Groups Slam FCC on Internet Phone Tap Rule

Posts: 292 · Vonage Forum Master Joined: Oct 08, 2004 Posts: 292

Groups Slam FCC on Internet Phone Tap Rule

By JENNIFER C. KERR
Associated Press Writer
WASHINGTON
August 11, 2005
New regulations making it easier for law enforcement to tap Internet phone calls will also make computer systems more vulnerable to hackers, digital privacy and civil liberties groups say.

While the groups don't want the Internet to be a safe haven for terrorists and criminals, they complain that expanding wiretapping laws to cover Internet calls -- or Voice over Internet Protocol (VoIP) -- will create additional points of attack and security holes that hackers can exploit.

"Once you enable third-party access to Internet-based communication, you create a vulnerability that didn't previously exist," Marc Rotenberg, executive director at the Electronic Privacy Information Center said in an interview Wednesday. "It will put at risk the stability and security of the Internet."

Acting on appeals from the Justice Department and other law enforcement officials, the Federal Communications Commission voted last week to require providers of Internet phone calls and broadband services to ensure their equipment can allow police wiretaps.

The decision applies to Voice over Internet Protocol providers such as Vonage that use a central telephone company to complete the Internet calls. It also applies to cable and phone companies that provide broadband services.

The companies will have 18 months to comply.

"We recognize that people use different methods for communication and certainly most of the time the people are using the method that they can avoid detection most," said FBI spokesman Ed Cogswell.

Voice over Internet Protocol technology shifts calls away from wires and switches, instead using computers and broadband connections to convert sounds into data and transmit them via the Internet.

Besides the privacy and security concerns, digital rights experts worry that expansion of the wiretapping law, known as CALEA, will stifle innovation.

"Creativity and innovation will end up moving offshore where programmers outside the U.S. can develop technologies that are not required to address the onerous CALEA requirements," said Kurt Opsahl, staff attorney at the Electronic Frontier Foundation. "The U.S. companies will face competition from foreign providers who will enjoy an advantage."

The groups also argue that the FCC doesn't have the authority to order the companies to make changes to their systems for wiretapping purposes, since CALEA only pertains to telecommunications systems, not information systems like the Internet.

An FCC spokesman declined to comment.

The 1994 Communications Assistance for Law Enforcement Act (CALEA) required the telecommunications industry to build into its products tools that federal investigators can use -- after getting court approval -- to eavesdrop on conversations.

Lawyers for the Justice Department, FBI and Drug Enforcement Administration asked the FCC in March 2004 to affirm that Voice over Internet Protocol falls under CALEA.

Posts: 7 · Posted: Fri Aug 12, 2005 11:48 am Post subject:

Do the feds really have a problem tapping VOIP lines right now?

I mean, I can do it!! Smile

Here's a tutorial:
http://www.antionline.com/showthread.php?s=&threadid=268401

Most VOIP traffic (including vonage, I think) is done without end-to-end encryption. It can be done with it, but large providers usually don't implement it because it's another thing to support, it increases CPU overhead, and can increase latentcy a bit.

At the very least, Vonage and other providers *should* encrypt to their customers, even if they are forced to comply with laws that allow the government to then tap in later on. I don't like "the man" listening, but I REALLY don't like "anyone on the internet" listening!!!!

Furthermore, I would think that any sophisticated criminal worth tapping would be smart enough to send a PGP message instead of talking about their illigal activity on on VOIP, or any other, phone line.

Posts: 2 · New Forum Member Joined: Aug 12, 2005 Posts: 2

Something to understand about VoIP providers is that VoIP is not Peer to Peer despite everybody's best efforts to categorize it as so. If it was P2P Vonage/Packet8/Lingo etc. would have no idea how long you talked to yr grandmother in Iceland. Obviously Vonage does know how long you spent on each phone call (500 minute plans etc.). That is because the conversations are hairpined through appliances called border controllers. The border controller handles SIP/H.323 proxy functions, and RTP (The actual Voice). As the conversation hairpins through a border controller, it allows the border controller to record any portion of any voice session it cares to record when the Police/FBI requests it, or the local site tech gets bored. Check out http://en.wikipedia.org/wiki/Session_Border_Controller

Do a google on border controllers and you will find that they all allow monitoring and recording. go to Skype for a real peer to peer network.

Posts: 1715 · Posted: Fri Aug 12, 2005 12:32 pm Post subject:

I'm pretty sure the terrorists already use encryption. I've seen documentation which suggests they were using PGP, so I'd imagine they're probably using Skype or PGPFone for comms. Besides, why would a terrorist want to use the PSTN when they can bury their traffic on the 'net and with anonymous pre-paid GSM cards?

Posts: 2 · New Forum Member Joined: Aug 12, 2005 Posts: 2

Skype's a great way for untraceable calls because there's no central point to capture the voice traffic. But the weak link becomes the login ID on the superserver, which leaves a path to originating/terminating IP address.

There are multiple ways to do real time voice communications on the net and leave no footprints, and I will describe none of them for obvious reasons. Suffice to say that encrypting voice traffic is irrelevant if the cybercop can't locate the REAL TIME traffic. The real cause for Calea/911 hysteria with VoIP service is big phone companies realizing their oil field is less than five years away from being tapped out, and those guys have some pretty huge pension obligations, with no future revenue stream. If you have broadband, business or consumer, there is no reason to pay for anymore trunks or LD charges above 1 penny a minute. Phone company longevity is an oxymoron. .

Posts: 1 · New Forum Member Joined: Aug 12, 2005 Posts: 1

What really bothers me is that Skype is bowing to the pleasures of our Fascist wiretapping law.... even though Skype is NOT a US
based company, why should they cooperate with the FCC when they are not even in the juresdiction.

I'm leaving skype as soon as they do this.....

As a VIOP programmer, I'm almost tempted to write an "untappable" VIOP system....

Posts: 292 · Vonage Forum Master Joined: Oct 08, 2004 Posts: 292

jdcrunch wrote:

....As a VIOP programmer, I'm almost tempted to write an "untappable" VIOP system....

What is a "VIOP system"?