[VOIPSEC] VoIP providers must allow wiretapping by law enforcement agencies by next May 14

Weidong Shao weidongshao at gmail.com
Tue Jun 13 16:53:47 CDT 2006 

This has been discussed in an earlier thread.   Search for CALEA in
the subject.

One particular difference is that the voip service provider does not
own some of the logical/physical elements of the services. e.g,
typical signaling might go through them but media path does not. In
fact, some systems may rely on other peers in assisting the signaling
exchanges among clients (of course, bootstrapping and registrations
must go through the servers in the premises of voip service
providers).

My question is,  if the VoIP service provider allows end-to-end media
encryption where neither the service provider nor the ISPs know the
session keys, is the service provider violating CALEA requirements,
even though the service provider provides full access to the signaling
data to LEA?

Keep in mind that, in a system where users do not have control on
security setup of voice calls, the concept in ZRTP can still be used
to overlay an end-to-end secure communication channel on top of the
existing system. Two users, with compatible
 ZRTP implementations, can establish a secure session whenever RTP is
allowed. Any interception beyond the end user's client hosts will not
reveal SRTP security parameters
and thus is only useful for brute-force attack on the encryption used
in the secure session.

more at http://secureminded.blogspot.com/

Weidong


On 6/13/06, Robert Welbourn <robert at welbourn.com> wrote:
> Actually, the FCC amended the CALEA rules to apply to facilities-based ISPs as well as interconnected VoIP service providers.  However, it would presumably be easier to wiretap the VoIP communication in the network of the VoIP service provider's rather than that of the Internet access provider.
>
> See http://www.fcc.gov/calea/ for more info.
>
>  Regards,
>
>  Rob
>
> Lee Dilkie <lee_dilkie at mitel.com> wrote:
> Brian Honan wrote:
> > Apologies, my maiden post and I forget to post the link - Doh !!
> >
> > http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9001091&taxonomyId
> > =17
> >
> >
> ...
> > Hi Folks
> >
> > I came across this article today and thought it would be of interest to everyone on the list,
> > especially in light of the recent posting regarding Skype.  How will ISPs deal with providing access
> > to Skype traffic in this scenario?
> >
> > Regards
> >
> > Brian
> >
> As I understand it, it's not the ISP's responsibility to allow access
> for wiretap, it's the responsibility of the "VoIP provider". In which
> case, it falls upon Skype, Vonage, MSN and cable VoIP providers to
> implement the required functionality in whatever way they see fit to comply.
>
> -lee
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

More information about the Voipsec mailing list