[IP] The Call Is Cheap. The Wiretap Is Extra.

To: Ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] The Call Is Cheap. The Wiretap Is Extra.
From: David Farber <dave@xxxxxxxxxx>
Date: Mon, 23 Aug 2004 08:26:36 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx



Begin forwarded message:

From: "John F. McMullen" <observer@xxxxxxxxxxx>
Date: August 22, 2004 11:04:54 PM EDT
To: johnmac's living room <johnmacsgroup@xxxxxxxxxxxxxxx>

Cc: Dave Farber <farber@xxxxxxxxxxxxx>, Declan McCullagh<declan@xxxxxxxx>

Subject: The Call Is Cheap. The Wiretap Is Extra.

From the New York Times --http://www.nytimes.com/2004/08/23/technology/23wiretap.html


The Call Is Cheap. The Wiretap Is Extra.
By KEN BELSON

At first glance, it might seem like the simple extension of a standardtool in the fight against the bad guys.

But in fact, wiretapping Internet phones to monitor criminals andterrorists is costly and complex, and potentially a big burden on newbusinesses trying to sell the phone service.

Earlier this month, the Federal Communications Commission votedunanimously to move forward with rules that would compel the businessesto make it possible for law enforcement agencies to eavesdrop onInternet calls.

But developing systems to wiretap calls that travel over high-speeddata networks - a task that the companies are being asked to pay for -has caused executives and some lawmakers to worry that helping thepolice may stifle innovation and force the budding industry to alterits services. That requirement, they say, could undermine some of thereasons Internet phones are starting to become popular: lower cost andmore flexible features.

The commission's preliminary decision, announced on Aug. 4, is a majorstep in the long process of deciding how Internet-based conversationscould be monitored. Regulators will now hear three months of publictestimony on the ruling. Few expect a resolution of the issue thisyear, but it is not hard to figure out who will ultimately pay for thewiretapping capability.

"All the costs carriers incur are ultimately going to be passed on tothe consumer," said Tom Kershaw, vice president for voice-over-Internetservices at VeriSign, which provides surveillance support for Internetphone companies.

Tapping Internet phones is far more complicated than listening in ontraditional calls because the wiretapper has to isolate voice packetsmoving over the Internet from data and other information packets alsotraveling on the network.

While traditional calls are steady electronic voice signals sent over adedicated wire, Internet calls move as data packets containing aslittle as a hundredth of a second of sound, or less than one syllable,which follow often-unpredictable paths before they are reassembled onthe receiving end to form a conversation.

To make wiretapping possible, Internet phone companies would have tobuy equipment and software as well as hire technicians, or contractwith VeriSign or one of its competitors. The costs could run into themillions of dollars, depending on the size of the Internet phonecompany and the number of government requests.

The requirement to cooperate with law enforcement agencies is unlikelyto drive any Internet phone company out of business, though it couldcut into profits. Last year, the agencies conducted about 1,500wiretaps, with the bulk of them in major cities like New York andMiami. The Federal Bureau of Investigation has yet to complete awiretap over Internet phone services.

"It doesn't break the business model, but it means free telephoneservice is impossible," said John Pescatore, the lead security analystat Gartner Inc., a research group. "You might see add-on surcharges."

Internet companies are starting to gear up for the federalrequirements. Many Internet phone companies, including Vonage, whichhas the largest number of subscribers, already supply the police withthe phone numbers that a person under court-sanctioned surveillancedials and the origin of calls he or she receives, plus informationabout the connections, like whether a conference call was convened. Thevast majority of court orders for wiretapping involve this kind ofmonitoring, known as "trap and trace," which is typically used at thebeginning of an investigation.

The less frequent, but more complicated, monitoring request is to allowthe police to listen to conversations as they occur. In those cases,the differences between the architecture of traditionalcircuit-switched phone networks and the Internet are crucial.

With traditional phone networks, calls are routed through centralcircuit-switching stations, which connect long-haul phone networks andthe wires that go into homes and offices. Typically, phone carriershave installed dedicated servers at or near the switches, which canisolate conversations from a specific phone number and send them topolice agencies in a standardized format. In 1994, when federalwiretapping laws were revised, Congress initially set aside $500million to help carriers pay for this extra equipment to route calls tothe police.

In tapping an Internet phone, police first need to find out whichcompany is responsible for maintaining the phone number. That could bea big phone company, a cable company, an Internet phone provider orpeer-to-peer services that match callers but do not aid in thetransmission of the call. Law enforcement agencies could also askbroadband providers to isolate voice streams on their networks that aretraveling to and from a specific location.

"In the circuit-switch world, the caller and content were in the domainof a single carrier," said Julius P. Knapp, a deputy chief in theOffice of Engineering and Technology at the Federal CommunicationsCommission. "In the Internet world, you have to identify who is in thebest position to get the information."

Once the F.B.I. determines the suspect's Internet phone provider, itorders the company to program its servers to intercept specified callsto and from the suspect's phone. When a phone call is not tapped, theserver sends the call to its destination. When a call is to be tapped,the phone company's server instructs an Internet router to make a copyof the call and send it to the law enforcement agency.

The task is complicated because the phone provider has to use specialsoftware to sniff out specific voice packets from among all the datapackets traveling from the suspect's connection. Unlike traditionalphone taps, this process does not reveal the caller's location, becauseusers can plug their Internet phone modems into any broadbandconnection, even overseas.

But like any security check, this monitoring can slow networks and evendegrade the quality of the call. It could also potentially interceptdata packets along with other types of voice packets - from cellphones,for example - a possibility that alarms privacy groups worried that thepolice will collect information beyond their authority.

"The potential for misuse is pretty broad because what you are doing isa form of packet-sniffing," said Lee Tien, a staff lawyer at theElectronic Frontier Foundation in San Francisco. "The problem is thatif you are using a sniffer box to perform the interception, you mayhandle all the traffic going through. In the end, a packet sniffer getsyou everything."

Some groups, like the American Civil Liberties Union, say lawenforcement agencies are trying to turn phone companies into governmentspies. Law enforcement groups and service providers, however, saysoftware is sufficiently sophisticated to only siphon relevant calls.They also say that having the companies take charge of finding asolution should allay suspicion that the government is trying tooverstep its authority.

The F.B.I. is not trying to use the wiretap law "to dip into theInternet," said one senior official at the bureau.

Another issue involves decoding encrypted conversations. It is easierto encrypt digital conversations than those in an analog format, and agrowing number of Internet phone providers are encrypting their calls.Unscrambling the calls requires another piece of software.

"It's an added layer of complexity," said Richard Tworek, the chiefexecutive of Qovia, which provides software to Internet serviceproviders to make sure the networks are running properly.

The biggest challenge, Mr. Tworek and others say, is tracking downphone conversations that are connected by peer-to-peer software. Thissoftware essentially piggybacks on the networks of its users; calls arenot connected at a central location. To trace such calls, investigatorswould have to sift through trillions of packets at routers that channeldata around Internet networks - a daunting task, industry experts say.

This type of peer-to-peer calling is still emerging, so the threat israther remote. But some companies that offer this software operateoverseas, so they fall outside the jurisdiction of the United Statesgovernment. The communications commission's recent ruling does notcover this type of peer-to-peer communication.

Industry experts, though, expect this decentralized form of Internetphone service to spread, which will require even more sophisticatedInternet wiretapping solutions. About that challenge, Mr. Tworek couldonly say, "It's a huge headache."

has not been specifically authorized by the copyright owner. The
'johnmacsgroup' Internet discussion group is making it available without
profit to group members who have expressed a prior interest in receiving

the included information in their efforts to advance the understandingof

literary, educational, political, and economic issues, for non-profit

research and educational purposes only. I believe that this constitutesa

'fair use' of the copyrighted material as provided for in section 107 of
the U.S. Copyright Law. If you wish to use this copyrighted material for

purposes of your own that go beyond 'fair use,' you must obtainpermission

from the copyright owner.

For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml


   "When you come to the fork in the road, take it" - L.P. Berra
   "Always make new mistakes" -- Esther Dyson

"Any sufficiently advanced technology is indistinguishable frommagic"

    -- Arthur C. Clarke
    "You Gotta Believe" - Frank "Tug" McGraw (1944 - 2004 RIP)

                          John F. McMullen
   johnmac@xxxxxxx johnmac@xxxxxxxxxxxx johnmac@xxxxxxxxxxxxxxxxxx
                  johnmac@xxxxxxxxx johnmac@xxxxxxxxxxx
           jmcmullen@xxxxxxxxxxxxxxxxx johnmac@xxxxxxxxxxxxxxx
              ICQ: 4368412 Skype, AIM & Yahoo Messenger: johnmac13
                  http://www.westnet.com/~observer

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] Secrecy shrouds US e-vote
Next by Date: [IP] more on Understanding Anti-Americanism
Previous by thread: [IP] Secrecy shrouds US e-vote
Next by thread: [IP] more on Understanding Anti-Americanism
Index(es):
- Date
- Thread