Re: [IP] more on more on E-mail intercept ruling - good grief!! (fwd from dave@farber.net)
At 10:50 AM 7/2/2004, Roy M. Silvernail wrote: Call me cynical (no... go ahead), but if VOIP is found to have no 4th Amendment protection, Congress would first have to agree that this *is* a problem before thay could fix it. While Peter Swire is a much better judge of court behavior than I am (:-) the key issue in the Councilman case is that the Wiretap Law differentiates between aural communications on wires and the broader category of electronic communications, and electronic communications might only be protected on wires, and not just when it's in storage or in transit on a computer. (What about wireless transmission? Is that protected?) If courts don't think VOIP is aural, they're way out of line. That should mean that if you wiretap VOIP calls, you'd better have a warrant. On a more negative hand, it sounds like the court thinks that wiretap rules only apply to stuff that's on wire - do packets that are inside a router get protected, while it's busy thinking about what wire to put it on next? Does it matter whether you're intercepting the whole message, or is the fact that the packet you're intercepting is inside a router good enough for the court, even though the other packets in the message might still be on the wires into or out of the router? Given the recent track record of legislators vs. privacy, I'm not at all confident Congress would recognize the flaw, much less legislate to extend 4th Amendment protection. The Ashcroftians have been able to con Congress into letting them have lots of other things they ask for in the name of preventing technological change from taking away our current powers, and every edge case seems to be used as a loophole to grant them more power, not to restrict what they've got. It's possible that a Kerry Administration would be less aggressive about this than the Bush Administration, though it's unlikely that they'd actually be much better than the Clinton Administration, would were pretty evil back in their day. After all, arent more and more POTS long-distance calls being routed over IP? The only difference, really, is the point at which audio is fed to the codec. If the codec is in the central office, it's a voice call. If it's in the handset or local computer, it's VOIP. I think we can count on the Ashcroftians to eventually notice this and pounce upon the opportunity. Oh, they know, and they're in a mad scramble to make sure that they can tap data communications as well, and most VOIP doesn't have useful crypto protection. So far, it's easier to tap VOIP calls after they've been turned back into telco-flavored TDM, but that's partly because they've got tools and practice and established procedures for doing so. The big difference with VOIP is that it's normal to design relatively distributed VOIP systems that do most of the work peer-to-peer, and it's harder to get a hook into the endpoints without the endpoints being aware of them. Some VOIP systems can probably be convinced to make three-way calls without telling the user interface at the endpoints, so the logical way to do wiretapping is to get the gatekeepers to build calls that way. Bill Stewart [EMAIL PROTECTED]
Re: [IP] more on more on E-mail intercept ruling - good grief!! (fwd from dave@farber.net)
I dunno...as an ex-optical engineer/physicst, I'm sceptical about this whole scary tempest bullcrap. Even if it can be made to work fairly reliably, I suspect deploying it is extremely costly. In contrast, the main benefit of CALEA is that they can merely provision their copy of a circuit to go back to VA or wherever. They can be eavesdropping while surfin porn all without leaving their desk and cup of coffee. Hey--if they want me that bad these days, it would probably be cheaper just to send the van and beat whatever they need out of me. Actually, I suspect that Tempest is some kind of smokescreen...Don't bother encrypting because we have this super-technology called tempest that can read your mind anyway. -TD From: Sunder [EMAIL PROTECTED] To: Roy M. Silvernail [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: [IP] more on more on E-mail intercept ruling - good grief!! (fwd from [EMAIL PROTECTED]) Date: Fri, 2 Jul 2004 16:15:59 -0400 (edt) The Tempest argument is a stretch, only because you're not actually recovering the information from the phosphor itself. But the Pandora argument is well taken. Actually there is optical tempest now that works by watching the flicker of a CRT. Point is actually even more moot since most monitors are now LCD based, etc. so there's no raster line scanning the display, etc... _ MSN 9 Dial-up Internet Access helps fight spam and pop-ups now 2 months FREE! http://join.msn.click-url.com/go/onm00200361ave/direct/01/
[IP] more on more on E-mail intercept ruling - good grief!! (fwd from dave@farber.net)
- Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Fri, 2 Jul 2004 09:07:14 -0400 To: Ip [EMAIL PROTECTED] Subject: [IP] more on more on E-mail intercept ruling - good grief!! X-Mailer: Apple Mail (2.618) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Peter Swire [EMAIL PROTECTED] Date: July 1, 2004 2:52:11 PM EDT To: [EMAIL PROTECTED] Subject: RE: [IP] more on E-mail intercept ruling - good grief!! Reply-To: [EMAIL PROTECTED] Dave: On VOIP interception, there is a statutory and a constitutional issue. The statutory issue is whether VOIP is a wire communication (like a phone call) or an electronic communication (like an e-mail or web communication). The Councilman court said that wire communications are considered intercepted even if they are in temporary storage. The key holding of the case was that electronic communications are not intercepted if the wiretap takes place while the communication is in temporary storage. Wire communication is defined as any aural transfer made in whole or in part through the use of facilities for the transmission of communications by the aid of wire, cable or other like connection between the point of origin and the point of reception. I do not know whether a court has ruled on whether VOIP counts as a wire communication. Quick research just now suggests we don't have a case on that yet. I can see arguments either way, based in part on whether a packet-switched communication counts as aural. Under Councilman, if VOIP is an electronic communication, then the provider therefore could intercept the VOIP calls for the provider's own use without it counting as an interception. Providers already can intercept communications with user consent or to protect the system, but this would be blanket permission to intercept communications. The constitutional question is whether users have a reasonable expectation of privacy in VOIP phone calls. Since the 1960's, the Supreme Court has found a 4th Amendment protection for voice phone calls. Meanwhile, it has found no constitutional protection for stored records. In an article coming out shortly from the Michigan Law Review, I show why VOIP calls quite possibly will be found NOT to have constitutional protection under the 4th Amendment. It would then be up to Congress to fix this, or else have the Supreme Court change its doctrine to provide more protections against future wiretaps. Article at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=490623 . Peter Prof. Peter P. Swire Moritz College of Law, Ohio State University John Glenn Scholar in Public Policy Research (240) 994-4142, www.peterswire.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Farber Sent: Thursday, July 01, 2004 12:12 PM To: Ip Subject: [IP] more on E-mail intercept ruling - good grief!! Begin forwarded message: From: Ed Belove [EMAIL PROTECTED] Date: July 1, 2004 12:50:19 PM EDT To: [EMAIL PROTECTED] Subject: Re: [IP] E-mail intercept ruling - good grief!! But Councilman argued that no violation of the Wiretap Act had occurred because the e-mails were copied while in electronic storage -- the messages were in the process of being routed through a network of servers to recipients. A scary thought: does this mean that VOIP packets can be copied from routers (by ISPs or anyone else) while they are stored? - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgpygRIHD4iyx.pgp Description: PGP signature
Re: [IP] more on more on E-mail intercept ruling - good grief!! (fwd from dave@farber.net)
On Fri, 2 Jul 2004, Roy M. Silvernail wrote: Call me cynical (no... go ahead), but if VOIP is found to have no 4th Amendment protection, Congress would first have to agree that this *is* a problem before thay could fix it. Given the recent track record of legislators vs. privacy, I'm not at all confident Congress would recognize the flaw, much less legislate to extend 4th Amendment protection. After all, arent more and more POTS long-distance calls being routed over IP? The only difference, really, is the point at which audio is fed to the codec. If the codec is in the central office, it's a voice call. If it's in the handset or local computer, it's VOIP. I think we can count on the Ashcroftians to eventually notice this and pounce upon the opportunity. And as for the SCOTUS, all they have to do is sit back on a strict interpretation and such intercepts aren't wiretaps at all. If VOIP gets no protection, then you'll see a lot of digital bugs in various spy shops again - and they'll all of a sudden be legal. I thought the Feds busted lots of people for selling bugging equipment, etc. because they're an invasion of privacy, etc. Ditto for devices that intercept digital cellular phone conversations, spyware software that turns on the microphone in your computer and sends the bits out over the internet, ditto for tempest'ing equipment (But your honor, it's stored for 1/60th of a second in the phosphor! It's a storage medium!), etc. Hey, they can't have their cake and eat it too. It's either protected or it isn't.
Re: [IP] more on more on E-mail intercept ruling - good grief!! (fwd from dave@farber.net)
The Tempest argument is a stretch, only because you're not actually recovering the information from the phosphor itself. But the Pandora argument is well taken. Actually there is optical tempest now that works by watching the flicker of a CRT. Point is actually even more moot since most monitors are now LCD based, etc. so there's no raster line scanning the display, etc...
Re: [IP] more on more on E-mail intercept ruling - good grief!! (fwd from dave@farber.net)
Sunder wrote: On Fri, 2 Jul 2004, Roy M. Silvernail wrote: Call me cynical (no... go ahead), but if VOIP is found to have no 4th Amendment protection, Congress would first have to agree that this *is* a problem before thay could fix it. Given the recent track record of legislators vs. privacy, I'm not at all confident Congress would recognize the flaw, much less legislate to extend 4th Amendment protection. After all, arent more and more POTS long-distance calls being routed over IP? The only difference, really, is the point at which audio is fed to the codec. If the codec is in the central office, it's a voice call. If it's in the handset or local computer, it's VOIP. I think we can count on the Ashcroftians to eventually notice this and pounce upon the opportunity. And as for the SCOTUS, all they have to do is sit back on a strict interpretation and such intercepts aren't wiretaps at all. If VOIP gets no protection, then you'll see a lot of digital bugs in various spy shops again - and they'll all of a sudden be legal. I thought the Feds busted lots of people for selling bugging equipment, etc. because they're an invasion of privacy, etc. Interesting counterpoint. Those busts were predicated on the violation of existing laws, where of course the feds get to break those laws with a good story and a judge's rubber sta.. er, I mean permission. So the question becomes how does the fed keep their ability to intercept legally unprotected commo and at the same time, keep Joe Beets from doing the same thing. Ditto for devices that intercept digital cellular phone conversations, spyware software that turns on the microphone in your computer and sends the bits out over the internet, ditto for tempest'ing equipment (But your honor, it's stored for 1/60th of a second in the phosphor! It's a storage medium!), etc. The Tempest argument is a stretch, only because you're not actually recovering the information from the phosphor itself. But the Pandora argument is well taken. Hey, they can't have their cake and eat it too. It's either protected or it isn't. Not that they won't try, though. Or that they wouldn't opt toward unprotecting everything if the opportunity presented itself. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFS SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
Re: [IP] more on more on E-mail intercept ruling - good grief!! (fwd from dave@farber.net)
Eugen Leitl forwarded: The constitutional question is whether users have a reasonable expectation of privacy in VOIP phone calls. Since the 1960's, the Supreme Court has found a 4th Amendment protection for voice phone calls. Meanwhile, it has found no constitutional protection for stored records. In an article coming out shortly from the Michigan Law Review, I show why VOIP calls quite possibly will be found NOT to have constitutional protection under the 4th Amendment. It would then be up to Congress to fix this, or else have the Supreme Court change its doctrine to provide more protections against future wiretaps. Article at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=490623 . Call me cynical (no... go ahead), but if VOIP is found to have no 4th Amendment protection, Congress would first have to agree that this *is* a problem before thay could fix it. Given the recent track record of legislators vs. privacy, I'm not at all confident Congress would recognize the flaw, much less legislate to extend 4th Amendment protection. After all, arent more and more POTS long-distance calls being routed over IP? The only difference, really, is the point at which audio is fed to the codec. If the codec is in the central office, it's a voice call. If it's in the handset or local computer, it's VOIP. I think we can count on the Ashcroftians to eventually notice this and pounce upon the opportunity. And as for the SCOTUS, all they have to do is sit back on a strict interpretation and such intercepts aren't wiretaps at all. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFS SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
