More on Cisco Building Surveillance into Routers

An anonymous reader writes "The company recently published a proposal that describes how it plans to embed 'lawful interception' capability into its products. Among the highlights: Eavesdropping 'must be undetectable,' and multiple police agencies conducting simultaneous wiretaps must not learn of one another. If an Internet provider uses encryption to preserve its customers' privacy and has access to the encryption keys, it must turn over the intercepted communications to police in a descrambled form." See our earlier story and the RFC for background.

Another strike against Cisco.

[supabeast!]

Is it just me, or is this another great reason to buy cheaper, better network equipment from someone else? If I were running Cisco, I would be a little more concerned with the market share being sucked up by newer companies than with adding the cost of undetectable snooping to the product line.

Now I certainly feel justified in moving my company off of Cisco's overpriced products.

Re:Another strike against Cisco.

[PaperJam]

I'm not sure what kind of contract prices you are getting, but I think the prices we pay are pretty justifiable. They have great service and support and if you use CiscoWorks, it really makes the task of monitoring an enterprise-network pretty easy.

Re:Another strike against Cisco.

[Obiwan+Kenobi]

Is it just me, or is this another great reason to buy cheaper, better network equipment from someone else?

Uh, like who? Who else makes equipment as dependable, and most especially, has the most kick-ass support I've ever come across.

True story:

I once had a router go out on me, a little 1600. Being clueless (well, mostly harmless as Mr. Adams would say) about em, I could telnet it and see that the flash memory had gone bad. I was freaked and has no idea how to fix it. As a last resort I called up Cisco, knowing I was going to be reamed for not having a contract.

After explaining my situation, the guy on the other end started walking me through fixing the problem. This is all fine and good, and I waited for one of those Okay-Now-We're-Going-To-Get-Paid breaks where they'll cut off support until you give them a credit card number. I've ran into these kinds of hiccups before, specifically with Symantec support.

But that moment never came. I kept waiting on it and during a file transfer, a new memory image which he made specifically for this problem and had given me a ftp user/pass to use in which to download it, I asked him how we should work out the payment for this call.

He responded: "No, that's okay. You bought our products and this call can demonstrate what kind of support you would get if you purchase a support contract with us."

Within 45 minutes of picking up the phone, my router was fixed and worked perfectly. He also guided me through backup and restore procedures, and some helpful hints in getting my CCNA.

We bought a 3 year contract with them the next day.

Now you tell me where you can get that kind of support and reliability. Do I agree with this being a terrible thing? Of course. But don't knock their equipment or their service. Top notch all the way.

Re:Another strike against Cisco.

[austad]

Umm, even with a 40% discount, Cisco is quite high on their pricing, and this is going to raise their prices even more.

Take a look around, check out some specs on other manufacturers hardware. You'll be surprised at what you find.

I still buy Cisco, because it's not my money I'm spending. However, you bet your ass that if it was, I'd be looking elsewhere. I bought some non-cisco equipment before and it was nicer to use, cheaper, and performed much better.

Check out some of the Extreme and Foundry equipment. Foundry is dirt cheap for their upper end equipment, and is right on par performance-wise with Cisco. There's some firewall company started by some ex-cisco guys and some intel guys. I forgot the name now, but I remember looking at them and they were way better than the PIX.

Why would anyone but government agencies see this eavesdropping stuff as a feature and want to pay for it?

Re:Another strike against Cisco.

[PaperJam]

I agree that some of the other equipment may be less expensive, but there aren't tools powerful enough for an enterprise network. As I said before, we use CiscoWorks and Solarwinds, the ladder of which monitors just about any platform, but also pulls MIB variables from SNMP. I used a lot of different equipment, but I keep going back to Cisco. Perhaps we are just too deep in propietary equipment, but when you are dealing with a network of about a thousand devices it is necessary to have some semblance of unity.

Re:Big brother

[eenglish_ca]

Cisco is playing lab dog to the government but not its customers. Isn't our privacy guaranteed within the constitution preventing actions anywhere near this? Shouldn't simple encryption be able to circumvent the schemes that are being implemented into the hardware?

No

[sulli]

You should absolutely Blame Cisco!

This software can already be bought

Pine, a Dutch company already created such software.

This concept isn't new.

[gosand]

Privacy is for terrorists. Only terrorists have any need for privacy, so what are you trying to hide?Cisco is just being an upstanding and Patriotic American(TM) under the all-American DMCA, CTEA, and PATRIOT Acts, lawfully passed by the Congress Corporation, and signed into American Best-Practices by Chairman Bush.

I get what you are saying, but this is not a new concept. I used to work for a big cell-phone maker, in the cellular software division. I saw preliminary information about a wiretap project that would allow the carrier to intercept, log, and reroute calls if told to do so by some authorized government agency. I have no doubts this is possible, because we were working on real-time systems. To do it would take a second or two at most. I don't know what ever happened to that project, it kind of faded away and our department didn't actually work on it. But this was back in '94, so I am sure something similar has been implemented somewhere.

This isn't new, we are just able to find out about things like this now because of the internet. As much as we don't want "our" technology mucked with by the government, I think it is going to be tough to prevent.

What's being discussed IS teh 'Evil Bit'. [n/t]

phones

[ih8apple]

The only thing that surprises me is that they have been so slow to implement it. The government already has the equivalent of this for phone tapping:

Virtually all phone calls (cellular and land line) in America run through certain switches controlled by Verint and they are always used by law enforcement for wiretapping (and are constantly accused of abusing their authority). (Google for Comverse, the company's name before the recent change to Verint.)

Re:As bad as it sounds, it IS their product

Cisco is not a fucking monopoly! There are many other companies out there making [VPN] routers and switches: Juniper Networks, Lucent/Avaya, 3Com, Shiva, Nortel... and others that I can't think of at this second.

Why does this suprise anyone?

[user+no.+590291]

They sold monitoring and censorship technology to the Chinese government, and weren't punished for it by the marketplace. So the chickens now come home to roost.

this is an improvement, because... read more

[joejoejoejoe]

We have some capabilities in some of our equipment that will allow you to take all the traffic that goes across an interface and send it to another interface. Right now that is used in some cases as a lawful interception technology.
When we first started talking, some engineers said, "Let's turn this on and use that." I said, "Heavens no, if we can narrow the range of information, let's do it."

CISCO Port SPAN. This is what he is refering to. They can currently trap all the packets. This new technology will allow them to select a smaller subset of packets to capture...

This is still scary stuff, and will lead to other new encrypted VOIP stuff that is not built around Cisco hardware, but sending packets themselves, encrypted...

intercept this

[wheatking]

FYI: 'lawful' intercept capabilities have been on every class IV/V voice switches (and soft switches) installed in US networks since late 70s. Cisco is merely catching up as they pander to Carrier/Service Provider markets in addition to their traditional Enterprise market.

Also, look at products like those offered by startups including CloudShield -www.cloudshield.com - these boxes when used with or within Cisco/Juniper/Avici/Procket/Caspian routers will make such 'intercepts' much more powerful. then all one needs is googling capabilities built in and voila.... sharks riding on elephants with frickiN laser beams on their heads....

Re:Big brother

[morcheeba]

This probably isn't the answer you're looking for, but it passed unanimously in both the house and senate. Special interests bought both sides; no one party has a lock on serving the people.

Ah, I'll just have to wait for my legislators to be replaced.

Re:Big brother

[The_K4]

I know, not many ppl in washington stepped up against it. However my point (which I think was clear) was that Dems don't exactly have a better track record then the Repubs. It's an equaly evil evils.