On Wed, 2004-02-04 at 15:24, Tilghman Lesher wrote:On Wednesday 04 February 2004 01:26, Ryan Finnesey wrote: > What are my support options for CALEA with Asterisk?
Not many. Basically, if you have Zaptel devices, you can use ZapBarge to listen to those conversations without having to physically tap the lines. Beyond that, there isn't a capability to selectively listen to portions of calls. You could choose to record all calls with Monitor, for example.
IANAL, but this seems like a legal grey area, as the FCC has been pushing against regulating VoIP services, which may mean that VoIP services are not legally considered communication, which would exclude them from CALEA. However, this is for lawyers to argue in court and for a judge to decide.
From what I remember reading, Powell doesn't want to regulate VoIP toVoIP as it is just an application which happens to pass audio data. He may well have to step in for PSTN to VoIP as the PSTN part is without a doubt a telephone call. Of course the only people who really need to worry much about that would be those considered as a CLEC right? The majority of us here are acting as PBX operators and aren't required to intercept. -- Steven Critchfield <[EMAIL PROTECTED]>
Note: CALEA is a term used in the USA, but the concepts apply worldwide to interception of voice traffic or recording of call transactions.
This all boils down to a fundamental question:
"Do you believe that individuals have the right to communicate verbally without the government having the ability to listen to the conversation?"
If your answer is "No", then CALEA applies to VoIP, regardless of method, switching location, equipment, interconnection to PSTN, or numbering schemes. Any _network_ provider would need to filter or block traffic which, based on their BELIEF of ability to transport voice communication, be un-interceptable. This is fundamentally impossible without de-activation of much of what we know as the Internet (at the protocol level) and I do not seriously consider people who reply in the negative.
If your answer is "Yes", then things get a little more grey. Where, exactly, does the (admittedly useful and "good") intercept right of the government stop? At any interconnection with the PSTN? At any system that uses an e.164 numbering scheme? At any system that charges money for access? The real and only legal teeth that could be enforced on this boils down to numbering and addressing methods. If there is a single, unified number allocation mechanism that is universally accepted, then control of any traffic has an authority chain that can be tracked to a responsible party, who can either a) be denied access to the numbering scheme based on certain criteria, or b) be compelled to allow interception or signalling tracing lest they be faced with (a). Once you move outside of the numbering ("authority") space, you're outside of anyone's ability to enforce compliance with any laws regarding intercept or session tracing: the directory servers can be in other nations, and the end users are difficult or impossible to detect if they have clever clients.
This is the same problem the Internet faces today. There is no reason that someone couldn't start up another "Internet" using the ipv4 address space. But they don't, because it wouldn't be _the_ Internet. (don't argue with me about bogon route announcements - those are do not have the attention of any government on them at this point, or they'd be solved.) Thus, there is a control mechanism that can be placed on telephony as well - there is a "root" to all phone numbers, and someone is assigned those numbers. The ubiquity and universally expected functionality of those numbers is what prevents others from making up their own schemes and creating independent and regulation-free environments (sorry, FWD and others - unless you're on e.164, you won't get very far in a non-hobbyist environment.) The only hope are the peer-to-peer type systems that have decent scaling factors, but still, gateways into the PSTN are difficult to manage with those platforms.
Law enforcement fails to recognize this larger issue of authority, and is focusing on the tactical situation of "how do we snoop on any call?" Well, sorry boys, the answer is: you can't. It will only get harder as time goes on. Just like you can't read my email (easily) if I choose to make it difficult, I should be able to perform the same snoop-proofing on my telephone calls.
The good news for LEA is that court orders here in the US still have some traction. If I, as a PBX operator, IPCSP, ISP, or hosting provider get a court order that says that I must open my records for search, or allow interception equipment to be installed on my network, I will have no problem honoring that request to the best of my ability. However, that ability may be very limited based on the fact that the media streams never go through my system, or cannot go through my system without the conversational parties knowing that they are being intercepted. I will not go out of my way to cripple my customers and create broken and un-scalable systems whose only flaw would be my pandering to law enforcement's requirements. At the same time, I will never block or prevent LEA from doing their jobs, and in fact, I will help them the best I can (for both personal beliefs and also to prevent being thrown in jail.)
Back to the practical: Asterisk is actually quite well suited for CALEA in a limited fashion. I have discussed creating a CALEA PRI intercept box with Asterisk, and I'd be surprised if nobody has already done this. It could just as easily sit on an ethernet segment and suck up traffic from SIP, h.323, MGCP, IAX, SCCP. It's an ideal development platform for CALEA intercept technology; anyone want to pay me $1m for development of such a tool? I didn't think so - gov't looks for GSA contracts - Open Source is pretty much the Devil's work.
Now, should anyone running Asterisk worry about CALEA? I will put my neck out and say "No" unless you're a service provider that interconnects to the PSTN. Then, I suspect your PSTN network will fall under the focus of the gov't here in the US. You could head them (the LEA) off at the pass by programming features into your Asterisk server that allow for easy recording or live monitoring of certain "accounts" or calls going to certain destinations. The court can compel you to do pretty much anything, so if you build a system where it is _possible_ for interception to occur, you should consider tools for that interception as integral in the construction of the system.
I'll spell this out for those of you who couldn't catch my point in that last sentence: design systems where it is _impossible_ for interception to occur, at least from the standpoint of the network provider. We're a long, long way from that (with the possible exception of Skype, but since they're closed source, we can't be sure, can we?)
JT _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
