The Legal Ramifications of Call-Filtering Solutions
ABSTRACT Spam-over-IP telephony (SPIT) will likely have a significant impact on the usefulness of VoIP telephony solutions, but some solutions to the problem, such as filtering, could raise unanticipated legal issues.This paper contains both an overview and an assessment of the emerging legal issues in this domain and compares the legislation of two countries with very different legal systems: the US and Germany. Although call filtering addresses all kinds of attacks, we focus here on SPIT. Filtered messages that are part of a denial-of-service (DoS) attack or that attempt to exploit device vulnerabilities are much less problematic, and legal scholars agree that service providers have the right to defend against them.
[Show abstract] [Hide abstract]
ABSTRACT: Attacks on Voice-over-IP calls happen frequently. A specific type of these attacks are toll-fraud attacks. The prevention of these attacks depends on understanding the attack patterns. These can be derived from communication records. However, these records contain privacy relevant information of the call participants. These records are also protected by a number of laws and regulations. To make an analysis privacy compliant, relevant laws and regulations need to be considered. We propose a method for changing communication records in such a way that the forensic analysis in VoIP attacks is possible and the privacy of the call participants is preserved. We define privacy requirements for communication records from laws, regulations and concerns of call participants. We also present patterns of communication records based upon real world examples. We further show a framework for privacy attack identification and privacy data minimisation for a structured analysis of communication records. Moreover, an analysis pattern for toll-fraud attacks states which relations in the communication records have to survive the data minimisation.Availability, Reliability and Security (ARES), 2012 Seventh International Conference on; 01/2012
[Show abstract] [Hide abstract]
ABSTRACT: Voice-over-IP systems are quite frequently attacked with the intent of service theft. While VoIP security has been intensively researched in the past, devised solutions often demand significant changes to the VoIP systems. In addition, several solutions propose the filtering of telephone calls, but these solutions only have a limited focus on the privacy rights of the call participants. We propose a method for analyzing communication records with the primary purpose to prevent VoIP attacks. Moreover, our approach integrates with little effort into common VoIP usage scenarios. As an example we use the prevention of toll-fraud attacks as a running example. The analysis of the communication records, however, requires investigating personal information in the communication records, e.g., call habits and phone numbers. Consequently we give an overview of major US and EU laws and regulations to elicit privacy requirements. We also demonstrate how these requirements can be implemented using Comercial-Off-The-Shelf VoIP systems.Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on; 01/2012