Slashdot Mirror
Verisign Offers Wiretapping Services
LinuxDeckard writes "According to this article at FindLaw, VeriSign will soon be offering its 'NetDiscovery' wire tapping services for a monthly fee. NetDiscovery will allow Telecoms to comply with court ordered wire taps." Verisign's press release is informative. This appears to be tapping of voice calls rather than internet usage. I assume it would work something like this: telecom company gets a wiretap notification from the FBI or local police; it routes all calls to/from $TARGET through a Verisign switch; Verisign does the tapping and reporting to the tappers. If you think this doesn't affect you, keep in mind that under the PATRIOT Act the barrier for wiretapping is set very low indeed.
s/ISP/\$TELCO/
This is like, so 1984.
When why will they stop trampling on our rights? When the private sector offers wiretapping, then the terrorists have already won.
This is not another carnivore.
... I live in Europe
Let's not give Verisign a hard time - they're just trying to make a buck by filling a need that is currently out there. If you really have a problem with this, you should focus on the politics that allow wire tapping in the first place and then consider taking an active role in government by contacting your Senator or Representative.
You are receiving this message because your browser supports Slashdot Sigs and you have Slashdot Sigs enabled.
Now when they start doing the internet stuff... We are supposed to trust them with our encrypted keys?
..because you're all encrypting your communications, right? You're also all inquiring as to why there isn't more transparent encryption and authentication going on too, right?
Sad I don't want to post this logged in, though.
heh heh. michael used an environment variable.
Just raise the taxes on crack.
Today we outsource wire tapping.Tommorrow we will outsource the analysis of the wiretaps.Then outsource "crime detection and response systems" and mebbe do away with judiciary. Bah!
What is concerning is that this is the same company that does not think twice about either law or morality when it comes to business. Mebbe with companies as liberal as Verisign we will also be able to buy wire tapping services on ebay. ~!nrk
.sig(Anarchy Rules)
I dunno if I can call 900 numbers now that I know that the FBI might be listening!
It is ironic that one of the sleaziest, untrustworthy companies on the internet expects people to buy "trust" in the form of digital certification from them. I suggest people remember that next time they need a certificate and instead turn to one of their competitors.
If any small telco needs to create a secure repository, some will not be as secure as others... and privacy might be more compromised that it should according to the wiretap order (i.e. hackers accessing the wiretapped phone calls...)
OTOH, this is a kind of single point of failure I do not entirely like...
http://www.gnu.org/philosophy/words-to-avoid.html
The Patriot Act? That's great. The terrorists have won. Their purpose was to change our lives so we'd never be back to the way we were. We give them fame and glamour. A Patriot Act is just one more way we have proven how stupid we really are. The only way to beat the terrorists is to not let them phase us. Let's not talk about them, not care about them, and maybe they'll go away. Here we go, let's make some laws to restrict our own people. It's all bullshit.
Why would Verisign get into such an unrelated business as this? They're not a telecom company! If CALEA-compliance is too expensive for the telcos, I can't believe that Verisign is better positioned. This is totally unrelated to their business model!
Of course, this method works EXTREMELY well for us with broadband connections....
I really don't care if they listen in on all my phone calls. For that matter, I don't care if the entire world listens in on all my phone calls.
I can't remember when I last used a phone, but it certainly wasn't any time recently.
Then your blithe attitude is justified in this case, but for the rest of us who use our phones quite often in both our personal and professional lives we don't have the luxury of writing off the concern as a non-issue. Given Verisign's current issues with business ethics over something as non-national-security-related as domain renewal, it is cause for at least a little concern that their restraint would be equally faulty with this venture.
very low indeed
In fact, even without the patriot act, state courts did not deny a single law enforcement request for a wiretap. Not a single one.
--G
...to help U.S. telecommunications carriers comply with wiretapping regulations that have gained more prominence since the attacks of Sept. 11.
I prefer to see them as regulations that were pushed through legislation by taking advantage of public fears after Sept. 11. I'm from NYC and I hear the warnings every week and occassionally still hear military fighters and helicopters fly over my home, but that batch of regulations under the Patriot Act are nothing patriotic. I want terrorists caught just as much as anyone else. Some people had been pushing for more wiretapping freedom for years. They took advantage of our fears to slip these regulations through which give too much power to our government.
Developers: We can use your help.
The only question where the constitution is silent is whether the restriction of rights (in this case privacy) is the lesser of two evils (the other evil being not catching the 'not so law abiding'). Is it? Do we believe it to be so? Is the potential for abuse of power justified? Does the end justify the means?
http://www.gnu.org/philosophy/words-to-avoid.html
One should think that the "professionel" criminals would be smarter than that. One should think that it was only small time dudes that would blabber away on the phone etc.
my sig
You might want to read the blurb a bit closer (or follow a few of the links). It's not "Verizon" but "Verisign"
Verizon is not the same company as Verisign. Two different companies.
Ideally this is good. Wiretaps are a needed part of law-enforcement. You have evidence against a suspect, you go to a judge, show him the evidence and he makes a informed decison on the matter. Wiretaps, traditionally, were pretty hard to get.
The part where this breaks down is the recent Patriot act (damn I hate calling it that), where a FBI agent hands a judge a list of 5,000 names and says "I think that these people might be terrorists, gimme a wiretap."
"Do you have any evidence Mr. FBI agent?"
"What do you care Mr. Judge? US law says you have to let me spy on these people, even if I don't have any tangible evidence. Just don't mind my wife's name hidden in the list."
"Ok, here's your signature." (Thinking to himself: Man I wish my job was more than fulfilling the function of a rubber stamp.)
Without the aforementioned act, this would be semi-good news. With that act, more peoples privacy will now likely be senselessly violated. Oh, well.
That's whay I like to live in a small country and speaking a languange only 2 Million Popole speak - so come on FBI/CIA/NSA tap me, spend millions on translations and listen to all my boring phone calls to my girlfriend...
Now, Correct me if I'm wrong, but does verisign even offer a voice service?
I havent seen a single thing on their site about offering a voice service.
Would this be some sort of insight that their planning on offering some sort of VOIP service?
Or perhaps their just letting big brother listen in on people calling to bitch about why their domain is suddenly under their control. *snicker*
-Una
This is how the Patriot Act is explained if you follow the link: Expanded Surveillance With Reduced Checks and Balances
I wonder how long until Verisign offers this "service" to the business community at large. PI's, security firms, stalkers, and identity thieves will be jumping at the chance to fork over money to them.
Ok, let me get this straight, they plan to route all voice calls from/to $TARGET thru verisign.. There's a lot of different phone / conference apps out there, which all use different ports, and most of the time ports are configurable. Presumably the fbi/cia/nsa/mib do not want their wiretaping so easely defeated, so they would want all trafic routed thru verisign right?
;-)
So if you want to find out if you are being wiretaped, simply do a couple of traceroutes and see if you hit verisigns switches? It beats listening to clicking sounds in the background of the phone conversation i gues
Just replace $TARGET with $VICTIM and then re read the story. *shudder*
your blithe attitude is justified in this case, but for the rest of us who use our phones quite often in both our personal and professional lives we don't have the luxury of writing off the concern as a non-issue.
How does this latest news change anything? Phones are insecure. We've known that they are insecure for years.
If you care about security, you shouldn't be using a phone anyway; if you don't care about security, this doesn't change anything.
Tarsnap: Online backups for the truly paranoid
Your response is 100% in line with the situation.
Verisign, a company which sells secure communications methods is now in the business of wiretapping?
A quick look at their product page shows that they are pretty vested in their SSL, PKI (public key infrastructure) and other privacy products.
Why then would you announce you are working with the Federal(?) government to tap communications. Sure to the stockholders it sounds great, but what about those customers.
Now they are just another notch up on the scale of slimey companies who will do anything for a buck.
Get your Unix fortune now!
The problem stems from the fact that as the government takes more power to look into your lives, what happens when they decide to add some new laws? Perhaps you're not doing anything illegal right now but this erosion of rights can lead to further erosion of rights. Do you have the right to plan your own wedding? (Silly example perhaps but bold enough so you can see my point.) Right now, you do. But if the government can take away the privacy afforded to you in the Constitution, why can't they take away your freedom of marriage? With their omnipresent eye, they'll be able to catch you in the act of marrying, toss you in jail, and ruin your honeymoon. Constant vigilence is needed to make the government better. We can't that the government is trustworthy nor can we assume that having faith in the government not to abuse privileges. To make a further example: I'm sure your fiancee is very attractive but let's suppose that the chief of police notices this. If the Patriot Act and acts like it take away the need for the government to have a reason to spy on you, what's to stop the chief of police from fulfilling his voyueristic fantasies by installing a few bedroom cameras in your house/apartment? You assume the government will only invade the privacy of criminals while I believe that the government, unchecked, will expand the scope of what is criminal and ALSO invade the privacy of non-criminals (just in case).
That is precisly one reason why we need to be scared - and why the huge, convoluted body of law we have in this country needs to be cleaned out and thrown away. When everyone is a criminal, they can prosecute anyone they want. Ever lived in a small town and had a bad personal enmity with one of the cops? Heck, or even a big town? They can make your life miserable, because EVERYONE is a criminal. You probably do at least 5 illegal things every day - more than that if you drive.
That when the Government screws up, its the citizens that get punished for the mistake? I couldn't believe last week that the FBI's solution to its screw up was to give itself new powers so they can make sure that I go to confession before taking a communion. Spying in churches? Is nothing sacred anymore!?!?
Strange women lying in ponds distributing swords is no basis for a system of government.
I cannot help but wonder how usefull the efforts put into this service is going to be over the next 3-5 years during the take-over of the world by broadband and IP telephony. With the dissapointing earnings produced by all the major telco's they are all putting a lot of effort into getting IP telephony going in order to boost sales.
...
...
I must say this whole thing is going to let me think twice about that Verisign Certificate I bought which only I have the private key for
I guess the moment we have our SSL encrypted, fully fledged PKI infrastructure based IP telephony system up and running Verisign will be selling our Private keys to the highest bidder!
Now if you take that into account this is not all that far off the Business Model that Verisign has been following
Maybe they are just one step ahead of the rest of the pack!
There are a number of commercial entities that provide these services, or at the very least turn-key systems that handle the information. Do you really think that law enforcement organizations can build their own from scratch? (Yeah, that's funny...imagine Sipowitz from NYPD Blue debugging!) The thing that made this newsworthy is that instead of some obscure firm that solely does LEO support and that 99.9% of the population has never heard of, it's a well-known company this time.
For your security, this post has been encrypted with ROT-13, twice.
What if someone develops a way to encrypt all voice phone traffic in the US? Something like ssh for audio (I know that ssh is a bad analogy because of man-in-the-middle attacks). If all phone traffic was encrypted then wiretaps on random citizens wouldn't matter. Just like ssh for remote sessions and gpg for email. I understand the value of wiretaps for legitimate law enforcement, but when it evolves into a Big Brother watch-everyone-for-the-sake-of-the-children kind of thing, we have to fight back somehow.
Good explanation of the line which is plotted in this situation. Sure, people who aren't criminals don't have anything to worry about...yet. Perhaps the original poster can help us in speculating what would happen in the case that nobody was a criminal anymore. Do you think the FBI would just shut down? "Our work is done here, folks! You're welcome."
No.
There is a bioscientific concept of "The Red Queen Syndrome" which has been adopted by the cybernetics people and says that as a system evolves far enough to solve its problems, more problems are revealed. In this context, as fewer and fewer people broke the law, more laws would be undoubtedly be deemed necessary. What would US Congress do in a situation of low crime? Your City Council? Making spying on ones constituents easier is not even a slippery slope, it's an increase in the degree of slipperiness.
When I was a kid, we only had one Darth.
How is this "informative"?
Didn't anyone notice that his "quotes" from the Constitution are completely bogus? Anyone with basic working knowledge of it knows that Congress isn't given any powers in Article 3 of the Constitution! That section describes powers given to the judiciary.
The phrase "Anysuch powers as are found Necessary to Provide for the Security of said Lands" doesn't appear anywhere in the Constitution.
Also, there is nothing in the Eighth Amendment about giving up a right to privacy or soverignty. That amendment mentions only cruel and unusual punishment.
It was a good troll, though.
No comment at this time
I can see the banner ads now... get your tap in telecommunications! you can get wiretapping service at the number of your choice, (if it's not taken), free redirect, up to five POP email accounts, and up to four MB of webspace, all for the rock-bottom price of $70 for two years!
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
Don't blame Verisign, they're merely complying with tne new regulations as required.
If you ask me, this wiretapping business is little more than a measure to make us feel safe at the expense of our privacy with little hope of actually capturing terrorists.
Looking back to 9/11, the feds obviously don't have too much trouble getting a hold of our phone conversations. How do you think that all of those cell phone transcripts were made availabe so rapidly, or evan at all? Someone constantly has the record button on, regardless. We've all read in the news about just how close US agents actually were to these guys using only their previously available methods. Now the US agencies are looking for deniability so they blame "limitations" placed on them. The terrorists aren't stupid, and they obviously know better than to speak in more than vague terms when they are in the presence of a possible rat, including unencrypted communications on the internet and on the phone. They're not using this technology to catch anything but small fish.
Personally, I'm not afraid of terrorists. I don't think they could ever launch an attack powerful enough to topple the institution that our belief (if hypocritically administered, looking at foreign policy) in individual rights and freedom stand for. What I am afraid of is our paranoid fear in terrorists destroying those rights that have made the free world great. Once our freedoms are gone, we may as well have let the terrorists kill every one of us. Death would be preferable to 1984.
~Ben
Does anyone have any idea how this would actually work? I've worked in telecom for several years, and in PKI for several years, and I really don't know how this could work from a technical stand.
Anyone have any insight? The press release is mighty vague, as usual.
"Tomorrow's forecast: a few sprinkles of genius with a chance of doom!" - Stewie Griffin
Let's all learn Navajo! After all if the Japanese can't break it during the whole pacific war....
:)
I run the risk of getting hammered here, but I fail to see why this is such a big deal. For years the Feds and other authorities have gotten the wire-taps they needed. Technology progresses and so does their methods.
I have absolutly NOTHING to hide from the feds. They can tap me all they want. They will hear phone sex with the girlfriend, Hey mom & dad how are ya to the parents, and damn did you see that chick in the corner lastnight to my friends...
If it stops some jacka$$ from flying a plane into a building them listening to me talk here and there is a small price to pay.
Razzious Domini
I could be a GREAT KARMA WHORE if I could just shed the few morals I have left.
"Sex" is a keyword? there goes about 80% of the internet's traffic then.
I especially love the name, the Patriot [sic] Act. Bush is using the so-called war on terrorism to justify trampling over civil rights and expand federal powers to a ridiculous amount. The excuse they had their hands tied pre-911 is a load of crap. Look at the recent info about the 2 terrorists they knew were in this country for more than a year, both involved in the 911 act. They had the information, but the CIA/FBI screwed up, and their answer is to give themeselves more power, it's complete bs. What sickens me the most, is the idea questioning the government is unpatriotic. If it were, we'd all be British still. 911 was terrible obviously, but so is stripping away rights, sneaking by new federal powers, and making anyone who says "wait a minute Uncle Sam" seem like a traitor - isn't much better.
'The unexamined life is not worth living' - Socrates
Become informed; read the CALEA standard (TIA/EIA- J-STD-025):
g C: ftp.tiaonline.org/TR-45/TR452/Incoming/EIA-J-STD-0 25.pdf+J-STD-025+pdf&hl=en
http://216.239.35.100/search?q=cache:EOI2S1LqKL
Let's not forget that modem singalling is also able to be intercepted.
Locally we had at least one police department farming out their photo radar to a third-party. In essence, a non-police entity handing out tickets for speeding. It was challenged in court, and several thousand (pending) tickets were thrown out. I don't see much difference between this, and what Verisign is proposing.
Overall, I'm not sure it's a good idea to have private companies assume responsibilities that belong to the government- especially where enforcement is concerned. It's just one more point of failure - if something goes wrong, it makes it that much easier to pass the blame.
Is it just me, or does anyone else think that it would take a real stupid t3rr0rist to conduct business in any way that might be tracked so easily?
It's all about the money. I read somewhere (I forgot where) that the average wire-tap costs about $50,000 a pop, and rarely results in a conviction. For me I feel like this a waste of the goverment's (and by extention my) money.
This kills me that the govt is wasteing my hard earned tax dollars on this crap. Wire taps need to be difficult to get if only because they are too expensive.
I used to have a cool sig, back when I cared
The end always justifies the means for anything that is worth doing. The problem is when the means become a goal in itself...
You need to install an RTFM interface.
So the goverement allows anyone (within limits) to get a wiretap on any unsavory characters. It looks like to me that Al-quada won round 1 where Americans lose all their privacy from the goverment. The intention of Al-Quada was to get Americans so parinoid they use the goverment aginst themselves. 1st rule of terrorism is to use anything you can aginst your enemy--this includes the goverment. They won that round and there is no turning back as long as the pussys keep bending over. So whos going to bend over for round two?
All this BS over some deaths in the lower east side of NYC? Keep in mind that Sep 11th didn't even make a stistical blip in the death rate in NYC since the first major cold of the winter will kill somewhere between 5 to 10 thousand elderly and wtc only has about 900 confirmed about about 1700 maybes. There have been over 3000 investigations and fraud arrest in NYC for WTC death fraud over this. Consider only about 50,000 people could have been in the area at the time. 3 out of 50 is a very high rate for any illegal activity.
This may seem a bit callus but most of the people that have tried to rip me off in the last three years worked in those buildings. I don't have any problem with thouse assholes ending up jobless or even dead. I've got names of 8 jerks that were involed with things like over billing fraud, insurance frand and loan fraud that had addresses as 1 WTC or 2 WTC.
What does bother me is how Americans are bending over and getting screwed in the name of anti-buzworrd of the year. Does anyone remember the concepts that created America? Is histroy that forgotten? Much worse things have happened but can the average American name even one? I suspect not.
Yep. Some of my recent pull overs were for:
Not wearing a seatbelt.
Running a stopsign that was pulled out of the ground.
Having dead taillights coming home after someone stole (brutally yanked) the stereo system out of my car in the parking lot at work, which blew a fuse.
The cop didn't see my temp tag through the window very well.
And I don't even have a bad reputation. Just imagine if I did!
For example, one commonly used feature is "Internet Offload". This replaces ISP modem pools. When you dial up an ISP's "dial-in number", what may actually happen is that the call gets diverted to a unit in your local central office which performs the modem/POP function and forwards the data as IP messages.
The SS7 system has the database that determines when this happens. Every call today goes out to the SS7 network and its databases to determine where it goes. Thus, control of the SS7 network allows calls to be diverted to wiretapping access points.
I'm surprised that the telcos put up with Verisign having a monopoly in this area.
...and amazingly enough, they are even spelled differently!
This is an ex-parrot!
I find it absolutly hilarious that you posted anonymous, because that's the point. It's not that I don't have anything to hide, it's that I would feel uncomfortable if the government started taking notes on everything I talk about privately, so that when my political standing (Libertarian), my religion (Reform Judiasm) or even my hair color (dirty blond) becomes something that people discrimmate against, I am a prime canidate for political/religious/haircolor profiling. And that is damn scary.-Ryan
Ryan Singer
neeeed a con.spir..acy..... Once upon a time there was a system that would systematically screen every machine based communication... Echelon. I wonder if the NSA is outsourcing its aging snooping machine.. ---> http://civilliberty.about.com/library/weekly/aa022 100a.htm
(not completley off topic)
Maybe verisign is leasing a search engine based on Echelon's accumulting database?
(google....teoma....echelon!...perfect!)
Now they can use their popups as blackmail, anyone who closes them without clicking the ad can be labeled as a terrorist...
Just because you can mod me down, doesn't mean you're right. Shoes for industry!
I was gonna use my mod points on this discussion, but what the heck...
A few days after 9/11 happened, do any of you remember how the FBI pieced together much of what transpired aboard the hijacked airplanes just before they crashed? That's right, from recorded cell-phone conversations. We've even heard snippets of those conversations in the mainstream media, haven't we? Consider that the next time you're talking on your wireless phone or using your PDA to send information.
Do you really think that your communications are private now? If you do, you need to wake up and realize that much of your supposed 'privacy' has already fallen by the wayside in this digital age in which we now live.
Personally, I don't like it much. But it's reality. Our energies are much better used watch-dogging our governmental leadership and crime-fighting forces to make sure that they are using the information properly to perform their jobs - and not to abuse our rights. Which speaks directly to your point about being a prime candidate for some type of 'profiling'.
Just my 40% of a nickel...
"Michael, I did nothing. I did absolutely nothing - and it was everything that I thought it could be."
I have been less than satisfied by the difficulty in moving a domain from one host to another, and would much like to move from VeriSign to another registrar. Who did you move to? Can you provide any links that might help me out? Pretty please with sugar on top. And moderators, this is directly related to the article in question.
Don't moderate flamebait as Troll. Know the difference or you will be Meta-moderated.
How did I get modded to being a troll? No flames, no arguments, just questions and a lack of agreement with the way that the idea of privacy being paramount is taken to extremes. Is disagreeing with popular opinion trolling?
cheers,
Andrew
Am I the only one who thinks this is more funny than interesting?
Come one, get it together moderators.
(looking forward to having my karma decimated)
-
I've long wondered about Verisign. Any organization that controls most of the digital certificate and domain name registrations as well as buying up commercial PGP have a little more power than I'm thrilled with, but Verisign has something more... they've managed to land some awesome deals with the US government and have done so seemingly without significant competition. Why?
If I'd suggested yesterday that Verisign was going to get into the wiretapping business, I would likely have been laughed at. Well, it's not a laughing matter any longer. What's next? Ever wonder who else Verisign gives your certificates to?
Bah! Ignore all of that. There's one and only one reason that you should never do business with Verisign. Their customer support is some of the worst in the world, and that's a challenge. Just call them sometime and try to get an HST record removed... you'll know fear, then you will know pain and then you will wish you were dead to badly paraphrase Babylon 5.
Now the government can listen to me telling telemarketers to go fuck themselves.
pr0n - keeping monitor glass spotless since 1981.
Question to those with more expertise on moderating, is the above post a subtle troll or flamebait? Making a buck by filling a need is about what one could say about the sale of drugs.
Not so much that Verisign is acting "wisely", but that the problem should not be dealth with at the Verisign node, and that this is probably wise while the problem has not been dealt with.
As long as US law makes it disturbingly easy for different agencies to get a wiretap on a private citizen, such wiretaps will happen. If said wiretaps happen, it would be nice if only the FBI were listening to your calls and there were no mistakes in the process.
If going wiretap crazy creates a logistics problem for the telcos, and the results of the telcos' messing up is more likely to be more private information flying around (I would think it more probable than cancelling the wiretap), I'd prefer them to outsource the effort to someone with a higher level of commitment to the task.
The telcos' business is not wiretapping. If they screw up, they don't lose business. It would be Verisign's business, however, not to screw up... plus I expect they would be under constant surveillance by the ACLU and similars.
Freedom is the freedom to say 2+2=4, everything else follows...