Slashdot Mirror
Verisign Offers Wiretapping Services
LinuxDeckard writes "According to this article at FindLaw, VeriSign will soon be offering its 'NetDiscovery' wire tapping services for a monthly fee. NetDiscovery will allow Telecoms to comply with court ordered wire taps." Verisign's press release is informative. This appears to be tapping of voice calls rather than internet usage. I assume it would work something like this: telecom company gets a wiretap notification from the FBI or local police; it routes all calls to/from $TARGET through a Verisign switch; Verisign does the tapping and reporting to the tappers. If you think this doesn't affect you, keep in mind that under the PATRIOT Act the barrier for wiretapping is set very low indeed.
This is like, so 1984.
When why will they stop trampling on our rights? When the private sector offers wiretapping, then the terrorists have already won.
This is not another carnivore.
Let's not give Verisign a hard time - they're just trying to make a buck by filling a need that is currently out there. If you really have a problem with this, you should focus on the politics that allow wire tapping in the first place and then consider taking an active role in government by contacting your Senator or Representative.
You are receiving this message because your browser supports Slashdot Sigs and you have Slashdot Sigs enabled.
What if you call your aunt in the US?
heh heh. michael used an environment variable.
Just raise the taxes on crack.
You mean I have a long lost aunt? Cool!
It is ironic that one of the sleaziest, untrustworthy companies on the internet expects people to buy "trust" in the form of digital certification from them. I suggest people remember that next time they need a certificate and instead turn to one of their competitors.
If any small telco needs to create a secure repository, some will not be as secure as others... and privacy might be more compromised that it should according to the wiretap order (i.e. hackers accessing the wiretapped phone calls...)
OTOH, this is a kind of single point of failure I do not entirely like...
http://www.gnu.org/philosophy/words-to-avoid.html
Why would Verisign get into such an unrelated business as this? They're not a telecom company! If CALEA-compliance is too expensive for the telcos, I can't believe that Verisign is better positioned. This is totally unrelated to their business model!
Of course, this method works EXTREMELY well for us with broadband connections....
...to help U.S. telecommunications carriers comply with wiretapping regulations that have gained more prominence since the attacks of Sept. 11.
I prefer to see them as regulations that were pushed through legislation by taking advantage of public fears after Sept. 11. I'm from NYC and I hear the warnings every week and occassionally still hear military fighters and helicopters fly over my home, but that batch of regulations under the Patriot Act are nothing patriotic. I want terrorists caught just as much as anyone else. Some people had been pushing for more wiretapping freedom for years. They took advantage of our fears to slip these regulations through which give too much power to our government.
Developers: We can use your help.
The only question where the constitution is silent is whether the restriction of rights (in this case privacy) is the lesser of two evils (the other evil being not catching the 'not so law abiding'). Is it? Do we believe it to be so? Is the potential for abuse of power justified? Does the end justify the means?
http://www.gnu.org/philosophy/words-to-avoid.html
Ideally this is good. Wiretaps are a needed part of law-enforcement. You have evidence against a suspect, you go to a judge, show him the evidence and he makes a informed decison on the matter. Wiretaps, traditionally, were pretty hard to get.
The part where this breaks down is the recent Patriot act (damn I hate calling it that), where a FBI agent hands a judge a list of 5,000 names and says "I think that these people might be terrorists, gimme a wiretap."
"Do you have any evidence Mr. FBI agent?"
"What do you care Mr. Judge? US law says you have to let me spy on these people, even if I don't have any tangible evidence. Just don't mind my wife's name hidden in the list."
"Ok, here's your signature." (Thinking to himself: Man I wish my job was more than fulfilling the function of a rubber stamp.)
Without the aforementioned act, this would be semi-good news. With that act, more peoples privacy will now likely be senselessly violated. Oh, well.
That's whay I like to live in a small country and speaking a languange only 2 Million Popole speak - so come on FBI/CIA/NSA tap me, spend millions on translations and listen to all my boring phone calls to my girlfriend...
I wonder how long until Verisign offers this "service" to the business community at large. PI's, security firms, stalkers, and identity thieves will be jumping at the chance to fork over money to them.
Ok, let me get this straight, they plan to route all voice calls from/to $TARGET thru verisign.. There's a lot of different phone / conference apps out there, which all use different ports, and most of the time ports are configurable. Presumably the fbi/cia/nsa/mib do not want their wiretaping so easely defeated, so they would want all trafic routed thru verisign right?
;-)
So if you want to find out if you are being wiretaped, simply do a couple of traceroutes and see if you hit verisigns switches? It beats listening to clicking sounds in the background of the phone conversation i gues
Just replace $TARGET with $VICTIM and then re read the story. *shudder*
your blithe attitude is justified in this case, but for the rest of us who use our phones quite often in both our personal and professional lives we don't have the luxury of writing off the concern as a non-issue.
How does this latest news change anything? Phones are insecure. We've known that they are insecure for years.
If you care about security, you shouldn't be using a phone anyway; if you don't care about security, this doesn't change anything.
Tarsnap: Online backups for the truly paranoid
Your response is 100% in line with the situation.
Verisign, a company which sells secure communications methods is now in the business of wiretapping?
A quick look at their product page shows that they are pretty vested in their SSL, PKI (public key infrastructure) and other privacy products.
Why then would you announce you are working with the Federal(?) government to tap communications. Sure to the stockholders it sounds great, but what about those customers.
Now they are just another notch up on the scale of slimey companies who will do anything for a buck.
Get your Unix fortune now!
That is precisly one reason why we need to be scared - and why the huge, convoluted body of law we have in this country needs to be cleaned out and thrown away. When everyone is a criminal, they can prosecute anyone they want. Ever lived in a small town and had a bad personal enmity with one of the cops? Heck, or even a big town? They can make your life miserable, because EVERYONE is a criminal. You probably do at least 5 illegal things every day - more than that if you drive.
Given the quality of work from our current law enforcement personnel, maybe that's not a bad thing.
The problem isn't the personnel per se - most of 'em are hard-working SOBs trying to do their best, but they're are overworked, underpaid, and fettered by layer upon layer of bureaucracy.
We don't have the money (as a society) to hire enough agents or to pay 'em what they're worth. Gubmint jobs have therefore often tended to attract a lower-skilled (or they'd find work elsewhere) and more easily-corrupted (because they need the money) worker.
And it's the Gubmint, after all. These are the folks who raised bureaucracy to an art form. Doesn't matter who's in charge, nothing's gonna get done. Witness the INS fuckups that have been going on for years, but are only now receiving media attention.
Next issue - why won't this (as you fear) spread to outsourcing of the law enforcement task? Well, "what's a cop?" Any citizen can make an arrest - a cop is a guy who happens to do it for a living, and who's been trained in how to do it without (a) getting killed, and (b) getting sued for taking down the wrong guy. He's paid from tax dollars because there's a lot of work involved, and there ain't much money in it, on account of criminals not necessarily having lots of money to sieze. I suppose you could go to a bounty system, but I can't see enforcement being profitable. Who wants to risk getting blown away for the $100 bounty on graffiti taggers?
Back to the issue at hand - by outsourcing data collection to people who actually know something about technology, you increase the probability of getting the data you need. This frees up money to hire better analysts.
Finally, and critically, unlike Gubmint drones, if a Verislime drone fscks up and wiretaps the wrong guy, or (let's outsource everything :) if issues visas to dead hijackers, you can fire his monkey ass and replace him with someone competent.
While I understand your concerns, I think this new approach could ultimately be a win-win for both law enforcement and the public.
There are a number of commercial entities that provide these services, or at the very least turn-key systems that handle the information. Do you really think that law enforcement organizations can build their own from scratch? (Yeah, that's funny...imagine Sipowitz from NYPD Blue debugging!) The thing that made this newsworthy is that instead of some obscure firm that solely does LEO support and that 99.9% of the population has never heard of, it's a well-known company this time.
For your security, this post has been encrypted with ROT-13, twice.
Good explanation of the line which is plotted in this situation. Sure, people who aren't criminals don't have anything to worry about...yet. Perhaps the original poster can help us in speculating what would happen in the case that nobody was a criminal anymore. Do you think the FBI would just shut down? "Our work is done here, folks! You're welcome."
No.
There is a bioscientific concept of "The Red Queen Syndrome" which has been adopted by the cybernetics people and says that as a system evolves far enough to solve its problems, more problems are revealed. In this context, as fewer and fewer people broke the law, more laws would be undoubtedly be deemed necessary. What would US Congress do in a situation of low crime? Your City Council? Making spying on ones constituents easier is not even a slippery slope, it's an increase in the degree of slipperiness.
When I was a kid, we only had one Darth.
How is this "informative"?
Didn't anyone notice that his "quotes" from the Constitution are completely bogus? Anyone with basic working knowledge of it knows that Congress isn't given any powers in Article 3 of the Constitution! That section describes powers given to the judiciary.
The phrase "Anysuch powers as are found Necessary to Provide for the Security of said Lands" doesn't appear anywhere in the Constitution.
Also, there is nothing in the Eighth Amendment about giving up a right to privacy or soverignty. That amendment mentions only cruel and unusual punishment.
It was a good troll, though.
No comment at this time
Don't blame Verisign, they're merely complying with tne new regulations as required.
If you ask me, this wiretapping business is little more than a measure to make us feel safe at the expense of our privacy with little hope of actually capturing terrorists.
Looking back to 9/11, the feds obviously don't have too much trouble getting a hold of our phone conversations. How do you think that all of those cell phone transcripts were made availabe so rapidly, or evan at all? Someone constantly has the record button on, regardless. We've all read in the news about just how close US agents actually were to these guys using only their previously available methods. Now the US agencies are looking for deniability so they blame "limitations" placed on them. The terrorists aren't stupid, and they obviously know better than to speak in more than vague terms when they are in the presence of a possible rat, including unencrypted communications on the internet and on the phone. They're not using this technology to catch anything but small fish.
Personally, I'm not afraid of terrorists. I don't think they could ever launch an attack powerful enough to topple the institution that our belief (if hypocritically administered, looking at foreign policy) in individual rights and freedom stand for. What I am afraid of is our paranoid fear in terrorists destroying those rights that have made the free world great. Once our freedoms are gone, we may as well have let the terrorists kill every one of us. Death would be preferable to 1984.
~Ben
Does anyone have any idea how this would actually work? I've worked in telecom for several years, and in PKI for several years, and I really don't know how this could work from a technical stand.
Anyone have any insight? The press release is mighty vague, as usual.
"Tomorrow's forecast: a few sprinkles of genius with a chance of doom!" - Stewie Griffin
I run the risk of getting hammered here, but I fail to see why this is such a big deal. For years the Feds and other authorities have gotten the wire-taps they needed. Technology progresses and so does their methods.
I have absolutly NOTHING to hide from the feds. They can tap me all they want. They will hear phone sex with the girlfriend, Hey mom & dad how are ya to the parents, and damn did you see that chick in the corner lastnight to my friends...
If it stops some jacka$$ from flying a plane into a building them listening to me talk here and there is a small price to pay.
Razzious Domini
I could be a GREAT KARMA WHORE if I could just shed the few morals I have left.
Locally we had at least one police department farming out their photo radar to a third-party. In essence, a non-police entity handing out tickets for speeding. It was challenged in court, and several thousand (pending) tickets were thrown out. I don't see much difference between this, and what Verisign is proposing.
Overall, I'm not sure it's a good idea to have private companies assume responsibilities that belong to the government- especially where enforcement is concerned. It's just one more point of failure - if something goes wrong, it makes it that much easier to pass the blame.
Is it just me, or does anyone else think that it would take a real stupid t3rr0rist to conduct business in any way that might be tracked so easily?
So the goverement allows anyone (within limits) to get a wiretap on any unsavory characters. It looks like to me that Al-quada won round 1 where Americans lose all their privacy from the goverment. The intention of Al-Quada was to get Americans so parinoid they use the goverment aginst themselves. 1st rule of terrorism is to use anything you can aginst your enemy--this includes the goverment. They won that round and there is no turning back as long as the pussys keep bending over. So whos going to bend over for round two?
All this BS over some deaths in the lower east side of NYC? Keep in mind that Sep 11th didn't even make a stistical blip in the death rate in NYC since the first major cold of the winter will kill somewhere between 5 to 10 thousand elderly and wtc only has about 900 confirmed about about 1700 maybes. There have been over 3000 investigations and fraud arrest in NYC for WTC death fraud over this. Consider only about 50,000 people could have been in the area at the time. 3 out of 50 is a very high rate for any illegal activity.
This may seem a bit callus but most of the people that have tried to rip me off in the last three years worked in those buildings. I don't have any problem with thouse assholes ending up jobless or even dead. I've got names of 8 jerks that were involed with things like over billing fraud, insurance frand and loan fraud that had addresses as 1 WTC or 2 WTC.
What does bother me is how Americans are bending over and getting screwed in the name of anti-buzworrd of the year. Does anyone remember the concepts that created America? Is histroy that forgotten? Much worse things have happened but can the average American name even one? I suspect not.
For example, one commonly used feature is "Internet Offload". This replaces ISP modem pools. When you dial up an ISP's "dial-in number", what may actually happen is that the call gets diverted to a unit in your local central office which performs the modem/POP function and forwards the data as IP messages.
The SS7 system has the database that determines when this happens. Every call today goes out to the SS7 network and its databases to determine where it goes. Thus, control of the SS7 network allows calls to be diverted to wiretapping access points.
I'm surprised that the telcos put up with Verisign having a monopoly in this area.
The economy there goes fine; but, there are other things in life besides the economy. In France, they just don't sacrifice everything else to that one thing.
Now they can use their popups as blackmail, anyone who closes them without clicking the ad can be labeled as a terrorist...
Just because you can mod me down, doesn't mean you're right. Shoes for industry!
I've long wondered about Verisign. Any organization that controls most of the digital certificate and domain name registrations as well as buying up commercial PGP have a little more power than I'm thrilled with, but Verisign has something more... they've managed to land some awesome deals with the US government and have done so seemingly without significant competition. Why?
If I'd suggested yesterday that Verisign was going to get into the wiretapping business, I would likely have been laughed at. Well, it's not a laughing matter any longer. What's next? Ever wonder who else Verisign gives your certificates to?
Bah! Ignore all of that. There's one and only one reason that you should never do business with Verisign. Their customer support is some of the worst in the world, and that's a challenge. Just call them sometime and try to get an HST record removed... you'll know fear, then you will know pain and then you will wish you were dead to badly paraphrase Babylon 5.
Now the government can listen to me telling telemarketers to go fuck themselves.
pr0n - keeping monitor glass spotless since 1981.
Not so much that Verisign is acting "wisely", but that the problem should not be dealth with at the Verisign node, and that this is probably wise while the problem has not been dealt with.
As long as US law makes it disturbingly easy for different agencies to get a wiretap on a private citizen, such wiretaps will happen. If said wiretaps happen, it would be nice if only the FBI were listening to your calls and there were no mistakes in the process.
If going wiretap crazy creates a logistics problem for the telcos, and the results of the telcos' messing up is more likely to be more private information flying around (I would think it more probable than cancelling the wiretap), I'd prefer them to outsource the effort to someone with a higher level of commitment to the task.
The telcos' business is not wiretapping. If they screw up, they don't lose business. It would be Verisign's business, however, not to screw up... plus I expect they would be under constant surveillance by the ACLU and similars.
Freedom is the freedom to say 2+2=4, everything else follows...
How many times do I have to say this? Could you read the rest of the replies to my post and my replies to them before posting and starting a conversation that has already been had? I'm not defending Verisign - I'm just saying that bitching about Verisign on /. will have no effect. Bitching TO Verisign with have slightly more effect but still not much.
Look at the FACTS:
1)the government has passed laws requiring companies to have the ability to wire tap
2)a deadline for having technology in place to do this is approaching
3)there is a legit need for a vendor for this sort of thing as companies MUST comply with federal law
4)Verisign is trying to fill the role of the vendor - if they don't, somebody else will or worse the government will
The effective way to make a difference here is to change the law that is causing you grief in the first place.
I'm a strong advocate of actually having a voice in government rather than bitching and complaining to everyone around you that your world sucks.
You are receiving this message because your browser supports Slashdot Sigs and you have Slashdot Sigs enabled.