[IP] more on VoIP CALEA -- the NSF does work for guess who ? djf
Begin forwarded message:
From: Brad Templeton <btm@xxxxxxxxxxxxxx>
Date: August 10, 2005 4:06:15 PM EDT
To: David Farber <dave@xxxxxxxxxx>
Cc: tom_gray_grc@xxxxxxxxx
Subject: Re: [IP] more on VoIP CALEA -- the NSF does work for guess
who ? djf
Dave, you can add this note to my prior note if you wish to
forward it or either.
On Wed, Aug 10, 2005 at 06:14:07AM -0400, David Farber wrote:
There is no great difficulty in arranging for the
interception of Internet-only voice calls, contrary to
what has been written in earlier messages in this
thread.
....
It would seem to be very simple for providers such as
SKPE and Vonage to intercept Internet-only voice
calls. The intereception could be done at the packet
forwarder. In most cases the packet forwarder is
required. Even in cases where it is not required, the
client software could be set up to accept a management
instruction amd silently send all packets thorugh a
forwarder without infromting the user.
Tom Gray
Skype, as far as we know (they don't reveal the details) encrypts
end to end. The external PC which is recruited to forward
packets for people behind NAT does not, as far as I know, have
the ability to decode the voice. If it does, that would be a
surprisingly poor encryption design, and a provider like Skype
could change it.
Skype is standalone software. It queries Skype's master servers
for information on where to do directory lookups and find external
servers, but otherwise Skype's servers do not appear to participate
in the calls, and thus, without modification of the downloaded
software, could not interfere with or even be aware of calls, short
of suborning the entire list of "volunteer" forwarding computers
provided to the client.
And as I noted before, rerouting IP to IP calls adds considerable
problems. I am building a VoIP phone service which connects two
people by ringing both their phones. However, it does not, as most
such services do, bridge the calls in a central point. Both endpoints
send their audio to one another directly. A central wiretap is
not workable on such a call. The system could tell both endpoints
to talk to a bridge, which would be detectable and increase latency.
One could easily provide software to watch for this and turn on an
indicator on the phone saying, "Your line is tapped!" In some ways,
criminals might find it more useful to have a phone where they can
tell if it's tapped to provide disinformation, rather than just
avoiding taps altogether as you would with Skype.
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/