Flutterby™! : On telecom privacy

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

On telecom privacy

2013-05-06 19:15:22.40266+00 by Dan Lyke 3 comments

There is much furor over this CNN Transcript of Out Front interview between host Erin Burnett and Tim Clemente, in which Clemente asserts about telephone conversations that:

No, welcome to America. All of that stuff is being captured as we speak whether we know it or like it or not.

Glenn Greenwald asks "Are all telephone calls recorded and accessible to the US government? A former FBI counterterrorism agent claims on CNN that this is the case" and suggests that

"All of that stuff" - meaning every telephone conversation Americans have with one another on US soil, with or without a search warrant - "is being captured as we speak".

Various people in the obligatory MeFi thread run through some of the logistics involved in this, but I'll take a slightly different tack here...

Many of y'all know that I work for Sonic.net. I don't work in the telecom side of things, I have been through some of the code to hit the DSLAMs with SNMP, but I'm over on the systems side of the world, writing code, not an active admin. Before I was an employee I was a customer, and part of the reason I like the company is that it takes a strong stance on customer privacy.

I have no particular inside information, but one can read between the lines of various EFF press releases and one might guess at which ISP is challenging "national security letters" for instance. This is beyond the aspects that everyone talks about.

So when Dane tweeted:

All domestic telephone calls recorded? I find that implausible, and I own a phone company, so I'd know, right? http://m.guardiannews.com/comm...ephone-calls-recorded-fbi-boston

I take that as a strong indication that "everything" is far over-stated.

But I also think that a good encrypted VOIP with a reasonable key distribution and verification system is something we should all use, on principle. And I should go back to trying to encrypt all of my email between people who have keys...

[ related topics: Privacy Free Speech moron Writing Law Work, productivity and environment Law Enforcement Cryptography Phreaking ]

comments in ascending chronological order (reverse):

#Comment Re: made: 2013-05-07 03:46:19.937093+00 by: meuon

There are certain logistical and physical limits to "everything". But I'll wager it's a lot more than most of us realize or are comfortable with.

#Comment Re: data storage limits made: 2013-05-07 20:58:44.250844+00 by: andylyke

Yes, there are limits, but a terabyte drive (albeit consumer quality) costs less than $100, and the federal budget is measured in terabucks. I worked in the "security" services in the late '60s and early '70s. I have some idea of what the agency budgets were then and what existed in the basement of the NSA at that time (IBM computers larger than were acknowledged to exist and "You have the third bay on the right for an hour"), and have little if any doubt that the data center in Orem, Utah can handle many, many multiples of petabytes, or that it will be expanded as necessary to keep up with the load. I hear rumors of another such "data sponge" being built near San Antonio. I'm not paranoid, but I am afraid.

#Comment Re: made: 2013-05-07 23:08:47.16827+00 by: Dan Lyke

Time to double-check some back-of-the-envelope. Best number I can find is that smart phone users use 12 minutes per day. So let's say 30 minutes per day on the phone (some people are in call centers, I don't use nearly that much). You only have to record once for two people, so 160M people. Speex and G.729 seem like they'll do passable speech 16kbit/sec or 2kbytes/sec. That's less than 10 terabytes per day.

So, yes, it's totally reasonable to think that the NSA rooms in the switching centers of the long-distance providers are recording all traffic. I trust that Sonic isn't allowing recording of Fusion-to-Fusion callers, but we pretty much know that AT&T is encouraging monitoring of AT&T subscribers.

So, yeah, the need for moving to authenticated end-to-end crypto key based systems on open source platforms is real.