June 12, 2006 9:00 PM PDT

Technologists assail federal Net-tapping rules

Federal regulations saying that police must be able to tap into Internet phone conversations with ease are coming under renewed attack from academics, engineers and one of the Net's founding fathers.

A 21-page study (click for PDF) to be released Tuesday says it's impossible for the government to expect all products that use voice over Internet protocol, or VoIP, to comply with the Federal Communications Commission's September 2005 requirement mandating wiretapping backdoors for government surveillance. That requirement is backed by the Bush administration.

Listening in

The study, organized by the Information Technology Association of America, says that because VoIP relies on a fundamentally different network architecture from that of traditional phone lines, such a mandate would pose "enormous costs" to the industry and could even introduce significant security risks.

The nine contributors included Vint Cerf, Google's chief Internet evangelist and one of the Net's founding fathers; Steven Bellovin and Matt Blaze, both prominent computer security professors who specialize in security; Clinton Brooks, a former National Security Agency official; and engineers from Sun Microsystems and Intel.

The report follows a ruling Friday by a federal appeals court in Washington, D.C., that upheld the legality of the FCC's wiretapping regulations. Librarians, community colleges, and companies including Sun had challenged the rules, saying the FCC did not have the authority to extend the Communications Assistance for Law Enforcement Act, or CALEA, to the Internet. (The decision may be appealed.)

Even without the FCC rules that are scheduled to take effect in May 2007, police have the legal authority to conduct Internet wiretaps--that's precisely what the FBI's Carnivore system was designed to do. Still, the FBI has claimed, the need for "standardized broadband intercept capabilities is especially urgent in light of today's heightened threats to homeland security and the ongoing tendency of criminals to use the most clandestine modes of communication."

The controversy over the FCC mandatory wiretapping regulations comes as the Bush administration is facing increasing congressional pressure, especially from Sen. Arlen Specter, a Pennsylvania Republican, over its telephone and Internet surveillance program overseen by the National Security Agency. AT&T is being sued in a separate case in San Francisco over allegations that it cooperated in a way that violated federal privacy laws.

The nature of VoIP could also elevate the risk that authorities aren't eavesdropping on the person they originally had in mind, the ITAA report's authors argue. Because it's theoretically simple for an individual to acquire multiple VoIP phone numbers, "recognizing and tracking the multiple identities that are so natural to the Internet lifestyle would be taxing."

In addition, the study says, allowing full access by law enforcement would almost certainly require overhauling inherently decentralized networks to allow for certain points where interception would take place--and open up new security risks in the process. That's because such an arrangement would arguably make it easier for hackers to capture identity information and passwords, engage in "man-in-the-middle alteration of data," or potentially spoof the communications going on.

"It's sort of like if you were chasing someone and you knew they had to go over a particular bridge," said Mark Uncapher, a senior vice president at ITAA.

Though there may be some security concerns, the benefits of mandating wiretapping access outweigh the costs, said Tim Richardson, senior legislative liaison for the Fraternal Order of Police. (Many police organizations, including the National Sheriffs' Association, the Police Executive Research Forum, the Illinois State Police and the Tennessee Bureau of Investigation petitioned the FCC in favor of the wiretapping rules.)

"If that was going to increase the propensity for crime, that's something that law enforcement would take a look at," Richardson said. "But the adaptability of technology is so great in this day and age that I have a high degree of faith in the initiative that (companies would employ to find something) that's not as costly and doesn't compromise the security of their networks."

Complexities involved in meeting such a mandate exist on a number of levels, the ITAA report said. One problem is that, in contrast to traditional telephones, whose calls can virtually always be traced to a centralized switching location, VoIP users are often nomadic.

"The paradigm of VoIP intercept difficulty is a call between two road warriors who constantly change locations and who, for example, may call from a cafe in Boston to a hotel room in Paris and an hour later from an office in Cambridge to a gift shop at the Louvre," the report says, and adds that building in mandatory wiretapping hubs for real-time interception is so expensive that it could put smaller companies out of business.

See more CNET content tagged:
CALEA, VoIP, Vint Cerf, NSA, Bush Administration

11 comments

Join the conversation!
Add your comment
Those rascals at C-Net, at it again
It's only 8 in the morning, so I haven't had time to catch up on all of the latest articles from the moonbat left yet, although the "Global warming causes polar bears to eat their young" story in the MSM was pretty good.

Then I read that Head Moonbat Al Gore is planning on enlisting 1,000 people to help spread the word that the earth only has months to live (unless you buy his book or watch his movie, of course), and, knowing the 'New, Improved' C-Net, I figured they'd be eager to hype the story.

Imagine my disappointment. :(

It honestly just doesn't feel like a 'good day' unless I get the chance to slap around a few Far Left wingnuts. What a bummer.

But wait! There's light at the end of the tunnel. Resolving to redeem itself in my eyes, C-Net has once again decided that they'd rather have another 9/11 (or much worse) than to take the tiniest chance that one of our precious "civil liberties" might be infringed upon, and thus they ran this article.

Actually, I found the article to be pretty boring, but I did think this one line was particularly revealing:

"...and could even introduce significant security risks."

So let me ask just one little question:

If terrorists use VoIP to plan a 'dirty bomb' attack on New York City and Washington, DC, and untold millions of people die because left-leaning organizations such as C-Net have helped to curtail the monitoring of VoIP, would that also be considered a "significant security risk"?

If you catch my drift.

Or maybe there's a better way to put it:

Those precious "civil liberties" aren't going to do you much good if you're DEAD, folks.

Recommended reading:

<a class="jive-link-external" href="http://www.valcondria.com/rainy/text/nsa.htm" target="_newWindow">http://www.valcondria.com/rainy/text/nsa.htm</a>
<a class="jive-link-external" href="http://www.valcondria.com/rainy/text/warming.htm" target="_newWindow">http://www.valcondria.com/rainy/text/warming.htm</a>
<a class="jive-link-external" href="http://www.valcondria.com/rainy/text/mrlong.htm" target="_newWindow">http://www.valcondria.com/rainy/text/mrlong.htm</a>

Just another fun day in Happyland.
Posted by Joe Bolt (62 comments )
Reply Link Flag
I'd rather be a moonbat than an evildoer
You really need to start appreciating those precious little civil liberties because if you don't, it's going to backlash on you one day so hard you'll see stars in color. You see, all this snooping your President wants to do is so that he can weed out those that don't agree with his policies.

There is a group, in which he is part of. It's called the Illuminati. To find out what it means, look it up in the dictionary. It's there, and, if you had half a brain, you'd be scared out of your wits.
Posted by casper2004 (267 comments )
Link Flag
Those crazy terroists are at it again
Man, seems an honest American can't do a thing anymore because ******* like joe bolt are scared of 'dem terrorists hiding around every corner.
Posted by Richard G. (137 comments )
Link Flag
ridiculous anyway
VoIP is eventually going to be all peer to peer and with on the fly
PKI encryption, it is simply impossible to listen in, no matter how
much money is spent on eavesdropping infrastructure.

The only thing they will be able to track is which IP address had
established a VPN connection with which other IP address at
what time and for how long, how many packets went back and
forth. It will be difficult enough to second guess (by the amount
of data) whether the session was for voice or something else.

In fact, all this talk of wiretapping is actually counterproductive.
If you are a criminal or a terrorist, you are now alerted to the
fact that if you use mainstream VoIP services, your calls will be
tapped by the NSA. So, what are you going to do? You will run a
software phone and a VPN software that will establish an
encrypted tunnel to your co-conspirator and then the FBI and
NSA guys are locked out for good. We are talking about
technology that can be downloaded free of charge and runs on
any average notebook computer. The government can't make
VPN software illegal, so they would either have to try to regulate
it (must register for a license if you want to use VPN software) or
make software phones illegal (ban the development and
distribution of SIP, H323, MGCP software stacks).

Well, I don't think this will be enforceable.

On the other hand, if they just leave this alone, then they may
catch the occassional stupid criminal who using an unencrypted
mainstream VoIP to PSTN gateway service and ends up in a
traditional wiretap.

However, in the long run, all phone calls will eventually be peer-
to-peer and encrypted. Tough luck for law enforcement, they
better get used to it.
Posted by balooh (37 comments )
Reply Link Flag
enough is enough
I'm really tired of hearing about these invasions of privacy. Why can't these companies just say no?? It can't be that hard. They complain about all the work involved in meeting these requirements, wouldn't it be easier for them to say, "no, we're not going to let you invade our customer's privacy."

Any company that does that has at least one life long customer.

-Jeff
www.cigarexperience.com
Posted by Jeff419 (17 comments )
Reply Link Flag
Just say no
No? You don't want to let this nice NSA gentlman into your network? Ok then, we understand.

By the way, and totaly unrelated of course but, by the way, are you sure all your taxes are up to date? What issues are you currently lobbying on? How's that government issued corporate certification doing?
Posted by jabbotts (492 comments )
Link Flag
its bad for business
If companies started saying "no" to government requests, the government would then either not allow to conduct business in any area the government had influence over (say, the United States) or would get the request made into a mandate.
Posted by Vurk (147 comments )
Link Flag
The terrorists are everywhere! Oh no!
I think the first poster needs to read and absorb the following:

"First they came for the Jews. But I didn't speak up because I was not a Jew. Then they came for the communists. But I didn't speak up because I was not a communist. Then they came for the trade unionists. But I didn't speak up because I was not a trade unionist. Then they came for the Catholics. But I didn't speak up because I was a Protestant. Then they came for me. And by that time no one was left to speak up." - Pastor Martin Niemoller

Insert "terrorist" instead of Jew(s) and you'll see what I mean. Who's next? You can't just ignore the government spying as you may very easily be the next victim. You do realize that Muslims and "terrorists" are simply scapegoats and not to mention most of the so-called "terrorists" were created by the U.S imperialistic empire. Study your history! George Washington was a terrorist of sorts.

Dave
Posted by Dave_Brown (46 comments )
Reply Link Flag
Net-Tapping Rules- Bugged Patients- Telephone/Building Illegal Wire Tapping
Even after President Bush announced on a televised address for those involved in tapping to STOP, because it is truly a private american citizens civil rights and privacy act which are violated continuously. The police, fbi, along with their caravan of wire, net, telephone, computer, buildings of differnt businesses including people's personal home of residence are constantly intruded, interfered, invasion happens along with identify theft which usually occurs, than further with the set-up pre-meditated scam and scheme of all, different tactics to abuse, neglect, steal, transport, humiliate, brutality, degrading those whose privacy were invaded. There is especially a constant threat when there are so many different cultures, religions, nationalities, etc. to over-populate a city, county, state, town, and this entire united states. However, that is no excuse for tapping, which is according to federal rules and regulations illegal, especially the vast amount of current events which has taken place and will usually lead to the destruction of the human beings made victims to these awful brutal people that need to be fired and a new hiring should occur. Here, in the state of Maryland, it seems to have become one of the worst states and among those other states noted for its downfall due to poor authority. The continued illegal use of sound equipment, microphones, within the states will finally stop. In the meantime, police, fbi, fire department, ambulatory employed staff are illegally listening along with criminals such as rapists, murderers, sex offenders, thieves, robbers, and those who are committing crimes because of the lack of privacy.
Posted by Maryandsandy (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.