[VOIPSEC] VoIP providers must allow wiretapping by lawenforcement agencies by next May 14

Hank Cohen hcohen at hifn.com
Tue Jun 13 18:33:18 CDT 2006 

Weidong Shao asks a very pertinent question:

> -----Original Message-----
> [mailto:Voipsec-bounces at voipsa.org] On Behalf Of Weidong Shao
> Sent: Tuesday, June 13, 2006 2:54 PM
> Subject: Re: [VOIPSEC] VoIP providers must allow wiretapping 
> by lawenforcement agencies by next May 14
> 
> ... 
> My question is,  if the VoIP service provider allows end-to-end media
> encryption where neither the service provider nor the ISPs know the
> session keys, is the service provider violating CALEA requirements,
> even though the service provider provides full access to the signaling
> data to LEA?
> 
> Keep in mind that, in a system where users do not have control on
> security setup of voice calls, the concept in ZRTP can still be used
> to overlay an end-to-end secure communication channel on top of the
> existing system. Two users, with compatible
>  ZRTP implementations, can establish a secure session whenever RTP is
> allowed. Any interception beyond the end user's client hosts will not
> reveal SRTP security parameters
> and thus is only useful for brute-force attack on the encryption used
> in the secure session.
> 
> more at http://secureminded.blogspot.com/
> 
> Weidong
> 

I talked to a Department of Justice prosecutor at Next Gen Networks last
year about this.  His take was that they realize calls can be end to end
encrypted  using any number of ad hoc encryption and tunneling methods
and that they will never be able to stop that.  They have no specific
interest in stopping the deployment of encryption, their interest is in
ensuring the availability of legal intercept facilities.  Although they
cannot stop people determined to roll their own encryption tunnels they
can stop any commercial VoIP service provider from rolling out a service
without legal intercept.  As Weidong notes, without the keys there can
be no legal intercept, therefore we can expect that such an end to end
encrypted tunnel without 3 way sharing of the session keys will not be
allowed in a commercial product.

There are two possibilities (maybe more but I'm aware of two): the first
I heard proposed by someone from Verisign that the service provider will
provide session keys to both ends of the call and escrow the keys with a
trusted escrow agent.  Clearly Verisign sees itself with a role in that
transaction.  The other possibility, propounded by me, is that there
will be no true end to end encryption in commercial products.  Rather
encryption will be used only on some leg of the call that is exposed to
a threat of interception (by someone other than the carrier).  Thus even
in a nominally peer-to-peer service like Skype all calls subject to
legal intercept will be routed through a supernode or gateway controlled
by the service provider where they can be proxied and captured in plain
text.  The fortunate thing for Skype is that they really only need to do
this for calls that are being intercepted under a court order.  Other
calls can proceed in a completely peer-to-peer fashion.

As for ZRTP, I would have thought that Phil Zimmerman had had enough of
fighting with the Feds over encryption but I guess not.  It will be very
interesting to see if the government doesn't try to move against Zphone.

Hank Cohen
Hifn

More information about the Voipsec mailing list