Justice Dept: Wiretaps should apply to Net calls

The battle rages on, apparently. The more things change, the more
things stay the same, it would seem. :wink:

This is from this past Wednesday --I'm surprised that I somehow
overlooked it and only just now saw this.

http://www.cnn.com/2004/TECH/internet/06/16/telecoms.voip.reut/index.html

FYI,

- ferg

The particular hearing that set this all off is the Senate Commerce
Committee's review of S.2281 ("VoIP Regulatory Freedom Act") that
took place on last Wednesday, and in general, the hearing has a
higher content to noise ratio than the resulting press coverage.

The agenda and statements of the participants can be found here:
<http://commerce.senate.gov/hearings/witnesslist.cfm?id=1230>

S.2281 takes the middle of the road position in areas such as lawful
intercept, universal service fund, and E911. At a high-level, those
VoIP services which offer PSTN interconnection (and thereby look like
traditional phone service in terms of capabilities) under S.2281 pick up
the same regulatory requirements. Those VoIP services which do not
interconnect are continue to be treated as "information services" and
therefore excluded from these requirements.

With respect to facilitating lawful intercept, the opening comments of
Ms. Laura Parsky (Deputy Assistant Attorney General, US DoJ) and
James Dempsey, Executive Director of the Center for Democracy and
Technology (CDT) are quite informative. The DoJ view is that S.2281
is not enough, and any service using switching or transport should
facilitate lawful intercept. This position has the advantage of clarity,
but there are lots of communications (chat/IM/etc) that are going to
hard to decode and make readily available as needed. It is also an
expansion of the current framework of CALEA, which specifically sets
aside information services including email and messaging.

The CDT position is interesting, noting that CALEA came into being to
address concerns that law enforcement wouldn't be able to readily
pursue lawful intercept orders without directly mandating call intercept
capacity in each service provider. This works fine with one application
(voice) but that replicating this model for data services makes no sense
given the diversity of Internet communications applications. CDT proposes
that if law enforcement really needs better intercept capabilities for data
applications, it should work on its own decode capabilities or get service
bureaus to handle that same, and that the Internet service providers
shouldn't have to do anything other supply a copy of the relevant users
raw packet stream...

Despite the angst on both sides, requiring just those VoIP services
which look like traditional phone service (due to PSTN interconnection)
as requiring ready lawful intercept capacity will result in the equivalent
situation as we have today with CALEA, and appears to be the likely
outcome of the debate.

Apologies for length,
/John

S.2281 takes the middle of the road position in areas such as lawful
intercept, universal service fund, and E911. At a high-level, those
VoIP services which offer PSTN interconnection (and thereby look like
traditional phone service in terms of capabilities) under S.2281 pick up
the same regulatory requirements.

It sounds good, if you assume there will always be a PSTN. But its
like defining the Internet in terms of connecting to the ARPANET.

What about Nextel's phone-to-phone talk feature which doesn't touch
the PSTN? What about carriers who offer "Free" on-net calling, which
doesn't connect to the PSTN and off-net calling to customers on the
PSTN or other carriers.

Will the bad guys follow the law, and only conduct their criminal
activities over services connected to the PSTN?

With respect to facilitating lawful intercept, the opening comments of
Ms. Laura Parsky (Deputy Assistant Attorney General, US DoJ) and
James Dempsey, Executive Director of the Center for Democracy and
Technology (CDT) are quite informative. The DoJ view is that S.2281
is not enough, and any service using switching or transport should
facilitate lawful intercept. This position has the advantage of clarity,
but there are lots of communications (chat/IM/etc) that are going to
hard to decode and make readily available as needed. It is also an
expansion of the current framework of CALEA, which specifically sets
aside information services including email and messaging.

Its a return to DoJ's pre-CALEA position. Its almost a word-for-word
replay of the debates in 1992/1993 and the Digital Telephony proposals.

http://www.eff.org/Privacy/CALEA/digtel92_old_bill.draft

Briefing Report to the Subcommittee on Telecommunications and Finance,
Committee on Energy and Commerce of the House of Representatives by the
United States General Accounting Office (GAO/IMTEC-92-68BR, July 1992),

  The FBI now has the technical ability required to wiretap certain
  technologies, such as analog voice communications carried over public
  networks' copper wire. However, since 1986, the FBI has become
  increasingly aware of the potential loss of wiretapping capability due
  to the rapid deployment of new technologies, such as cellular and
  integrated voice and data services, and the emergence of new
  technologies such as Personal Communication Services, satellites, and
  Personal Communication Numbers.

  There are six current or imminent telecommunications technologies that
  the FBI needs to be able to wiretap. These are (1) analog and digital
  using copper wire transport, (2) analog and digital using fiber optic
  transport, (3) Integrated Services Digital Network (ISDN), (4) Private
  Branch Exchange (PBX), (5) broadband, and (6) cellular. There are also
  three future technologies for which wiretapping capabilities need to be
  addressed: (1) satellite switches, (2) Personal Communication Services
  (PCS), and (3) Personal Communication Number (PCN). Further, the FBI
  needs to be able to wiretap any special features, such as call
  forwarding or electronic mail.

S.2281 takes the middle of the road position in areas such as lawful
intercept, universal service fund, and E911. At a high-level, those
VoIP services which offer PSTN interconnection (and thereby look like
traditional phone service in terms of capabilities) under S.2281 pick up
the same regulatory requirements.

It sounds good, if you assume there will always be a PSTN. But its
like defining the Internet in terms of connecting to the ARPANET.

Correct. It's a workable interim measure to continue today's practice
while the edge network is transitioning to VoIP. It does not address
the more colorful long-term situation that law enforcement will be in
shortly with abundant, ad-hoc, encrypted p2p communications.

What about Nextel's phone-to-phone talk feature which doesn't touch
the PSTN? What about carriers who offer "Free" on-net calling, which
doesn't connect to the PSTN and off-net calling to customers on the
PSTN or other carriers.

Will the bad guys follow the law, and only conduct their criminal
activities over services connected to the PSTN?

Sean - what alternative position do you propose?
/John

if the pro-ported bad guys are so swift why would they
use anything packaged anyway?

They have engineers and scientific minds in their
ranks that understand devices, boards and the likes
and could simply create their own data centers and
simply use new protocols to communicate over the
public
lines and not one person would know the difference,
all
the laws in the world would not stop them, since US
law
doesn't apply to anyone but US citizens and most other
nations could care less about what we imagine,
contrive and go into hysterics about.

-Henry

At 12:30 AM -0400 on 6/20/04, John Curran wrote:

[snip]
>It sounds good, if you assume there will always be a PSTN. But its

like defining the Internet in terms of connecting to the ARPANET.

Correct. It's a workable interim measure to continue today's practice
while the edge network is transitioning to VoIP. It does not address
the more colorful long-term situation that law enforcement will be in
shortly with abundant, ad-hoc, encrypted p2p communications.

What about Nextel's phone-to-phone talk feature which doesn't touch
the PSTN? What about carriers who offer "Free" on-net calling, which
doesn't connect to the PSTN and off-net calling to customers on the

>PSTN or other carriers.

[snip]

[I've been writing this over the past day or so in bursts; apologies if this re-hashes what others have said more succinctly or elegantly. I think there are still some points in here that haven't been addressed by others, so I'll respond to the most recent sub-thread]

I think that while the debate about CALEA's short-term legislative extension to cover VoIP services is certainly interesting and scary, I fail to see how it will be relevant in the coming years as the market progresses. Because of the quickly growing diversity of VoIP technology, interconnection methods, and customer/vendor hierarchies, I do not believe it will be possible to enforce (or even legislate) an interception policy that is effective without extensive and draconian technical and legal methods.

Comments to support my thesis:

   1) In the debate thus far, it does seem reasonable that PSTN calls are subject to CALEA. It even sounds reasonable that services that interconnect from VoIP networks to the PSTN are subject to CALEA. But what information must be provided during an "interconnect"? What _is_ an "interconnect", anyway? If I have a service that hands off a call from my customer's SIP home media gateway to another carrier's SIP gateway device, am I obligated to tell the other carrier the real caller ID of the caller? Does caller ID provide adequate identification? What if there isn't a "real" caller ID? Which one of us must be subjected to CALEA rules? Both? How about a residential gateway (SIP->FXO) that participates in a global P2P mesh co-op to allow cheap/free local calls anywhere? (Hint: that's coming.) Is every member of such a mesh subject to CALEA?

  2) Perhaps the most relevant point to my thesis is that the "service provider" may not fall under the jurisdiction of United States law, but that does not preclude them from offering service in the US that is equivalent to vendors who _do_ reside in the US. I will note that this is NANOG, and not USANOG. While the US has a significant influence in North American (and worldwide) intercept legislation, it certainly cannot require other nations to implement the same policy. We're all running scared about what the US will do, but it is a tempest in a teapot for providers who are packet-based and potentially mobile, or who are already outside of the USA.

      Some sub-comments on geography/national authority:

       a) Do you think that Skype (domain registered in Luxembourg, company in the Netherlands?) or any other non-US P2P network or software provider will implement CALEA into it's software or service because of threats by the US Department of Justice? Consistently?

       b) Do you think that it will be illegal for overseas firms to contract with IP->PSTN gateway providers in the USA for call termination because the origins of their calls are unknown and thus are un-distinguishable by CALEA intercepts from non-targeted calls?

       c) Do you think that it will be illegal for US Citizens or residents to send encrypted SRTP (or other media) streams to IP->PSTN gateways that are outside of the United States, where CALEA does not apply?

       d) More broadly: Do you think it should or will be illegal to accept or generate a communication method without some authoritative method to trace the origin or destination of the communication? If you answer "No", then CALEA grows more worthless by the day. If you answer "Yes", then how does your government apply this across national boundaries, and more importantly, how does a government technically enforce it without becoming a police state?

       e) Do you think any company will be inclined to stay in the US if the cost of doing business increases by X% due to CALEA requirements? To what number can X% rise before they close up shop and move offshore? I can tell you from firsthand experience that all the VoIP providers I've talked with are running on the assumption that they can deploy their models on 10-20% of the costs of a traditional telco, and even a slight deviation in this will send them scattering to look for alternatives to whatever costs are presented. Look at the on-line gambling industry for very relevant examples of this diaspora effect.

  3) It seems that the most easily graspable part of the industry is to somehow apply rules to any entity that uses number space out of the North American Numbering Plan (NANP) that is ultimately overseen by the US Government. It's easy for the FTC/DOJ/FCC to say "You don't get the right to use, route, or sub-allocate numbers unless you adhere to our CALEA requirements, and force all your customers to adhere to those requirements as well." That sounds easy, and it might even be possible.... for a while. This quickly changes when non-US or non-national numbering (+878, anyone?) becomes more accepted by domestic US customers, and is completely irrelevant to those services which don't use NANP space and just provide anonymous or semi-anonymous gateways for outbound and two stage dialing for inbound (see FWD, Voiceglo, and others for examples of this.) I think again CALEA will fall into a chaotic jumble by trying to apply laws to service providers or software developers to enforce basic identification criteria when those criteria will lose relevance in the next few years.
    Note: the long arm of the law having it's hand on NANP allocations might a pretty good "tax" handle as well - watch out for the triple-whammy of taxes, CALEA, and E911 being tied to NANP numbers, as has been discussed before in other forums with very visible momentum of approval. This has positive and negative results. Of this method of control/taxation, I haven't decided if I'm in favor or not.

   4) The last comment will agree with another comment made here previously: the smart (and possibly the most dangerous) criminals and terrorists will use widely-available crypto, tunnels, or darknets to move their VoIP packets. CALEA agencies have got to get the method of interception closer to the source or destination of the communications to overcome these obstacles. Are we implementing this huge expense, inconvenience, and market uncertainty to catch only dumb criminals, or should these energies and funds be focused elsewhere to have possibly "better" results?

PS: anyone want to draft the "US Telecommunications Discipline Pact"? :wink:

PPS: Yes, I do run an ITSP, but these comments reflect my personal views, and not necessarily those of my current employer.

JT

JT -

  It's not just the US Goverment with interest in this matter.
  Lawful Intercept has basis in both EU directives and laws
  of many member states. The last RIPE meeting had a very
  good presentation by Jaya Baloo on this particular topic, and
  I'll note that describes an ETSI framework for a lot more than
  just facilitating VoIP intercept:

<http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-eof-etsi.pdf>
   
  As I noted earlier, the coming reality of abundant, ad-hoc,
  encrypted, p2p communication is going to eventually make
  efforts to facilitate just VoIP intercept seem quaint, unless
  we all recognize that only most obtuse criminal will be likely
  to have their communications uncovered in this manner.

  There's likely to be disagreement on how far away that day
  is; based on different views of technology availability and
  criminal behavior. As long as facilitating lawful intercept
  has a reasonable cost and perceived benefit tradeoff,
  there will be significant pressure to come up with viable
  architectures for deployment. In the US, this may take the
  direction of simply facilitation of VoIP intercept, or could be
  something more inclusive such as the architecture as outlined
  by ETSI for mail, transport headers, and entire packet streams.

  Finally, it is not simply through tax or regulatory measures that
  governments can seek compliance. Not many firms are going to
  offer services contrary to law in this area if the consequences
  are defined as criminal violations, since most corporate officers
  dislike the potential consequences.

/John

  It's not just the US Goverment with interest in this matter.
  Lawful Intercept has basis in both EU directives and laws
  of many member states.

You are aware the US Government pays for consultants to assist
in the development of international and other directives or
standards. The great thing about standards is there are so
many to choose from. When one group rejects the proposal, it
is shopped around to a more friendly forum and then re-introduced.

The US Government tried Key Escrow, and was more successful getting
other countries to adopt it than in the USA.

History is a good teacher. But it will require visiting the
library, not just using Google.

  There's likely to be disagreement on how far away that day
  is; based on different views of technology availability and
  criminal behavior. As long as facilitating lawful intercept
  has a reasonable cost and perceived benefit tradeoff,
  there will be significant pressure to come up with viable
  architectures for deployment. In the US, this may take the
  direction of simply facilitation of VoIP intercept, or could be
  something more inclusive such as the architecture as outlined
  by ETSI for mail, transport headers, and entire packet streams.

Every type of electronic communications in the USA may, and probably
has been intercepted at one time or another, not just VoIP. Everything
outlined in the ETSI standards, and more, is available for purchase today
from vendors in the USA.

Its a lot more than simply facilitating access. Under Title III, carriers
already had to provide reasonable technical assistance, with compensation.
The objection generally isn't about facilitating "access." Law
enforcement already has "access," and has shown no reluctance in obtaining
court orders for ISPs to give them "access."

So what is the real problem? What is law enforcement actually asking for?

Every type of electronic communications in the USA may, and probably
has been intercepted at one time or another, not just VoIP. Everything
outlined in the ETSI standards, and more, is available for purchase today
from vendors in the USA.

Its a lot more than simply facilitating access. Under Title III, carriers
already had to provide reasonable technical assistance, with compensation.
The objection generally isn't about facilitating "access." Law
enforcement already has "access," and has shown no reluctance in obtaining
court orders for ISPs to give them "access."

Access isn't the question. This is about assisting law enforcement by
facilitating access, which by CALEA is providing mechanisms and capacity
for lawful intercept in advance.

As you are aware, it is possible to be unable to fulfill a court order
for intercept due to technical reasons, and the DoJ sees this as a
real distinct possibility for an increasing volume of voice calls if
S.2281 is approved as-is.

So what is the real problem? What is law enforcement actually asking for?

Amazingly, that's contained in the DoJ comments:

"In both the IP-enabled services and CALEA proceedings at the FCC, the Department of Justice has made the same points that I want to emphasize here this morning: (1) that public safety and national security will be compromised unless court orders for electronic surveillance can be implemented by providers; (2) that assistance requirements should apply to every service provider that provides switching or transmission, regardless of the technologies they employ; and (3) that if any particular technology is singled out for a special exemption from these requirements, that technology will quickly attract criminals and create a hole in law enforcement's ability to protect the public and the national security."

Looks pretty clear to me: assistance requirements (i.e. the requirement
to have LI capacity and mechanisms in place in advance) should apply to
all providers, and in particular, that VoIP providers who do not provide
direct PSTN access (e.g. FWD, Skype) should not get an exception here
as specified in the draft bill.

/John

And what would satisfy those law enforcement requirements? In 10 years
of CALEA, law enforcement has never agreed anything done was good enough
to satisfy CALEA. Instead, LEAs have repeatly stated all attempts at
compliance so far have been deficient. If LEA thinks everything the PSTN
tried to do was deficient, why does anyone think applying the same regime
to other things will be any more successfull at meeting LEA's requirements?

If law enforcement was trumpeting the success of CALEA, how much money it
saved, how it caught criminals, how it saved lives; there might be a
better argument for extending it to all communications. The problem is
law enforcement has said CALEA is a failure in its eyes, so why do we
want Congress to expand a broken regime?

What's goofy is when ISPs perform investigations, they use lots of tools
which could be useful to law enforcement. Some of those tools don't have
a clear equivalent in other types of communication systems. So law
enforcement asks for things that don't always make sense simply because
that's what is in the order.

Why do both pen registers and mail covers exist? Because the law followed
the technology. When law enforcement does a mail cover, they get what
a mail cover includes. The post office doesn't cover up the return
address on the envelope because law enforcement only had a pen register
order, but not a trap and trace order for the postal envelope. When
developing systems for the PSTN, it turned out to be easier to collect
the outgoing dialed digits on a phone line than the incoming calling
number (pre-ss7 days). So the law split called numbers from calling
numbers instead of trying to extend the postal service mail cover into
the telephone. Trying to force the technology just makes everything
grumpy. Do you pay a $10,000 fine everytime you fail to include the
return address on a postal letter?

Other technologies have similar natural boundaries. The US J-STD-25 and
the EU ETSI frameworks are trying to go backwards. It creates a
very complicated framework. Great for interception vendors, lousy for
everyone else. What are the natural boundaries and how do they match
up with people's expectations of privacy or other legal structures?

John,
  
  While I agree that not many domestic (or EU) vendors will offer services
contrary to the law in this area, do you truly believe this won't simply cause
companies that really want to make money in this market to move to places where
the laws are less difficult? Afterall, I can get pretty good fiber connectivity
in Malaysia or other parts of Asia/SoPac without really needing to worry much about
any sort of LI procedures. As long as the company offering the services does so
via a web site and can collect on credit card billings (even if they have to keep
rotating shell companies that do the billings), money can be made without dealing
with US regulations.

  Frankly, the harder DOJ works on pushing this LI crap down our throats, the
more damage they will do to US internet industry and consequently the more job-loss
they will create. Terrorists that are sophisticated enough to be a real threat
already know how to:

  1. Cope with lawful intercept through disinformation and other tactics.
  2. Encrypt the communications (voice or otherwise) that they don't want
    intercepted -- It's just not that hard any more.

  I think the only advantage to DOJ working this hard on LI capabilities is that
it may raise public awareness of the issue, and, may help get better cryptographic
technologies more widely deployed sooner. Other than that, I think it's just a lose
all the way around.

Owen

John,

While I agree that not many domestic (or EU) vendors will offer services
contrary to the law in this area, do you truly believe this won't simply cause
companies that really want to make money in this market to move to places where
the laws are less difficult? Afterall, I can get pretty good fiber connectivity
in Malaysia or other parts of Asia/SoPac without really needing to worry much about
any sort of LI procedures. As long as the company offering the services does so
via a web site and can collect on credit card billings (even if they have to keep
rotating shell companies that do the billings), money can be made without dealing
with US regulations.

With respect to enforcement, I am sure there are ways to prevent
being caught involving amusing offshore logistics, but that will still
prevent the vast majority of US businesses from offering non-2281
compliant services.

Frankly, the harder DOJ works on pushing this LI crap down our throats, the
more damage they will do to US internet industry and consequently the more job-loss
they will create. Terrorists that are sophisticated enough to be a real threat
already know how to:

1. Cope with lawful intercept through disinformation and other tactics.
2. Encrypt the communications (voice or otherwise) that they don't want
  intercepted -- It's just not that hard any more.

I think the only advantage to DOJ working this hard on LI capabilities is that
it may raise public awareness of the issue, and, may help get better cryptographic
technologies more widely deployed sooner. Other than that, I think it's just a lose
all the way around.

I'm not advocating the DoJ's position on this matter, just trying to
clarify it for the list (since it was rather muddled in earlier postings).

/John

> I think the only advantage to DOJ working this hard on LI capabilities

is that

>it may raise public awareness of the issue, and, may help get better

cryptographic

>technologies more widely deployed sooner. Other than that, I think it's

just a lose

>all the way around.

I'm not advocating the DoJ's position on this matter, just trying to
clarify it for the list (since it was rather muddled in earlier postings).

/John

They, "the DOJ" is just trying to do it's job, as they are under the
microscope due to the fumbles that led to the compromises by an obviously
inept predecessor. Now, they are tighten the screws on everything from
telecoms to bank accounts; to prevent another round of fumbled information
resulting in a preventable issue going unchecked.

I don't like all of the hoops either but, nothing we do or say is going to
change their minds or their course of action.

-Peter

With respect to enforcement, I am sure there are ways to prevent
being caught involving amusing offshore logistics, but that will still
prevent the vast majority of US businesses from offering non-2281
compliant services.

Off-shore would be the NSA, not the FBI. The NSA has not reported any
problems tapping VOIP communications. But the NSA's budget is a lot
bigger than the FBI's :slight_smile:

There are lots of examples of extraterritoriality. MasterCard built a
data center in Europe to process European credit card transactions. The
US Department of Transportation restricts the use of Canadian train
dispatchers controlling portions of US railroad tracks. All the telephone
switches serving Palestinian Territory are physically located in Israel.

Several third-world countries have been trying to block the use of
international VOIP. There aren't that many international networks, with
appropriate pressure, they could block/tap/whatever people trying to use
extraterritorial VOIP.

I'm not advocating the DoJ's position on this matter, just trying to
clarify it for the list (since it was rather muddled in earlier postings).

The Department of Justice has been successfully tapping computer networks
since at least 1995.

http://www.usdoj.gov/opa/pr/1996/March96/146.txt

  FEDERAL CYBERSLEUTHERS ARMED WITH FIRST EVER COMPUTER
       WIRERTAP ORDER NET INTERNATIONAL HACKER CHARGED WITH
      ILLEGALLY ENTERING HARVARD AND U.S MILITARY COMPUTERS

  WASHINGTON, D.C. -- The first use of a court-ordered wiretap on
  a computer network led today to charges against an Argentine man
  accused of breaking into Harvard University's computers which he
  used as a staging point to crack into numerous computer sites
  including several belonging to the Department of Defense and
  NASA.

  The wiretap, on the computer of Harvard's Faculty of Arts
  and Sciences during the last two months of 1995, resulted in the
  filing of a criminal complaint against 21-year-old Julio Cesar
  Ardita of Buenos Aires. An arrest warrant has been issued for
  Ardita.

It is not a technical problem (maybe 5% technical, 95% non-technical).

I don't disagree LEA may have a problem. However, almost all of the
"problems" identified have been with either money, training for law
enforcement, or non-IP technologies (i.e. push-to-talk on Nextel, which
doesn't require a connection to the PSTN).

If you mean the 'misplaced' information surrounding the 9/11 hijackers,
I'm not sure any amount of wiretapping/snooping would have ever changed
the situation. The problem was more related to, according to news reports
and senate (house?) hearings/testimony, miscommunications inside each of
the parts of the DoJ/CIA/NSA. All the wiretapping in the world wont get
information passed correctly inside these organizations.

Smoke screen efforts are less helpful and are simple diversions from the
reality of the problem.

>
> They, "the DOJ" is just trying to do it's job, as they are under the
> microscope due to the fumbles that led to the compromises by an

obviously

> inept predecessor. Now, they are tighten the screws on everything from
> telecoms to bank accounts; to prevent another round of fumbled

information

> resulting in a preventable issue going unchecked.

If you mean the 'misplaced' information surrounding the 9/11 hijackers,
I'm not sure any amount of wiretapping/snooping would have ever changed
the situation. The problem was more related to, according to news reports
and senate (house?) hearings/testimony, miscommunications inside each of
the parts of the DoJ/CIA/NSA. All the wiretapping in the world wont get
information passed correctly inside these organizations.

Smoke screen efforts are less helpful and are simple diversions from the
reality of the problem.

I disagree, as there are listening stations in almost every language that
have been very useful; I've seen them, built them some over the years and
watched others start-up, . The DOJ needs to be able to do the same with the
voip/networks/internet and soon intranet. A few of the major ISP's / Mail
Houses already have special contracts running Kenan's SQL over the mail
archives before they are expunged. I imagine that issue will soon apply to
us all here in the US. You are correct that there is nothing that is going
to make a government organizations work or actually do their job; with
exception of obtaining yet another holiday.

-Peter

I disagree, as there are listening stations in almost every language that
have been very useful; I've seen them, built them some over the years and
watched others start-up, . The DOJ needs to be able to do the same with the
voip/networks/internet and soon intranet.

and don't forget the television cameras in people's living and bed
rooms.

randy

>
> Smoke screen efforts are less helpful and are simple diversions from the
> reality of the problem.
>

I disagree, as there are listening stations in almost every language that
have been very useful; I've seen them, built them some over the years and
watched others start-up, . The DOJ needs to be able to do the same with the
voip/networks/internet and soon intranet. A few of the major ISP's / Mail

yes, agreed. moving toward the next technology of snooping is a good thing
for DoJ.

Houses already have special contracts running Kenan's SQL over the mail
archives before they are expunged. I imagine that issue will soon apply to
us all here in the US. You are correct that there is nothing that is going
to make a government organizations work or actually do their job; with
exception of obtaining yet another holiday.

my smoke screen reference was aimed at the "but the doj must do this to
show action, because of their floundering and poor performance in the
past which lead to catastrophes".

Sorry for not being clear.

You can request copies of the law enforcement needs documents at

http://www.askcalea.net/standards.html

Packet Surveillance Fundamental Needs Document (PSFND)
Electronic Surveillance Needs for Carrier Grade Voice over Packet Service (CGVoP)
Electronic Surveillance Needs for Public IP Network Access Service (PIPNAS)

If you don't like sending your name and email address to the FBI, try
Google.

The VOIP document is about 80 pages long, the IP document is about 100
pages. However, the historical practice has been to revise and extend the
requirements. So there may be additional needs which aren't included in
these documents. They are very extensive needs, not just maintaining the
status quo.

Is "sound transmitted" call-content or call-identification action? On
the other hand, is "silence" call-content or call-identification? When
reporting every packet transmitted as call-identification information
really letting you partially peak into the content (sound/silence) without
the hassle of a content intercept order? People have guessed the length
of people's passwords based on the number of packets, even though they
couldn't decrypt the packets.