Wikileaks recently published a leaked 88 page document entitled FBI Electronic Surveillance Needs for Carrier-Grade Voice over Packet (CGVoP) Service (PDF), which is part of the CALEA Implementation Plan published in January 2003. The document describes detailed FBI requirements for surveillance of phone calls made utilizing packet networks as their transport. The document broadly defines CGVoP Service as:
“The set of subscription-based voice services and features provided over carrier-managed packet networks, and includes wireline and wireless services.”
The document covers such surveillance events as:
- Registration and Authorization events including address registration and de-registration, mobility authorization and de-authorization
- Call Management events including call origination, termination, answer, call release, address resolution, admission control, and media modification
- Signaling events including subject signaling, network signaling, and post-cut-through dialing and signaling
- Feature Use events including call redirection, party hold, party retrieve, party join, party drop, call merge, and call split
- Communication Content events including content delivery start, change, and stop, as well as content unavailable
- Feature Management events including feature activation and deactivation
- Surveillance Status events including surveillance activation, continuation, change, and deactivation.
The document also discusses authorized access to identifying information and communication content, and more generalized surveillance requirements. It looks like they’ve fairly well covered the bases…
One aspect of VoIP security that keeps coming to my attention in recent weeks is that of location privacy, or in other words, does the call recipient (or others â€˜listening on the lineâ€™) know where you are?
At a VON Europe panel this week, Cullen Jennings, Distinguished Engineer at Cisco, was talking about peer-to-peer (P2P) SIP, and how the P2P approach definitely helps with location privacy. He gave the example of emergency procedures in the USA, which require the countryâ€™s President and Vice President to be in different physical locations from each other yet still be able to communicate. At the same time, they must prevent eavesdropping enemies from locating the Vice President physically.
I said that â€˜P2P helpsâ€™, but perhaps I should say â€˜can helpâ€™, with the right systems in place. In the UK last week, Sky News ran a story about how criminals might use encrypted VoIP to run circles around the police, due to the difficulty of tapping and listening to the calls. I hope to be able to write in more detail in the next few weeks why this is basically untrue, but the information I have received is that the VoIP providers “can be very helpful” to the police in these cases. Even if a VoIP stream cannot be decrypted, it is often possible to obtain a list of times, durations, and IP addresses that can easily provide both location and evidence. Also, if a VoIP call breaks out onto the PSTN, a service offered by many or most VoIP telcos, then once again you have a location (albeit the call destination rather than the source), and you have the opportunity to monitor the call.
No-one likes to think that all their calls are being tracked, or that their location is known at all times, but of course in democratic countries we assume that there are enough checks and balances to ensure that this information is available to few and will not be abused. At the same time, criminals and terrorists should not assume that new technologies like VoIP and IM give them a cloak of anonymity, because this is definitely not the case.
MI5, the UK’s Security Service, wants moreÂ geeks, according to The Daily Telegraph, and will be advertising on the Tube (London Underground) in the next few weeks to try to boost recruitment.Â Would be’s imagining the life of James Bond, Harry Palmer or really even Austin Powers need not apply, though, since they are most likely in MI6 anyway.Â The job-in-hand here is intelligence analysis, lawful interception in foreign languages and network security.Â Their online jobs page can be found here.
It’s only a few years ago that MI5 were first allowed to openly advertise jobs (which makes you wonder what the recruitment process was before), but now they have a pretty nice website, which makes it much easier to see what the whole setup is about.
That’s the question Dean Takahashi asks in a column in today’s San Jose Mercury News titled: Wiretapping could stifle VOIP technology. It is not entirely clear to me why Takahashi is writing this today given that there does not seem to be any real “new” news…. but with a headline like that and in the Mercury News, it is bound to get some attention over the next few days. Takahashi points out that US VoIP service providers that connect to the PSTN much comply with the FCC regulation by May 14, 2007 but that pure Internet peer-to-peer/p2p services like Skype are currently exempt. He does provide this teaser:
But it appears from its legal maneuvers that the FBI may also want to find a way to tap peer-to-peer calls, the ones that bypass the telephone system. And the FCC’s analysis of the FBI request suggests it might go along with a move to require wiretapping on any new Internet communications system.
Which leads to the obvious question of how a p2p system would actually do this… which leads to the opinion that some centralization would be required… which leads to the conclusion that this could therefore kill p2p VoIP systems in their true p2p form. The article refers people over to the Center for Democracy and Technology CALEA page where the CDT has copious amounts of info about CALEA (obviously from their point-of-view). Takahashi concludes with:
We have to balance the need to enforce laws with the need to move technology forward and at the same time protect our privacy. If we hobble technology to help law enforcement, we make ourselves vulnerable, not safer.
We faced this kind of issue in the early 1990s, when the debate was about whether to allow encryption technologies strong enough to hide data from the government. The government later decided to allow strong encryption to be used unencumbered, particularly as the technology was allowed overseas. The outcome here may be the same.
Given that VOIPSA is a global organization that encompasses a wide range of companies, people and geographic regions, its not really our place as an organization to wade into the debate of legislation in one particular country. But it is definitely a matter that does merit discussion and attention. There are very legitimate needs by law enforcement. There are also very legitimate privacy concerns – and security concerns. Where do we as nations, companies and individuals strike the balance?
Those interested in the topic of Lawful Intercept (LI) and CALEA might be interested in a new blog over on the TMC site.Â Scott Coleman of SS8 is writing a new column called Demystifying Lawful Intercept and CALEA.Â The cunningly-named SS8 market a number of products including LI solutions. And no, LI is not done with crocodile clips.
Dean Elwood, one of the founders of voipuser.orgÂ (a free VoIP service provider and online magazine) recently wrote an interesting article called “How To Build A Voip Network:Â 7 rules for the VoIP entrepreneur in 2007.“Â It’s a great read fromÂ someone with experience of creating value from a VoIP service, rather than the usual marketing “talking head”.Â It also raises some interesting VoIP security questions, including Session Border Controllers, Lawful Intercept, Denial of Service andÂ confidentiality.
CBS reports here that investigators have been given the go ahead to look at the NSA’s wire-tapping programme.
Various “Click to Call” services have begun to emerge recently, bringing with them some very interesting and questionable service behavior. In a nut-shell, Click-to-Call provides a website user with a button that they can click to initiate a voice session with the website or business, such as a customer service department. Most of these types of services work in a similar way with only minor variations; when a user clicks on the click-to-call button or link, the user is asked for their phone number. The “called” party’s phone system or click-to-call provider then essentially initiates a 3-way call, first calling the website user at the number they provided, then once the user answers, connecting that call to the number of the business or website owner. In most cases these sysetms spoof the Caller-ID of the called party toward the user and may or may not spoof the Caller-ID of the user toward the callee.
The October edition of Internet Telephony Magazine (free download can be found on the TMC website) names the 100 Top Voices of IP Communications.Â A nice list of industry thought leaders, including VOIPSA Chairman, David Endler.
The same issue also has an article about CALEA,Â if that floats your boat.Â
According to news in PC Pro magazine, authorities in Switzerland have come up with an unorthodox plan to tackle call tapping of Skype and other VoIP users.Â VoIP calls can be end-to-end encrypted, which means that tapping on the Internet itself is often not practical.Â For example Skype use an undisclosed encryption algorithm and key exchange system.Â Phil Zimmermannâ€™s Zfone employs perfect secrecy so that the conversation cannot even be listened to later offline when the encryption key has been obtained.
So the Swiss plan?Â Tap the calls on the PC, by means of installing some kind of trojan to tap into the audio stream before it is encrypted.Â It would be installed either by the authorities or remotely by the ISP.
Now, this is a daft idea on so many different levels that itâ€™s hard to know where to begin.Â In an ordered society like Switzerland you could expect a high level of compliance with this kind of procedure.Â Unfortunately, the ones that wonâ€™t comply (for example malevolent hackers; gangsters; terrorists) are probably the ones that you are most interested in gathering intelligence about.Â Secondly, itâ€™s a gift for criminals, since if you leave a backdoor open, the PC already compromised, then someone will likely exploit this for criminal purposes.
With the right software in place, audio could be relayed in from elsewhere, allowing criminals to make calls â€œon your phoneâ€, possibly implicating you in a crime. Â Similarly, audio could be relayed out, so that those outside the government service could tap your phone, a boon to tabloid newspapers and blackmailers.
Finally, in a world of ever more mobile users, is this approach even practical?Â Mobile users with GPRS in their phone or PDA can connect to the Internet without even touching a Swiss ISP.Â Crime doesn’t necessarily stop at borders these days, couldn’t criminals just be in and out of the country before the G-Man sneaks some tapping software onto their laptop?