Interesting People mailing list archives
FBI request to FCC for packet CALEA [declan () well com: [Politech] FBI, Justice Dept. seek wiretaps for VoIP conversations [priv]]
From: Dave Farber <dave () farber net>
Date: Thu, 08 Jan 2004 19:05:56 -0500
Delivered-To: dfarber+ () ux13 sp cs cmu edu Date: Thu, 08 Jan 2004 12:18:55 -0800 From: Seth David Schoen <schoen () eff org> Seth David Schoen writes: > I'll ask Declan if he knows a docket number for this. So I want to renew a point I had raised earlier. In packet telephony, unlike in the traditional telco world, it is not necessary for systems to be designed so that a "carrier" can access the "content" of communications. Whether they are is an engineering decision that might be influenced by other considerations, such as economics and politics. A strange assumption that carriers can get content in the first place underlies the FBI's packet CALEA campaign. But designing the networks that way is disfavored both by privacy advocates (that's us) and many security engineers, who point out that risks of illicit interception are enhanced. (It's kind of parallel to the Clipper Chip issue. If you create a mechanism for law enforcement access, your system is likely to be much less secure overall than if you don't. People other than law enforcement can attack the system using the mechanisms that were created for law enforcement. Nobody knows how to make a system that merely provides law enforcement access while being in every other respect just as secure as the alternatives.) I haven't been able to figure out what is motivating companies to make the design decisions they've been making. The results of those decisions have been that people who use many commercial VOIP services probably have significantly less privacy protection than people who use decade-old open source VOIP software (that might happen to be less user-friendly and less interoperable). In that sense, their decisions have been a step backwards. Is there anything we can do about this? Is there any way that we can get VOIP companies to stop knowing what their customers are saying? Here's what I wrote about this last week on Dave Farber's list: > Here is a more fundamental question. When you make a VOIP call, why > does your service provider know your session key? (Or, in the > alternative, when you make a VOIP call, why isn't your conversation > encrypted with a session key?) > > There have been software VOIP applications for years (PGPfone and > SpeakFreely are the earliest I recall) that do end-to-end encryption. > If VOIP "carriers" don't do that, they have taken a technological step > backward. > > What a hollow "victory" over the Clipper Chip if all your voice session > keys are "escrowed" down at some VOIP technology company (which is > safeguarding them less well than the Clipper plan would have). (One possible interpretation is that existing VOIP companies don't have a privacy-friendly business model because they think of themselves as selling _services_ instead of _devices_. If instead they sold VOIP phones that worked with any ISP's data service and absent any future relationship with the VOIP company, there might be many fewer incentives not to include strong privacy protections, especially if the VOIP devices themselves have to compete on feature set.) -- Seth Schoen Staff Technologist schoen () eff org Electronic Frontier Foundation http://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107
------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- FBI request to FCC for packet CALEA [declan () well com: [Politech] FBI, Justice Dept. seek wiretaps for VoIP conversations [priv]] Dave Farber (Jan 08)