Big Brother Wants Into VoIP At Any Cost 247
wallaby fly-half writes "An amendment to the CALEA law would make it easier for the government to monitor calls made over VoIP and even temporarily store some packet traffic. Ars Technica reports that the 'bill will put the technology in place to buffer packet streams, and places the job of filtering those streams under government control. We know from the NSA warrantless wiretapping program that the government is not limiting itself to access to under court orders, and the CALEA bill must be considered in light of the capacity it generates.'"
So is it time for another encryption system? (Score:5, Informative)
For those who don't know, the DES patent is owned by N.S.A. so when you see that Verizon's latest gadget that is triple DES encrypted don't be impressed, Uncle Sammy can get right in.
Seems like what we need at this point is OSS encryption that can't be so easily cracked by N.S.A. It's just a matter of time before Skype/Vonage, etc are required to change their encryption to DES or something that the government can read.
It used to be that the government had better technology always, not so true anymore. So
Re:So is it time for another encryption system? (Score:1, Informative)
DES is a slightly modified version of Lucifer, which was created by IBM back in the 70s. The NSA was involved in evaluating it, but they didn't invent it. Of course DES was abandoned by NIST in favor of AES around the time of the
If you want a strong & free algorithm you can always use Blowfish.
Not a bad troll, I'm sure you'll get quite a few responses like this.
SpeakFreely (Score:5, Informative)
Yay paranoia (Score:3, Informative)
First off, the patent is owned by the NSA because they developed it.
They developed it because they're the most qualified to come up with encryption and guarantee its security for government use.
Despite a decade plus of DES being in wide use, brute-force attacks remain the most practical means of "breaking" DES encryption. This is despite FOUR DECADES of close inspection of the algorithm (DES was published in 1976.)
If enough calls, emails, and IMs are encrypted with even moderately sophisticated encryption, the NSA doesn't have a prayer no matter how much hardware they have. It's been known for years they're swamped with unencrypted stuff...
Easily Defeating Surveillance via Encryption (Score:1, Informative)
Here are the steps to defeating unwanted surveillance.
1. Use a modem to connect your computer to the Internet.
2. Install a microphone on your computer.
3. Install software to encrypt your digitized voice with a 128-bit key.
4. Arrange for the other party in the telephone conversation to do what you are doing.
Even if the government stores your packets, no one would know what you are saying unless he has the 128-bit key, which only the parties in the telephone conversation have.
These surveillance laws are really intended to intrude on privacy of middle-class Americans. These laws have no effect whatsoever on hardened criminals or terrorists. Hardened criminals or terrorists already know what to do to evade most forms of surveillance.
AES can be trusted, but Skype's PK cannot (Score:5, Informative)
Yes, I think they can't break AES256. But I also think they can break the PK that is used to transfer the AES session key. Why? Because Skype is not intended to be secure for the users. Skype uses Skype as the trusted introducer for the PK negotiation. If the FBI tells Skype to implement a MitM attack, then Skype can do it.
The proper way to implement VoIP or any other internet communcation, is to let people be their own PK introducers/certifiers. And let them use OTPs in situations where it is feasible, which just happens to be pretty common (e.g. your phone and your wife's phone probably spend several hours in the same room together, every night).
Phone should be an app, not a service (Score:5, Informative)
The reason our phones are vulnerable to these kinds of attacks, is that we view phone service as .. um .. well, I just used the word: service. You use a "service provider's" network. I'm not talking about your ISP.
But with IP, you don't need to use a "phone service provider" except to interface with POTS. Have your phone contact my jabber server to start a conversation, and we'll use PGP on top of that. Now there isn't any "provider" to regulate and force to implement MitM attacks. They would have no choice but to regulate the users themselves, and we've seen how great that works with the War on Drugs. I guess it'll be another excuse to throw people in jail, and another way to make good people live in fear of their government, but one thing you can be sure of: it won't work for anything else. It won't prevent the behavior that they're trying to suppress.
Death to "service providers." We just need open phone hardware (that we can install our own application on) and a network connection.
US Govt. is the LEAST abusive users of CALEA (Score:2, Informative)
http://www.pbs.org/cringely/pulpit/pulpit20030710
Re:That's One Idea, Here's A Better One (Score:3, Informative)
If this does not mitigate your feelings, then you're as blind as the Israeli consul general in New York who said last week that "most Lebanese appreciate what we are doing".
Re:That's One Idea, Here's A Better One (Score:1, Informative)
The Saudi govt just says that to keep the public happy. 'al-qaeda' attacked the Saudi govt because they are complicit with the US administration. al-qaeda or any other islamic group would protect the holy cities to the end.
So if we were to totally stop supporting Israel, would that buy us protection from terrorist attacks?
There are dozens of other non-muslim countries. Why do you think only the US was attacked?
Israeli terrorism??? Hello?
You've got to be kidding, or I can't believe your ignorance. Do you have any idea how the Israelis treat arabs or even Indians [haaretz.com] for that matter?
And occupiers and settlers by definition are not civilians. You make the israelis sound like innocents in all this. Don't forget they didn't hesitate to destroy the USS Liberty [wikipedia.org]
Re:Oke... (Score:3, Informative)
Plenty of Class III permits are still issued, and it's really not that difficult to get one if you don't have a criminal history and are willing to deal with the extra government involvement in your life that it entails. It's the cost of the weapons themselves that keep them from being more common, and that you can pin on the Firearm Owners Protection Act of 1986. FOPA rescinded a lot of the onerous provisions of the Gun Control Act of 1968, but introduced a few of its own. IIRC, a bazooka would also fall under NFA, and not only would you need a permit for the bazooka, but also a permit for every rocket at $200/pop, subject to your local laws regarding "destructive devices".