Create an Account
username: password:
 
  MemeStreams Logo

RE: Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP

search

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
RE: Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP
Topic: Surveillance 4:31 pm EDT, Jun 16, 2006

noteworthy wrote:

By: Steven Bellovin, Columbia University; Matt Blaze, University of Pennsylvania; Ernest Brickell, Intel Corporation; Clinton Brooks, NSA (retired); Vinton Cerf, Google; Whitfield Diffie, Sun Microsystems; Susan Landau, Sun Microsystems; Jon Peterson, NeuStar; John Treichler, Applied Signal Technology

June 13, 2006

For many people, Voice over Internet Protocol (VoIP) looks like a nimble way of using a computer to make phone calls. Download the software, pick an identifier and then wherever there is an Internet connection, you can make a phone call. From this perspective, it makes perfect sense that anything that can be done with the telephone system -- such as E9111 and the graceful accommodation of wiretapping -- should be able to be done readily with VoIP as well.

Thanks for posting this. I've been doing a lot of VoIP work @ work and this is both certainly relevent and not something I've seen elsewhere. Having skimmed it, let me make two observations:

1. My interpretation of the FCC's limit of CALEA to "interconnected" and "broadband" VoIP is to say that CALEA compliance is only required if the VoIP provider is interconnected with the PSTN (which eliminiates the problems described in this paper) or the VoIP provider is also providing their customers with physical internet access (which also eliminates the problems described in this paper). My understanding is that the FBI knows tapping p2p VoIP is hard and they can't easily require it.

2. The reality that Internet CALEA compliance is hard isn't stopping people from trying. And, yes, I think that a single snmp message that configures a tap with nothing more then password protection is insanely insecure. With a designated physical tap network, with carefully crafted packet filters, this could be done, but how many times are people going to get that wrong? A lot...

Its worth noting that temporarily, these Cisco routers can't tap IPv6.

RE: Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP



 
 
Powered By Industrial Memetics
RSS2.0