Oasis Forms "Lawful Intercept" XML Committee

An anonymous reader writes "Oasis has announced the formation of the Lawful Intercept XML Technical Committee. The announcement refers to it as a "universal global framework for supporting rapid discovery and sharing of suspected criminal and terrorist evidence by law enforcement agencies." It's not really clear if this is supposed to aid in information exchange about suspicious activities/individuals, or 'intercepting' in the sense of eavesdropping, or what exactly."

Gallagher Brothers

[TheVidiot]

I had no idea Liam and Noel were XML literate. THAT'S why you can't understand Noel... he hasn't released his DTD.

What does this mean?

[Big+Mark]

Lawful Intercept XML Technical Committee.

Aha! Your use of non-valid XML is in breach of the DMCA! Your entire possessions are to be seized and you will be shipped off to Guatameno Bay!

-Mark

Re:What does this mean?

[EpsCylonB]

You didn't use the word "fookin" or the phrase "mad fer it", othewrwise I would of modded you up.

ISP and Phone Logs...

[terrencefw]

...is what this is all about. Packaging ISP and cellphone data up into a nice easily-datamined format for law enforcers. Just what your average man in the street wants done with his data.

Re:ISP and Phone Logs...

[jodonoghue]

Indeed so. While 'uncool', lawful interception tends to be a prerequisite to deploying many types of technology - for example the GSM mobile system has had a detailed specification for what information can be intercepted, and how this must be achieved, for many years (you can start from GSM 01.33 specification and work your way out...)

This type of technology can, self-evidently, generate vast quantities of data, and each network equipment vendor currently generates in a different format. It's simply a way to ensure that data which would have been logged anyway is provided to law enforcement agencies in a standardised way.

Probably true to argue that this will be used for ISP logs etc. but the key point is this: "lawful interception". In the UK, and doubtless most of the 'Western' world, this requires a court order, but in these 'terrorist' domainated days, the criteria which are sufficient to get such an order are becoming ever less stringent "...well, he was a commie as a student, and anyone with a beard like that must be an international terrorist, your honour..."

The job of the concerned citizen is not to fight the enabling technology, but to ensure, through the democratic process, lobbying and protest as required, that the use by government agencies of these technologies stays within reasonable (whatever that means) grounds.

Re:ISP and Phone Logs...

[HiThere]

It seems that I've heard of several cases where no court order was obtained. The ISP was merely "requested" to cooperate. Well, it wasn't THEIR data. So they forked it over without compulsion, compunction, notification, or reason demanded.

Now they weren't legally obligated to do this. They could have held out for a warrant. But why should they? So they didn't.

Now one doesn't know how often this happens, as one only hears about it when:
1) It's used in court records
2) It's a slow news day, and
3) Some reporter happens to think it might make a story.

Of course, item 3 makes the whole argument dubious. (I've been at events that were later reported. ... Any similarity between what I saw and what was reported falls within 1 standard deviation of chance. [OK, so I exaggerate. But not that much.]) Still...

I'm sure that most police do the best job they can for the good of the community. Nearly all of the time. And that it's quite dangerous. Spies and wiretappers aren't "most police". And frequently neither are those setting the priorities or legal interpretations. And in most organizations the folk that rise to the top tend to be those that are most interested in rising to the top, not those most interested in doing a good job.

But you're right. There tends to be a requirement to provide a kind of quid-pro-quo to get a favor out of the government. Like approval for a new service. This doesn't mean that it's in the best interest of the citizenry, or even of the government, but the people who run approval processes display their status by exercising control. And this has to look at least halfway reasonable (if only so they aren't ashamed of themselves). And controllers love new fields to be controlled. So I can easily see why they would insist on "lawful intercept". (I might be dubious about it's constitutionality, but I doubt that the courts would be...I'm conservative in that way.)

As to how this will be used...
Cell phones are required to carry GSM transponders. I don't know whether they are live if the power is switched off (I suspect they aren't, as my battery lasts a long time). But this kind of standard format allows real-time tracking of what is already a large fragment of the population, and will probably soon expand to nearly everyone. And if batteries improve, then they'll probably adopt an "always on" approach rather like the latest desktop computers, where the power switch doesn't actually turn the thing off.

"Fight enabling technology"? That's not precisely the problem. We currently have the potential for more technologies than we can imagine. We select which ones we develop. By our choices, we are determining a part of the texture of the future that we will encounter. (And, yes, I do find this one quite dubious.)

Hey kids!

[Nemus]

Come on everybody, grab your Buzzword Bingo cards, and lets play the game!

On the other hand, for those of you, like me, who have just woken up, a translation is provided below:

[translation]"We're gonna, um, do some security stuff, because, uh, security is cool, and uh, terrorism, is like, bad. We don't know what we're going to do yet, though. Or how. Or why. But, ummm......dude this is some good shit *sniiiiiiiifffffff*"[/translation]

Sorry for the sarcasm, but any press release that takes up three pages, and could be summarised into thirty words, deserves to be mocked shamlessly. Mod me down, it needed to be said!!

Re:Hey kids!

[Hellkitten]

Real translation:

Telecoms, ISP-s etc in some countries are required by law to intercept data when the police asks them to (with a warrant). Since the police isn't that bright we'll make a standard format to provide this information in to make it easier for them

The KGB and the Stasi (or in Soviet Russia)

[hughk]

One of the things that caused problems for the KGB and the Stasi (the state security organisation of the former DDR) was the work involved in processing an intercept. Despite the fact that both regimes were totally fscked, they used legalistic and bureaucratic procedures. The system became limited by the need to approve and process their equivalent of intercept warrants and what to do with the information.

Neither the KGB nor the STASI had much in the way of computer power to process the information gathered and the legal procedures were manual. What is happening here is that one of the last brakes to quick intercepts is being removed. The bottleneck connected with the approval process made law enforcement types think before ordering an intercept: Do they really need it?

It will be possible for intercepts to be implemeneted with less controls and far faster than in Soviet Russia).

It's basically EDI for the Cops

[dilute]

What this appears to be is XML so that the authorities can trade information they gather via intercept, much like businesses communicate with each other via XML. I suppose the idea is to get law enforcement people using a common markup convention, to get them all on the same page. Not a bad idea, it seems to me.

oxymoron?

[Unfallen]

All my own emphasisising...

"XML Specification Will Deliver Reliable Authentication and Auditing to Safeguard Privacy and Increase Effectiveness of Lawful Intercepts"

So they're coming up with a standard to protect your data and make it available? Nice.
Roll up, roll up, get yer snake oil!

A fair chunk is already in use in the Netherlands

[dirkx]

See for example www.opentap.org. Since August 2000 internet providers had to comply. The original standard JTS ( Justitiële Tap Standaard) was outdated; the ETSI standard (which oasis does build on) back then does not meet the requiremetns of the netherlands (google 'RapportageTWRT' if you can read dutch); a temporary system was instated for the time being (see SC/28/02/2000; again, in dutch only). What is interesting is that this is a mix between intelligence (which generally does not get to be used (or is usable) in a court against anyone) and the more real information gaterhed by the police authoritys for further criminal actions.

Dw

Re:More beauracracies and committees

[shoppa]

So what the hell does the NSA do?

Small hint: I work in downtown Washington DC.

The Federal Government, like most behemoth agencies, is very good at over-reacting to a problem after it is far too late to do anything about it. What amazes me is that the Department of Homeland Security seems to be a much bigger beauracracy than any of the agencies that it is "swallowing", yet it's being built by an administration that sells itself as anti-big-government.

Lawful Interception only?

[Qzukk]

I suppose there will be a click through agreement:

"I agree not to use this technology to spy on CEOs to determine when to sell my stock. I also agree not to use this technology to spy on my SO, neighbors, or to get juicy blackmail bits on the person who cut me off this morning on the way to work."

Of course, with the FBI's proven track record, they'll just hit I Agree and do it anyway.

Just think... 9/11 could've been prevented

[Aexia]

if the FBI and CIA had the authority to intercept e-mails using the [terrorist] XML tag.

Curse you liberals and your "bill of rights"! How many more people have to die before you let go of your precious "freedoms"?