Educause Security Discussion mailing list archives
paper on security implications of CALEA-VoIP
From: Doug Pearson <dodpears () INDIANA EDU>
Date: Sat, 15 Jul 2006 09:46:03 -0400
Paper: Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP http://www.itaa.org/news/docs/CALEAVOIPreport.pdf Authors: Steven Bellovin, Columbia University Matt Blaze, University of Pennsylvania Ernest Brickell, Intel Corporation Clinton Brooks, NSA (retired) Vinton Cerf, Google Whitfield Diffie, Sun Microsystems Susan Landau, Sun Microsystems Jon Peterson, NeuStar John Treichler, Applied Signal Technology The paper sets background that CALEA is taking a much too simplified view of VoIP and that lack of understanding has led to potentially dangerous policy decisions, e.g. that CALEA should apply to all forms of VoIP, regardless of the technology involved in its implementation. It describes that in some cases intercept against a VoIP call is straightforward, e.g. fixed location and IP address, simple connection to the network, but if any of those conditions aren't met the problem of assuring interception is enormously harder. The paper goes on to make the point that in order to extend authorized interception much beyond the easy scenario, it's necessary either to eliminate the flexibility that Internet communications allow or introduce serious security risks to domestic VoIP implementations. The former would have significant negative effects on U.S. ability to innovate, while the latter is simply dangerous. The current FBI and FCC direction on CALEA applied to VoIP carries great risks. The paper, amplifies and expands on those issues. Doug Pearson PGP: http://mypage.iu.edu/~dodpears/dodpears_pubkey.asc Research and Education Networking ISAC 24x7 Watch Desk: +1(317)278-6630, ren-isac () iu edu web: http://www.ren-isac.net
Current thread:
- paper on security implications of CALEA-VoIP Doug Pearson (Jul 15)