more on cryptome: How the FBI Surveils the Net-Official Use Only

[Dave Farber <dave () farber net>]

Delivered-To: dfarber+ () ux13 sp cs cmu edu
Date: Fri, 02 Jan 2004 12:36:38 -0800
From: Seth David Schoen <schoen () eff org>
Subject: Re: [IP] cryptome: How the FBI Surveils the Net-Official Use Only
Sender: Seth David Schoen <schoen () zork net>
To: Dave Farber <dave () farber net>

Dave Farber writes:

> Delivered-To: dfarber+ () ux13 sp cs cmu edu
> Date: Fri, 02 Jan 2004 10:18:17 -0800 (PST)
> From: Joseph Lorenzo Hall <jhall () SIMS Berkeley EDU>
> Subject: cryptome: How the FBI Surveils the Net-Official Use Only
> To: Declan McCullagh <declan () well com>, Dave Farber <dave () farber net>
>
> Hi Declan, Dave,
>
> I thought you two and your respective lists might find this
> interesting... posted by Mr. Young at Cryptome:
>
> How the FBI Surveils the Net-Official Use Only
> http://cryptome.org/fbi-cgvop.zip
> (a ~400KB zipped PDF file)
>
> It contains the document, "Electronic Surveillance Needs for
> Carrier-Grade Voice over Packet (CGVoP) Service"
>
> ( A version of this document where copying and pasting has been
> enabled is here:
> 
http://www.why-war.com/resources/files/fbi_surveillance_voice_over_packet.pdf
> )
>
> I'm in no way qualified to analyze this document, although I'm sure
> some VoIP people out ther are... here's the last paragraph of the
> exec. sum.:
>
> "To facilitate industry interaction, this document captures law
> enforcements needs regarding LAES [Lawfully authorized electronic
> surveillance] capabilities for CGVoP [Carrier-Grade Voice over Packet]
> Service. The document focuses mainly on communicationidentifying
> information associated with service-related events that are of
> interest to law enforcement. The document also addresses law
> enforcements needs regarding the content of CGVoP communications."

I think it's more a matter of "how the FBI wants to surveil the net"
than "how the FBI surveils the net".  They have described these as
"needs" and "requirements" and there are some big fights brewing over
packet CALEA.  (Of course, most of the substance of these fights is
FBI and DOJ people describing their "needs" and getting press to
report on the issue.  This has been going on for over a year now and
is now bleeding into the question of whether or not VOIP companies are
legally to be carriers regulated by the FCC.)

Here is a more fundamental question.  When you make a VOIP call, why
does your service provider know your session key?  (Or, in the
alternative, when you make a VOIP call, why isn't your conversation
encrypted with a session key?)

There have been software VOIP applications for years (PGPfone and
SpeakFreely are the earliest I recall) that do end-to-end encryption.
If VOIP "carriers" don't do that, they have taken a technological step
backward.

What a hollow "victory" over the Clipper Chip if all your voice session
keys are "escrowed" down at some VOIP technology company (which is
safeguarding them less well than the Clipper plan would have).

--
Seth Schoen
Staff Technologist                                schoen () eff org
Electronic Frontier Foundation                    http://www.eff.org/
454 Shotwell Street, San Francisco, CA  94110     1 415 436 9333 x107 

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/