Monday, July 27, 2009

How law enforcement sees VoIP

While browsing Wikileaks, I came across a document titled "An Overview of VOIP for Law Enforcement, 23 Dec 2008". It reads as a "VoIP explained" document for law enforcement , explaining the basics and the restrictions that law enforcement agencies have when it comes to VoIP. Here's a summary:
  • The difference between a traditional phone call and a VoIP phone call is discussed (signals and circuits versus packets)
  • With VoIP various devices may be used: software (softphones) installed on a pc, VoIP gateways and IP Phones
  • Discussion of caller id spoofing, how it makes it harder for LE to tell if the call is from a VoIP provider or a real number or not (anonymous calls)
  • Vishing, the act of phishing by involving VoIP
  • Actively tracing VoIP calls is almost impossible
  • 911 emergency calls or VoIP E911 is mentioned
  • There are 4 ways to identify VoIP usage: the Caller ID (which may be spoofed), Phone records (where tracing is similar to tracing the source of email), VoIP hardware (eg. phones connected to ethernet) and VoIP software
  • CALEA was updated in 2005 to cover VoIP providers so that LE to allow tapping, recording and tracing of phone calls
  • Due to the international nature of the Internet, if the provider is not US-based, then it does not have to comply with these laws or LE requests

No comments: