Slashdot Mirror
FCC Asks For Comments On Internet Wiretapping
SECURITY GURU writes "Security Focus has posted a story about The Federal Communications Commission (FCC) launching a public comment period on its plan to compel Internet broadband and VoIP providers to open their networks up to easy surveillance by law enforcement agencies. The 1994 Communications Assistance for Law Enforcement Act (CALEA), a federal law that mandates surveillance backdoors in U.S. telephone networks, is what would allow the FBI to start listening in on Internet communications. The EFF, ACLU, and the Electronic Privacy Information Center all opposed the plan, and an ACLU letter-drive generated hundreds of mailings from citizens against what the group called 'the New Ashcroft Internet Snooping Request.' If you have a comment on why you don't want the governemnt reading your email please post it here. All comments are due by November 8th."
Interestingly enough, the EFF *wants* the government/music industry to tap how we use the internet when it comes to thier file sharing solution.
Here's what I do: Bitty Browser & Andromeda
If you ever thought your unencrypted traffic was safe from snooping over the Internet, you get what you deserve. If you don't like the idea of a company divulging your secrets, don't use that company, or add another layer of encryption on top of it. PGPPhone over VoIP anyone?
...with that tired argument, "If you're not doing anything wrong, you have nothing to worry about."
That is hardly the point.
The House Between - Original Sci-Fi Series
Hey, if Ashcroft wants to read all my spam before I can purge it, can I get an ammendment to the act to allow them to delete it for me?
Why the hell are they asking people for arguments against it? It's obvious it's unnecessary. We have processes in place to allow for wiretaps. The processes might not be easy and that's a GOOD THING.
Get your fucking warrant, set up your equipment, and do your thing. If that takes too long and you miss your chance to get what you need, tough fucking shit. I have no sympathy for you.
Just because we were attacked (and have threats of more) recently does NOT mean that we should treat every god damn citizen like a criminal. Why can we not learn from the past? McCarthyism/Cold War??? Come on, wake up, do NOT stand for this bullshit.
We are citizens and we have rights as such. Why the hell are we allowing the government to walk all over us? Make your complaints known to the FTC and in the polls in November.
Oh yeah, the constitution is kaput!
Internet wiretaps don't make the world safer they do the opposite - they make the world less safe. Any serious criminal will encrypt their connection meaning that the only people a wiretap would be useful against are idiots.
Wiretaps have been abused and these will also be abused - I'm not happy about giving police that power that the return is likely to be so small.
Simon
The ACLU also has a site set up for reading more about what's involved and for faxing your petition - ACLU
Previously, we could only say something like, "Someone may tap into your communication channel" to steal credit card information, listen to your VoIP, etc.. Better start using encryption! Lots of people ignore vague warnings like that. This would give us an actual "enemy of privacy" to point at.
But aren't "they" doing it already with ECHELEON?
We're already implementing https and ssl irc over our network... not that they'll see even that far, they'll likely never see past the exterior VPN tunnels.
If you have a comment on why you don't want the governemnt reading your email please post it here.
Don't you mean, "if you want the government to flag your IP address as a potential "iCriminal" post your comment there..along with your home address so we'll know where to send the net cops when it's time to serve warrants"?
Then again, it's not like Ashcroft will make decisions based on the peoples' opinions anyway. I am willing to bet that this is just an attempt at gaining the public's confidence by providing an open forum (regardless of how useless it will be) for gripes and concerns.
For all of those thinking that this is a step in the direction of government regulation of the internet... Wake up. There is no way possible to regualte, of even monitor all internet-based communication. Anyone here who has heard of ECHELON and CARNIVORE knows how unreliable and backlogged those two systems are. One created to monitor VoIP would be similarly handicapped.
"What I cary in this box is your utter subjugation."
The whole point of VOIP, is that it becomes so easy to set up your own private voip exchange. You dont need to use your ISP for anything other than carrying encrypted TCP/IP.
So all you really need is a VoIP system like Asterix and Pingtel, plus some standard VPN software at the sites where you need to use it.
So with off-the-shelf and open-source software you can create a network that is both isolated from and most likely incompatible with federal wiretaps.
Why should the government require private corporations to pay to give the government easier access to their networks. That's what this is, an unfunded mandate. The government doesn't care how technically difficult this is, or how much it would cost to implement.
Send Comment Files to FCC (Attachments)
BAD idea. I wonder how much ASCII Donkey pr0n they're going to get.
...creating holes and backdoors in these services will lead to exploits of those holes and backdoors above and beyond our kind benevolent government. Only a fool thinks that ISPs and government are above the curve when it comes to hackers.
LilMikey.com... I'll stop doing it when you sto
If you have a comment on why you don't want the governemnt reading your email please post it here.
;-)
Or simply email your comment to a friend
- Setup several email accounts. Most are reserved for sending bogus traffic (trolling for ye olde jack-booted thugs). One or two will be reserved for actual correspondence.
- When zero-hour approaches, send messages indicating "something will happen in (some place) on (some date)" using the trolling accounts. The message is intended to draw attention and resources away from the actual target and attack methodology. These would be encoded using a method with known problems. The encoding method used should be crackable, but not easily - We can't appear to be too st00pid.
- Send all "real" correspondence via high security encryption. To make it more interesting, I would pre-arrange with my cohorts that only messages sent at certain times of day, even using the "real" accounts, would be considered valid. All other messages would be "bait".
I'm sure I'm not the first to come up with something like this. I'm pretty sure the Allies sent many bogus messages prior to the Normandy invasion.The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
http://news.bbc.co.uk/1/hi/world/americas/3696344
any more 'surveilance' just doesn't seem very practicle to me.
--- blackironprison, where ignorance is bliss....
For those of you who don't take crap like this seriously, just look at how far we've come with disolving American's rights since pre-9/11. I don't care if they don't take me seriously, I'm at the very least chiming in with them. Here's my comments to them below.
I have been involved with Internet architecture and security for more than ten years. I must warn you that what you're about to do will be devastating to privacy on the Internet and will ultimately lead to such a strong distrust of the Internet that it may render it useless for any type of corporate or personal communication. There are three very serious issued here that must be discussed.
First, the effects of putting a full-blown monitoring system in place, aside from its immense cost to the taxpayers, will ultimately lead to only one conclusion: a wide open hole for any Internet hacker to direct their exploits at with the reward of full access to anyone's information on the Internet. Security of such a tool would be futile, and trusting a government agency with the security and management of such a tool dangerous in light of the government's inability to secure their own systems. Privacy concerns, corporate espionage, and even snooping on other government agencies are all serious concerns that would undermine America's use of the Internet.
Second, Abuse by those in control. Supreme court justices and high officials are not those many are concerned about with regards to abuse - these individuals are not the individuals who are commissioned to secure and manage such a system. It is underpaid government systems administration staff who would be responsible for managing it, people who are very likely to abuse their power to snoop on the private correspondence of others. Keep in mind we're not necessarily just talking about email, but personal media (pictures for example), online banking communications, and even possibly streaming video which should remain confidential from prying eyes.
Third, Electronic correspondence is all too easily analyzed and mined. Clandestine government operations to collect and store data about an individual over a period of years could easily compromise the integrity of the Internet as a whole and lead to the unjust profiling and intervention of law enforcement agencies who seek to use the information for purposes other than wiretapping.
I sincerely hope you are giving this the most critical analysis possible. The 1994 CALEA law was not passed for Internet surveillance; it was passed for telephone wiretapping. In 1994, the Internet wasn't a legislative concern, therefore to allow the FBI to apply this act to the Internet's backbone is a terrible travesty of justice. Do not allow the FBI to become the legislative branch! Demand that a law be passed specifically for Internet wiretapping before you consider anything. If a system like this were to be put in place, I for one would strongly consider abandoning the Internet and I suspect millions of others would do the same.
If this passes and becomes mandatory, you know who gets the shaft in the end? The people. VoIP companies will blatently use this to pass the buck and probably even moreso than what it will cost to implement the back door all in the name of the dollar. The people get screwed on rates as it is in many cases, here's another to pill to swallow!
Law enforcement is still required to get a court order to tap into your communications.
They are also supposed to have arrest warrants and follow do process to hold people. Especially if they are arrested inside the country. I think a few Muslims in our generation, and Japanese in our grandparents generation, may have something to say about that.
The FBI already has broad authority to monitor telephone and Internet communications. Current law already provides, for example, that wiretaps can be obtained for the crimes involved in terrorist attacks, including destruction of aircraft and aircraft piracy. Most of the changes to wiretapping authority contemplated in the USA PATRIOT Act would apply not just to surveillance of people suspected of terrorist activity, but to investigation of other crimes as well. The FBI also has authority to intercept communications without probable cause of crime for "intelligence purposes under the Foreign Intelligence Surveillance Act ("FISA"). The standards for obtaining a FISA wiretap are lower than those for obtaining a criminal wiretap.
Minimal and Inadequate Standards for Access To Internet Communications Section 216 of the USA PATRIOT Act substantially changes current law. Under current law, a law enforcement agent can get a pen register or trap and trace order requiring a telephone company to reveal the "numbers dialed" to and from a particular telephone. To obtain the order, the law enforcement agent must simply certify that the information to be obtained is "relevant to an ongoing criminal investigation." This a very low level of proof, far less than the probable cause standard (probable cause that a crime has occurred, is occurring or will occur.) - a standard that must be met now to authorize access to the contents of a communication. Under the proposed Section 216, the judge must grant the order upon receiving the certification. Even if the judge disagrees, and believes that law enforcement officers are on a fishing expedition that will yield up no relevant information, the judge must issue the order. The judge is therefore not positioned to protect the privacy of a person's telephone communications; he wields a rubber stamp.
Section 216 of the USA PATRIOT Act would extend this low threshold of proof to Internet communications that are far more revealing than the numbers dialed to or from a telephone, and to portions of e-mail communications that cannot readily be separated from content. Section 216 gives law enforcement agents who obtain pen register and trap and trace orders access to "dialing, routing and signaling information." The bill does not define those terms. They would apparently apply to law enforcement efforts to determine what websites a person has visited. This is like giving law enforcement the power -- based only on its own certification -- to require the librarian to report on the books you had perused while visiting the public library. This is extending a low standard of proof -- far less than probable cause -- to "content" information even while Section 216 purports to exclude content.
The contents of a telephone call are readily separated from the telephone numbers dialed to and from a telephone. However, the same cannot be said of an e-mail address and the contents of an e-mail message. This information moves together in packets. To execute the pen register and trap and trace orders authorized by Section 216, somebody must separate the e-mail address from the contents of the e-mail message of the target. The FBI's answer to this problem is troubling. It obtains access to the entire message. Then, it asser
I boycott signatures
The interesting question here is what they'll do about homegrown/open source systems. If I write VoIP software and talk to my friends through it, will I/it be considered a provider and forced to supply this tapping service?
If no, it is so easily circumvented that it will only catch stupid and careless criminals. Note that this may well be a large portion of the target population and ebough to make this worthwhile.
If yes, it seems extremely intrusive, and since I would be my own provider in this case, also fairly useless. When they order me to implement the tap on my self, it will probably make me more careful what I talk about.
"Kerry will bust you for not being nice to Muslims."
I've heard a lot of dumb and/or partisan political statements this year. A whole lot. But this has to win some kind of award.
What on earth are you talking about?
Consider for a moment, crowd, moderators, metamoderators all. Is it flamebait to look at this pathetic attempt at analogy and say "horseshit?" Or is it just being succinct?
We're supposed to seriously consider whether Senator Kerry has a forced Muslim appreciation regime? Maybe politely ask for his sources? Calmly spend time wondering what hidden diamond of wisdom is buried inside this petrified cow pellet?
Is it somehow satisfying to just wave our hands as these idea spammers overload the mental inbox with bullshit? Have to keep calm... Every idea is equal... Have to treat everyone with respect...
Can any outrage slip past us as long as it is outrageous enough?
We used to have uncomplicated, plain old non-postmodern ridicule for nonsense like this. Is it extinct?
Just curious, acvh, did you wince a little when you wrote that? Maybe even you know you're stretching it a little?
Want to Know How to Cheat the GPL? Read On!