How to build a system to "Opt Out" of warrantless wiretapping

I love the p2p-hackers mailing list.  So many smart people talking about so many cool things.  The conversation has recently turned to how to build a VoIP system that would bypass the NSA's warrantless wiretapping to the greatest possible degree, while still being usable in the real world.  Here's my proposal:


I think the challenge with building a new phone system is that the existing phone systems are already amazing.  Skype filled a void for cheap long distance.  But now that that void is filled, and you can call anybody in the world from your phone easily (unlimited nationwide plans are common, and Skype covers the rest of the world), it'll be very difficult for any new voice service to take root.  But I could imagine it happening if:

1) It's backwards compatible with the current voice services (eg, you can call anybody with it, and they can call you, regardless of whether you use the service)

2) It offers tangible value to you even if the person you're calling isn't using it

3) It offers tangible value to you even if the people calling you don't use it

4) Those values increase as the number of people who use it increases

5) It automatically advertises itself

With these, then you can fully adopt this service -- without any downsides -- and gain value from it regardless of whether anybody else does.  Furthermore, the value increases as the network size increases, so you have an incentive to encourage others to use it.  As for what that service might be, that's a tall bar.  But I could imagine protection against dragnet-style government surveillance being compelling to a certain demographic.

As for how that might work, that's tough.  But imagine a new VoIP client like the old Skype (eg, P2P with a distributed relay service for NATs/firewalls), except truly encrypted.  That would be pretty straightforward to do: the audio/video codecs are pretty refined, and there are great P2P libraries ready to go.  The problem is: nobody is using is, so you have no reason to use it either.

But what if everybody registered their "real" phone number with some DHT, and then coupled this app with a collection of VoIP->POTS (Plain Old Telephone System) gateways.  So when I type in your phone number, first it checks to see if I can use this secure system, and contacts you directly via VoIP.  But if you aren't in the system, it just calls you via a POTS gateway.

Ok, so now we're backwards compatible, but it still doesn't really give me any advantage if nobody else is using it.  So what if rather than just using one VoIP gateway, there were hundred, scattered across every area code, and every network.  Then when I call you, if I can't use my truly secure VoIP connection, instead it just routes you through one of hundreds of random gateways. Voila -- we both get protection from dragnet collection of metadata (the NSA just sees that someone called you through one of these many gateways, without knowing it's me) *even though* you don't use the system.

Next, every time I call someone through this system and it falls back on the POTS gateway, it plays a message saying something like "This line is only partially secured; install XXXX app to get fully secured.  Connecting..."  Now every user who uses this thing is automatically advertising what it is to recipients.  The more it's used, the more it grows.  Indeed, you could also couple it with SMS such that the first time anybody calls a new number, it texts a link to that number explaining what it is and linking to an app download.

Ok, so now we have a system that is backwards compatible, breaks the "chicken and the egg" dilemma by offering value "out of the box" even to a single user, and automatically promotes itself.  But what about incoming calls?  How can I get the benefit of anonymity, but still give you a number that you can reliably call to get me?

This one is a lot harder.  One approach would be to let me generate new phone numbers on the fly, such that I can give out different numbers to everyone and they all go back to me.  Again, anybody who calls these numbers with POTS would get connected to me transparently via the VoIP gateway (and might hear the marketing message / receive the SMS), and anybody who calls inside the system gets me directly.

A problem with this is there are only so many phone numbers, and they cost money.  So a different approach might be to just maintain like a hundred numbers, each of which has an "extension".  So I give you a number like (XXX) XXX-XXX x XXXX -- it's a bit of a pain to use extensions, but it gives the same effect.

Then tie this with a Gmail plugin that auto-randomizes your phone number in emails you send out (so you enter your own phone number, and it provisions/randomizes before delivery), and maybe something that just provisions a bunch of random numbers and prints out business cards to make it easy to deliver.

Oh, and all this could work for SMS as well.

Anyway, something like this might allow individuals to "opt in" to a new secure platform, without needing to "opt out" from the real world.

No comments:

- Jan 2014 (1) - Mar 2012 (1) - Nov 2011 (1) - Oct 2011 (1) - Apr 2011 (1) - Mar 2011 (3) - Feb 2011 (2) - Jan 2011 (9) - Nov 2010 (1) - May 2010 (1) - Mar 2010 (1) - Feb 2010 (1) - Jan 2010 (1) - Dec 2009 (1) - Nov 2009 (1) - Oct 2009 (1) - Sep 2009 (1) - Aug 2009 (2) - Jul 2009 (1) - Jun 2009 (4) - May 2009 (3) - Apr 2009 (3) - Mar 2009 (10) - Feb 2009 (5) - Jan 2009 (3) - Dec 2008 (5) - Nov 2008 (5) - Oct 2008 (5) - Sep 2008 (4) - Aug 2008 (5) - Jul 2008 (11) - Jun 2008 (8) - Feb 2008 (1) - Aug 2007 (1) -