Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy Communications

Groups Slam FCC on Internet Phone Tap Rule 164

kamikaze-Tech writes "An Associated Press report posted in the Vonage VoIP Forums discusses the new CALEA regulations that will make it easier for law enforcement to tap Internet phone calls. The article claims that the new law will also make computer systems more vulnerable to hackers, according to some digital privacy and civil liberties groups. While the groups don't want the Internet to be a safe haven for terrorists and criminals, they complain that expanding wiretapping laws to cover Internet calls -- or Voice over Internet Protocol (VoIP) -- will create additional points of attack and security holes that hackers can exploit. VoIP service providers such as Vonage, Skype and Packet 8 have eighteen months to comply with the new law."
This discussion has been archived. No new comments can be posted.

Groups Slam FCC on Internet Phone Tap Rule

Comments Filter:
  • by Anonymous Coward on Friday August 12, 2005 @04:29AM (#13302079)
    Given that Skype's corporate entity isn't located in the States, it would seem that the FCC doesn't have any control over it.
    • by poptones ( 653660 )
      If they don't comply the gestapo will just pressure Visa and MC to deny them accounts on the basis of "aiding the terrorists" - and if they devise some means of getting around it then uncle fed will just rapture their corporate officers to Syria or someplace where they can await prosecution on "money laundering" charges.

      You don't fuck with the world police...
    • by KitesWorld ( 901626 ) on Friday August 12, 2005 @05:02AM (#13302175)
      The problem is that if they don't comply, the FCC can issue punitive measures on skype's operations within the U.S.
      • Can't they simply close down their "US" webpages and servers, and re-open them up in a more friendly country, and not ask people if they're from the US or not?
        • Yeah, but it'd still be a loss of revenues, and arguably profit. Not only would it affect US customers, but other customers (ie, business) would switch to an competing provider that still had a U.S. service. Double-whammy. My guess is that Skype would do something with their U.S. based servers to allow the tapping against calls made to/from/within the US, but without affecting the rest of their service. Of course, this is just speculation.
        • by dnoyeb ( 547705 ) on Friday August 12, 2005 @06:14AM (#13302376) Homepage Journal
          if they connect to any US numbers, there quality will suck without us servers. Plus most of the numbers connected to will be landlines and you can bet the local phone company will jump with joy when asked to find a way to disconnect the VOIP provider.
      • As far as I know, there aren't any operations within the US. No matter where you are from, you pay a foreign entity in Euros. Unless you mean that the FCC can issue orders to ISPs to block Skype IP packets. Which is not exactly trivial.
    • Exactly!

      "VoIP service providers such as Vonage, Skype and Packet 8 have eighteen months to comply with the new law."

      Should Say:

      VoIP service providers such as Vonage, Packet 8, and have eighteen months to move operations to the caribbean."

      The regulation also only applies to VoIP to POTS (standard voice line), and not VoIP to VoIP. It's a way to get the protocol changed now to enable a second stream. Then later they can ease in the VoIP to VoIP taping as well, without drawing too much attention.

      This is yet a
    • Comment removed based on user account deletion
    • by Xformer ( 595973 ) <avalon73@cOOOaer ... inus threevowels> on Friday August 12, 2005 @09:38AM (#13303770)
      From the text of the proposal:

      58. We also seek comment on our tentative conclusion that providers of non-managed, or
      disintermediated, communications should not be subject to CALEA.166 Non-managed VoIP services, such as peer-to-peer communications and voice enabled Instant Messaging, as currently provided, do not appear to be subject to CALEA for two reasons. First, because they are confined to a limited universe of users solely within the Internet or a private IP-network, they may be more akin to private networks, which Congress expressly excluded from section 103's capability requirements. Therefore, they do not appear to replace a substantial portion of local exchange service; as such they do not appear to fall within the Substantial Replacement Provision. Second, they may be excluded information services under section 103(b)(2)(A) (as discussed above). We seek comment on this issue. Are there other characteristics or distinguishing features that may be used to determine whether a particular class of VoIP service providers is covered under CALEA? One example may be that VoIP service providers are covered under CALEA where their service interconnects to the PSTN.


      The bolded portion reflects where Skype themselves say that they are not intended as a replacement for local phone service. Trying to use them for that is silly in most cases, anyway, because in the US you can normally talk to someone a few houses down the street without per-minute charges. Using Skype to connect to your local PSTN in that case would cost $0.02/minute.

      If it's found that Skype may fall under the new rules, it's only where it connects to phone networks in the US for incoming and outgoing calls. Wiretap provisions could be done at that point if required, probably by the phone companies providing that connection.
    • by Phantasmo ( 586700 ) on Friday August 12, 2005 @11:14AM (#13304552)
      Umm...

      From Skype's Terms of Service [skype.com]
      8.1
      Further, as stated in the Privacy Policy, Skype and/or its local partners may need to provide such data to designated competent authorities upon request, or may need to enter into further activities due to local regulations, for example with regard to the interception of communications, if requested by such authorities.
      So, if you're using Skype for the privacy features, dump it and switch to SpeakFreely. Skype CAN wiretap you and never said that it wouldn't.
  • by Ckwop ( 707653 ) * on Friday August 12, 2005 @04:29AM (#13302081) Homepage

    The article claims that the new law will also make computer systems more vulnerable to hackers, according to some digital privacy and civil liberties groups.

    Oh it's a whole metric-fuckton worse than that. The problem the FCC, FBI (insert your favourite alphabet agency here) is that they make the assumption that the criminals that will be using VOIP will COMPLY with FCC.

    Voice/IP isn't like traditional the traditional telephone system at all. I can't install my own private telephone network with encrypted lines but with V/IP this is fairly easy to achieve. What's worse, what criminal is really going to open up their private P2P telephone so the government can tap them?

    So the measure has absolutely no effect on our ability to catch criminals. Instead we subject the communication of ordinary law abiding citizens to the possibility of them having their perfectly legitimate conversations compromised, be it by a l33t|st or corupt police officers alike.

    Simon.

    • by MattWhitworth ( 858990 ) <{moc.liamg} {ta} {htrowtihwm}> on Friday August 12, 2005 @04:40AM (#13302107)

      Agreed. If you've got something big to plan, you don't use an unsecured public medium (criminals and terrrorists have learnt that it's possible to track down your position from a mobile phone call. A Chechen leader was assasinated in this way, and it's how the Madrid bombers were traced).

      How does the FCC think it will be able to tap an 128-bit RSA-encrypted private protocol? It can't, and the overwhelming majority of phone taps will be of law-abiding citizens. But that's the way the world works. Just look at DRM

      In short, terrorists/criminals/enemies of the state aren't stupid.

      • If you've got something big to plan, you plainly *do* use an unsecured public medium. You admit yourself that a Chechen leader was assassinated this way, and it's how the Madrid bombers were traced.
        Most criminals aren't IT experts. If they were all that clever, they would have regular well-paid jobs and wouldn't need to turn to a life of crime.
        • If you've got something big to plan, you plainly *do* use an unsecured public medium. You admit yourself that a Chechen leader was assassinated this way, and it's how the Madrid bombers were traced.

          That's not a case of they *do*. It's a case of they *did*. The others, assuming they aren't stupid, have probably wised up by now.

          Most criminals aren't IT experts. If they were all that clever, they would have regular well-paid jobs and wouldn't need to turn to a life of crime.

          Did the directors of Enron need

        • So we'll just Darwin out all the stupid terrorists and assassins.

          Sounds like a plan to me. A fucking stupid one.

          People are always going to have untappable means of communication. Untappable because they actually cannot be tapped (Strong encryption, people carrying messages by hand.) or just that no one can find out where they are. (Calls between two disposible cell phones, message drops.)

          Tapping phones works fine for catching normal criminals. That's because if you know who a criminal is, you can just fo

      • But you kind of proved the other point with your examples don't you think?

        We keep saying that real criminals wouldn't do this, but somehow they seem to keep doing it. So I suppose we can catch the stupid criminals, and the ones we want to frame.
    • Cyberstalkers... (Score:5, Interesting)

      by Travoltus ( 110240 ) on Friday August 12, 2005 @04:41AM (#13302111) Journal
      Isn't that the same CALEA law that also forces router/NIC makers to install FBI backdoors (which can also be compromised by hackers)?

      I see a big market soon for do-it-yourself NICs and PC routers...
    • by Motherfucking Shit ( 636021 ) on Friday August 12, 2005 @05:11AM (#13302203) Journal
      Oh it's a whole metric-fuckton worse than that. The problem the FCC, FBI (insert your favourite alphabet agency here) is that they make the assumption that the criminals that will be using VOIP will COMPLY with FCC.
      And it gets worse yet. Essentially, all "anti-terrorism," "anti-drug," etc. laws are useless for the purpose for which they're supposedly enacted. Terrorists, drug dealers, and other criminals are, by their very nature, breaking the law. Making their tangential activities (like communicating, meeting, transferring funds...) illegal isn't going to stop them!

      In short, attempts to legislate terrorism out of existance are doomed from the start and should be suspect. You can damned well bet that lawmakers are smart enough to know that these laws aren't going to do anything to stop the Bogeyman of the day. They're being passed as "feel good" measures at best, and as attempts to control the law-abiding population at worse.

      Making it illegal to carry cigarette lighters onto airplanes doesn't stop a terrorist; a terrorist would find a way to bring an incendiary onboard anyway. Making it illegal to have an untappable VoIP connection doesn't stop a terrorist, either; a terrorist would just setup stunnel or pgpFone end-to-end and chat away.

      Sigh. Someday, the United States Congress will be comprised of people who grew up understanding technology...
      • by andreMA ( 643885 ) on Friday August 12, 2005 @05:24AM (#13302232)
        Someday, the United States Congress will be comprised of people who grew up understanding technology
        Don't bet the farm on that.
        • And if by the time the reach office they will be already be behind the current state of technology and will still not be making fully informed decisions regarding that technology.
        • Interesting... Once again, we have a parallel to gun control here. I would assume from the conversation that all parent posts to this would also agree that just as this tangential law won't stop a criminal from communicating, nor will a given gun-ban stop a criminal from obtaining and using an illegal firearm. If you outlaw encrypted VOIP, only criminals will have encrypted VOIP. And the rest of us are screwed.
          • They'll take my encrypted VOIP when they pry it from my cold dead hands.
        • Don't bet the farm on that.

          Very true. It's not like most families that raise 'Political' children try to also teach them technology.

          Those children are shown how to use human resources to use people and technology.

          Being a politician mostly involves high skills in using other people to accomplish tasks and do the 'understanding' for the politician. That is pretty much the opposite of learning how to understand technology themselves.
        • Yeah because Orin Hatch will NEVER FREAKING DIE! ;)
      • Sigh. Someday, the United States Congress will be comprised of people who grew up understanding technology...

        Um, didn't you already answer to this when you said "You can damned well bet that lawmakers are smart enough to know that these laws aren't going to do anything to stop the Bogeyman of the day. They're being passed as "feel good" measures at best, and as attempts to control the law-abiding population at worse." If your congress will get better technical know-how, they will simply become better at

    • by Anonymous Coward
      whole metric-fuckton
      This is why I love slashdot while it's still night-time in America. The quality of the profanity is so much higher when left to the Brits.
    • > The problem the FCC, FBI (insert your favourite alphabet agency here) is that
      > they make the assumption that the criminals that will be using VOIP will COMPLY
      > with FCC.

      No, they're relying on the fact that if you have the ability to wiretap data conveyed by companies which provide internet access but not ordinary phone calls then you can keep tabs on criminals who are using VOIP using that company.

      > So the measure has absolutely no effect on our ability to catch criminals.

      Wrong - every last by
    • > they make the assumption that the criminals that
      > will be using VOIP will COMPLY with FCC

      I'm confused. Don't all criminals obey the law?
    • Right, but you want to force them to at least build their own p2p network. Yeah, it doesn't catch the big guys, but imagine if having a secure line, free from tapping by the FCC/FBI/whatever was as easy as calling up Vonage/Skype? Every 2 bit criminal and their mother would have 'secure' lines.
    • Not to mention that in large part, mainstream VoIP is nothing but a last mile technology. The call still lands on a public switch near you.

      In my case I use Vonage. They make the IP connection to PaeTec's switch in my city and from there the call hits the PSTN. I used that very scenario to push the local PUC into forcing Verizon to port my number faster because it was in fact a regulated to regulate port.

      I've confirmed all of my suspicions with both Vonage, PaeTec and Verizon folks that I know and sure
      • Listening in via the 5ESS switch is a 'feature'. Literally a BRCS (Business and Residential Custom Service) feature. It's just not well documented, and in fact, is not normally taught to switch techs. But, it's just a variant of 3WC (Three Way Calling).

        As to VOIP tap-ins, well, the government would rather you use VOIP since it's much easier to collect.

    • >absolutely no effect on our ability to catch criminals

      Criminals smart enough to do things we consider obvious will escape capture by CALEA. No question there.

      If most criminals were smart, then we'd catch even fewer of them than we do now. The whole system is geared toward finding and prosecuting dumb criminals.
    • Voice/IP isn't like traditional the traditional telephone system at all. I can't install my own private telephone network with encrypted lines but with V/IP this is fairly easy to achieve.
      It's always been easy to achieve, provided you had a computer at each end. Remember PGPFone [pgpi.org]?
  • by mikeophile ( 647318 ) on Friday August 12, 2005 @04:39AM (#13302103)
    If they want to tap VoIP, they should have to hack it like everyone else.

  • Sounds fine to me (Score:3, Interesting)

    by domipheus ( 751857 ) * on Friday August 12, 2005 @04:42AM (#13302115)
    I don't mind phone tapping at all - as long is there is cause for it's need. However as stated in another posting it is kinda stupid, as if people want to communicate over the net for dodgy dealings, they are certainly not going to use one of the mainstream (or indeed, any) VOIP provider.

    If only the UK was able to procecute criminals based on phone tapping, currently it's not allowed (hears gasps of shock).
    • > If only the UK was able to procecute criminals based on phone tapping,
      > currently it's not allowed (hears gasps of shock).

      That's a misleading statement. The police use phone taps all the time as a tool to see who's talking to who, and what they're saying. Then they mount surveillance, arrest people, get them to grass people up or work out the best time to catch people. What you're probably referring to is that you can't use a transcript or tape of a phone call in court as evidence. Usually, howeve
    • The standard operating procedure for this will be: Tap first, invent a need later. If no need can be invented, deny the tap. If people start investigating your tapping, tap them as they are obviously threats to government authority.
  • Legal consequences? (Score:2, Interesting)

    by soma_0806 ( 893202 )

    I can't help but wonder what will happen when someone uses one of these "mandated" security weak points to impair service from one of the larger providers, like Vonage. If the government was warned that it would be a likely outcome of their new law, are they liable for the damages?

    Even worse, sniffable (tapable, whatever) by the government means sniffable by a lot of far more clever black-hats. Who is liable for the damages incurred by identity theft? Or are we just never supposed to order anything ove

  • The announcemnt [fcc.gov] came last week. its a .pdf
  • This is not as bad as it seems.

    As far as Vonage or Packet8 are concerned they will have easier time implementing this then incumbents. It is dead easy to do this with SIP. All that is necessary is to make the SIP server reply with a different voice endpoint to all SIP invites from persons who are under surveilance. As a result the "snooping" equipment is separate and does not encumber primary network infrastructure.

    As far as Skype is concerned I could not care less. It will be dead by that time. Same as Kaz
  • Or what? (Score:5, Insightful)

    by el_womble ( 779715 ) on Friday August 12, 2005 @04:47AM (#13302133) Homepage
    Dear Skype, We, the FCC, require you, a British company, to comply with American laws. If you don't we'll... say Ni! in your general direction. Your Friends The FCC Seriously, they're already giving away free phone calls, and free software from a foriegn country, using foreign servers. The best the FCC can hope for is that they put a line on their download page: Dear American, please don't download our software cause it will upset the FCC and the Feds. Failure to comply will mean that those in charge will think you are a terrorist. You don't want people to think your a terrosit do you? Vonage... well they're pretending to be a phone company, so they might have some luck.
    • Or they could do what they did with the IndyMedia Servers hosted in the UK...
    • Dear Skype, We, the FCC, require you, a British company, to comply with American laws. If you don't we'll...

      Get a court injunction preventing you from doing any and all business in the US and it's territories.

      well they're pretending to be a phone company, so they might have some luck.

      If they're going to be a phone company, they have to follow all the phone company regulations.
    • Dear Skype, We, the FCC, require you, a British company, to comply with American laws.

      It doesn't matter where your company is, you're very intentionally doing business with US Citizens. You've subjected yourself to US Jurisdiction. If you don't like it, don't do business here.
      • They're not exactly doing business in the US, so much as letting US citizens import their software freely. If the US can figure out a way of imposing an import restriction on internet traffic for a particular item of software, they wouldn't need to have the wire tapping restriction, they could just block all the packets marked "terrorist".

        Now clearly IANAL, but the only thing the FCC can do is prevent the wholesale of phone minutes and numbers to foreign companies, forcing companies like Skype to set up US
      • If the US (the country that most often seems to come up in this sort of thing) doesn't like something in its country, it should stop it at the border. The US has become drunk with power, to the point where it extrodites foreign citizens for commiting crimes on foreign soil, if they have so much as a relation to the US. For example, this story. [vancouver.cbc.ca] This has to end at some point before the US rules the world.
        • From the story you cite:

          Benson says Emery has sold $3 million worth of seeds - mostly to the U.S.

          You sell stuff to people in the U.S. you're subject to jurisdiction in the U.S. regarding those sales.

          Also, the raid on the guys home was authorized by a Canadian judge and carried by Canadian authorities.
          • If the US doesn't want these things in their country, then they are free to stop them at the border and arrest the people who ordered them. My guess is there was some sort of warning along the lines of "this may be illegal in your jurisdiction", so I fail to see how Emery is responsible. Furthermore, I think it's disgraceful that the Canadian authorities responded to arm-twisting by the Americans on this case.
    • Since when is Skype a British company? It is based in Luxembourg and has offices in Tallinn (Estonia) and London. It's founders are a Swede and a Dane.
  • by mrRay720 ( 874710 ) on Friday August 12, 2005 @04:51AM (#13302142)
    I mean, they'll never find a way around this, right?

    All I can say is thank god that the technology doesn't exist to communicate over voice outside of the phone and VoIP channels.

    You know, if anyone ever figures out how to do direct PC-to-PC voice service, or if an IM service such as Yahoo ever include voice in their client, we'll all be doomed!

    Wait a minute... they could be emailing each other right now! They could be talking to each other on IRC right now, or in a chat room, or through Yahoo messenger, or through MSN messenger, or through....

    Yikes. I never realised how much danger we are all in. SOMEONE BLOW UP THE INTERNET NOW!!!!!!1!!!1oneone
    • Your point is so true. Of course providing a wiretap service through VoIP is a waste of money. Actually, it is more likely to provide malicious hackers with private info of the good guys, than it is going to help intelligence catch the bad guys. (For example, eavedropping random phone conversations is relatively easy access to credit card numbers.) Meanwhile, terrorists could use onion routing/tor networks to communicate virtually untraceble.

      The only way to tap on *every* conversation is to kindly ask *ever
  • by plasmacutter ( 901737 ) on Friday August 12, 2005 @04:53AM (#13302148)
    The FCC just reclassified broadband as an "information service".

    Calea is supposed to apply to telecom.

    I sense some cognitive dissonance here, or maybe a simple hyppocritical abuse of power?

    BTW.. calea is not a new law, and the rule itself is not a "law" it's a regulation. There are subtle differences.
  • that they didn't do this already in other closed-source programs? It is known that Microsoft Windows has them...
  • Some hacker will graft PGP-style encryption onto SIP. You will simply send your public key in the headers -- it's called Session Initiation Protocol for a reason don'tcha know -- and the far end will encrypt against it. If anybody is listening in, they won't be able to decrypt it. Even better, you wait for sometime after the information has lost its value and publish the private key. Now nobody can even prove you really were the intended recipient.

    All the tools required to do this are already availabl
    • erm... man-in-the-middle? You'd probably want to exchange keys before the session, preferably by some other (secure) means...
      • If the man in the middle manages to get both public keys, he still can't decrypt either side of the conversation. You need the private keys for that. That's how public key encryption like PGP works. The public key allows you to encrypt a message that can only be decrypted by the private key.
        • I do believe the parent meant man-in-the-middle INTERCEPT rather than SNIFF.

          If Alice and Bob are trying to communicate securely, and need to exchange keys, Alice can't simply send the key to Bob, cos Trudy can intercept it, and send out a DIFFERENT key to Bob, who is then replying to Trudy not Alice. Unless Bob knows that the key he received was indeed sent by Alice, the whole system just went out the door.
  • Could skype make a version that is only available in the US and is tappable ? There's no reason when I call here from Australia to some other Non-US country that the us feds should be listening to me. For years we've had NONUS sections in debian etc... This shouldn't be any different ?
  • I personally do want the internet to be a safe haven for criminals. Think of all of the people you know. How many of them are not criminals?
  • by Evil W1zard ( 832703 ) on Friday August 12, 2005 @06:10AM (#13302364) Journal
    Correct me if I'm wrong but aren't there simple commercial products like Niksun Netdetector that can simply reconstruct VOIP traffic from an Ethereal dump collected by simply by snooping the wire? Is this calling for new technology to collect the traffic or is this saying we want the magic black boxes at every provider to provide an instant tap anytime/anywhere...
  • It's time for a decentralized Open Source solution, with open standards. Let's let the FCC try to impose wire tapping requirements on this.
    • It's time for a decentralized Open Source solution, with open standards. Let's let the FCC try to impose wire tapping requirements on this.

      Right on!

      -kgj
    • Didn't they revoke the common carrier status for ISP's?

      With that in mind, the FCC could just force ISP's to block any non-compliant solutions that crop up, regardless of wether they are closed or open sourced.
  • Idiots (Score:5, Informative)

    by pavera ( 320634 ) on Friday August 12, 2005 @06:46AM (#13302480) Homepage Journal
    Sometimes I'm happy that the ACLU et al are looking out for me, sometimes they pick the wrong fight. This is exactly one of them. Oh, packet 8 and vonage have 18 months to allow wire tapping? Guess what guys, they already have it. Vonage uses Silantro, its had calea support for at least the last 3 years. Broadworks (the Broadsoft softswitch) has calea as well. The large softswitch vendors all already support it, I think Asterisk even might (although I'm not sure). These things aren't going to make the "Internet more vulnerable to hackers".

    Has the ACLU setup CALEA on these systems? I highly doubt it, but I have. At least with broadsoft it is a trivial matter to keep the softswitch entirely firewalled off the internet that unless someone finds a buffer overflow in the sip protocol or rtp protocol that the system is using there is no opportunity for a hacker to get in.

    Furthermore, the system supporting CALEA doesn't increase the risk.. IE if someone hacks the SIP protocol stack on a softswitch and takes control of it, well who cares if the box supports CALEA they just got access to all the phonecalls going through that box.

    Do you really thing that up til now the FBI et al has had no power to wire tap a VoIP phone? That more than 5 million people in the US are totally able to break whatever law they want (wire fraud, telemarketing scams, plan bank robberies, etc) notice I didn't mention terrorism, just because they have Vonage? Right.
  • Wouldn't the solution be to use phones implementing a PGP or
    similar solution with the key input by the enduser? Of course
    that would cost money and be opposed by the government, but
    you would think the market could provide such equipment for
    those who feel they need/want it

  • I really hope one of those companies tells the Fed to take a hike. If they try to prosecute, they can take it all the way to the Supreme Court and hopefully get some justice there.

There is no opinion so absurd that some philosopher will not express it. -- Marcus Tullius Cicero, "Ad familiares"

Working...