AT&T, Voice Encryption and Trust

Yesterday, AT&T announced an Encrypted Mobile Voice. As CNet summarizes:

AT&T is using One Vault Voice to provide users with an application to control their security. The app integrates into a device’s address book and “standard operation” to give users the option to encrypt any call. AT&T said that when encryption is used, the call is protected from end to end.

AT&T Encrypted Mobile Voice is designed specifically for major companies, government agencies, and law enforcement organizations. An AT&T spokesperson said it is not available to consumers. The technology is available to users running BlackBerry devices or Windows Mobile smartphones, and it works in 190 countries.

Organizations interested in deploying Encrypted Mobile Voice will need to pay an additional fee to do so. AT&T said that cost depends on the size of the deployment. (“AT&T improves service security with encryption

Jake Appelbaum and Chris Soghoian expressed skepticism. (“From the company that brought you NSA wire tapping, they thought you’d also like….” and “If you trust AT&T’s new voice encryption service, you are a fool.“)

What’s funny (sad) about this is that there are a number of software encrypted voice systems available. They include RedPhone, CryptoPhone and zFone. Some of these even work on pocket sized computers with integrated radios. But Apple and AT&T won’t let you install alternate voice applications.

A lot of people claim that these restrictions on what you can do with your device just don’t matter very much. That you can really get everything you need. But here’s a clear example of why that isn’t so. Voice encryption is a special app that you have to get permission to run.

Now, maybe you don’t care. You’re “not doing anything wrong.” Well, Hoder wasn’t doing anything wrong when he went to Israel and blogged about it in Farsi. But he’s serving 20 years in jail in Iran.

Now is the time we should be building security in. Systems that prevent you from doing so, or systems that reset themselves to some manufacturer designated default are simply untrustworthy. We should demand better, more trustworthy products or build them ourselves.

[Added: I'd meant to include a comment about Adam Thierer's comment "The more interesting question here is how “closed” is the iPhone really?" I think the answer is, in part, here. There's a function, voice privacy, for which AT&T and three other companies think is marketable. And it doesn't exist on the iPhone OS, which is the 2nd most prevalent phone platform out there.]

[Update 2: Robert and Rob rob me of some of my argument by pointing out that AT&T now allows you to install voice apps, but none of the encrypted voice apps that I'd consider trustworthy are available. (I exlude Skype and their proprietary & secret designs from trustworthy; it's probably better than no crypto until you trust it, then it's probably not good enough to really protect you.) Maybe this is a result of the arbitrary rejections by the Apple app store, but when I look for zfone, redphone or cryptophone, I see a fast dial app and some games. When I search for crypto, it's all password managers. So while I'm no longer sure of the reason, the result remains. The iPhone is missing trustworthy voice crypto, despite the market.]

“We can’t circumvent our way around internet censorship.”

That’s the key message of Ethan Zuckerman’s post “Internet Freedom: Beyond Circumvention.” I’ll repeat it: “We can’t circumvent our way around internet censorship.”

It’s a long, complex post, and very much worth reading. It starts from the economics of running an ISP that can provide circumvention to all of China, goes to the side effects of such a thing (like spammers using it), and then continues to ask why we want circumvention anyway.

Take some time and go read “Internet Freedom: Beyond Circumvention.”

What Was Wrong With the Old FISA?

The Get FISA Right group is publicizing our need to re-think the laws. They have discussion going on on their site, as well as on The Daily Kos. I recommend catching up there, or reading Adam’s recent post here.

I have to ask what was wrong with the old FISA? It wasn’t a bad system, had a lot tradeoffs as well as emergency provisions. The government could, for example, get a warrant after the fact in an emergency.

But the old FISA was very Cold War. It was also very much adapted to the previous century’s technology in which wired technologies were static and protected and wireless or mobile technologies were highly regulated.

So let’s look at some of the things that are indeed worth changing.

  • I think it is important to note upfront that getting a warrant trumps all this discussion. We are talking about Fourth Amendment considerations, and that means what can be done without a warrant. But it also concerns a certain amount of how the government can operate when it has one, when they’re operating completely above board.
  • In the past, FISA was overly concerned with devices rather than persons. Changing it so that it affects persons is a good idea. If there is permission to spy on a person, then it should be to spy on the person. Making it the person and device is awfully restrictive, especially when it’s hard to know what counts. Rather than debate about what happens when DHCP gives you a new address, it’s better to just make things apply to persons. That probably makes the law adapt better to changing technology.

    I would not want end up having interesting new technologies like femtocells end up in some odd legal limbo because of some peculiarity of the technology. It’s better for us all to just agree that when it is okay to spy on a person, it’s that person.

  • In the past, FISA worried a lot about about where the pipes were. It also seems reasonable to have that abstracted away. This goes along with focusing on the persons. A phone call between non-US persons does not suddenly become a US thing just because some glass runs across the US.

    Now, this has consequences. I wouldn’t blame non-US telecom companies to proudly avoid the US as a result of that. It’s from the viewpoint of a civil libertarian who is trying to make sense out of the rules of spying that I think that.

    It is also the converse of thinking that when I am in another country, they’ll spy on me or not according to their rules, not mine.

  • The flip side of this is that US persons are protected everywhere. It seems fair that if we’re going to tune the law to make it easier to spy on non-US persons no matter where they are, the US persons should get full protection. This strikes me as being the way that things ought to be. My government shouldn’t spy on me (without a warrant) just because I’m traveling outside the country. This may be as things ought to be, but it used to be at least de facto that if you were outside the country, your calls would be monitored.
  • It is a point of our common law that non-US persons are subject to US law when they are in the US. If a foreigner is arrested in the US, they get a jury trial, for example. In this particular case, however, non-US persons in the US should have some extra measure of protection, the question is what.

I can go on, particularly about the new features of the new FISA. However, that strays away from this discussion. What didn’t work well in the old one.

What Should FISA Look Like?

wiretap america.jpg
Jim Burrows is working to kick off a conversation about what good reform of US telecom law would be. He kicks it off with “What does it mean to “get FISA right”?” and also here.

To “get it right”, let me suggest that we need:

  1. One law that covers all spying
  2. Require warrants when the US spies on
    1. Anyone in the US
    2. US persons (citizens and resident aliens) anywhere
  3. Allow the intelligence agencies to spy freely on foreigners oversees, even if the taps are in the US
  4. Require Executive, Judicial and Congressional oversight when protected and unprotected communications are entangled.
  5. Criminalize violation of the Constitution.

I think we need a law which works cross medium, and addresses both content and routing information. It should lay out broad principles of privacy protection for Americans and people in America, and the times when spying is acceptable in ways that enable debate and discussion. We also need to address the very real abuses of past wiretapping statues, perhaps with increasing oversight as time goes by.

This is a hard area, and I encourage you to join in the discussion here, on Jim’s blogs, or on your own.

I hit post to soon, I’d meant to explain the image. I picked the image because I believe that listening to phone calls is sometimes something we should allow a government to do. If we do it right, it’s a valuable tool. If we do it wrong, it becomes an intrusion and a betrayal of our values. To date, we are doing it wrong, with secret courts rubber stamping requests under complex laws that few can understand. The result is that legitimate wiretapping is harder than it needs to be. Getting FISA right includes restoring public trust.

Image: Dr. Bulldog & Ronin.

“Get FISA Right” Pointer

[Update: This got to #5 on change.org's list, and they're now working to draw attention to the issue on change.gov.]


Jon Pincus has asked me for help in drawing attention to his “Get FISA Right” campaign to get votes on change.org. When I’ve tried to look at this, it’s crashed my browser. YMMV–I use a number of security plugins which may be at fault The crash happens when the browser reports getting data from (I think) ytimg.com, so if you can watch YouTube video, you’re likely ok. I think that getting the rule of law restored in the intelligence community is incredibly important. At the same time, we face a large number of crises right now, and which to address first is a hard problem. I don’t want to endorse this over other things which I can’t see, but Jon asked for help drawing attention to it. So go take a look.

Note change.org is not the same as change.gov, the new President’s transition team’s site, operated and surveilled by Google.

In closely related news, the NYTimes reports that “Intelligence Court Rules Wiretapping Program Legal:”

A federal intelligence court, in a rare public opinion, is expected to issue a major ruling validating the power of the president and Congress to wiretap international phone calls and intercept e-mail messages without a court order, even when Americans’ private communications may be involved, according to a person with knowledge of the opinion.

The court ruling grew out of a previously undisclosed challenge from a telecommunications provider, which questioned the constitutional authority of the executive branch in ordering it to capture and turn over international communications without court authority, according to the person with knowledge of the opinion.

It’s clear that we can not operate a system of secret courts issuing secret rulings, and then critique the same behavior by despotic regimes. We need to sharply curtail the system of secret laws and secret lawsuits in secret courts which issue secret opinions, and have a real debate about the limits of power.

Back in 1996, the National Research Council had a set of retired generals, admirals and heads of intelligence agencies study the cryptography question. In their “Cryptography’s Role in Securing the Information Society,” they clearly state that we can have this debate in public. The shape of the facts are all known. The details which must be kept secret are not needed for the full debate that a democratic society must engage in. Their wisdom is applicable here.

Actually, Randall, We Tried That

Crypto + 2nd Amendment

And the reason it doesn’t work is that just because you’re allowed to own something doesn’t mean you’re allowed to export it. The use, ownership, production, etc. of crypto was never restricted, only its export. In an Intenet-enabled world, export control brings lots of hair with it, which is why it was important to fight export restrictions. I could go on, but I’ve already ruined an otherwise amusing strip.

New FISA Analysis

Vox Libertas, a blogger at the Daily Kos has written an analysis of the new US FISA law in his article, “I think I understand the FISA bill. Do I?

Vox Libertas has taken an approach that I can appreciate. On the one hand, many people are unhappy with the telecom immunity. I’m one of them. But people I respect are also saying that it’s a good compromise, and compromise means you don’t get everything you want.

Vox Libertas goes to the trouble of (shock, horror) reading the primary sources and explaining what’s in the new FISA bill. He also shows his own sources.

No matter what you think, this is worth reading.

Inside Carnivore

Ryan Singel has a long article in Wired: “Point, Click … Eavesdrop: How the FBI Wiretap Net Operates.”

I was pretty stunned at some of the numbers:

FBI endpoints on DCSNet have swelled over the years, from 20 “central monitoring plants” at the program’s inception, to 57 in 2005, according to undated pages in the released documents. By 2002, those endpoints connected to more than 350 switches.

Today, most carriers maintain their own central hub, called a “mediation switch,” that’s networked to all the individual switches owned by that carrier, according to the FBI. The FBI’s DCS software links to those mediation switches over the internet, likely using an encrypted VPN. Some carriers run the mediation switch themselves, while others pay companies like VeriSign to handle the whole wiretapping process for them.

This isn’t about a few wiretaps. This is a large scale surveillance process management infrastructure.

Go read it, and then call your Congressman for comment.

Shock Horror! Ashcroft Am Not Devil Incarnate!

Bizarro World

In 27 B Stroke 6 Threat Level, Kevin Poulsen writes, “News from Bizzaro World: Ashcroft Opposed Taps.”

Kevin, your reality tunnel is showing. There are many things that Ashcroft was (I apologize for using the past tense), starting with prig and prude. I’m not particularly a fan of his, but the Venn diagram of what he valued and what I value looks more like the Mastercard logo than the Hooters logo, and I don’t think that this is an ipso facto surrealism.

Back in 1998 as a Senator, Ashcroft was a supporter of Goodlatte’s SAFE (Security And Freedom through Encryption) Act, not to be confused with the 2003 “Security and Freedom Ensured” act, which was an attempted limitation of the PATRIOT Act. When that SAFE Act was destroyed in the House, he with Patrick Leahy and Conrad Burns introduced the E-PRIVACY (Encryption Promotes the Rights of Individuals in the Virtual Arena Using Computers) bill. Despite the fact that there was no “Y” in their acronym (perhaps it was a silent “Y’all”), it’s a pity it never was passed. The EFF gave a good news/bad news assessment with the good news being:

EFF is pleased to say that the E-PRIVACY Act is the most thoughtful piece of encryption legislation to date. Introduced by Senators John Ashcroft (R-Mo.), Patrick J. Leahy (D-Vt.), and Conrad Burns (R-MT), the new bill sharply varies from proposals favored by the Clinton Administration and law enforcement/national security agencies by easing export controls on mass market encryption products, limiting government access to decryption keys, and prohibiting the government from requiring key recovery mechanisms.

The bad news was that it created a new crime of using encryption as part of a criminal act. I’m not in favor of that, but we got that part, and we never got the good news.

After E-PRIVACY never went anywhere, there was the 1999 PROTECT Act, and you can find Ashcroft saying it doesn’t go far enough fast enough.

Despite many quirks, such as being bothered by bare breasts, he favored bearing arms and clothing communications. His successor as AG, Alberto “Schultzie” Gonzales, often seems to be to be the incarnation of the cynical adage, “be careful what you ask for.” Take a look through the EFF archives from ’98, and feel a bit wistful. Read Dahllia Lithwick in Slate, and feel moreso. Ashcroft was a complex person with whom many of us had disagreements, not an inhabitant of Bizarro World.