Domain: opentap.org
Stories and comments across the archive that link to opentap.org.
Comments · 7
-
Re:Pardon my Tinfoil...
ECHELON used to listen in to unencrypted satallite traffic and undersee cables. (Places you can listen without gething cought, it was designed against rusians and their friends remember). The point of the ukusa community is to intercept satallites the usa cant get.
I think it is unlikely that collection systems involved echelon have been extended to listen into more then what CALEA allows (telephone networks with the help of telephone companies). As even doing CALEA richt isn`t easy acording to the general acounting office I doubt it is integrated into echelon... but this is a tinfoil hat thread for a reason.
The thing is connecting sattalite traffic to people is easy, connecting IP traffic on a backbone to people is not that easy. So looking for voip traffic on a few backbone mostly going to outside the USA isn`t gonna do much good if you hava a warrant for a specific persons phone traffic.
The point of these laws is to make sure people cant avoid being listened into by police (with a warrant, easy to get and extend though) or by TLA`s (without anyone knowing, let alone a judge) by using skype or even cheaper VoIP systems. Sofar these systems fall outside CALEA. The goal is not to to tap into a suspects internet traffic just for the internet traffic. The biggest police snooping country in the world is probably the only country in the world that has a dedicated system forced on providers to tap into any IP traffic. Guess? guess again? its the Netherlands with 10.000 telephone taps a year (scoresheet, great round numbers).
Perhaps you are thinking of carnivore. Since "carnivore, the crappy sniffer for screwing up importand investigations without any regard for integrity of evidence or civil liberties" sound bad... Lets call it dcs2000 and solve this problem once and for all.
-
Thats nothing
In the netherlands somewhere in the nineties law was developed forcing isp`s to make their networks tappable. The first plan was based on the idea that this would be just as easy as with previously goverment owned telephone compnies wich always cooparated with police investigations. Internet providers howevery are many *many* small buisnesses that operate on much tighter margins and are owned by an entire diffren kind of people. And the goverment wanted to listen in on all of them. This became a big conflict. The conflict even gave rise to a very small group of people that figured that in order to meet these requirements cheaply, scaleable and securely an opensource implementation of the goverment proposed protocols should be made. The site is still alive and contains a world of information on goverment imposed eavesdropping in all sorts of networks. (read the cyberpunks collection of standards and documentation, Or better yet get the more recent docs for free at etsi.org and the osi sites. Goverment acces is developed into standards nowadays which is ofcourse much cheaper then adding it when networks are up and running. This was demonstrated when german celluar phone users where billed for having their phones listened into
;-). This also includes some information on the biometric/rfid passport ideas that politicians think are a great idea becouse... you know terrorist and stuff, let pump millions in this and get on our way kissing babies and doing TV interviews okey?)Currently, most big providers (I think mostly the ones owned by kpn including XS4ALL???) have machines in their network permanently to sniff traffic when a warrant arrives. This can`t be that hard, people keep saying the netherlands taps more phones then the US but real numbers that are reliable are very hard to come by (dutch link). These machines then tunnel the sniffed traffic to central collection machines. For this the "ITO" is peering with all major isp`s. The dutch internet service provider association has a couple of the sniffing machines provider can borrow if they dont have their own. I havent actually read the current version of these laws but in preivous version webhosters to should sniff traffic when asked to.
Ofcourse noone knows when this network is used, but it is safe to guess that the title of the first internet connection litened in to life by goverment snoops goes to the "hacking at large 2001" event (Lots of tents in a field, big network, lots of visitors and speakers on many topics and a big internet pipe). The then public traffic graph of the ASN of the goverment collection facility spiked really high during the days of that event
;-). I dont recal if it was this event or another one like it where people found out the police claimed to be dealing with "subversive anachist". When people found out about this T-shirts where sold with the text "staatsgevaarlijke anarchist", these where quite populair. OFcourse If this was the event the police was looking at then it would make sense that visitors where called dangerous, there needed to be a reasing for listening in.... what better reason then being anarchist-ish, terrorist-ish or terrorist-ish people releated, with a bit of pirate flavour to finish the mix.Ofcourse, we can all look ahead at another fantastic episode in this series. Unlike other epic sagas (starwars) these episodes get not only bigger but also better and more exciting every time
;-) You see the European union has been buzzing with the idea of mandating the storage of traffic data of not only telephone providers but also internet providers (and hosters?) for years. But a new proposol for this idea has recently been introduced by Britan, France, Ireland and Sweden... Imagene being forced to store terrabytes of logs on 99.999999 -
Re:Go XS4ALL!
Not only where they on of the first public internet providers, they where one of the first to comply with the tapping requirements to. Along with the other kpn owned ips`s.
Ofcourse the reasoning for both those complying and refusing to comply with the tapping legislation where purely financial... but it just goes to show that XS4ALL may run the best forum/opinion paper I know about privacy and social mathers on the net (includes comentary on the "toetjesterrorist", the campina desert extorionist, no laughing mather. The FBI got the name and address out of an american ISP which claimed to never ever give out these details) But they are just as scared as the rest to get in financial trouble like its new owner, the "dutch AT&T" kpn. (as in kpnqwest)
Sure "newszilla" (Bigest usenet server in the world?) is great for those in need for p0rn (as where their peercache experiments) but maintenance could be better (they where running a counter-strike 4.0 server for a year, which got kinda boring after beta 6.0 .... so much for "great game servers") They do have a nice set of mirrors though... Lots of big words from a now big isp, some them (deeplinking, freedom of speech) they live up to, but the godsend for those who care about privacy they are not. -
First spotted at:
I first spotted the concept of XML based digital "warants" to request the real-time tapping of intercepted ip traffic in the dutch ISP tapping debate. Politicians called for what they called "lawfull interception"(a link?). A standard whas proposed, I believe by university students. I can`t find this spec among related documents(great technical site, has various versions of the specs for transporting intercepted traffic from isp`s to central tapping rooms).
This spec proposed the use of xml documents to transfer the acount details of isp clients that police officials wanted tapped to the tapping system instaled at isp`s. The spec didn`t include any technical provisions for digitally signing these warrants (say, by a judge and noone else) as the idea was that the police would bring them to the isp by hand on cd`s. It would make sense if the spec whas worked out not to make it posible for cops without technical experiance to tell the tapping box what to tap, but, to make it easy to send the warrant to the tapping machine by the net nice and automated from a central tapping room like the ones used for telephone tapping. Ofourse the lacking of digital signatures shows the priorities of the original designers of this spec (easy automation, easy implementation for tapping system vendors (isp`s where complaining about the costs) and the use of cool gimicky standards)
The technical debate on how to tap internet users has been going on (although it has died down now isp got the money and the police got their new toy, at least in the Netherlands), but what makes the frequent popping up of XML interesting is the idea that it "smells" like automation, posible lage scale, of the tapping requests. In its self a great idea, less chance to end up tapping the wrong users just becouse a cop couldn`t remeber a dial in username. But it also has a dark side, its a smaller step to tap (a very small one if the tapping box at an isp doesn`t need a signature from a judge just like carnivore), but what if the police cant decrypt the traffic going from a tapped host to another, or if they think an other hoste is probably very suspicious indeed ver likely terrorists material? Well the first host is a very dangerous terrorist anyway, lets tap host-2 TO!, and then when the terrorists is in an encrypted p2p net how do you know what all those other hosts are up to? I know let automate the proces of requesting a tap on the comunication partners of the host we where orginally investigating!
tapping the net is just like tapping phones, now stop complaining and come and help us catch some terrorists, you know you want to, they are *evil* after all!
-
Re:Cost?
THe ISPs will eventually rebel due to cost
They already do -
Wanna know the technical background in detail?
Well just go for the project looking to do an open-source implementation, This project want to build and open and free implementation of the specifications that have leaked from dutch tapping plans. They argue that not every hosting provider wich only has a single server somewhere in a rack will be able to meet the tapping requirements if only comercial solutions where available. The documentation served at opentap.org includes things like leaked specifications of the tunnel used to transmit trafic to law enforcement servers, specifications of a working implementation of the tapping systems including openbsd/mysql/openssl based servers and a pcb design for a optical listening and filtering device by inovative systems delft and specifications and examples of xml based "electronic warrants" (yes they still need warrants in this case).
Why is the dutch situation so interesting? it seams like many european countries could learn a lot of the hassle that the dutch geverment has has gone trough enforcing its tapping ideas. and it also looks like the dutch laws which every isp has to folow will become similar if not the same. -
IMHO, LEA's don't care, judges don't understandFrom my (limited) experience, what I see in court cases that comes from computers is too complex for most judges or even lawyers to grasp. As long as judges can't even rule sensibly about things as hyperlinks and deep linking, I fear that judging whether or not the information can be tampered or manipulated/selected at the LEA's is completely over their heads.
The ETSI standards maturing now (see Opentap) in Europe provide LEA's with encrypted (and signed) information, so the LEA's are pretty sure about the authenticity of the material. The defense could in theory see when information was ommited, since the data sent to the LEA includes a serial number per packet, but the ISP's box has no digital signature of its own, so the LEA can just "create" any information it would want. The ISP isn't allowed to keep copies (or even buffer) the data sent to LEA's.
We'll just have to trust them.
Some more of my comments can be found on Cryptome. I'll be talking about the tapping laws at Hal2001, august 10-12, in the Netherlands.