[IP] more on FCC not Schizo at all
Begin forwarded message:
From: Bill Stewart <bill.stewart@xxxxxxxxx>
Date: August 9, 2005 11:26:54 AM EDT
To: declan@xxxxxxxx
Cc: hugh@xxxxxxxxxxxxxxxx
Subject: RE: [IP] FCC not Schizo at all
Hugh Crawford's disagreement with Declan misses a critical technical
distinction, and the services, particularly Skype, are moving in more
tappable directions. Most modern VOIP protocols use two separate
kinds of connections - a signalling connection to set up the call,
and a media connection between the callers.
But any of the centralized services that connect to the public
telephone network, like Vonage and AT&T CallVantage and possibly
SkypeIn/SkypeOut, have a hook into the regulated infrastructure where
wiretapping can happen.
For an outbound only service, the trunk to the PSTN is normally
shared, so a given caller's call might show up on any random channel,
and eavesdropping is easier if the service provider can be bullied
into identifying which targeted caller is on which channel, or which
caller is calling a targeted callee, and it's similar to the problem
of eavesdropping on a PBX or hotel phone system.
Depending on how the network handles CallerID, it may even be easy to
get from the trunk signalling. It's possible to design a
decentralized system that uses PBXs or individual phones to deliver
calls to the local telco providers (at least for outbound calls), and
that would be much harder to wiretap.
With the original Skype service, the non-US-based company sells the
software, and the signalling is mostly done by peer-to-peer networks,
but with most other VOIP protocols, the signalling happens at some
server that may or may not be under the jurisdiction of some
regulator (in the case of SIP, the protocols support proxies and
hierarchy, so you may have a PBX-like signalling server talking to a
carrier.)
In the purely-IP world, if the media channel is encrypted, it's hard
to eavesdrop on it directly, but the fans of wiretapping are sure to
decide that the signalling channel is similar to old-style pen-
register traces, and the accounting (if any) is similar to phone
company accounting, and therefore they'll try to get access to that
information at any regulatable provider the way they do with phone
records today, possibly without the niceties of full wiretap warrants.
Also, when the signalling server can be bullied into cooperating, a
wiretap is not much different from a three-way conference call, and
it gets around the problems of encrypted media channels (though that
can usually be done by having the signalling server tell the
endpoints to set up the call unencrypted and using ISP wiretaps.)
Those attacks are much easier when the servers are managed by a
regulatable carrier - it's not possible to tell non-US software
companies to build in backdoors, and it's hard to get PBXs to
cooperate in wiretapping, not only because they're not regulated, but
because they're often managed by one of the targets of the wiretap so
you can't do it without them noticing.
By the way, too many of the big SIP controllers on the market don't
usually enable media-channel encryption, especially for calls to
carrier-provided PSTN gateways. It's very frustrating.
Bill Stewart
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/