404


ERROR 404 - PAGE NOT FOUND
Oops! Looks like the page you're looking for was moved or never existed.
Make sure you typed the correct URL or followed a valid link.

Google
 

We recommend you load this web site using Firefox.

All the money from this page is donated to charity. Click here if you wish to change this page.
Least Expensive Tramadol Is Tramadol Safe Is Tramadol A Opiate Experience Snort Tramadol Why Is Tramadol Prescribed What Does Tramadol Treat What Drug Class Is Tramadol Ultram And Drug Interactions Tramadol Hcl Apap Tramadol 100mg Next Day Tramadol Valium Buy Valium Compare Lorazepam Valium Valium Sale Australia Valium Xanax Valium Online Generic Valium Valium Overdose Cheap Valium Valium Vs Xanax Order Valium Online Buy Valium Online Valium Effects Xanax Valium Valium Addiction Valium Side Effects Drug Valium Valium For Dog Dj Valium
Search
Home  |   About Me  |   Email Me  |   Bookshelf  |   BlogRoll  |   Archives  |     |  
   
« The New Web 2.0 Bubble: The Pixel Wars
Mechanical Turks and Web Services: Amazon.com’s Latest Innovation »

VOIP Wiretaps: A Means to an End or A Waste of Time?



   

Not surprisingly, stories about senior politicians and quasi-celebrities grabbed headlines this week. But an important announcement from the FCC flew under the radar–even though it could have a significant effect on our daily lives in the future.

I’m referring to a recent FCC ruling mandating that VOIP providers must configure their networks to support easy wiretapping by police. Older legislation already requires that traditional telecommunications carriers build in technical hooks to enable surveillance; the basic idea is to extend these capabilities to VOIP companies to prevent criminals from using VOIP to avoid lawfully authorized surveillance. This is notable for obvious reasons: according to the Administrative Office of the US Courts, in 2002, police intercepted more than 2 million conversations (via CNet).

In response, a number of groups–including Sun, Pulver.com, Center for Democracy and Technology, and the Electronic Frontier Foundation–sued the FCC, saying it had overstepped its authority. Aside from concerns about privacy and civil liberties, the groups claim the new regulation would (1) increase costs to customers, (2) introduce potential security vulnerabilities (because adding wiretapping capabilities would add complexity to VOIP systems, and, in so doing, possibly create new security weaknesses), and (3) open up other internet applications, like XBox Live or Instant Messenger, to surveillance.

I don’t like the new FCC ruling–but not necessarily because of the objections cited above. One could argue that it’s worth dealing with extra cost and complexity if doing so will increase public safety (again, leaving aside privacy issues). However, it’s doubtful that the new regulations will provide the benefits regulators seek. The new regulations are apparently limited to “facilities-based broadband Internet access service providers and VoIP providers that offer services permitting users to receive calls from, and place calls to, the public switched telephone network (PSTN).” By the letter of the law, then, the new rules would cover PSTN-connected services like Vonage and SunRocket but not peer-to-peer products like Google Talk and Skype. This seems to be a pretty big loophole.

It’s unclear if the FCC intends to apply their new rules to all VOIP services. Even if they want to, though, I doubt they can. Technology is the culprit:

  • First, peer-to-peer applications like Skype have no central point or server where wiretaps could be successfully placed. Instead, Skype works by breaking voice conversations into small packets of data; each packet travels from sender to receiver along its own (often unique) path. At the receiver’s end, Skype’s software then re-combines packets to form a recognizable voice. To accommodate the FCC’s wiretapping regulations, Skype would likely need to rewrite its software to create a centralized node.
  • Second, many VOIP products automatically encrypt all calls. Skype, in particular, uses an encryption standard called 256-bit AES (the same standard was approved by NSA for securing classified data). Even if wiretaps recorded conversations made using Skype, decryption would be hard. How hard? According to the National Institute of Standards and Technology (NIST): it took 20 years to crack an older encryption standard called DES. If you built a machine that could crack DES in just 1 second, it would take that machine 149 trillion years to crack a 128-bit AES key (via Trapeze Networks). Skype uses 256-bit keys, which are much, much more secure.
  • Third, even if the US Government could force Skype to provide mechanisms for easy authorized wiretapping and also to provide keys to get past the built-in encryption, it’s inevitable that a software developer somewhere in the world would create a non-compliant VOIP application. It’s too easy to write the software, and no entity, including the US Government, can police the entire internet.

Clearly, crafting sound security policy is difficult. However, given the pace of technical innovation and the emergence of peer-to-peer networks, it’s hard to see how regulatory bodies can successfully achieve any sort of centralized control over modern communications platforms. Instead, other means are needed to achieve security objectives. Unfortunately, I don’t have any brilliant ideas yet. Do you?

Posted by Dan Grossman on Saturday, October 29th, 2005 at 7:17 pm.

One Response to “VOIP Wiretaps: A Means to an End or A Waste of Time?”

links from Technoratiregulation divorced from reality, lack of basic understanding in the technology they are trying to regulate and the notion that government has to regulate every aspect of our life. I truly hope that the appeal process will overturn this decision. A Venture Forth » Blog Archive » VOIP Wiretaps: A Means to an End or A Waste of Time?

Left by Rogel's Blog on October 30th, 2005

Something to say?