VOIP Tappings Under Scrutiny

dynooomite writes "CNN.com is reporting that Privacy groups have asked an appellate court to overturn an FCC rule that allows for phone-taps on VOIP calls. The privacy groups made their case saying taps would seriously hinder innovation on the web."

Encryption?

[GreyWolf3000]

If I choose to encrypt my VOIP traffic using some sort of TLS, would such a ruling allow the FCC to force me to give them my encryption key?

Re:Encryption?

[Anonymous Cowpat]

it already does it Britain (not to the FCC, obviously)

Re:Encryption?

[Anonymous Coward]

Yeah, if only an agency existed that could intercept and decrypt encrypted communication....

too bad there's No Such Agency.

Re:Encryption?

[MaceyHW]

The rule applies to VoIP providers such as Vonage that use a central telephone company to complete Internet calls. It also applies to cable and phone companies that provide broadband services. The companies must comply by May 2007.

Apparently not. I think the really interesting issue there is would be third party companies that were to provide certificate services for ad hoc encryption be subject to the requirement

The real question is...

[2names]

if you encrypt your traffic and the FCC or some other Govt agency attempts/succeeds in breaking your encryption, could it ("they") be found guilty under the DMCA?

Re:The real question is...

[LilGuy]

Very unlikely. Often times the ones who enforce the rules don't abide by them. Especially in this day and age when anyone can be considered a "national security risk". That's the only excuse they'd have to barf up to weasle out of any litigation.

Re:The real question is...

[Mac Degger]

I agree with your sentiment that in the current administration, this is a very dangerous development, I'd say a land grab, really.

However, here at /. and elsewhere, we're always bitching about new laws being drafted to cover stuff which happens on the 'net, when there are perfectly sane and established ones which would cover the case. And here's just a situation like that, only the other way 'round. Wire-tapping is (if there is oversight to prevent abuse, checks and balances etc) something which law-enforce

Re:The real question is...

[Sloppy]

DMCA contains an exemption for Law Enforcement. [cornell.edu]

IANAL, but I play one on tv...

[TiggertheMad]

if you encrypt your traffic and the FCC or some other Govt agency attempts/succeeds in breaking your encryption, could it ("they") be found guilty under the DMCA?

Yes, but you would only be allowed to take posession of all the Brittiny Spears mp3s that they have on their hard drives.

Re:The real question is...

[timeOday]

if you encrypt your traffic and the FCC or some other Govt agency attempts/succeeds in breaking your encryption, could it ("they") be found guilty under the DMCA?

Uh huh. Right after a cop gives you a speeding ticket, and you issue him one for catching up to pull you over. Good luck with that.

How is the parent a troll?

[2names]

I thought you made a good point.

Re:Encryption?

[Sloppy]

Well, if we copy the UK law, then the way it will work is that you'll be forced to hand over your key, but you will also be prohibited from informing yourself that you did so. So if men in black ever show up and demand your key, be sure you don't suddenly change your behavior, or else they'll accuse you of tipping yourself off, and then you'll be held in contempt of court.

Re:Encryption?

[Dwonis]

If the men in black show up, they'll just "flashy-thing" you once you're done.

Re:Encryption?

[Jason Pollock]

If you use a private codec, you aren't going to be interconnecting with the PSTN. If you aren't interconnecting with the PSTN, you aren't covered by the wire tap rule.

They don't care if you and your friend Jeff write your own codec and use that.

Taps on VOIP?

[tyroney]

If the taps are on VOIP, what concern is it of the web? Slippery slopes don't count. Or is it possible to tap only VOIP, leaving other traffic alone?

Re:Taps on VOIP?

[bypedd]

"The whole process of innovation on the Internet would be seriously damaged..."

That does seem a little overemphasized. I think the taps on VoIP does raise (again) the concern of what is the FCC's business. If I should at my neighbor over my fence, do I have to do it in such a way that is compliant with FCC's regulations? What if we decide to use tin cans connected with a string? When does it fall inside the FCC's four flags?

Furthermore, May 2007 isn't very far away for system-wide changes. So then it com

Re:Taps on VOIP?

[ucahg]

VoIP is the web, in a way. It's just a different protocol. If you read the SIP standards, they are very much like instant messaging standards, so can the FCC tap instant messages too? And it's not that different from normal HTTP either, ultimately, so can they tap that? At what point is it under their juridiction? If you are continuously sending packets of voice? What about sending an entire recording at once? How is it different?

These are the questions that I believe were behind the point that it will ruin innovation.

Huh?

[HebrewToYou]

From TFA:

To meet the rule's requirements, Internet call providers would have to rewire networks at great cost, Morris said. In addition, there is fear the rule would stifle development of new technologies by placing more regulatory burdens on innovators.

Can someone explain to me (a) why they would have to rewire these networks and (b) how this would stifle the development of new technology? I must be dense...

Re:Huh?

[kannibal_klown]

Can someone explain to me (a) why they would have to rewire these networks and (b) how this would stifle the development of new technology? I must be dense...

Well, I'm just guessing, perhaps they don't mean to physically re-wire the networks but completely change the data flow.

For example, it's highly probable that for privacy concerns they specifically set everything up so nobody in the home office can listen in on any calls. It makes sense, as in case of a security audit they can say "we don't have

Re:Huh?

[temojen]

They'd need access to everyone's keys.

Or just the public key of law enforcement agency x and provisions so that any endpoint being tapped can flip a switch (invisible to the end user) and start transmitting all data to the wiretap server.

Re:Huh?

[P3NIS_CLEAVER]

Why not just tap into the phone/dsl/cable line near the house that is under survailence?

Re:Huh?

[kannibal_klown]

True, but they don't do that too often anymore unless there's no other choice. There's too much chance for it to be found or heard (clicks).

Also, it's a lot of work for a non-priority case. Sure a mob case or terror case is one thing, but all the others?

Most of their taps now-a-days are just getting the telcos to allow them to tap their conversations remotely. They want to maintain it for VoIP.

Re:Huh?

[temojen]

RTP and H.323 communications that do not have a PSTN endpoint are routed point to point. Wiretapping would require them to be routed through or multicasted to a central wiretap server (at least the ones that are being tapped).

Re:Huh?

[HebrewToYou]

Thanks, temojen.

That clears up my first question, but what about that innovation stifling bit?
Sensationalism on the part of Privacy Pundits and Mass Media?

Re:Huh?

[csirac]

I believe the concern is they have to "upgrade" to specific software or equipment. Not sure if they have an FCC approved wiretap patch for Asterisk...

Re:Dupe

[Tetch]

> Dupe! At least the stories didn't appear on the same page

Yes they did - at least they did for me - they're on the same front page as I write this.

That's some pretty dismal editing :(

Weasel words, Ho!

[AKAImBatman]

The privacy groups made their case saying taps would seriously hinder innovation on the web.

Can we STOP using that word? This is getting worse than "Synergy"! If you have a point, try to quantify it in a reasonable manner. For example, "Tapping VOIP would drive up costs, thus resulting in slower adoption in an otherwise emerging market."

"Innovation" is nothing more than a weasel word that get bandied about everytime someone wants to argue against something, but has no argument prepared.

So, for the sake of the Children, everything Holy, and the nerves of all of us in the tech industry, please STOP USING THAT WORD as a defense. Thank you, have a nice day.

Re:Weasel words, Ho!

[fshalor]

Ohoh... we're (a campus) actually looking at rolling out an inhouse VOIP solution to save us money over the pots system.

The new policy is " for every network drop, put in a phone line" (so cat-5 and cat-3 ran to every wall box) and "for every phone line ran, run a network drop". (same) And this is now (increased) to , two cat-5's and one cat-3 per box.

The thing is, we have so much internal bandwidth that there's no sense paying for the phones they way we are. I mean, for the price of three phone lines per m

Re:Weasel words, Ho!

[Krach42]

Your not wanting me to use the word "innovation" is stifling my innovative use of the word innovation!

Re:Weasel words, Ho!

[Control Group]

1.8026175 × 10^12 furlongs per fortnight

c?

Re:Weasel words, Ho!

[Krach42]

First person to comment on it. Yep, it's c

Stop using "stop using"!

[HTH NE1]

OK, so we have innovation [slashdot.org] , indeed [slashdot.org], intuitive [slashdot.org], copy protection [slashdot.org], boxen [slashdot.org], turbo [slashdot.org], cyber [slashdot.org], and FLOSS [slashdot.org],

Got any other words, phrases, or acronyms we should stop using?

Re:Stop using "stop using"!

[AKAImBatman]

Indeed. Turbo-boxen protected by intuitive use of TCPA copy protetion would make for an innovative new FLOSS cyber-platform. Just think of the synergy that could be harnessed through such strategic mergers of technology! :-P

Seriously, it's all about context. My humorous post was intended to point out the outright abuse of the term "innovation". It's fine when someone uses it as, "innovations like the new O(1) search method are changing the face of database technology." It's not okay when every yahoo (especi

Re:Stop using "stop using"!

[HTH NE1]

Sorry, it's just that "stop using the word..." is looking like it could become the next troll meme.

"First you tell me *what* innovation you're speaking of, and then we'll find a way not to stifle it."

If I knew what my innovations would be in advance, they wouldn't be innovative.

Will my high-latency VOIP by tamper-evident avian carriers have to be trained to fly to a special government office for inspection before they are allowed to reach their intended destination?

Re:Weasel words, Ho!

[ScrewMaster]

I agree, and may we add two additional weasel words, "rampant" and "piracy" to the list?

Thanks.

Read it again

[dr_dank]

For the very first time [slashdot.org].

Re:Read it again

[UOZaphod]

I don't like this special edition.

In the original, the FCC shot first.

Yes please

[dzafez]

Yes, everyone saying people in the EU are less free then those in the USA might please post here, after RTFA. After Posting your humble opinion, you may want to reconsider searching for more information about the wiretapping in Europe.

Thank you. I would be pleased to see some people to stop spamming /. with this topic over and over again with this stupid topic.

The facts here are simple

[Work Account]

To "sit on a wire" anywhere you should need a probable cause and a warrant.

Anyone without this is simply hacking, which is illegal.

Re:The facts here are simple

[DrJimbo]

To "sit on a wire" anywhere you should need a probable cause and a warrant.

If by should, you mean in a ideal world, or at least in a world more ideal than ours, then I fully agree with you that such things should be needed. Unfortunately they are not, unless the Patriot Act was recently repealed and no one told me.

Re:The facts here are simple

[Rydia]

Still need a warrant from a federal judge, albeit in some cases a secret one. If you don't have one, you can go for the immediacy excuse, but then you have to explain later or get slapped. Federal Judges aren't monkeys, you know.

Re:The facts here are simple

[DrJimbo]

A Google("patriot act" wiretap warrant) led to this page [epic.org], which says:

The Foreign Intelligence Surveillance Act (FISA) regulates the FBI's collection of "foreign intelligence" information for intelligence purposes. Under the Fourth Amendment, a Title III warrant to intercept a communication must be based on probable cause to believe that a crime has been or is being committed. This is not the general rule under FISA: surveillance under FISA is permitted based on a finding of probable cause that the surve

Re:The facts here are simple

[susano_otter]

Successful bank robbers are successful in part because they are careful to do their planning and preparation in ways that don't support the belief that criminal activity is occuring. That is, they game the system to ensure that the people charged with stopping them have no legal justification for doing so.

One question worth asking here is, is it beneficial to our society to give up earlier and more effective prevention of bank robberies in exchange for greater privacy and freedom for law-abiding citizens?

T

Re:The facts here are simple

[DrJimbo]

I couldn't disagree with you more.

First, I can't believe that you really believe your facile, Hollywood fairy tale of the crafty bank robber. We have bank robbers in the region where I live. They are usually poor and desperate. The successful ones use a gun and a mask and a getaway vehicle. They aren't gaming any system.

Second, I know for sure that the people who championed the Patriot Act are the same people who now want to subvert the overwhelming will of the American people and legalize torture [cnn.com]

Re:The facts here are simple

[susano_otter]

You're assuming that the liberties being given up are "essential" in the sense that Franklin used the term.

Do you have anything better than CNN to offer, in support of this assumption? It's obvious that Franklin didn't consider all liberties to be essential, since the government he endorsed certainly curtailed quite a few.

Re:The facts here are simple

[dpmapping]

To "sit on a wire" anywhere you should need a probable cause and a warrant.

Does that mean the birds sitting on the wire outside my window are actually "Police Birds" and are merely carrying out surveillance of my telephone usage? Should I ask them for their warrant?

As it is cold, should I use the phone more to send more current down the wires to warm their little feet up?

I think we should be told these secrets.....

What type of lawsuit?

[ryturner]

How do you file a lawsuit on the grounds that it will "seriously hinder innovation on the web"? It is not illegal to have a stupid rule. Maybe someone with more legal knowledge can clarify this for me.

Re:What type of lawsuit?

[E-Rock]

No, stupid rules aren't illegal, but stuipd rules that will cause harm can be blocked. I didn't RTFA, but you can get an injunction that either prevents the stupid rule from being enforced or invalidates the rule altogether.

Speaking of Stupid Rules....

[pr0t0]

Didn't the FCC just recently win the Brand-X case in the Supreme Court arguing that broadband was an information service and not a telecommunications service, therefore broadband providers were not considered common carriers and under no obligation to "open up" their lines to competitors?

Doesn't it seem at least on the surface, if not directly, contradictory for this agency to have any discussion regarding wiretapping as far as VOIP goes? Doesn't wiretapping only happen on communication services? Doesn't th

Re:What type of lawsuit?

[MaceyHW]

IANAL, but judging by the similar pattern of events with the "broadcast flag" it has to do with the fact that this is a regulation created by the FCC, not a law passed by Congress. FCC decisions can be challenged in court because the FCC has a specific, limited mandate and you can argue that it has exceeded it's authority.

Also, the "seriously hinder innovation" line is most likely a rhetorical tool more than the actual central legal argument of the case

Whenever I hear duping...

[aicrules]

I know my voip is wire tapped. I think CmdrTaco has a loopback on his dupe machine.

Innovation?

[P3NIS_CLEAVER]

What does innovation have to do with it? Aren't our constitutional rights more important than if companies can make money off something?

Re:Innovation?

[millennial]

You know, I'd be more inclined to agree with you if your name didn't imply grievous bodily harm.

Re:Innovation?

[keraneuology]

According to US Senator John McCain, R-AZ, no, money is more important that Constitutional rights.

"There's only one thing more important than money _ and that's lives" [washingtonpost.com]

Quoted in the Washington Post, 10/20/05 in an article about a $3 billion dollar federal subsidy to ensure that the poor in this country can afford digital television. (There ain't enough money for bread, but there's enough for Beavis and Butthead).

A request for clarification to Sen. McCain's office was ignored. Other Senators refused to

It's not possible

[MoogMan]

Well, if they had any fucking sense, they'd realise it wasn't possible. You can still (In the SIP/SDP case) send an arbitrary codec description over a call. The actual call is point-to-point.

Even taking into consideration the possibility of codec recognition and denying calls based on a restricted set of codecs, you could just place a "signature signal" at the start of the call - something relatively inaudible to the human ear - that triggers encryption etc. Maybe in the same way as Amateur Radioers have a blip at the start/end of speech.

Re:It's not possible

[garver]

If it's law, it'll be made possible. It'll be engineered that way by the law abiding and in this case, anyone that wants to make money from VoIP falls into the "law abiding" category. I'm talking about service providers, equipment manufacturers, and software vendors. Given the choice of breaking the law and protecting what should be your right to privacy, you'll lose.

I think what you're referring to are those that don't care about making money. Call them the "VoIP underground." But its worse than that.

Re:It's not possible

[radionerd]

"Maybe in the same way as Amateur Radioers have a blip at the start/end of speech."

What blip would that be? Amateur Radio rules forbid encryption. Some Amateur radio repeater systems insert "beeps" to signal the end of transmissions, but generally serve no real purpose other than entertaining the system users. I've only been an active ham radio opperator for about 28 years, so as a newbie, I may simply have never have heard of these blips. Maybe you were thinking of that other service, Childrens Band, they

CALEA is worse than you think

[jesup]

CALEA requires that the tap be undetectable, and able to set up effectively by flipping a virtual switch. Since RTP in VoIP can be point-to-point (i.e. untappable), and since tapping by routing a call through a proxy that could record the packets would be detectable (given a network sniffer), VoIP providers would have to route ALL calls through proxies just in case they might have to tap them. Realize they already had the power to ask for a subpoena for a tap, but that VoIP providers didn't have to engine

s/allow/require/

[frankie]

Aside from being a dupe, this submission is worded horribly. The FCC ruling does not allow VOIP-tapping; that's already allowed under standard warrant laws. The ruling is that VOIP providers should be required to make it just as easy to tap a VOIP call as it is to tap a land or cell call, by hooking into the phone company trunk. Given the wandering nature of internet packets, it would be intrusive, expensive, and possibly infeasible to add to an existing system.

Re:s/allow/require/

[P3NIS_CLEAVER]

Hence the talk about innovation. I guess implementing these taps would be very expensive- don't tell me I should of RTFA!

Re:s/allow/require/

[moviepig.com]

The ruling is that VOIP providers should be required to make it just as easy to tap a VOIP call as it is to tap a land or cell call.

"While I nodded, nearly napping, suddenly there came a tapping..." - E. A. Poe

Is it naive to suppose that serious miscreants know how to evade eavesdroppers?

Re:s/allow/require/

[kharchenko]

You'd think so, but then we've read about anyone from real terrorists [hawaiireporter.com] to CIA operatives [nwsource.com] get nabbed through tracking plain ol' cell phones!

fail to see the big deal

[chinadrum]

I really fail to see the big deal. They wiretap analog phone lines now. This is just tapping digital lines. Whoopdie do, now they have to be able to send a call's packets to a second place to be listened to. They have control over their routing and should already be able to tell which customer data is coming from. Implimenting something that can sort and redirect seems pretty small. Isn't this part of what carnivore did anyway with all other data from a user?

Re:fail to see the big deal

[Detritus]

Think of it like banning any car that can go faster than 75 mph, because police cars have a maximum speed of 85 mph. They want to cripple and dictate the designs of data networks in order to make the life of a wiretapper easier. Since it was relatively easy to tap analog phone lines, they think they are entitled to similar ease-of-use in tapping digital voice and data networks.

Other "VOIP" sources?

[jtroutman]

I'm wondering if this could affect other ways that voice communications get transmitted over the internet. Could they force tapping of voice transmissions over IM? How about conversations on Xbox Live? There are many ways other than Skype, Vonage, etc. to communicate with voice over the internet, would this affect all of them?

And yeah, I could go find the original posting to see if someone already answered this, but I'm here now, so...

Easy workaround

[dtfinch]

Use open source secure VOIP software, preferably developed outside the US. If it doesn't go through a service provider, and it's encrypted, they won't succeed in tapping it without first hacking one of the endpoints, no matter what outrageous laws the FCC takes upon itself to pass.

policy makers lack of understanding

[ChrisGilliard]

Articles like this show that the people making laws do not understand what their talking about. It's very easy to encrypt your data (including voice conversations). If the US decides that all VOIP should be tapable/unencrypted, the bad guys can use a service based in a foreign country that doesn't force phone taps. They can then communicate. Or better yet, they can develop their own software to encrypt phone calls and would anyone notice? No way, it would just sounds like static or something. Sorry guys, but there's no way to block people from encrypting stuff and keeping their keys locked safely in their own possession. Unless of course, you make encryption illegal, which would be difficult to do, because the privacy hounds would never let something like that happen.

Encryption laws are sneaking in

[bitkari]

Unless of course, you make encryption illegal, which would be difficult to do, because the privacy hounds would never let something like that happen.

You'd think so, eh?

Unfortunately in the UK the police already have powers to demand that you hand over your keys/passwords to any encrypted data. Under the Regulation of Investigatory Powers bill [parliament.uk] the UK government can demand that you to hand over your encryption keys to the police.

Laws like these are getting slipped through very easily, with little counter from

Re:

[account_deleted]

Comment removed based on user account deletion

They can tap my line...

[Juanaplain]

because they'd only hear every 10th word out of my mouth. Comcast Cable can't seem to guarantee me enough upload bandwidth to... decent... VoIP... bullsh... back to... fu...ng analog!

Re:They can tap my line...

[tom vendetta]

I ahead

Finally at home.

[tom vendetta]

finally boots up. Sorry about that post above, was at work, were to poor to afford anything faster than 28kbs. Anyway, as i was saying.... They can tap my line, as far as I care they can go and tap the damn thing cause they would only hear every 23 words I say. Once again, feel to hack me.

Time for a change

[QuantumG]

I believe it was US Secretary of State Henry Stimson who said "Gentlemen don't read each other's mail."

Don't let VOIP be outlawed over stupidity.

[SeaFox]

Yesterday we had a story about VoIP wiretapping that makes this one feel like a dupe. One of the comments [slashdot.org] on that story jokingly asked why VoIP users shouldn't have to deal with the same government abuses PSTN telephone users do. It was actually a valid question. They should be dealt with any differently?

Now remember that P2P networks have been fighting hard to gain any legitamacy becuase they are used so much for pirating music and movies. The RIAA/MPAA has been trying to get P2P networks themselves deemed

Re:Don't let VOIP be outlawed over stupidity.

[BlueStrat]

"Has it occured to anyone the bellco's can play just as stupid a card if VoIP is not tappable. They'll say VoIP is a haven for drug dealers and those plotting against America to communicate and will try to get all VoIP banned the same way recording industry stooges try to P2P banned."

They won't have to bother with any type of scare or FUD campaign.

The way things are going, with the push on for laws and regulation that increase dramatically the expense of VOIP while at the same time decreasing the advantages

International implications.

[ariosto007]

Under the New Zealand Telecommunications Act, all telcos in NZ are required to have "interception capability" for all communications going through their networks, so as to assist law enforcement agencies who present a valid warrant. Other countries have similar laws. Does the US have any similar laws on its books? And for a product like VoIP, which is very easy to use internationally, will there be governments in other countries demanding VoIP providers provision similar capabilities within their product

The Real Problem: FBI wants REMOTE Wiretapping

[cjdavis]

In an npr story about this, it was mentioned that the FBI - the actual source of this FCC rule - really wants to be able to do this wiretapping remotely. So rather than needing to physically go to a site and install equipment and or software, collect data, then come back for it later, the FBI tech can just go [click][click] in his remote wiretapping console and now they're wiretapping. And if its not remote, you basically need to have your IT guy available 24/7 with keys to your building. That's one thing f

Re:VOIP and platform independence

[mschuyler]

All that can be said equally of Linux users.