[guardian-dev] silent circle out-of-circle (PSTN) calls

Nathan of Guardian nathan at guardianproject.info
Mon Jul 14 22:53:42 EDT 2014


Exactly... Once you go "out of circle" all of that zrtp encryption and "we aren't affected by calea" talk goes out the window.

On July 14, 2014 9:20:48 PM EDT, Lee Azzarello <lee at guardianproject.info> wrote:
>SS will not encrypt your PSTN calls. ZRTP is an end to end protocol.
>There
>are no PSTN devices which have ZRTP capabilities.
>
>If someone were to wiretap a conversation like this the requirement
>would
>be to target the PSTN endpoint and record. That would produce both
>sides in
>the clear.
>
>-lee
>
>On Monday, July 14, 2014, shmick at riseup.net <shmick at riseup.net> wrote:
>
>>
>>
>> Nathan of Guardian:
>> >
>> >
>> > On Mon, Jul 14, 2014 at 1:36 PM, Lee Azzarello
>> > <lee at guardianproject.info <javascript:;>> wrote:
>> >> -----BEGIN PGP SIGNED MESSAGE-----
>> >> Hash: SHA1
>> >>
>> >> There's no advantage to use SS for PSTN calls from a security
>> >> perspective. If the pricing is attractive to you, give it a shot.
>> >
>> > It also opens them up to a bunch CALEA-like requirements since they
>are
>> > now operating as a "plain old telephone service". I am curious how
>they
>> > are managing this.
>>
>> their thinking:
>>
>> https://www.silentcircle.com/faq-zrtp
>>
>>  4. Is ZRTP CALEA compliant?
>>     Only Silent Phone’s end users are involved in the key
>negotiation,
>> and CALEA does not apply to end users.
>>
>>     Our architecture likely renders that question moot. The
>> Communications Assistance for Law Enforcement Act applies in the US
>to
>> the PSTN phone companies and VoIP service providers, such as Vonage.
>> CALEA imposes requirements on VoIP service providers to give law
>> enforcement access to whatever they have at the service provider,
>which
>> would be only encrypted voice packets. ZRTP does all its key
>management
>> in a peer-to-peer manner, so the service provider does not have
>access
>> to any of the keys. Only the end users are involved in the key
>> negotiation, and CALEA does not apply to end users.
>>
>>     Here is the operative language from CALEA itself:
>>
>>     47 U.S.C. 1002(b)(3): ENCRYPTION - A telecommunications carrier
>> shall not be responsible for decrypting, or ensuring the government’s
>> ability to decrypt, any communication encrypted by a subscriber or
>> customer, unless the encryption was provided by the carrier and the
>> carrier possesses the information necessary to decrypt the
>> communication. [emphasis added]
>>
>>     Also, from the CALEA legislative history :
>>
>>     Finally, telecommunications carriers have no responsibility to
>> decrypt encrypted communications that are the subject of
>court-ordered
>> wiretaps, unless the carrier provided the encryption and can decrypt
>it.
>> This obligation is consistent with the obligation to furnish all
>> necessary assistance under 18 U.S.C. Section 2518(4). Nothing in this
>> paragraph would prohibit a carrier from deploying an encryption
>service
>> for which it does not retain the ability to decrypt communications
>for
>> law enforcement access. [...] Nothing in the bill is intended to
>limit
>> or otherwise prevent the use of any type of encryption within the
>United
>> States. Nor does the Committee intend this bill to be in any way a
>> precursor to any kind of ban or limitation on encryption technology.
>To
>> the contrary, section 2602 protects the right to use encryption.
>>
>> >
>> >>
>> >>
>> >> - -lee
>> >>
>> >> On 7/13/14, 7:40 PM, shmick at riseup.net <javascript:;> wrote:
>> >>>  has anybody tested or used silent circle for what they call
>> >>>  out-of-circle calls ?
>> >>>
>> >>>  what's been your quality experience ? anyone know their server
>> >>>  addresses ?
>> >>>
>> >>>  some claim the quality is better than their own mobile carrier
>and
>> >>>  use it entirely for outbound calls
>> >>>
>> >
>> > +n
>> _______________________________________________
>> Guardian-dev mailing list
>>
>> Post: Guardian-dev at lists.mayfirst.org <javascript:;>
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>
>> To Unsubscribe
>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>> <javascript:;>
>>         Or visit:
>>
>https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info
>>
>> You are subscribed as: lee at guardianproject.info <javascript:;>
>>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Guardian-dev mailing list
>
>Post: Guardian-dev at lists.mayfirst.org
>List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
>To Unsubscribe
>        Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>Or visit:
>https://lists.mayfirst.org/mailman/options/guardian-dev/nathan%40guardianproject.info
>
>You are subscribed as: nathan at guardianproject.info



More information about the Guardian-dev mailing list