more on VoIP CALEA -- the NSF does work for guess who ? djf

[David Farber <dave () farber net>]

Begin forwarded message:

From: Brad Templeton <btm () templetons com>
Date: August 10, 2005 4:06:15 PM EDT
To: David Farber <dave () farber net>
Cc: tom_gray_grc () yahoo com
Subject: Re: [IP] more on VoIP CALEA -- the NSF does work for guess  
who ? djf


Dave, you can add this note to my prior note if you wish to
forward it or either.

On Wed, Aug 10, 2005 at 06:14:07AM -0400, David Farber wrote:

> There is no great difficulty in arranging for the
> interception of Internet-only voice calls, contrary to
> what has been written in earlier messages in this
> thread.
....

> It would seem to be very simple for providers such as
> SKPE and Vonage to intercept Internet-only voice
> calls. The intereception could be done at the packet
> forwarder. In most cases the packet forwarder is
> required. Even in cases where it is not required, the
> client software could be set up to accept a management
> instruction amd silently send all packets thorugh a
> forwarder without infromting the user.
>
> Tom Gray

Skype, as far as we know (they don't reveal the details) encrypts
end to end.  The external PC which is recruited to forward
packets for people behind NAT does not, as far as I know, have
the ability to decode the voice.  If it does, that would be a
surprisingly poor encryption design, and a provider like Skype
could change it.

Skype is standalone software.  It queries Skype's master servers
for information on where to do directory lookups and find external
servers, but otherwise Skype's servers do not appear to participate
in the calls, and thus, without modification of the downloaded
software, could not interfere with or even be aware of calls, short
of suborning the entire list of "volunteer" forwarding computers
provided to the client.

And as I noted before, rerouting IP to IP calls adds considerable
problems.   I am building a VoIP phone service which connects two
people by ringing both their phones.  However, it does not, as most
such services do, bridge the calls in a central point.  Both endpoints
send their audio to one another directly.  A central wiretap is
not workable on such a call.   The system could tell both endpoints
to talk to a bridge, which would be detectable and increase latency.

One could easily provide software to watch for this and turn on an
indicator on the phone saying, "Your line is tapped!"  In some ways,
criminals might find it more useful to have a phone where they can
tell if it's tapped to provide disinformation, rather than just
avoiding taps altogether as you would with Skype.


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/