The Dawn of the VoIP Bug

"...transform the existing power lines in your home or small office into a high-speed network solution. Without running wires, PLC-185S takes advantage of your existing electrical wiring to create or extend a network environment. PLC-185S is also an ideal solution for homes or small offices where concrete walls, floors in multi-storied buildings, or other architectural barriers could inhibit a wireless signal.

Just plug the PLC-185S into an electrical outlet and it can turn every electrical outlet into a possible network connection to connect to any network devices, such as wireless router, network cameras, and video servers." or VoIP bugs :) (more)

The Essential Guide to VoIP Privacy

What you need to know about protecting the privacy and confidentiality of IP phone calls.

People generally assume that their private phone calls are just that: private. VoIP users, however, shouldn't take privacy for granted. (neither group should)

The problem with most VoIP calls is that they travel over the Internet, a very public network. This means that calls are vulnerable to snooping at various points throughout their journey. And even private-network VoIP calls can be tapped if access can be gained to the physical wiring.

As a result, business competitors, employees, criminal gangs, tech hobbyists and just plain snoops can all listen in to a business's outgoing and incoming VoIP calls. All that's needed is a packet-sniffing program, easily downloaded from the Internet, and perhaps a tiny piece of hardware to tap into a physical wire undetectably.

But the news isn't all bad. Methods and systems are available to safeguard VoIP traffic... (more)

How To Make Your Phone Untappable

In 1991, Philip Zimmermann developed a humble-sounding electronic encryption technology known as Pretty Good Privacy. In fact, it was very good--so good that not even the federal government has been able to crack it, a fact that has made Zimmermann a folk hero to privacy advocates and a headache to law enforcement.

Now Zimmermann, the CEO of PGP Corp., has found himself back in the fiery debate between federal investigators and those who oppose their snooping--this time thanks to ZRTP, a technology for encrypting Internet telephone calls. ZRTP throws a wrench in the Bush administration's controversial warrant-free wiretapping program and its proposed legal immunity for the telecommunications companies. So far, not even teams of supercomputers and cyberspies at the National Security Agency have cracked ZRTP. That means anyone who uses Zimmermann's Zfone software, a ZRTP-enabled voice over Internet Protocol (VoIP) program available for free on his Web site, can skirt the feds' wiretapping altogether.

Forbes.com spoke with Zimmermann about how his small company has been able to produce an encryption product that not even the U.S. government can break, what ZRTP means for national security, and why cutting off the government's access to our phones is necessary to keep out the truly malicious spies. (more)

Free advice.
Free software.
An end to wiretapping woes.
Come on. What more do you want from me?
The least you could do is send me some M&M's. :)
~Kevin

VoIP Reminder - ZFone

The VoIP industry has been amazingly uninterested in figuring out how to protect the privacy and security of VoIP users. Of all the commercial service providers, only Skype provides encryption and authentication. Fortunately, Phil Zimmerman, the inventor of the best encryption software for all platforms, PGP (Pretty Good Privacy), has turned his talents to protecting VoIP. This is good news because eavesdropping on VoIP traffic is just as easy as sniffing any TCP/IP traffic. So we now have the ZFone.

ZFone operates invisibly, without needing administration and setup the way PGP does. With PGP you have to set up a public key infrastructure (PKI). A PKI performs authentication, verifying that the person you're communicating with really is who he or she claims to be, prevents eavesdropping and alerts you if the transmission has been altered in transit. (more) (original alert)

Extra Credit...
VoIP calls are easy to eavesdrop on—anyone with access to any wire that carries your transmissions can snoop with trivial ease. There is a possible remedy, but it's not widely used yet, and that is the ZRTP encryption protocol. I think it shows the most promise, as it is lightweight, provides very strong encryption, and—best of all—requires no user or administrator intervention; it Just Works. ZRTP is somewhat like cell phone encryption, except that it's not weak or easily broken. Zfone is the software implementation of ZRTP, and now you can get a plugin for your softphones. It costs nothing but a bit of time to try it out. (more)

Instant Education - VoIP: The Top 5 Vulnerabilities

Nothing is hacker-safe these days unfortunately, not even your VoIP service. But knowing that going in, and protecting yourself appropriately, can make a world of difference. The folks at the Sipera VIPER Lab have released what they feel are the Top 5 VoIP Vulnerabilities in 2007.

They are:
• Remote eavesdropping of VoIP phone calls...
• VoIP Hopping, one of the enablers of remote eavesdropping...
• Vishing, enables hackers to spoof caller ID... (q.v.)
• Toll fraud...
• The Skype worm...
(more)

Cisco confirms ability to eavesdrop on remote calls using its VoIP phones

Cisco confirmed it is possible to eavesdrop on remote conversations using Cisco VoIP phones.

In its security response, Cisco says: "an attacker with valid Extension Mobility authentication credentials could cause a Cisco Unified IP Phone configured to use the Extension Mobility feature to transmit or receive a Real-Time Transport Protocol (RTP) audio stream."

Cisco adds that Extension Mobility authentication credentials are not tied to individual IP phones and that "any Extension Mobility account configured on an IP phone's Cisco Unified Communications Manager/CallManager (CUCM) server can be used to perform an eavesdropping attack." (more)

Wiretapping Just The Start of VoIP's Security Woes

Security experts are once more urging businesses and consumers be wary of wiretapped Voice over IP (VoIP) calls -- as well as the vast number of potentially worse IP telephony vulnerabilities to which they may be exposed.

Last week, U.K. security researcher Peter Cox introduced a proof-of-concept that showed how easily Voice over IP phone calls could be intercepted. Cox, the former chief technology officer and co-founder of security vendor Borderware, successfully captured phone calls over a period of several months with a prototype Session Initiation Protocol (SIP) call monitoring tool.

The demonstration came as only the latest reminder that VoIP is vulnerable to monitoring. But experts warn that wiretapping is only the tip of the iceberg. (more)

Alert - Cisco IP Phone Eavesdropping Issue

From FrSIRT...
A vulnerability has been identified in Cisco Unified IP Phone, which could be exploited by attackers to bypass security restrictions. This issue is caused by an error within the Extension Mobility feature, which could allow a attacker with valid Extension Mobility authentication credentials to cause a vulnerable device configured to use the Extension Mobility feature (disabled by default) while the internal web server is enabled (enabled by default) to transmit or receive a Real-Time Transport Protocol (RTP) audio stream. (more)

Translation...
This series of phone can be remotely eavesdropped upon.

Eavesdropping on VoIP Phones Demonstrated

An expert has released a proof-of-concept program to show how easy it would be for criminals to eavesdrop on the VoIP-based phone calls of any company using the technology.

Called SIPtap, the software is able to monitor multiple voice-over-IP call streams, listening in and recording them for remote inspection as .wav files. All that the criminal would need to do would be to infect a single PC inside the network with a Trojan incorporating these functions, (see our USB memory stick warnings) although the hack would work at the Internet service provider level as well.

SIPtap demonstrates that the worst-case nightmares of VoIP vulnerability are now well within the capabilities of organized crime, which could use such a program to steal confidential data from companies, governments and even the police. (more)

VoIP Security Alert - Eavesdropping, Spoofing, DoS

Sipera Systems, a VoIP security solutions company, said users of VoIP services and equipment from Vonage, Globe7 and Grandstream were vulnerable to eavesdropping, spam, spoofing, and denial-of-service (DoS) attacks.

...the Globe7 VoIP Client does not use a secure connection, making it possible for an attacker to eavesdrop on calls, according to Sipera. (more) (threat advisory list)

Spybuster's Tip #102 - Technical Security Website

Bookmark Secunia.
They publish technical security vulnerability alerts every day.
The following is an excerpt from an alert earlier today...

Secunia Advisory: SA27234
Release Date: 2007-10-18

Description:
Some vulnerabilities have been reported in various Nortel products, which can be exploited by malicious people to cause a DoS (Denial of Service) and to eavesdrop with affected devices.

...it is possible to send spoofed "Open Audio Stream" messages to an IP phone. This can be exploited to open an audio channel and eavesdrop with the IP phone. (more)

USB BUG

Another good reason not to allow laptops into proprietary meetings and conferences...

"This is the smallest, high-sensitivity, high gain USB microphone available, and is our most popular choice for court reporters, students, business people, voice recognition purposes, Skype communication, VOIP and Podcasting - anyone that needs to get high quality audio into a computer!

This mic our 'stealthiest' USB microphone!" Windows & MAC
(more)(sample audio)

Wiretapping for Dollars!

Companies like Google scan their e-mail users’ in-boxes to deliver ads related to those messages. Will people be as willing to let a company listen in on their phone conversations to do the same?

Pudding Media, a start-up based in San Jose, Calif., is introducing an Internet phone service today that will be supported by advertising related to what people are talking about in their calls. The Web-based phone service is similar to Skype’s online service — consumers plug a headset and a microphone into their computers, dial any phone number and chat away. But unlike Internet phone services that charge by the length of the calls, Pudding Media offers calling without any toll charges.

The trade-off is that Pudding Media is eavesdropping on phone calls in order to display ads on the screen that are related to the conversation. Voice recognition software monitors the calls, selects ads based on what it hears and pushes the ads to the subscriber’s computer screen while he or she is still talking. (more)

Think about this...
• NSA level technology is now a free advertising gimmick.
• Your secrets are more vulnerably now than at any other time in history.
• The cost per-conversation-eavesdropped-on is at its lowest.
• The likelihood that your business will be wiretapped is at its highest.

Today's Wall Street Journal discusses government's obligation to protect its assets, "proactive electronic surveillance operations are essential." Businesses must also protect their assets.

Solution...
• Proactive Counter-surveillance Inspections (PCI).
Top corporate security programs already include PCI as an essential element. Other businesses (and government agencies) are adding it at a record pace.
Need to know more?
Check here.

Eavesdropping on VoIP Calls—Part 2

In Part 1 of this opus, I (hopefully) painted a scary picture of how easy it is to eavesdrop on VoIP traffic. So what can you to protect your own VoIP traffic? Let's take a look at some of your options.

-- Use Skype
Skype is famous for its excellent call quality and reliability. Its call security is pretty good, and is used on all Skype services—VoIP calls, text chat, and video and file transfers. Skype uses a digital certificate authority and signed certificates, peer authentication, and strong encryption.

-- ZRTP encrypts all VoIP
PGP is the most widely used e-mail encryption software. It now exists in two main forms: a commercial implementation maintained by the PGP Corp., and the free software version, GNU Privacy Guard (GPG). (more)

Listen to VoIP Phones - Even When On the Hook

Recently disclosed information suggests that it is a relatively simple matter to remotely eavesdrop on a broad range of SIP-enabled devices. For readers who aren't aware of what SIP-enabled devices are, SIP (Session Initiation Protocol) is a protocol that is used by a lot of VoIP software and associated telephone handsets to establish, modify, and control a VoIP connection between two parties.

The research that was published indicates that, for at least one vendor, it is possible to automatically call a SIP device from that vendor and have it silently accept the call, even if it is still on the hook - instantly turning it into a classic bugged phone. Whereas historic telephony bugs needed physical targeting of the line running to a property or place of business, the presence of VoIP in the equation allows bugging from anywhere in the world with equal ability.

Now anyone can do from their armchair what only spies and law enforcement used to be able to do from inside the telephone switch / pit / distribution board, though it's still illegal to do so. (more)

*** Security Alert *** Video Phone Eavesdropping and Denial of Service Vulnerability

A vulnerability has been reported in the Grandstream GXV3000 IP Video Phone, which can be exploited by malicious people to cause a DoS (Denial of Service) and eavesdrop with vulnerable devices.

The vulnerability is caused due to an unspecified error in the SIP stack and can be exploited to set the phone to an inconsistent state by sending an "INVITE" and a "183 Session Progress" message sequence. This allows an attacker to eavesdrop with the device and also disables it to hang up.

The vulnerability is reported in firmware version 1.0.1.7. Other versions may also be affected.

Solution: Reportedly fixed in version 1.0.1.12. Contact the vendor for more information.

VoIP Vandals

Internet telephone services like Skype and Vonage are starting to look less like digital gimmicks and more like the next generation of voice communication. They're cheaper than traditional phone services and increasingly fast and reliable. But they may also be far more hackable.

Security professionals at the Black Hat conference in Las Vegas spent Wednesday outlining the exploitable vulnerabilities in voice over Internet protocol technology, or VoIP. In a series of presentations, they demonstrated ways in which cybercriminals can eavesdrop on VoIP calls, steal data from Internet telephony devices, intercept credit card numbers from VoIP connections and shut connections down altogether. (more)

Eavesdropping on VoIP Calls—Part 1

Just like with all TCP/IP traffic, it is easy for a snoopy person to sniff unencrypted VoIP packets and record your conversations. And don't think they won't.

Remember the early days of cell phones, when people used ordinary police scanners to eavesdrop? Newt Gingrich, Nicole Kidman and Tom Cruise, Prince Charles, and hosts of other celebrities learned the hard way the value of using cell phones with strong encryption.

It's not as easy to snoop wired IP traffic because you need physical access to the wires, but it's not that hard, either. Anyone on your network, anyone on other networks that you contact—and all points in between, including service providers—all have the opportunity to do an awful lot of juicy snooping. Throw in some poorly secured wireless access points, rogue wireless access points, or wireless VoIP endpoints, and you have a real security risk.

While spying on other people's communications is mostly illegal, that's small comfort if it happens to you. (more)(one good solution)

MyVoIPia

"Eavesdropping is one example of an overhyped threat," said Lawrence Orans, a researcher with Gartner, in a previous interview. "Sure, it’s technically possible to execute a man-in-the-middle attack and capture packets. The reason that we hear so much about eavesdropping is that it really does illicit this visceral reaction. The main thing is to focus on the greater threats, for example attacking an IP PBX server itself." (more)

Every element of VoIP security is synergistically important.
My advice; think holistic. ~Kevin

Zimbabwe Passes Bugging Law

Zimbabwe's MPs have passed a law to allow the government to monitor e-mails, telephone calls, the internet and postal communications.

Opposition MP David Coltart called it a "fascist piece of legislation" aimed at cracking down on political dissent.

But Communications Minister Christopher Mushowe defended it, saying it was similar to anti-terror laws elsewhere such as in the UK, US and South Africa. "These are countries which are regarded as the beacons of democracy," he said.

The Interception of Communications Bill now passes to the Senate, where it is expected to face little opposition, Reuters news agency reports.

President Robert Mugabe's government already faces criticism for laws that curtail free speech and movement. (more)

VoIP eavesdropping rules face mounting challenge

New US rules forcing ISPs and universities to rewire their networks for FBI surveillance of email and Web browsing are being challenged in court.

Telecommunications firms, non-profit organisations and educators are asking the US Court of Appeals in Washington DC to overturn the controversial rules, which dramatically extend the sweep of an 11-year-old surveillance law designed to guarantee police the ability to eavesdrop on telephone calls. (more)

I got your phone, and I am coming for your computer... maybe.

Trouble ahead for those wanting to monitor Internet-based calls

The telecommunications world was a much simpler place in 1994, when the U.S. Congress passed a landmark wiretapping law. At the time, the statute was meant to take advantage of the new fact that instead of doing wiretaps the old-fashioned way—by walking into a local phone company office with a warrant and some alligator clips—law enforcement officers now could conduct a wiretap centrally on a carrier's network by duplicating a phone call digitally and directing the copy to police headquarters.

Starting on 14 May, the 1994 law, the Communications Assistance for Law Enforcement Act (CALEA), will also apply to some voice over Internet Protocol providers, and the U.S. Federal Bureau of Investigation has asked that it eventually be extended to all Internet-based communications. The wiretapping statute was originally designed for traditional telephone companies, which use circuit switching to create a dedicated channel for each phone call. But today, using Internet telephony, almost anyone can be a telecommunications carrier, including Google, Skype, Vonage, and Yahoo, to name just four companies that didn't exist in 1994. (more)

Pretty Good (VoIP) Privacy

No one would have blamed Phil Zimmerman for coasting after he created Pretty Good Privacy (PGP)... But Zimmermann and others saw big security holes in VoIP. It wasn’t just that average citizens might need protection against government surveillance of their VoIP calls, Zimmermann reasoned. No, this time around, it was government officials themselves who might need protection against eavesdropping... Zimmermann knew that criminals could easily listen in on the VoIP calls of those investigating them.

This concern drove him, Jon Callas and Alan Johnston to create ZRTP, a protocol that imports some of PGP’s best features to Internet telephony. Zimmermann also saw an opportunity to create a secure voice-communications protocol that didn’t rely on the public-key infrastructure (PKI) or any external servers. As a result, ZRTP is a purely peer-to-peer setup that still allows users to thwart various kinds of attacks on their own.

“When two human beings are talking to each other, they are in a position to detect a ‘man in the middle’ by comparing whether or not they’re both using the same session key—using human conversation, verbal comparisons, hashed authentication strings,” Zimmermann says. “It completely eliminates the need for public-key infrastructure, which is quite a complex thing to drag into the VoIP world.”

Zfone, the ZRTP-based product Zimmermann sells through a company with the same name, also incorporates “key continuity,” where you hash the keys just used in the conversation, and they become part of the keys for the next conversation, thus assuring that you’re talking with the same person as the last time. (more) (Zfone beta release available for free download now.)

Got VoIP?
Get this!
Zphone is available as a "plugin" for existing soft VoIP clients, effectively converting them into secure phones.

Wiretap Service & DIY Wiretaps

New York based call recording company 2ReCall just recently launched their initial call recording product last week. The new service lets you record any US domestic outgoing call by first dialing into an 800 number and then number you want to call.

The old fashioned way of recording calls consisted of Spy-vs-Spy type tape recorders and suction mics. VOIP changed that a bit, making it dead simple to grab the conversation as it passes through your phone client, although it leaves you chained to the desk.

2ReCall’s 800 number means you can record an outgoing call on any phone. Over the coming year the service will be able to record inbound calls as well, with the ultimate goal being a completely seamless solution that records all calls on the number. (more) DIY wiretap. (more)

VoIP Mixes SIP with Security

Switzerland - Telecommunications provider Amitelo today launches a new release of its softphone AmiVois that because of excellent features is superior to its competitors. AmiVois comes with a new kind of encryption that makes wiretapping virtually impossible. (more)

VoIP Security Tips

VoIP (Voice-over-Internet Protocol) "telephone" services are open to the vulnerabilities of the Internet.

Many threats may even be more acute because VoIP architectures are complex and hierarchical with many networked components such as IP PBXs, application servers, media gateways, and IP (Internet Protocol) phones.

VoIP networking also relies on numerous protocols, some of which remain poorly defined, and all of which introduce their own security risks.

VoIP Security Threats include DoS and Distributed DoS Attacks; unauthorised access to administration systems for toll and credit card fraud or identity theft; eavesdropping by unauthorised agents; and application-level attacks for registration hijacking, illegal teardowns, register floods, call floods, malformed packets, harassing calls and spam over Internet telephony (SPIT).

The following comprise a best practices approach to VoIP security (summarized):
- Maintain current patch levels.
- Install a good antivirus system.
- Apply state-of-the-art intrusion detection and prevention systems.
- Install application-layer gateways.
- Enforce SIP security by means of authentication.
- Establish policy-based security zones to isolate VoIP segments.
- Run VoIP traffic on VPNs to minimise eavesdropping risk on critical segments.
- Use VLANs to prioritise and protect voice traffic from data network attacks.
- Apply encryption selectively.
- Protect against UDP flooding.
- Develop a holistic security program.
From Andy Miller, vice-president of Juniper Networks Asia Pacific's enterprise division.
(more)

Walter Mitty's PI avatar - another SpyBot

Boasting a motion detector, video camera, microphone and loudspeaker, Spyke is the ultimate Wi-Fi-enabled robot. We love him and so will you!

Main Features
- Spy robot - Spyke moves, watches, speaks and listens
- VOIP phone - Use your Spyke as a wireless VOIP phone (compatible with Skype 3.0 PC technology)
- Digital Music Player - listen to your own music over Wi-Fi with Spyke
- Video Surveillance - When a movement is detected, Spyke activates an alarm on your computer or sends you a picture by email
- Wi-Fi card included
- Motion sensors activate automatically when something happens
- Returns to recharging station automatically when battery is low
- Control on local Wi-Fi connection or remotely on internet (more)

Why VoIP is vulnerable

VoIP is simply data transmitted in digital packet form. This means it can be attacked, hacked, intercepted, manipulated, re-routed and degraded just like packets on the data network. All of the maladies of the data network -- viruses, worms, trojan, DoS attacks and hijacking -- are possible on the VoIP network.

...examples of potential VoIP attacks:
· Toll Fraud/Service Theft -- This will likely be the most common attack in the early stages of VoIP, where an unauthorized user gains access to the VoIP network by mimicking an authorized user or seizing control of an IP phone and initiating outbound long distance calls.

· Eavesdropping -- VoIP services measurement and troubleshooting software makes eavesdropping on a packetized voice calls relatively easy.

· Phishing -- The same techniques used to steal identity information over email are being used over VoIP. Criminals spoof caller identification information so it looks like the call is coming from a legitimate organization and then ask the call recipient for identity information. (more)

Ex-employee undercut boss by bugging him

Greece - A 27-year-old man was able to beat his former boss to business deals after allegedly installing a sophisticated listening program in the shipowner’s laptop computer, police said yesterday after arresting the suspect.

Officers were called in by the businessman after his former employee, a Ukrainian national, set up a rival shipping company and seemed to be one step ahead of him in closing deals.

After examining the unnamed entrepreneur’s computer, officers discovered that spy software had been installed in the laptop which allegedly allowed the 27-year-old to automatically record any conversations made via the Internet.

Police found that the software, which the suspect allegedly devised on his own, also worked as a bug, recording voices even when the computer was switched off. (more)

Hype versus reality in VoIP security

Voice over IP, like many new technologies, suffers from having security as an afterthought. Headlines tell of VOIP vulnerabilities that can lead to eavesdropping, a new form of spam, even denial-of-service attacks that can take down the one communication network that businesses rely on most.

Lawrence Orans, a research director with Gartner, says some of these threats are overblown and aren't likely to happen in a corporate setting. Frank Dzubeck, president of Communications Network Architects, which analyzes the industry, believes that given the lack of security built into IP, anything can happen. Network World Senior Editor Cara Garretson spoke with both, aiming to separate hype from reality. (more)

(On the topic of eavesdropping both say it is overhyped. However, both cover their rears and say encryption should be used anyway. Hummmm.)

VoIP security: Scenarios, challenges, and counter measures

VoIP combines the worst security vulnerabilities of IP networks and voice networks. This article discusses vulnerabilities, challenges and countermeasures in securing a VoIP network from the application right down to the hardware. ...

Eavesdropping
Eavesdropping is the intercepting of conversations by unintended recipients. Eavesdropping in VoIP requires intercepting the signal and associated media streams of a conversation. No one argues that an attacker cannot access and install a tap on a telephone pair outside your house. That action, however, requires more visibility and explicit laws prohibit eavesdropping. IP eavesdropping can be accomplished from the comfort of a laptop as long as the tools and expertise exist to carry out the attack successfully.

Ethereal, Ettercap, Vomit represent just some of the software available that is used for media capture. Using the software is as simple as capturing and decoding RTP packets, analyzing sessions and then saving the the captured voice as an audio file (.au). This is based on the fundamental that every header of an RTP packet contains information about the codec used to encode voice samples. The codec used is generally a standard one, which allows the software to decode the RTP packet, and thus the audio data. Thus, an entire conversation can be tapped. (more)

VoIP security barely a blip on SMBs' radar

Security is a low priority among most small and midsized businesses (SMBs), as well as vendors, when it comes to Voice over Internet Protocol (VoIP - Internet telephony), experts say. That will quickly change once hackers take aim, however.

As with anything, the risk [of a security breach] is theoretical risk right now," Ridolfo said. He said today it's much easier to write a virus or steal data off a file-sharing system than it is to build an exploit for VoIP.

"Does that mean someone isn't working on it right now? No," Ridolfo said. "A high-profile attack, such as a single, crucially important phone call, that will be intercepted, whether it is commercial or government. Then you'll see a bunch of those in short succession. Then there will be a big push to introduce security."

Voice is just as vulnerable to exploits as data communication, Ostrowski said, "because at the end of the day it's running over an IP network and it's 'packetized' data."

One analyst was surprised by how many SMBs said they felt VoIP was secure.(more)

"Wiretapping VoIP Will Kill Innovation" - Vint Cerf

Building standardized wiretap backdoors into Internet telephone systems is a bad idea that will lead to increased cyber security concerns. At least that's the opinion of the Information Technology Association of America (ITAA).

Responding fiercely to a Friday court decision upholding the Federal Communications Commission (FCC) authority to impose traditional wiretap laws on Voice over IP companies, the ITAA Tuesday issued a report sharply critical of the ruling.

The U.S. Court of Appeals for the District of Columbia said VoIP calls are no different than traditional telephone service when it comes to wiretap laws.

At issue is the Communications Assistance for Law Enforcement Act (CALEA), a 1994 law mandating traditional telephone companies build their technology in specific ways in order to make wiretapping easier for law enforcement officials. (more)