Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oasis Forms "Lawful Intercept" XML Committee

Posted by Hemos on from the what-the-hobbes-is-that dept.

An anonymous reader writes "Oasis has announced the formation of the Lawful Intercept XML Technical Committee. The announcement refers to it as a "universal global framework for supporting rapid discovery and sharing of suspected criminal and terrorist evidence by law enforcement agencies." It's not really clear if this is supposed to aid in information exchange about suspicious activities/individuals, or 'intercepting' in the sense of eavesdropping, or what exactly."

12 of 96 comments (clear)

  1. XML easedropping by Anonymous Coward · · Score: 1, Interesting

    At first I thought this had to do something with Microsoft's new ISA server's ability to "firewall" XML content...ah, the idea of a server that can spy on service content....hmm, didnt we already have echelon for this??

  2. Re:ISP and Phone Logs... by jodonoghue · · Score: 5, Interesting

    Indeed so. While 'uncool', lawful interception tends to be a prerequisite to deploying many types of technology - for example the GSM mobile system has had a detailed specification for what information can be intercepted, and how this must be achieved, for many years (you can start from GSM 01.33 specification and work your way out...)

    This type of technology can, self-evidently, generate vast quantities of data, and each network equipment vendor currently generates in a different format. It's simply a way to ensure that data which would have been logged anyway is provided to law enforcement agencies in a standardised way.

    Probably true to argue that this will be used for ISP logs etc. but the key point is this: "lawful interception". In the UK, and doubtless most of the 'Western' world, this requires a court order, but in these 'terrorist' domainated days, the criteria which are sufficient to get such an order are becoming ever less stringent "...well, he was a commie as a student, and anyone with a beard like that must be an international terrorist, your honour..."

    The job of the concerned citizen is not to fight the enabling technology, but to ensure, through the democratic process, lobbying and protest as required, that the use by government agencies of these technologies stays within reasonable (whatever that means) grounds.

  3. The KGB and the Stasi (or in Soviet Russia) by hughk · · Score: 4, Interesting
    One of the things that caused problems for the KGB and the Stasi (the state security organisation of the former DDR) was the work involved in processing an intercept. Despite the fact that both regimes were totally fscked, they used legalistic and bureaucratic procedures. The system became limited by the need to approve and process their equivalent of intercept warrants and what to do with the information.

    Neither the KGB nor the STASI had much in the way of computer power to process the information gathered and the legal procedures were manual. What is happening here is that one of the last brakes to quick intercepts is being removed. The bottleneck connected with the approval process made law enforcement types think before ordering an intercept: Do they really need it?

    It will be possible for intercepts to be implemeneted with less controls and far faster than in Soviet Russia).

    --
    See my journal, I write things there
  4. Translation by Badgerman · · Score: 2, Interesting

    "We figure there will be benefits to helping out law enforcement, so it's jumping on the bandwagon time."

    After cutting through the buzzwords and acronyms, thats all I could really get out of this article.

    Now, how long until there are copycat activities claiming better methods, more efficiency? Watch as various security consultants have yet another bag of tricks to bring out to sell their services.

    --
    "The Sage treasures Unity and measures all things by it" - Lao Tzu
  5. It's basically EDI for the Cops by dilute · · Score: 3, Interesting

    What this appears to be is XML so that the authorities can trade information they gather via intercept, much like businesses communicate with each other via XML. I suppose the idea is to get law enforcement people using a common markup convention, to get them all on the same page. Not a bad idea, it seems to me.

  6. oxymoron? by Unfallen · · Score: 3, Interesting

    All my own emphasisising...

    "XML Specification Will Deliver Reliable Authentication and Auditing to Safeguard Privacy and Increase Effectiveness of Lawful Intercepts"

    So they're coming up with a standard to protect your data and make it available? Nice.
    Roll up, roll up, get yer snake oil!

  7. Protecting our Privacy? by Lodragandraoidh · · Score: 2, Interesting

    If you read between the lines, they mention protecting privacy while enhancing the ability to do legal interception...

    Between all the happy-speak this sounds a bit sinister. Could this modification to the XML standard be the software equivalent of the clipper chip?

    --

    Lodragan Draoidh
    The more you explain it, the more I don't understand it. - Mark Twain
  8. A fair chunk is already in use in the Netherlands by dirkx · · Score: 5, Interesting
    See for example www.opentap.org. Since August 2000 internet providers had to comply. The original standard JTS ( Justitiële Tap Standaard) was outdated; the ETSI standard (which oasis does build on) back then does not meet the requiremetns of the netherlands (google 'RapportageTWRT' if you can read dutch); a temporary system was instated for the time being (see SC/28/02/2000; again, in dutch only). What is interesting is that this is a mix between intelligence (which generally does not get to be used (or is usable) in a court against anyone) and the more real information gaterhed by the police authoritys for further criminal actions.

    Dw

  9. Re:More beauracracies and committees by shoppa · · Score: 4, Interesting
    So what the hell does the NSA do?

    Small hint: I work in downtown Washington DC.

    The Federal Government, like most behemoth agencies, is very good at over-reacting to a problem after it is far too late to do anything about it. What amazes me is that the Department of Homeland Security seems to be a much bigger beauracracy than any of the agencies that it is "swallowing", yet it's being built by an administration that sells itself as anti-big-government.

  10. Is anything OASIS does clear? by Anonymous Coward · · Score: 1, Interesting

    I'm sitting here trying to convince myself to use DocBook for my next book and finding it very difficult to justify it as anything other than an intriguing intellectual exercise.
    XML sounds great when you're in the planning stages of a big project, but once you get into the details it seems to make even simple tasks more complex than they need to be. It's tempting to go for it if you're the only one on the project, but a complex project rarely fits that criteria. Trying to keep everyone on the same page when you're working with people who are only going to be doing small parts is tough unless everybody understands the big picture and that in itself becomes a major hurdle.

  11. Correction by uptownguy · · Score: 2, Interesting

    What amazes me is that the Department of Homeland Security seems to be a much bigger beauracracy than any of the agencies that it is "swallowing", yet it's being built by an administration that sells itself as anti-big-government. {Emphasis added by me}

    Correction... it is being built by an administration that sold itself as anti-big-government. See, there was this thing that happened called 9/11 and a lot of people shifted their positions on a lot of things. Its not like this is a big secret and its not like you are going to inspire outrage or shock by pointing out that DHS is big government.

    ...Seriously, I swear half the people on /. have at least a mild case of Asperger's Syndrome.

    --


    I would have to say that explosives are the most abused technology in all of history.
  12. Example: how it is already done in Switzerland by Anonymous Coward · · Score: 1, Interesting

    There is an example for what such a specification might look like. The second pdf document (in English) is especially interesting as it gives some rather technical details of how the surveillence data must be structured (XML) and encrypted (PGP) before sending it to the Swiss authorities.