[dave@farber.net: [IP] Internet phone wiretapping ("Psst! The FBI is Having Trouble on the Line", Aug. 15)]
----- Forwarded message from David Farber <dave@farber.net> -----
Like I said: We need a WiFi VoIP over Tor app pronto! Let 'em CALEA -that-. Only then will the ghost of Tim May rest in piece. Then again, the FBI probably loves hanging out in Starbucks anyway... -TD
From: Eugen Leitl <eugen@leitl.org> To: cypherpunks@jfet.org Subject: [dave@farber.net: [IP] Internet phone wiretapping ("Psst! The FBI is Having Trouble on the Line", Aug. 15)] Date: Wed, 7 Sep 2005 15:58:08 +0200
----- Forwarded message from David Farber <dave@farber.net> -----
From: David Farber <dave@farber.net> Date: Wed, 7 Sep 2005 09:48:13 -0400 To: Ip Ip <ip@v2.listbox.com> Subject: [IP] Internet phone wiretapping ("Psst! The FBI is Having Trouble on the Line", Aug. 15) X-Mailer: Apple Mail (2.734) Reply-To: dave@farber.net
Begin forwarded message:
From: Seth David Schoen <schoen@eff.org> Date: September 5, 2005 6:10:02 PM EDT To: David Farber <dave@farber.net> Cc: Donna Wentworth <donna@eff.org>, eff-priv@eff.org Subject: Re: [E-PRV] Internet phone wiretapping ("Psst! The FBI is Having Trouble on the Line", Aug. 15)
David Farber writes:
Can I get a copy for IP
The original article is at
http://www.time.com/time/archive/preview/0,10987,1090908,00.html (subscription required)
Here's the letter we sent:
Your account of FBI efforts to embed wiretapping into the design of new Internet communication technologies ("Psst! The FBI is Having Trouble on the Line," Notebook, August 15) is in error.
You claim that police "can't tap into [Internet] conversations or identify the location of callers, even with court orders."
That is false. Internet service providers and VoIP companies have consistently responded to such orders and turned over information in their possession. There is no evidence that law enforcement is having any trouble obtaining compliance.
But more disturbingly, you omit entirely any reference to the grave threat these FBI initiatives pose to the personal privacy and security of innocent Americans. The technologies currently used to create wiretap-friendly computer networks make the people on those networks more pregnable to attackers who want to steal their data or personal information. And at a time when many of our most fundamental consititutional rights are being stripped away in the name of fighting terrorism, you implicitly endorse opening yet another channel for potential government abuse.
The legislative history of the Communications Assistance for Law Enforcement Act (CALEA) shows that Congress recognized the danger of giving law enforcement this kind of surveillance power "in the face of increasingly powerful and personally revealing technologies" (H.R. Rep. No. 103-827, 1994 U.S.C.C.A.N. 3489, 3493 [1994] [House Report]). The law explicitly exempts so-called information services; law enforcement repeatedly assured civil libertarians that the Internet would be excluded. Yet the FBI and FCC have now betrayed that promise and stepped beyond the law, demanding that Internet software be redesigned to facilitate eavesdropping. In the coming months, we expect the federal courts to rein in these dangerously expansive legal intepretations.
-- Seth Schoen Staff Technologist schoen@eff.org Electronic Frontier Foundation http://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107
------------------------------------- You are subscribed as eugen@leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
On Wed, 7 Sep 2005, Tyler Durden wrote:
Like I said:
We need a WiFi VoIP over Tor app pronto! Let 'em CALEA -that-. Only then will the ghost of Tim May rest in piece.
Somehoe, I don't see the [legitimate] ghost of Tim May finding either rest nor peace. -- Yours, J.A. Terranson sysadmin@mfn.org 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D.
We need a WiFi VoIP over Tor app pronto! Let 'em CALEA -that-. Only then will the ghost of Tim May rest in piece. Don't really need one. the Skype concept of "supernodes" - users that relay conversations for other users - could be used just as simply, and is Starbucks-compatable. If the feds had to try and monitor traffic for every VoIP user that could potentially be used as a relay (*and* prove that any outbound
Tyler Durden wrote: traffic from their target wasn't relayed traffic from another user) life would get much harder for them much faster. Plus of course some sort of assurance that skype's crypto isn't snakeoil :)
On Thu, Sep 08, 2005 at 05:31:32AM +0100, Dave Howe wrote:
Don't really need one. the Skype concept of "supernodes" - users that relay conversations for other users - could be used just as simply, and is
What hinders Mallory from running most of supernodes?
Starbucks-compatable. If the feds had to try and monitor traffic for every VoIP user that could potentially be used as a relay (*and* prove that any outbound traffic from their target wasn't relayed traffic from another user) life would get much harder for them much faster. Plus of course some sort of assurance that skype's crypto isn't snakeoil :)
It is snake oil until proven otherwise. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
At 01:13 AM 9/8/2005, Eugen Leitl wrote:
On Thu, Sep 08, 2005 at 05:31:32AM +0100, Dave Howe wrote:
Don't really need one. the Skype concept of "supernodes" - users that relay conversations for other users - could be used just as simply, and is
What hinders Mallory from running most of supernodes?
Budget? But Mallory doesn't need to run *most* of the supernodes - hitting just the current targets is good enough, especially if the central sites or client software can be tricked into not using encryption or using compromised keys.
Plus of course some sort of assurance that skype's crypto isn't snakeoil :) It is snake oil until proven otherwise.
Yup. They say they use AES, and that they use RSA to set up session keys. The main issue is that they don't document their protocols or crypto, and of course the usual failures are bad protocol design, which can break systems that do include strong crypto. The use of RSA for session key setup instead of Diffie-Hellman is a strong sign that they don't really have a clue... If you're in the SF Bay Area, Skype is having a developer get-together in Palo Alto on Thursday 9/22. http://www.skype.com/campaigns/skypenightpaloalto2005
participants (5)
-
Bill Stewart -
Dave Howe -
Eugen Leitl -
J.A. Terranson -
Tyler Durden