I wish I wish I wish that the murdering $&*#1! would spend their time
messing with @#*&@###! VoIP rather than anything else.
Suresh
Ramasubramanian
<suresh@outblaze. To
> nanog <nanog@merit.edu>
Sent by: cc
owner-nanog@merit
.edu Subject
[Fwd: [IP] Feds: VoIP a potential
haven for terrorists]
06/18/2004 09:18
AM
: Feds: VoIP a potential haven for terrorists
: By Declan McCullagh
: The Senate's action comes as the FCC considers a request submitted in
: March by the FBI. If the request is approved, all broadband Internet
: providers--including companies using cable and digital subscriber line
: technology--will be required to rewire their networks to support easy
: wiretapping by police.
Anyone know yet if they've they said who would have to pay for it, and
what they specifically mean by "broadband Internet providers"?
scott
** Reply to message from Scott Weeks <surfer@mauigateway.com> on Fri,
18 Jun 2004 09:30:03 -1000 (HST)
: Feds: VoIP a potential haven for terrorists
: By Declan McCullagh: The Senate's action comes as the FCC considers a request submitted in
: March by the FBI. If the request is approved, all broadband Internet
: providers--including companies using cable and digital subscriber line
: technology--will be required to rewire their networks to support easy
: wiretapping by police.Anyone know yet if they've they said who would have to pay for it, and
what they specifically mean by "broadband Internet providers"?scott
Pay for it? If I remember from CALEA, the providers pay for it (and
eventually their customers), and as for "broadband Internet
providers"... I'm guessing anyone who offers end user customers a
circuit bigger than 53.333k.
I admit to having some sympathy for the FBI... they're in the middle of
getting ripped up, down and sideways over failures over Sept 11 and
other things, and yet when they ask for more surveilance capabilities,
they get ripped up, down and sideways for asking...
{snip}
Anyone know yet if they've they said who would have to pay for it, and
what they specifically mean by "broadband Internet providers"?scott
Well, that's the issue, now isn't it. It all comes down to money and
control.
There are three schools of thought here.
One is that the VoIP should not be wiretapped at all. This seems a little
unrealistic considering that we allow other calls to be tapped. The second
school is that VoIP calls should be made no easier or harder to tap than the
technology itself warrants through its natural evolution. The FBI or
whomever would just have to learn how to work with it as it evolves. The
third school of thought is that all VoIP boxes should come with a red rj45
that says "FBI use only" and a big red button to start the data flowing to
said jack.
Pickering and the FBI are asking for the third option. Some technologists
and civil libertarians seem to be advocating the first option. These might
be negotiating tactics rather than honest positions - welcome to Washington.
The amount of money the FBI would need to spend to tap a VoIP call is
highest with the first option, intermediate with the second, and lowest with
the last. Some services companies are really salivating for the chance to
add CALEA hardware to VoIP networks. I won't mention any particular
companies here, as they have taken a recent beating on this list. Piling on
seems rather cruel.
The second option is probably the most sensible. We'll see how far sensible
gets in the halls of Congress. I suggest crossing fingers, now.
Not to get too off-topic here, but the FBI may be better served by investing
in Human Intelligence. Plugging wires into operational networks is pretty
cool, but turning a guy on one end of that VoIP call is more useful.
We now return to our regularly scheduled comparisons of Best Effort Internet
Services to Boxes of Chocolate or whatever today's lively conversation
happens to be.
There another axis of the conversation going on, and that is with
respect to the scope of voice technologies that require support...
One camp believes that all voice communication must provide
CALEA and the other believes that just those voice services which
provide interconnection to/from the PSTN should need compliance.
The latter position is far easier to implement and corresponds to
today's capabilities. Under the more generous definition of any
voice communication, there's a huge realm of possible applications
that might need to be intercepted including IM services, Skype,
web chat support protocols, and even audio-enabled chats that
are embedded in games.
Someone's going to make a killing in stateful packet detection at
the metro POP level...
/John
I admit to having some sympathy for the FBI... they're in the middle of
getting ripped up, down and sideways over failures over Sept 11 and
other things,
Thus spake "Daniel Golding" <dgolding@burtongroup.com>
The amount of money the FBI would need to spend to tap a VoIP call is
highest with the first option, intermediate with the second, and lowest
with
the last. Some services companies are really salivating for the chance to
add CALEA hardware to VoIP networks. I won't mention any particular
companies here, as they have taken a recent beating on this list. Piling
on
seems rather cruel.
I'm told that most CALEA warrants only authorize a pen register, not an
actual tap. Pen registers are trivial to implement, since the provider's
software undoubtedly has an option to produce CDRs for billing or planning
purposes. Unfortunately this doesn't cover the case of purely P2P calls
which don't have a VoIP provider; if the suspect is using such software, the
only way to produce a pen register is with a tap.
AFAIK, one of the provisions of CALEA warrants is that the provider can't
tell the customer their line is being tapped. The most straightforward VoIP
intercept method requires routing the call through an intercept device or
bridging unit, which is detectable and hus probably counts as disclosure.
Since VoIP packets are routed just like any others, the only workable
solution I see is to provide for tapping of all IP links and (by law)
require the FBI drop all traffic except what they've got a warrant for.
Tapping a SONET or Ethernet link isn't tough, and real-time decoding of
packets up to OC12 speeds was doable on COTS PCs several years ago. One US
telco built such software specifically to comply with CALEA when the FBI
inevitably woke up; it could reassemble selected RTP streams (in real time)
and even play them on a POTS line running to an FBI monitoring post. I'd
assume that OC48/GE isn't much of a stretch today and that OC192/10GE is
feasible with the FBI's funding levels. It'd certainly be easier to tap the
customer's access line, but typical DSL/Cable gear may not have such
provisions...
One thing is very clear, however; if the industry doesn't come up with a
working solution first, we will certainly have something unworkable shoved
down our throats by Congress, the FCC, and the FBI.
S
Stephen Sprunk "Those people who think they know everything
CCIE #3723 are a great annoyance to those of us who do."
K5SSS --Isaac Asimov
** Reply to message from Randy Bush <randy@psg.com> on Fri, 18 Jun 2004
14:30:13 -0700
> I admit to having some sympathy for the FBI... they're in the middle of
> getting ripped up, down and sideways over failures over Sept 11 and
> other things,
Hmmm, but they aren't biased, are they? Any cites that aren't from the
defendants? I'm not saying they aren't right, but that does appear a
bit one-sided.
Hmmm, but they aren't biased, are they?
everything is biased one way or the other in this world.
i also searched the ny times. not a pretty looking state
of affairs.
randy
Tapping a SONET or Ethernet link isn't tough, and real-time decoding of
packets up to OC12 speeds was doable on COTS PCs several years ago. One US
telco built such software specifically to comply with CALEA when the FBI
inevitably woke up; it could reassemble selected RTP streams (in real time)
and even play them on a POTS line running to an FBI monitoring post. I'd
assume that OC48/GE isn't much of a stretch today and that OC192/10GE is
feasible with the FBI's funding levels. It'd certainly be easier to tap the
customer's access line, but typical DSL/Cable gear may not have such
provisions...
The real trouble with this scenario is the required truck roll and outage
on the link toward the customer... This gets expensive if you have to roll
to 10-20/month all over your domestic network. Today that is accomplished
on the phone side with builtin 'stuff' on the phone switches (as I recall
being told by some phone people) without a truck roll and without much
hassle. 
Figuring out the difference between all the forms of 'VOIP' communications
will be a headache for the govies and lawyers... just look at the minor
inconveniences of CARNIVORE, eh?
One thing is very clear, however; if the industry doesn't come up with a
working solution first, we will certainly have something unworkable shoved
down our throats by Congress, the FCC, and the FBI.
Sure, but to date we are still awaiting good/complete requirements from
the gov't so it's a little tough to determine what is 'required' in a
solution such that data can be tapped and then appear in court in some
form which is unimpeachable.
-Chris
One thing is very clear, however; if the industry doesn't come up with a
> working solution first, we will certainly have something unworkable shoved
> down our throats by Congress, the FCC, and the FBI.
On the other hand, since you'll have to wait for 10 years in line behind all the other "broadband service providers" that the FBI would be arresting for non-compliance, you might not have to worry about it. Or you could wait for all the court cases that go first claiming that Voice Chat on IM is not related to VoIP. Perhaps we'll even get to see a court case where a President has phone sex on a VoIP line 
Rob Nelson
ronelson@vt.edu
Thus spake "Christopher L. Morrow" <christopher.morrow@mci.com>
> Tapping a SONET or Ethernet link isn't tough, and real-time decoding of
> packets up to OC12 speeds was doable on COTS PCs several years ago. One
US
> telco built such software specifically to comply with CALEA when the FBI
> inevitably woke up; it could reassemble selected RTP streams (in real
time)
> and even play them on a POTS line running to an FBI monitoring post.
I'd
> assume that OC48/GE isn't much of a stretch today and that OC192/10GE is
> feasible with the FBI's funding levels. It'd certainly be easier to tap
the
> customer's access line, but typical DSL/Cable gear may not have such
> provisions...The real trouble with this scenario is the required truck roll and outage
on the link toward the customer... This gets expensive if you have to roll
to 10-20/month all over your domestic network. Today that is accomplished
on the phone side with builtin 'stuff' on the phone switches (as I recall
being told by some phone people) without a truck roll and without much
hassle.
That built-in "stuff" is possible with IP gear as well; the switches in your
remote POP should support port mirroring, and many sniffers have the ability
to filter and forward collected data in real time to another site for
analysis. It's a pretty crude way of doing it, but it eliminates a truck
roll if that's your priority, and there's no outage.
Tapping entire SONET or Tx circuits is also possible without an outage, but
you need to have a couple loops (of the correct size) somewhere to point the
tap at and specialized software to extract the packets.
Figuring out the difference between all the forms of 'VOIP' communications
will be a headache for the govies and lawyers... just look at the minor
inconveniences of CARNIVORE, eh?
It'll get even more "interesting" when VoIP carriers roll out encryption for
signalling and media; pen registers will still be possible, but a tap will
be completely useless.
> One thing is very clear, however; if the industry doesn't come up with a
> working solution first, we will certainly have something unworkable
shoved
> down our throats by Congress, the FCC, and the FBI.
Sure, but to date we are still awaiting good/complete requirements from
the gov't so it's a little tough to determine what is 'required' in a
solution such that data can be tapped and then appear in court in some
form which is unimpeachable.
Congress is going down the route of legislating implementation instead of
legislating the requirements and leaving it to the FCC or industry to find
possible implementations. Unfortunately the industry is collectively
sticking their heads in the sand, and the FCC is loathe to comment on
anything they don't have the authority to regulate. Without input to
counter the FBI, how is Congress supposed to pass anything reasonable? As
they say, the road to hell is paved with good intentions.
S
Stephen Sprunk "Those people who think they know everything
CCIE #3723 are a great annoyance to those of us who do."
K5SSS --Isaac Asimov
they don't need more surveillance capabilities as much as they need to better
utilize what they've already got. More laws aren't the answer to lack of
success enforcing what's already on the books.
they don't need more surveillance capabilities as much as they need to
better utilize what they've already got. More laws aren't the answer to
lack of success enforcing what's already on the books.
We should not be building surveillance technology into standards. Law
enforcement was not supposed to be easy. Where it is easy, it's called
a police state. -- Jeff Schiller
"It is poor civic hygiene to install technologies that could someday
facilitate a police state." -- Bruce Schneier
Amen on both counts; couldn't agree with either quote more.
CALEA and wiretaps are independent subjects. You can have CALEA
obligations even if you never, ever implement a single wiretap. On
the other hand you may need to implement many wiretaps even though
you have no CALEA obligations.
For example, hotels and universities have traditionally been considered
not to have CALEA obligations. However, both hotels and universities must
comply with court orders if law enforcement wants to wiretap one of their
phones. Should CALEA be extended to hotels and universities? Are hotels
and universities broadband Internet providers when they offer Internet
service in student dorm rooms or hotel rooms?
In reality, CALEA is a funding bill; it has very little to do with
technology. Imagine if law enforcement thought DNA testing was too
expensive, so Congress passes a law requiring all doctors to purchase
DNA testing equipment and provide free DNA tests to law enforcement.
DNA is a complicated subject. Few police officers are qualified to
analyze DNA. Instead law enforcement pays for professional DNA testing
when it needs DNA testing.
The FCC comment period has closed. Everyone had an opportunity to submit
comments on the topic to the FCC.
Consult your own attorney if you want real legal advice.
A coupla' years ago, the FCC defined "Broadband" as 200Kbps and above.
--Michael
Hmm different jurisdiction but Tiscali & NTL seems to think broadband is as low
as 100Kbps
http://www.tiscali.co.uk/products/broadband/3xfaster.html?code=ZZ-NL-11MR
http://www.ntlhome.co.uk/ntl_internet/broadband.asp?cust=ntlcom_broadbandtextlink
Wrongful trading or say what you like if you make it up as you go along.. ?
Steve