more on Wiretapping Technology vs. Wiretapping Laws

[David Farber <dave () farber net>]

Begin forwarded message:

From: Brad Templeton <btm () templetons com>
Date: August 10, 2005 3:22:46 PM EDT
To: David Farber <dave () farber net>
Cc: lauren () vortex com
Subject: Re: [IP] Wiretapping Technology vs. Wiretapping Laws


>   1) VoIP call has at least one leg that terminates on the PSTN.
>      The Internet portion of the call may or may not be encrypted
>      (or strongly encrypted).  Result: Tapping is possible and
>      relatively trivial for that call.  The tap can be located at

Much VoIP termination is done by routing the call over IP to a
local termination provider in the LATA or even phone CO of the target
PSTN number.  In many cases, these termination providers are independent
entities.  Larger VoIP companies have individual contracts with these
terminators, more rely on aggregators to have these contracts and
handle the settlements.   Some VoIP companies manage their own gateways
to the PSTN through a small number of chokepoints (this gives you more
control over the quality) but almost all of them rely on 3rd parties and
aggregators to terminate the calls overseas.   There are even bidding
markets.

As such it is far from trivial to tap a person's calls to the PSTN
by listening at the interface, except for the companies which do all
their own terminations.   The requirement that it be possible puts
serious burdens on companies designing services.

Indeed, the only practical way to do it is to, for the target, reroute
all their voice streams through centralized switches which can forward
and record them, as is the case described below for IP to IP calls.

Ideally, these termination providers will eventually support end to end
encryption, with a DHM key exchange so even this technique will not  
work.

Rerouting the call to this switch is going to be visible to the target
in two ways.  If they know enough to look at where their voice is being
sent, they could see that it's going to a router rather than to the city
they are calling.   Worse, however, they will be able to hear this,  
in that
it will often increase the latency of the call -- the biggest complaint
people have about the quality of voip calls.

This also applies to IP to IP calls.

While it is not commonly done this way, I could build a VoIP telco that
terminated to the PSTN and had no central switches or means of  
controlling
calls.  I would give you software that, given a number, looked up in
a static table downloaded with the software the IP address of the  
termination
provider best for that number, and I could give you account codes to
get access to it.  Billing records would come back to the telco in the
end, most probably, but otherwise the telco would have no knowledge of
your calls or any way to interfere or tap them.  They would need to  
place
a tap at every termination provider you might call.

However, is this distributed architecture of telco now illegal?



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/