[guardian-dev] silent circle out-of-circle (PSTN) calls

Lee Azzarello lee at guardianproject.info
Mon Jul 14 21:20:48 EDT 2014


SS will not encrypt your PSTN calls. ZRTP is an end to end protocol. There
are no PSTN devices which have ZRTP capabilities.

If someone were to wiretap a conversation like this the requirement would
be to target the PSTN endpoint and record. That would produce both sides in
the clear.

-lee

On Monday, July 14, 2014, shmick at riseup.net <shmick at riseup.net> wrote:

>
>
> Nathan of Guardian:
> >
> >
> > On Mon, Jul 14, 2014 at 1:36 PM, Lee Azzarello
> > <lee at guardianproject.info <javascript:;>> wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> There's no advantage to use SS for PSTN calls from a security
> >> perspective. If the pricing is attractive to you, give it a shot.
> >
> > It also opens them up to a bunch CALEA-like requirements since they are
> > now operating as a "plain old telephone service". I am curious how they
> > are managing this.
>
> their thinking:
>
> https://www.silentcircle.com/faq-zrtp
>
>  4. Is ZRTP CALEA compliant?
>     Only Silent Phone’s end users are involved in the key negotiation,
> and CALEA does not apply to end users.
>
>     Our architecture likely renders that question moot. The
> Communications Assistance for Law Enforcement Act applies in the US to
> the PSTN phone companies and VoIP service providers, such as Vonage.
> CALEA imposes requirements on VoIP service providers to give law
> enforcement access to whatever they have at the service provider, which
> would be only encrypted voice packets. ZRTP does all its key management
> in a peer-to-peer manner, so the service provider does not have access
> to any of the keys. Only the end users are involved in the key
> negotiation, and CALEA does not apply to end users.
>
>     Here is the operative language from CALEA itself:
>
>     47 U.S.C. 1002(b)(3): ENCRYPTION - A telecommunications carrier
> shall not be responsible for decrypting, or ensuring the government’s
> ability to decrypt, any communication encrypted by a subscriber or
> customer, unless the encryption was provided by the carrier and the
> carrier possesses the information necessary to decrypt the
> communication. [emphasis added]
>
>     Also, from the CALEA legislative history :
>
>     Finally, telecommunications carriers have no responsibility to
> decrypt encrypted communications that are the subject of court-ordered
> wiretaps, unless the carrier provided the encryption and can decrypt it.
> This obligation is consistent with the obligation to furnish all
> necessary assistance under 18 U.S.C. Section 2518(4). Nothing in this
> paragraph would prohibit a carrier from deploying an encryption service
> for which it does not retain the ability to decrypt communications for
> law enforcement access. [...] Nothing in the bill is intended to limit
> or otherwise prevent the use of any type of encryption within the United
> States. Nor does the Committee intend this bill to be in any way a
> precursor to any kind of ban or limitation on encryption technology. To
> the contrary, section 2602 protects the right to use encryption.
>
> >
> >>
> >>
> >> - -lee
> >>
> >> On 7/13/14, 7:40 PM, shmick at riseup.net <javascript:;> wrote:
> >>>  has anybody tested or used silent circle for what they call
> >>>  out-of-circle calls ?
> >>>
> >>>  what's been your quality experience ? anyone know their server
> >>>  addresses ?
> >>>
> >>>  some claim the quality is better than their own mobile carrier and
> >>>  use it entirely for outbound calls
> >>>
> >
> > +n
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org <javascript:;>
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
> <javascript:;>
>         Or visit:
> https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info
>
> You are subscribed as: lee at guardianproject.info <javascript:;>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20140714/776046e6/attachment-0001.html>


More information about the Guardian-dev mailing list