Tapping VoIP

Executive Summary

What do they want to do?

Who is they?

The Problems

VoIP services are probably not going to be around forever

VoIP services are really a bit of an anachronism. They're attempts to emulate the telephone network on the Internet, based around dialling numbers - and dialling numbers is just a leftover from analogue phone lines with their minimal signalling interface.

Sure, right now people get their VoIP phones to register with a server somewhere, so they can type in a number and have their call routed to the VoIP phone attached to that number within the context of that service.

But native Internet services like email don't work this way. In them, you put in a URL or other address, that's looked up in DNS to be routed.

As it stands, you can just have IAX and SIP URLs, and softphones can register to handle them, so clicking on somebody's phone URL in a browser starts your softphone and connects you directly to their phone or their PBX.

There is no need for these centralised 'VoIP services' at all, and I suspect they will fade into obscurity with time...

Alternative Solutions

If we cannot suggest an alternative, then invasive and inappropriate models will naturally dominate.

999 emergency calls

It should be trivial for a community of FOSS and commercial companies (potentially with state funding) to provide a common protocol to interface with state run 999 call centres? Given that the base protocols exist already it should be a matter of choosing an open protocol and providing a lookup mechanism for call centre end-points. The state could then provide an open internet facing end point to which any system can send emergency calls. This has the advantage of keeping the state mostly out of VOIP technology.

Tracing of calls by emergency responders

Rather than requiring that VOIP networks are transparent to third parties, an active "send location" protocol could be used A user might then have the option of automatically sending their location in chosen circumstances such as when the unit receives a signal from the alarm system, or when "999" is dialled.

Since the user is in control of this process, privacy concerns disappear, but emergency services are still able to use location data to deploy resources.

Links

Documents

Regulation of VoIP Services - Ofcom - Consultation closed: 2006-05-10

Ofcom Regulation of VoIP responses

Press

UK

2006-07-27 - PC Adviser - The police want to listen to your VoIP calls
Author: Matt Egan
Summary: It's the standard procedure – new technology allows greater freedom, the long arm of the law gets a sweat on and clamps down. According to today's Guardian, police and intelligence agencies are to ask the government for the power to listen to and identify VoIP (voice over internet protocol) callers.
2006-07-27 - The Guardian - Lifting the veil on internet voices
Author: Peter Warren
Summary: Police and intelligence agencies are lobbying hard for means of snooping on internet-based telephony, arguing that they need them to catch criminals. The Guardian has learned that police and security agencies have been lobbying ministers and senior officials, expressing fears about the potential for voice-over-internet-protocol technologies to hide a caller's identity. Their aim? To get VoIP providers to monitor calls and find ways to identify who is calling whom - and even record them.

USA

2006-07-27 - arstechnica - Big brother wants a window into VoIP at any cost
Author: Nate Anderson
Summary: The FBI wants the ability to tap VoIP calls. To do this, the agency also wants access to all of your network traffic—and it looks like it's on the way to getting it. Following a long set of legal battles, the US Court of Appeals in June upheld 2-1 a newer and broader definition of CALEA's scope that could affect every university and library in the country.
2006-06-12 - The Register - Court says US gov can keep on snooping on VoIP calls
Author: John Oates
Summary: US courts ruled last week that authorities can continue tapping VoIP calls and that providers must give them access to their networks.
2005-09-27 - ZDNet - Clock ticking for ISP VoIP-tapping
Author: Declan McCullagh and Anne Broache
Summary: The FCC admits it's on shaky legal ground, but is pressing ahead with a plan to force all providers of Internet access to allow monitoring of Internet telephony. Broadband providers and Internet phone services have until spring 2007 to follow a new and complex set of rules designed to make it easier for police to seek wire taps, US federal regulators have ruled.