ISSC 641 Central Texas College The VoIP Security Podcast Discussion
Hello,This is a two part questions. First I will need the discussion question answer which will be below in bold, 250 words APA format. For those response I will need two responses of at least 175 words each.A) Listen to the Blue Box #85 Podcast: the VoIP Security Podcast onhttp://www.mefeedia.com/entry/blue-box-85-internet-phone-calls-and-terrorism-georgia-tech-report-on-emerging-cyber-security-threat/11995446. Then do the following:Write a one paragraph summary report of the podcast (minimum 250 words). Write a second paragraph discussing your own thoughts on the podcast. What do you feel about the government's wiretapping activities? Why or why not? Should the government require data collection and retention? Explain.Part twoStudent one:The podcast covered a myriad of topics with regards to VoIP and certain security issues that have come up of late. It speaks of how the UK is going to have more power to listen to conversations. It also draws certain conclusions that state that if governments are given more power in order to listen to the conversations that people have, there needs to be a proverbial line drawn in the sand. How much privacy are people actually allotted? Currently, it is becoming more and more difficult for governments to track conversations and access call detail records within the VoIP architecture. Conversely, on cellular devices, call records including the party that initiated the call, the party that received the call, and call duration data is stored on servers that is accessible by law enforcement. Another topic that was covered on this podcast was the emerging cyber security threats covered by the Georgia Tech Security Summit. They came out with a report that talks of the emerging cyber security threats of 2009. They talk of malware, threats to VoIP, botnets and other ways in which vulnerabilities can be exploited. They also talk about how the cybercrime economy is starting to change and evolve. The security summit predicted that eventually malware will be injected into cell phone in order to turn them into bots for use in attacks such as the denial of service. They also mentioned an article about protocol 802.1AE and 802.1X-rev. They talked a bit about these protocols and how they secure layer two traffic, as well as how 802.1AE that provides encryption at the ethernet layer. (York, 2008) The podcast itself was informative, but a little dry. I think that it is important to understand some of the topics that are covered, mainly how much privacy is afforded to those that use VoIP. The government itself should have some access to wiretapping I believe, provided that it has the correct paperwork in place. There is no one that is above the law, and the government must ensure that it polices itself. Whether or not the government should require data collection and retention is a very gray area. On one hand, it is much easier to pinpoint criminal activity if there is data to analyze. On the other hand, is it really possible to collect all the data and retain it? As people continue to use soft phones such as Skype and Microsoft Teams, most likely it will fall on the company to retain that data, due to the fact that they have access to that infrastructure. I don’t think that all companies will succumb to this request.References:York, D., & Zar, J. (2008). Blue Box #85: Internet phone calls and terrorism, Georgia Tech report on Emerging Cyber Security Threats, phone jamming, 802.1X-REV, 802.1AE, VoIP security news and more. On Blue Box: The VoIP Security Podcast [MP3].Student two:Essentially, this podcast focused on the idea that the advent of new technologies has effectively side-lined any current legislation on the topic of content within the purview of voice telecommunications. It evolves into the subject of law enforcements legal ability, and practical ability of actually obtaining specific, granular information relating to the calls or communications made via VoIP. They balance that idea with the rights of the public, versus the need of the government, particularly law enforcement. A second topic covered in the podcast was the idea that the ubiquitous nature of mobile tech, i.e. cell phones, is going to ultimately lead to the generation of massive botnets as a result of malware.Write a second paragraph discussing your own thoughts on the podcast. I like the topics they covered, but I believe the most important topic they covered is that of CALEA. The idea that current legislation surrounding government legal capabilities versus practical capabilities is something I covered extensively in my project paper for this class. I do however think the subject matter they covered in that was a little off. CALEA, as they referenced, is simply outdated within the context of its verbiage. With the advent of new companies, new terms, and in fact, new industries all together, CALEA simply doesn’t address certain subjects of topics within the conversation as a whole, which leaves room for legal battles that hold cases up, making the use of any evidence that would be garnered from actions associated with CALEA somewhat useless simply based on time constraints. Additionally, they mentioned that being CALEA compliant was in fact put on the telecoms, which isn’t the case. The telecoms were charged with coming up with their own solutions, and once presented to the FBI, they would be reimbursed for the expenses associated with becoming compliant. The subject of CALEA touches a LOT of different topics that make it a very challenging thing to navigate, and competing interests of the government and private sector add additional friction to the topic as a whole.What do you feel about the government's wiretapping activities? Why or why not? I think the governments wiretapping abilities should stand. There’s a social contract between the public and the government, in that the government will defend and protect the people, and in exchange the people will pay taxes to uphold the government and allow it to work in its intended capacity. Additionally, in order for the government of the United States to accomplish its intended function, the public has to give up certain rights we have as Americans. There’s a balance, and its heavily dependent on perception of risk. If one perceives a higher level of risk, they are willing to pay more to address that risk. Shortly after 9/11, I’m sure the public sentiment would have been HEAVILY in favor of allowing the government to do just about whatever it felt necessary with regard to wire-tapping and telecommunications, but having had time for the shock and fear to subside, peoples perception of the risk changes, and they are not as willing to be complicit with the decision to give up their privacy. My personal opinion is that a balance needs to be struck. There are absolutely ways to accomplish the goal and keep people safe and secure at the same time, it’s just a matter of finding out what that looks like.. but one thing is certain, the wiretapping capabilities are paramount to fighting criminal activity.Should the government require data collection and retention? Explain. This is a broad question, but in a general sense, yes, they should. Businesses are required to keep records of just about everything else under the sun, so why not the data that they crunch? This has to be reasonable, though. What reasonable looks like in this conversation, I’m not sure, it would take a lot more knowledge on the issues that would impact it than I currently possess.. costs, infrastructure, capabilities, storage, actual generation of data. The sheer volumes of data that are generated in mind boggling.. so it would depend on what data is required for retention, how long, and is it even a practical idea that companies could handle that type of activity. Also, weigh in the idea that data, in itself, has become an industry. Data brokers literally collect and sell any and every kind of data they can get, and social media outlets essentially do the same thing. In the end, data collection and retention as a whole should be addressed, whether it be the need for companies to save certain kinds of data, or not allowing companies to collect data as a whole to reduce the risk of exposing private information to the wrong people.