More on Cisco Building Surveillance into Routers

An anonymous reader writes "The company recently published a proposal that describes how it plans to embed 'lawful interception' capability into its products. Among the highlights: Eavesdropping 'must be undetectable,' and multiple police agencies conducting simultaneous wiretaps must not learn of one another. If an Internet provider uses encryption to preserve its customers' privacy and has access to the encryption keys, it must turn over the intercepted communications to police in a descrambled form." See our earlier story and the RFC for background.

Yes, but ...

will they implement the evil bit?

Big brother

[blate]

Looks like just another opportunity to have our rights violated. I'm sure the Department of Homeland Insecurity is thrilled about this. Is this what Cisco means by "Empowering the Internet Generation"?

Re:Big brother

[MORTAR_COMBAT!]

not to mention second amendment rights [...] Be afraid... and for God's sake, don't vote Republican.

The Democrats want to take away the second amendment rights. The Republicans want to take away the 1st, 4th, abortion, etc.

Wisen up and rise up. Revolution is the only way. Those in power will fight very hard to stay in power. You end up having to ask yourself one question: How much do you value the rights for which millions have fought and died for?

As for me, I'm going to just use a bit of double-think and forget that I had that thought, so I can go on being a happy little sheep in my comfy white-collar suburban world.

Re:Big brother

[MORTAR_COMBAT!]

My laptop is plugged into a Cisco Catalyst 2900 series XL switch. From there it hits the Cisco Catalyst 6500 box, and then the wire goes downstairs, presumably through more Cisco equipment, across the Internet full of Cisco equipment.

Note that I didn't advocate the violent overthrow of the government, only revolution. Big difference. I've been advocating that publicly for several years.

Incremental changes to our completely hosed system doesn't cut it. The Constitution was a fine document, too bad it wasn't even 20 years before it was spoilt by the greed of men.

Time to break out your own encryption

[mrjive]

If you encrypt everything yourself, there's not much they can do about it, now is there?

Sigh.

[Pirogoeth]

As it says though, don't blame Cisco. If they didn't do it, sure as shootin' someone else would. Blame Ashcroft. Hopefully Cisco will find a way to build auditing tools into this to help promote responsible use.

Undetectable built-in backdoor

[shrikel]

Eavesdropping 'must be undetectable,' and multiple police agencies conducting simultaneous wiretaps must not learn of one another.

So what happens when a black hat gets in?

Answer: a completely open router that acts like none of his packets have the "evil bit" set.

Really, this is starting to worry me. If it's all undetectable, and is built in, how is this different from the telescreens in 1984? Big Brother is reading your packets!

Re:Undetectable built-in backdoor

[TarPitt]

Black hats do get in...

A story (I believe) in "California Lawyer" from maybe 3 years ago noted that Kevin Poulsen, while phreaking, had managed to discover phone taps planted by the US Government in various foreign embassies, including South Africa. A condition of his release was that he was forbidden to discuss the details.

Should assume your channels are vulnerable

[xtal]

This doesn't seem to be that big a deal to me. If you're passing large amounts of data around that would attract the attention of people who could get a lawful intercept warrant, then I would assume you are smart enough to use SSH, IPSec, or some other similar secure communications technology that renders the capability of this system useless. I smell an attempt to get a law mandating that ISPs upgrade to this equipment, meaning they'll have to replace all their existing non-conforming equipment by some date. I imagine the post-dot-com networking market is taking a hurting now.

"They" can already get IP logs and such that reveal a lot even without access to the information contained in the packets. Traffic analysis is a very powerful tool. The only people who would really stand a lot to lose from this would be the music and/or warez traders. Warez isn't that big a deal, and music copying isn't a big criminal deal here in Canada.

*shrug* Another cash grab. Hope someone 0wns the system good and makes Cisco look stupid. Oh, wait, DMCA. Nevermind.

it only bothers the unknowing honest.

[Lumpy]

or the very stupid evildo-er.

If I simply send everything encrypted AND send lots of fake packets... I.E. random sized files that consist of the contents of /dev/random to all my comrades they will never EVER figure it out.

It's called hiding in a sea of garbage. Now write a nice small program that is a P2P sharing app (or a plug-in for one) that sends around some of those random files to other users (small ones 1-100K in size then keep your files in that size range)

Screw with them as they screw with you.

so a freenet node will completely hose this "eavesdropping system"

multiple hidden wiretaps...

[frenztech]

"multiple police agencies conducting simultaneous wiretaps must not learn of one another" -- If the police cannot determine if a wiretap is running on the router, then what is to stop a malicious party from running one there without administrative knowledge?

It's a 2-Sided Coin

[serutan]

McCullagh makes an excellent point that US government agencies have a history of illegal surveillance. If protecting the public justifies building in eavesdropping capability, then it equally justifies building in accountability. Terrorists and civilian criminals aren't the only menaces to the public. Surveillance activity should be logged and sent to secure storage which can be accessed through well-defined legal channels.

Re:you want privacy?

[blate]

Just wait until some petite functionaire in the Federal Government thinks that, for some reason, you're a terrorist (I mean the generic "you", not you in particular). Do you really want to make it any easier for them to tear your life apart?

Remember that law enforcement agencies are significantly motivated by *politics* -- which may or may not be what's in the best interests of national security, personal liberty, or justice. Today it's Arab terrorists they're targeting. But, perhaps if the recording industry pumps some more money into congress, they'll start locking up college kids for duping Metallica songs.

Locking up real, bone-fide terrorists is fine by me -- indeed, I encourage and support it. But giving some beaurocrat with a hair up his ass more power to invade my privacy is not the way to do it.

Re:I don't see what the big deal is.

[jay-be-em]

The real problem I see here is that we are creating a methods by which a government member can know absolutely anything about anyone at any particular point. Now what if we (meaning the US) mistakenly elect government officials with very bad intentions? It HAS happened before in democratic countries, and I will neglect specific examples in order to avoid Godwin's Law. I don't necessarily fear what our current government will do with these technologies. I DO fear the prospect of a group of rogues using an infrastructure that we implemented for evil. I really believe that it is necessary in a free society to maintain some methods of secret communication. All revolutions which resulted in a better society required channels of secret communication that were unheard by 'Big Brother' as some may say.

Re:I don't see what the big deal is.

[st0rmcold]

Yay, another ignorant, there are certainly an abundance of people on slashdot who have the "I have nothing to hide" mentality.

You say pirate software, sure it's illegal. But what I visited web sites or downloaded materials related to religions? or sexuality? completly legal materials. And imagine an agent, who has his own moral views and decide he dosen't agree with what you are doing, even tho is completly legal, he can make your life a living hell, this goes for most everything, our privacy is the most important part of our freedom, because other people don't always share our views. Especially on very controversial issues.

I'll go ahead and assume you're just a youngin, because any adult in his/her right mind knows this, and knows that the ability to believe in what you want is the real freedom, without having people in power being able to discriminate.

This is not as bad as it sounds

[goombah99]

We've lived for centuries with unencrypted postal mail, and over a century with unencrypted phone messages, and a century with unencrypted radio communication.

Thus its not like itsa new form of intrusion or the ersoion of a sacred right. Moreover we have an extensive legal system that already know how to walk an acceptable line between preserving public order and unlawful searches and seizures. yes there are flagrant abuses of course, but the basic level of public expectaion and legal machinery is inplace to deal with this

Thus the real question is if the ascroft era people will try to use this as an end-run around the existing legal machinery. I paraphrase a former missouri senator who said (about carnavor-like intrusion) "I dont put a phone jack on the outside of my house so the feds can listen in when they please, so I dont want a jack on my internet connection for the same purpose". Ironically that senator was the John ascroft before he lost hisz relection bid to a dead man and became the worst attourney general ever including edwin meese. Now he chafes at these restrictions and does indeed want such a jack and the pre-emptive authority to use it without a court order, probable cause, or a defined list of evidence to be gathered.

Thus I welcome the cisco method since it formalizes what is now a covert and thus unmonitored process. thus this may bring the light of public scrutiniy and invite the invocation of past legal precedent.

Re: ain't so simple

[elwinc]

In Scott Ritter's case, he was accused propositioned sex from (who he thought) an underage girl over the internet. In fact it was an undercover police officer.

Actually, according to the article, Ritter is alleged to have "had a sexual discussion." This is not at all the same as propositioning.

Was he tried? Was he found guilty? The article doesn't say. What it does say is "The case was sealed, and Colonie officials declined to release the arrest records, explaining the matter was adjourned in local court in contemplation of dismissal."

In this country, a person is innocent until proven guilty. So accordng to the information provided, Ritter is currently innocent of the charges, and likely to remain that way.

There is no reason to release the arrest record, and in fact County officials refused to release the arrest record. In such cases its unethical and likely illegal to release the arrest record.

This leak sounds to me more like the tactics of a police state than a democracy that values freedom. Which is the greater crime; Ritter's alleged misdemeanor, or the leak? Do you think this leak will even be investigated? I'm not holding my breath.