Cisco Support for Lawful Intercept In IP Networks

cf_33073 writes "Scary stuff for the privacy advocates out there. Your Internet telephone conversations may soon be tapped by the government. Anyone else concerned about these intercepts being hacked? Full text of the RFC Is available (mirror)"

I'm so excited

[phuturephunk]

William Gibson future HERE WE COME!!..

Re:I'm so excited

Say hi to Orwell along the way.

Foreign equipment, anyone?

does this mean that I'll have to start purchasing technology from other countries to keep my own government from snooping on me?

Re:Foreign equipment, anyone?

I always converse using brainf*ck code.

Re:Foreign equipment, anyone?

Interestingly enough, a lot of the bigger players that I've been playing with aren't US (although Cisco sure is), but Israeli.

Welcome to intercept PGPfone

All packets are freely available to the fed. No special intercept equipment required. Decryption may be a different story.

Re:Welcome to intercept PGPfone

[VC]

Crypto is your friend..

Re:Welcome to intercept PGPfone

[ronaldcromwell]

Is Crypto getting secure to the point that we don't have to worry about anyone decrypting our communications? As open-source solutions become more and more viable, will networks like Freenet set the standard in the future for those of us who actually give a rip about privacy? Are we doomed, or is there a light at the end of the tunnel?

Re:Welcome to intercept PGPfone

[Tuxinatorium]

That is a lie. There are no such things as "packets". They are a fabrication of the American news media. These so-called "1"s and "0"s are committing suicide at the logic gates as we speak. Praise be to Allah!

Re:Welcome to intercept PGPfone

However this is nothing compared to the millions and billions of instructions that are executed every second.

Re:Welcome to intercept PGPfone

[a1ok]

I went to the product site and they don't have a Linux version, nor does it appear under active development. Or is there some other version / download link that is more up to date?

Re:Welcome to intercept PGPfone

[1u3hr]

Encryption is useless if your keys are compromised. From the RFC:

* If the information being intercepted is encrypted by the service provider and the service provider has access to the keys, then the information MUST be decrypted before delivery to the LEA or the encryption keys MUST be passed to the Law Enforcement Agency to allow them to decrypt the information.....

* Content Encryption: If the intercept content is encrypted and the service provider has access to the encryption keys (e.g., receives keys in Session Description Protocol for Voice over IP), then the keys can be sent via IRI. It is, however, possible for end-users to exchange keys by some other means without any knowledge of the service provider in which case the service provider will not be able to provide the keys.

Re:Welcome to intercept PGPfone

That's why you encrypt yourself and don't rely on your provider to do it for you. Why would I want to give my ISP my PGP private keyring anyway? :P

Re:Welcome to intercept PGPfone

Packetized voice telephone was invented by ATT and then packaged for the US government in the middle 80's at a company called Advanced Computer Communications. The technology allowed crypto STU-II phones to be installed in the arpanet under support of NSA. These phones allowed secure voice coms at restricted and higly classified sites around the world. All packets could be manipulated, scannned, reprocessed in real time. Voice inflections, timing, wording, phrasing could all be changed. A man speaking at one end of the system could be changed to sound like a young girl at the other. It was demonstrated that content and intent of conversation could be maniuplated and this in the days of 8 bit processors. Packetized phone data is the easiest thing to manipulate.

Re:Welcome to intercept PGPfone

[secolactico]

Crypto is your friend..

Superboy's dog? What's he got to do with this?

... sorry, couldn't resist...

Re:Welcome to intercept PGPfone

[Reziac]

Not a problem. You'll be released from "protective custody" when you cough up the right crypto key!

Re:Welcome to intercept PGPfone

Check out SpeakFreely , Unix and Windows versions available.

Re:Welcome to intercept PGPfone

Mod this one back down...he's throwing things out that don't add up.

I won't say how I know this....but then, I'm posting as an AC, so it wouldn't matter anyway. :)

Re:Welcome to intercept PGPfone

[DaveAtFraud]

A phone converstion using VoIP has the same privacy protections as a phone conversation using rotary dial telephones. Yes, they can be tapped by the government but only if the government has a court order authorizing the tapping. To claim otherwise would be the equivalent of saying something like a phone conversation over fibre-optic lines can be tapped since it isn't really a phone conversation; its just photons. Its still a phone conversation regardless of the technology used to transmit the voice.

BTW, IANAL.

Re:Welcome to intercept PGPfone

Yes, but unfortunately it seems that the session protocol is fundamentally broken just like WEP:

SpeakFreely encrypts the packets in a non chaining mode and uses 0 as the initialization vector for every packet! I bet good money that tapping into an encrypted SpeakFreely connection is even easier than breaking the encryption of a wireless 802.11b network.

Re:Welcome to intercept PGPfone

[kruczkowski]

Have you ever wondered if the crypto realy doen't have a back door?

I mean, how many people out there review the source code and compile there own crypto?

Of those people, how many understand crypto??

Re:Welcome to intercept PGPfone

[einhverfr]

* Content Encryption: If the intercept content is encrypted and the service provider has access to the encryption keys (e.g., receives keys in Session Description Protocol for Voice over IP), then the keys can be sent via IRI. It is, however, possible for end-users to exchange keys by some other means without any knowledge of the service provider in which case the service provider will not be able to provide the keys.


This makes PKI such an interesting tool. Basically with assymetric encryption, I don't *care* whether the public key is compromised (which of course the other guy can have when sending me information, and I have when sending him info), but each party must keep the private key secure. This creates all manner of problems for this sort of architecture and could make encrypted VOIP connections the only reasonably secure form of communication.

Of course, they could outlaw PKI-based technologies, but that creates a hundred other problems (for example the death of SSL). And would YOU trust your bank account information to a bank that could not use assymetric encryption for security?

The funny part is that the economic damage that could be caused by the death of PKI-based encryption may be the only thing that can protect our right to privacy.

Re:Welcome to intercept PGPfone

Um, don't think so.

I refer you to provisions of the Patriot Act passed just last year. Provisions set to expire in 2005, unless Sen. Orin Hatch has his way and gets them extended indefinitely. Allows gov. officals to tap you under suspicion of terrorism, court order or not...

Re:Welcome to intercept PGPfone

[lostchicken]

All it takes is one guy who reads the stuff, and that one guy to post something on slashdot.

Encryption

[StillAnonymous]

Since the connection is digital, it shouldn't be tough to add a layer of encryption onto your conversation. Let 'em monitor scrambled data.

Re:Encryption

[colenski]

Read your Cryptonomicon. Sometimes, knowing that a conversation took place can yield information as well.

Re:Encryption

Well, that would only work if both parties were using the same system (or at least, were both using encryption).

That might be the case with sensitive calls to associates or even close relatives, but the majority of people use good old regular phones.

Would encryption work if only one person was actually using it?

Re:Encryption

Ok, great, so we CAN add a layer of encryption. I'm worried about the NON-security consious public of 199-odd million who will allow their conversations to be monitored. Or who will purchase Clipper encryption devices.
Although, if you have anything to hide and you are stupid enough to be caught, you deserve to be.

Re:Encryption

Huh? What use it that? Drug dealers calling anonymous mobiles from phone-boxes are routinely followed/watched by the police, but given that they don't know who is calling who, what good does it do them?
What makes you think watching an encrypted phone call is going to do any good? Will it prevent terrorists from organising that dastardly deeds? I wouldn't have thought so. I mean, assume you have suspects, and you now know they are talking to each other - what does that tell you?

"I now inform you that you are too far from reality" - http://www.welovetheiraqiinformationminister.com/

Re:Encryption

[jo42]

Use coded conversations, something like "I tell you, there are NO Americans in Baghdad!", which really meant there are Americans in Baghdad and you had better run and hide.

Re:Encryption

[kruczkowski]

Back in WWII, the Germans had an outpost in Norwey (sp?). They sent a message everyday saying "Nothing to report" Of course this was scrambled, but one day they started sending longer messages. Allies knew something was up.

Encrypted VoIP?

[Malakai1911]

While an RFC allowing packet interception is bad, what would keep users from using encrypted means of communicating? Last I checked, encryption is still legal.

Dumbshits!

Laptop + Network tap == happy feds.
Whodafuck needs this garbage?

Long time coming

CALEA (http://www.fcc.gov/calea/) is something that has been in the works for quite some time. Interesting reading if you are a privacy person. Oh, the days of Fiderus.....

I'm not worried

[anon*127.0.0.1]

I'm sure the security experts are much smarter then the hackers.

Re:I'm not worried

Where to hackers fit in here? Its merely a RFC for transparent monitoring. Giving authorities the ability to monitor the transmission as easily (if not easier) as they do the telco-lines.

Re:I'm not worried

[muttoj]

I am. Security experts work only 8 hours a day. Hackers work 20 hours every day.

Concerned? Not in my case

[djupedal]

I'm more concerned over the rash of unauthorized charges on one of my credit cards over the last two weeks...

I'm seeing an unabated string of charges that appear to be 'internet phone' related. $30 here....$50 there.

I had one c'card number discontinued last Dec., over a string of eBay charges I didn't make, and now this. Anything that can help control this kind of abuse is ok by me...at least for now.

Re:Concerned? Not in my case

boo hoo.. if you wern't so fast and furious with your Credit card and actually PROTECTED your card numbers instead of being an online price whore.

Rule#1... paypal... they cant charge you, you have to send cash. yeah some dont like it but I'll never give someone my CC number and they cant "charge me more"

Re:Concerned? Not in my case

Try "Citibank Virtual Account Numbers".

You can create a single use or multi-use virtual credit card number, with any limit on charges you choose.

Re:Concerned? Not in my case

Paying with a credit card is like saying "here's the combination to the lock protecting my money, take what you need, and please don't come for more cuz I only change the number every 5 years".

Have you considered using a more sensible form of payment?

Re:Concerned? Not in my case

[dh003i]

Anyone who would give up essential freedom for a little bit of security deserves neither.

Re:Concerned? Not in my case

[fredistheking]

I had a similar problem with several $9.95 charges appearing on my bill from various national ISPs every month. I am about 95% certain that my number was abused by some random pricewatch vendor. Anyway, upon calling earthlink to cancel the service that I never signed up for, the person on the otherside of the phone line informed me, "I'm sorry I can't cancel your service, your name is not in our database." After alot of trouble and having to refuse to give them my SSN I was able to cancel the service.

Anway, back to my point. I found a solution to this problem, American Express have a service called Private Payments that allows you to get disposable numbers that only work once. Since I have been using this service I haven't had problems with my number being stolen. Also, since American Express allows you to dispute charges without paying for them unless you loose the dispute, I never had to pay any of the $9.95 charges.

Back on topic, as IP telephony becomes more widely used, encryption is going to be a neccessity. When people buy things and give credit card numbers over the Internet conversation, encryption will be the only protection against crackers intercepting the conversation and stealing numbers. When was the last time you ordered anything from a site that wasn't using SSL?

--

Re:Concerned? Not in my case

You'd think with the number of times this is quoted on Slashdot posters would be able to get it right by now.

Re:Concerned? Not in my case

[deke_2503]

Last I checked, Thinkgeek.com doesn't use encryption.... That didn't stop me from buying my super-geeky tshirts though! :-)

Re:Concerned? Not in my case

[badasscat]

Anyone who would give up essential freedom for a little bit of security deserves neither.

The kind of person who would make a statement like this is the kind of person who has never faced death at the hands of another. I and many others have.

The most essential freedom is the freedom to live. The only question is how best to guarantee that most essential freedom of all, without unduly affecting other, less essential freedoms (yes, I'm sorry, but not all freedoms are created equal). Now, sometimes you can't help but lessen some freedoms to guarantee others, as often one person's personal freedom infringes upon another's - it's simply a balancing act, like anything else in life. Should I be free to kill you? Is my freedom to kill you more essential than - or even as essential as - your right to live? I don't think anyone would argue that it is. That's an extreme example but the government - along with every individual in this country and around the world - makes similar choices on a smaller scale (as well as a larger scale) every minute of every day. This is why we have laws to prevent people from doing certain things that they'd otherwise be "free" to do, and this is why we have a police force to enforce those laws.

Security and freedom are not mutually exclusive, and it's naive to think they are. Security is a very important part of being free - without security, there is no freedom. Without our own personal security we'd all be locked in our homes, afraid to go outside. Is that freedom? Most certainly not.

Again, I'm using extremes to prove my point, but there is a lot of middle ground here, and where you draw the line between what's "essential" freedom and what isn't is a lot harder to define than you seem to think it is.

Re:Concerned? Not in my case

[deadsaijinx*]

uhhh. yes they do. Just look at the little lock pad on the bottom of your browser. Hey, look at that, when I go to check out it locks up. Hmmm, so the hack might know that i want to buy a large shirt with the composition of caffeine on it, but my credit card is safe :P

Re:Concerned? Not in my case

[dh003i]

The kind of person who would make a statement like this is the kind of person who has never faced death at the hands of another.

Actually, one of the founding father's said that (I believe Benjamin Franklin). The founding father's obviously faced death at the hands of others (e.g., war for independence), so shut your cakehole.

And I think the point was that security and freedom aren't mutually exclusive. It is only lazy people who hate freedom that want to try to convince you that they are.

Re:Concerned? Not in my case

[jasonditz]

The kind of person who would make a statement like this is the kind of person who has never faced death at the hands of another. I and many others have.

And the kind of person who would reply like that is the kind who has never faced slavery at the hands of another. Or at least never bothered to notice.

Personal security is a very important thing, but likewise it is a very personal thing. When someone else claims the power to provide all your security and all they ask is that you also let them decide what freedoms you should get, that someone has you right where they want you.

The best part is, they can't provide protection against the ones who are the greatest threat to you, because that's themselves.

Re:Concerned? Not in my case

[MsGeek]

Paypal is NOT your friend. It's owned by eBay and they are well-known for their Extremely flexible policy towards allowing those representing themselves as law enforcement to see their records.

Re:Concerned? Not in my case

[AceM2]

What to you really know of our founding fathers?! I'm sure Benjamin Franklin would've been pretty damn pissed off if someone stole his identity and used his CC numbers to buy lots of porn ;(

Re:Concerned? Not in my case

[grantdh]

Hell, I've used my credit card on the 'net, over the phone and in person around Australia, Asia and South America. Never had a problem.

Of course, the fact that my card was almost perpetually over the limit *may* have had something to do with it :)

Re:Concerned? Not in my case

Ben Franklin had something like 30 illegitimate children truly making him one of our founding fathers. He might have been more amused than truly pissed off. On the other hand, he also put chastity as number 12 on a list of 13 things required for Moral Perfection in Poor Richard's Almanac, so maybe he would have been pissed off over using stolen CC numbers to buy porn.

Franklin was one very bright and very complex man. I'm sure that no one alive today knows if he'd have been pissed off or not.

Re:Concerned? Not in my case

[deke_2503]

I know what the little lock pad on the bottom of my browser is for...

I guess they are now. Sorry, I didn't check before I posted. But they weren't last time I bought something from them, which was about a year ago....Kinda ironic I thought, that such a geeky site was so unsecure. :-)

Re:Concerned? Not in my case

ya I see it all the time I work at a major teleco
and you probably have a modem hijacker.

download a program called ad aware and another called spybot search & destroy. Update them and then run them- this will help for some of the major ones. oh and it is free , but you should donate.

Re:Concerned? Not in my case

[Master+of+Transhuman]

- This is why we have laws to prevent people from
- doing certain things that they'd otherwise be
- "free" to do, and this is why we have a police
- force to enforce those laws.

Some people will believe anything...

This is a person with no concept of human history except what he got at the hands of an American public school education...

Go over to the Le Monde site (if you can read French - or find an English translation) and read about the US Marines in Iraq who shot kids and old men with canes to protect their (the Marines) "security". Does your right to "security" give you the right to murder people? Ask that question, moron...

Re:Concerned? Not in my case

[Ageless]

Not to add to the flames too much, but the first time I purchased something from Think Geek was about 4 years ago and they were using SSL then too.

huh?

[mgs1000]

Didn't already support this on their routers sold in China?

Re:huh?

[FredBaker]

no

You are just asking for ...

[webdevcoder]

reasons to not use newer technology, or a mass implementation of encryption ...

Comment removed

[account_deleted]

Comment removed based on user account deletion

Another fine DMCA violation

[Renraku]

Add a layer of encryptation to your packets. The government won't like having to waste extra time decoding your Slashdot traffic, so they'll just make it against the DMCA to encrypt your packets.

Eventually, internet traffic today will be like people traffic. I'm sure if I wore a big cloak and walked down the street, the police would be nervous of 'what I'm hiding under there' and might be so inclined to ask me about it.

While its legal to carry a concealed weapon if you have a licence, most people don't bother. So criminals and police alike can see that people aren't hiding a rocket launcher on their person or trying to move their crate of coccaine.

Re:Another fine DMCA violation

[deadsaijinx*]

In arizona, the you don't need a special license (unless the law has since changed)::::

okay, back on topic, I will go to a Gary Larson cartoon for inspiration. In it, the general sez "but what if we had a war and everbody came?" (hold on, i'll make it relavent) Now, if a great percentage of people used the encryption, and a majority were using it just for privacy (not to hide illegal stuff), then they couldn't possibley monitor everyone, or have reason to be suspicios. After all, if everyone wore a large trench-coat, the cops wouldn't find it out of the ordinary, hence no suspicion. my 2 cents, and nothing more.

Re:Another fine DMCA violation

big deal, get a bunch of people to run a simple app that simply transmits /dev/random when the net connection is idle like a P2P network.

The fed's can watch all they want, but if I flood their watcher with tons of garbage they wont detect the real thing.

Just like stenagraphy. if I embed crap in EVERY picture... the one real one will go unnoticed.

Re:Another fine DMCA violation

[finkployd]

In arizona, the you don't need a special license (unless the law has since changed)

Sure you, in fact to get said license you need 16 hours of instruction (more than most CCW states).
You are thinking of Vermont, where no license is required to carry a concealed weapon.

Finkployd

Re:Another fine DMCA violation

It may be a violation of the PATRIOT act or something like that but it won't be a violation of the DMCA. The DMCA only punishes you for breaking encryption or telling other people how to break encryption or building a device to break encryption.

In fact if the packets you are sending happen to contain material that you hold the copyright for then it would be a DMCA violation for the Feds to break the encryption (unless there is an exemption for law enforcement in the DMCA that I'm forgetting about).

Re:Another fine DMCA violation

[netwiz]

Except that computers _can_ scan all the traffic, and there are IDS systems that can flag transactions that the user doesn't like. Which translates into the gov't looking you up when you discuss stuff _they_ don't want the citizenry talking about.

The next step is to delete the traffic, then park a black van outside your house for two weeks, then to "disappear" you. It already happenned to the guy from Intel. I can't wait for it to happen to me.

Re:Another fine DMCA violation

[grantdh]

I'm sure if I wore a big cloak and walked down the street, the police would be nervous of 'what I'm hiding under there' and might be so inclined to ask me about it.

Most people are scared shitless of asking me what I'm hiding under my cloak/clothes - most have to do a SAN check at the meer thought of seeing me without clothing! :)

Re:Another fine DMCA violation

[mrbuttle]

But, on the other hand, or hip, if your handgun is not concealed no permit is necessary in Arizona.

Re:Another fine DMCA violation

I can't wait for it to happen to me.

We'll be by your place tomorrow. Please be home by 18:30. We get annoyed if we have to wait.

Re:Another fine DMCA violation

[dracocat]

It would be a DMCA violation once you start using any simple encryption algorithm. Only it would be the feds that would be violating the DMCA for breaking your encryption!

Re:Another fine DMCA violation

[CAIMLAS]

Yep, the only people that register their guns/carry concealed with a license are those that are the law abiding citizens.

Thus making a 'concealed weapons permit' completely pointless and self defeating - just like gun registration. It helps nobody but the gov't in controling your life and gathering information on you.

Re:Another fine DMCA violation

[bobbozzo]

Add a layer of encryptation to your packets. The government won't like having to waste extra time decoding your Slashdot traffic

Sorry, Slashdot doesn't support HTTPS, and AFAIK they don't run a VPN for me either. :P

Re:Another fine DMCA violation

[deadsaijinx*]

ahh, thank you, that's what I was thinking about.
One time I was going to the movies, and right next to me there was this guy with a fucking colt. Scary shit.

Re:Another fine DMCA violation

[mobets]

Actualy, in a recent journal CmdrTaco mentioned https for sucribers. In fact, I'm using it now

Re:Another fine DMCA violation

Ever moved a crate of cocaine through a fiber optic cable?

Re:Another fine DMCA violation

[analog_line]

OK, first off, you're an idiot. They can't just make it against the DMCA to encrypt packets. As a matter of fact, the DMCA makes it illegal for the government to mess with your packets (as they could be argued to be copyrightable IP of yours and since you're generating through a technological means designed to keep the contents secret...someone other than the intended reciever decrypting them would be a clear DMCA violation). Actually read the damn laws before you start spouting off like a crackpot, unless you really are one.

Second off, you're an idiot consipracy crazy. The government would have to seperately outlaw encryption in certain cases (which basically means all cases unless you have the money to fight it) to stop me from encrypting packets. And if encryption is the only thing that gets a government's goat enough to snoop, anyone who's ever bought something a t a secure online store is under FBI surveillance. Somehow I doubt it. Now the USA Patriot Act gives the government basically carte blanche to do this, but the scale of monitoring every packet internal and entering/leaving US corporate/citizen networks is staggering. We're a far more wired nation than China is, and they have trouble locking everything down, never mind monitoring it all. I wouldn't be surprised if someone's trying, but there's no way that it's happened yet. Even then, the Patriot Act, and it's god forsaken proposed offspring, Patriot Act II don't outlaw encryption. Get a clue, unless you really are an ignoramus.

And third off, everyone who modded this guy up is an idiot. Feel free to take all the helpful advice I gave this guy and apply it to yourselves as well.

Re:Another fine DMCA violation

OTOH, in most states it is perfectly legal to carry on UNconcealed weapon. Just expect the cops to VERY nervous around you ;)

Re:Another fine DMCA violation

Oh, and I should point out that you really don't want us to get annoyed. Really.

this isn't an rfc

[keithmoore]

it's just a draft by one guy. anybody can submit a draft. it doesn't mean anything in terms of IETF approval. however since it purports it might eventually get published as an Informational document (not a standard).

if you think this is a transparent attempt to get IETF to appear to endorse a heinous activity (as I do) then you might want to write the IESG and/or the RFC Editor (as I intend to) and object to such publication. in order to avoid flooding their normal mailboxes, perhaps someone would like to set up a mailing list?

when governments think they have the right to kill thousands of people with scant justification, the last thing we need is to help them standardize on surveillance technologies.

Re:this isn't an rfc

[adri]

If the IP world standardises on interception technologies then we'll have some idea of how to thwart it.

Bring it on. I know you're doing it anyway. Bring it on, let people see what you're doing, let privacy advocates explain to the general public that yes, major internet equipment supports sniffing their traffic, look here for the standard and bewm! Maybe you'll get some sympathy.

I've tried explaining to lay people (non-technical friends) what can be done with todays technology and they look at me dumbfounded. Track your position by your cell phone? Huge databases to analyse the spending patterns of people? What about communication interception? Heck, I've shown a few friends pictures of the golf balls in the UK and they still refused to accept it. sigh!

Re:this isn't an rfc

[keithmoore]

yep, there's definitely something to be said for making people aware of how governments are spying on them. though not many people read RFCs.

Re:this isn't an rfc

[slarti]

Who care's if it's a draft. Cisco supplies what percent of the Internet's equipment? So they pull a Microsoft and write their own standard. The government would back them up I would think. Now granted they can't force you to upgrade... or can they. Can anyone say IPv6?

Re:this isn't an rfc

[keithmoore]

IPv6 is irrelevant for this discussion. you don't necessarily have to upgrade your router to route IPv6 (especially if it supports MPLS). and if you do decide to upgrade to IPv6 it will be because of customer demand for it and/or the shortage of IPv4 addresses not because of some Cisco conspiracy.

for that matter if you install the hardware and software necessary to support LE surveillance then it won't be because Cisco forced you to do so but because the government forced you to do so. otherwise, you wouldn't spend the extra money.

Re:this isn't an rfc

[Motherfucking+Shit]

if you think this is a transparent attempt to get IETF to appear to endorse a heinous activity

The IETF basically told the FBI to bugger off with regards to working CALEA into standards a long time ago. One lawyer who handles CALEA related cases doesn't seem to think this was a good idea, though;

"The IETF's long-ago refusal to consider this issue was hailed as a civil
liberties victory at the time. In fact, it has had the ironic effect of
making it more likely that wiretap solutions will be proprietary and
designed in quiet consultation with the FBI. Bottom line: the notion that
the Net inherently resists government control is in for a bad decade."

This comes from a letter to Politech last week. That letter, and a few more references re: IETF/CALEA, can be found here.

Re:this isn't an rfc

[adri]

Agreed, but if you can hold up a document, point to it and say "this is now an internet standard, its implemented by these vendors who advertise they run most of the internet" people may notice.

Re:this isn't an rfc

[keithmoore]

well, it won't be a standard - so if someone holds up such a document, they'll be lying. of course, lies aren't exactly a new invention.

Re:this isn't an rfc

That CALEA lawyer, Stu Baker, used to be the NSA's general counsel, and is not known to think ill of interception of communications...

Re:this isn't an rfc

when governments think they have the right to kill thousands of people with scant justification, the last thing we need is to help them standardize on surveillance technologies.

More paranoid tripe. What makes you think you are important enough the government gives a shit about you?

Re:this isn't an rfc

[Jah-Wren+Ryel]

You are entirely correct sir.

He does sound like a real stooge for the anti-privacy, pro-fascist crowd. The dangerous thing about him is that he doesn't seem dumb - he sounds like he has a decent grasp on the current state of technology and he is really good with the word-twisting, see his support for the PATRIOT act and his statement that helping instead of exploiting 3rd world countries won't do a thing to counter terrorism. That we are much better off giving up our liberties instead.

Re:this isn't an rfc

just a draft by one guy??? do you know who fred baker is?

do a google on fred baker ietf and you'll see that he slings a little more weight that your average rfc wanna-be geek.

you can pretty much consider this an RFC.

Re:this isn't an rfc

[ivan256]

In fact, it has had the ironic effect of making it more likely that wiretap solutions will be proprietary and designed in quiet consultation with the FBI. Bottom line: the notion that the Net inherently resists government control is in for a bad decade.

Why did they publish this? Did they read it first? There's an amazing logical leap there. There is absolutly no rational ideas connecting the first sentence with the second one. The guy who rote this is a first class idiot who is good with twisting words.

Not only that, but he's wrong. Were there standardised methods it would be easy for the gonvernment to make circumventing those methods illegal. Since the methods will now be secret it is impossible to outlaw circumvention since it won't be public knowledge that there is something to circumvent.

Re:this isn't an rfc

[chefmonkey]

Ummm... do you know who Keith Moore is? Of course he knows who Fred Baker is.

Keith's point is valid: this is just an i-d. It is not an RFC.

Re:this isn't an rfc

[chefmonkey]

To be fair, this draft is perfectly consistent with RFC 2804. While 2804 said that we are not going to require wiretapping capabilities in the protocols developed in the IETF, it did point to future publication of informational documents about such mechanisms. Specifically:

"...[T]he IETF believes that mechanisms designed to facilitate or enable wiretapping, or methods of using other facilities for such purposes, should be openly described, so as to ensure the maximum review of the mechanisms and ensure that they adhere as closely as possible to their design constraints. The IETF believes that the publication of such mechanisms, and the publication of known weaknesses in such mechanisms, is a Good Thing."

Of course, you are a nominal author of this draft, Keith, so I suspect this is something you already knew. Right?

Re:this isn't an rfc

[chefmonkey]

Typo. s/author of this draft/author of this RFC/

Re:this isn't an rfc

[keithmoore]

Of course, you are a nominal author of this RFC, Keith, so I suspect this is something you already knew. Right?

Frankly I'd forgotten that this was in 2804.

Keith

Re:this isn't an rfc

[FredBaker]

For the record, RFC 2804 doesn't say "we won't do wiretap, wiretap isn't allowed on the net". It says "we will not modify unrelated protocols in order to support wiretap" and gives a set of reasons. That in no sense precludes having a properly designed feature for intercepting IP datagrams, perhaps with clues contributed from other protocols as to what might be relevant to a set of filters.

Re:this isn't an rfc

[chefmonkey]

Yes. That's the exact point I was trying to make.

Why worry about lawful intercept?

[patbob]

Let's see if I have this right.. you broadcast your packets on a public network where you already assume anyone can potentially get access to them, then you worry about what happens when the government steps in and asks to receive a copy of those packets?

Like what, the government isn't already part of "anybody"?

I'm far more worried about entities that are not part of the government getting a copy of my packets. Flawed though their procedures, checks and balances may be, at least the government folks have some. What procedures, checks and balances are on the criminals?

Re:Why worry about lawful intercept?

[WolfWithoutAClause]

Let's see if I have this right.. you broadcast your packets on a public network where you already assume anyone can potentially get access to them, then you worry about what happens when the government steps in and asks to receive a copy of those packets?

Just because they can do it, or even if they do it, doesn't mean that it is necessary lawful for them to do it. It may be considered a form of wiretapping, but it would be for the court to decide; I'm not aware of any case law on this.

Like what, the government isn't already part of "anybody"?

We elect "somebody", not "anybody"; if they start acting like they're anybody, then they're history in the long term in any true democracy.

Re:Why worry about lawful intercept?

[netwiz]

Not really. You don't actually broadcast packets, even at layer 2. In every case, there's a specific destination to the frame. It's like the gov't spying on your mail by opening them all in the post office. And while yes, they can do this, it requires a court order and probably cause to do so (someone back me up, I'm not actually certain of this fact).

As for private entities, packet capture is a time consuming task to perform constantly. I know for a fact that the ISP at which I work moves about a terabyte a day thru the network I maintain. It's not cost-effective (and there's not really any juicy stuff to be garnered), so they (corporations) won't do it.

Plus, the litigious backlash should ISPs start doing this of their own volition would be prohibitively expensive.

Re:Why worry about lawful intercept?

who the fuck said anything about broadcasting anything?

what are you stuck in the 90s?????

since routers and layer 3 capable switches are between me and the destination...the only way to get ALL my outbound packets is to have access to my ISP's routers.

Re:Why worry about lawful intercept?

[Chester+K]

It's like the gov't spying on your mail by opening them all in the post office.

Hardly. If you're not using encryption, it's like the government spying on your mail by reading your postcards.

The network is not to be trusted. This is nothing new. This is a fundamental fact. That's why SSH is preferred over Telnet. If you want privacy, it's up to you, not your ISP, to provide it for yourself.

Re:Why worry about lawful intercept?

[Jordy]

Let's see if I have this right.. you broadcast your packets on a public network where you already assume anyone can potentially get access to them, then you worry about what happens when the government steps in and asks to receive a copy of those packets?

Actually I broadcast my packets on a private network. I didn't realize that the government was running much of the internet backbone infrastructure any longer.

Re:Why worry about lawful intercept?

Unless things have changed with the recent legislative bullshit you are essentially correct. Although I don't remember all of the procedures off the top of my head it requires permission just to get a mail cover (that is, tracking to/from for a person/address), much less get permission to intercept and read mail (Postmaster general authorization).

It is easier to get someone's bank records than to do a simple mail cover. This is because the bank doesn't want to be seen as interfering with the government or an investigation, whereas with the US Postal Service there are long recognized rights and privacy.

Re:Why worry about lawful intercept?

[goliard]

It's like the gov't spying on your mail by opening them all in the post office. And while yes, they can do this, it requires a court order and probably cause to do so (someone back me up, I'm not actually certain of this fact).

Here's your backup. Amendment IV of the Constitution of the USA:

[...]no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Of course, that may not be in force due to the PATRIOT act, which I gather rather extended the circumstances under which wiretaps could be performed.

Re:Why worry about lawful intercept?

[Tom_Yardley]

Little known fact. The king of England instituted the Royal Mail so that he could read anything posted. Private mail was illegal, all letters had to be posted RM. Thus, wax seals on letters.

Encryption .. wont be legal much longer.

[nurb432]

The only way these rules will work is if encryption is taken out of the hands of the public.

Can it be accomplished at this point? I donno, but a first start is calling the use of any un-approved ( i.e. , no governmental backdoor key ) encryption cause for the use to be investigated under the patriot act..

Then it will be made outright illegal, as its placed back on the 'controlled munitions' list.

Re:Encryption .. wont be legal much longer.

[Gothmolly]

You're thinking of the clipper chip, which was already thrown out due to uproar.

Re:Encryption .. wont be legal much longer.

[Scaba]

Then it will be made outright illegal, as its placed back on the 'controlled munitions' list.

Ray Kurzweil also thinks so .

Re:Encryption .. wont be legal much longer.

[Professor+Bluebird]

If one lives in Michigan, than such protection of data is already illegal, and similar laws are coming soon to a state near you. Also, it looks like Cisco is bringing the Great Firewall of Chinaâ to the U.S. That plus DMCA plus new state laws will surely be a threat to freedom as we know it.

Re:Encryption .. wont be legal much longer.

Encryption doesn't need to be completely outlawed to make this effective.

For example, after reading the RFC, I don't think I'll be using a managed VPN provider who could turn over the keys.

Re:Encryption .. wont be legal much longer.

At this rate I give it 2 years before it is illegal to operate an abacus in the US without a lisence.

It's always funny watching a superpower send itself back to the stone age or at least the third world.

Re:Encryption .. wont be legal much longer.

[grantdh]

but a first start is calling the use of any un-approved ( i.e. , no governmental backdoor key ) encryption cause for the use to be investigated under the patriot act..

Great, so we arrange for as many people as possible to encrypt everything they do (yes, I know, some of us are already trying this) using no-backdoor encryption systems. Flood the bastards with too much shit so the "real" stuff gets through under the radar.

Then, if they make it illegal, organise civil disobedience and flood them with offenders. This last bit could take a frak of a lot of effort as most people in the western world are content to be fat, dopey sheep with their "bread & circuses" (cheap food, cigs, booze & sports/reality TV).

Still, like the ol' "Cocaine Couriers" (from Illuminati, no?) - after a while, the cops stop searching the trucks 'cos they're always empty or have nothing naughty in them - that's when you put the cocaine in them :)

Re:Encryption .. wont be legal much longer.

There's a song from a Swedish band that goes "We're not living in America... Whoa!..."

Re:Encryption .. wont be legal much longer.

Kill encryption, you are still left with steganography, which is infinitely harder to trace than encryption alone. Sure, it may be illegal, but then, try to find the evidence!

Re:Encryption .. wont be legal much longer.

[realxmp]

Ironically as controlled munition that would be admiting it's a weapons. And guess what right is protected under the US constitution... (this is debatable cause the silly framers didn't make it clear) Yes it's your lovely right to bear arms. Whether this defense would work is another matter but it's a funny possibility. Especially as John Ashcroft and George W both support the citizen's right to bear arms interpretation.

Re:Encryption .. wont be legal much longer.

[einhverfr]

Then it will be made outright illegal, as its placed back on the 'controlled munitions' list.

I disagree. The economic damage that would occur if people lost confidence in online credit-card transactions, or the HIPAA controls substantially undermined, or half a dozen other problems. The fact is that encryption is very deeply entrenched in the network technologies of today and there is every reason to think that the powerful economic ramifications of outlawing encryption will keep it in our hands.

Thank god for September 11 2001

Don't kid yourself, if September 11 2001 didn't happen, then the current government would have no collective trauma to exploit and introduce all these restrictions of freedom and a total violation of privacy. Only in Nazi, Communist countries do laws say, "well if you got nothing to hide then we can walse into your house uninvited".

Ever since September 11 2001, the hawks and zionists have been laughing in these joyous times. We've seen a complete restriction in our own freedoms, yet they preach to have brought freedom and liberation to Iraq although the place is in total anarchy. Who takes out the garbage, makes the trains run on time, runs the police, fire service, runs the hospitals? Currently nobody and it will be this way for a while.

In case you're wondering if Syria _is next, it is, and then it's the Palestinians and last of all the Osama Bin Laden. This should all have occured in time for the next election, sometime next year. This was expressed in a letter to the president on September 20 2001 by 25 hawks and zionists that have hijacked the whitehouse.


Letter to President Bush

Of course the saddest thing about this letter is that the people who are supposed to be protecting the american people and going after the perpetrators of September 11 seized it as an opportunity to fulfill their personal agendas. This is indeed a slap in the face to the victims and their families and to humanity.

Re:Thank god for September 11 2001

I can't figure out how Kristol was able to write that letter at the same time he was JACKING OFF to the ZIONIST and AMKERIKAN flags!!

Re:Thank god for September 11 2001

[elizalovesmike]

Dude, that's a pretty broad brush you're flourishing there.

Francis Fukuyama, defined first as a Zionist?

Charles Schultz, defined first as a Zionist?

William Bennett, defined first as a Zionist?

These folks, while sharing a desire to get rid of OBL, to annihilate the threat Hussein's regime presented, to crush Hezbollah, are a relatively diverse bunch as those things go. They certainly are not the two-dimensional caricatures you paint them to be.

I agree w/everything they said in their letter (notably absent from which was *any* mention of privacy, the Patriot Act, TIA, etc.).

I.e., what does *any of this* have to do w/the new RFC?

Re:Thank god for September 11 2001

I mentioned "hawks" too. The majority of those people are zionists, some are just hawks, others just signed the letter for whatever reason (surely they don't all have hidden agendas).

Btw, Doug Feith, assistant under-defense secretary to Paul Wolfowitz (parents were holocaust survivors) - lifelong zionist. Henry Kissinger, parents are holocaust survivors (this guy is a war criminal with a nobel peace prize! probably one of the reasons why the US won't sign onto the International Criminal Court). Doesn't it bother you that these guys control the US defence force?

I think this administration is going to end in a big mess, Bush could be the second president to be impeached, and we all remember that guy Poindexter and the shit he got up to with North? This is the most radical administration we've ever seen and it's like they just got the keys to their dad's ferrari. Once they've finished with it and wrapped it around a post someone else is going to pick up the pieces.

Re:Thank god for September 11 2001

Kristol is a chickenhawk, and a zionist. He wrote a book called, "the war in Iraq" even before the war started. He writes in the Weekly Standard that hasn't ever made a profit since it started four years ago. Murdoch has been dumping cash into the Weekly Standard since day one. Most of the Weekly Standard writers are regulars on Fox News, the zionist network for propaganda (another Murdoch channel)

Re:Thank god for September 11 2001

Once they've finished with it and wrapped it around a post someone else is going to pick up the pieces.

That someone else will be the general population of the entire planet.

Re:Thank god for September 11 2001

You bet, it's the people in the middle that always suffer. For eg, Bush wants Saddam out, the people of Iraq suffer and we pay for the cost of the war. Bush drives around a gold plated SUV that runs on 100% light crude oil for the rest of his days.

Unpopular, I know...

[Geekenstein]

But I have to say it. For anyone who isn't a Montana militia, I hate everything law type, this isn't really a bad thing if proper judicial controls are instituted.

We do have an amendment to the constitution that protects against random search and seizure. Frankly, if law enforcement can give enough evidence to an informed judge that the party in question needs to be monitored in connection to a criminal offense, more power to them.

If you really think your geeky attempts at phone sex with some hot level 5,000,000 elf from EverQuest with a +50 con dildo are worth protecting from the evil shadow government, please encrypt!

Oh, and to head off all the "But the PATRIOT Act.." replies I'm sure to get, I firmly believe that its wire tap provisions are too ambiguous and when truly challenged in the Supreme Court, it will be shot down. Amazing how the whole checks and balances thing works, isn't it?

Re:Unpopular, I know...

[BobSutan]

Unless I misread the PATRIOT ACT, its exempt from judical challenge (id The Supreame Court). That's the reason it is only a time limited Act. IIRC it expires in 04 or 05--once that time had passed the PATRIOT Act will be null and void. However, there are congressmen in office right now trying to make it permenant thereby making any "illegal search and seisure" clauses/acts/ammendments moot. All the .gov needs to do is skew your detainment as being terrorist related, which when dealing with the Intarweb or enryption, would be fairly easy to pull off given the current cluelessness of the people running this country.

Re:Unpopular, I know...

[Corydon76]

You misread the Constitution. All laws passed by Congress are reviewable by the judiciary. Congress may pass any law it likes, with any language it wants, but at the end of the day, it can be thrown out by a federal court.

Contrast this to Amendments to the Constitution, which are not reviewable. As history tells us, the Supreme Court would have been happy to have thrown out the provisions of the Eighteenth Amendment (which brought the US into the era of Prohibition), but are constitutionally unable to do so. This is precisely why the Twentyfirst Amendment had to be passed (to repeal Prohibition).

Re:Unpopular, I know...

[Geekenstein]

No, actually the Constitution does not give the judicial branch of government the power of review.

From the Court's website (supremecourtus.gov):

"While the function of judicial review is not explicitly provided in the Constitution, it
had been anticipated before the adoption of that document. Prior to 1789, state courts had
already overturned legislative acts which conflicted with state constitutions. Moreover,
many of the Founding Fathers expected the Supreme Court to assume this role in regard
to the Constitution; Alexander Hamilton and James Madison, for example, had underlined
the importance of judicial review in the Federalist Papers, which urged adoption of the
Constitution."

John Marshall, the first Chief Justice established the precedent of judicial review, and it has since become custom as strong as written law. The court's purpose has always been to interpret and explain the laws of the country, but if they put the kibash on something as unconstitutional, it becomes by decree unenforceable under the law(the court being the embodiment of law in the country).

Class dismissed. :)

Re:Unpopular, I know...

Oh, and to head off all the "But the PATRIOT Act.." replies I'm sure to get, I firmly believe that its wire tap provisions are too ambiguous and when truly challenged in the Supreme Court, it will be shot down. Amazing how the whole checks and balances thing works, isn't it?

This is irrelevant. The rights of U.S. citizens are being violated TODAY. Removing the law in the future will not change what is happening TODAY.

Re:Unpopular, I know...

[danoatvulaw]

See Marbury v. Madison, 5 U.S. 137 (1803) for the full explaination.

Re:Unpopular, I know...

[blibbleblobble]

"this isn't really a bad thing if proper judicial controls are instituted. "

And what are the chances of that? Perhaps in a free country...

Re:Unpopular, I know...

[Snaller]

Oh, and to head off all the "But the PATRIOT Act.." replies I'm sure to get, I firmly believe that its wire tap provisions are too ambiguous and when truly challenged in the Supreme Court, it will be shot down. Amazing how the whole checks and balances thing works, isn't it?


That's what they said in Iraq 25 years ago (Or Germany in the thirties for that matter)

Vonage / Cisco / encryption won't work.

I've got a vonage phone, which uses cisco hardware. (I've seen vonage ads on slashdot, and thought, hmm... they're hip to slashdot, must be good! :-) )

The first question I asked was about encryption, the response was that "any POTS line can be tapped, so it's just as secure". (yea, right..)

I doubt they'll ever support encryption, but I wish they would.

The present age seems really quite spooky, does anyone remember the MacArthy(sp) days? I'm curious to hear if the general atmosphere today is similiar to then.

Re:Vonage / Cisco / encryption won't work.

[wumarkus420]

I've spoken with some upper-level engineers at Vonage. They sell more of Cisco's ATA 186's than ANYONE else. Because of this, they dictate a lot of the hardware and software design/changes in the product to Cisco. You'd be surprised how responsive their upper-level techs are. They are definitely looking for new ideas and ways to improve their service.

More specifically, the tech said that the current hardware in the ATA's is insufficient for doing hardware encryption and that they are looking at a new modification on the ATA CPU to enable just the features you're looking for.

Just wait a bit - they finally got the 911 working, and I expect to see a lot of new things from this company.

Inverse Question

Well, would it be better if unlawful intercepts were supported?

Time to start encrypting

It looks like my fobbit phone conversations need to be send via SSH tunnles now.

Great. nothing like forcing the honest public to start locking innocent conversation to protect them from the government.

i know... all you residents from communist countries are screaming "WELCOME TO OUR WORLD!"

George bush... bringing Marxist Capitolism to America for the good of the people, and the empowerment of the almighty corperation..

Now let us sing a hymn fro mthe enron songbook...

Give up my freedom of speech for ~$300? Sure!

[StupidKatz]

You're just bleeding troll juice, but I'll bite. First, you not responsible for unauthorized activity on your CCs (call company, dispute charge, end of story). Second, if any card numbers were to be "stolen" from you, it is extremely improbable that they were sniffed off the wire; more than likely they were discovered on one of your pieces of litter, i.e. receipts. Third, if you want to give up your right to privacy for negating some petty inconveniences, I promise you that I'll hire you a maid/bodyguard if you let me hook up web cams to watch you everywhere you go as well as strap a GPS transponder on you.

Re:Give up my freedom of speech for ~$300? Sure!

[Fulcrum+of+Evil]

Funny stuff.

First, you not responsible for unauthorized activity on your CCs (call company, dispute charge, end of story).

Royal PITA, especially when it's an ongoing thing.

if you want to give up your right to privacy for negating some petty inconveniences [...]

That's not what he's saying. His problems are more pressing to him than the feds tapping his potential internet phone, that's all.

And the problem is... what exactly?

[Guppy06]

"Your Internet telephone conversations may soon be tapped by the government."

Note the lack of the phrase "without a warrant" in this sentence. The RFC talks about "lawful intercept," which means they'd need a warrant before they're allowed to do it legally.

You don't say "without a warrant." The RFC doesn't say "without a warrant." You think maybe we can save our kneejerk reactions for something more worthy?

Re:And the problem is... what exactly?

[Dagmar+d'Surreal]

I wouldn't call this story a kneejerk reaction...

I'd call it information about a protocol I'll never, ever willingly use. Not a chance.

What I consider rather suspicious about it is that it's been published at all. When you put this together with all the wonderful bills popping up recently that attempt to ban firewalls and VPNs it starts to paint a rather unpleasant picture.

Re:And the problem is... what exactly?

You obvously missed Patriot Act I & Patriot Act II, the next anal violation.

Re:And the problem is... what exactly?

[pair-a-noyd]

The fourth and Fifth ammendments went Buh-bye several years ago, even before 9-11, the rest of the Constitution is not far behind.

Do some research. It's documented fact.
Try starting with Google and Thomas.loc.gov
http://thomas.loc.gov/

Re:And the problem is... what exactly?

[Necron69]

And a warrant means what, exactly, when I or my ISP , or whomever, has the enable password to that pretty Cisco 6509 switch sitting downstream from you? If this feature is implemented, it WILL be used by someone.

- Necron69

Re:And the problem is... what exactly?

[cranos]

The problem is that governments are trying to move to a point where they don't need warrants.

Re:And the problem is... what exactly?

[Evil+Adrian]

I could walk up to your house and tap your phone line and you'd never notice -- why are you bitching about this protocol but not the telephone system? How is this *any* different?

Re:And the problem is... what exactly?

[Guppy06]

"If this feature is implemented, it WILL be used by someone."

And that user is prosecutable under federal (and possibly state, depending on state) wiretap laws, as well as any other laws broken to gain unauthorized access to the Cisco box. Even if the federal government agrees to ignore any violations of wiretap laws used to get information they deem useful, the state may not be so willing to play along. Just ask Linda Tripp.

If you want the wiretap laws to be more harsh, fine. But that's a completely different issue.

Re:And the problem is... what exactly?

[Snaller]

Note the lack of the phrase "without a warrant" in this sentence.

That's implied.

ARG STUPID STUPID MISSED A CLOSE ITALICS!

Potential for DoS?

[d-rock]

Well, I'm less concerned with the interception aspects (just encrypt) than with the potential for abuse. Depending on how it is implemented, this could be a great DoS tool; if someone gets access to a router they could potentially set up large numbers of bogus intercepts for *all* traffic. Not only would this saturate the router's links (cutting out any paths through it), but it could be used as a focused attack on networks.

Derek

Russian link

http://newscentral.da.ru, it's the 4th headline on the right side

Re:Russian link

[dbCooper0]

whussamatta, fukwad? Too much to just include the traditional goatse link?

I piss on yo mamma's underwear.

This is ridiculous. . .

[Fritz+Benwalla]

Of course I'm concerned that they will be hacked. . .Which is why I advocate that the design of these intercepts be standardized and subject to a public RFC process.

*Of course* we need a mechanism for *lawful* intercepts in this society. Some capability to (shall I say it again) *lawfully* monitor bad guys on the Internet is necessary to protect the rest of us, just as it exists in every other medium including human conversation. What I'm much more concerned about is half-wit J. Edgar Hoover wanna-bes who take an ad-hoc approach to collecting information, not giving a dump about collateral damage, and coyly taking an unregulated look at any other network traffic that "just happens" to get caught in their filters.

I suggest that this RFC is just the right way to go about it:

1. Publicly design a logical box that does what we need it to do and no more.
2. Force the authorities to stay inside that box.
3. Hand them their ass if they're caught outside the box.

As for the /. write-up, it's just (increasingly common around here) ill-informed, let's-go-occupy-the-provost's-office hyperbole.

What the privacy movement needs are intellectuals who can process enough complex facts to actually aid in the effort to balance a society that needs to be both free and safe. Automatically shouting "free!" when someone shouts "safe!" or "safe!" when someone shouts "free!" is not a useful debate. It's not even a good start.

-----

It's not *that* bad

[ragingmime]

I did some research on McCarthy a while ago... the atmosphere today isn't nearly as bad as it was in his day. If it was, you'd probably be put on trial before the House Un-American Activities Committee (HUAC) - which was exempt from the requirement of due process - just for talking negatively about monitoring technologies, and your employer would likely fire you. I guess it's true that heightened fear of terrorism since September 11th has made US citizens a little more agreeable to legislation like the Patriot Act... it may not be the greatest situation, but can you blame us?

Re:It's not *that* bad

Actually it depends on where you live. I live in a very conservative state, I never badmouth King George the 2nd or his war for oil because I know that I may lose my job for it. From my viewpoint we are very close to McArthyism. Just look at all the actors/actresses that have been blacklisted because they spoke out against the war.

Privacy Concerns

[Cokelee]

Ahem,

When I am able to have any degree of privacy (short of living in a bomb shelter) would someone please notify me--contact information below.

Roger Hammond
164 Rochester Ln
Tucson, AZ 8546
U.S.A.

Phone:(520)791-4544
Fax: (520)791-4124
Email: rhammond64@excite.com
AIM/MSN/Yahoo!: rhammond64
My Server: rhammond.org

I also post here quite often.

Thank you,
R.E.G. [good thing I didn't tell 'em my middle name]

FEARLESS AND STUPID

Re:Privacy Concerns

[red+hot]

Scary thing is that info matches the Tucson area! (zip, telephone,fax)

Re:Privacy Concerns

[CSG_SurferDude]

Gee, what did Roger do to tick you off so badly? Steal your GF? Win at Couter-Strike? Railgun you?

Re:Privacy Concerns

[Jerk+City+Troll]

Genius... *applause*

And of course, I am sure Mr. Hammond will not mind having his privacy violated. Privacy isn't worth anything, right?

Encryption is futile

[gold928s]

As the feds have mandated that they must have access to the keys and be able to decrypt within 2 hours. The only safe encryption technique is to generate new and truly random private keys at the start of a session and destroy the keys at the end of the session.

I'm thoroughly confused

[Zygote-IC-]

Ok, perhaps I don't trip and fall into this hellish techno-dystopia delusion as easily as a lot of the /. crowd, some of which seem to consider 1984 an orgasmic experience, but even if I did, can someone please tell me how "privacy" has anything to do with "freedom of speech?"
And seeing as how the government can already get wiretaps for your POTS and have used said wiretaps to get organized crime lords and terrorists off the street why shouldn't Inet telephony be held to the same standards?
Can someone explain to me what the diff is here?

Re:I'm thoroughly confused

[Jeremi]

can someone please tell me how "privacy" has anything to do with "freedom of speech?"

Surely there are things that want to say in private conversation that you wouldn't feel free to say if you knew (or suspected) that you were being eavesdropped on?

For example, the Iraqi government used lack of privacy (informers listening everywhere) to deny its citizens freedom of speech (anyone who was overheard saying something bad about Saddam was hauled off to prison).

Re:I'm thoroughly confused

And seeing as how the government can already get wiretaps for your POTS and have used said wiretaps to get organized crime lords and terrorists off the street why shouldn't Inet telephony be held to the same standards? Can someone explain to me what the diff is here?

I was going to say the same thing, but you already said it. This is nothing more than a digital-enabled wiretap. Wiretaps have been legal for a long time, and I haven't heard people complain. How is this any different?

On the other hand, I am very concerned about the government giving themselves increased wiretap privledges. But this RFC apparently has nothing to do with that. It's just talking about a method for doing to digital conversations what is already possible for non-digital ones.

Re:I'm thoroughly confused

[Zygote-IC-]

An interesting take, but I think that puts the responsibility on the response to the speech, not the matter in which in was transmitted or in which it was received. And how is it "free" speech if you never intend anyone to hear it? By the very nature as I understand it "free speech" has to be free. Putting constraints upon it that it's "free" but not for you sort of defeats the principle upon which the idea is based in my opinion.

Re:I'm thoroughly confused

[araemo]

For the most part, I'd agree with you.. however, there has been a tendencies, on both the law enforcement, and private citizen side.. to break the law in 'little ways' because it's so damn EASY.

If this is sufficiently regulated, it shouldn't really be a problem. But people don't like giving up their complete perfect anonymity.

It can be maintained... but most of them are just blowing smoke out of their rears, and won't go to that kind of extreme.. it's not convenient.

Re:I'm thoroughly confused

[Buzz_Litebeer]

I think you miss the point a little, if you think someone will hear it, and report it, and then have it interpereted as sedicious speach, then you might not put your ideas out there.

If someone is constantly keeping track of what you are saying, and what you are sending, you might worry about "everyone" hearing it, and someone taking actions against you. The government is an example of someone you might not want taking action agianst you. When people speak out, often it is to a select audience as well, people who most likely would support their views.

The actual big issue, is people control how they interact with others by how much they allow that other person to know them.

Imagine if you met a girl, and you knew from a quick lookup that she was single, likes doritos, has 2 children and never married.

That kind of thing she probably would not want you to know at all!

Or lets say that people take your information, and do correllations on it. The correllations dont necessarrilly "Have" to be true, the problem is you could be added to a trend group that you do not want to be in.

Lets use a lewed example, lets say that using your credit card your sweetheart goes out and buys any numerous sex toys. Now lets say some group called "friend search" takes this data (which is relatively public or could be construed that way) but then correlates the data to you (since it was your card).

So lets say you are in the same situation as earlier, you are now sans girlfriend (perhaps didnt enjoy her pencheant for sex toys) and the girl does a lookup on you, and finds you like male sex toys... and then doesnt give you a chance because she thinks your gay lol.

Or better yet, you get spammed by sex toy sites that bought your info from the credit card company, trying to entice you to buy more.

Now these are a bit extreme, but imagine everyone just sold the data, or was allowed to track your data without any kind of real strong privacy laws. This could inhibit your freedom of speech in that it could also limit your credibility. Now if you do not beleive credibility affects the impact of what you say in public, just ask Peter Arnette. Now Imaging your at a public rally, or write a web blog, and someone says "hey i got info where e-mails were exchanged from his account, and from credit info that he buys sex toys for himself" and lets say your trying to fight for some religious cause. your credibility would be destroyed because someone had access to info that should have been private for you anyway, but it affects your freedom of speech.

There are much better examples, like how it could "directly" affect speech, but im a bit tired and cant think of anything nearly as witty as buying sex toys.

Re:I'm thoroughly confused

[_Spirit]

Eehm I think you lost the crowd here right about where you said Imagine if you met a girl

Re:I'm thoroughly confused

[Tijger_noot]

There is no difference.

Re:I'm thoroughly confused

[moncyb]

Your sex toys example is good, but there is a much more difficult situation it could put one in.

Let's say your gf buys the toys with your CC. A year later you are walking down the street, and the police pick you up. A woman was raped and murdered two blocks away, and you vaguely fit the description of the guy. The police may use the sexual CC purchase as "evidence" you are a sexual deviant and must have done it. They may even stop looking for the guy who really did it.

Then you go to court. The purchase is used there as "evidence" of "your" crime, and let's say you live in an area heavily influenced by the Taliban or the Christian Coalition, so the jury decides you must have done it.

Allowing the courts to use every purchase you made (or purchase you have appeared to make), and every word you have spoken as "evidence", is a very dangerouse thing. How many of you can really be confident you haven't made any purchases or said anything which, if used as "evidence" in any given trial for any given crime, would make you look guilty?

Yeah, if you bought a 3' LotR sword and a box of Hammerhead condoms the day of the crime, and those same items were used in the crime, then it may be circumstantial evidence linking you to it, but using everything you may have said and bought in your lifetime isn't.

Re:I'm thoroughly confused

[Master+of+Transhuman]

And in the US anybody saying anything bad about Bush has his conversation recorded by the FBI, NSA, et al, so he can be hauled off to prison later. Sometimes, not much later...

The only difference between Saddam and Bush is the timing of your haul off to prison...

plus

[sstory]

I'd hate for the well-established need for law enforcement to be able to tap phones with a warrant to be thwarted by this sort of technical implementation detail.

Note to flamers: I belong to, and contribute to, the ACLU, so weigh in with a little more than "You don't care about keepin gummint off my back..." please.

This isn't an RFC

Please don't confuse RFC with Internet Draft. Anyone can write an Internet Draft. An RFC has gone through the entire IETF process and is approved. This is not an RFC.

The Real Reason(s)

A lot of you are labeling Cisco as the bad guy when in fact they are just trying to cover they're a$$es as well as meet the needs of customers. I work a company deploying FTTH and I am in charge of our VOIP softswitch. There are laws which mandate that any CLEC telephone system (at least where I'm at) must have the ability to wire tap any phone at any time. I believe the fine is $10,000 a day(or week I can't remember off the top of my head) if you do not have this system in place.

Yeah everyone is worried about privacy issues and such. But my $0.02, I really don't care, anyone who would want to watch/listen to me would get bored really quickly.

Re:The Real Reason(s)

[Qrlx]

Fuck your ten thousand dollar a day fine. The phone system pulls down two billion a month*.

Who else gets to hear your conversations?

*Adjusted to pre-JFK-assassination rate of inflation

Re:The Real Reason(s)

Damn... if it pulled in that much money a month everyone in our company would be set for life. I could retire tomorrow or something.... LOL

Re:The Real Reason(s)

[Qrlx]

http://biz.yahoo.com/fin/l/q/q.html

Qwest, my local phone company, has revenues of about five billion per quarter. My original figure isn't that far off.

Usual Slashdot Readership Idiocy

Many of the comments in response to this story demonstrate that the posters have neither read the referenced RFC nor understand the problem it is trying to solve. I'll restate it for the stupid or perpetually lazy among you (i.e. most of you who've responded so far):

Telecommunications companies in many countries must by law provide "assistance to law enforcement" on occasion. Note: in many countries, not just the United States. This assistance has traditionally been in the form of providing call intercept and tracing on voice networks. Some governments in many countries now want to do the same thing for data packets, but moreover, when data networks are used to emulate "traditional" voice services, the existing laws already apply. Just because your ISP's telecom backbone runs over ATM or IP doesn't mean that they're off the hook when it comes to lawful intercept and emergency services (e.g. E911) regulations. When voice is extended to "the edge" in packet form, little changes in that regard.

Now, that said, this RFC proposes an architecture to support tapping data (and any application layer-services that run on it, e.g. voice) in a uniform and scalable manner. Whether you like the idea of tapping or not is immaterial and irrelevant. Service providers must obey the law. If they cannot, they go out of business, or in some cases, never get off the ground. And make no mistake; this RFC is no more about "voice" than any other data service; it describes some of the special problems with enabling the enforcement of existing wiretap laws for packet voice, yet the aim of the RFC is to solve the general problem.

The architecture proposed makes no assumptions about the use of encryption except that no assumptions can be made about the use of encryption; i.e. deliver "tapped" packets to the LEA as packets, not transcoded or decoded into some other format.

Re:Usual Slashdot Readership Idiocy

Come on, it's not called "Call Intercept" anymore, it's "LEGAL intercept". The problem is: who defines legal

Just because it's 'Legal' for a given coutry doesn't mean it won't be abused by that government to spy on it's people (or worse). I work at a telecom equipment company (yea, there is a few of us still employed) and typically the requirement for 'Legal intercept' was about 1% of the traffic... But selling into a certain country required us to determine the traffic level support when 100% of the traffic was being "legally intercept"... yea, that makes me feel good about the countries we are selling this equipment into...

keyword is "legal"

this post smacks of the "wanna be linux zealot" who does more harm than good for OSS and Linux through their mindless prattle.

When you post things like this you turn people off who normally would give an open ear to the need for privacy. So, to police this issue I hereby envoke my right as a civil libertarian who is REALLY interested in privacy to say unto you: SHUT YOUR HOLE! Stop trying to "act conscious" and start thinking about the results of your actions.

I certainly hope that is a joke

your last sentence is of the "if you have are doing nothing wrong, then you have nothing to hide." The key here is the existing checks and balances and thus requiring a warrant. As for arbitrary tapping in on your conversations, well it does not matter who does that they are criminals by doing so. (see previous sentence for exception)

Re:I certainly hope that is a joke

eh? that was just confusing

You aren't worried about tapping? Read on

[jsse]

This is a true story.

My friend make a long distance call to me and at some point he jokingly said he'll "boom my ass". Just that. A moment later he excused himself and got the door only to be greeted by Government agents.

This sounds like a sick /. joke and I could never imagine it'd really happen. My friend was questioned and released but he was very pissed, questioning their ground of tapping, and his civil right. He even thought of file a racial discrimination suit(he's an American Chinese) but I suggested against his decision in view of present situation in US.

We aren't terrorists, scientists, secret agents or anything associated with them, and we've nothing to hide; but you really can't say it's not annoying to be tapped, like that.

Re:You aren't worried about tapping? Read on

Even if this is true, realize that nobody will ever believe you so you need to just shut the fuck up.

Crack

[Adam9]

Mods: Don't do crack. Also, how the hell is this on topic?

Parent: Hi. Chargeback. Now go away.

Who changed the /. Calendar again?

[CSG_SurferDude]

Now I KNOW somebody changed the /. calendar on me. We're only supposed to bash Cisco
ON THE SECOND AND FOURTH THURSDAYS

and this is Wednesday in the U.S., and not even the right week count.

Can somebody please point me to the revised /. Love|Hate calendar so I can get with the program?

Re:Who changed the /. Calendar again?

[stevejsmith]

I think we need to stop this calendar thing regarding the recent AOL situation and what-not before it turns into one of those "in Soviet Russia"-type things. Please understand and just let it go.

Re:Who changed the /. Calendar again?

[CSG_SurferDude]

As long as the runnin gags change every month or two, they're ok. It's part of what makes /. as amusing/interesting as it is.

At least we haven't heard any cracks about "All your base are belong to Ellen Feiss" lately... ;-)

And of course, since this is a meta-conversation, it will be modded down to -1, offtopic, but I can burn the Karma, so who cares.

here's a secret message

[pair-a-noyd]

secret message number 1.
#1. Kiss my ass Big Brother.
#2. Eat Shit and DIE Big Brother.

Encryption. Just do it..

what else is new

The government can already tap phone conversations. Why the hell are you people getting your panties in a bunch now?

No perspective, if its on the net some jack ass thinks it should be free from anonymous. Why should the net be any different.

Get over it.

sure.

[Erris]

... knowing that a conversation took place can yield information as well.

So? run and use an anoymizer. Works the same way for TCP/IP connections, no? If you don't know your host number the packets can't find the host. If your host does not know your IP, the reply can't find it's way back. No need for the data to be voice over IP.

In the imortal works of Khan, "Let them eat static."

Re:sure.

[ConsumedByTV]

I agree with you, but it's hard to contact a party under watch without causing a stir doing that.

Both parties need to be anonymous.

If you read deeper in cryptonomicon you will remember the idea about constant noise being better than burst traffic.

Re:sure.

[einhverfr]

If you read deeper in cryptonomicon you will remember the idea about constant noise being better than burst traffic.

Hence a layered approach using encryption, steganography, and other means.... Or better yet, why not offer products ready made which offer built-in PKI-based encryption with things like keyservers from PGP?

Or better yet-- run an online business-- secure the entire site with SSL. Hide information using steganographic tools in various images. Maybe sell posters of clouds ;-) The hidden data could also be encrypted leading to an encryption/hidden/encrytion layered approach ;-)

Re:sure.

[ConsumedByTV]

The problem with these solutions is that it requires an education.

All the security in the world won't help if people use bad passwords, let people get access to their secret keys, become the victim of man in the middle attacks and so on.

Anything that lacks education behind the security is going to fail from a trivial, well documented exploit.

And once again, layers do not matter if all that matters is a connection. Sometimes it's not important to decrypt the message (but that is a plus), sometimes it's just important to build a network of communication patterns.

This is actually a really big interest of mine as of late and I think that it can be a really big problem/solution to tracking people.

The police (if savvy enough) can tell when people meet and communicate. If they use a bad crypto system then they might also break it.

The citizens can be (mostly) sure they aren't being evesdropped on but they are being tracked.

Key signing patterns are a good example of this, eg: who met who and where.

Then anything outside of key signing parties could be considered something personal.

Patterns are fun.

Anything huh?

[Erris]

Anything that can help control this kind of abuse is ok by me...at least for now.

Don't use credit cards if you don't like what happens when you do. That's OK by me. You giving the feds permision to tap into my phone line without a warrent? Not OK.

Re:Anything huh?

[araemo]

It says "Lawfull" intercept.. that implies they have a warrant.

Yeah.. I know that making it digital just makes abuse of it easier, but stop complaining and go make sure the privacy watchdog groups know about it, and help them make sure there are proper checks in place.

You mean, amazing *if* ...

[Heisenbug]

... the whole checks and balances thing works. When the Supreme Court does strike it down, I'll be amazed right along with you.

Re:You mean, amazing *if* ...

[poot_rootbeer]

I'm alreadyt amazed that a couple of Slashdotters know whether the PATRIOT Act is unconstitutional better than the men and women who wrote it.

privacy advocates?

[binarybum]

This isn't necessarily scary for the privacy advocates. It's just another battle, and not a surprising decision based on recent trends.
The people that should really be scared are those that use this technology, privacy advocate or not.

little brain.

[Erris]

Like what, the government isn't already part of "anybody"?

Nope, they are not. You have authorized the govenment to do certian things with the tax monies you give them willingly. It will be a sorry day when you authorize the government to spend money on equpment and manpower required to listen in on that public network. What do you want your govenment to do for you? Listen to your kid sister whine about NStink? I like that people go to jail for wiretaps and consider that a reasonable check on that kind of activity.

That's you guys.

Detection by the Intercept Subject: One of the key requirements is to ensure that the intercept subject is unable to detect that they are being intercepted. This document assumes a sophisticated subject:

- Able to check IP addresses, use traceroute, etc.
- Able to check if any unusual signaling is occurring on their customer premises equipment (CPE).
- Able to detect degradation or interruptions in service.

Welcome to the U.S.A.!!!

[Lord_Sy]

Welcome to the U.S.A.
The Country of Freedom!
Where the Government (a "very democratic" one, for sure) has the right to spy on it's citizens.

Uhm... where's the news?

What is so scary about this?

[lethargic]

First off, I wish the author/poster had pointed out that this is a _draft_ and that it has not been published.

Anyways, what is so scary about this? Any ISP between any two hosts that are transmitting packets to one another could intercept those packets, and they always could.

I'm sure you all know that what is being described could probably be accomplished by a *nix box running tcpdump if it receives copies of all the packets. However, I don't think very much high-end telco/ISP equipment was really designed to duplicate packets to someone other than the intended recipient. I guess cisco intends on adding this feature in to some switching equipment, so they've been doing their research.

I think the point of this draft is an in-depth explanation as to what the Lawful Intercept requirement really means on a technical level.

I just don't see this thing as such a big deal after reading the document and really thinking about it. How the hell did this article even get posted?

Re:What is so scary about this?

[pavera]

because the editors don't actually read the articles, they just look for the most inflamatory headlines they can find (just like any good editor) and post those...

Re:What is so scary about this?

[joejoejoejoe]

However, I don't think very much high-end telco/ISP equipment was really designed to duplicate packets to someone other than the intended recipient

I'm not much of a network guy, but in cisco lingo it is called "port span" which will echo the packet set to or from a port TO ANOTHER PORT. Just hook up a sniffer to the "spanned" port and you can listen to all the packets.

ISPs do this for their _secret_ monitoring / gov't-email-spying stuff. ISPs do it to find why they are having a network problem by monitoring the packets on a switched network without putting a hub in the middle.

If you do the span thing on a switch port that has a router on the other end you can see all packets leaving/entering the router.

Granted this captures a LOT of traffic, but if the monitoring box just drops stuff it doesnt want, the load is lighter (filters).

Here is a cisco doc on the topic:

Switched Port Analyzer (SPAN) feature

teleban.

Well, perhaps this RFC was written by the teleban.

(Sorry, had to be said...) :-)

Tracking packets

[Hamster+Of+Death]

This should be easy to implement, just track the evil bits and you'll have access to all the information on the bad guys.

LAWFUL INTERCEPT?

[Elpacoloco]

That's an oxymoron. (Contradiction in terms, guys!)

This needs the same protection as any phone convo.
(Fortunately, getting encryption should be much easier.)

The good and bad of this post...

[El+Camino+SS]

The good news is that everyone thinks you're post was witty and stylish...

Now the bad news...

You're about to get 5000 catalogs in the mail.

Homeland Security

[dbCooper0]

What strikes me as odd (after briskly scanning through the RFC) is at the end of page 3:

Because of the requirement to limit accessibility to authorized personnel, as well as the requirement that LEA's not know about each other, this interface must be strictly controlled.

Isn't the Homeland Security Administration supposed to coordinate knowledge between (L)aw (E)nforcement (A)gencies?

WTF?

What's the problem?

[birdman666]

If it's lawful and legal, then it must obviously be right, right?

Re:Who changed the /. Calendar again?- I cant wait

[ainsoph]

....For tonight.. When I sleep like a baby, resting assured that you got modded down for being an idiot.

I've been preparing for this

[fobbman]

I speak ROT13 fluently.

Re:I've been preparing for this

[MoOsEb0y]

Lrf, ohg jung ynathntr ner lbh rapbqvat va ebg13?

What about international calls?

[d3am0n]

I go online and chat pretty often, as a Canadian I used to use dial.com before it became a paid service (is it even in existance anymore?) to call my friends in the states and chit chat...So is the american government going to listen to the things I say privatly to friends of mine in the states?

Re:What about international calls?

[swordgeek]

In a word, yep.

The US government has been at the forefront of wiretaps for decades. They've pushed hard to get international wiretaps made easier. Now with the Patriot (hah!) act, they have the legal right to monitor ANYTHING that enters their country with fairly minor suspicion.

So yes they are, and they already have been.

And in the meantime....

[lysium]

...countless lives get ruined while the wheels of justice turn, slow year by slow year. But since Order, and not Chaos, causes the harm, it is quite alright! We kill civilians to make the world a better place -- it's for progress, it wasn't intentional, so it's not criminal!

If you really think your geeky attempts at phone sex with some hot level 5,000,000 elf from EverQuest with a +50 con dildo are worth protecting from the evil shadow government, please encrypt!
As amusing as your example may be, repeat it to someone documenting the atrocities of tyrants (ahem -- ironic), and they might not smile.

Checks and balances work until someone starts fooling with the calibration. For example : Just what sort of military action requires explicit Congressional authorization these days -- full scale Soviet invasion? Where in the Constitution (and related documents) does it mention the Judicary acting as the sole moral and ethical arbiter of the land? Your faith in a few politically-appointed men and women is quite honest, but very, very dangerous.

----------

WAKE UP

more then one card means they stole your wallet (ever lose it?)

or much much worse.

IDENTITY THEFT!

I'd start doing some serious investigating.

Sybase markets USA PATRIOT Act transaction scanner

[nate.sammons]

This ad from Sybase has information about a "compliance solution" for customers complying with the new USA PATRIOT Act.

From their ad:
"It integrates your existing customer and transaction information systems into a consolidated compliance system that detects unusual activity and automates its investigation and resolution in a timely, secure and meticulously documented manner."

Yikes.

Interestingly enough...

didn't Cisco sell China some equipment that allowed for some 'monitoring' already?

People will vote with their dollars...I wouldn't worry about it too terribly much. Behold, the glory of capitalism.

Now seriously...pop a prozac and move along. Not much to see here, as with most /. postings.

Re:Interestingly enough...

[packeteer]

Are you refering to the great firewall of china? That whole topic is blown way out of porportion. Yes Cisco did sell some routers and other network equipment to china and yes they did add some custom equipment and hardware but thats no different than any other large customer. So they sold China some firewalls and routers. Who cares what they do with it. Its china's problem not ours. If you dont like it fine dont buy from them but please dont try and walk around all day with the additude that we need to fix other country's problems.

Re:Interestingly enough...

You have a bordered mind, narrow minded person.

Re:Interestingly enough...

It's nice to see healthy attitudes regarding foreign policy. Very good point friend. Very good point indeed.

Multicast

[man_ls]

Strikes me that this would already have been doable...configure the router to multicast packets from your source IP to the destination IP as well as to the government listening address...

Freedom of speech is...

...wearing a Che Guevarra t-shirt in Miami!

cool

[mpost4]

This will be nice if 1) it works as well as the real stuff 2) if it is cheaper. But if it does not meet those two conditions, I doubt it will take off. Also if I read the article correctly we could just hook up our swage systems to the factories and have tons of oil produced a day. Of course the gas companies might not like it one bit, it will drop the price of oil to record lows, if it is very cheap to make. One question will we get paid for the shit we produce now??

Re:cool

It's a reply from a different discussion.
You mean that waste to oil changing factory?

Horse corpse, meet flogging stick

[freeweed]

I wonder, in Soviet Russia, do the gates commit suicide at you?

(for anyone not getting the joke, please just mod me down :)

Re:Horse corpse, meet flogging stick

[sogoodsofarsowhat]

I was trying to explain to my wife the humor of these Soviet Russia statements. I finally got the point across with, In Soviet Russia, you dont watch TV, TV watches you.

please ignore wrong topic, ment for another one

[mpost4]

sorry wrong topic, ment for another one, please ignore

Anarchy

Who takes out the garbage, makes the trains run on time, runs the police, fire service, runs the hospitals? Currently nobody..

Are you saying that Anarchy is the absence of these things?

Anarchy is an ideal. it means "without-ruler". (an - without, arch - ruler)

Now, if we look at the state of iraq, many people there are being ruled by violent and angry mobs, ruled by looters, ruled by US bombs, ruled by a lack of medical supplies.

Anarchy doen't mean just you can do whatever you want, it means everyone can do what they want, yet at the same time nobody is being ruled by anyone else.

Yes, an ideal.

More Info on Anarchy

Re:Anarchy

Indeed you are right, anarchy is without rulers and it is very maligned. Then how would you describe this situation, total-anarchy? I think chaos is more appropriate.

Re:Anarchy

anarchy is without rulers and it is very maligned

maligned?? what? did you even read my comment? Anarchy means you you are ruled by nobody, but also rule nobody. So anarchy means total peace, total self determination, it's almost a utopia.

maligned - i think not.

Re:Anarchy

yeah? maligned meaning too many people have the wrong impression/definition of anarchy thinking it is the total opposite of peace.

"Scary stuff " ???? 9/11 wasn't scary enough huh?

[zymano]

What are you ..a fucking dumbshit ? So what if they listen to your line?

They've been listening all the time.

If you have something secret that no one else should hear then go meet the person in private.

Good Luck. Have fun in Syria Mohamed.

Evil bit!

[jkeyes]

So this is the evil bit I heard so much about. Perhaps this is just a dupe of a dupe of a dupe of a dupe of a dupe?

What I Want To Know Is..

[FuzzyBad-Mofo]

.. does this mean Cisco will honor the evil bit?

Nicely put

[Snork+Asaurus]

We elect "somebody", not "anybody"; if they start acting like they're anybody, then they're history in the long term in any true democracy.

That's a nice turn of a phrase, but may I suggest a little touch-up:

We elect "somebodies", not "anybodies"; in any true democracy if the elected "somebodies" start acting like they're "anybodies", then they'll become "nobodies" in no time.

Oh, I dunno...

[KC7GR]

Seems to me that VOIP transmissions could be pretty easily encrypted, just like E-mail can be with PGP. In fact, it's easier to encrypt digital traffic than it is any analog device (think POTS phones).

Re:Oh, I dunno...

[JRHelgeson]

The problem with encrypting and decrypting VoIP traffic is the TIME it takes.

VoIP packets have a lifespan of 150ms. After that, the delay gets bad enough to be noticeable and the conversation will be difficult to carry on.

Simply encrypting and decrypting packets takes about ~20ms on each end, so that takes ~40ms out of your budget. It takes 15ms to encode and decode the voice packets on each end using G.729a so thats another 30ms. Usually you have a jitter buffer on each receiving end to buffer the packets for 10ms - so that packets arriving out of order can be placed back in order for smooth playback.

Right there you've 'withdrawn' roughly 80ms from your budget of 150ms leaving you only 70ms delay left to transport your voice. If your doing anything over a WAN link, you just killed your voice quality right there.

That is why its often impractical to encrypt voice...

Re:Oh, I dunno...

Why would it have to take that long, unless you encryption has to work on packets with 20ms of data in them???

Re:you must be using microsoft products (nm)

nm

actually

[djupedal]

I've tracked it down to either someone inside the bank/credit card company that is skimming off numbers, or Hertz Rental Cars. More than that and I start seeing black helicopters...it's a drag, actually. If I didn't need c'cards to travel, I'd not have them, that much I know.

Hmmm

*wonders* if another Israeli company who will be doing the actual snoops for the fed and the gov a-la Amdocs will be *snooping* on the feds and the gov as well... just like Amdocs...

Amazing... I'll never buy Cicso again.

[punkball]

I simply refuse to support a company willing to hand over our privacy rights without a fight...

SSH?

[DarwinDan]

Why not use SSH to add the additional layer the parent post speaks of? The cipher strength may be only 64-bit, but it at least adds another layer for the feds to decrypt.

Re:Roger Wilco

[BrynM]

Funny and useful. In another thread someone said the following in regards to encrypting the voice data.

"If you read deeper in cryptonomicon you will remember the idea about constant noise being better than burst traffic "

Games and such could throw quite a wrench into any surveilance if they utilize the same protocols for voice as what is being watched.

Cool

So when do we get the pizza delivery girls with vagina dentatas, and the macintosh-compatible version of the metaverse?

I hope soon?

Hacked...?

You're concerned about the tapping being hacked? I mean, who could possibly be worse than the US Gov., CIA and FBI...?

As usual, the USA is behind Russia. Russia has already had its dictatorship and state / thought police phases, the US is only just starting...

Evolve

[quintessencesluglord]

Scatterbrained. Maxim 1. If it is true, it is true at the extremes. If it is not true at the extremes, it simply is not true.

You face the possibility of death at the hands of another just crossing the street. Do we embeded GPS systems on every vehicle and on every person with some override system overlooking it? And what if that system fails? Well, another system overlooking that system, ad nausem until the entire world is focused on your safety.

Or we could trust you to look both ways before crossing the street.

Freedom is not the same thing as a right. You are pretty much free to do anything you like (including kill someone). You however do not have the right.

A right implies that you can exercise a freedom without certain consequences. That is the balancing act, not security over freedom.

Basic to rights is the idea that everyone else also has that right (otherwise it is a privilege... see our gov. for more info). Also basic to rights is responsibility. If you can't be trusted to look both ways before crossing the street (i.e.- take responsibility for yourself), you will lose that right to about 3 tons of steel. No law will save you.

The most essential freedom is to live as you choose. Anything else is tantamount to slavery.

And really, aren't you free to kill someone else? Or should I have an illusion of security that this will not happen ('cause that's all security is, an illusion)?

I mean really, BS argument. Security and freedom are mutually exclusive (it has been my experience that those who say they are exclusive are tyrants. Very much like your experience of facing death at another's hands). It is naive to think that just because the is a law that against taking drugs and police to enforce those laws, that somehow someone isn't under the influence as we speak. Perhaps even driving. The laws are a set of consequences, nothing more.

And have you considered the full consequences of the law being purposed? Many calls I make would seem damnable by third parties who are unaware of the rapport I have with the person being called.
Should I have to explain myself? Expect the people invading my right to privacy to share my sense of humor? Trust that the persons monitoring my calls would never abuse it? No, I have a right against. You are arguing to take away that right under the guise of an illusion.

"You knew the job was dangerous when you took it. Quit bitching about it now."

Re:Evolve

[RighteousFunby]

Most insightful comment on Slashdot ever.

The goverment fuck with ordinary peoples as usual

[forgoil]

Come on, will they find a bunch of terrorists this way? As soon as they find out that all telephone communication is basically tapped, they will have someone else do the calls for them, and use codes. I am sure that bringing up his love for camels can be the key for starting to nuke cities.

The american goverment needs to start to do some real spy and undercover work, together with those who know what they are doing (GRU etc). That will yield results, this will do nothing but putting another nail in the coffin of freedom.

Like Yoda

[archetypeone]

speaking just start. Understand they will not!

Re:Anti Gun Nazi

Why would you be scared? He's just protecting himself. Anyways, if you are so scared why don't you just carry a bigger gun and use the MAD (Mutually Assured Destruction) theory. I hate idiots that are scared of people with firearms. I'm scared of the tyrannical U.S. government but not because some of them have guns. Heck I think the old lady at the DMV that makes me wait for over an hour in line is by far more frightening than some civilian carrying a gun. Remember the Germans removed firearm freedom from civilians just before WWII just like we have before the war against the Axis of Evil. I'm for the continued war against the Axis of Evil, but I think it is just another excuse to deny liberty in America by keeping eyes on CNN and not on CSPAN.

Scary stuff for the privacy advocates out there.

[wheany]

Everything is scary for the privacy advocates.

Re:Anti Gun Nazi

Because many people are crazy. The stereotypical homicidal maniac runs around shooting people and then commits suicide (or suicide by cop) so he's nto actually afraid of wants MAD.

Not that I'm really against guns. Well, I am in the sense that I too get slightly worried if someone else has a gun --- even (well, especially) if that someone else is a police officer.

What an RFC

[0x0d0a]

If the information being intercepted is encrypted by the service provider and the service provider has access to the keys, then the information MUST be decrypted before delivery to the LEA or the encryption keys MUST be passed to the Law Enforcement Agency to allow them to decrypt the information.....

What a stunningly useless RFC.

"In order to make money on the stock market, one MUST buy low and MUST sell high."

Re:What an RFC

[1u3hr]

What a stunningly useless RFC.

All RFCs are written like that:

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119.

Re:What an RFC

[nettdata]

What a stunningly useless RFC.

Maybe Cisco is being the good guy in this, in that they are giving the Government EXACTLY what they are asking for.

It won't be until later that the Gov says, "ahhh, wait a minute... this isn't working out the way we THOUGHT it would..."

Re:What an RFC

Not quite all. See, for example, RFC-3251.

Re:What an RFC

[0x0d0a]

Oh. No, I wasn't referring to the style, but to the fact that they write to achive [hard task] you MUST [do equivalently hard task].

It's just not particularly helpful.

The government

• "the government"

Is there only one government now? I thought each country had one?

Cisco ALREADY support this...

...on the uBR CMTS ( Cable Headend ) boxes,
and they have done for several years.

Their CMTS's have certainly had this capability, specifically to allow wiretaps of VoIP over cable.

Throw down schoolgirl!

[TerryAtWork]

Listen - with a cheap pentium, two NICs and OpenBSD you can do stuff no $50,000 Cisco machine can do.

PLUS you can encrypt it out the wazoo.

ONCE WE GET A GRIP they can intercept all they want, for all the good it will do them.

Whose crypto?

[dmaxwell]

The Clipper chip got everybody hacked off because it would be the government providing the crypto. Of course, they had a master keyring for every Clipper made. And yeah, there was even an elaborate system for getting warrants and putting two pieces of the key together,etc. All of which, Ashcroft would cheerfully chuck in the name of "national security".

If the crypto is provided by the phone or network vendor then it can't be trusted. This is especially true of anything that has the government's blessing. The situation is less clear cut if the users provide their own crypto.

How has it been implemented? Does it leak information into swapfiles? Are there mistakes that reduce the strength of the system? And what about the users? Both ends of a conversation must be following good procedure. If one end of the conversation has a g-man with a truncheon standing over it or has been bugged then its useless.

Crypto can help secure communications but it isn't the whole story. It surely isn't an all purpose security blanket.

Encryption By Cockney Rhyming Slang

[Lucius+Sour]

It is said that in the days of yore, London thieves used rhymes to obscure their nefarious intentions from paid police informers. Apples="apples and pears"=stairs. Still in use amongst we denizens of the South of England and BBC soap-opera characters. Will employing a munged language such as this be illegal eventually? If not, then like Winston Smith, we will learn always to obfuscate our speech and facial expressions. Eventually not wearing a McSmiling Non-Terrorist face (tm) will be illegal.

Ha Ha Only Serious.

then logically

the problem is those movement, not any sort of technological extension/addendum to existing search and seizure sets. If someone comes up with a star trek like transporter tomorrow then it will be just as silly to get all worked up when someone figures out how to selectively beam your business/personal records straight through your locked file cabinet to authorities. The issue seems to be not the ability (hint: it was already there) but the policy.

Arguing that knee-jerk reactions to a technological data collection method are ok simply because of the problems with policy is like arguing that cup holders are bad for cars because drunks can use them to store their Jack-n-Coke and get more drunk and cause accidents.

Focus on the issues, not the hyperbole

it can already

Cisco is merely attempting to standardize the technological side of this. I think this is a good thing since it is easier to regulate the authorities on the use of a standardized technology. If you are referring to accidents and breaches of trust (as in abuse of power) then that is separate from the actual technology and again the standardization of such a technology can indeed help reduce the incidents of accidents as well as log all attempts to copy and scan data streams.

Just like with your credit card, checks, bank accounts, telephone, etc... you are depending upon ethics and competence... things not found in abundance in the government. THAT is what should be the concern.

of course

the protocol is hoped to be a standard, you will however not be protected simply because you do not use it.

Re:of course

[Dagmar+d'Surreal]

I'll be endangered by a protocol I don't use? Somehow I doubt that. I intend to keep using my VPNs and my encrypted VoIP technology, no matter what pinheaded ninnies might declare to be illegal.

This has been around since 1994 (or was that 1984)

CALEA (Communications Assistance to Law Enforcement Agencies) was passed in 1994. Cisco boxen have supported this feature for quite a while i.e. "cable intercept". The RFC is a good idea because it builds some degree of trust into the wiretap as opposed to random fishing expeditions which are possible now with optical matrix switches which allow fiber plants with these devices installed to be monitored non-invasively

2nd Amendment is toast already

[nurb432]

While I fully agree its in black and white in our founding documents, far too many of the wonderful elected officials in this country don't see things as clearly.

With the obscene 'war on guns' that is currently going on, adding encryption to the list will only help their cause ( the "only terrorists and people that have things to hide use encryption" argument )

Encryption

I'm going anonymous coward on this one :p

Don't ask how I know, but I have SEEN (with my own eyes) products by this company http://www.verintsystems.com cut though encryption up to 256bit like butter in near real-time. 128 made it pause for about ½ a second while 256 took around 1-2 seconds.

Verint are also the people who make the black boxes that in real time scan every phone call for key words and if your saying naughty stuff record it for the Intelligence service. When I say black boxes, I mean black boxes, they have no markings and just sit in the bottom of racks in telcos. I know for a fact that every call (fixed, cellular and satellite) in the US, UK and Israel is passed through these systems.

You can encrypt all you want, it doesn't make any difference.

Rest Of World

[EnglishTim]

Remember that Cisco sells equipment to people all over the world. ust because all the law enforcement agencies in your corner of it are meant to be all coordinated, doesn't mean that they are all everywhere.

Also, consider that there may be cases in which a router falls under several jurisdictions - a router physically in the UK, owned by an American company, for instance - both governments might claim the right to intercept, although obviously they wouldn't want each other to know about it.

Re:Rest Of World

[dbCooper0]

Interesting. Kind of reminds me of the bug our CIA(FBI?) planted in the Soviet Embassy in the form of a gift?

It's not about tech. It's about due process.

[zerofoo]

Lucent long distance switches have the ability to be tapped and have had it for YEARS. Most telecom gear is designed to be LAWFULLY tapped. I don't have a problem with network equipment vendors also providing these features.

My gripe is the lack of due process for government monitoring (post 9-11-01). I'm OK with monitoring any form of communications as long as the organization doing the monitoring has made their case to a judge, and the judge has granted them a warrant. Wiretap laws need to be expanded to include all forms of electronic surveillance. These laws require a court issued warrant before the use of any electronic surveillance by law enforcement. Any evidence obtained without proper authorization is inadmissible in court.

-ted

Good for the smart (and evil?), bad for John Doe..

[CharonX]

Hmmm... so they basically implement a limited backdoor so government goons can get a sniff at the data?
Er... is it me or does that mean that those that are targeted will probably switch to homemade solutions, as do those "normal users" (read geeks) with enough intelligence, and only those that don't have the smarts will be stuck with a wide open router (many windows users, and probably some government types)
Oh well, the scriptkiddies will have a fun time once the first exploitable bug has been found :p

The Cisco Kid ...

[handy_vandal]

The Cisco Kid wasn't a friend of mine ... doo doo doo doo ....

This is news!!??

[Che+Leno]

Lawful Intercept has been around for a while.

What? You think governments cannot tap into your POTS conversations? I worked for a "foreign" telecom company and there was a project to develop Lawful Interception capabilities on high speed ATM swtiches. It is required by US law and that of many other countries, so if you want to sell in those markets you have to provide the ability to intercept telecommunications on your equipment.

Check out the European Telecommunications Standards Institute to see that is is not just the US government that requires this capability.

That all depends, DSEA....

[Phelan]

I think cause right now is definitely needed but under the wonderful DSEA (Domestic Security Enhancement Act of 2003 aka the worst idea ever) I'm pretty sure there will be no such thing as priviledged information anymore, especially on the Internet. As there are actually incentives for ISPs to screw their customers... scary thought, if this actually makes it to Congress...I'm scared as we speak. Alternet has a good write up here "Nimis exaltatus rex sedet in vertice - caveat ruinam!" "Raised to dizzy heights of power, the king sits in his majesty - but let him beware his downfall!" "FORTUNA IMPERATRIX MUNDI" -Carl Orff

ah yes

anyone not a socialistic, hypocritical bush-basher is thusly a concervative

EvilBit

[xconslash]

Maybe they should just mark all the calls made by terrorists with the EvilBit.

can we invoke HIPAA?

can we invoke some obscure rule from HIPAA and hang them with their own rope?

'so sally, i've had terrible back acne for years.'

Secure RDP?

Can Secure RDP be used to circumvent the "intercept"? Anyone know what encryption they are using on Secure RDP SIP Phones ???

Woohoo!!!

Can't wait to root stuff on the Internet even easier than before!!!

Re:Sybase markets USA PATRIOT Act transaction scan

That's the absolute FUNNIEST THING I HAVE SEEN on a software company's website. 'The Onion' should take notes.

This is *GOOD* for Privacy concerns.

[RobertNotBob]

As a geek in the telecom world I have seen the large difference in regulations when it comes to intercepting data vs. voice communications. Here in the USA, judges have known since the creation of our country that speach needs to be protected. However since the dawn of the digital age, the extent to which that protection extends to data has been passionately debated.

I would be very pleased to see legislation that clearly identifies data communication as identical to verbal communication. After reading the document, I think that this (or something close to it) may be exactly what is needed to put a legitimate legal framework around this topic. The more we can make the technical process of LI (lawfull intercept... you did RTA right?) more like the technical process of wire tapping, the easier it will be to approximate the two in the minds of the people who make, judge and execute the law.

Re:This is *GOOD* for Privacy concerns.

[kindbud]

Here in the USA, judges have known since the creation of our country that speach (sic) needs to be protected.

As well as spelled correctly.

Cisco is just catching up to other vendors

Other IP equipment vendors have been providing line rate intercept for over a year. Cisco is just playing catch up by trying to geth their version to be a standard.

The barn has been wide open for over a year, this is a done deal.

The only question is if the intercepts will be "lawful" or if governments will tap in at any time with no limits or prior conditions.

Is there a suitable and free encrtyption library?

Is there a GPL library that supports
encryption of IP traffic via a shared,
destroyable one-time-pad? I'm talking about
a system where, once you're done with the
transmission, you destroy the otp
media, so does the other end, and then even you
can't decrypt your packets.

If not, someone should write one. It's
no use encrypting messages with a key that the
police find once they seize your computer.

pardon my ignorance

[aboxbayz]

... what golf balls ?
i think i missed something. /sig/ "Now God defends the bastards" /sig/ --King Lear

Privacy?

[ohu812]

Lemme see now...if an internet call is being listened in on by the government, it has been hacked. And someone is worried the first hack may be hacked? Ok...I'm dizzy now. I gotta go buy stationary, pens, and some stamps...

CC PITA?

[StupidKatz]

Actually, no. Merely cancel the CC number. Anyone who doesn't do that immediately after seeing bogus charges if a total nimrod.

(Let's see if I can close my tags this time.)

Another thought

[einhverfr]

Then it will be made outright illegal, as its placed back on the 'controlled munitions' list.

Isn't DRM fundamentally based on assymetric encryption? Wouldn't outlawing Encryption undermine not only HIPAA, but also the DMCA? Not to mention a small insignificant industry call e-Commerce...

Can we kill the MPAA and RIAA in the name of fighting terrorism? Pretty please?

Right to Privocy and Freedom of Speech

[einhverfr]

Ok, perhaps I don't trip and fall into this hellish techno-dystopia delusion as easily as a lot of the /. crowd, some of which seem to consider 1984 an orgasmic experience, but even if I did, can someone please tell me how "privacy" has anything to do with "freedom of speech?"

Ok. Actually they are more like flip-sides of a coin. The goal of both is to prevent people from being persecuted by the government simply for being dissidents. The idea with freedom of speech is that your public political beliefs should not grounds for harrassment by the government.

As for right to privacy. This right is designed to ensure tha law enforcement has a bona-fide reason for investigating someone rather than just hunting for charges. Or just having law enforcement harrass people because they can and these people have unappreciated views.

The point is that these are protections for the citizens against government intrusions and also designed to preserve pluralism in our society. They *are* completely separate, but they are completely complimentary, and I do not believe one can have one without the other.

on thinking about random numbers

[BloodSprite]

web cam static might be a good random number source

Re:Roger Wilco

[ErikTheRed]

Imagine if you are making another horribly outdated "Someone set up us the bomb!" reference.... (ok, I still find it amusing).

It's ok... REALY.. There's no gun to my head

[Felinoid]

It's ok they won't hurt us. They'll be very careful with it.
They won'r hurt you. Or use the information from your e-mail and web surfing to post pro-government policy posts on Slashdot..

Can I have my files back now?