Delivered-To: [EMAIL PROTECTED] Date: Fri, 02 Jan 2004 12:36:38 -0800 From: Seth David Schoen <[EMAIL PROTECTED]> Subject: Re: [IP] cryptome: How the FBI Surveils the Net-Official Use Only Sender: Seth David Schoen <[EMAIL PROTECTED]> To: Dave Farber <[EMAIL PROTECTED]>
Dave Farber writes:
> Delivered-To: [EMAIL PROTECTED]
> Date: Fri, 02 Jan 2004 10:18:17 -0800 (PST)
> From: Joseph Lorenzo Hall <[EMAIL PROTECTED]>
> Subject: cryptome: How the FBI Surveils the Net-Official Use Only
> To: Declan McCullagh <[EMAIL PROTECTED]>, Dave Farber <[EMAIL PROTECTED]>
>
> Hi Declan, Dave,
>
> I thought you two and your respective lists might find this
> interesting... posted by Mr. Young at Cryptome:
>
> How the FBI Surveils the Net-Official Use Only
> http://cryptome.org/fbi-cgvop.zip
> (a ~400KB zipped PDF file)
>
> It contains the document, "Electronic Surveillance Needs for
> Carrier-Grade Voice over Packet (CGVoP) Service"
>
> ( A version of this document where copying and pasting has been
> enabled is here:
> http://www.why-war.com/resources/files/fbi_surveillance_voice_over_packet.pdf
> )
>
> I'm in no way qualified to analyze this document, although I'm sure
> some VoIP people out ther are... here's the last paragraph of the
> exec. sum.:
>
> "To facilitate industry interaction, this document captures law
> enforcements needs regarding LAES [Lawfully authorized electronic
> surveillance] capabilities for CGVoP [Carrier-Grade Voice over Packet]
> Service. The document focuses mainly on communicationidentifying
> information associated with service-related events that are of
> interest to law enforcement. The document also addresses law
> enforcements needs regarding the content of CGVoP communications."
I think it's more a matter of "how the FBI wants to surveil the net" than "how the FBI surveils the net". They have described these as "needs" and "requirements" and there are some big fights brewing over packet CALEA. (Of course, most of the substance of these fights is FBI and DOJ people describing their "needs" and getting press to report on the issue. This has been going on for over a year now and is now bleeding into the question of whether or not VOIP companies are legally to be carriers regulated by the FCC.)
Here is a more fundamental question. When you make a VOIP call, why does your service provider know your session key? (Or, in the alternative, when you make a VOIP call, why isn't your conversation encrypted with a session key?)
There have been software VOIP applications for years (PGPfone and SpeakFreely are the earliest I recall) that do end-to-end encryption. If VOIP "carriers" don't do that, they have taken a technological step backward.
What a hollow "victory" over the Clipper Chip if all your voice session keys are "escrowed" down at some VOIP technology company (which is safeguarding them less well than the Clipper plan would have).
--
Seth Schoen
Staff Technologist [EMAIL PROTECTED]
Electronic Frontier Foundation http://www.eff.org/
454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107
------------------------------------- You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
