Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

FCC Affirms VoIP Must Allow Snooping 301

MarsGov writes "The FCC released an order yesterday that requires all broadband providers and all "interconnected" VoIP providers to implement CALEA — in other words, law enforcement can snoop on your online conversations, both voice and text. While this is no surprise, it makes encryption for VoIP even more urgent."
This discussion has been archived. No new comments can be posted.

FCC Affirms VoIP Must Allow Snooping

Comments Filter:
  • VOIP (Score:2, Insightful)

    by rodgster ( 671476 ) *
    Oh come on. Like most of it isn't wide open to begin with (Vonage) or run by known lapdogs to the Govmint (Skype). The only way it could be more readily (and easily) monitored (and data mined) would be if it was run by the NSA's favorite lapdog ..... drum roll please ...... AT&T.
  • No surprise at all (Score:5, Insightful)

    by slusich ( 684826 ) * <slusichNO@SPAMgmail.com> on Thursday May 04, 2006 @09:10PM (#15267433)
    No surprise here at all.
    The goverment isn't even willing to get proper warrants to tap regular phone and internet service. VOIP won't be any different.
    Look for encryption to be made illeagal for all phone and IP services in the very near future.
    This is just another step in the war on the constitution.
    • by ZSpade ( 812879 ) on Thursday May 04, 2006 @09:15PM (#15267453) Homepage
      Yet they've been doing this for years. Nothing has really changed. Could you encrypt your old land line telephone? Can you encrypt your cellphone calls? For the most part no. The government has been doing this for years, why should things change now.

      Just don't say they're getting worse without really looking at our past. Nothing has gotten worse, only the means to which our "rights" are negated as changed.
      • by CastrTroy ( 595695 ) on Thursday May 04, 2006 @09:48PM (#15267611) Homepage
        Meanwhile, all the criminals who really know what they're doing will send messages PGP encrypted, or use even more sophisticated methods of encrypting their files, and hiding who the messages are travelling between. Wow, so they can tap Joe sixpack's phone. It's bad that they are mandating this. It's doubly bad that it won't stop any really dangerous criminals.
        • Do you really believe the government doesn't have ways of cracking common encryption techniques if it wants to? Regardless, as has already been pointed out, this is nothing different than regular phones being tapped. If you want to moan about attacks on the constitution, point your fingers at Bush's *illegal* wiretapping and not the FCC.
        • by dodobh ( 65811 ) on Friday May 05, 2006 @01:53AM (#15268505) Homepage
          Meanwhile, all the criminals who really know what they're doing will send messages PGP encrypted, or use even more sophisticated methods of encrypting their files, and hiding who the messages are travelling between.

          Actually, they will just lobby for their crime to become legalised. Witness Haliburton, RIAA, MPAA, Bush...

          Crime is now legal. As long as you can pay off the crooks in power.
        • by noidentity ( 188756 ) on Friday May 05, 2006 @04:48AM (#15268832)
          Once privacy is outlawed, only criminals will have any.
        • by solus1232 ( 958622 ) on Friday May 05, 2006 @05:28AM (#15268900)
          I think you are giving criminals too much credit.

          Joe sixpack might not be smart enough to commnicate over a secure channel, or simply not communicate over a possibly compromised channel at all (prepaid cell phones anyone?), but why do you think the average criminal would be?

          You make it sound like a disproportionate number of law abiding citizens will be affected by this order because real criminals will be smart enough to use encryption. The majority of criminal actions are motivated by a combination of desperation and lack of common sense and thus the average criminal will be less likely to use an anonymous form of communication than the average citizen.

          • But I thought the justification for all this was to catch terrorists? They are generally considered to be thorough and crafty enough to take these sorts of precautions. The typical late night mugging doesn’t involve groups of conspirators hatching their plot from remote locations.

            And your assertion that the average law-abiding citizen will be unaffected by this depends on how you define ‘affected.’ If I mount a video camera in your bathroom but never act (that you know of) on the footage I
        • by TheLetterPsy ( 792255 ) on Friday May 05, 2006 @08:05AM (#15269209)
          It's doubly bad

          You misspelled doubleplusungood.
      • Could you encrypt your old land line telephone? Can you encrypt your cellphone calls? For the most part no.

        I don't know how you got moderated up.

        There have been landline/cell/satellite phone encryption products available for years.

        http://www.security-isg.com/index_profi6-24eng.htm [security-isg.com]

        The only road-block is that the other person you're talking to has to have the same setup. For 99% of people, it isn't worth the cost. For businesses & gov't agencies, it certainly is.

        A quick google search will turn up many m

        • by FLEB ( 312391 ) on Thursday May 04, 2006 @11:14PM (#15268005) Homepage Journal
          The only road-block is that the other person you're talking to has to have the same setup. For 99% of people, it isn't worth the cost. For businesses & gov't agencies, it certainly is.

          (Recorded voice) "This is an encrypted telephone call. It appears you do not have a compatible decryption device. Please have a pencil and paper ready, and follow along as I read you some simple instructions. First, write a list of 256 random numbers from 1 to 16. When you have completed this step, press pound."

          (scribble-scribble-scribble... bleep.)

          (Recorded voice) Now, divide the first number by... six, noting the remainder.
          Divide the second number by... twelve, noting the remainder.
          Divide the third number by... eight, noting the...
        • ZSpade: "Could you encrypt your old land line telephone? Can you encrypt your cellphone calls? For the most part no."

          TubeSteak: "For 99% of people, it isn't worth the cost."

          I know this, but as you pointed out yourself it isn't worth it for most people. What VoIP had the potential to do was to make it easy for people to encrypt. Now with these new laws it will probably be about as difficult and costly as it was before with other aforementioned technologies.
        • First, STU phones have indeed been around for ages. I believe the military use STU III, which gives them public-key encryption. The biggest problem is that the people often natter on the unsecured connection first, which not only tells any attackers whose keys are being used but some of the content of the message they are trying to break. Commercial scramblers, for low-grade security, have been around longer but probably are nowhere near as secure.

          Second, you can trivially encrypt an ordinary telephone very

    • Yeah, but I still think that a 1st, 2nd, 4th, and 5th Amendment argument could be made against banning encryption.
  • Encryption? (Score:5, Interesting)

    by Anonymous Coward on Thursday May 04, 2006 @09:10PM (#15267435)
    If they are this forceful in there attempts to spy on citizens, than how long do you think we can use encryption before they ban it (or at least mandate a government backdoor)?
    • by EmbeddedJanitor ( 597831 ) on Thursday May 04, 2006 @09:23PM (#15267498)
      For encryption to be secure, you'll need to have end-to-end encryption. That is achievable for an organisation that is running its own VoIP system, but not really so for anything that is based on a commercial offering like Skype.

      If Skype bows to FCC pressure (which they will) then they will not provide encryption in their service which means that the people using Skype won't be able to encrypt their calls.

      Most people don't really care about encryption or wire tapping, but for those that do you can be sure some offshore service will pop up to fill the void.

  • by BadassJesus ( 939844 ) on Thursday May 04, 2006 @09:12PM (#15267447)
    it makes encryption for VoIP even more urgent

    Big players like Skype or Google Talk will have to implement weak (gov breakable) cypher. And if you opt to use it you will automatically be in focus.
  • Skype (Score:5, Insightful)

    by CliffSpradlin ( 243679 ) <cliff.spradlin@gPARISmail.com minus city> on Thursday May 04, 2006 @09:15PM (#15267459) Journal
    And of COURSE Skype had to be bought out just months ago by an American company (eBay).
  • by petard ( 117521 ) * on Thursday May 04, 2006 @09:18PM (#15267476) Homepage
    Encryption for VOIP won't help in many scenarios that LEAs are interested in. If you're calling a land line from your VOIP connection, the end point on the land line won't be able to decrypt the conversation, so even if all of the VOIP traffic is encrypted you'll have to go to the PSTN in the clear. AIUI, that's what they mean by "interconnected".
    • Note that even if they wanted to, LEA don't have the computing power available to monitor every call. On the other hand, analysing the call graph [wikipedia.org] is quite tractable and completely orthogonal to the content. Enryption won't protect you from the government knowing who you're taking to!
      • by Jah-Wren Ryel ( 80510 ) on Thursday May 04, 2006 @09:54PM (#15267650)
        even if they wanted to, LEA don't have the computing power available to monitor every call.

        I'm too lazy to dig up the links, so go ahead and mod me for missing my tin-foil-hat...

        With all the talk of Bush authorizing international wire-taps on US-to-non-US citizens, it came up that the most probably reason the NSA is involved (see the current case EFF vs ATT) is that the NSA's Echelon system does have the throughput to handle that kind of workload. That Echelon was initially designed to snoop on purely international traffic, but it is just as easily turned on US citizens if the right (or wrong) person wants it to be so.

        Just from an algorithmic viewpoint - that kind of workload is going to fall in the "embarrasingly parallel" group which means you can just keep adding PCs to scale-up to a volume of phone calls that is limited only by floorspace and electricity.
        • hehe, I actually -like- throwing in probably trigger words into my phone conversations, although i guess for real effect, maybe play some recordings of bin laden down the phone, cause some computers and some general somewhere to start overheating :-D

      • Can you make VOIP calls over Tor? Wait, no, too slow, right?
        • Not Tor as it's currently implemented, no. I think the latency is way too high, even under ideal conditions (something that's perceptibly slow for HTTP traffic isn't going to fly with SIP packets). However that doesn't mean that you couldn't, at some point in the future -- maybe today -- set up something Tor-like for voice. The problem would be finding enough high speed and low-latency nodes to provide any real security, while also not injecting tons of latency into the call.

          For one-way transmission it's pr
  • DDOS (Score:5, Interesting)

    by ZachPruckowski ( 918562 ) <zachary.pruckowski@gmail.com> on Thursday May 04, 2006 @09:19PM (#15267482)
    VOIP works via packets with data describing the voice traffic, right? Suppose someone made a program to say "watchlist-words" constantly, and send them everywhere. How hard would it be for a terrorist to DDOS the FBI/NSA? I mean, if you randomize it, you can change pitch, volume, etc, as well as words. I have no idea how to do that exactly, but it doesn't seem infeasible.
    • How hard would it be for a terrorist to DDOS the FBI/NSA?

      Very hard when you don't even have the technology to build a timing device.

      It's best to look at this issue in a mature manner istead of a comic book manner - realise that disorganised bunches of angry people can create havoc instead of going after a giant organisation of supervillians. There's a reason why Bin Laden was in Sudan and then Afganistan - not enough of a "terror network" to hide anywhere other than in areas of chaos where anyone could hid

      • Well we saw one or two spammers take down that big blog site today, as well as bluesecurity. I mean, all you need is a few botnets, right?
      • by x2A ( 858210 )
        There was a virus that spread through emails that included various probably trigger words in the email that would cause them to be submitted for further analysis, in the hope that each email would get flagged by the automated-listening-in devices, bringing it down (or at least making it struggle a lil)

        Not that we'd know if it was affective, but I liked the idea very much :-)

  • by i_want_you_to_throw_ ( 559379 ) on Thursday May 04, 2006 @09:22PM (#15267493) Journal
    and there's encryption. When you do find encryption make sure it isn't DES, NSA actually owns the patent on that one.
    • No one uses plain DES anymore; it was broken decades ago. 3DES is fairly secure, but slow as hell. No point in using i3DES except maybe for legacy support. AES is probably good enough to guard against casual (i.e. mass) surveillence, though personally I would go wth Blowfish or Twofish due to faster large-key performance and the fact AES is likely to be cracked first by virtue of the fact that it's a government standard now and people on both sides of the fence will be trying like mad to crack it (eithe
      • And if you're doing something REALLY evil, you'd best use an OTP. If you just need to transmit text, you can fit enough entropic pad material on a DVD to last you a very, very long time. You'd need to combine it with a passphrase, though, and/or ensure that the pad is disguised as or embedded in something else.
    • How do you get a patent on a mathematical formula? Really that's all any encryption is. I don't understand how the NSA could own a patent on the DSA algorithm.
      • By buying senators. (Score:3, Informative)

        by tepples ( 727027 )

        How do you get a patent on a mathematical formula?

        Software patents are worded such that the patent doesn't cover but 1. a computer with memory that executes the formula and 2. the method of communicating X, Y, or Z using the formula. Patenting a generic computer with memory preloaded a specific way is possible by buying senators.

      • About the same way you can patent business practices

    • NSA actually owns the patent on that one.

      What does owning the patent on an encryption system have to do with its strength? If I owned the patent on the one-time pad, does that mean I have somehow got a magical ability to crack it?

      Not saying NSA owns DES (I don't know who does), but even if they did, its ownership doesn't necessarily confer any special abilities.

      • It means that the NSA invented DES. If you want to be safe from the NSA's illegal wiretapping, you'd probably want to avoid its encryption algorithms due to more likely inclusions of backdoors than in something like Blowfish.
    • Don't forget the attacks which have been discovered against AES! Twofish forever! Or better yet, layer algos on top of each other.
  • traffic analysis (Score:5, Insightful)

    by r00t ( 33219 ) on Thursday May 04, 2006 @09:25PM (#15267508) Journal
    One can learn a lot by knowing:

    a. who you call, when you call them, and for how long
    b. who calls you, when they call you, and for how long
    c. who these other people communicate with
    d. what all these phone numbers are associated with (bank accounts, etc.)
    • Re:traffic analysis (Score:5, Informative)

      by houghi ( 78078 ) on Friday May 05, 2006 @12:16AM (#15268250)
      How to avoid this Traffic analysis: Usenet
      Post a picture on a newsgroup and put an encrypted message inside of it.
      Usenet will distribute it for you. Not possible to see who actually has the correct key and tool to decrypt it.

      Post it at one provider and Usenet protocol will see that it arrives with many other providers over all countries.

      The sole reason for the picture is so that many people will download it from as many places possible, making a direct link not workable.

      See it as the message send out during WWII. Jean has a grand moustache. I repeat. Jean has a grande moustache.

      They know something is going out, but they have no idea for whom it is ment or what it means. It even could be just some pictures.
      • Re:traffic analysis (Score:5, Interesting)

        by Altima(BoB) ( 602987 ) on Friday May 05, 2006 @06:42AM (#15269004)
        That ethos is actually something that's been in use for quite some time by seemingly many groups, somewhat under our collective noses, Numbers Stations, [wikipedia.org] shortwave radio transmissions with origin unknown that transmit codes of numbers or letters, repeat a few times, then disappear. Most likely they are for undercover operatives with a codebook.

        The idea is that it's tough to track their origin (apart from perhaps the language of some of the short messages that accompany them, but even that could be a red herring) and it's impossible to track down who's recieving it. Also, if it's using a one-use key decoding system, it's impossible to decrypt a meaning from it. Finally, most of these stations reappear at regular intervals, there's no real way to tell if one day's message is "all clear" or if it's "commence with the plan tomorrow."

        I find them fascinating, and for some reason, chilling to listen to.
  • Action Time! (Score:5, Interesting)

    by autocracy ( 192714 ) <[slashdot2007] [at] [storyinmemo.com]> on Thursday May 04, 2006 @09:26PM (#15267520) Homepage
    I've read so many things about our government as a whole's actions this year, and I'm really distraught. I walked into my Senator's office today, and discussed meeting with her. Usually, she only takes groups. I assume the same applies for most other Senators and Reps. Letters get ignored, e-mails are only seen by staff... who knows what happens to faxes?

    My answer? A call to the /. community to organize in each Congressional district. Anybody who wants to assist in putting together these groups, please e-mail me. techroots@storyinmemo.com. If 15 of us in Southern Maine get together, we'll get a meeting. If we, as an organization, speak, we'll be much louder. Anybody, and particularly anybody in Southern Maine, I really want to hear from you. In a world that organizes online, if we can speak in real life too, we as geeks may be the most efficient people to form together.

    Let's see if we can't stand a chance in hell of not being oppressed by the government we as a country vote for.

    • Re:Action Time! (Score:2, Insightful)

      by Anonymous Coward
      Get that shit posted on the front page, dude.
    • by Anonymous Coward
      e-mails are only seen by staff.
      Who do you think makes the real decisions?

      It is called delegation.
      "Jim do a position paper on topic X"
      Jim does the research, talks to groups, talks to lobbyists, writes the paper. The Congressmen reads the executive summary of Jim's paper and votes that way. If it is important he has Jim brief him on the finer points of topic X.

      You want to get smoke blown up your ass? Talk to the Congressman.
      You want to get something accomplished? Talk to the correct staff member.
    • Hey,

      I've been thinking of doing the same thing in my district (Montgomery County, Maryland, just 15 minutes north of Washington, DC).

      I wouldn't say any kind of demonstration or "march" would be in the slightest effective; politicians stopped paying attention to those years ago. However, paying a "visit" to a few local politicians might get some eyebrows raised.

      We should talk.

      Is there a way to message privately here? I'm quite certain that posting my email address here would result in more email than my se
    • Here We go Again (Score:2, Insightful)

      by cyberscan ( 676092 ) *
      Better yet, it is time to either join, form, or support independent political parties. Face the facts, the Democratic - Republican party is funded and controlled by special interests. Special interests make political campaign contributions and pay for advertising. Voters do not. Things will change ONLY when people decide to smarten up and quit being manipulated by the special interest financed advertisements (and that includes internet advertising such as blogs like this one).

      'We the People' have seen w
  • Now the FCC's pushing that stuff? Look, I don't have ED, but even if I did, I wouldn't ask the FCC for help.

    But just out of curiosity, how much are they asking for 60?
  • Voice Scramblers? (Score:3, Informative)

    by MBCook ( 132727 ) <foobarsoft@foobarsoft.com> on Thursday May 04, 2006 @09:27PM (#15267524) Homepage
    I was under the impression that it was illegal in the US to use voice scramblers to mask your telephone calls.

    If they can tap the VOIP calls, wouldn't encrypting them be the equivalent of voice scramblers and thus illegal?

  • by Anonymous Coward on Thursday May 04, 2006 @09:36PM (#15267556)
    Are slashdot readers all using encryption on their existing telephone lines? If not, why does it matter now that it's VOIP?
  • Believe me when I say that implementing CALEA in VOIP isn't trivial since the data must be intercepted somewhere.

    The questions to be answered are where and how the interception is accomplished - especially in a manner that isn't trivially detectable by the user or client software?

    I'll leave the details on detection methods as an exercise for the overly paranoid but, having studied the issue (potential need for CALEA) several years ago and having the client pooh-pooh the need to even plan for it (read manag
    • This is a death knell for companies that are just software based and don't actually provide the network used by their customers. Unless they have every call route through their servers (every packet), they can't meet CALEA requirements.

      Of course, they could just pay the phone and cable companies to do this service for them. Mightily amusing.
  • AHA! (Score:3, Interesting)

    by Mr. Freeman ( 933986 ) on Thursday May 04, 2006 @09:46PM (#15267606)
    So this is what that Microsoft patent is really for.
    http://yro.slashdot.org/article.pl?sid=06/05/04/22 38213 [slashdot.org]

    In all seriousness though, how many people will actually use VOIP to discuss illegal activity. If they know they're being monitored wouldn't they be more likely to use some more secure form of communication? Although, this brings up the question what do people sue to discuss illegal activity NOW if they know that they phones are probably monitored?
  • The key word... (Score:5, Informative)

    by chill ( 34294 ) on Thursday May 04, 2006 @09:50PM (#15267628) Journal
    ...is "connected". For the people whom I talk to the most -- family and some cyber-aware friends -- strong encryption on top of VoIP is the way I will go. Don't leave the Internet for the traditional POTS world and the CALEA doesn't apply.

    http://www.philzimmermann.com/EN/zfone/index.html [philzimmermann.com]

    Thank you (again), Phil.

    • Re:The key word... (Score:3, Insightful)

      by chill ( 34294 )
      Thank you (again), Phil.

      Well, I just read the EULA and I want to retract that statement. Thanks for nothing, Phil. Nothing like selling out, is there? Ka-ching!

  • And all sorts of other regulations that the FCC is trying to figure out how to requore for VOIP. They don't get it. If they require it for the likes of vonage then it really won't do anything except cost these companies millions. The only way they can force this is to outlaw the internet. It's funny to watch the FCC try to force old rules on a new medium (new? wow... its not new anymore).
  • I live in the US, but my VoIP provider is based in Canada. (So is the phone number.) Silly... no matter what, there's always a way around this for anyone that's the least bit determined.
    • I live in the US, but my VoIP provider is based in Canada. (So is the phone number.) Silly... no matter what, there's always a way around this for anyone that's the least bit determined.

      What's to stop them from passing legislation to prevent those in the US from using a non-US based VOIP provider and/or using encryption? I can't see them allowing such common-sense work-arounds.


    • Silly... no matter what, there's always a way around this for anyone that's the least bit determined.

      You think the Feds might ask for help from their counterparts in Canada?
      Who won't lose any sleep over whatever happens to that annoying little twit routing his calls through Toronto.

  • CALEA has been around for quite some time. Carriers can be fined very heavily for not integrating it. It was quite mandatory setting up CALEA serial line on the Cisco routers back when I worked for AT&T Wireless (now Cingular) and I setup a few dozen of them.
  • Again.... (Score:2, Insightful)

    by Doytch ( 950946 )
    What makes the FCC think that they can make laws about programs that exist OUTSIDE of the US? Why should my VOIP program have security holes because of the big bad terrorists terrorizing the US?
    • Why should my VOIP program have security holes because of the big bad terrorists terrorizing the US?

      Because your VOIP company does business with one or more U.S. residents, and "The Congress shall have Power ... To regulate Commerce with foreign Nations".

  • Do they even have jurisdiction over this matter? I recall their order implementing a broadcast flag, when they had no ability to do so.

    What mandate have they to control the Internet? Their jurisdiction is for the broadcast spectrum.
  • by cpu_fusion ( 705735 ) on Thursday May 04, 2006 @10:24PM (#15267788)
    As the convenience for the government to wiretap increases, the ease for a third party (inside or outside the government) to abuse such a mechanism also increases.

    There was a debate back in the Clinton era as to whether or not encryption on the Internet needed a "back door" for the FBI. I had thought that the argument regarding the potential problems safeguarding these "master keys" had won out. Having the FBI spying on you with a warrant is one thing, but having organized crime, a private investigator, or some rogue arm of government (quite a few of those these days it seems), ... that's another thing entirely.

    If you trust the government not to abuse this, then consider whether you trust the government to be able to effectively safeguard access to this. Ignoring social engineering (e.g. $), how likely is the government to have every bit of this infrastructure protected against stealthful 3rd party break-ins?

    Suddenly blackmail is going to get a lot easier.

    It took many decades for the Internet to flower and change the world with its freedoms. It is taking far less for the governments of the world to deflower the Internet and sow the seeds of thought control.
    • I know it is bad form to reply to one's own post, but I would like to point to the "Clinton era" encryption strategy with a (faulty) back door. That was the "clipper chip", and you can read about it here. [wikipedia.org]

      The point is ... whatever the backdoor mechanism the government mandates, it will be vulnerable to third-party abuse.

  • Nothing like a group of a few poweful men enforcing their whim on us, ensuring that they can continue to stay in control over the masses. Passing laws, rules, regulations, and restricitons that pretty much none of us want, without consulting us, and barely even informing us.

    Can't you just smell that freedom?

    Can we please quit voting for the establishment now? Please? With a cherry? For the children?

  • How would this work? (Score:5, Informative)

    by jamesh ( 87723 ) on Thursday May 04, 2006 @10:59PM (#15267942)
    Properly implemented, SIP (common VoIP protocol) works like this:
    A='A Party' - the person making the call
    B='B Party' - the person receiving the call
    P='Proxy' - the VoIP provider

    A and B register with P.
    A makes a call to B:
    . A requests P that it be put through to B
    . P contacts B, B's phone rings
    . B answers
    . P lets A know B's details
    . P lets B know A's details
    . A and B exchange voice traffic directly, without involving P

    This allows latency to remain low when, say, A and B are in Australia and P is on the other side of the world.

    To perform a successful wire tap in this scenario, the FCC would need to intercept the data at multiple points, possibly in separate countries.

    Alternatively, P can tell A and B that there is too much firewalling in place and that all voice traffic must go via P, but by doing this they are giving the game away... it would be easily detectable by A and or B if they were smart enough to know what was going on.
    • You just discribed Skype in detail. Now add to the fact the transmission from PC to PC is encrypted.

      If the FCC has their way, they will create a law that mandates all VOIP traffic go through "P" (central server) so it can be monitored. As such, it would also make P2P illigal too. You know ISPs would love this, in fact back up the plan as they *hate* P2P users.
    • First of all, you don't want to attack the strong links when there are weak links that'll get what you need. A Wiretap is a 3-Way-Call with the Univited Party on Mute. So you don't try to break the cryto, you try to make sure you're on the call.

      SIP Control Support for Encryption is Limited. There are two main kinds of encryption used in SIP - call setup messages, which can be implemented using TLS (SSL's successor) or left unencrypted, and media channel encryption, which is done end-to-end by the calle

  • Terrorist attacks (Score:2, Insightful)

    by Anonymous Coward
    That's okay. Usually when I plan my terrorist attacks, I don't use VoIP. It pays to just have a spoke wheel conspiracy like we used for the September 11th attacks. That way all communication is done through personal meetings and few people know enough of the plan for it to get leaked even if one of our members is busted.

    In fact I am quite happy to see this new FCC order. Don't forget our goals with September 11th was to break America down and give politicians reasons to take the freedoms away from the publi
  • by Junior Samples ( 550792 ) on Friday May 05, 2006 @12:54AM (#15268364)

    I regularly use VOIP via Free World Dialup (FWD). This system uses the SIP protocol. FWD servers seem to have frequent outages. To get around this problem, I've found that I can use direct IP to IP dialing and bypass FWD's servers completely. IP dialing is cumbersome, but you can put the dialed addresses in a speed call list and use 2-digit dialing. This works very well. There's a side benefit of no call logging since the provider's server is being bypassed. In theory I can call any SIP phone that's connected to the internet whether they're on Vonage, Packet Eight, or any other network, if I know their IP address.

    Right now there are about a half dozen members of our private network. We're all registered with dyndns.org to solve the problem of dynamic addressing. We're all using Sipura Network adapters to connect a regular telephone to the Internet. The Sipura adapters accommodate dialing by hostname or IP address. The latency is lower with direct IP dialing because the voice packets are not routed through FWD's STUN or NAT servers.

    This method is more secure since you're not dependent on any VOIP provider. The back doors that they provide for government spying can be bypassed. Encryption would be difficult but not impossible because it would have to be implemented in the Sipura firmware. SIP software phones will also work with direct IP dialing.

  • by thebdj ( 768618 ) on Friday May 05, 2006 @07:51AM (#15269163) Journal
    where this is any different then the cops being allowed to tap regular telephones? Seriously, have they once said that the cops will have unfettered access to this information without a warrant? If not, then I do not see why there is this urgent need for encryption on VoIP. I mean we are talking about the police agencies being able to have the same access to listen to VoIP conversations that they already have to tap every other phone line in America.

    Now, I am sure you are all wearing your tin foil caps, but really this is not about some great big brother monitoring scheme. If you are so scared about people listening to your calls, you do not need encryption. Just start talking in code. Afterall, mobsters and just about anyone else committing illegal activity have been doing it for years to avoid being overheard.

    I just am afraid I do not see everyone elses great concern in this matter. Of course, my lack of VoIP means that monitoring my calls is already quiet within the realm of possibility. As for the text conversation part, if I were truly concerned about stuff I was saying the last way I would transmit it would be over IM or through e-mail.

Vitamin C deficiency is apauling.