Posted by
chrisd
on from the law-and-technology dept.
cf_33073 writes "Scary stuff for the privacy advocates out there. Your Internet telephone conversations may soon be tapped by the government. Anyone else concerned about these intercepts being hacked?
Full text of the
RFC
Is available (mirror)"
Since the connection is digital, it shouldn't be tough to add a layer of encryption onto your conversation. Let 'em monitor scrambled data.
Encryption .. wont be legal much longer.
by
nurb432
·
· Score: 4, Informative
The only way these rules will work is if encryption is taken out of the hands of the public.
Can it be accomplished at this point? I donno, but a first start is calling the use of any un-approved ( i.e. , no governmental backdoor key ) encryption cause for the use to be investigated under the patriot act..
Then it will be made outright illegal, as its placed back on the 'controlled munitions' list.
Many of the comments in response to this story demonstrate that the posters have neither read the referenced RFC nor understand the problem it is trying to solve. I'll restate it for the stupid or perpetually lazy among you (i.e. most of you who've responded so far):
Telecommunications companies in many countries must by law provide "assistance to law enforcement" on occasion. Note: in many countries, not just the United States. This assistance has traditionally been in the form of providing call intercept and tracing on voice networks. Some governments in many countries now want to do the same thing for data packets, but moreover, when data networks are used to emulate "traditional" voice services, the existing laws already apply. Just because your ISP's telecom backbone runs over ATM or IP doesn't mean that they're off the hook when it comes to lawful intercept and emergency services (e.g. E911) regulations. When voice is extended to "the edge" in packet form, little changes in that regard.
Now, that said, this RFC proposes an architecture to support tapping data (and any application layer-services that run on it, e.g. voice) in a uniform and scalable manner. Whether you like the idea of tapping or not is immaterial and irrelevant. Service providers must obey the law. If they cannot, they go out of business, or in some cases, never get off the ground. And make no mistake; this RFC is no more about "voice" than any other data service; it describes some of the special problems with enabling the enforcement of existing wiretap laws for packet voice, yet the aim of the RFC is to solve the general problem.
The architecture proposed makes no assumptions about the use of encryption except that no assumptions can be made about the use of encryption; i.e. deliver "tapped" packets to the LEA as packets, not transcoded or decoded into some other format.
if you think this is a transparent attempt to get IETF to appear to endorse a heinous activity
The IETF basically told the FBI to bugger off with regards to working CALEA into standards a long time ago. One lawyer who handles CALEA related cases doesn't seem to think this was a good idea, though;
"The IETF's long-ago refusal to consider this issue was hailed as a civil liberties victory at the time. In fact, it has had the ironic effect of making it more likely that wiretap solutions will be proprietary and designed in quiet consultation with the FBI. Bottom line: the notion that the Net inherently resists government control is in for a bad decade."
This comes from a letter to Politech last week. That letter, and a few more references re: IETF/CALEA, can be found here.
-- "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
Sybase markets USA PATRIOT Act transaction scanner
by
nate.sammons
·
· Score: 5, Informative
This ad from Sybase has information about a "compliance solution" for customers complying with the new USA PATRIOT Act.
From their ad: "It integrates your existing customer and transaction information systems into a consolidated compliance system that detects unusual activity and automates its investigation and resolution in a timely, secure and meticulously documented manner."
Yikes.
Re:Anything huh?
by
araemo
·
· Score: 2, Informative
It says "Lawfull" intercept.. that implies they have a warrant.
Yeah.. I know that making it digital just makes abuse of it easier, but stop complaining and go make sure the privacy watchdog groups know about it, and help them make sure there are proper checks in place.
Re:Welcome to intercept PGPfone
by
Anonymous Coward
·
· Score: 1, Informative
Packetized voice telephone was invented by ATT and then packaged for the US government in the middle 80's at a company called Advanced Computer Communications. The technology allowed crypto STU-II phones to be installed in the arpanet under support of NSA. These phones allowed secure voice coms at restricted and higly classified sites around the world. All packets could be manipulated, scannned, reprocessed in real time. Voice inflections, timing, wording, phrasing could all be changed. A man speaking at one end of the system could be changed to sound like a young girl at the other. It was demonstrated that content and intent of conversation could be maniuplated and this in the days of 8 bit processors. Packetized phone data is the easiest thing to manipulate.
Re:What is so scary about this?
by
joejoejoejoe
·
· Score: 2, Informative
However, I don't think very much high-end telco/ISP equipment was really designed to duplicate packets to someone other than the intended recipient
I'm not much of a network guy, but in cisco lingo it is called "port span" which will echo the packet set to or from a port TO ANOTHER PORT. Just hook up a sniffer to the "spanned" port and you can listen to all the packets.
ISPs do this for their _secret_ monitoring / gov't-email-spying stuff. ISPs do it to find why they are having a network problem by monitoring the packets on a switched network without putting a hub in the middle.
If you do the span thing on a switch port that has a router on the other end you can see all packets leaving/entering the router.
Granted this captures a LOT of traffic, but if the monitoring box just drops stuff it doesnt want, the load is lighter (filters).
Here is a cisco doc on the topic: Switched Port Analyzer (SPAN) feature
-- Silly Rabbit: tricks are for kids.
Re:Unpopular, I know...
by
danoatvulaw
·
· Score: 2, Informative
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119.
Throw down schoolgirl!
by
TerryAtWork
·
· Score: 2, Informative
Listen - with a cheap pentium, two NICs and OpenBSD you can do stuff no $50,000 Cisco machine can do.
PLUS you can encrypt it out the wazoo.
ONCE WE GET A GRIP they can intercept all they want, for all the good it will do them.
-- It's Christmas everyday with BitTorrent.
Cisco is just catching up to other vendors
by
Anonymous Coward
·
· Score: 1, Informative
Other IP equipment vendors have been providing line rate intercept for over a year. Cisco is just playing catch up by trying to geth their version to be a standard.
The barn has been wide open for over a year, this is a done deal.
The only question is if the intercepts will be "lawful" or if governments will tap in at any time with no limits or prior conditions.
Slashdot Mirror
Since the connection is digital, it shouldn't be tough to add a layer of encryption onto your conversation. Let 'em monitor scrambled data.
The only way these rules will work is if encryption is taken out of the hands of the public.
Can it be accomplished at this point? I donno, but a first start is calling the use of any un-approved ( i.e. , no governmental backdoor key ) encryption cause for the use to be investigated under the patriot act..
Then it will be made outright illegal, as its placed back on the 'controlled munitions' list.
---- Booth was a patriot ----
Many of the comments in response to this story demonstrate that the posters have neither read the referenced RFC nor understand the problem it is trying to solve. I'll restate it for the stupid or perpetually lazy among you (i.e. most of you who've responded so far):
Telecommunications companies in many countries must by law provide "assistance to law enforcement" on occasion. Note: in many countries, not just the United States. This assistance has traditionally been in the form of providing call intercept and tracing on voice networks. Some governments in many countries now want to do the same thing for data packets, but moreover, when data networks are used to emulate "traditional" voice services, the existing laws already apply. Just because your ISP's telecom backbone runs over ATM or IP doesn't mean that they're off the hook when it comes to lawful intercept and emergency services (e.g. E911) regulations. When voice is extended to "the edge" in packet form, little changes in that regard.
Now, that said, this RFC proposes an architecture to support tapping data (and any application layer-services that run on it, e.g. voice) in a uniform and scalable manner. Whether you like the idea of tapping or not is immaterial and irrelevant. Service providers must obey the law. If they cannot, they go out of business, or in some cases, never get off the ground. And make no mistake; this RFC is no more about "voice" than any other data service; it describes some of the special problems with enabling the enforcement of existing wiretap laws for packet voice, yet the aim of the RFC is to solve the general problem.
The architecture proposed makes no assumptions about the use of encryption except that no assumptions can be made about the use of encryption; i.e. deliver "tapped" packets to the LEA as packets, not transcoded or decoded into some other format.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
This ad from Sybase has information about a "compliance solution" for customers complying with the new USA PATRIOT Act.
From their ad:
"It integrates your existing customer and transaction information systems into a consolidated compliance system that detects unusual activity and automates its investigation and resolution in a timely, secure and meticulously documented manner."
Yikes.
It says "Lawfull" intercept.. that implies they have a warrant.
Yeah.. I know that making it digital just makes abuse of it easier, but stop complaining and go make sure the privacy watchdog groups know about it, and help them make sure there are proper checks in place.
Packetized voice telephone was invented by ATT and then packaged for the US government in the middle 80's at a company called Advanced Computer Communications. The technology allowed crypto STU-II phones to be installed in the arpanet under support of NSA. These phones allowed secure voice coms at restricted and higly classified sites around the world. All packets could be manipulated, scannned, reprocessed in real time. Voice inflections, timing, wording, phrasing could all be changed. A man speaking at one end of the system could be changed to sound like a young girl at the other. It was demonstrated that content and intent of conversation could be maniuplated and this in the days of 8 bit processors. Packetized phone data is the easiest thing to manipulate.
However, I don't think very much high-end telco/ISP equipment was really designed to duplicate packets to someone other than the intended recipient
I'm not much of a network guy, but in cisco lingo it is called "port span" which will echo the packet set to or from a port TO ANOTHER PORT. Just hook up a sniffer to the "spanned" port and you can listen to all the packets.
ISPs do this for their _secret_ monitoring / gov't-email-spying stuff. ISPs do it to find why they are having a network problem by monitoring the packets on a switched network without putting a hub in the middle.
If you do the span thing on a switch port that has a router on the other end you can see all packets leaving/entering the router.
Granted this captures a LOT of traffic, but if the monitoring box just drops stuff it doesnt want, the load is lighter (filters).
Here is a cisco doc on the topic:
Switched Port Analyzer (SPAN) feature
Silly Rabbit: tricks are for kids.
See Marbury v. Madison, 5 U.S. 137 (1803) for the full explaination.
Check out SpeakFreely , Unix and Windows versions available.
All RFCs are written like that:
Listen - with a cheap pentium, two NICs and OpenBSD you can do stuff no $50,000 Cisco machine can do.
PLUS you can encrypt it out the wazoo.
ONCE WE GET A GRIP they can intercept all they want, for all the good it will do them.
It's Christmas everyday with BitTorrent.
Other IP equipment vendors have been providing line rate intercept for over a year. Cisco is just playing catch up by trying to geth their version to be a standard.
The barn has been wide open for over a year, this is a done deal.
The only question is if the intercepts will be "lawful" or if governments will tap in at any time with no limits or prior conditions.