[IP] more on more on E-mail intercept ruling - good grief!! (fwd from dave@farber.net)
----- Forwarded message from David Farber <dave@farber.net> -----
Eugen Leitl forwarded:
The constitutional question is whether users have a "reasonable expectation of privacy" in VOIP phone calls. Since the 1960's, the Supreme Court has found a 4th Amendment protection for voice phone calls. Meanwhile, it has found no constitutional protection for stored records. In an article coming out shortly from the Michigan Law Review, I show why VOIP calls quite possibly will be found NOT to have constitutional protection under the 4th Amendment. It would then be up to Congress to fix this, or else have the Supreme Court change its doctrine to provide more protections against future wiretaps. Article at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=490623 .
Call me cynical (no... go ahead), but if VOIP is found to have no 4th Amendment protection, Congress would first have to agree that this *is* a problem before thay could "fix" it. Given the recent track record of legislators vs. privacy, I'm not at all confident Congress would recognize the flaw, much less legislate to extend 4th Amendment protection. After all, arent more and more POTS long-distance calls being routed over IP? The only difference, really, is the point at which audio is fed to the codec. If the codec is in the central office, it's a "voice" call. If it's in the handset or local computer, it's VOIP. I think we can count on the Ashcroftians to eventually notice this and pounce upon the opportunity. And as for the SCOTUS, all they have to do is sit back on a strict interpretation and such intercepts aren't "wiretaps" at all. -- Roy M. Silvernail is roy@rant-central.com, and you're not "It's just this little chromium switch, here." - TFS SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com
On Fri, 2 Jul 2004, Roy M. Silvernail wrote:
Call me cynical (no... go ahead), but if VOIP is found to have no 4th Amendment protection, Congress would first have to agree that this *is* a problem before thay could "fix" it. Given the recent track record of legislators vs. privacy, I'm not at all confident Congress would recognize the flaw, much less legislate to extend 4th Amendment protection. After all, arent more and more POTS long-distance calls being routed over IP? The only difference, really, is the point at which audio is fed to the codec. If the codec is in the central office, it's a "voice" call. If it's in the handset or local computer, it's VOIP. I think we can count on the Ashcroftians to eventually notice this and pounce upon the opportunity. And as for the SCOTUS, all they have to do is sit back on a strict interpretation and such intercepts aren't "wiretaps" at all.
If VOIP gets no protection, then you'll see a lot of "digital" bugs in various spy shops again - and they'll all of a sudden be legal. I thought the Feds busted lots of people for selling bugging equipment, etc. because they're an invasion of privacy, etc. Ditto for devices that intercept digital cellular phone conversations, spyware software that turns on the microphone in your computer and sends the bits out over the internet, ditto for tempest'ing equipment ("But your honor, it's stored for 1/60th of a second in the phosphor! It's a storage medium!"), etc. Hey, they can't have their cake and eat it too. It's either protected or it isn't.
Sunder wrote:
On Fri, 2 Jul 2004, Roy M. Silvernail wrote:
Call me cynical (no... go ahead), but if VOIP is found to have no 4th Amendment protection, Congress would first have to agree that this *is* a problem before thay could "fix" it. Given the recent track record of legislators vs. privacy, I'm not at all confident Congress would recognize the flaw, much less legislate to extend 4th Amendment protection. After all, arent more and more POTS long-distance calls being routed over IP? The only difference, really, is the point at which audio is fed to the codec. If the codec is in the central office, it's a "voice" call. If it's in the handset or local computer, it's VOIP. I think we can count on the Ashcroftians to eventually notice this and pounce upon the opportunity. And as for the SCOTUS, all they have to do is sit back on a strict interpretation and such intercepts aren't "wiretaps" at all.
If VOIP gets no protection, then you'll see a lot of "digital" bugs in various spy shops again - and they'll all of a sudden be legal. I thought the Feds busted lots of people for selling bugging equipment, etc. because they're an invasion of privacy, etc.
Interesting counterpoint. Those busts were predicated on the violation of existing laws, where of course the feds get to break those laws with a good story and a judge's rubber sta.. er, I mean permission. So the question becomes "how does the fed keep their ability to intercept legally unprotected commo and at the same time, keep Joe Beets from doing the same thing".
Ditto for devices that intercept digital cellular phone conversations, spyware software that turns on the microphone in your computer and sends the bits out over the internet, ditto for tempest'ing equipment ("But your honor, it's stored for 1/60th of a second in the phosphor! It's a storage medium!"), etc.
The Tempest argument is a stretch, only because you're not actually recovering the information from the phosphor itself. But the Pandora argument is well taken.
Hey, they can't have their cake and eat it too. It's either protected or it isn't.
Not that they won't try, though. Or that they wouldn't opt toward unprotecting everything if the opportunity presented itself. -- Roy M. Silvernail is roy@rant-central.com, and you're not "It's just this little chromium switch, here." - TFS SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com
The Tempest argument is a stretch, only because you're not actually recovering the information from the phosphor itself. But the Pandora argument is well taken.
Actually there is optical tempest now that works by watching the flicker of a CRT. Point is actually even more moot since most monitors are now LCD based, etc. so there's no raster line scanning the display, etc...
If VOIP gets no protection, then you'll see a lot of "digital" bugs in
Protection of bits by legislation ??? Why is this a subject ? If you don't encrypt you will be listened to. Who the fuck cares if intercept is legal or not. That is irrelevant. It's like trying to obsolete summer clothing by making it illegal to watch pussies and dicks. And the discussion about it is similarly moronic. In olde times cypherpunks would applaud lack of legal bit protection as it stimulates sheeple to encrypt more. I mean wear panties. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
At 10:50 AM 7/2/2004, Roy M. Silvernail wrote:
Call me cynical (no... go ahead), but if VOIP is found to have no 4th Amendment protection, Congress would first have to agree that this *is* a problem before thay could "fix" it.
While Peter Swire is a much better judge of court behavior than I am (:-) the key issue in the Councilman case is that the Wiretap Law differentiates between "aural" communications on wires and the broader category of "electronic communications", and "electronic communications" might only be protected on wires, and not just when it's in storage or in transit on a computer. (What about wireless transmission? Is that protected?) If courts don't think VOIP is "aural", they're way out of line. That should mean that if you wiretap VOIP calls, you'd better have a warrant. On a more negative hand, it sounds like the court thinks that wiretap rules only apply to stuff that's on wire - do packets that are inside a router get protected, while it's busy thinking about what wire to put it on next? Does it matter whether you're intercepting the whole message, or is the fact that the packet you're intercepting is inside a router good enough for the court, even though the other packets in the message might still be on the wires into or out of the router?
Given the recent track record of legislators vs. privacy, I'm not at all confident Congress would recognize the flaw, much less legislate to extend 4th Amendment protection.
The Ashcroftians have been able to con Congress into letting them have lots of other things they ask for in the name of "preventing technological change from taking away our current powers", and every edge case seems to be used as a loophole to grant them more power, not to restrict what they've got. It's possible that a Kerry Administration would be less aggressive about this than the Bush Administration, though it's unlikely that they'd actually be much better than the Clinton Administration, would were pretty evil back in their day.
After all, arent more and more POTS long-distance calls being routed over IP? The only difference, really, is the point at which audio is fed to the codec. If the codec is in the central office, it's a "voice" call. If it's in the handset or local computer, it's VOIP. I think we can count on the Ashcroftians to eventually notice this and pounce upon the opportunity.
Oh, they know, and they're in a mad scramble to make sure that they can tap data communications as well, and most VOIP doesn't have useful crypto protection. So far, it's easier to tap VOIP calls after they've been turned back into telco-flavored TDM, but that's partly because they've got tools and practice and established procedures for doing so. The big difference with VOIP is that it's normal to design relatively distributed VOIP systems that do most of the work peer-to-peer, and it's harder to get a hook into the endpoints without the endpoints being aware of them. Some VOIP systems can probably be convinced to make three-way calls without telling the user interface at the endpoints, so the logical way to do wiretapping is to get the gatekeepers to build calls that way. ---- Bill Stewart bill.stewart@pobox.com
participants (5)
-
Bill Stewart -
Eugen Leitl -
Morlock Elloi -
Roy M. Silvernail -
Sunder