Slashdot Mirror

← Back to Stories (view on slashdot.org)

Monday is Wiretap the Internet Day

Posted by Zonk on from the i-had-other-plans-but-okay dept.

Alien54 wrote with a link to a Wired blog entry noting that May 14th is the official deadline for internet service providers to modify their networks, and meet the FBI and FCC's new regulations. The Communications Assistance for Law Enforcement Act requires that everyone from cable services to Universities give them access, within certain parameters, to the usage habits of customers. "So, if you're a broadband provider (separately, some VOIP companies are covered too) ... Hurry! The deadline has already passed to file an FCC form 445, certifying that you're on schedule, or explaining why you're not. You can also find the 68-page official industry spec for internet surveillance here. It'll cost you $164.00 to download, but then you'll know exactly what format to use when delivering customer packets to federal or local law enforcement, including 'e-mail, instant messaging records, web-browsing information and other information sent or received through a user's broadband connection, including on-line banking activity.'"

19 of 264 comments (clear)

  1. Limits on government by BWJones · · Score: 5, Insightful

    Of course this has been going on for some time, but we are only just now getting around to making it legal (Constitutional arguments aside). I really do find this incredibly disturbing and believe that the founding members of this country would be shocked and dismayed at where we have gone in the past few years (last six or so in particular). What I cannot believe is how anyone on either side of the political spectrum would 1) think this is a good idea and 2) allow this to happen. Remember people that this country is still young and has the appearance of a country that is not only spinning out of control, but it seems to be edging closer to devolving into a shell of its former self. Don't get me wrong here. I am proud to be an American, but we should not stand silent while this country falls apart either through selfish motivation or criminal negligence.

    Remember folks that the Constitution is not a document about what rights people possess, nor is it a document that outlines what governments can do. Rather it is a document that describes limits on what government can do and it could be clearly argued that the Communications Assistance for Law Enforcement Act violates those provisions in the Constitution designed to protect the individual from unreasonable governmental surveillance.

    --
    Visit Jonesblog and say hello.
    1. Re:Limits on government by Lavene · · Score: 5, Funny

      I hear you, but what can we do to really stop this? Submit more digg posts? Write our congressman? Protest at the FCC HQ? What can we do to really stop this? I'm all ears! Well, in the rest of the 'free' world we do it through something called an 'election'. We actually get to choose our government and thereby exercise a fair amount of control. If we want something really bad we can even involve our self directly by joining a political party or even start our own. The entire process is commonly known as 'democracy'.

      You Americans should try it once... it's pretty cool actually.

    2. Re:Limits on government by asninn · · Score: 5, Insightful

      Basically, it boils down to Howdershelt's four boxes again - soap, ballot, jury, ammo. Google for the exact quote.

      --
      butter the donkey
    3. Re:Limits on government by Anonymous Coward · · Score: 5, Insightful

      Disclaimer: I am not American, so I possibly don't know enough about your constitution.

      The way I understand it is that the constitution limits the powers that the government has by enumerating them. It defines the upper limit of the power of the government. In contrast, the bill of rights defines the lower limit of rights that the people have by enumerating basic rights. People have more rights than are defined in the bill of rights. They are only limited by the law (the manifestation of other people's rights).

  2. suggestion by toby · · Score: 5, Informative

    Get a colo service, preferably in another country; OpenVPN to it and use a web proxy running on it. Not perfect, but better than nothing.

    Interestingly, this is the same kind of solution often resorted to by residents of those countries usually tagged as 'repressive regimes' by the good ole U.S. of A. Make ya think, at all?

    --
    you had me at #!
    1. Re:suggestion by Antique+Geekmeister · · Score: 4, Interesting

      SSL private keys and SSH private keys can and have been stolen from remotely deployed systems and used for man-in-the-middle monitoring. And a penetrated router or smart switch on the *internal* side of the OpenVPN is a common approach for really sophisticated crackers to tap all your traffic *after* it's been decrypted by the VPN system.

      Weven where communications are more secure at the application layer, most people simply click on the "do you accept this key" buttons when making an encrypted connection, which makes such monitoring even easier because the user in the field winds up using the man-in-the-middle's public keys, instead of the target destination's public keys. I saw this about six years ago in a rather clever router reconfiguration to minotor all SSH traffic to a victim's internal network administration servers. We only noticed it when I got brought in to see why there were such large latencies on incoming traffic, and dumped the configuration to plain text and actually *read* it, along with noticing that the previous admin had never bothered to install and enable the SSH tools. Then I found out he had been programming it, via telnet, from his laptop on the road.

      We had a long, private talk before I went to the company president with the analysis. He hadn't been allowed the time or resources to do things more securely, and his manager had been saying "we have a firewall, we can trust people inside the network" and had denied this engineer's attempts to do things more securely. It would have been a lot cheaper to do it right than to have me try to clean up the mess later, but it's often difficult to get people to do things right.

      If you think a colo service is robust protection, then go ahead and check how many of your colo setups have encrypted file systems, password protected boot loaders, and password protected BIOS's, just to start with. Then compare what you could do with the same money and resources to secure your systems against rootkits, implement proper password management, etc.

  3. Bot me up, baby... by Itninja · · Score: 4, Interesting

    I want to create a bot will do nothing but search for, and then go to, 'illegal' sites. I figure if it hits a few porn sites, maybe an offshore gambling site, and *any* site in Arabic that should be enough. If we get enough of these bot going it should create so much white noise that the g-men couldn't tell the real stuff from the botted stuff. Or maybe I won't. y'know, whatever...

    --
    I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
  4. $164 by mastershake_phd · · Score: 5, Funny

    $164 to find out how to comply with the law? That cant be right. I suppose you could read the law they passed, but I hear most of congress doesnt even do that.

    --
    Libertarian Leaning Political Discussion Forum.
    1. Re:$164 by Anonymous Coward · · Score: 5, Interesting

      It's not that uncommon. Here in SC you have to pay to have access to the law. It is copyrighted and the state vigorously protects that copyright. In 1998 I was threatened by the state AG's office for having a copy of a .doc file on my web site that quoted a section of the state's vehicle laws. Us peons aren't allowed access to the laws. Knowledge of the law is only for the protected lawyer class.

      I still find it amusing that a friend of mine at the time disagreed with the thuggish tactics they used but is now OK w/ denying commoners access to the law. The difference is that he recently graduated from Duke law school. He is now very anti-Constitution, anti-EFF (despite having donated money to them several years ago!), and very pro-Democrat.

      The text from the SC law:

      "The State of South Carolina owns the copyright to the Code of Laws of South Carolina, 1976, as contained herein. Any use of the text, section headings, or catchlines of the 1976 Code is subject to the terms of federal copyright and other applicable laws and such text, section headings, or catchlines may not be reproduced in whole or in part in any form or for inclusion in any material which is offered for sale or lease without the express written permission of the Chairman of the South Carolina Legislative Council or the Code Commissioner of South Carolina."

      They consider distribution for free on a web site a sale for $0 so that makes it illegal without written permission. I tried to obtain permission and after making around four dozen phone calls and two trips to Columbia, SC, I finally gave-up.

    2. Re:$164 by Alsee · · Score: 4, Informative

      In 1998...

      There has since been a court ruling against copyrighting law. I did a Search of SC law for the term COPYRIGHT and only got five hits.... none of which have any relation to the "text from the SC law" that you quoted. Maybe the law you quoted did exist in 1998, but it does not appear to exist now. They may have specifically repealed it in response to the court ruling on the subject.

      -

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  5. Amendment IV by poor_boi · · Score: 5, Insightful

    Amendtment IV

    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

  6. and.. by SQLz · · Score: 4, Funny

    Using this technology, we'll be able to detect and weed out people who disagree with the current adminstration. That way, the US will be restored to its former glory.

  7. Re:So the next step by J'raxis · · Score: 4, Interesting

    This law actually makes a special exception for encrypted data:

    Section 103(b)(3) ENCRYPTION- A telecommunications carrier shall not be responsible for decrypting, or ensuring the government's ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.

    Full text here.

    --
    Liberty in your lifetime
  8. Telecommunications services only by J'raxis · · Score: 5, Informative

    It's important to note that CALEA doesn't apply to "information services" or "electronic messaging services", only "telecommunications". Here are the relevant parts of the actual law:

    SEC. 102. DEFINITIONS.
    For purposes of this title--
    [...]
    (4) The term `electronic messaging services' means software-based services that enable the sharing of data, images, sound, writing, or other information among computing devices controlled by the senders or recipients of the messages.
    [...]
    (6) The term `information services'--
    (A) means the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications; and
    (B) includes--
    (i) a service that permits a customer to retrieve stored information from, or file information for storage in, information storage facilities;
    (ii) electronic publishing; and
    (iii) electronic messaging services;
    [...]
    (b) LIMITATIONS-
    [...]
    (2) INFORMATION SERVICES; PRIVATE NETWORKS AND INTERCONNECTION SERVICES AND FACILITIES- The requirements of subsection (a) do not apply to--
    (A) information services
    [...]
    --
    Liberty in your lifetime
  9. In Soviet America by houghi · · Score: 4, Insightful

    the governement monitors you.

    --
    Don't fight for your country, if your country does not fight for you.
  10. Re:So the next step by bmo · · Score: 4, Insightful

    "Hopefully this will drive people and information service providers to use encryption wherever they can."

    Of the general population of the US, only the technically minded minority will do that.

    Seriously. Try to talk to someone who thinks that the Internet is the IE icon (really, a co-worker keeps saying this) and all you'll get is glazed eyeballs and a "I don't get it. It's too complicated. I have nothing to hide" reaction.

    Such people can't even be trusted to keep their anti-malware software for Windows up to date. You think the general public is going to start encrypting everything suddenly because of this?

    "Think of how stupid the average person is, and realize half of them are stupider than that." - George Carlin

    Only if encryption gets as transparent as the fish:// ioslave in KDE will it get serious adoption, and even then it will have to be enabled by default. Don't expect Microsoft to lead the way in this department.

    --
    BMO

  11. Re:So glad I'm expat now... by Antique+Geekmeister · · Score: 5, Informative

    Unless your email is encrypted, much of your domestic and almost all international traffic is already monitored via the spy rooms installed by the NSA in core backbone network provider's facilities, such as those installed at AT&T. And with the massive bandwidth and facilities available at such centers, and the truly abysmal security of many switches and routers including documented backdoors installed for federal use, it's easy to reroute other traffic to those rooms. So let's be clear: almost all unencrypted internet traffic is monitorable by the NSA. Even though it's illegal for the NSA to monitor most domestic traffic, there are no safeguards in place to prevent it, and with the US Patriot Act in place, all they or other federal agencies need do is mumble "terrorists" to gain unfettered access to it.

    I'm afraid it's going to be difficult to coordinate protests with this kind of monitoring in place. And we're still seeing people say "but if it saves one life from terrorists", not realizing that it actually encourages terrorism by ruining trust in government and making people feel that only violent action might be effective.

  12. Re:misunderstood by Antique+Geekmeister · · Score: 4, Interesting

    I'm sorry, but you are sadly mistaken. Go actually read the unclassified parts of the Patriot Act. Then take a look at the existence of the secret NSA wiretap rooms in on the core internat backbone providers such as AT&T, rooms whose existence was revealed by a company whistleblower and for which AT&T is being suied now by the EFF and other civil liberties groups. The NSA certainly can and does monitor international traffic legally, with no authorization required. It's their *job*. Unfortunately, so do other countries. And the NSA trades with them to get domestic materials.

    The three branches are *not* involved in this. The handling of the monitoring does not require warrants, and is thus executive policy, without court involvement or even notification of what is beiing monitored. And even if the three branches are involved, the people being monitored are *not* being notified of the monitoring!!! There is no warrant served: even libraries are prohibited by the Patriot Act from telling book borrowers that they've been forced to turn over records, without warrants, under the Patriot Act.

    Yes, it's been going on for years. It's going to happen again and again, and it needs to get slapped down each time it occurs to prevent it becoming ubiquitous and a means of interfering with public policy or personal lives of the innocent. Given the documented monitoring of Martin Luther King by the FBI, the McCarthy era files of who was a communist and forced confessions of other potential "communist" americans, and stupidities of federal raids with warrants such as the "Operation Sundevil" raids on Steve Jackson games, there is just no reason to trust federal investigations or monitoring without public exposure and review.

  13. Re:So the next step by Bob+Gelumph · · Score: 5, Interesting

    So when will slashdot enable https://slashdot.org?

    --
    I'm gonna need a spec.