more on VoIP CALEA -- the NSF does work for guess who ? djf

[David Farber <dave () farber net>]

Begin forwarded message:

From: Tom Gray <tom_gray_grc () yahoo com>
Date: August 10, 2005 10:53:07 PM EDT
To: dave () farber net
Subject: Re: [IP] more on VoIP CALEA -- the NSF does work for guess  
who ? djf


Prof Farber

For IP if you think it suitable

In my original note, quoted below, I worote that it
would be relativley easy for SKYPE to tap Internet
only calls. Nothing in the reply below changes that.
The voice data is easily obtained at the packet
forwarder. SKYPE supplies the 'encryption' and could
provide means to defeat it.

If SKYPE is faced with the choice of developing a
CALEA capability or being legislated out of business,
they will have no great technical challenge to
accomodate the requirment.

Tom Gray


--- David Farber <dave () farber net> wrote:


> Begin forwarded message:
>
> From: Brad Templeton <btm () templetons com>
> Date: August 10, 2005 4:06:15 PM EDT
> To: David Farber <dave () farber net>
> Cc: tom_gray_grc () yahoo com
> Subject: Re: [IP] more on VoIP CALEA -- the NSF does
> work for guess
> who ? djf
>
>
> Dave, you can add this note to my prior note if you
> wish to
> forward it or either.
>
> On Wed, Aug 10, 2005 at 06:14:07AM -0400, David
> Farber wrote:
>
>
> > There is no great difficulty in arranging for the
> > interception of Internet-only voice calls,
> contrary to
>
> > what has been written in earlier messages in this
> > thread.
> ....
>
>
> > It would seem to be very simple for providers such
> as
>
> > SKPE and Vonage to intercept Internet-only voice
> > calls. The intereception could be done at the
> packet
>
> > forwarder. In most cases the packet forwarder is
> > required. Even in cases where it is not required,
> the
>
> > client software could be set up to accept a
> management
>
> > instruction amd silently send all packets thorugh
> a
>
> > forwarder without infromting the user.
> >
> > Tom Gray
>
> Skype, as far as we know (they don't reveal the
> details) encrypts
> end to end.  The external PC which is recruited to
> forward
> packets for people behind NAT does not, as far as I
> know, have
> the ability to decode the voice.  If it does, that
> would be a
> surprisingly poor encryption design, and a provider
> like Skype
> could change it.
>
> Skype is standalone software.  It queries Skype's
> master servers
> for information on where to do directory lookups and
> find external
> servers, but otherwise Skype's servers do not appear
> to participate
> in the calls, and thus, without modification of the
> downloaded
> software, could not interfere with or even be aware
> of calls, short
> of suborning the entire list of "volunteer"
> forwarding computers
> provided to the client.
>
> And as I noted before, rerouting IP to IP calls adds
> considerable
> problems.   I am building a VoIP phone service which
> connects two
> people by ringing both their phones.  However, it
> does not, as most
> such services do, bridge the calls in a central
> point.  Both endpoints
> send their audio to one another directly.  A central
> wiretap is
> not workable on such a call.   The system could tell
> both endpoints
> to talk to a bridge, which would be detectable and
> increase latency.
>
> One could easily provide software to watch for this
> and turn on an
> indicator on the phone saying, "Your line is
> tapped!"  In some ways,
> criminals might find it more useful to have a phone
> where they can
> tell if it's tapped to provide disinformation,
> rather than just
> avoiding taps altogether as you would with Skype.
>
>
> -------------------------------------
> You are subscribed as tom_gray_grc () yahoo com
> To manage your subscription, go to
>   http://v2.listbox.com/member/?listname=ip
>
> Archives at:
http://www.interesting-people.org/archives/interesting-people/

>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/