paper on security implications of CALEA-VoIP

[Doug Pearson <dodpears () INDIANA EDU>]

Paper:
Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP

http://www.itaa.org/news/docs/CALEAVOIPreport.pdf

Authors:
Steven Bellovin, Columbia University
Matt Blaze, University of Pennsylvania
Ernest Brickell, Intel Corporation
Clinton Brooks, NSA (retired)
Vinton Cerf, Google
Whitfield Diffie, Sun Microsystems
Susan Landau, Sun Microsystems
Jon Peterson, NeuStar
John Treichler, Applied Signal Technology

The paper sets background that CALEA is taking a much too simplified view of VoIP and that lack of understanding has 
led to potentially dangerous policy decisions, e.g. that CALEA should apply to all forms of VoIP, regardless of the 
technology involved in its implementation. It describes that in some cases intercept against a VoIP call is 
straightforward, e.g. fixed location and IP address, simple connection to the network, but if any of those conditions 
aren't met the problem of assuring interception is enormously harder.

The paper goes on to make the point that in order to extend authorized interception much beyond the easy scenario, it's 
necessary either to eliminate the flexibility that Internet communications allow or introduce serious security risks to 
domestic VoIP implementations. The former would have significant negative effects on U.S. ability to innovate, while 
the latter is simply dangerous. The current FBI and FCC direction on CALEA applied to VoIP carries great risks. The 
paper, amplifies and expands on those issues.


Doug Pearson
PGP: http://mypage.iu.edu/~dodpears/dodpears_pubkey.asc
Research and Education Networking ISAC
24x7 Watch Desk: +1(317)278-6630, ren-isac () iu edu
web: http://www.ren-isac.net