Create an Account
username: password:
 
  MemeStreams Logo

Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP

search

noteworthy
Picture of noteworthy
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

noteworthy's topics
Arts
  Literature
   Fiction
   Non-Fiction
  Movies
   Documentary
   Drama
   Film Noir
   Sci-Fi/Fantasy Films
   War
  Music
  TV
   TV Documentary
Business
  Tech Industry
  Telecom Industry
  Management
Games
Health and Wellness
Home and Garden
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
  Israeli/Palestinian
Recreation
  Cars and Trucks
  Travel
   Asian Travel
Local Information
  Food
  SF Bay Area Events
Science
  History
  Math
  Nano Tech
  Physics
  Space
Society
  Economics
  Education
  Futurism
  International Relations
  History
  Politics and Law
   Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Philosophy
Sports
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   Human Computer Interaction
   Knowledge Management
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP
Topic: Surveillance 10:32 pm EDT, Jun 15, 2006

By: Steven Bellovin, Columbia University; Matt Blaze, University of Pennsylvania; Ernest Brickell, Intel Corporation; Clinton Brooks, NSA (retired); Vinton Cerf, Google; Whitfield Diffie, Sun Microsystems; Susan Landau, Sun Microsystems; Jon Peterson, NeuStar; John Treichler, Applied Signal Technology

June 13, 2006

For many people, Voice over Internet Protocol (VoIP) looks like a nimble way of using a computer to make phone calls. Download the software, pick an identifier and then wherever there is an Internet connection, you can make a phone call. From this perspective, it makes perfect sense that anything that can be done with the telephone system -- such as E9111 and the graceful accommodation of wiretapping -- should be able to be done readily with VoIP as well.

This simplified view of VoIP misses the point of the new technology. The network architectures of the Internet and the Public Switched Telephone Network (PSTN) are substantially different. Lack of understanding of the implications of the differences has led to some difficult -- and potentially dangerous -- policy decisions. One of these is the recent FBI request to apply the Communications Assistance for Law Enforcement Act (CALEA) to VoIP. The FCC has issued an order for all "interconnected" and all broadband access VoIP services to comply with CALEA (without issuing specific regulations on what that would mean). The FBI has suggested that CALEA should apply to all forms of VoIP, regardless of the technology involved in its implementation[17].

Some cases -- intercept against a VoIP call made from a fixed location with a fixed Internet address2 connecting directly to a big Internet provider’s access router -- are the equivalent to a normal phone call, and such interceptions are relatively easy to do. But if any of these conditions is not met, then the problem of assuring interception is enormously harder. In order to extend authorized interception much beyond the easy scenario outlined above, it is necessary either to eliminate the flexibility that Internet communications allow -- thus making VoIP essentially a copy of the PSTN -- or else introduce serious security risks to domestic VoIP implementations. The former would have significant negative effects on U.S. ability to innovate, while the latter is simply dangerous. The current FBI and FCC direction on CALEA applied to VoIP carries great risks. In this paper, we amplify and expand upon these issues.

Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP



 
 
Powered By Industrial Memetics
RSS2.0