Re: SecurityFocus: FBI seeks Internet telephony surveillance

[Ben Teitelbaum <>]

I think the call for an Internet2 fatwa against unencrypted voice is a
misguided response to this.  If you actually read the FBI's comments
on Pulver's FCC petition, they have nothing to do with encryption and,
even weirder, seem to have nothing to do with VoIP.  The real agenda
is about cable modems and whether cable-based ISPs are required to
provide CALEA functionality.  I honestly don't understand why the FBI
thinks that a response to Pulver's petition is the right forum for
this particular fight.

Although this particular action doesn't seem like much of a threat, it
is terribly important the we, as a technical community, stay engaged
and help law enforcement and the rest of society understand the
underlying technology and the wonderful potential it has.

Law enforcement has grown accustomed to having a technically simple
wiretap capability, which is an "accidental" feature of the PSTN's
design.  Having the ability to tap access circuits in DSLAMs and cable
head-ends is a fairly natural extension, but having a general-purpose
capability to tap VoIP could have disastrous effects.  VoIP's
decoupling of identity and address from physical access, makes it
impossible to support CALEA without destroying some of the most
valuable features of the technology (mobility, resiliency, low latency
media path routing, end-device call control, etc.).

In the past there has been a similar threat on the encryption front
(with the effort to require key escrow).  The leaked "PATRIOT II" act
already moves in the direction of criminalizing encrypted
communications.  The problem with this trend, of course, is that while
it makes it easier to snoop on bad guys, it also makes it easier for
bad guys to snoop.  

Unfortunately, most people just don't seems to care.  To encrypt or
not is a P2P choice that few end users have made.  Consider the rarity
of encrypted email, encrypted voice over the PSTN (all you need is a
pair of modems and PGPfone), or cordless household phones with strong
encryption between the handset and the base station.  Solving the key
management problem, educating users, and making encryption
user-friendly will help over time, but a fatwa is likely to fall on
deaf ears.

-- ben

Tyler Miller Johnson 
<>
 writes:

> The standard for encryption for h.323 is h.235. We use Tandberg
> endpoints for video *because* they support this and this group is
> capturing the market because of HIPAA requirements. In my opinion, all
> media streams should be encrypted. Under h.235, one can encrypt both
> the media streams *and* the call signalling, so that it is not
> possible to (easily) decode what is said, nor whom it was said to. The
> latTer is also an important component of privacy. What if it were
> discovered that you regulary called the AIDS clinic / Iraqi embassy /
> gay bar. Could this have an impact on your life?
> 
> I would like to see Internet2 take a really strong stand on supporting
> (requiring/preferring?) encryption on all video/voice communications
> and trying to drive the market in that regard. I do not believe it is
> reasonable to implement a voice over IP system over
> Internet1/Internet2 without encryption today, given the simplicity
> with which media can be sniffed and decoded and the potential for loss
> of privacy resulting from that.


 writes:

> It sounds like both FEC and encryption are far too uncommon in the voip
> world.
> 
> > FBI seeks Internet telephony surveillance
> > 
> > The Justice Department and the FBI ask regulators for expanded
> > technical capabilities to intercept Voice Over IP communications...
> > and anything else that uses broadband.

---------------------------------------------------------------wg-voip-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

---------------------------------------------------------------wg-voip--