Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Zimmermann, Encrypted VoIP, and Uncle Sam 325

An anonymous reader noted that Phillip Zimmermann and his VoIP encryption software are the subject of a NY Times article today. The article touches on the FCC, privacy, and related issues. Given all the suspicious behavior of the Bush Administration relating to wiretaps and phone records, this sort of thing is all the more important to be very aware of.
This discussion has been archived. No new comments can be posted.

Zimmermann, Encrypted VoIP, and Uncle Sam

Comments Filter:
  • Re:nothing to hide (Score:5, Interesting)

    by sbrown123 (229895) on Monday May 22, 2006 @01:50PM (#15382626) Homepage
    why would people with nothing to hide want to have their personal conversations listened to? And why would we want to spend our tax money to spy on people who have nothing to hide? Shouldn't we be after the terrorists instead?
  • Re:nothing to hide (Score:5, Interesting)

    by GundamFan (848341) on Monday May 22, 2006 @01:52PM (#15382643)
    How do you even know what you need to hide anymore?

    The meaning of the word terrorist could change at any moment and the deffinition of enemy combatant is equaly fluid.

    Your logic is flawed anyway... criminals are not the only group who like privacy.
  • by vaevictus (126738) on Monday May 22, 2006 @01:56PM (#15382687)
    ... but since it touts that it doesn't use 3rd party servers for key storage... ... seems like it'd be suseptible to Ye Olde Man-In-The-Middle.

    3 Zimm though. :D
  • by zappepcs (820751) on Monday May 22, 2006 @01:59PM (#15382712) Journal
    and all that relates to national security. CALEA, the thing that allows wiretaps under warrant, is in place for all previous communications methods, including paging. What government wants is CALEA type access to new communications types. HOWEVER: Neither the constitution, any ammendment, any subsequent law, or even terms of use, specify that your communications have to be made in an open unenctrypted manner. In fact, in the US, if there is no evidence, there is no crime, and no way to know the criminal. Its all part of that innocent until proven guilty mindset.

    If all your telephone calls, emails, etc. are encrypted by you and the other intended party or parties involved, there simply is nothing the government can do about it. With probable cause, they can 'try' to compel you to divulge the encryption key, but then you don't have to testify against yourself in the U.S. ... at least not yet.

    Neither can the government, church, or any other person(s) compel you to divulge your thoughts, or secrets.

    Its time for the encryption phones to start appearing on the market.

    This little problem will quickly spiral out of control until those that want to snoop on others have more work to do than they ever imagined. The basic problem here is that the people they say they want to spy on are not using the communication systems the same way as everyone else, and their communications are encrypted, or hidden in ways the government cannot prevent, nor detect with the laws and practices that they wish to install.

    Wiretapping on the scales being talked about recently are stupid, prohibitively stupid, and will be nearly 100% ineffectual.

    They can't find Bin Laden with all the military might, but somehow they are going to catch him making a phone call? uh, yeah right.... of course, its the little people that lead to the big ones, but they have been spying on the little ones all along... still haven't caught him.
  • Re:Brave New World (Score:2, Interesting)

    by advocate_one (662832) on Monday May 22, 2006 @02:05PM (#15382772)
    Because someday the FBI (or whoever) may find it harder to listen in on these encrypted conversations in cases where they have a court order to do so.

    Jesus...H... Christ... That's why they have supercomputers......... any comercial grade encryprtion/decryption program has to have a key short enough to enable real time encryption/decryption using normal computer chips... any key short enough for fast encryption/decryption of things like telephone conversations has to be easily brute forceable. The algorythm for the encryption/decryption is public knowledge... the key merely provides protection against casual eavesdropping... the FBI has access to serious horsepower when it comes to decryption... the only problem comes when they are mass decrypting phonecalls... and then they are outside the limits of the court order and in the realms of spying on all of us...

  • by N1ck0 (803359) on Monday May 22, 2006 @02:09PM (#15382812)
    Just don't leave the country again Zimmerman...or you may end up locked inside that customs office where they 'want to leave lawyers out of this' again. :)

    PGP Story:
    MPG 1.1G [uiuc.edu]
    WMV 378M [uiuc.edu]
  • by mpapet (761907) on Monday May 22, 2006 @02:16PM (#15382850) Homepage
    So, I'm the evil-agency-du-jour and today I'm auditing IP traffic. If you are a person of interest, they know:

    1. You are sending packets to and from specific IP addresses.
    2. Grabbing copies of those packets.
    3. Putting super-computers to work on them.
    4. Discover you are ordering pizza over SIP. (whatever, it's funny)

    The concept of "Privacy" was dead a long time ago. I *still* don't understand the outrage when most of your activity is available through many data brokers. What's not there, is available with little procedural check or balance.

    Where it is very valuable is company to company communication. Where your competitors may not have the expertise to get the info.

    But, then there's the encryption problem anyone has that uses it. It's stupifyingly easy to build a case on suspicion. Trying someone in the court of public opinion is easy and swift. "He uses encryption so he must be hiding something.." is all it takes to end a career, destroy your social status.

    Cryptographer==criminal. Film at 11.

    If one can codify it's everyday use, I think it's a big step forward.
  • SIP Zfone? (Score:3, Interesting)

    by Doc Ruby (173196) on Monday May 22, 2006 @02:54PM (#15383149) Homepage Journal
    Where's the Zfone (or interoperable) SIP module for Asterisk? And which softphones & ATAs already include one?
  • Hardware solutions (Score:4, Interesting)

    by harryk (17509) <harryk20022002NO@SPAMyahoo.com> on Monday May 22, 2006 @02:58PM (#15383177) Homepage
    First and foremost, I'm a long time fan of PRZ... he's a hero among heros and should be credited as such.

    Secondly, am I missing the hardware solutions for things like this? I've been a Vonage customer for some time, and while Vonage seems to take a blind eye to security (just ask them they'll tell you they are happy to work with the local and federal law enforcement agencies). When will I be able to use a handheld, encrypted VOIP device, and be sure that its secure?
  • by nelziq (575490) on Monday May 22, 2006 @03:06PM (#15383248)
    they can 'try' to compel you to divulge the encryption key, but then you don't have to testify against yourself in the U.S. ... at least not yet.

    I am not a lawyer (just a law student) but I am fairly certain that the government could compel you to divulge your encryption key as it would not be testimonial evidence (something akin to why you can be forced to give up your fingerprints, etc)

  • by Opportunist (166417) on Monday May 22, 2006 @03:31PM (#15383428)
    Cut to my room, opening the front door.

    "Yes officer?"
    "You had a conversation with unlicensed encryption keys."
    "I did not, I sent my keys to the government as ordered."
    "They don't fit."
    "Gee, beats me, I never really figure out those tech thingies, must've done something when I wasn't looking, I'm sooooo sorry."

    Hey, why should claiming stupidity only work when you're spreading malware?
  • by walt-sjc (145127) on Monday May 22, 2006 @03:34PM (#15383447)
    I'm going to vote for the candidate that likes to "shake things up."

    Good luck. One such politician (before he died in a plane crash) was Paul Wellstone. A little too far left for my tastes, but a nice guy from my conversations with him.

    He went in all fire and zeal, and was basically told by the party leadership to STFU and play ball or he will get NO SUPPORT on ANYTHING - including basic normal federal funding for highway projects and such.

    The system is broken - I don't care WHO you elect.
  • by overshoot (39700) on Monday May 22, 2006 @03:37PM (#15383470)
    We need a society in which there's no difference between what's illegal and what harms others, and holds all other things not only legal, but acceptable.


    Put some more thought into this one. There are any number of things that are "unacceptable" that aren't bad enough to merit applying the might and majesty of the State's criminal justice system. By denying all social sanctions short of criminal prosecution, you create a society with the worst of both worlds: a plague of officers (lawyers) worse than what we have now, along with a degree of rudeness that would make the French recoil in horror.

    Time was when being rude enough in public would get you tossed into the street by half of the men in the place. We solved that (and I'm not sure it was the wrong thing to do) by criminalizing the eviction as assault -- but now we have people carrying on loud cellphone conversations during movies.

    Shunning and scorn aren't on the order of a punch in the nose -- don't deny us those as well.

  • Re:What can we do? (Score:3, Interesting)

    by Arandir (19206) on Monday May 22, 2006 @04:00PM (#15383610) Homepage Journal
    We need a society ... holds all other things not only legal, but acceptable.

    The problem with your viewpoint is that it equates legality with morality. You're not much different from those that would legislate morality. But instead of expanding the law to encompass all of morality, you're shrinking morality to fit within the narrow confines of the law. Both are wrong.

    I can agree with the idea that the government should not be banning non-violent actions, but as for accepting them, that's going too far. There are a great many actions that should be legal, but not socially acceptable. Drug use, for example. Go fry your brain out with chemicals all you want, but don't expect me to accept you.
  • by lelitsch (31136) on Monday May 22, 2006 @04:03PM (#15383626)
    You know, I love it when pundits don't even read their talking points before posting them. What part of "usually with a lawful warrant" didn't you understand. Yes, wiretapping has been goign on as long as there were wires. But the end run the current administration is doing around courts, FISA, Congress, and civil rights is pretty much unprecendented.
  • ...Discover you are ordering pizza over SIP.

    ...and get arrested for "wasting" the police state's time.

    My father was once arrested for "obstructing justice":

    A police office pulled him over and performed a safety check on his car (Dad thought he had a burned out tail-light or something -- usually a "get it fixed in 48 hours warning" offence). This took about half an hour.

    Finally, Dad asked the cop if he was free to go.

    "No, you committed a very serious offence!"


    "You were not wearing your seatbelt!".

    "Ah, officer, no I was not. I have a medical excemption so I do not have to."

    "You're under arrest!"

    "For what?!"

    "Obstructing justice! Step out of the car with your hands where I can see them and face the vehicle with your legs apart."


    "You wasted half an hour of my time by not disclosing you had a medical excemption. Surely you *knew* you were pulled over for a seatbelt violation! That's obstructing justice!"

    Ah Canada, fetid swamp of communist corruption.

    (The judge threw the charge out *(though not with prejudice as I would have expected), but still.)

  • by meringuoid (568297) on Monday May 22, 2006 @04:48PM (#15383909)
    And for commercial encryption software that you actually pay for (not this free public beta), there are now requirements to check customers against government watch lists as well, which is something that companies such as PGP comply with these days.

    How do you go about that? Suppose I were to set up a small business reselling GPG or something similar. Does the government simply hand me a copy of the watch list and let me do the checking myself? Or must I pass along the names of all my customers to them for authorisation to sell it on?

  • Re:nothing to hide (Score:3, Interesting)

    by tolkienfan (892463) on Monday May 22, 2006 @04:50PM (#15383922) Journal
    Parent moderated "troll", but the question needs answering, and the other answers I've read have really missed the mark. - The important side of privacy is not really about whether we'd like others to avoid looking at us or not. That is an issue, but a self-serving one; and there are bigger things at stake.

    It's pretty clear that the War of Independance would have never begun if Britain had had the technology and power currently available to the US Government.
    The various colonies in North America had meetings that were critical to organising a force and also for turning public opinion.

    The US government currently is able to, and obviously does spy on American citizens without the kind of oversight which would allow us to even decide whether it is done for just cause.

    Reread that part. We have no way of determining whether they have any just cause.

    There are two questions:

    1. How did we get here? (AKA Where did our rights go?)
    2. What can we do?
  • Re:Cryptome (Score:3, Interesting)

    by Stoutlimb (143245) on Monday May 22, 2006 @05:19PM (#15384105)
    Theoretically this provides information to law abiding foreigners that they would be breaking the law if they get that crypto. Because legally they would then have to commit fraud to download it from the site (falsify info). I guess in theory this would give the gov't a bigger stick. Nothing like filling the internet with opportunities for self incrimination. Despotic governments like making laws that make it virtually impossible for the average citizen to live out their day without breaking some law.
  • Re:nothing to hide (Score:3, Interesting)

    by sbrown123 (229895) on Monday May 22, 2006 @06:49PM (#15384531) Homepage
    Yes, I know that we are spending tax money to spy on people who have nothing to hide rather than on fighting terrorism.
  • by Beryllium Sphere(tm) (193358) on Monday May 22, 2006 @09:29PM (#15385067) Homepage Journal
    But at a conference last week in Cyprus, German officials said they had technology for intercepting and decrypting Skype phone calls, according to Anthony M. Rutkowski, vice president for regulatory affairs and standards for VeriSign, a company that offers security for Internet and phone operations.
    I'm not finding this in Googlespace. There's a publicly disclosed crack of Skype's call setup protocol (RC4 with key reuse?!) but not of the AES-protected voice stream.

    I'll try to save myself from being offtopic by asking whether zFone might be equally vulnerable (probably not, the few leaks about Skype's crypto haven't sounded encouraging).

  • Re:nothing to hide (Score:1, Interesting)

    by Anonymous Coward on Tuesday May 23, 2006 @05:38AM (#15385881)
    Shouldn't we be after the terrorists instead?

    No, in fact, if government actually gave me the choice of how much money to "donate" to each government program, I'd give exactly zero to either. Of course, government was never meant to represent free choice -- if it did, the power elite wouldn't have much to capitalize on.

A failure will not appear until a unit has passed final inspection.