O tempora! O mores!

"Recently, UK intelligence agencies have complained that the rise of VoIP makes it difficult for them to monitor communications."

Let me see: The rise of morse code did it, the rise of the Enigma encoding machine did it and the rise of digital communication technology did it.

Of course, in each of those cases, the intelligence agencies applied themselves and eventually developed technology that allowed them to monitor communications. So what's changed? A simple lack of faith. Once upon a time we (at least, me) believed the intelligence agencies were there to protect us. Then, along came a Republican government in the United States and a clunking, statist, 'New Labour' government in Britain.

Those clumsy, paranoid, control-freak politicians made it know that there is no longer any such thing as personal privacy. "You will be monitored for your own good!" was the cry. No-one is to be allowed to have a private life any more.

So, now, we (I) believe that the intelligence agencies will use any new power to increase their ability to monitor my tedious conversations and predictable movements. Life has an added spice. In addition to going about my daily business, I now have the fun of trying to do so in a way that makes it difficult for the 'agencies'.

The rise of VOIP makes it difficult for Big Brother to keep an eye on me? I'll open an account immediately!

AES Encryption

If I'm not mistaken, isn't AES an American government 'approved' standard for encryption? That ought to raise questions with anyone considering encrypting their phone calls etc.

Also, given sufficient tradecraft skills even a simple encryption scheme can be used to make life very difficult for eavesdroppers. We should all hope that terrorists stay dumb and rely on their encryption.

London Rules?

It used to be Berlin Rules (and the Gestapo used torture)/

Then it was Moscow Rules,and a visit to the Lubyanka.

Were they Washinton Rules, or Gitmo.

I don'tlike the idea of having to switch to London Rules to keep my ordinary privacy.

@Even if they put in regulations

It's not so much the encryption that's worrying them. Nobody is going to say "the illegal drugs arrive tomorrow on flight XYZ, the tracking number is 1234, Mr Real_Name please go and collect them at 9:00am"

The real value of telecoms intercepts is to build up a network of who contacts who - then you get a nice 'linked to terrorism' flag on your database. With skype it's difficult even with the cooperation of all the international ISPs involved to know who is calling who.

AES easy to crack?

I love the quotes saying AES is unsecure because the US government uses it - perhaps you'd feel better if we used a european algorithm such as Rijndael?

@MarkJ, AC16:47

RC4 may have various attacks, but AES is about the best there is at the moment. The whole development process for AES was fantastically open, so it's unlikely there are "backdoors" for the spooks to use.

AC. if you can provide a method that shows AES to be "America's Easiest Security (to break)", I'm sure the crypto community would love to hear about it, because you're clearly cleverer than most of them.

Uh-oh

Is it time to break out my CipherSaber again?

http://ciphersaber.gurus.org/

Broke it!

Spooks beware!

So you invest in thousands of pounds of software or just use AES or pgp - then someone like me comes along and makes a very small driver that feeds a "software sound device" it sits between the soundcard and the speakers.

OH NO with all that encryption that simple driver makes it obsolete :(

You can hear both sides of the conversation, record them and even resend them over a vpn or vlan lol.

If its a computer - it may well have the worlds best encryption but its made useless if all you need is to listen to the output from the sound card - thats NOT encrypted.

as 118 would say GOT YOUR NUMBER.

What about the Edge?

1. If AES is so easy to break, why does the U.S. Government allow the use of evaluated implementations of AES-128 for classified data up to SECRET, and AES-256 for classified data up to TOP SECRET?

2. Sectera Edge doesn't compete with Cellcrypt, nor does it compete with the Blackberry. The Edge uses Type 1 crypto, and therefore isn't available to the public at all, in any form whatsoever. Conversely, Cellcrypt on commodity (i.e. not security hardened) hardware is never going to be accredited for highly classified data.

AES is secure Also Re Dave

Rijndael is AES

Rijndael was the name of the cypher before it began a standard, the standard name being AES.

Although I do agree with your comments about it being insecure becuase the government uses it. Its an open source algorithm, which has been round for many years (I know I bought the book detailing the algorithm many years ago whilst at uni). As computing power increases it will become easier to break as DES and triple-DES the previous standards did. But as that happens it will be improved and replaced.

If you are worried about the security of any algorithm go and get a copy of the cypher, and if its not available in the open market its not secure. AES is available, many very bright and independant experts have validated it, and if you dont trust them do the maths yourself.

Of course specific implementations may not be secure becuase they can have backdoors and bugs in them, but hay you have the algorithm write your own.

Alan

Should they also scan letters at the post office?!

With electronic communications there seems to be a sense in the security community that they should be monitored simply because the technology is there to monitor.

Since the introduction of digital switching systems from the 1970s onwards, there have been provisions in the hardware and software for 'lawful interception' i.e. your phone conversations can be listened into remotely, without any difficulty.

Before digital switching, a wire tap was literally that, someone had to obtain a warrant, go to a telephone exchange and physically install a device to record your line. It was difficult, and it would only have been used where necessary.

There seems to be a sense now that they should just record everything (just in case) and put it onto a giant google like database so that it can be data mined.

If the security services suggested that seals on envelopes should be banned, and all correspondence should be scanned by your local post office so it can be read for subversive material, can you imagine the absolute outrage there would be?

But, just because it's a data stream of telephone conversations, faxes, emails or online communications it's somehow not causing even a slight fuss.

Why aren't people annoyed about this on a wider scale?!

Yeah? Well, I think....

ABD65FD7D3BC120C00BC253671CDA9E5BC3765C23!

@Damien Thorn

What do you mean by a driver?

Are you talking about a trojan that records sound activity on a particular PC? Sure that could work fine. Good luck getting it onto my machine without physical access, unless my (open source) router has holes I don't know about, you can't even address my laptop...

If the spooks want to physically gain entry and bug the place, fine, let 'em. They need to be able to investigate circumstances where they have enough reason to believe something is going on to persuade them to get up out of their chairs and go and watch someone.

It's the random trawling and data collection about every one of us that I find offensive.

Now where did I put that terrorist drug bomb guantanamo obama?

@ AC Why aren't people annoyed about this on a wider scale?!

In a word: apathy.

@Phil, 49-1 84-45 14-89

Cheers, mate, see you on Tuesday.

@david hicks

Not a trojan as such, even the intelligence service could spot that (i would hope)

A simple driver with a bit of the software adapted for the sole purpuse of being a bug.

I hadnt given the "how" they would get it onto the laptop much thought, but there are stories of some very seriously deviant methods they "could" use to do it.

So heres a guess at a very strange plot.

SPY a plants someone in creative sound employment - they alter ALL the drivers secretly. No one notices then in a dark base somewhere everything is analysed. (its far fetched i know, but im not a blooming spy hehehe)