[Fwd: [IP] Feds: VoIP a potential haven for terrorists]
-------- Original Message -------- Subject: [IP] Feds: VoIP a potential haven for terrorists Date: Fri, 18 Jun 2004 09:10:19 -0400 From: David Farber <dave@farber.net> Reply-To: dave@farber.net To: Ip <ip@v2.listbox.com> -------------------------------------------------------------- This story was printed from ZDNN, located at http://www.zdnn.com. -------------------------------------------------------------- Feds: VoIP a potential haven for terrorists By Declan McCullagh CNET News.com June 16, 2004, 10:54 AM PT URL: http://zdnet.com.com/2100-1105-5236233.html WASHINGTON--The U.S. Department of Justice on Wednesday lashed out at Internet telephony, saying the fast-growing technology could foster "drug trafficking, organized crime and terrorism." Laura Parsky, a deputy assistant attorney general in the Justice Department, told a Senate panel that law enforcement bodies are deeply worried about their ability to wiretap conversations that use voice over Internet Protocol (VoIP) services. "I am here to underscore how very important it is that this type of telephone service not become a haven for criminals, terrorists and spies," Parsky said. "Access to telephone service, regardless of how it is transmitted, is a highly valuable law enforcement tool." Police been able to conduct Internet wiretaps for at least a decade, and the FBI's controversial Carnivore (also called DCS1000) system was designed to facilitate online surveillance. But Parsky said that discerning "what the specific (VoIP) protocols are and how law enforcement can extract just the specific information" are difficult problems that could be solved by Congress requiring all VoIP providers to build in backdoors for police surveillance. The Bush administration's request was met with some skepticism from members of the Senate Commerce committee, who suggested that it was too soon to impose such weighty regulations on the fledgling VoIP industry. Such rules already apply to old-fashioned telephone networks, thanks to a 1994 law called the Communications Assistance for Law Enforcement Act (CALEA). "What you need to do is convince us first on a bipartisan basis that there's a problem here," said Sen. Ron Wyden, D-Ore. "I would like to hear specific examples of what you can't do now and where the law falls short. You're looking now for a remedy for a problem that has not been documented." Wednesday's hearing was the first to focus on a bill called the VoIP Regulatory Freedom Act, sponsored by Sen. John Sununu, R-N.H. It would ban state governments from regulating or taxing VoIP connections. It also says that VoIP companies that connect to the public telephone network may be required to follow CALEA rules, which would make it easier for agencies to wiretap such phone calls. The Justice Department's objection to the bill is twofold: Its wording leaves too much discretion with the Federal Communications Commission, Parsky argued, and it does not impose wiretapping requirements on Internet-only VoIP networks that do not touch the existing phone network, such as Pulver.com's Free World Dialup. "It is even more critical today than (when CALEA was enacted in 1994) that advances in communications technology not provide a haven for criminal activity and an undetectable means of death and destruction," Parsky said. Sen. Frank Lautenberg, D-N.J., wondered if it was too early to order VoIP firms to be wiretap-friendly by extending CALEA's rules. "Are we premature in trying to tie all of this down?" he asked. "The technology shift is so rapid and so vast." The Senate's action comes as the FCC considers a request submitted in March by the FBI. If the request is approved, all broadband Internet providers--including companies using cable and digital subscriber line technology--will be required to rewire their networks to support easy wiretapping by police. Wednesday's hearing also touched on which regulations covering 911 and "universal service" should apply to VoIP providers. The Sununu bill would require the FCC to levy universal service fees on Internet phone calls, with the proceeds to be redirected to provide discounted analog phone service to low-income and rural American households. One point of contention was whether states and counties could levy taxes on VoIP connections to support services such as 911 emergency calling. Because of that concern, "I would not support the bill as drafted and I hope we would not mark up legislation at this point," said Sen. Byron Dorgan, D-N.D. Sen. Conrad Burns, R-Mont., added: "The marketplace does not always provide for critical services such as emergency response, particularly in rural America. We must give Americans the peace of mind they deserve." Some VoIP companies, however, have announced plans to support 911 calling. In addition, Internet-based phone networks have the potential to offer far more useful information about people who make an emergency call than analog systems do. <http://zdnet.com.com/2102-1105_2-5236233.html?tag=printthis> ------------------------------------- You are subscribed as suresh@hserus.net To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
I wish I wish I wish that the murdering $&*#1! would spend their time messing with @#*&@###! VoIP rather than anything else. Suresh Ramasubramanian <suresh@outblaze. To com> nanog <nanog@merit.edu> Sent by: cc owner-nanog@merit .edu Subject [Fwd: [IP] Feds: VoIP a potential haven for terrorists] 06/18/2004 09:18 AM -------- Original Message -------- Subject: [IP] Feds: VoIP a potential haven for terrorists Date: Fri, 18 Jun 2004 09:10:19 -0400 From: David Farber <dave@farber.net> Reply-To: dave@farber.net To: Ip <ip@v2.listbox.com> -------------------------------------------------------------- This story was printed from ZDNN, located at http://www.zdnn.com. -------------------------------------------------------------- Feds: VoIP a potential haven for terrorists By Declan McCullagh CNET News.com June 16, 2004, 10:54 AM PT URL: http://zdnet.com.com/2100-1105-5236233.html WASHINGTON--The U.S. Department of Justice on Wednesday lashed out at Internet telephony, saying the fast-growing technology could foster "drug trafficking, organized crime and terrorism." Laura Parsky, a deputy assistant attorney general in the Justice Department, told a Senate panel that law enforcement bodies are deeply worried about their ability to wiretap conversations that use voice over Internet Protocol (VoIP) services. "I am here to underscore how very important it is that this type of telephone service not become a haven for criminals, terrorists and spies," Parsky said. "Access to telephone service, regardless of how it is transmitted, is a highly valuable law enforcement tool." Police been able to conduct Internet wiretaps for at least a decade, and the FBI's controversial Carnivore (also called DCS1000) system was designed to facilitate online surveillance. But Parsky said that discerning "what the specific (VoIP) protocols are and how law enforcement can extract just the specific information" are difficult problems that could be solved by Congress requiring all VoIP providers to build in backdoors for police surveillance. The Bush administration's request was met with some skepticism from members of the Senate Commerce committee, who suggested that it was too soon to impose such weighty regulations on the fledgling VoIP industry. Such rules already apply to old-fashioned telephone networks, thanks to a 1994 law called the Communications Assistance for Law Enforcement Act (CALEA). "What you need to do is convince us first on a bipartisan basis that there's a problem here," said Sen. Ron Wyden, D-Ore. "I would like to hear specific examples of what you can't do now and where the law falls short. You're looking now for a remedy for a problem that has not been documented." Wednesday's hearing was the first to focus on a bill called the VoIP Regulatory Freedom Act, sponsored by Sen. John Sununu, R-N.H. It would ban state governments from regulating or taxing VoIP connections. It also says that VoIP companies that connect to the public telephone network may be required to follow CALEA rules, which would make it easier for agencies to wiretap such phone calls. The Justice Department's objection to the bill is twofold: Its wording leaves too much discretion with the Federal Communications Commission, Parsky argued, and it does not impose wiretapping requirements on Internet-only VoIP networks that do not touch the existing phone network, such as Pulver.com's Free World Dialup. "It is even more critical today than (when CALEA was enacted in 1994) that advances in communications technology not provide a haven for criminal activity and an undetectable means of death and destruction," Parsky said. Sen. Frank Lautenberg, D-N.J., wondered if it was too early to order VoIP firms to be wiretap-friendly by extending CALEA's rules. "Are we premature in trying to tie all of this down?" he asked. "The technology shift is so rapid and so vast." The Senate's action comes as the FCC considers a request submitted in March by the FBI. If the request is approved, all broadband Internet providers--including companies using cable and digital subscriber line technology--will be required to rewire their networks to support easy wiretapping by police. Wednesday's hearing also touched on which regulations covering 911 and "universal service" should apply to VoIP providers. The Sununu bill would require the FCC to levy universal service fees on Internet phone calls, with the proceeds to be redirected to provide discounted analog phone service to low-income and rural American households. One point of contention was whether states and counties could levy taxes on VoIP connections to support services such as 911 emergency calling. Because of that concern, "I would not support the bill as drafted and I hope we would not mark up legislation at this point," said Sen. Byron Dorgan, D-N.D. Sen. Conrad Burns, R-Mont., added: "The marketplace does not always provide for critical services such as emergency response, particularly in rural America. We must give Americans the peace of mind they deserve." Some VoIP companies, however, have announced plans to support 911 calling. In addition, Internet-based phone networks have the potential to offer far more useful information about people who make an emergency call than analog systems do. <http://zdnet.com.com/2102-1105_2-5236233.html?tag=printthis> Archives at: http://www.interesting-people.org/archives/interesting-people/
On Fri, 18 Jun 2004, Suresh Ramasubramanian wrote: : Feds: VoIP a potential haven for terrorists : By Declan McCullagh : The Senate's action comes as the FCC considers a request submitted in : March by the FBI. If the request is approved, all broadband Internet : providers--including companies using cable and digital subscriber line : technology--will be required to rewire their networks to support easy : wiretapping by police. Anyone know yet if they've they said who would have to pay for it, and what they specifically mean by "broadband Internet providers"? scott
** Reply to message from Scott Weeks <surfer@mauigateway.com> on Fri, 18 Jun 2004 09:30:03 -1000 (HST)
On Fri, 18 Jun 2004, Suresh Ramasubramanian wrote:
: Feds: VoIP a potential haven for terrorists : By Declan McCullagh
: The Senate's action comes as the FCC considers a request submitted in : March by the FBI. If the request is approved, all broadband Internet : providers--including companies using cable and digital subscriber line : technology--will be required to rewire their networks to support easy : wiretapping by police.
Anyone know yet if they've they said who would have to pay for it, and what they specifically mean by "broadband Internet providers"?
scott
Pay for it? If I remember from CALEA, the providers pay for it (and eventually their customers), and as for "broadband Internet providers"... I'm guessing anyone who offers end user customers a circuit bigger than 53.333k. I admit to having some sympathy for the FBI... they're in the middle of getting ripped up, down and sideways over failures over Sept 11 and other things, and yet when they ask for more surveilance capabilities, they get ripped up, down and sideways for asking... -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
On 6/18/04 3:41 PM, "Jeff Shultz" <jeffshultz@wvi.com> wrote:
I admit to having some sympathy for the FBI... they're in the middle of getting ripped up, down and sideways over failures over Sept 11 and other things, and yet when they ask for more surveilance capabilities, they get ripped up, down and sideways for asking...
Not to get too off-topic here, but the FBI may be better served by investing in Human Intelligence. Plugging wires into operational networks is pretty cool, but turning a guy on one end of that VoIP call is more useful. We now return to our regularly scheduled comparisons of Best Effort Internet Services to Boxes of Chocolate or whatever today's lively conversation happens to be. -- Daniel Golding Network and Telecommunications Strategies Burton Group
I admit to having some sympathy for the FBI... they're in the middle of getting ripped up, down and sideways over failures over Sept 11 and other things,
** Reply to message from Randy Bush <randy@psg.com> on Fri, 18 Jun 2004 14:30:13 -0700
I admit to having some sympathy for the FBI... they're in the middle of getting ripped up, down and sideways over failures over Sept 11 and other things,
Hmmm, but they aren't biased, are they? Any cites that aren't from the defendants? I'm not saying they aren't right, but that does appear a bit one-sided. -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
try http://www.caedefensefund.org/overview.html Hmmm, but they aren't biased, are they?
everything is biased one way or the other in this world. i also searched the ny times. not a pretty looking state of affairs. randy
On Fri, Jun 18, 2004 at 12:41:45PM -0700, jeffshultz@wvi.com said:
** Reply to message from Scott Weeks <surfer@mauigateway.com> on Fri, 18 Jun 2004 09:30:03 -1000 (HST)
On Fri, 18 Jun 2004, Suresh Ramasubramanian wrote:
: Feds: VoIP a potential haven for terrorists : By Declan McCullagh
: The Senate's action comes as the FCC considers a request submitted in : March by the FBI. If the request is approved, all broadband Internet : providers--including companies using cable and digital subscriber line : technology--will be required to rewire their networks to support easy : wiretapping by police.
Anyone know yet if they've they said who would have to pay for it, and what they specifically mean by "broadband Internet providers"?
scott
Pay for it? If I remember from CALEA, the providers pay for it (and eventually their customers), and as for "broadband Internet providers"... I'm guessing anyone who offers end user customers a circuit bigger than 53.333k.
I admit to having some sympathy for the FBI... they're in the middle of getting ripped up, down and sideways over failures over Sept 11 and other things, and yet when they ask for more surveilance capabilities, they get ripped up, down and sideways for asking...
they don't need more surveillance capabilities as much as they need to better utilize what they've already got. More laws aren't the answer to lack of success enforcing what's already on the books. -- Scott Francis | darkuncle(at)darkuncle(dot)net | 0x5537F527 The ultimate result of shielding men from the effects of folly is to fill the world with fools. -- Herbert Spencer
they don't need more surveillance capabilities as much as they need to better utilize what they've already got. More laws aren't the answer to lack of success enforcing what's already on the books.
We should not be building surveillance technology into standards. Law enforcement was not supposed to be easy. Where it is easy, it's called a police state. -- Jeff Schiller
On Fri, Jun 18, 2004 at 08:25:15PM -0700, randy@psg.com said:
they don't need more surveillance capabilities as much as they need to better utilize what they've already got. More laws aren't the answer to lack of success enforcing what's already on the books.
We should not be building surveillance technology into standards. Law enforcement was not supposed to be easy. Where it is easy, it's called a police state. -- Jeff Schiller
"It is poor civic hygiene to install technologies that could someday facilitate a police state." -- Bruce Schneier Amen on both counts; couldn't agree with either quote more. -- Scott Francis | darkuncle(at)darkuncle(dot)net | 0x5537F527 The ultimate result of shielding men from the effects of folly is to fill the world with fools. -- Herbert Spencer
* jeffshultz@wvi.com (Jeff Shultz) [Fri 18 Jun 2004, 21:42 CEST]:
Pay for it? If I remember from CALEA, the providers pay for it (and eventually their customers), and as for "broadband Internet providers"... I'm guessing anyone who offers end user customers a circuit bigger than 53.333k.
Pet peeve: broadband isn't a synonym for "faster than a modem." Cable and DSL are broadband due to those technologies using a wide range of frequencies. Ethernet is not broadband (but baseband). -- Niels.
Thus spake "Niels Bakker" <niels=nanog@bakker.net>
* jeffshultz@wvi.com (Jeff Shultz) [Fri 18 Jun 2004, 21:42 CEST]:
Pay for it? If I remember from CALEA, the providers pay for it (and eventually their customers), and as for "broadband Internet providers"... I'm guessing anyone who offers end user customers a circuit bigger than 53.333k.
Pet peeve: broadband isn't a synonym for "faster than a modem." Cable and DSL are broadband due to those technologies using a wide range of frequencies. Ethernet is not broadband (but baseband).
Congress can define a word (in the US legal context) to mean anything they want; whether such has any relation to its technical definition is irrelevant. I doubt they care about the technology used to deliver IP service, only the capabilities and typical users; defining "broadband" as any circuit 56kbps or above would likely suffice for their intent, regardless of how incorrect it is. However, I fail to see how "broadband" or link speeds in general even matter in this context; what matters is whether the link is of sufficient speed for VoIP to be feasible, in which case anything from 9.6kbps cellular to WiFi, from ARCnet to OC192/10GE might qualify -- or might not, if IP isn't running over it. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov
On 6/18/04 3:30 PM, "Scott Weeks" <surfer@mauigateway.com> wrote:
{snip}
Anyone know yet if they've they said who would have to pay for it, and what they specifically mean by "broadband Internet providers"?
scott
Well, that's the issue, now isn't it. It all comes down to money and control. There are three schools of thought here. One is that the VoIP should not be wiretapped at all. This seems a little unrealistic considering that we allow other calls to be tapped. The second school is that VoIP calls should be made no easier or harder to tap than the technology itself warrants through its natural evolution. The FBI or whomever would just have to learn how to work with it as it evolves. The third school of thought is that all VoIP boxes should come with a red rj45 that says "FBI use only" and a big red button to start the data flowing to said jack. Pickering and the FBI are asking for the third option. Some technologists and civil libertarians seem to be advocating the first option. These might be negotiating tactics rather than honest positions - welcome to Washington. The amount of money the FBI would need to spend to tap a VoIP call is highest with the first option, intermediate with the second, and lowest with the last. Some services companies are really salivating for the chance to add CALEA hardware to VoIP networks. I won't mention any particular companies here, as they have taken a recent beating on this list. Piling on seems rather cruel. The second option is probably the most sensible. We'll see how far sensible gets in the halls of Congress. I suggest crossing fingers, now. -- Daniel Golding Network and Telecommunications Strategies Burton Group
At 3:44 PM -0400 6/18/04, Daniel Golding wrote:
There are three schools of thought here.
One is that the VoIP should not be wiretapped at all. This seems a little unrealistic considering that we allow other calls to be tapped. The second school is that VoIP calls should be made no easier or harder to tap than the technology itself warrants through its natural evolution. The FBI or whomever would just have to learn how to work with it as it evolves. The third school of thought is that all VoIP boxes should come with a red rj45 that says "FBI use only" and a big red button to start the data flowing to said jack.
There another axis of the conversation going on, and that is with respect to the scope of voice technologies that require support... One camp believes that all voice communication must provide CALEA and the other believes that just those voice services which provide interconnection to/from the PSTN should need compliance. The latter position is far easier to implement and corresponds to today's capabilities. Under the more generous definition of any voice communication, there's a huge realm of possible applications that might need to be intercepted including IM services, Skype, web chat support protocols, and even audio-enabled chats that are embedded in games. Someone's going to make a killing in stateful packet detection at the metro POP level... /John
Thus spake "Daniel Golding" <dgolding@burtongroup.com>
The amount of money the FBI would need to spend to tap a VoIP call is highest with the first option, intermediate with the second, and lowest with the last. Some services companies are really salivating for the chance to add CALEA hardware to VoIP networks. I won't mention any particular companies here, as they have taken a recent beating on this list. Piling on seems rather cruel.
I'm told that most CALEA warrants only authorize a pen register, not an actual tap. Pen registers are trivial to implement, since the provider's software undoubtedly has an option to produce CDRs for billing or planning purposes. Unfortunately this doesn't cover the case of purely P2P calls which don't have a VoIP provider; if the suspect is using such software, the only way to produce a pen register is with a tap. AFAIK, one of the provisions of CALEA warrants is that the provider can't tell the customer their line is being tapped. The most straightforward VoIP intercept method requires routing the call through an intercept device or bridging unit, which is detectable and hus probably counts as disclosure. Since VoIP packets are routed just like any others, the only workable solution I see is to provide for tapping of all IP links and (by law) require the FBI drop all traffic except what they've got a warrant for. Tapping a SONET or Ethernet link isn't tough, and real-time decoding of packets up to OC12 speeds was doable on COTS PCs several years ago. One US telco built such software specifically to comply with CALEA when the FBI inevitably woke up; it could reassemble selected RTP streams (in real time) and even play them on a POTS line running to an FBI monitoring post. I'd assume that OC48/GE isn't much of a stretch today and that OC192/10GE is feasible with the FBI's funding levels. It'd certainly be easier to tap the customer's access line, but typical DSL/Cable gear may not have such provisions... One thing is very clear, however; if the industry doesn't come up with a working solution first, we will certainly have something unworkable shoved down our throats by Congress, the FCC, and the FBI. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov
On Fri, 18 Jun 2004, Stephen Sprunk wrote:
Tapping a SONET or Ethernet link isn't tough, and real-time decoding of packets up to OC12 speeds was doable on COTS PCs several years ago. One US telco built such software specifically to comply with CALEA when the FBI inevitably woke up; it could reassemble selected RTP streams (in real time) and even play them on a POTS line running to an FBI monitoring post. I'd assume that OC48/GE isn't much of a stretch today and that OC192/10GE is feasible with the FBI's funding levels. It'd certainly be easier to tap the customer's access line, but typical DSL/Cable gear may not have such provisions...
The real trouble with this scenario is the required truck roll and outage on the link toward the customer... This gets expensive if you have to roll to 10-20/month all over your domestic network. Today that is accomplished on the phone side with builtin 'stuff' on the phone switches (as I recall being told by some phone people) without a truck roll and without much hassle. :( Figuring out the difference between all the forms of 'VOIP' communications will be a headache for the govies and lawyers... just look at the minor inconveniences of CARNIVORE, eh?
One thing is very clear, however; if the industry doesn't come up with a working solution first, we will certainly have something unworkable shoved down our throats by Congress, the FCC, and the FBI.
Sure, but to date we are still awaiting good/complete requirements from the gov't so it's a little tough to determine what is 'required' in a solution such that data can be tapped and then appear in court in some form which is unimpeachable. -Chris
One thing is very clear, however; if the industry doesn't come up with a working solution first, we will certainly have something unworkable shoved down our throats by Congress, the FCC, and the FBI.
On the other hand, since you'll have to wait for 10 years in line behind all the other "broadband service providers" that the FBI would be arresting for non-compliance, you might not have to worry about it. Or you could wait for all the court cases that go first claiming that Voice Chat on IM is not related to VoIP. Perhaps we'll even get to see a court case where a President has phone sex on a VoIP line ;) Rob Nelson ronelson@vt.edu
On Fri, 18 Jun 2004, Stephen Sprunk wrote:
Tapping a SONET or Ethernet link isn't tough, and real-time decoding of packets up to OC12 speeds was doable on COTS PCs several years ago. One US telco built such software specifically to comply with CALEA when the FBI inevitably woke up; it could reassemble selected RTP streams (in real time) and even play them on a POTS line running to an FBI monitoring post. I'd assume that OC48/GE isn't much of a stretch today and that OC192/10GE is feasible with the FBI's funding levels. It'd certainly be easier to tap
Thus spake "Christopher L. Morrow" <christopher.morrow@mci.com> the
customer's access line, but typical DSL/Cable gear may not have such provisions...
The real trouble with this scenario is the required truck roll and outage on the link toward the customer... This gets expensive if you have to roll to 10-20/month all over your domestic network. Today that is accomplished on the phone side with builtin 'stuff' on the phone switches (as I recall being told by some phone people) without a truck roll and without much hassle. :(
That built-in "stuff" is possible with IP gear as well; the switches in your remote POP should support port mirroring, and many sniffers have the ability to filter and forward collected data in real time to another site for analysis. It's a pretty crude way of doing it, but it eliminates a truck roll if that's your priority, and there's no outage. Tapping entire SONET or Tx circuits is also possible without an outage, but you need to have a couple loops (of the correct size) somewhere to point the tap at and specialized software to extract the packets.
Figuring out the difference between all the forms of 'VOIP' communications will be a headache for the govies and lawyers... just look at the minor inconveniences of CARNIVORE, eh?
It'll get even more "interesting" when VoIP carriers roll out encryption for signalling and media; pen registers will still be possible, but a tap will be completely useless.
One thing is very clear, however; if the industry doesn't come up with a working solution first, we will certainly have something unworkable shoved down our throats by Congress, the FCC, and the FBI.
Sure, but to date we are still awaiting good/complete requirements from the gov't so it's a little tough to determine what is 'required' in a solution such that data can be tapped and then appear in court in some form which is unimpeachable.
Congress is going down the route of legislating implementation instead of legislating the requirements and leaving it to the FCC or industry to find possible implementations. Unfortunately the industry is collectively sticking their heads in the sand, and the FCC is loathe to comment on anything they don't have the authority to regulate. Without input to counter the FBI, how is Congress supposed to pass anything reasonable? As they say, the road to hell is paved with good intentions. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov
Speaking on Deep Background, the Press Secretary whispered:
I'm told that most CALEA warrants only authorize a pen register, not an actual tap. Pen registers are trivial to implement, since the provider's software undoubtedly has an option to produce CDRs for billing or planning purposes. Unfortunately this doesn't cover the case of purely P2P calls which don't have a VoIP provider; if the suspect is using such software, the only way to produce a pen register is with a tap.
Note that the requirements for a trap/trace aka pen register are a fraction of those for a Title III intercept. See http://www.usenix.org/events/sec01/eckenwiler/index.htm for at least an introduction.. -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
On Fri, 18 Jun 2004, Stephen Sprunk wrote:
I'm told that most CALEA warrants only authorize a pen register, not an
CALEA and wiretaps are independent subjects. You can have CALEA obligations even if you never, ever implement a single wiretap. On the other hand you may need to implement many wiretaps even though you have no CALEA obligations. For example, hotels and universities have traditionally been considered not to have CALEA obligations. However, both hotels and universities must comply with court orders if law enforcement wants to wiretap one of their phones. Should CALEA be extended to hotels and universities? Are hotels and universities broadband Internet providers when they offer Internet service in student dorm rooms or hotel rooms? In reality, CALEA is a funding bill; it has very little to do with technology. Imagine if law enforcement thought DNA testing was too expensive, so Congress passes a law requiring all doctors to purchase DNA testing equipment and provide free DNA tests to law enforcement. DNA is a complicated subject. Few police officers are qualified to analyze DNA. Instead law enforcement pays for professional DNA testing when it needs DNA testing. The FCC comment period has closed. Everyone had an opportunity to submit comments on the topic to the FCC. Consult your own attorney if you want real legal advice.
In message <Pine.GSO.4.58.0406190133050.29563@clifden.donelan.com>, Sean Donela n writes:
In reality, CALEA is a funding bill; it has very little to do with technology.
There's a lot more to it than that -- there's also access without involving telco personnel, and possibly the ability to do many more wiretaps (have you looked at the capacity requirements lately), but funding is certainly a large part of it. From Section (e) of http://www4.law.cornell.edu/uscode/18/2518.html : Any provider of wire or electronic communication service, landlord, custodian or other person furnishing such facilities or technical assistance shall be compensated therefor by the applicant for reasonable expenses incurred in providing such facilities or assistance. --Steve Bellovin, http://www.research.att.com/~smb
Speaking on Deep Background, the Press Secretary whispered:
Any provider of wire or electronic communication service, landlord, custodian or other person furnishing such facilities or technical assistance shall be compensated therefor by the applicant for reasonable expenses incurred in providing such facilities or assistance.
--Steve Bellovin, http://www.research.att.com/~smb
The issue, I suspect, is, who defines "reasonable" here? Is it like Blue Cross who decides that "UCR" is 50% of what every MD charges, and refuses to justify their decision? I suspect some here have already "been there, done that"... Then there is the issue of getting paid in a timely manner, Prompt Payment Act or not. -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
On Sat, 19 Jun 2004, Steven M. Bellovin wrote:
There's a lot more to it than that -- there's also access without involving telco personnel, and possibly the ability to do many more wiretaps (have you looked at the capacity requirements lately), but funding is certainly a large part of it. From Section (e) of http://www4.law.cornell.edu/uscode/18/2518.html :
Any provider of wire or electronic communication service, landlord, custodian or other person furnishing such facilities or technical assistance shall be compensated therefor by the applicant for reasonable expenses incurred in providing such facilities or assistance.
That is not part of CALEA. Carriers found to be covered by CALEA must provide certain capabilities to law enforcement. For telecommunication equipment, facilities or services deployed after January 1 1995 the carrier must pay all reasonable costs to provide the capabilities. The capacity requirements are interesting. In some cases, the carrier is required to have more law enforcement tapping capacity than customer capacity. The government sets the capacit requirements without any regard for the cost of maintaining the capacity. If there are multiple competitive carriers in the same area, all of the carriers must have the same capacity. If you have a single customer in Los Angeles, you must provide the capacity for at least 1,360 simultaneous interceptions. How many SPAN ports do you have? As I mentioned, the wiretap acts and CALEA are really independent.
In message <Pine.GSO.4.58.0406191533030.384@clifden.donelan.com>, Sean Donelan writes:
On Sat, 19 Jun 2004, Steven M. Bellovin wrote:
There's a lot more to it than that -- there's also access without involving telco personnel, and possibly the ability to do many more wiretaps (have you looked at the capacity requirements lately), but funding is certainly a large part of it. From Section (e) of http://www4.law.cornell.edu/uscode/18/2518.html :
Any provider of wire or electronic communication service, landlord, custodian or other person furnishing such facilities or technical assistance shall be compensated therefor by the applicant for reasonable expenses incurred in providing such facilities or assistance.
That is not part of CALEA.
I know; that's precisely my point. (CALEA is 18 USC 2522, I believe.) The passage I quoted is from the older wiretap law -- and it requires the government to pick up the costs. As you note below, that cost was shifted by CALEA.
Carriers found to be covered by CALEA must provide certain capabilities to law enforcement. For telecommunication equipment, facilities or services deployed after January 1 1995 the carrier must pay all reasonable costs to provide the capabilities.
The capacity requirements are interesting. In some cases, the carrier is required to have more law enforcement tapping capacity than customer capacity. The government sets the capacit requirements without any regard for the cost of maintaining the capacity. If there are multiple competitive carriers in the same area, all of the carriers must have the same capacity. If you have a single customer in Los Angeles, you must provide the capacity for at least 1,360 simultaneous interceptions. How many SPAN ports do you have?
As I mentioned, the wiretap acts and CALEA are really independent.
--Steve Bellovin, http://www.research.att.com/~smb
At 04:32 PM 18-06-04 -0500, Stephen Sprunk wrote:
Thus spake "Daniel Golding" <dgolding@burtongroup.com>
The amount of money the FBI would need to spend to tap a VoIP call is highest with the first option, intermediate with the second, and lowest with the last. Some services companies are really salivating for the chance to add CALEA hardware to VoIP networks. I won't mention any particular companies here, as they have taken a recent beating on this list. Piling on seems rather cruel.
Electronic Surveillance Needs for Carrier-Grade Voice over Packet (CGVoP) Service CALEA Implementation Federal Bureau of Investigation Jan 29, 2003 http://www.ictlaw.net/upload/fbivoip.pdf -Hank
----- Original Message ----- From: "Scott Weeks" <surfer@mauigateway.com>
Anyone know yet if they've they said who would have to pay for it, and what they specifically mean by "broadband Internet providers"?
scott
A coupla' years ago, the FCC defined "Broadband" as 200Kbps and above. --Michael
On Fri, 18 Jun 2004, Michael Painter wrote:
A coupla' years ago, the FCC defined "Broadband" as 200Kbps and above.
Hmm different jurisdiction but Tiscali & NTL seems to think broadband is as low as 100Kbps http://www.tiscali.co.uk/products/broadband/3xfaster.html?code=ZZ-NL-11MR http://www.ntlhome.co.uk/ntl_internet/broadband.asp?cust=ntlcom_broadbandtex... Wrongful trading or say what you like if you make it up as you go along.. ? Steve
Stephen J. Wilcox [19/06/04 16:38 +0100]:
On Fri, 18 Jun 2004, Michael Painter wrote:
A coupla' years ago, the FCC defined "Broadband" as 200Kbps and above.
Hmm different jurisdiction but Tiscali & NTL seems to think broadband is as low as 100Kbps
In India, it is anywhere over 64 Kbps, and the maximum offered over cable / dsl is currently 512 Kbps. And of course, anything below several Mbps (or 100 Mbps in the case of FTTH) is definitely not "broadband" in Japan :) srs
On Fri, Jun 18, 2004 at 06:48:06PM +0530, Suresh Ramasubramanian wrote:
WASHINGTON--The U.S. Department of Justice on Wednesday lashed out at Internet telephony, saying the fast-growing technology could foster "drug trafficking, organized crime and terrorism."
"But the change is real. I don't think anybody would argue now that the Internet isn't becoming a major factor in our lives. However, it's very new to us. Newsreaders still feel it is worth a special and rather worrying mention if, for instance, a crime was planned by people over the Internet. They don't bother to mention when criminals use the telephone or the M4, or discuss their dastardly plans "over a cup of tea", though each of these was new and controversial in their day." --- Douglas Adams, 1999 --- complete Article at http://www.douglasadams.com/dna/19990901-00-a.html
participants (19)
-
Christopher L. Morrow -
Daniel Golding -
David Lesher -
Hank Nussbacher -
Jeff Shultz -
John Curran -
Michael Painter -
Niels Bakker -
Nils Ketelsen -
Randy Bush -
Rob Nelson -
Scott Francis -
Scott Weeks -
Sean Donelan -
Stephen J. Wilcox -
Stephen Sprunk -
Steven M. Bellovin -
Suresh Ramasubramanian -
wrolf.courtney@donovandata.com