Wikileaks Publishes FBI VoIP Surveillance Docs

An anonymous reader writes "The folks on wikileaks have published a new interesting and shocking report: FBI Electronic Surveillance Needs for Carrier-Grade Voice over Packet (CGVoP) Service. The 88 paged document, which is part of the CALEA Implementation Plan was published in January 2003 and describes in detail all needs for surveillance of phone calls made via data services like the internet. Wikileaks has not published any analysis yet, so maybe some of the techies hanging around this end of the internet are interested in taking that one on."

PGPfone, where are you?

[CRCulver (715279)]

We desperately need a personal Internet telephony program that has full support for encryption. PGPfone was left unmaintained a decade ago, and Ekiga won't have encryption support until version 3.0. It's like there's a conspiracy to leave the public without such a basic tool.

Re:PGPfone, where are you?

[mikiN (75494)]

Twinkle [twinklephone.com]?
It handles encryption using ZRTP [wikipedia.org]/SRTP [wikipedia.org] and can do point-to-point (IP2IP) calls like good'ole Speak Freely.

Re:

[bdjacobson (1094909)]

Twinkle [twinklephone.com]?
It handles encryption using ZRTP [wikipedia.org]/SRTP [wikipedia.org] and can do point-to-point (IP2IP) calls like good'ole Speak Freely.

If I can't even convince my friends who use Pidgin already, to install PidginEncryption, how am I supposed to get them to use VOIP encryption?

"Well, it won't happen to me..."
Part of me wants to support further government wiretaps so that more abuses come to light and we can hopefully then convince people that privacy is important. But the other part hates it when innocent people are tortured for things they did not do.

So what's the right course of action? I'm starting to wonder if I'm one of the few people

Re:PGPfone, where are you?

[CNeb96 (60366)]

It was replaced by zphone http://www.zfoneproject.com/ [zfoneproject.com] alive and kicking and better.

Q: What is Zfone?

A: Zfone is my new secure VoIP phone software which lets you make secure encrypted phone calls over the Internet. The ZRTP protocol used by Zfone will soon be integrated into many standalone secure VoIP clients, but today we have a software product that lets you turn your existing VoIP client into a secure phone. The current Zfone software runs in the Internet protocol stack on any Windows XP, Mac OS X, or Linux PC, and intercepts and filters all the VoIP packets as they go in and out of the machine, and secures the call on the fly. You can use a variety of different software VoIP clients to make a VoIP call. The Zfone software detects when the call starts, and initiates a cryptographic key agreement between the two parties, and then proceeds to encrypt and decrypt the voice packets. It has its own little separate GUI, telling the user if the call is secure. It's as if Zfone were a "bump on the cord", sitting between the VoIP client and the Internet. Think of it as a bump in the protocol stack.

Re:

[mpapet (761907)]

I don't know how many *clients* support TLS, but openser (voip server) definitely does.

It's just too late to reclaim/roll-back any privacy. The horses left the barn YEARS ago. 10+ years anyway. I'm not advocating the untenable position of "I've got nothing to hide, so it's okay." This is just standard operating procedure at this point.

Re:

[element-o.p. (939033)]

How about "ssh -f -N -L...."? Tunneling IAX (or MGCP -- SIP is a bit problematic, since it chooses random ports) through SSH is pretty easy to do.

Re:

[profplump (309017)]

Both SIP and IAX are UDP-based, and won't tunnel via SSH's TCP tunnels. And UDP->TCP encapsulation is a bad idea for things like VoIP; you probably don't want to drop 2 seconds of the conversation just because 1 packet got mangled, and you sure don't want to waste bandwidth re-transmitting things that will never be played back.

However, IPSec's 3DES-CBC and AES-CBC modes both re-initialize for each datagram, so it can handle encryption on UDP packets without requiring in-order, complete reception or retra

Re:

[element-o.p. (939033)]

Sweet! I didn't know about that. I'll have to give it a try on my asterisk box.

Encrypted

[warrior_s (881715)]

I think its now time that one should start encrypting all voip traffic.. I understand we don't even have https everywhere right now..
use smartphones.. use encrypted voip to make all the phone calls, and use the regular service provider to make emergency calls like 911
I think this is the way to go..

I know some one will say there are attacks possible on encrypted connections... but the question is that its not feasible to attack every connection out there.. atleast make their job as difficult as possibl

Why is this shocking?

[MyNameIsFred (543994)]

I'm trying to figure out why the summary calls this document "shocking." Interesting yes, shocking no. It is well known that the law requires VOIP providers to maintain a capability for law enforcement agencies to wiretap. This requirement has been around for years, and is completely consistent with older "Plain Old Telephone Service." Its not like CALEA is hidden. You can find its website with a quick google. The author of the summary seems to be conflating CALEA with the dustup with the Bush administration and unlawful wiretaps. They are separate issues. Conflating them helps no one.

Re:

[by Anonymous Coward]

I'm inclined to agree. I looked into CALEA a couple of years ago as part of an investigation to see what impacts it might have for universities. Much of the public criticism seemed to assume that it was a way for law enforcement to tap all communications. In fact, it is the exact equivalent of existing wiretaps: they don't get a full feed; they get data for specific authorized interceptions. I admit to some concern about apparent diversion of massive traffic flows. It may be a good idea, but I'd like to see

Re:

[Anon12 (1256996)]

True - but it is interesting, I very surprised they were only assessing the need to access VoIP calls in 2003. That seems pretty late.

Old

[RockMFR (1022315)]

This was leaked at least 4 years ago [interesting-people.org].

Public Standards

[chill (34294)]

Yawn. This is the FBI's implementation plan, not some super-secret details of the specs. This is derived from J-STD-025A, J-STD-025B, and EWA 3.0 AMTA docs. Feel free to Google for those. The first and last you should be able to find. The "B" one they want money for, so it is harder to find freely online.

Those detail exactly WHAT and HOW monitoring is going to occur, on a technical level.

And don't get your knickers in a twist about the FBI document. I've already seen one instance where the FBI told a carrier "we want it done this way" and the carrier's lawyers said "no, that isn't legal and we won't do it". Of course, it was probably a result of the software not being implemented in that manner and it would have cost the carrier mucho $$ to do it the FBI's way...

Nothing like a few $$ to prompt the legal dept. to see it your way.

http://www.google.com/search?q=j-std-025&ie=utf-8&oe=utf-8&aq=t [google.com]

Words not found in pdf with a quick search

[aachrisg (899192)]

The words "warrant" and "judge" do not appear in this document.

Re:

[layer3switch (783864)]

interestingly enough, neither do "terrorist."

Re:

[sed quid in infernos (1167989)]

But it does contain "When legally authorized."

It's routine Big Brother stuff

[Animats (122034)]

There's not much new here. If you're familiar with CALEA, the law that hooked the Government into the phone system big-time, this is basically the same set of requirements the FBI wanted for voice calls. There was a big disagreement in the voice world over in-band signalling. The question was whether a "pen register" warrant authorized access to signalling data that goes over the voice channel, like Touch-Tone tones sent to some non-carrier device. The FBI was bitching about that for years.

The trouble with all this stuff is that Congress didn't mandate proper auditing. Every surveillance event in CALEA ought to be logged by the Judicial Branch, at the Administrative Office of the U.S. Courts. [uscourts.gov] We don't have that.

Re:

[the eric conspiracy (20178)]

The pen register act (title III under the 1986 ECPA) is a privacy law. Prior to the act no judicial order was required because of the fact that individuals making phone calls are disclosing the numbers they dial to a third party (the phone company) and thus should have no expectation of privacy in regard to the numbers they dialed. There is no Constitutional guarantee of privacy for information disclosed to a third party. Law enforcement benefits from the pen register act because court orders granted under

Slashdot looking for "techies"?!

[mattr (78516)]

I don't get why a site with "news for nerds" says in a summary
"techies hanging around this end of the internet".

Also the grandparent professes shock when this is already well known.

Can we walk out of preschool please? The subject matter is interesting and important but slashdot needs editors with a college degree.

Why, exactly, is this "shocking?"

[FredThompson (183335)]

Uh...why is this "shocking?" The telephone systems use VOIP and cell phones didn't exist 30 years ago. There were a few portable phones but nothing like today.

That's a serious question. I know, this is Slashdot, the home of foil hats and radial paranoia by broke students...

Re:paradigm shift

[Divebus (860563)]

Time to take Thomas Jefferson's advice?

Re:

[rucs_hack (784150)]

I think you're the wrong side of the gold rush for that to work any more......

Correct me if I'm wrong, but that's pretty much the point when the US that he envisioned more or less got replaced with what you have now.

Re:

[Threni (635302)]

Did Jefferson mention encryption? It's probably more likely to happen than getting people to go outside and get killed by the police or whatever.

Re:paradigm shift

[dbolger (161340)]

You mean "Don't talk about what you have done or what you are going to do [thinkexist.com] (at least over an unsecured medium)"? ;)

Re:

[WGFCrafty (1062506)]

""I would rather be exposed to the inconveniences attending too much liberty than to those attending too small a degree of it." -TJ

I think that one fits too.

Re:

[westlake (615356)]

Time to take Thomas Jefferson's advice?

and what advice would that be?

That of the President who launched convert operations against the Barbary pirates?

The President who doubled the size of the U.S. in the Louisiana Purchase? The U.S. would become a continental empire in less than fifty years.

The President who waged economic war against Britain and France? Thomas Jefferson: Foreign Affairs [millercenter.org]

The President who died as the Erie Canal and the Industrial Revolution was putting an end to the agrarian Republic

I call BS

[dreamchaser (49529)]

When used properly with *warrants*, wiretapping is an important law enforcement tool. Don't go confusing bad behavior by the Government with necessary law enforcement tools.

The capability is needed, but so is proper oversight and protection of Consitutional rights. Then again all you wanted was to squeeze in your Obama ad ;)

Re:

[ScrewMaster (602015)]

The void of anarchy is usually filled with totalitarianism.

Re:paradigm shift

[spiritraveller (641174)]

Anarchy exists nowhere but in the individual mind.

In any society of human individuals greater than one, there will always evolve some system of governance.

It is not a question of whether you will lose any freedom, but of how much you will lose.

Re:paradigm shift

[bug1 (96678)]

It is said that Anarchy is the absence of rulers, not the absence of rule.

Take the free software movement as an example... the movement isn't ruled by anyone, the society of human individuals (programmers) can license their work any way they like, but they _choose_ to push for freedom on to others.

Those who are free to choose are not ruled.

don't know what you're talking about

[sentientbrendan (316150)]

>It is said that Anarchy is the absence of rulers, not the absence of rule.
said by who? Let me guess, he was an "anarchist," by which I mean high school drop out living in his mom's basement, complaining that society would be "so much more awesome" if there weren't any rules, and he didn't have to keep his room clean.

Anarchy:
"Absence of government; a state of lawlessness due to the absence or inefficiency of the supreme power; political disorder."''

Any social endeavor has politics and power relationships

Re:

[Richard W.M. Jones (591125)]

Take the free software movement as an example... the movement isn't ruled by anyone, the society of human individuals (programmers) can license their work any way they like, but they _choose_ to push for freedom on to others.

... Thus showing that you understand neither anarchy nor the free software movement.

Free software is the perfect example of governance. It arises from the grassroots, the workers writing the software, but it is there nevertheless. Take a look at projects like Debian. "Debian

Re:paradigm shift

[spiritraveller (641174)]

It is at least a talking point of the Democrats. But one which I wouldn't trust Hillary to follow. And there is no question that McCain couldn't give a rat's ass about your privacy as to the FBI.

So yes, Obama is a better pick on individual rights than either of the alternatives.

Whether it will be a huge difference, or whether he will remain true to this, noone can be sure. As in life, there are no guarantees in politics.

Re:

[sumdumass (711423)]

You realize you are placing an awful lot of faith in the unknown with that statement right? Obama has done nothing to show that he would be any different then the others but you are willing to cut him a pass because you don't know.

To me, that doesn't seem to rational. But hey, a good majority of Americans believe an unseeable, untouchable, and magical being exists so I guess anything is possible.

Re:paradigm shift

[scionite0 (1160479)]

Obama has done nothing to show that he would be any different then the others but you are willing to cut him a pass because you don't know.

Senator Obama's qualifications Include a J.D. in constitutional law from Harvard, He was a lecturer of constitutional law at the University of Chicago Law School, and he worked as a community organizer and later as a lawyer representing community organizers on voting rights and discrimination issues.

So yeah I think that there is some evidence that he might have a better understanding of and respect for the constitution of the United States of America.

this can be confirmed with a simple wikipedia [wikipedia.org] search or set of google searches (or by reading his first book, Dreams from My Father).



Just because something is not yet proven does not mean that no evidence exists.

Re:

[sumdumass (711423)]

Clinton had some great credentials too but we still had ruby ridge, Waco, and the development of free speech zones and the DMCA under his expert leadership.

I repeat. Obama has _done_ nothing to _show_ he is any different from anyone else on the stage. He has been in office enough that his record should be known by now if he did.

Re:

[PopeRatzo (965947)]

So you are telling us that a lawyer gives a rats ass about our rights?

Wow, what a stupid thing to say.

Re:

[spiritraveller (641174)]

You realize you are placing an awful lot of faith in the unknown with that statement right?

Not really.

The other two options are clearly not in my best interest.

Obama has done enough in life to make it clear that he's a competent person who doesn't necessarily want to turn the country into a theocracy or a fascist state. That's pretty much all I'm looking for this election year.

Re:

[sumdumass (711423)]

Obama has done enough in life to make it clear that he's a competent person who doesn't necessarily want to turn the country into a theocracy or a fascist state. That's pretty much all I'm looking for this election year.

But that does or says nothing for civil rights. It is more or less a He is qualified because he isn't "them" which is the same as blind faith. He has not done anything to demonstrate that once in office, he would do anything any different.

And if you seriously think any of the candidates w

Re:

[element-o.p. (939033)]

When given three choices, and two of them are obviously bad, but the third is unknown, which one do you choose? Do you pick one of the choices that you know is bad, or do you take the chance on the third option? Are you seriously suggesting that it is irrational to choose the option that at least has a possibility of being something different?

Re:paradigm shift

[by Anonymous Coward]

Recording police interrogations is a manifestly good thing. It ensures, among other things, that the police can't simply beat you until you confess.

Surveillance of public servants and surveillance of the general populace aren't even remotely similar.

MOD PARENT INSIGHTFUL

[aprilsound (412645)]

The parent is insightful. I don't know why it's at -1. Video recording of interrogation keeps cops honest. GP is either stupid or trolling and *should* be modded down.

Re:

[utopianfiat (774016)]

Read what you write before you post it, because I'm not sure you actually realize what you just said. If so, hope your Karma enjoys its vacation.

You would rather have police locked in a room with someone and walk out with a supposedly signed confession disposition when a videotape would have proved it forged? Say what you want about "serve and protect", there are good cops, but it's the bad cops that ruin things for the rest of us.

Re:

[Breakfast Pants (323698)]

You guys have a fine eye for humor.

Re:

[Molochi (555357)]

Monitoring agents of the government and subsuming their authority to the accused's peers (the jury) as reviewers of that information, is not a bad thing. As long as it doesn't infringe on the rights of the accused. I can see (as any patriotic American could) that the 5th amendment would demand all responses by the accused be edited out.

Re:paradigm shift

[Bloopie (991306)]

If you think Ackbar Hussein Osama is going to be any bigger on individual rights than Grandpa and the Bitch, then you are sadly mistaken.

It's interesting that you should refer to "Barack" as "Ackbar." Admiral Ackbar was an accomplished leader of the Rebel Alliance, which was the "good" side in the Star Wars universe. He spent much of his career fighting the (evil) Galactic Empire.

It's telling that you should be using the name in a derogatory way.

In any case, I'm not the biggest expert in Star Wars, unlike some here, but evidently at some point Ackbar was wrongly accused of treason by a politically-motivated opponent. We'll have to watch Fox News over the next several months to find out how much life imitates art.

Re:Congratulations...

[smolloy (1250188)]

It's frightening that you think leaking information "about legal and non-controversial wire taps" is "borderline treason". If this really is as boring as you think, then why would millions need to be spent to undo any damage, why would the US gov start legal action, and why would there need to be an internal investigation?

Re:

[by Anonymous Coward]

It is funny how some mods attacked your comment. People should start realizing that THERE IS NO (-1) I don't agree .

Re:

[LaskoVortex (1153471)]

"Privacy" as discussed here is about protecting privacy from the government, to whom we pay taxes and who might imprison us, prosecute us, or target us for our beliefs, words, or affiliations. Privacy from the general public is a different issue. Please argue that issue elsewhere as it confuses (and is probably intentionally meant to confuse) the real issue of privacy with regards to the government. If you still don't understand, I'll repeat it in bold face: "Privacy" as discussed here is about protecting p