Phone Call Security

Bradley Hook bhook at kssb.net
Tue Jun 5 01:40:33 CEST 2007


CALEA amd such impose mandates on communications providers, not end
users. In fact, one of the popular ideas floating around right now to
deal with the CALEA mandate is to simply tell all of your users to turn
on IPSEC, which is host-based, and then the feds can tap whatever they
want. CALEA (specifically) doesn't require that the communications
providers produce a way to use the information on a network, they are
simply required to give the feds access to everything flowing over the
network. If the network operator does not have the means to decrypt it,
 it's the feds problem (under present interpretations). Of course, for
this cop-out to work, the network operator really does need to avoid
controlling the means to decrypt stuff, specifically the private keys on
the PKI certificates.

~Bradley

Florent THIERY wrote:
> An option would be some kind of "push-to-talk" : record mp3, crypt
> mp3, PUT mp3 (on a webserver/scp) -- download mp3, decrypt, listen.
> 
> I'm not sure this would circumvent the legislative context; for
> instance, is writing encrypted sms illegal ? (i mean, by hand...)
> 
> Regards
> 
> Florent
> 
> _______________________________________________
> OpenMoko community mailing list
> community at lists.openmoko.org
> http://lists.openmoko.org/mailman/listinfo/community
> 
> 





More information about the community mailing list