Interesting People mailing list archives
more on FCC VoIP 911 order
From: David Farber <dave () farber net>
Date: Mon, 23 May 2005 06:13:27 -0400
Begin forwarded message: From: Brad Templeton <btm () templetons com> Date: May 22, 2005 9:36:08 PM EDT To: David Farber <dave () farber net> Cc: gumby () henkel-wallace org, N3jmm () aol com Subject: Re: [IP] more on FCC VoIP 911 order On Sun, May 22, 2005 at 05:20:24PM -0400, David Farber wrote:
From: DV Henkel-Wallace <gumby () henkel-wallace org> Consider this implementation: the FCC mandates the following: every DHCP client sold must accept a new location identifier. Every commercial VOIP phone or service must get this info and pass it on for E911 use. Every commercial dhcp server (e.g. in your cheapo "cable router" box) ISP would be required to get this info from the ISP (they have that info already anyway) and pass it onto its own dhcp clients. Public access providers (e.g. libraries and cafe hotspot operators) would be required to upgrade; the rest of us would just do it automatically, accept for those of us who build our own gear, relay our traffic over encrypted tunnels, etc.
Your proposal is very similar to the one I blogged earlier at: http://ideas.4brad.com/archives/000203.html However, it need not be mandated so strongly. It would just be a wayfor devices to ask their geographic location from the server (DHCP) which
already exists to tell them things about their LAN and themselves. This would be the preferred route, but VoIP providers could offer as a backup the thing they currently do -- providing a UI for the user to input an address, which would be used if the devices does not provide one. Thus the DHCP servers are not mandated to do anything under the law, they just are _able_ to do so, and thus be better than the ad-hoc backup approach already in use. The reason this is important is privacy. The VoIP provider method, or any global ISP method, creates a giant database of people's locations, and indeed of their locationsas they roam! The VoIP provider, using the ad-hoc method, gets a possible
log of everywhere you've declared yourself for emergency service calls. My approach (and yours) put the decision in the endpoint, with a backup in the central servers only if the endpoint is unable to provide the data. The current systems used by VoIP providers will in fact, not be likely to be updated as to your location when you go into a starbucks or hotel or even move from home to office, and so are a worse choice except as a last line. In fact, the proposal I draft goes further. A DHCP server, if securedto do so, could in fact tell you where to call for "911". Ie. at a company
it could be company security with a fallback to a PSAP.You do need some security on all of this, however, to avoid attacks where people fake out DCHP to lie to you about where you are -- this is already
a vulnerability when not on a trusted network. There is another middle system as well, DNS LOC, but that identifies the location of domains, not networks, and is commonly public, not private. It is important that the FCC E911/VoIP manadate not become a complete roaming tracking database on users, and that instead your location only be revealed when you wish it to. Indeed, even if you wish to call 911 without revealing your location, that should be possible. ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on FCC VoIP 911 order David Farber (May 22)
- <Possible follow-ups>
- more on FCC VoIP 911 order David Farber (May 23)
- more on FCC VoIP 911 order David Farber (May 23)