Domain: askcalea.net
Stories and comments across the archive that link to askcalea.net.
Comments · 27
-
Short answer: No (the correct answer)
Fact:
First, there is no law requiring any action on the part of any ISP.
Disclosure: I participate in running an ISP, but not one of the ones involved in this.Fact:
Some large national carriers have agreed to do some things. "Agreed" and "partnership" have no legal meaning. "An agreement is yet to be signed." is in the OP's link and that gives us an idea that in the future there MAY be an agreement. For now, should it happen, it's voluntary.Fact:
No law of any jurisdiction in the United States currently requires any ISP to provide any content monitoring. The only requirements close to that are to allow Law Enforcement access should they have the right to it -- CALEA.Opinion:
It would be counter to the AOL decision (Zeran v AOL) that an ISP is responsible for either monitoring content, taking action based on content, or being liable for content or failing to take action based on content. That's a fourth-circuit decision that makes it likely that any ISP that doesn't want to join the "partnership" with the MPAA/RIAA can easily not opt-in to their program. Note that I didn't say "opt-out" because that would beg the question of whether there's a requirement to join.Looking forward, I can guess that our "friends" in the MPAA/RIAA will continue their program to CHANGE THE LAW through spending lots of money, lobbying, using the influence of former senator Dodd, etc. If they can get the law to require ISPs to do so, and thereby trump the 4th circuit's AOL decision, then there will be a concern.
However, as Sonic.net's CEO Dane Jasper said ISPs should keep as little logs as possible, preferably under two weeks. That would make it difficult unless they are doing real-time DPI, analysis, investigation, and sending out C&D letters for any of this to have meaning.
While the resources necessary for ISPs to provide access under CALEA are minimal ("Here's your Ethernet port, have a nice day, Feds") the requirement to do DPI for hundreds of gigabits-per-second of data is beyond onerous -- if even achievable. Consider -- it's not just that an ISP has to monitor their "upstream" pipes, but also customer-to-customer. The amount of bandwidth inside each ISP's core is immense.
Sorry to be long-winded, but having read the other responses, I see a lot of D&G and nay-saying. I agree that the landscape is pretty harsh, and the earth is getting scorched. I see hope because I see that we have defeated SOPA, PIPA, ACTA, (and yes I know the TPP is still alive) and we can likely continue to teach our congressional non-representatives that when the majority of the country doesn't want something
... it's likely not something they should support in our name.Ehud
-
Re:Think about it a second
Ask Google for the documentation that admits they cooperated with a secret government program to spy on Americans?
What 'secret government program to spy on Americans'? Read the article. They mention the Communications Assistance for Law Enforcement Act of 1994 (CALEA). Here is Wikipedia's summary if you don't have the stomach for legalese. You can read all about how it went in during Clinton's administration and has been enjoyed by every administration since (a lost freedom is rarely won back) and will continue to be enjoyed for a long time coming.
So Google is afraid to reveal what the law (CALEA) forces them to do?We already know the telephone and cellular companies have found a way to monetize state surveillance by law enforcement, so they're not complaining.
That's funny. If they didn't charge for it, the consumer would be paying for the overhead of them being spied on. Would you like that scenario better? Get out, get vocal, tell people, tell average people on the street when they hang up their phone that all that information just got logged for the government. And do it with some tact so you don't look like a goddamn crazy.
-
Re:Careful There, Schneier
If US government want and have these, why wouldn't China? It's not that far fetched, and it's probably better for Google to say it was some virus planted on their system rather than have news all over the internet that China has such in place too. And it could be that US operations didn't know about it, Google China is its independent operation after all and why they're maybe pulling off.
This supposition just raises more questions in my mind though. 1) What do you mean by "independent operation" because it's still a subsidiary of Google and I'm sure utilizes much of the exact replicated technology. 2) Why in the world would Google enforce an American law in China? 3) If Google were providing this intercept data as access to the Chinese government then why in the hell would the Chinese government break in to steal email data from human rights activists? (From the original source, they suspect it was the government because the target was 'accessing the Gmail accounts of Chinese human rights activists') Why would the government need to gain malware access to the system that's put in place for them to access?
It just doesn't add up in so many ways. Every explanation seems to have more questions behind it. I'm almost tempted to say this was someone from Baidu or a criminal element in China or Russia that covered up all their tracks except those deliberately left to be political. But I'm getting into tin foil hat territory there.I think it was AT&T or Verizon that we had
/. article recently about how US government used their backdoor tons of times to gather info and that it would had been impossible to handle manually. Why wouldn't Google, one of the largest US companies, have similar system?All big time communications operations have to worry about this. It sucks but it's the law. The question remains, however, what is that doing in China and if they're doing it for Chinese law, why did the government need to hack their own system set up to serve them?
-
Re:Careful There, Schneier
If US government want and have these, why wouldn't China? It's not that far fetched, and it's probably better for Google to say it was some virus planted on their system rather than have news all over the internet that China has such in place too. And it could be that US operations didn't know about it, Google China is its independent operation after all and why they're maybe pulling off.
This supposition just raises more questions in my mind though. 1) What do you mean by "independent operation" because it's still a subsidiary of Google and I'm sure utilizes much of the exact replicated technology. 2) Why in the world would Google enforce an American law in China? 3) If Google were providing this intercept data as access to the Chinese government then why in the hell would the Chinese government break in to steal email data from human rights activists? (From the original source, they suspect it was the government because the target was 'accessing the Gmail accounts of Chinese human rights activists') Why would the government need to gain malware access to the system that's put in place for them to access?
It just doesn't add up in so many ways. Every explanation seems to have more questions behind it. I'm almost tempted to say this was someone from Baidu or a criminal element in China or Russia that covered up all their tracks except those deliberately left to be political. But I'm getting into tin foil hat territory there.I think it was AT&T or Verizon that we had
/. article recently about how US government used their backdoor tons of times to gather info and that it would had been impossible to handle manually. Why wouldn't Google, one of the largest US companies, have similar system?All big time communications operations have to worry about this. It sucks but it's the law. The question remains, however, what is that doing in China and if they're doing it for Chinese law, why did the government need to hack their own system set up to serve them?
-
Re:It's not unknown anymore!
It has been known about for a long time, thing has been in place since the mid-1990s. Heck the FBI even runs a site where you can ask them questions about it and produce a newsletter.
What is new is all the technical information and the advanced state the software is in. -
Re:Useful serviceUnder CALEA section 105, if this service is based in the United States, you will have to provide decryption of traffic to and from this service if presented with a court order or other lawful authorization. The FCC contemplates fines of up to $100,000 per day per incident for noncompliance.
Don't say that I didn't warn ya.
-
Re:Amendment IVExactly. As a result CALEA requires that a network provider:
- Perform an intercept as specified in a court order signed by a judge in good standing.
- Not perform an intercept on any other network traffic but that specified.
Section 103 covers the above points. On the subject of how CALEA expects to treat encrypted communications, it also contains the following passage:
A telecommunications carrier shall not be responsible for decrypting, or ensuring the government's ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.
-
Re:Limits on government
Anyone can find the details here. http://www.askcalea.net/calea/http://www.askcalea
. net/calea/ Now I have read through this and there is one really disturbing term. Here is the summary statement. /* Communications Assistance for Law Enforcement Act of 1994 (CALEA) In October 1994, Congress took action to protect public safety and national security by enacting CALEA. The law further defines the existing statutory obligation of telecommunications carriers to assist law enforcement in executing electronic surveillance pursuant to court order or other lawful authorization. CALEA is codified at 47 U.S.C. 1001-1021. */ The verbage "pursuant to court order or other lawful authorization" is all through the law. Now I know what a court order is, and if a federal judge determines you might just be selling Vietnamese slaves on ebay, I got no beef with them checking up on your daily myspace blogs. In other words big brother isn't so bad, if he's kicking your school bully's ass. But what the fuck does lawful authorization mean? In my small amount of knowledge that college didn't destroy, I thought the judicial branch was the only one who could authorize court orderish kind of shit. All I can say to anyone monitoring without a court order is, if you get lawful authorization without a court, then so do the rest of us. "By any means necessary!" -
Frequently misunderstood questionsFrom the askCALEA FAQs:
http://www.askcalea.net/faq_answers/020_faq.htmlFrequently Misunderstood Questions
On March 17, 2004, we published a press release regarding our joint petition.
Q: Does the petition for CALEA rulemaking propose to apply CALEA to all types of online communication, including instant messaging and visits to websites?
A: No. The petition proposes CALEA coverage of only broadband Internet access service and broadband telephony service. Other Internet-based services, including those classified as "information services" such as email and visits to websites, would not be covered.
Q: Does the petition propose extensive retooling of existing broadband networks that could impose significant costs?
A: No. The petition contends that CALEA should apply to certain broadband services but does not address the issue of what technical capabilities those broadband providers should deliver to law enforcement. CALEA already permits those service providers to fashion their own technical standards as they see fit. If law enforcement considers an industry technical standard deficient, it can seek to change the standard only by filing a special "deficiency" petition before the Commission. It is the FCC, not law enforcement, that decides whether any capabilities should be added to the standard. The FCC may refuse to order a change in a standard on many different grounds. For example, a capability may be rejected because it is too costly. Therefore CALEA already contains protections for industry against paying undue compliance costs.
Q: Did law enforcement ask the FCC to curtail its usual review process to implement the petition?
A: No. Law enforcement asked the FCC to give the proposed rulemaking expedited treatment. Such treatment is often requested and granted when urgent matters are brought to the FCC's attention. Some FCC rulemaking proceedings can take years to complete. Law enforcement believes expedited treatment is warranted in this case based on evidence that terrorists, criminals, and/or spies are already exploiting the networks of broadband communication providers to evade lawful electronic surveillance.
Q: Is Law enforcement trying to dictate how the Internet should be engineered to permit whatever level of surveillance law enforcement deems necessary?
A: No. Law enforcement does not seek the power to dictate how the Internet should be engineered or even to decide how broadband communications networks should be engineered. As explained above, CALEA already allocates those decisions to industry and any resulting capability disputes between industry and law enforcement are decided by the FCC. Moreover, the level of surveillance is not an issue raised in the petition, is not within the scope of CALEA, and is not decided by law enforcement. Based on a statute known as "Title III," before a law enforcement agent or officer is permitted to engage in lawful electronic surveillance, he or she must seek an appropriate court order from a judge or magistrate. Only if a judicial order is issued can the lawful surveillance take place, and the level of surveillance is prescribed by the order.
Q: Does the petition ignore the letter or spirit of CALEA's "information services" exemption by seeking to apply CALEA to such services?
A: No. The petition notes that CALEA contains a definition of "telecommunications carrier" that is different from and broader than the definition of that term in the Communications Act, which governs most FCC actions. The petition therefore asks the FCC to decide the scope of CALEA coverage based on the CALEA definition, not the Communications Act definition. As a result, some carriers classified as "information service" providers for purposes of the Communications Act would be simultaneously deemed "telecommunications carriers" for purposes of CALEA.
Q: Would the petition force carriers -
FBI and Lawyers
From the article:
The FCC chief of staff told Educause this wasn't about universities and to go away, but Educause wouldn't let it go and asked the FBI. And of course if you ask the FBI if they'd want cameras in every bedroom of every American citizen, they'd say of course, we could cut down on domestic violence. They woke a sleeping giant. For now, CALEA is a source of angst for IT, but the lawyers are busy.
CALEA = Communications Assistance for Law Enforcement Act, http://www.askcalea.net/
So, they've had to make provisions to allow wiretapping on their VOIP network inside MIT, because some consider them a "telecommunications carrier"? Or, they are fighting it now, hoping they don't need to make provisions.
From the CALEA website:
The objective of CALEA implementation is to preserve law enforcement's ability to conduct lawfully-authorized electronic surveillance while preserving public safety, the public's right to privacy, and the telecommunications industry's competitiveness. -
Re:Worrisome
AT&T is complying (as the article mentions in passing) with the
Communications Assistance for Law Enforcement Act of 1994, which was pushed for by the Clinton Administration in 1994.
http://www.askcalea.net/
and more detailed:
http://web.si.umich.edu/tprc/papers/2004/335/TPRC2 004%20Paper%20html.htm
The Democrats controlled the US Senate and House in 1994 as well as the executive branch. Pay attention to the role of the EFF in supporting the passage of this law over the objections of other privacy advocacy groups like EPIC.
CALEA passed the US Senate on Oct. 7, 1994 by *unanimous* consent. John Kerry has been in the US Senate since 1985. President Clinton signed the bill on October 25, 1994.
AT&T is following the law - time for a class action lawsuit!!
And maybe as a side effect, the real time data capture and semantic analysis of IP-based traffic helps AT&T and other carriers locate and stop the source of massive DDoS attacks.
OMG, the recklessness of George Bush. Impeach! Impeach!
For extra credit, remember the Clipper Chip? The Blue Ribbon Campaign? -
CALEA
Wire taps my ass. Check out: http://www.askcalea.net/
Yes, I have worked for various carriers though out my professional career; everything from RBOC/LECs, CLECs, CAP's, Cellular. The current state of affairs is freakin depressing. The old school method of getting a wire tap is:
1) Get a court order
2) Submit it to a carrier to get a tap
3) Carrier puts on tap and makes all sessions available to authorities.
Ya want to know how it works now.
1) Remote login (law enforcement)
2) Start recording (aka run a few commands)
3) WTF happened to the court order
All companies that make communications equipment have CALEA access built into their equipment. The system is getting freakin abused and no one has a clue that this *hit is going on.
PS: Yeah, I am just a wee bit touch about the situation.
PSS: The telco folks have always done their job; but that wasn't good enough... Direct access is what has been given away.... and that is a load of horse *hit. By the way; CALEA stands for Communications Assistance Law Enforcement Act. -
The story from the other side
The FBI has a whole Web site about CALEA, including details about cost recovery. It looks like they set aside $500M to cover the cost; I guess the money has all been spent by now, so the universities are left with an unfunded mandate.
-
The story from the other side
The FBI has a whole Web site about CALEA, including details about cost recovery. It looks like they set aside $500M to cover the cost; I guess the money has all been spent by now, so the universities are left with an unfunded mandate.
-
CALEA
Hmm. I wonder what will happen if the "VoIP" protocols (SIP and H.323) are suddenly used for much more than only VoIP? If apps like this generate a lot of traffic how will it affect the CALEA and other IP wiretapping efforts? Suddenly the SIP data is just a bunch of garbled white noise. Is it encrypted or is it P2P traffic?
-
Re:I am frightened (oops)None of those tags worked (Use the Preview Button! Check those URLs!):
The civil libertarians realize what none of the tin-foil hat paranoiacs on /. do. This does nothing at all to expand the legal authority of the FBI or anyone else to tap communications. The same laws (and the same amendments to the U.S. Constitution) still make it a serious pain in the a$$ to get a wiretap order. This proposal simply would have the FCC impose standards on the infrastructure so that once the legal hurdles are overcome, technical ones don't halt an investigation.
Obviously, the first step in defending our rights and freedoms is vigilance. Everyone give yourself a pat on the back for vigilance.
The next and essential step is actually identifying the real problem. Here the problem is not that the proposal will "dramatically expand the scope of the agency's wiretap powers," because it can't. First, no law specifically authorizes the FBI's wiretap powers, but the gov'ts. Second, the FCC has NO AUTHORITY WHATSOEVER to define when law enforcement can or cannot tap someone's communications. Third, it it was such a realistic threat, it would have already happened, as such laws and regulations have been implemented in the past.
To protect your rights, you must know your rights and understand the system, so that you know when you're really threatened and how and where to direct your energy. Read before you (continue to) rant:
1. Things like this are already required as explained in this summary of this law (remember CALEA from 1994?)!
2. The authority to wiretap anyone's communication is governed not by the FCC but by this amendment to the Constitution (with informative analysis) and this statute.
This is a threat to your ISP service bill and the quality of the services and software, not your constitutional rights. I don't want to live in a market where all communications products have legally mandated back doors, either. But not because I'm afraid the FBI (or NSA or MS or anyone) will then be able to eavesdrop on everything I do. They lack the resources, the skills, and the authority to do that whether the FCC accepts this proposal or not. -
Re:I am frightened
Not to say it's necessarily a good idea, but contrary to the spin in the article (and here on
/.), this proposal does nothing at all to expand the legal authority of the FBI or anyone else to tap communications. The same laws (and the same amendments to the U.S. Constitution) still make it a serious pain in the a$$ to get a wiretap order. This proposal simply would have the FCC impose standards on the infrastructure so that once the legal hurdles are overcome, technical ones don't halt an investigation. This has been done before without turning the US into a facist state. Obviously, the first step in defending our rights and freedoms is vigilance. Everyone (even C|Net) give yourself a pat on the back for vigilance, even if you've missed the real point and mis-stated the law in alarmist fashion (like C|Net). The next and essential step is actually identifying the real problem. Here the problem is not that the proposal will "dramatically expand the scope of the agency's wiretap powers," because it can't. First, no law specifically authorizes the FBI's wiretap powers, but the gov'ts. Second, the FCC has NO AUTHORITY WHATSOEVER to define when law enforcement can or cannot tap someone's communications. Third, it it was such a realistic threat, it would have already happened, as such laws and regulations have been implemented in the past. To protect our rights, we must know our rights and understand the system, so that we know when we're really threatened and how and where to direct our energy. Read before you (continue to) rant: 1. Things like this are already required as explained in of (remember CALEA from 1994?)! 2. The authority to wiretap anyone's communication is governed not by the FCC but by to the Constitution (with informative analysis) and . This is a threat to your ISP service bill and the quality of the services and software, not your constitutional rights. I don't want to live in a market where all communications products have legally mandated back doors, either. But not because I'm afraid the FBI (or NSA or MS or anyone) will then be able to eavesdrop on everything I do. They lack the resources, the skills, and the authority to do that whether the FCC accepts this proposal or not. -
US CALEA law forces equipment vendors to do thisIn 1994, the US government imposed technical requirements on telecom carriers that automatically became mandatory features on every equipment provider selling to US telecom carriers. Since almost all such equipment is sold worldwide, that means that additional repressive technology is being forced into the hands of all repressive governemnts worldwide. (Including our current administration)
Note that CALEA is about making the technology capable of snooping rather than authorizing that snooping to be done. In the US, it takes further bad legislation like the Patriot act to authorize the snooping. CALEA just makes it (too) easy.
-
Re:Privacy first.
How is it that people post without reading all of the posts in the thread ahead of them.
The Communications Assistance for Law Enforcement Act of 1994 specifically codifies "a telecommunications carrier's duty to cooperate in the interception of communications for Law Enforcement purposes, and for other purposes." The only thing that could save VoIP is the ruling that it doesn't qualify as communications. I mention this all above. -
Re:Can't have it both waysIf you liked "Bill 602P" and the Patriot Act, you'll love this 9th Circuit ruling, too. Why?
It screws you on two fronts: taxes and privacy.
Anything declared a telecom service becomes subject to CALEA. That's the law that makes phone companies open up their network so that the FBI can easily plug in and tap phones at will (with a court order).
And just unlike the bogus 602P email, this one will tax the Internet. All the universal service fees and other taxes that jack up your phone bill will appear on your cable bill, too.
What's the upside? You still have the same cable company providing the wire into your home, providing the same routers and connection. But another company gets to resell the same lines, give you a rebranded web browser, and gets to call it "competition." YEAH! Sign me up for that.
-
It's all about wiretapping
The one reason that the government wants to treat VOIP as a telecom service is wiretapping.
CALEA requires access to telecom services, for just that purpose.
-
Re:The Third Waybesides, the article says that the FBI is going to MONITOR file sharing, meaning they're not gonna do anything to anyone doing legit sharing.
From the article:
The bureau would also develop a warning, with the FBI seal, that copyright holders could issue to suspected violators.
This would result in the FBI giving RIAA (and other industry groups) a nice shiny badge to flash at ISPs. They could also give copyright holders the ability to do proxy calea requests. The excuse for giving RIAA faux law enforcement powers could be that the massive piracy on p2p networks will overwhelm the resources of the FBI, who should be spending their time waging the war on terror.Check out www.askclea.net for details of what calea entails. Industry groups will certainly abuse this kind of access. Plus, do you really want the FBI to become the enforcement arm of the BSA or RIAA? Don't they have better ways to spend tax money?
-
Re:WiretappingThe really fun thing about this means that any router can be told to simply copy every packet in a particular conversation to law enforcement.
That is sort of the point of the Communications Assistance for Law Enforcement Act .
That particular battle was fought and lost 9 years ago.
-
Actual costs of wiretaps.The average cost is over $50K.
That's only part of the cost. Back when Guliani was busting the New York Mafia, they had to pay New York Telephone's retail rates for each wiretap. Their wiretapping bill exceeded $1 million a year, and the New York FBI office wasn't budgeted for it. Much of the pressure for CALEA (the "communications assistance to law enforcement act) came from those days.
Now, law enforcement doesn't have to pay telcos directly. Telcos are authorized to pass wiretapping costs along to their customers. During the "transition period", when wiretapping was being added to the phone system, tax money was paid directly to telcos to install wiretapping gear. Those numbers aren't included in the court figures, but they appear in the CALEA report to Congress.. Between 1997 and 2001, $499 million was spent on adding wiretapping technology to the phone system. Your tax dollars at work.
-
We already have this for phonesCentralized wiretapping is already in place for voice phones. That controversy was lost in 1994, when the Commmunications Assistance to Law Enforcement Act (CALEA) was passed.
Read through the technical specs for CALEA wiretaps. There have been some recent, wierd changes. Wiretap data used to be delivered over leased T1 lines, which at least meant that it was going to some well-defined place. Recently, dial-out wiretapping capability has been added to Nortel and Lucent switches, allowing the delivery of wiretapped calls to any phone.
-
We already have this for phonesCentralized wiretapping is already in place for voice phones. That controversy was lost in 1994, when the Commmunications Assistance to Law Enforcement Act (CALEA) was passed.
Read through the technical specs for CALEA wiretaps. There have been some recent, wierd changes. Wiretap data used to be delivered over leased T1 lines, which at least meant that it was going to some well-defined place. Recently, dial-out wiretapping capability has been added to Nortel and Lucent switches, allowing the delivery of wiretapped calls to any phone.
-
Wake up, people!Hence "Free World" was in quotes.
You are all missing the point. The argument I've presented is exactly that proposed by governments around the world, case in point: Canadian Government's Lawful Access Consultation Document.
That being said, the fact is, whether or not you choose to believe it, that criminals, terrorists, etc etc are using new technologies to communicate and legislation for the new techologies tends to lag behind that for existing and well established technologies such as POTS. Governents know this, and legislation such as CALEA seek to bridge that gap. What we need to be vigilant about is to ensure that mistakes made in existing legislation are not propagated for the new.
We must ensure that civil liberties and human rights are maintained while allowing law enforcement to protect the rights of the people. Retaining logs at the ISP level does not equate with disclosing logs to law enforcement agencies. I don't know what legal hoops LEAs in the UK must jump through to arrange disclosure, but there are legal tests that must take place and judicial involvement to ensure that the rights of the "person of interest" are maintained.
Those of you modding my original comment down, or refusing to mod it up because you don't like what I said despite it being informative (it is, if you don't think that is the stance that government is taking and their publicly stated perspective, then you are fooling yourself), you should check your assumptions and think very hard on whether you are capable of thinking objectively. Information which is distasteful to you can be just as valid and informative as that which coincides with your world view. Think outside the box, try devil's advocacy some time, you might find it opens your mind so you are actually thinking, not just regurgitating what you've been taught.