[IP] more on cryptome: How the FBI Surveils the Net-Official Use Only
Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Fri, 02 Jan 2004 12:36:38 -0800
From: Seth David Schoen <schoen@xxxxxxx>
Subject: Re: [IP] cryptome: How the FBI Surveils the Net-Official Use Only
Sender: Seth David Schoen <schoen@xxxxxxxx>
To: Dave Farber <dave@xxxxxxxxxx>
Dave Farber writes:
> Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
> Date: Fri, 02 Jan 2004 10:18:17 -0800 (PST)
> From: Joseph Lorenzo Hall <jhall@xxxxxxxxxxxxxxxxx>
> Subject: cryptome: How the FBI Surveils the Net-Official Use Only
> To: Declan McCullagh <declan@xxxxxxxx>, Dave Farber <dave@xxxxxxxxxx>
>
> Hi Declan, Dave,
>
> I thought you two and your respective lists might find this
> interesting... posted by Mr. Young at Cryptome:
>
> How the FBI Surveils the Net-Official Use Only
> http://cryptome.org/fbi-cgvop.zip
> (a ~400KB zipped PDF file)
>
> It contains the document, "Electronic Surveillance Needs for
> Carrier-Grade Voice over Packet (CGVoP) Service"
>
> ( A version of this document where copying and pasting has been
> enabled is here:
>
http://www.why-war.com/resources/files/fbi_surveillance_voice_over_packet.pdf
> )
>
> I'm in no way qualified to analyze this document, although I'm sure
> some VoIP people out ther are... here's the last paragraph of the
> exec. sum.:
>
> "To facilitate industry interaction, this document captures law
> enforcements needs regarding LAES [Lawfully authorized electronic
> surveillance] capabilities for CGVoP [Carrier-Grade Voice over Packet]
> Service. The document focuses mainly on communicationidentifying
> information associated with service-related events that are of
> interest to law enforcement. The document also addresses law
> enforcements needs regarding the content of CGVoP communications."
I think it's more a matter of "how the FBI wants to surveil the net"
than "how the FBI surveils the net". They have described these as
"needs" and "requirements" and there are some big fights brewing over
packet CALEA. (Of course, most of the substance of these fights is
FBI and DOJ people describing their "needs" and getting press to
report on the issue. This has been going on for over a year now and
is now bleeding into the question of whether or not VOIP companies are
legally to be carriers regulated by the FCC.)
Here is a more fundamental question. When you make a VOIP call, why
does your service provider know your session key? (Or, in the
alternative, when you make a VOIP call, why isn't your conversation
encrypted with a session key?)
There have been software VOIP applications for years (PGPfone and
SpeakFreely are the earliest I recall) that do end-to-end encryption.
If VOIP "carriers" don't do that, they have taken a technological step
backward.
What a hollow "victory" over the Clipper Chip if all your voice session
keys are "escrowed" down at some VOIP technology company (which is
safeguarding them less well than the Clipper plan would have).
--
Seth Schoen
Staff Technologist schoen@xxxxxxx
Electronic Frontier Foundation http://www.eff.org/
454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/