[guardian-dev] silent circle out-of-circle (PSTN) calls

shmick at riseup.net shmick at riseup.net
Mon Jul 14 20:46:35 EDT 2014 


Nathan of Guardian:
> 
> 
> On Mon, Jul 14, 2014 at 1:36 PM, Lee Azzarello
> <lee at guardianproject.info> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> There's no advantage to use SS for PSTN calls from a security
>> perspective. If the pricing is attractive to you, give it a shot.
> 
> It also opens them up to a bunch CALEA-like requirements since they are
> now operating as a "plain old telephone service". I am curious how they
> are managing this.

their thinking:

https://www.silentcircle.com/faq-zrtp

 4. Is ZRTP CALEA compliant?
    Only Silent Phone’s end users are involved in the key negotiation,
and CALEA does not apply to end users.

    Our architecture likely renders that question moot. The
Communications Assistance for Law Enforcement Act applies in the US to
the PSTN phone companies and VoIP service providers, such as Vonage.
CALEA imposes requirements on VoIP service providers to give law
enforcement access to whatever they have at the service provider, which
would be only encrypted voice packets. ZRTP does all its key management
in a peer-to-peer manner, so the service provider does not have access
to any of the keys. Only the end users are involved in the key
negotiation, and CALEA does not apply to end users.

    Here is the operative language from CALEA itself:

    47 U.S.C. 1002(b)(3): ENCRYPTION - A telecommunications carrier
shall not be responsible for decrypting, or ensuring the government’s
ability to decrypt, any communication encrypted by a subscriber or
customer, unless the encryption was provided by the carrier and the
carrier possesses the information necessary to decrypt the
communication. [emphasis added]

    Also, from the CALEA legislative history :

    Finally, telecommunications carriers have no responsibility to
decrypt encrypted communications that are the subject of court-ordered
wiretaps, unless the carrier provided the encryption and can decrypt it.
This obligation is consistent with the obligation to furnish all
necessary assistance under 18 U.S.C. Section 2518(4). Nothing in this
paragraph would prohibit a carrier from deploying an encryption service
for which it does not retain the ability to decrypt communications for
law enforcement access. [...] Nothing in the bill is intended to limit
or otherwise prevent the use of any type of encryption within the United
States. Nor does the Committee intend this bill to be in any way a
precursor to any kind of ban or limitation on encryption technology. To
the contrary, section 2602 protects the right to use encryption.

> 
>>
>>
>> - -lee
>>
>> On 7/13/14, 7:40 PM, shmick at riseup.net wrote:
>>>  has anybody tested or used silent circle for what they call
>>>  out-of-circle calls ?
>>>  
>>>  what's been your quality experience ? anyone know their server
>>>  addresses ?
>>>  
>>>  some claim the quality is better than their own mobile carrier and
>>>  use it entirely for outbound calls
>>>  
> 
> +n

More information about the Guardian-dev mailing list