Cristian Livadaru's blog

... think again ...

Telecommunications Data Retention (Aka Vorratsdatenspeicherung)

big_brother As more and more countries have implemented laws about Telecommunications data retention, I would like to share my thoughts about this. So Big Brother thinks they can stop Terrorism by the use of Telecommunications data retention. But it is so easy to communicate without leaving a trace. It’s possible for everyone with a PC and a Internet connection to act as a Phone company without being registered anywhere, without anybody knowing that you even exist.
You can buy phone numbers from every corner of the world, the server can also be in any corner of the world where some laws may or may not apply.
Let me explain this with an example. Bart and Homer are a evil Terror organization :) they are planing to blow something up. So Bart wants to call Homer and ask for some details about the Bomb. Let’s assume Big brother is only recording call details but not the call itself. So Bart calls an access number, this number is connected to a SIP Server (like asterisk).
Once connected to the server he enters Homers number, the server dials his number with a fake caller ID and deletes the CDR (call detail records) after the call. The call is being initiated via a company based in Germany (just an example) and the server with asterisk is somewhere else, let’s say in China.
So, what will data retention tell us after collecting all this data?

  • Bart has made a call to some number, it is unknown whom this number belongs to. The number has been bought through one of several legal DID Exchnage platforms on the net where you can pay with PayPal or Credit card (which could be stolen), to find out where the number was connected would take a lot of time.
    • Ask the regulation agency, of the country the number belongs to, whom this number belongs
    • Ask the company owning the number who bought the number from them and the IP of the server it was connected to.
  • After big brother has got this Data they would know that the number was connected to a server in China so the searching can begin once again.
    • Ask the provider for Details about the owner of the server
    • Ask for access to the server to search for CDR.
    • No results where found since the server has been already cleaned up or destroyed etc etc.
  • On the other side, big brother knows Homer got a phone call on his cell, from a number in Namibia (which of course it’s fake)

So in the end, big brother knows nothing! Of course if they record the content of the call they could have some information but there are ways of avoiding this. Like using a Softphone on a laptop with mobile internet conected to the SIP server via VPN. There are so many ways and all you need is a creditcard, no ID, no personal data, nothing.

So the state is trying to convince us that their intention is to “protect” us? I mean come on, you don’t need to be a genius to come up with something like this.