed meeting with her. Usually, she only takes groups. I assume the same applies for most other Senators and Reps. Letters get ignored, e-mails are only seen by staff... who knows what happens to faxes?

My answer? A call to the /. community to organize in each Congressional district. Anybody who wants to assist in putting together these groups, please e-mail me. techroots@storyinmemo.com. If 15 of us in Southern Maine get together, we'll get a meeting. If we, as an organization, speak, we'll be much louder. Anybody, and particularly anybody in Southern Maine, I really want to hear from you. In a world that organizes online, if we can speak in real life too, we as geeks may be the most efficient people to form together.

Let's see if we can't stand a chance in hell of not being oppressed by the government we as a country vote for.

CALEA?

Now the FCC's pushing that stuff? Look, I don't have ED, but even if I did, I wouldn't ask the FCC for help.

But just out of curiosity, how much are they asking for 60?

Voice Scramblers?

I was under the impression that it was illegal in the US to use voice scramblers to mask your telephone calls.

If they can tap the VOIP calls, wouldn't encrypting them be the equivalent of voice scramblers and thus illegal?

why is this a big deal?

Are slashdot readers all using encryption on their existing telephone lines? If not, why does it matter now that it's VOIP?

CLAEA for VOIP isn't "trivial"

Believe me when I say that implementing CALEA in VOIP isn't trivial since the data must be intercepted somewhere.

The questions to be answered are where and how the interception is accomplished - especially in a manner that isn't trivially detectable by th

AHA!

So this is what that Microsoft patent is really for.
http://yro.slashdot.org/article.pl?sid=06/05/04/22 38213 [slashdot.org]

In all seriousness though, how many people will actually use VOIP to discuss illegal activity. If they know they're being monitored wouldn't they be more likely to use some more secure form of communication? Although, this brings up the question what do people sue to discuss illegal activity NOW if they know that they phones are probably monitored?

Re:AHA!

use prepaid cell phones (wth cash of course, and only use them once and then throw it down a sewer drain) and talk ambigiously.

The key word...

...is "connected". For the people whom I talk to the most -- family and some cyber-aware friends -- strong encryption on top of VoIP is the way I will go. Don't leave the Internet for the traditional POTS world and the CALEA doesn't apply.

http://www.philzimmermann.com/EN/zfone/index.html [philzimmermann.com]

Thank you (again), Phil.

  -Charles

Re:The key word...

Thank you (again), Phil.

Well, I just read the EULA and I want to retract that statement. Thanks for nothing, Phil. Nothing like selling out, is there? Ka-ching!

  -Charles

Every back door can be abused

As the convenience for the government to wiretap increases, the ease for a third party (inside or outside the government) to abuse such a mechanism also increases.

There was a debate back in the Clinton era as to whether or not encryption on the Internet needed a "back door" for the FBI. I had thought that the argument regarding the potential problems safeguarding these "master keys" had won out. Having the FBI spying on you with a warrant is one thing, but having organized crime, a private investigator, or some rogue arm of government (quite a few of those these days it seems), ... that's another thing entirely.

If you trust the government not to abuse this, then consider whether you trust the government to be able to effectively safeguard access to this. Ignoring social engineering (e.g. $), how likely is the government to have every bit of this infrastructure protected against stealthful 3rd party break-ins?

Suddenly blackmail is going to get a lot easier.

It took many decades for the Internet to flower and change the world with its freedoms. It is taking far less for the governments of the world to deflower the Internet and sow the seeds of thought control.

How would this work?

Properly implemented, SIP (common VoIP protocol) works like this:
A='A Party' - the person making the call
B='B Party' - the person receiving the call
P='Proxy' - the VoIP provider

A and B register with P.
A makes a call to B:
. A requests P that it be put through to B
. P contacts B, B's phone rings
. B answers
. P lets A know B's details
. P lets B know A's details
. A and B exchange voice traffic directly, without involving P

This allows latency to remain low when, say, A and B are in Australia and P is on the other side of the world.

To perform a successful wire tap in this scenario, the FCC would need to intercept the data at multiple points, possibly in separate countries.

Alternatively, P can tell A and B that there is too much firewalling in place and that all voice traffic must go via P, but by doing this they are giving the game away... it would be easily detectable by A and or B if they were smart enough to know what was going on.

SIP Protocols and Encryption and 3-Way calls

First of all, you don't want to attack the strong links when there are weak links that'll get what you need. A Wiretap is a 3-Way-Call with the Univited Party on Mute. So you don't try to break the cryto, you try to make sure you're on the call.

SIP Con

Use IP to IP Dialing To Bypass VOIP Backdoors

I regularly use VOIP via Free World Dialup (FWD). This system uses the SIP protocol. FWD servers seem to have frequent outages. To get around this problem, I've found that I can use direct IP to IP dialing and bypass FWD's servers completely. IP dialing is cumbersome, but you can put the dialed addresses in a speed call list and use 2-digit dialing. This works very well. There's a side benefit of no call logging since the provider's server is being bypassed. In theory I can call any SIP phone that's connected to the internet whether they're on Vonage, Packet Eight, or any other network, if I know their IP address.

Right now there are about a half dozen members of our private network. We're all registered with dyndns.org to solve the problem of dynamic addressing. We're all using Sipura Network adapters to connect a regular telephone to the Internet. The Sipura adapters accommodate dialing by hostname or IP address. The latency is lower with direct IP dialing because the voice packets are not routed through FWD's STUN or NAT servers.

This method is more secure since you're not dependent on any VOIP provider. The back doors that they provide for government spying can be bypassed. Encryption would be difficult but not impossible because it would have to be implemented in the Sipura firmware. SIP software phones will also work with direct IP dialing.

Can someone show me...

where this is any different then the cops being allowed to tap regular telephones? Seriously, have they once said that the cops will have unfettered access to this information without a warrant? If not, then I do not see why there is this urgent need for encryption on VoIP. I mean we are talking about the police agencies being able to have the same access to listen to VoIP conversations that they already have to tap every other phone line in America.

Now, I am sure you are all wearing your tin foil caps, but really this is not about some great big brother monitoring scheme. If you are so scared about people listening to your calls, you do not need encryption. Just start talking in code. Afterall, mobsters and just about anyone else committing illegal activity have been doing it for years to avoid being overheard.

I just am afraid I do not see everyone elses great concern in this matter. Of course, my lack of VoIP means that monitoring my calls is already quiet within the realm of possibility. As for the text conversation part, if I were truly concerned about stuff I was saying the last way I would transmit it would be over IM or through e-mail.

Re:Encrypting is a bad otpoins

While I undersnad that you may have concerns about your privacy, you do not need to worry because you are not doing anything that the FBI will be intersted in.

Sorry, sugar coat it all you want, but that is jsut another variant of the fallacy that "If Yo

I'll bite troll this is why govt spying is bad

This no doubt a troll but I'll bite for all the confused kiddies out there who might take this argument seriously. If you lived in the Soviet Union the spies were OK right because if you weren't doing anything illegal you had nothing to hide right? Same for Nazi Germany, and the "legitimate" government of Britain in the American colonies in 1775.

But it's different now you'll protest those were tyrannies and we are in a democracy. Well listen up my friend it's ISN'T that different, the president is in DIRECT violation of the constitution by declaring war on his own whim only Congress can declare war according to the constitution (and no Congresses rubber stamp allowing the president to declare war was not legit), further that war was declared by the president based on lies (see the Downing Street memos), further we are torturing people, and used Napalm or a Napalm like substance on civilians in Fallujah which is war crime, further NSA wiretaps without a court order are a violation of the bill of rights, further we have by FAR the largest prison population in the industrialized world at over 2 million, 100,000s of which are in there for victimless drug crimes, or pissing off their neighbor and being turned in for "sex crimes." Do you start to see why some of us want to be able to communicate without the government butting into our damn business?

Re:I'll bite troll this is why govt spying is bad

"No government is worth killing or dying for."

Unless you're dying to destroy that government, if it has violated the social contract that allows it to operate.

This government, has. This government, and almost every Western government in the world, is guil

Re:I'll bite troll this is why govt spying is bad

Or you could just walk away from it and let it collapse of it's own weight. Or to put it in slashdot speak some of us interpret governments as blockages and route around them.

Akido works too you know, sometimes meeting stupid force with more stupid force

Re:I'll bite troll this is why govt spying is bad

Many people seem confused about the status of Iraq.
Iraq is a conflict, the result of an "authorization to use force".

Nobody declared war.

Not the President, not Congress.

Iraq, like Vietnam, is not a Capital "W" War.

They talk about "war" in the media, but it

Re:I'll bite troll this is why govt spying is bad

Perhaps today would be a good day for a brief civics lesson. Here is the text of the fourth amendement.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

There is no absolute protection of privacy granted in that amendment. In fact, it wasn't until 1967 in Katz vs. United States when the Supreme Court ruled that the fourth amendment could offer protection against wiretaps, reversing previous rulings that said the opposite. In the Katz ruling, the court extended the definition of "search" to include government intrusion into something in which a person has a reasonable expectation of privacy. Even after the Katz ruling, the fourth amendment only offers protection against unresonable searches. There are still a lot of cases when the government can conduct a search and violate your privacy. One obvious time is when a warrant is obtained for the search after probable cause of a crime is presented to a judge. However, there are other cases where searches are not deemed unreasonable. If a police officer is walking by your house and hears screaming and believes someone is in danger, he can forcefully enter your house without a warrant. There's no violation of the fourth amendment because under the circumstances, entering the house to ensure the saftey of another person is not considdered an "unreasonable" search. If you are stopped for a traffic violation, the police officer is free to shine his flashlight in your window and look around the passenger area. That's because the courts have ruled that if items are within view, there is no expectation of privacy. As for the NSA's warrantless wiretaps, those are certainly in the gray area. The president argues that warrantless wiretaps of international calls are permitted under Article II as part of the military authority granted to the executive branch so long as the wiretaps are used for intellegence gathering related to national security, not criminal investigations. Others argue that the wiretaps are an unreasonable government intrusion when there is an expectation of privacy. Both arguments have merit, and reasonable people can have different opinions on the legality of these wiretaps. This is really an issue that needs to be resolved by the courts.

You seem to have many complaints with the United States government. I doubt there was ever a time in the history of the United States when you would have been happy with this country's laws or actions. In fact, I doubt there was ever a country in the history of the world in which you would be content. However, I hope I'm wrong, and I hope you find a place to live where you will be happy. If you do, I hope your utopia is as perfect as you envision.

Thomas Jefferson with a cell phone would have done

Dumbass, if the American revolution were taking place today you can be sure Thomas Jefferson would have a cell phone and a laptop and the 4th amendment would be written in such way as to keep government snoops OUT of those devices.
The INTENT of the 4th ame

Re:Thomas Jefferson with a cell phone would have d

The "terrorists" scare me FAR less than people like you. Stay the fuck out of MY phone calls, and electronic files.