Posted by
chrisd
on from the law-and-technology dept.
cf_33073 writes "Scary stuff for the privacy advocates out there. Your Internet telephone conversations may soon be tapped by the government. Anyone else concerned about these intercepts being hacked?
Full text of the
RFC
Is available (mirror)"
does this mean that I'll have to start purchasing technology from other countries to keep my own government from snooping on me?
Welcome to intercept PGPfone
by
Anonymous Coward
·
· Score: 5, Insightful
All packets are freely available to the fed. No special intercept equipment required. Decryption may be a different story.
Re:Welcome to intercept PGPfone
by
ronaldcromwell
·
· Score: 4, Interesting
Is Crypto getting secure to the point that we don't have to worry about anyone decrypting our communications? As open-source solutions become more and more viable, will networks like Freenet set the standard in the future for those of us who actually give a rip about privacy? Are we doomed, or is there a light at the end of the tunnel?
Re:Welcome to intercept PGPfone
by
Tuxinatorium
·
· Score: 4, Funny
That is a lie. There are no such things as "packets". They are a fabrication of the American news media. These so-called "1"s and "0"s are committing suicide at the logic gates as we speak. Praise be to Allah!
Another fine DMCA violation
by
Renraku
·
· Score: 4, Insightful
Add a layer of encryptation to your packets. The government won't like having to waste extra time decoding your Slashdot traffic, so they'll just make it against the DMCA to encrypt your packets.
Eventually, internet traffic today will be like people traffic. I'm sure if I wore a big cloak and walked down the street, the police would be nervous of 'what I'm hiding under there' and might be so inclined to ask me about it.
While its legal to carry a concealed weapon if you have a licence, most people don't bother. So criminals and police alike can see that people aren't hiding a rocket launcher on their person or trying to move their crate of coccaine.
-- Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
this isn't an rfc
by
keithmoore
·
· Score: 4, Insightful
it's just a draft by one guy. anybody can submit a draft. it doesn't mean anything in terms of IETF approval. however since it purports it might eventually get published as an Informational document (not a standard).
if you think this is a transparent attempt to get IETF to appear to endorse a heinous activity (as I do) then you might want to write the IESG and/or the RFC Editor (as I intend to) and object to such publication. in order to avoid flooding their normal mailboxes, perhaps someone would like to set up a mailing list?
when governments think they have the right to kill thousands of people with scant justification, the last thing we need is to help them standardize on surveillance technologies.
Why worry about lawful intercept?
by
patbob
·
· Score: 5, Insightful
Let's see if I have this right.. you broadcast your packets on a public network where you already assume anyone can potentially get access to them, then you worry about what happens when the government steps in and asks to receive a copy of those packets?
Like what, the government isn't already part of "anybody"?
I'm far more worried about entities that are not part of the government getting a copy of my packets. Flawed though their procedures, checks and balances may be, at least the government folks have some. What procedures, checks and balances are on the criminals?
-- Welcome to the net of 1000 lies. Upgrades are scheduled soon that should bring us to the 10,000 lies mark.
Re:Why worry about lawful intercept?
by
netwiz
·
· Score: 4, Insightful
Not really. You don't actually broadcast packets, even at layer 2. In every case, there's a specific destination to the frame. It's like the gov't spying on your mail by opening them all in the post office. And while yes, they can do this, it requires a court order and probably cause to do so (someone back me up, I'm not actually certain of this fact).
As for private entities, packet capture is a time consuming task to perform constantly. I know for a fact that the ISP at which I work moves about a terabyte a day thru the network I maintain. It's not cost-effective (and there's not really any juicy stuff to be garnered), so they (corporations) won't do it.
Plus, the litigious backlash should ISPs start doing this of their own volition would be prohibitively expensive.
Encryption .. wont be legal much longer.
by
nurb432
·
· Score: 4, Informative
The only way these rules will work is if encryption is taken out of the hands of the public.
Can it be accomplished at this point? I donno, but a first start is calling the use of any un-approved ( i.e. , no governmental backdoor key ) encryption cause for the use to be investigated under the patriot act..
Then it will be made outright illegal, as its placed back on the 'controlled munitions' list.
-- ---- Booth was a patriot ----
Re:Encryption .. wont be legal much longer.
by
Scaba
·
· Score: 4, Interesting
Then it will be made outright illegal, as its placed back on the 'controlled munitions' list.
Unpopular, I know...
by
Geekenstein
·
· Score: 4, Insightful
But I have to say it. For anyone who isn't a Montana militia, I hate everything law type, this isn't really a bad thing if proper judicial controls are instituted.
We do have an amendment to the constitution that protects against random search and seizure. Frankly, if law enforcement can give enough evidence to an informed judge that the party in question needs to be monitored in connection to a criminal offense, more power to them.
If you really think your geeky attempts at phone sex with some hot level 5,000,000 elf from EverQuest with a +50 con dildo are worth protecting from the evil shadow government, please encrypt!
Oh, and to head off all the "But the PATRIOT Act.." replies I'm sure to get, I firmly believe that its wire tap provisions are too ambiguous and when truly challenged in the Supreme Court, it will be shot down. Amazing how the whole checks and balances thing works, isn't it?
Re:Unpopular, I know...
by
Geekenstein
·
· Score: 4, Interesting
No, actually the Constitution does not give the judicial branch of government the power of review.
From the Court's website (supremecourtus.gov):
"While the function of judicial review is not explicitly provided in the Constitution, it had been anticipated before the adoption of that document. Prior to 1789, state courts had already overturned legislative acts which conflicted with state constitutions. Moreover, many of the Founding Fathers expected the Supreme Court to assume this role in regard to the Constitution; Alexander Hamilton and James Madison, for example, had underlined the importance of judicial review in the Federalist Papers, which urged adoption of the Constitution."
John Marshall, the first Chief Justice established the precedent of judicial review, and it has since become custom as strong as written law. The court's purpose has always been to interpret and explain the laws of the country, but if they put the kibash on something as unconstitutional, it becomes by decree unenforceable under the law(the court being the embodiment of law in the country).
Class dismissed.:)
And the problem is... what exactly?
by
Guppy06
·
· Score: 4, Insightful
"Your Internet telephone conversations may soon be tapped by the government."
Note the lack of the phrase "without a warrant" in this sentence. The RFC talks about "lawful intercept," which means they'd need a warrant before they're allowed to do it legally.
You don't say "without a warrant." The RFC doesn't say "without a warrant." You think maybe we can save our kneejerk reactions for somethingmoreworthy?
Re:And the problem is... what exactly?
by
cranos
·
· Score: 5, Insightful
The problem is that governments are trying to move to a point where they don't need warrants.
This is ridiculous. . .
by
Fritz+Benwalla
·
· Score: 4, Insightful
Of course I'm concerned that they will be hacked. ..Which is why I advocate that the design of these intercepts be standardized and subject to a public RFC process.
*Of course* we need a mechanism for *lawful* intercepts in this society. Some capability to (shall I say it again) *lawfully* monitor bad guys on the Internet is necessary to protect the rest of us, just as it exists in every other medium including human conversation. What I'm much more concerned about is half-wit J. Edgar Hoover wanna-bes who take an ad-hoc approach to collecting information, not giving a dump about collateral damage, and coyly taking an unregulated look at any other network traffic that "just happens" to get caught in their filters.
I suggest that this RFC is just the right way to go about it:
1. Publicly design a logical box that does what we need it to do and no more. 2. Force the authorities to stay inside that box. 3. Hand them their ass if they're caught outside the box.
As for the/. write-up, it's just (increasingly common around here) ill-informed, let's-go-occupy-the-provost's-office hyperbole.
What the privacy movement needs are intellectuals who can process enough complex facts to actually aid in the effort to balance a society that needs to be both free and safe. Automatically shouting "free!" when someone shouts "safe!" or "safe!" when someone shouts "free!" is not a useful debate. It's not even a good start.
-----
--
Believe me, I'm as surprised by my comment as you are.
Many of the comments in response to this story demonstrate that the posters have neither read the referenced RFC nor understand the problem it is trying to solve. I'll restate it for the stupid or perpetually lazy among you (i.e. most of you who've responded so far):
Telecommunications companies in many countries must by law provide "assistance to law enforcement" on occasion. Note: in many countries, not just the United States. This assistance has traditionally been in the form of providing call intercept and tracing on voice networks. Some governments in many countries now want to do the same thing for data packets, but moreover, when data networks are used to emulate "traditional" voice services, the existing laws already apply. Just because your ISP's telecom backbone runs over ATM or IP doesn't mean that they're off the hook when it comes to lawful intercept and emergency services (e.g. E911) regulations. When voice is extended to "the edge" in packet form, little changes in that regard.
Now, that said, this RFC proposes an architecture to support tapping data (and any application layer-services that run on it, e.g. voice) in a uniform and scalable manner. Whether you like the idea of tapping or not is immaterial and irrelevant. Service providers must obey the law. If they cannot, they go out of business, or in some cases, never get off the ground. And make no mistake; this RFC is no more about "voice" than any other data service; it describes some of the special problems with enabling the enforcement of existing wiretap laws for packet voice, yet the aim of the RFC is to solve the general problem.
The architecture proposed makes no assumptions about the use of encryption except that no assumptions can be made about the use of encryption; i.e. deliver "tapped" packets to the LEA as packets, not transcoded or decoded into some other format.
Re:I'm thoroughly confused
by
Jeremi
·
· Score: 4, Insightful
can someone please tell me how "privacy" has anything to do with "freedom of speech?"
Surely there are things that want to say in private conversation that you wouldn't feel free to say if you knew (or suspected) that you were being eavesdropped on?
For example, the Iraqi government used lack of privacy (informers listening everywhere) to deny its citizens freedom of speech (anyone who was overheard saying something bad about Saddam was hauled off to prison).
--
I don't care if it's 90,000 hectares. That lake was not my doing.
Who changed the /. Calendar again?
by
CSG_SurferDude
·
· Score: 4, Funny
Now I KNOW somebody changed the/. calendar on me. We're only supposed to bash Cisco ON THE SECOND AND FOURTH THURSDAYS
and this is Wednesday in the U.S., and not even the right week count.
Can somebody please point me to the revised/. Love|Hate calendar so I can get with the program?
I've been preparing for this
by
fobbman
·
· Score: 4, Funny
I speak ROT13 fluently.
Sybase markets USA PATRIOT Act transaction scanner
by
nate.sammons
·
· Score: 5, Informative
This ad from Sybase has information about a "compliance solution" for customers complying with the new USA PATRIOT Act.
From their ad: "It integrates your existing customer and transaction information systems into a consolidated compliance system that detects unusual activity and automates its investigation and resolution in a timely, secure and meticulously documented manner."
Yikes.
What I Want To Know Is..
by
FuzzyBad-Mofo
·
· Score: 4, Funny
Slashdot Mirror
does this mean that I'll have to start purchasing technology from other countries to keep my own government from snooping on me?
All packets are freely available to the fed. No special intercept equipment required. Decryption may be a different story.
Since the connection is digital, it shouldn't be tough to add a layer of encryption onto your conversation. Let 'em monitor scrambled data.
I'm sure the security experts are much smarter then the hackers.
I am NOT a man!
I am a free number!
Comment removed based on user account deletion
Add a layer of encryptation to your packets. The government won't like having to waste extra time decoding your Slashdot traffic, so they'll just make it against the DMCA to encrypt your packets.
Eventually, internet traffic today will be like people traffic. I'm sure if I wore a big cloak and walked down the street, the police would be nervous of 'what I'm hiding under there' and might be so inclined to ask me about it.
While its legal to carry a concealed weapon if you have a licence, most people don't bother. So criminals and police alike can see that people aren't hiding a rocket launcher on their person or trying to move their crate of coccaine.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
it's just a draft by one guy. anybody can submit a draft. it doesn't mean anything in terms of IETF approval. however since it purports it might eventually get published as an Informational document (not a standard).
if you think this is a transparent attempt to get IETF to appear to endorse a heinous activity (as I do) then you might want to write the IESG and/or the RFC Editor (as I intend to) and object to such publication. in order to avoid flooding their normal mailboxes, perhaps someone would like to set up a mailing list?
when governments think they have the right to kill thousands of people with scant justification, the last thing we need is to help them standardize on surveillance technologies.
Like what, the government isn't already part of "anybody"?
I'm far more worried about entities that are not part of the government getting a copy of my packets. Flawed though their procedures, checks and balances may be, at least the government folks have some. What procedures, checks and balances are on the criminals?
Welcome to the net of 1000 lies. Upgrades are scheduled soon that should bring us to the 10,000 lies mark.
The only way these rules will work is if encryption is taken out of the hands of the public.
Can it be accomplished at this point? I donno, but a first start is calling the use of any un-approved ( i.e. , no governmental backdoor key ) encryption cause for the use to be investigated under the patriot act..
Then it will be made outright illegal, as its placed back on the 'controlled munitions' list.
---- Booth was a patriot ----
But I have to say it. For anyone who isn't a Montana militia, I hate everything law type, this isn't really a bad thing if proper judicial controls are instituted.
We do have an amendment to the constitution that protects against random search and seizure. Frankly, if law enforcement can give enough evidence to an informed judge that the party in question needs to be monitored in connection to a criminal offense, more power to them.
If you really think your geeky attempts at phone sex with some hot level 5,000,000 elf from EverQuest with a +50 con dildo are worth protecting from the evil shadow government, please encrypt!
Oh, and to head off all the "But the PATRIOT Act.." replies I'm sure to get, I firmly believe that its wire tap provisions are too ambiguous and when truly challenged in the Supreme Court, it will be shot down. Amazing how the whole checks and balances thing works, isn't it?
"Your Internet telephone conversations may soon be tapped by the government."
Note the lack of the phrase "without a warrant" in this sentence. The RFC talks about "lawful intercept," which means they'd need a warrant before they're allowed to do it legally.
You don't say "without a warrant." The RFC doesn't say "without a warrant." You think maybe we can save our kneejerk reactions for something more worthy?
Of course I'm concerned that they will be hacked. .
*Of course* we need a mechanism for *lawful* intercepts in this society. Some capability to (shall I say it again) *lawfully* monitor bad guys on the Internet is necessary to protect the rest of us, just as it exists in every other medium including human conversation. What I'm much more concerned about is half-wit J. Edgar Hoover wanna-bes who take an ad-hoc approach to collecting information, not giving a dump about collateral damage, and coyly taking an unregulated look at any other network traffic that "just happens" to get caught in their filters.
I suggest that this RFC is just the right way to go about it:
1. Publicly design a logical box that does what we need it to do and no more.
2. Force the authorities to stay inside that box.
3. Hand them their ass if they're caught outside the box.
As for the /. write-up, it's just (increasingly common around here) ill-informed, let's-go-occupy-the-provost's-office hyperbole.
What the privacy movement needs are intellectuals who can process enough complex facts to actually aid in the effort to balance a society that needs to be both free and safe. Automatically shouting "free!" when someone shouts "safe!" or "safe!" when someone shouts "free!" is not a useful debate. It's not even a good start.
-----
Believe me, I'm as surprised by my comment as you are.
Ahem,
When I am able to have any degree of privacy (short of living in a bomb shelter) would someone please notify me--contact information below.
Roger Hammond
164 Rochester Ln
Tucson, AZ 8546
U.S.A.
Phone:(520)791-4544
Fax: (520)791-4124
Email: rhammond64@excite.com
AIM/MSN/Yahoo!: rhammond64
My Server: rhammond.org
I also post here quite often.
Thank you,
R.E.G. [good thing I didn't tell 'em my middle name]
FEARLESS AND STUPID
Many of the comments in response to this story demonstrate that the posters have neither read the referenced RFC nor understand the problem it is trying to solve. I'll restate it for the stupid or perpetually lazy among you (i.e. most of you who've responded so far):
Telecommunications companies in many countries must by law provide "assistance to law enforcement" on occasion. Note: in many countries, not just the United States. This assistance has traditionally been in the form of providing call intercept and tracing on voice networks. Some governments in many countries now want to do the same thing for data packets, but moreover, when data networks are used to emulate "traditional" voice services, the existing laws already apply. Just because your ISP's telecom backbone runs over ATM or IP doesn't mean that they're off the hook when it comes to lawful intercept and emergency services (e.g. E911) regulations. When voice is extended to "the edge" in packet form, little changes in that regard.
Now, that said, this RFC proposes an architecture to support tapping data (and any application layer-services that run on it, e.g. voice) in a uniform and scalable manner. Whether you like the idea of tapping or not is immaterial and irrelevant. Service providers must obey the law. If they cannot, they go out of business, or in some cases, never get off the ground. And make no mistake; this RFC is no more about "voice" than any other data service; it describes some of the special problems with enabling the enforcement of existing wiretap laws for packet voice, yet the aim of the RFC is to solve the general problem.
The architecture proposed makes no assumptions about the use of encryption except that no assumptions can be made about the use of encryption; i.e. deliver "tapped" packets to the LEA as packets, not transcoded or decoded into some other format.
Surely there are things that want to say in private conversation that you wouldn't feel free to say if you knew (or suspected) that you were being eavesdropped on?
For example, the Iraqi government used lack of privacy (informers listening everywhere) to deny its citizens freedom of speech (anyone who was overheard saying something bad about Saddam was hauled off to prison).
I don't care if it's 90,000 hectares. That lake was not my doing.
Now I KNOW somebody changed the /. calendar on me. We're only supposed to bash Cisco
ON THE SECOND AND FOURTH THURSDAYS
and this is Wednesday in the U.S., and not even the right week count.
Can somebody please point me to the revised /. Love|Hate calendar so I can get with the program?
LongTail SSH Brute Force analysis tool is here!
I speak ROT13 fluently.
This ad from Sybase has information about a "compliance solution" for customers complying with the new USA PATRIOT Act.
From their ad:
"It integrates your existing customer and transaction information systems into a consolidated compliance system that detects unusual activity and automates its investigation and resolution in a timely, secure and meticulously documented manner."
Yikes.
.. does this mean Cisco will honor the evil bit?