From editor@telecom-digest.org Fri Nov 19 02:04:13 2004 Received: (from ptownson@localhost) by massis.lcs.mit.edu (8.11.6p3/8.11.6) id iAJ74DN16879; Fri, 19 Nov 2004 02:04:13 -0500 (EST) Date: Fri, 19 Nov 2004 02:04:13 -0500 (EST) From: editor@telecom-digest.org Message-Id: <200411190704.iAJ74DN16879@massis.lcs.mit.edu> X-Authentication-Warning: massis.lcs.mit.edu: ptownson set sender to editor@telecom-digest.org using -f To: ptownson Approved: patsnewlist Subject: TELECOM Digest V23 #555 TELECOM Digest Fri, 19 Nov 2004 02:04:00 EST Volume 23 : Issue 555 Inside This Issue: Editor: Patrick A. Townson SBC's VoIP End Run (Lisa Minter) The Bell VoIP Invasion (Lisa Minter) Re: Somewhat Off Topic But a Must Read (Jack Decker) Re: SBC to Announce TV Deal With Microsoft (Thomas A. Horsley) Phone Systems (jt) NEC IP Phone Works, One Way (Anthony) Re: What Wal-Mart Knows About Customers' Habits (NoSpamForMe) EPIC Alert 11.22 (Monty Solomon) EFFector 17.41: E-voting Forensics - What They Can/Can't Tell (Solomon) Re: EFF: Anti-Spam Measures Block Free Speech (DevilsPGD) Re: Looking for VOIP Provider (DevilsPGD) Dutch Tapping Room Not Kosher (Marcus Didius Falco) All contents here are copyrighted by Patrick Townson and the individual writers/correspondents. Articles may be used in other journals or newsgroups, provided the writer's name and the Digest are included in the fair use quote. By using -any name or email address- included herein for -any- reason other than responding to an article herein, you agree to pay a hundred dollars to the recipients of the email. =========================== Addresses herein are not to be added to any mailing list, nor to be sold or given away without explicit written consent. Chain letters, viruses, porn, spam, and miscellaneous junk are definitely unwelcome. We must fight spam for the same reason we fight crime: not because we are naive enough to believe that we will ever stamp it out, but because we do not want the kind of world that results when no one stands against crime. Geoffrey Welsh =========================== See the bottom of this issue for subscription and archive details and the name of our lawyer; other stuff of interest. ---------------------------------------------------------------------- From: Lisa Minter Date: Thu, 18 Nov 2004 12:11:14 -0500 Subject: SBC's VoIP End Run http://www.gigaom.com/2004/11/sbcs_voip_end_r.php Om Malik on Broadband Someone at SBC Communications out to be nominated for the best media strategist of the year award. What a masterful strategy! Announce VoIP plans, then to layer it thick, announce IP-TV plans, and while the whole world was gushing over SBC embracing the future, stick a knife in the back of every potential VoIP rival with a simple, relatively little know yet lethal regulation. In other words, thanks to a regulatory filing, SBC has brought to a quick end the 'lets not pay any termination fees' party that had VoIP upstarts drunk. There is shock and outrage in the blogger community. I am not a little bit surprised. My stance has been that Bells will win the VoIP sweepstakes. Now take this ruling as an example. Folks at Vonage and Sunrocket are busy building their brands and are spending their money on advertising. AT&T, MCI and Sprint are financially hobbled and are basically saying: we got no friends in Washington anyway. So where are the millions of dollars needed to spend on lobbying efforts. Think of this as a classic Silicon Valley hallucination. The techies believe innovation will change the world. Eventually -- meanwhile Washington, the soft dollars, and powerful groups control the future. Bells have what they want: no regulation and interference from pesky state officials. They have monopolistic control of the last mile of today and the future. They have near total ownership of the wireless waves. They have now basically imposed the old order on the world, and they are going to print money. Good for their share holders, too bad for venture investors. It happened with DSL, and it will happen again. Why does anyone get surprised by all this, I don't get. Listen up guys: when Bell's livelihood is threatened they firebomb the opposition. As simple as that. I am told Michael Powell is very upset about this end run by SBC. He cannot do anything much right now. So you think, it is over. Think again. Many overlooked the fact that Cisco bought a company called P-Cube recently. One of the things P-Cube can do is prioritize the traffic flows on an IP network. SBC could use it and lower the priority of the traffic coming from say Vonage or AT&T. Nothing illegal here: SBC's network and it can do pretty much what it wants on its own network. Poor quality, lags, dropped packets and soon Vonage customers could be switching to SBC VoIP: which is more expensive, has better quality and of course is highly profitable. Do I like it? No! Will I use it? Of course! Like I will have an option. You thought I was joking when I said monopoly for next 100 years. [Jack Decker Comment: I am not quite as pessimistic on this as Mr. Malik -- SBC has burned a lot of bridges in the past few years and I have some doubts that the skids are greased as well as they might like to think. But for the moment this is a matter of considerable concern, and I would certainly hope that the FCC and/or congress will do more than just some hand wringing over the matter. Also, bear in mind that if *everyone* were to move to VoIP and other non-traditional forms of telephony, then SBC's tariffs wouldn't matter much. This is certainly an issue worth watching, and hopefully we'll see some more informed analysis on it in the next few days.] ------------------------------ From: Lisa Minter Date: Thu, 18 Nov 2004 13:56:58 -0500 Subject: The Bell VoIP Invasion Reply-To: VoIPnews@yahoogroups.com http://www.broadbandreports.com/shownews/56895 Bell's done fooling around, ready for battle SBC plans to file a new tariff with the FCC that would increase the fees paid by ISP's for calls completed on the company's local-phone network, note users in our VoIP forum http://www.broadbandreports.com/forum/remark,11895120 . As some (like broadband journalist Om Malik http://www.gigaom.com/2004/11/sbcs_voip_end_r.php and Andy Abramson http://andyabramson.blogs.com/voipwatch/2004/11/sbc_seems_to_be.html> ) are predicting, this could be the beginning of an incumbent power play in a VoIP sector currently riddled with upstarts. Article plus reader comments at: http://www.broadbandreports.com/shownews/56895 ------------------------------ From: Jack Decker Date: Thu, 18 Nov 2004 14:00:17 -0500 Subject: Re: Somewhat Off Topic But a Must Read At 07:00 PM 11/17/2004 -0500, Scott V wrote: > on that 2nd link I didn't find much news on it. Do we need to > download that .pdf or what? See the line that says, "Comment Overflow - Click: 176 - Read" ? Click on the word "Read" to see the comments. Or just use this direct link: http://www.broadbandreports.com/forum/news,56780~mode=full How to Distribute VoIP Throughout a Home: http://michigantelephone.mi.org/distribute.html If you live in Michigan, subscribe to the MI-Telecom group: http://groups.yahoo.com/group/MI-Telecom/ ------------------------------ Subject: Re: SBC to Announce TV Deal With Microsoft From: tom.horsley@att.net (Thomas A. Horsley) Organization: AT&T Worldnet Date: Thu, 18 Nov 2004 23:15:36 GMT > * SBC to announce TV deal with Microsoft I see two possibilities here: 1. SBC will have the most expensive disaster ever with millions of outraged customers trying and failing to get realtime video from Microsoft powered servers. 2. Microsoft will actually be selling SBC boxes that are running a customized Linux to provide the video servers (just like they run hotmail off linux). :-). >>==>> The *Best* political site >>==+ email: Tom.Horsley@worldnet.att.net icbm: Delray Beach, FL | Free Software and Politics <<==+ ------------------------------ From: jeeptop2000@yahoo.com (jt) Subject: Phone Systems Date: 18 Nov 2004 15:05:21 -0800 Organization: http://groups.google.com We are looking to upgrade our phone system going from 15X 23 to 4 POTS lines and a T1 PRI with DID and 28 extensions. Don't know what the resources are now to research these things can someone point to a good resource online or off to compare systems? We are looking at Avaya Merlin Magix and a Nortel Business Communication Manager. Do all the systems offer the same set of features or are there some glairing differences, As always I'm sure the devil is in the details. jt ------------------------------ Date: Fri, 19 Nov 2004 02:24:43 GMT From: Anthony Subject: NEC IP Phone Works, One Way Organization: Optimum Online Hey folks, I am a bit lost, as this is my 1st go around with VoIP. I currently have a NEC Electra IPK system w/ the VoIP card, etc. I set the unit up today, and uploaded the latest firmware to the card. I took the phone to one of my satellite offices about 40 miles away from the PBX. I got the systems to connect, I can check voicemail, get an outside line, and page, however nobody can hear anything that I say, however I can hear the other end w/ the PBX absolutely fine. I've blown away the settings on both the card, and on the phone, and nothing I am doing is working. Is there something I am missing here? Is there a specific set of ports I need to open on either firewall? I have the phones set on the DMZ ip's, so all ports apparently are opened. Any help would be appreciated. Regards, Michael ------------------------------ From: NoSpamForMe Subject: Re: What Wal-Mart Knows About Customers' Habits Organization: AT&T Worldnet Date: Fri, 19 Nov 2004 03:05:10 GMT > [TELECOM Digest Editor's Note: Maybe you read in the papers > recently where K-Mart and Sears had merged, making the combined > thing now the third largest retail chain. Walmart has been watching > that closely. There was a K-Mart in the complex where Walmart is > located; Walmart drove them out of business two years ago. On the > other hand, Sears has been downtown for about fifty years, and say > they plan on staying. Our very first drug store chain (first for > here in s.e. Kansas at least) -- Walgreens -- is scheduled to open > in about six months; downtown -- praise God! -- on the corner of > 9th and Maple Streets; the house owned at one point in time by > Alf Landon when he was governor of Kansas. They've been squabbling > for some time over the historical significance of that house, but > it now appears it is going to be moved and the corner cleared for > the new Walgreen's store. PAT] Why is it OK for the a big chain like Walgreen's (or CVS, Rite-Aid, etc.) to come into a town and drive the little independent drugstores out of business ... indeed you salute them for opening a new store in your downtown ... but WalMart is a "bad guy" ? There's really no difference, other than relative scale, you know. [TELECOM Digest Editor's Note: I was not praising Goddess for *Walgreens* opening a store here so much as I was praising any business for opening in our slowly decaying, beginning to show signs of wear and tear downtown. For a few years now there has been a movement of new businesses onto West Main Street; the area over the railroad overpass going out to the Walmart complex. You are correct, there is no difference other than scale, and we had this discussion here a few weeks ago; small upstart phone companies walking all over Mother, putting her in her place ('good' was the consensus) and small down drugstores, clothing stores, appliance and furniture stores getting trounced by Walmart ('no so good' was the consensus.) Then Lisa Hancock or myself pointed out if we are to be consistent, what is good for the goose is also fine for the gander. That was the difference. I am accustomed to walking downtown (a few blocks) to do shopping; *not* go way out on West Main Steet (which I generically refer to as 'Walmart') although that area is where K-Mart used to be before they went out of business here, and where a good restaurant everyone in town likes (Eggberts) is located, and the Sonic drive in and my hair dresser and other nice places are located. Speaking of Walgreens, this decripit, brain-diseased old man actually has a good feeling for Walgreens from 40 years ago. For several months in 1963, I was employed by the fund raising committee to build a new McCormick YWCA, to replace the old, ancient one on Walton Street in Chicago. I spoke to a group of old hags who were having a luncheon meeting, and one of the guests at the luncheon was Myrtle Walgreen, mother of Charles Walgreen who in those days was the chairman of the board of Walgreens, Inc. Myrtle and her husband Charles (the first) owned and operated the *original* Walgreens at 63rd Street and Drexel Avenue in Chicago. Charles did the pharmacy counter and his wife Myrtle did the lunch counter. That was their one and only store, a little storefront kind of thing right after the start of the last century. Fifty or sixty years later, the 63rd and Drexel neighborhood had totally gone to hell; she was a *very* old lady, her husband Charles was long since deceased, her son Charles, Jr was the chairman of the board, and all the other old ladies at this very elegant hoity-toity luncheon were waiting for Myrtle to make the first move. I made my pitch for money to build the new YWCA, and when I had finished my presentation, Myrtle Walgreen stood up with her cane and hobbled up to the stage where I was standing and she said, "well, this idea of a new Young Women's Christian Association for the girls and young ladies in Chicago sounds like a good idea, so I will start it off with a 'little gift' of my own." On saying that, she reached in her purse and pulled out a check for **fifty thousand dollars** and said "here is just a small gift from my personal funds to help you." That's all it took; the other old ladies saw what Myrtle had done, and proceeded to get their own checks written out, since Myrtle had in essence approved of my speech and collection efforts. She has long since been gone of course, but I still remember the way by her actions she encouraged the older older ladies to 'help build a new YWCA for unfortunate young women and girls in our midst.' Walgreens *used to have* a soda fountain/lunch counter in every one of their stores; the two biggest Walgreens in downtown Chicago had cafeterias in the basement as well. I don't think they do that any longer at all. Myrtle said to me once the concept of a soda fountain/ lunch counter/cafeteria in every one of our stores started in 1912 when she was making lunch for her husband Charles each day; Charles had suggested "why not make sandwhiches like that and coffee each day for our customers who do business with us (at 63rd and Drexel). PAT] ------------------------------ Date: Thu, 18 Nov 2004 22:25:49 -0500 From: Monty Solomon Subject: EPIC Alert 11.22 ====================================================================== E P I C A l e r t ====================================================================== Volume 11.22 November 18, 2004 ---------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_11.22.html ====================================================================== Table of Contents ====================================================================== [1] EPIC Releases 2004 Privacy & Human Rights Report [2] Agency Orders 72 Airlines to Turn Over Passenger Information [3] EPIC Joins Coalition to Support Privacy in Email Intercept Case [4] Government Report Finds SSNs in Many State, County Records [5] FTC Proposes Major Telemarketing Loophole [6] News in Brief [7] EPIC Bookstore: Privacy & Human Rights 2004 [8] Upcoming Conferences and Events ... http://www.epic.org/alert/EPIC_Alert_11.22.html ------------------------------ Date: Thu, 18 Nov 2004 22:32:10 -0500 From: Monty Solomon Subject: EFFector 17.41: E-voting Forensics - What They Can/Can't Tell Us EFFector Vol. 17, No. 41 November 11, 2004 donna@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 In the 312th Issue of EFFector: * E-voting Forensics: What They Can - And Can't - Tell Us * EFF, Nonprofits Challenge Secret Government Blacklists * StreamCast and Grokster File Supreme Court Brief * EFF Appeals Anti-Competitive BnetD Ruling * Op-ed - Dumb and Dumber: Why the Movie Industry Shouldn't Do as the Recording Industry Has Done * EFF Seeks Webmaster Who Wants to Make a Difference * MiniLinks (20): Suing 12-Year-Olds Is *So* 2003 * Administrivia ... http://www.eff.org/effector/17/41.php ------------------------------ From: DevilsPGD Subject: Re: EFF: Anti-Spam Measures Block Free Speech Date: Thu, 18 Nov 2004 22:26:33 -0700 > [TELECOM Digest Editor's Note: Actually, I gave up on trying to > maintain a mailing list long ago. Part of it was my own personal > head problems after the brain aneurysm, but much of it was the huge > (and I am not just complaining) amount of spam and viruses coming > through. Now it is handled by majordomo, and either you follow its > instructions and get automatically added or deleted from the mailing > list or you stay in whatever mode you were in. PAT] I can't speak to anyone else, but I have a lot of respect for folks that stop pandering to the lowest common denominator. I see dumb people, walking around like regular people. They don't see each other. They only see what they wanna see. They don't know they're dumb. [TELECOM Digest Editor's Note: Well, I respect your position, but I did not stop handling the mailing list just to 'get even' with dumb people or make it harder for them. I had to stop doing it in order to be able to get done here and get a few hours to myself each day. Add the mailing list onto my schedule and I would just get too tired as a result of my brain aneurysm. Physically I cannot keep up with it as I used to do when I wrote all my own scripts for that sort of thing, etc. As it is now, I am looking at a major repair job on the archives latest-issuw.html page. PAT] ------------------------------ From: DevilsPGD Subject: Re: Looking For VOIP Provider That Can Do Business With Government Date: Thu, 18 Nov 2004 22:26:33 -0700 In message T. Sean Weintz wrote: > ALL of them seem to insist on billing for federal excise tax. Under > law, we cannot pay that. None of the VOIP providers I have spoken to > so far (Vonage, broadvoice, p8) are willing to bend on this at > all. Their billing depts tell me they are not set up to deal with tax > exempt customers. Is there no way you can pay the tax and have the gov't refund it after the fact? I see dumb people, walking around like regular people. They don't see each other. They only see what they wanna see. They don't know they're dumb. ------------------------------ Date: Thu, 18 Nov 2004 22:35:08 -0500 From: Marcus Didius Falco Subject: Dutch Tapping Room Not Kosher * Original: FROM..... A Grudko Shock horror - Dutch Intel. leaking to the Israelis. http://www.fnl.nl/ct/archief2002/ct2002-12/aftappen.htm Paul Wouters, Patrick Smits According to anonymous sources within the Dutch intelligence community, all tapping equipment of the Dutch intelligence services and half the tapping equipment of the national police force, is insecure and is leaking information to Israel. How difficult is it to make a back-door in the Dutch Transport of Intercepted IP Traffic[1] system? The discussion focuses on the tapping installations for telephony and internet delivered to the government in the last few years by the Israeli company Verint[2]. This company was called Comverse-Infosys[3] until half a year ago, but was quickly renamed when the FBI started several investigations against it and arrested some of its employees in the US on suspicion of espionage. (See pulled FoxNews stories, Politech, Cryptome or Google). People within the Dutch government got worried too. Especially because they had been warned as early as 1998 about the possible back-doors in the tapping equipment. The ex-ministers of interior ("Binnenlandse Zaken"), Peper and de Vries, could not comment. The minister of Justice at the time, Korthals Altes, was asked to report to parliament in December 2001, where he stated that the security measures meet the required level and that an investigation would be started if this, after all, was not the case. No investigation followed. In April 2002, Kolkert, procecutor in-chief of the Court of Appeals in Den Bosch, demanded clarification in a letter sent to Stein, the state prosecutor ("landelijk officier van justitie") and responsible for interception matters. Stein stated that there are no problems. On august 24 the project leader of the National Interception Organisation ("Landelijk Interceptie Orgaan", LIO) J.Steeg announced that he plans to check the tapping rooms for backdoors. However, when the equipment was bought from the Israelis, it was agreed that no one except Comverse personnel was authorized to touch the systems, according to the insider of the AIVD (formerly BVD), the Dutch intelligence organization that spoke to the EO radioprogram De Ochtenden[4]. Source code would never be available to anyone. Finally, on October 10th, the Council of Chiefs of Police ("raad van hoofdcommisarissen") sent a confidential letter to the vendors of tapping equipment for ISPs and telcos expressing its concern about the situation in the US. All of this came after questions were raised publicly in the trial against Baybasin, co-founder of the Kurd parliament in exile, about the possible leaks in the Dutch tapping room as well as manipulation of the collected evidence[4b]. Baybasin was recently sentenced to life-long imprisonment for his connections to assassinations, kidnappings and heroine transports. His lawyers called in experts to question them about the possibility that Israel had laid hands on information tapped by the Dutch. The lawyers claim that Israeli then forwarded the information to the Turkish secret service[5]. Baybasin recently told the media about the Turkish government's involvement with crime syndicates. c't magazine warned about the blackbox problem in its June 2001 issue[6]. Opentap[7] gave similar warnings on the hacker conference HAL2001[8] in August of 2001 and at the Chaos Computer Club (CCC)[9] in December 2001 with a presentation on lawful interception in the Netherlands[10]. Hebrew as crypto The insiders at the AIVD and the tapping room were interviewed by the radio program of the EO[11]. According to them, the Dutch government and Comverse have a gentlemen's agreement that the Dutch government would get the Comverse systems for a very reduced price and in exchange the Israelis would get full access to all tapped information. The systems still ended up being more expensive than rejected competitors' quotes. The Comverse maintenance contract alone apparently costs more then the installation itself, according to the anonymous sources. Since the leaks seem to be disguised as maintenance, one could say that the Dutch government is actually paying the cost of foreign intelligence against the Dutch state. Israeli Comverse employees apparently show up in the tapping rooms on a very regular basis for maintenance, since no Dutch are allowed to touch the equipment. The radio program further stated that the maintenance is done using their own Hebrew keyboards and language. They leave the tapping rooms with filled MO-discs and no-one from the Dutch government has any idea what the Comverse people are doing. To make things yet worse, Comverse can dial-in to the tapping room equipment at all times. The possible criminal nature of Comverse and their overpricing are not the only problems. A comparison of the Comverse tapping records with billing records of KPN, the largest Dutch telco, shows that 20% of the calls that should be tapped, are not tapped at all. The Dutch government still keeps buying Comverse equipment. On November 26, a day after the EO radio program was broadcasted, three political parties, D'66, GroenLinks and SP asked questions to the government in parliamant. The current minister of interior, Remkens, answered that the chance of the tapping rooms leaking information is small, but not zero. He further claimed that the Comverse employees were given the most strict screening by the Dutch intelligence agency AIVD, and that they are never allowed to work without supervision. Comverse was chosen based on its price-performance results, the minister said. Hacking the system? In an interview with 2Vandaag[12], a daily Dutch television news program, defense specialist and LPF party leader Herben believes that there is enough cryptography know-how available in the Netherlands to hack the systems, if Comverse does not assist in the evaluation process. Apparently, Herben hasn't thought about the intrusion detection system that has undoubtedly been installed in these tapping systems by Comverse. He also seems to forget (as did Remkes) that these systems work in Hebrew. On top of it, proving the inner workings of the machines to be correct and safe is anything but a trivial task. The capacity of the MO-discs and the bandwidth of the dial-up facilities is not enough to copy a lot of Internet traffic or entire telephone conversations. A Comverse employee would have to swap disks so often, that he would have to use the tapping room as a hotel. So, assuming that there is no (illegal) high-speed Internet connection between the tapping room and the Israeli embassy, what the Comvers staff can do at the most on these visits is to copy a list of who talks to whom, and the cryptographic keys that are used to secure the tapping communications. Therefore, the Israelis don't need to copy entire phone conversations or all Internet traffic of a user from within the tapping room, but can simply monitor the encrypted traffic that is sent to the tapping room. Having the cryptographic key to the data, they then decrypt it at their leisure. If any nation has the technical skills and knowledge to pull this off, it is Israel. The experts We explained the situation to two cryptography experts: Niels Provos[13] of the OpenBSD team and author of various crypto software such as Outguess[14], a program to detect steganographic content, and Michael Richardson[15] of the FreeSwan Project, the IPsec implementation of Linux. We posed the hypothesis of the insecure tapping room and asked whether it would be possible for the Israelis to get a hold of our taps. Provos explains that a very important part of strong cryptography is a good random source. Without a proper random generator, or worse, with a intentionally crippled random generator, the resulting ciphertext becomes trivial to break. Even if Comverse would let experts have a look at the source code, if there is one single unknown chip involved with the random generation, such as a hardware accelerator chip, all bets are off. Provos suggests to use only off-the-shelf PC hardware. If you can trust the hardware and you have access to the source code, then it should theoretically be possible to verify the system. This, however, can just not be done without the source code, according to Provos. One possible undetectable scheme could be to use a set of truly random, but pre-calculated keys. Only those who know the pre-calculated set, Comverse in this case, could break the cipher, which would become a sort of one-time pad for Comverse only. Provos also pointed us to the work of Adam Young en Moti Yung, who have written a few papers on what they dubbed, kleptography[16], the art of secretly stealing the cryptographic key from the ciphertext stream itself. Their research showed it is impossible for third parties to detect whether any given ciphertext is secretly leaking key material. An overview of TIIT The Dutch tapping protocol, Transport of Intercepted IP Traffic[1] is used for the communication between the tapping machine at the ISP, and the Dutch government. The suspect who is using the Internet generates IP traffic that is copied by a special sniffer machine, called S1. The S1 then encrypts the traffic with an RC4 (or AES) key supplied (and generated) by the Dutch tapping room, and sends the encrypted traffic to the S2, the ISP's collector machine. The collector sets up an encrypted connection, using SSL or IPsec to the government collector machine, the T2. This will normally happen over the internet itself. The T1 then sends the encrypted information onwards to one more agencies, who all have their own T2 for receiving the encrypted traffic. The T2's have the key to decrypt the gathered data into the original plaintext, as it was captured by the ISP. Both the SSL and IPsec protocol, which are part of the encryption scheme used by the Dutch tapping specification (TIIT), contain parts where one has to "fill" packets with random data. It is impossible to see whether this data is truly random, or contains a secret message. This means that no-one needs to go to the tapping room to fetch the key material. According to Provos, the keys can just be sneaked into the encrypted tap itself. Richardson agrees with this view. There has even been a software implementation of this in the past. The TIS-client implemented this feature as "Government Access to Session Keys method". There are even rumors that the ciphers SHA1 and DSS, both NSA ciphers, leak key information on purpose, with only the NSA knowing how to retrieve it. Richardson claims that it is easy to use weak key material. And there are other dangers as well. Because RC4 is based on XOR, using the same key twice is enough to crack the code. RC4 is used for the inner encryption of user data in the TIIT, since the final AES candidate wasn't known at the time when the protocol was set. But this RC4 encrpytion is packaged in another layer of encryption, SSL or IPsec. That layer needs to be broken as well. Richardson takes IPsec as example. Imagine that we need to leak an RC4 key and an IPsec key. For RC4, only the first 128bits are relevant. For IPsec 3DES is often used, which means another two times 56bits. Each IPsec packet has an IV of 64 bits. This IV is random filling to ensure that there will never be two identical packets encrypted with the same key, a deadly sin in the world of cryptography. So this makes it possible to hide 64bits in each IPsec packet. Theoretically, after two packets you have leaked the RC4 key, and after another two you have the 3DES key too, although Richardson says that if such a scheme is used, it is very likely that the leaking would take place a bit slower, so it can be covered up. For example, the 64 bits can be divided in four parts of 16 bits hidden in the first 20 bits of four IV's. 16 bits of actual key material and four bits to point to the position of those bits in the key. That means that about 16 IPsec packets are needed to leak the entire key. According to Richardson, that would leave plenty of randomness in the IV to make this leakage invisible. Due to the overhead of IPsec and of the TIIT, this means the tapped user needs to cause even less packets for this to happen. In other words, reading a few lines of email or looking at a single webpage, is more then enough to leak all key information. Weis and Lucks showed that the use of the IV isn't even needed, and presented their paper All your keybits ...[17] at SANE2002[18] that mathematic proves that blackbox cryptography is fundamentally insecure and that leaking key material cannot be detected in any way. Conclusion Without the cooperation of Comverse, is it not possible to determine whether the Dutch tapping systems contain backdoors or not. Worse, even if Comverse would appear to cooperate, there is no way to detect a possible double-cross. Key information can leak quickly and undetectable and the only way to prevent that is by having full control over both the hardware and the software involved. In mid December, the parliament will discuss the annual report of the AIVD, but it seems unlikely that the public will ever find out what really happened. Remkes only wants to talk about these matters behind closed doors. De Graaf, party leader of D'66, said he finds the risk of possible manipulation of the tapping rooms "pretty serious", but cannot give more public statements, since he was a member of the watchdog commission that oversees the intelligence service AIVD, and therefore has inside sensitive knowledge. Remkes claims he didn't know about the dangers. Apparently, he was the last one that didn't know; Comverse and blackbox cryptography have been under heavy fire for years. Literature [1] http://www.opentap.org/documents/TIIT-v1.0.0.pdf [2] http://www.verintsystems.com/ [3] http://www.cominfosys.com/ [4] http://www.eo.nl/home/html/news.jsp?number=3209417 [4b] http://www.volkskrant.nl/binnenland/8761030113615.html [5] http://www.groene.nl/2002/0225/rz_tappen.html [6] http://www.fnl.nl/ct-nl/archief2001/ct2001-06/ct200106032033.htm [7] http://www.opentap.org/ [8] http://www.hal2001.nl/ [9] http://www.ccc.de/ [10] http://www.opentap.org/ccc/ [11] http://cgi.omroep.nl/cgi-bin/streams?/eo/redactie/radio/r1022511c.rm [12] http://cgi.omroep.nl/cgi-bin/streams?/eo/2vandaag/2vandaag_aftappen.rm [13] http://www.citi.umich.edu/u/provos [14] http://www.outguess.org/ [15] http://www.sandelman.ottawa.on.ca [16] http://home.bip.net/laszlob/cryptoag/kleptography.htm [17] http://www.nluug.nl/events/sane2002/papers/WeisLucksAllYourKeybit.ps [18] http://www.nluug.nl/events/sane2002/ ------------------------------ TELECOM Digest is an electronic journal devoted mostly but not exclusively to telecommunications topics. It is circulated anywhere there is email, in addition to various telecom forums on a variety of networks such as Compuserve and America On Line, Yahoo Groups, and other forums. It is also gatewayed to Usenet where it appears as the moderated newsgroup 'comp.dcom.telecom'. TELECOM Digest is a not-for-profit, mostly non-commercial educational service offered to the Internet by Patrick Townson. All the contents of the Digest are compilation-copyrighted. You may reprint articles in some other media on an occasional basis, but please attribute my work and that of the original author. Contact information: Patrick Townson/TELECOM Digest Post Office Box 50 Independence, KS 67301 Phone: 620-402-0134 Fax 1: 775-255-9970 Fax 2: 530-309-7234 Fax 3: 208-692-5145 Email: editor@telecom-digest.org Subscribe: telecom-subscribe@telecom-digest.org Unsubscribe:telecom-unsubscribe@telecom-digest.org This Digest is the oldest continuing e-journal about telecomm- unications on the Internet, having been founded in August, 1981 and published continuously since then. Our archives are available for your review/research. We believe we are the oldest e-zine/mailing list on the internet in any category! URL information: http://telecom-digest.org Anonymous FTP: mirror.lcs.mit.edu/telecom-archives/archives/ (or use our mirror site: ftp.epix.net/pub/telecom-archives) Email <==> FTP: telecom-archives@telecom-digest.org Send a simple, one line note to that automated address for a help file on how to use the automatic retrieval system for archives files. You can get desired files in email. ************************************************************************* * TELECOM Digest is partially funded by a grant from * * Judith Oppenheimer, President of ICB Inc. and purveyor of accurate * * 800 & Dot Com News, Intelligence, Analysis, and Consulting. * * http://ICBTollFree.com, http://1800TheExpert.com * * Views expressed herein should not be construed as representing * * views of Judith Oppenheimer or ICB Inc. * ************************************************************************* ICB Toll Free News. Contact information is not sold, rented or leased. One click a day feeds a person a meal. Go to http://www.thehungersite.com Copyright 2004 ICB, Inc. and TELECOM Digest. All rights reserved. Our attorney is Bill Levant, of Blue Bell, PA. ************************ DIRECTORY ASSISTANCE JUST 65 CENTS ONE OR TWO INQUIRIES CHARGED TO YOUR CREDIT CARD! REAL TIME, UP TO DATE! SPONSORED BY TELECOM DIGEST AND EASY411.COM SIGN UP AT http://www.easy411.com/telecomdigest ! ************************ --------------------------------------------------------------- Finally, the Digest is funded by gifts from generous readers such as yourself who provide funding in amounts deemed appropriate. Your help is important and appreciated. A suggested donation of fifty dollars per year per reader is considered appropriate. See our address above. Please make at least a single donation to cover the cost of processing your name to the mailing list. All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization. End of TELECOM Digest V23 #555 ******************************