Slashdot Mirror
Tap-Tap-Tapping the Net
The IETF will be considering building wiretapping into internet protocols (see previous slashdot story) tonight at their conference; the Washington Post has a story on the subject. A great many civil liberties and technically-oriented organizations have signed onto an Open Letter urging the IETF to reject any attempt to build snooping into the net.
...and they said I was *too* paranoid. This is very scary. Of course, this makes me wish that Zero Knowledge would hurry up with a linux client.
-AJ
Secondly, why should we care? Anyone doing anything illicit will be using encryption anyway. So catching criminals isn't the issue here. Hell, I frequently use PGP for stuff that I don't consider sensitive - like sending source back and fourth between my friends. The only use for a wiretapping protocol will be to let the l335 h4x0r d00ds have a reign of terror on the 'net.
I say to hell with the IETF - Let the chips fall where they may (and they will fall!).--
What with this and the recent stories about echelon, it is high time we started encrypting everything that we hold dear. Unfortuneately, we can't encrypt everything on the internet.
There was a story some time back about Freedom, a web encrption scheme that encrypts all communication between your PC and the servers you are communicating with. Does anyone have a link, or more info? I have lost mine since then.
Computers can only simulate determinism. ~Hermetic.
Hmm, how do I connect to other computers? SSH.
What if I need to talk about important stuff on IRC? Encrypted DCC Chat.
File Transfers? Easy, compress with a password.
Any kind of protocol for this would be easy to break past. Just remember, they can't watch everyone all the time so they won't watch most of the people any of the time. Encryption wouldn't even have to be extremely strong...just powerful enough for them to not be able to look directly at it. There's FAR too much information out there to decode it all.
- How do the IETF propose to wiretap -AND- have strong PtP IPSec encryption?
- How do the IETF propose to locate packets, given that routers decide paths on-the-fly?
- How do the IETF propose to enforce this, when they are not a regulatory body? In fact, the strongest the IETF can do is release an RFC, which is just that - a request for comments.
- Who, exactly, is going to implement this wiretapping protocol? Even if the entire backbone used it, all you need do is tunnel through and the protocol becomes useless.
- What protections can the IETF impose, which guarantee that the wiretapping would even work, even assuming you -could- find all the fragments of all the packets and re-assemble them all? It's easy enough to modify a TCP/IP stack. A few tweaks here, a few tweaks there, and you're sending valid data which the sniffer will reject, but which your intended recipient will accept.
In balance, I think it's useless, pointless and stupid. Stick to IPv6 promotion. That's useful. This isn't.It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
How familiar are you guys with the Bible? Ever read Revelations? Ever read about the ends of teh earth? Well, this is a part of it :) In the Bible it mentions everything about everyone being recorded. No one will be able to do anything with out it being recorded. Computers are makeing this possible. The article earlier today about Sony and Sun teaming up is just more of the same, showing how close the end really is.
Just figured I would mention that. Maybe get some discussion going about it.
If anyone knows the exact verses I would like to have somone refreash my memory. I have to work in a bit and don't have time to find at at the moment.
"I couldn't give him (Bill Gates) advice in business and he couldn't give me advice in technology." Linus Torvalds
PGPnet! Comes with the Network Associates version of PGP Freeware. Can encrypt all network traffic to others using it.
Let's make our own. Why the hell should we use a protocol which will let the scum of the earth track our net usage? I say we should get a competing group together to make an ipv6 that won't kill privacy.
If they do this I can easily imagine a open standards group forming to make their own standards and a large portion of the community would switch to those standards instead. With operating systems such as Linux at the heart of the Internet I can't see the technical community being forced into being spyed on. It might be pretty messy opening a standards war with Internet protocols but in the end open standards would win. The Internet is where open/sane standards have the most force because it is implemented by smart people. And as others have pointed out you can just encrypt everything on top. I'd imagine we'd soon see strong encryption being worked into all protocols giving the government an even harder time snooping.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
The Clipper chip initiative was supposed to be no big deal, because the government would only use it when they had reason to suspect. When people got upset, a smaller group of people said, "Well, the NSA can probably crack your messages anyway, so why not give them your keys?" (Now, of course, it's being shown that maybe we *aren't* so far behind the NSA-- they probably *can't* break some of the stuff out there!).
The response was simple: Just because somebody can open up an envelope doesn't mean that we send all our mail on post cards. The envelope may *not* help privacy in a lot of cases, but we still use it. It's a matter of principle-- just because somebody can violate your privacy, there is no reason to openly invite them to do so!
Some people have been saying that the government is able to listen in on our communications anyway, so why not add in a provision to allow them to do it more easily?
Simple: we can't *condone* a violation of privacy. Scott McNealy may say that we have no privacy, so get over it, but I'll bet he'd raise all holy hell if one of his employees were to read through all his e-mail.
By implementing a standard that would allow the government the ability to snoop in on our conversations, we are not only condoning such action, but encouraging it! Never, at any time, should we encourage the government to (with or without permission) monitor our communications!
Just my $0.02
I mean sure, you'd lose some compatibility, but just like Alternic, it personal/private protocols could definitely have their places and uses. Build an encrypted protocol, or a protocol which could be encrypted/signed with a pgp key and the world will love you. Keep your communications private and your own. Nobody owns you, nobody owns your communcations, nobody owns your thoughts, and nobody should own your entire means of communications.
Can be patched with fair sucess at another.
For example, I think it'd be harder to make IPv6 less secure than IPv4, but we have layers on top of IPv4 that are sufficently secure.
On another related point: will the relaxation on exporting cryptographic source lead to the 'secure linux' patch being merged with the main kernel tree any time soon? Or are there other problems with the patch?
-Yarn - Rio Karma: Excellent
But then recovers, and proposes a worldwide ID number.
And then launches MS Four Horsemen
George
This isn't going to be very popular, but I'd really appreciate some responses from people who've dedicated much more energy to the analysis of these type of questions.
;-)
Now, I say this as a hardcore privacy advocate. I'm not the enemy. I'm a theorist, who wants to know:
Is wiretapping evil?
By that, I mean do people have an intrinsic right to privacy that doesn't end when they begin violating the rights of others?
After all, few of us would complain about the subpeonas that have been delivered unto Tobacco Companies, Microsoft, and hopefully RealNetworks. Subpeonas are after the fact violations of privacy--society is demanding some chunk of personal information from the subpeona'd party. Steganography is designed to defeat such information gathering techniques...but the existence of the technology doesn't mean subpeonas must be evil.
Nor too does the existence of wiretapping prevention technology automatically make wiretaps illegal.
From what I've been able to discern from the literature, there's a slant towards arguing that wiretapping should be difficult--essentially, so it's only used for cases where national security is at risk. Can a system be designed where it is intrinsically difficult, but not impossible for society to spy on certain individuals' communications?
Again, I'm the guy at work who is the point man on SSH, on custom designed secured VPN proxy links(believe me, that actually makes sense), and all these types of technology. But I'm also the guy that, when his friend was attacked by somebody who called her on the phone a half hour before, ran to campus Information Technology demanding the phone logs(and was oh-so-irate when they wouldn't let me write the simple Perl scripts necessary to extract them from the logging port on the switch. And people wonder why IT hates me.
Screaming about how child molestors are being used to justify widespread Big Brother monitoring is all too appropriate...but begs the question, what about the child molestors? Is it possible to shield everyone but expose those who society does need exposed?
At least a government intrinsically possesses citizen oversight. Corporations and "Mafia" style operations have no such limitations, and flourish quite well under power vacuums. A government that cannot keep tabs on such organizations is arguably irrelevant to them--just look at Russia lately.
Sooner or later, I'm going to be taken to task over the secure technologies I'm personally involved with designing and deploying, and I want to be able to reply with something I believe in. I want to be able to defend my position, and I need your help to do so.
So, is wiretapping evil?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
It seems that (according to the Washington Post story) companies who make communications equipment were worried about the Feds requiring their equipment to comply.
This leads me to wonder: Since this has arisen because of IP telephony, is it possible that traditional phone companies, fearing a loss of business to entities who don't comply with wiretap laws, are pushing this proposal? Seems like an interesting conspiracy theory at least.
Anyway, the IETF will probably kill this bad idea.
Fizz
Sure. It's a great idea. Just make sure that everyone has the ability to utilize that functionality. (Think of it as adding sight to the net.)
penguinicide... when jumping out a window just won't do.
Well... there is no such "right to privacy" for individuals. The corollary to this, however, is that there is no "right to spy" for the gov't either. So tap-tap-tap all you like and I'll crypt-crypt-crypt all I like. May the best one win.
Obviously, this would have to be only the first step; outlawing implementations w/o the trapdoor would have to follow or we'd all just ignore it. Outlawing all other forms of encryption would be necessary too. I don't -think- that there's a chance in hell we'd let it get that far, but I'm not taking any chances. Between the DVD-blowup and this nonsense and the censorship issues, I just went and signed up to be a member of the EFF. Lots of us are tech professionals. I, at least, can put off a memory upgrade on my linux box for a few more weeks for a little piece of mind.
--Parity
--Parity
'Card carrying' member of the EFF.
The IETF, contrary to many posts here,
(1) isn't the bad guys, and
(2) probably will decide to ignore wiretapping concerns in protocol definitions
The question the IETF is debating the answer to is, roughly, "should wiretapping laws (of varoius countries) be considered a factor in protocol designs." It's a good and important question to ask and folks shouldn't demonize them for asking it.
That having been said, the answer will probably -- quite sensibly -- be "no."
--G
Is it just me and my version of Netscape? Is Rob color blind? Is there some secret conspiracy to make me go crazy? What is going on?
Got HTML? Want LaTeX? Try html2latex
I hate to tell you all of this, but this is not echelon. This is not a grand government plot. This is about the application of existing law-enforcement techniques (wiretapping phones) to new technology (wiretapping information transactions). The same procedures for getting a wiretap on a phone will be required for getting a wiretap on information transactions.
So, what, exactly, is the problem? Unless you are a criminal, and quite a significant one, you have nothing to fear from the FBI. If you did have something to fear from the FBI, your phone would be wiretapped already, your house will be bugged, and your actions monitored. And no, the FBI does not have the manpower to listen into your phone unless you are quite the bad*ss. Even then, a federal judge has to approve the warrant (the legal document, not the band) that will allow them to wiretap you.
While I feel there are some security issues introduced by this, I hardly think that it isn't worth the value given. I mean, on one hand, some incompetent sysadmin gets his system hacked (and it would have been anyway), or we can't get the information needed to convict dangerous criminals.
I hate to be this way, but I feel that some /.ers are law-enforcement luddites. On one hand, they believe technology is great, and we can use it in new and exciting ways. On the other hand, they believe law-enforcement shouldn't be allowed to expand their existing abilities to take new technologies into account.
I'm just rambling anyway -- really, if ISP's would really be required by law to provide wiretapping capabilities to the FBI, they'll have to figure out some way to do it, regardless of what the IETF says or does.
Jack Valenti and the MPAA are to technology as the Boston strangler is to the woman home alone
Meet the MS Four Horsemen 2000:
MS Mutual Violent Intent
MS Lack-of-Food
MS Viral Outbreak aka Outlook
MS Unsurvivable Occurrence
MS Four Horsemen 2000 comes bundled with the intuitive MS LeviathanPlayer for streaming media formats, and fully supports the MS WhoreOfBabylon web page extensions, because we value our ability to innovate. MS Apocalypse can be a pretty intimidating place. MS Four Horsemen 2000 is designed to make the experience a whole lot easier.
(this goes along the lines of the old joke among my friends that one day we will wake up and find that MS has released a wonderful new product entitled "MS Breathable Gas")
--
Zero tolerance equals zero intelligence
I'll worry when the temple is rebuilt. There's a great big mosque there right now. Until then, party time.
If tits were wings it'd be flying around.
If you break open the seals on MS Horseman, you absolve MS of all damages incurred by plague, war, hunger, sun turned black, moon turned to blood, earthquake, accidental loss of damage, as well as any implied responsibilities or liabilities in this kingdom, and the one to follow.
George
Stop for a moment and imagine the government's ideal scenario. They want unhampered access to as many forms of communication as possible. At the same time, they want people to think their communications are secure. That way, people will talk openly, and they can gather more information on the bad guys.
So they say.
How far does it go, though? Take a few sample cases...
Frankly, I think the government can shove wiretapping up its ass. Joe Average is the one who really gets the brunt of their scrutiny. Is our society so paranoid that we must spy on our own people? That's not the kind of life I want, although it gets more that way every day.
Best regards,
SEAL
One thing most /. users are ignoring is that the internet is a global phenomenon; for me, arguments about the validity of the FBI's actions are irrelevent.
I'm not saying that the US has a monopoly on intrusive surveillance (Enfopol may (or may not) be as bad as anything y'all can come up with). But what's needed is a global perspective.
(In case you were wondering, btw, I don't want to be tapped by the CIA any more than you want to be tapped by the FBI).
They can't do it now?
Tapping is already built into 'the net.'
Anybody ever look at the output from a packet sniffer?
Moreover, there are three key problems:
1. Any protocol for transmitting data, can also transmit encrypted data.
2. Any protocol is a software specification, and therefore must be adopted by the industry before having impact on the community.
3. Any Internet protocol must support the wide variety of computers on the Internet, including, old computers, legacy systems, and technology being deployed TODAY. Who's gonna upgrade software to facilitate snooping their data?
John
I have in fact read my bible, and I have read the Revelation, several times. I see nothing that gives me any impression that everything will be recorded. Well, God will do some recording, but nothing indicates either a goverment or other human institution will do recording.
For your post to be on topic it must be true, that is there must really be something in the bible that says in the last days everything will be recorded.
I feel safe with my data, and you can too. All you need is:
-Set up a dedicated secure linux firewall running IP_MASQ
-Install and configure CIPE. Here's the HOW-TO
That allows Virtual Private Networking with 128bit encryption. Its GPLed, and after you get it set up its incredibly fast (I use it over a cable modem). Its a lot more secure than a NFS+SAMBA solution.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probably cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
- Ammendment IV
It looks to me like they got it right the first time. Nowhere in there does the U.S. Government have the mandate to universally require wiretap ability, but may force it only on specific people or places when justified by probable cause with supporting testimony.
I've seen no politicians stand up and oppose this section of the Bill of Rights, yet far too many try to violate it. I think the U.S. would do well as a country if its politicians read the Constitution once through...
"should the IETF develop new protocols or modify existing protocols to support mechanisms whose primary purpose is to support wiretapping or other law enforcement activities"
"what should the IETF's position be on informational documents that explain how to perform message or data-stream interception without protocol modifications"
Ummmm.. I'm confused...
:-)
Since when the hell did IETF gain any form of actual control? They can release an RFC, right? BFD... It's not like they write any actual CODE or anything..
You don't want people spying on your communications? Use code that doesn't implement that spec. Wheeee!
Does anyone honestly think that, given a choice, an indiviual would choose a piece of software that is intentionally insecure? Really, given an actual, informed choice, mind you...
IETF has no real power. They can define the spec all they want, just don't use that spec. There's already specs out there which are not tapable. Use those instead. The whole point of the RFC system is "may the best protocol win", right? So.. May the best protocol win.
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
The IETF full-well knows that IPv6 will make wiretapping of the internet a moot point. "Yeah Mr. NSA, you can listen to ciphertext zip by, be my guest"...
My suspicion is that this is a way of saying "Nice doggy" to the 'powers that be', because the 'powers that be' can fund backbone upgrades, provide research grants, and lobby in favor of certain protocols and technologies...
This support from the federal government would mean a lot to the members of the IETF, and if the price of the support is providing a back door that leads nowhere, so be it.
The people on the IETF are not as dumb as those twisting their arms are.
Besides, what better way to convince big business to lobby for strong encryption than to show that lack thereof is tapable?
Slickness points to the IETF.
-- What you do today will cost you a day of your life.
Netscape 3.01 (hey, it doesn't crash),
XF86/Linux 8 bpp. Wierd.
-- cary
They'd better make damn sure they only tap US citizens, if they'd start tapping. Otherwise they would somehow be out of their jurisdiction... That would be possible technically speaking, but still, if my packets would go through a US server they would have the right to read em. Or do they?
Areas are now being color coded. It's on purpose, and it should be consistent within a topic.
:)
I suspect that Rob/Andover is trying to increase ad revenue by increasing membership. Making slashdot contain more eyecandy, thereby attracting AOL users like moths to a lamp.
I just hope that it's actually a bug-light.
Just ignore them. The colors should fade in 8 to 12 hours... Have a nice trip.
-- What you do today will cost you a day of your life.
Is icky. I suspect 'internet wiretaps' will never get too far -- at the very least places like /. and such will scream loudly enough to be heard.
~Owen
No, the only people this would affect will be closed source OS users, notably the 90% of PC users who use Windows.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Exporting strong encryption to other countries is illegal now. In other words, they have built a wall. This wall isn't really in use as of now. It's just there to use as leverage, in case the government is in the mood to make an example of a harmless computer enthusiast.
As soon as the government controls what's inside the wall, there will be border control. "Wire-tapping" protocols is simply a step towards justification of monitoring our lives.
It's just a matter of time before until all phone conversations are recorded, and all email is logged, and all body language is video taped, and every Personal Computer is "wire-tapped." The population as a majority will shut up after a while of hearing things like, "it's only for your protection..."
This is probably nothing to worry about for years. I just hope I never see it.
You raise some good questions. Something to consider is that wiretapping is a relatively new capability, dating only to the advent of the telegraph/telephone. Until then, there existed no way to perform this kind of invasive monitoring.
In my humble opinion, the writers of the Bill of Rights would consider built-in wiretap capability not only a violation of the Fourth Amendment, but possibly also the Third and Fifth -- against compelling persons to quarter troops in their houses and compelling persons to testify against themselves.
The existence of a court order does not remove the fact that an individual having an expectation of privacy acts very differently than when that expectation is not there. Do individuals tell falsehoods in private conversation? In many cases, yes.
In my opinion, wiretapping is the magic bullet for LEAs in the way that polygraphs were until they were proven unreliable and unnecessary. Is wiretapping *necessary*, even if it is reliable? I doubt that it is. Such invasive procedures should be difficult and costly. Making invasion of privacy cheap and convenient will only make it ubiquitous. So many things in our society are done for the convenience of those in control, and not for the well-being of individuals. (As an example, look at how hospitals treat women in labor -- everything designed to make medical intervention convenient, nothing designed to make it unnecessary.)
I use this solely between 3 private networks that need 128bit encryption. This is overkill for everyday usage.
Ummm... yes, that's what the paper says. What does this have to do with my position that the IETF needs to be burned before it wakes up and goes back to it's original charter of creating reliable protocols? They're engineers, afterall, not spooks.
--
Wirtapping, per se, in not evil, but secret wiretapping is. The victim of the tapping should always be informed (after the fact) that they were wiretapped, by whom, and what information was obtained.
I think that widespread use of strong cryptography would be the best thing that could happen to wiretapping. That way, the cops pick a target, obtain a warrent, then record the encrypted communication for a time. After they feel they have enough information, they must then obtain a supena and present it to the target of the wiretapping. The target must then provide the plaintext of the encrypted message (preferably in a manner that does not compromise his or her private key) to the authorities.
This way, law enforcement can still do what it needs to do, and using wiretaps for illegal fishing expeditions is technically impossible.
This scheme does allow the police to perform secret surveilence on a suspect, but they will not be able to obtain the fruits of their search until the searchee is informed, and possibly even has a chance to challenge the search in court before it is completed. If the encryption is based on a public key system, the authorities (and everyone else) do have access to the target's public key, so they will be able to validate the decryption of the intercepted messages.
3. The NSA and CIA are rather closed, and nobody knows exactly what they do. The FBI, on the other hand, is a large federal law enforcement agency, and everything they do is just as open to the public as whatever your local police may do, i.e. whatever you do not know is to most likely to protect the privacy of the defendants and the integrity of case.
3. Citing Hoover-era FBI tactics as current FBI policy is absurd. It's like saying the army is inches away from running out of their bases and killing native americans. Sure, it happened, and it was terrible. But we live in a different era today. We don't have perfect law enforcement (never will), but we aren't illicitly wiretapping our president -- that's the Mossad's job now ;)
3a. Citing anything ever done by the LAPD as general law enforcement practice by anybody but the LAPD is also absurd. :)BR
Jack Valenti and the MPAA are to technology as the Boston strangler is to the woman home alone
Well personal privacy is marooned on a distant planet it seems therefore maroon is an appropriate color here.
I mean come on... this freedom stuff is for the birds. What we really need is a good dosage of big brother to make us happy. How do I know? Big brother told me so. That's good enough reason for me.
So, I think that this is a really good first step. Now every packet I have can be monitored and checked. Honestly, I don't care if they do it to me whether I am a criminal or a working class person. Its all just fine with me. Don't think of it as the FBI or the NSA eavesdropping, think of it as your own personal entourage. Every thing I do, whether I type or I talk on the telephone, they can listen to me. That doesn't sound bad... Its comforting really, like the AT&T commercials, but without having to pay for long distance.
Maybe one day I'll be lucky enough to get a barcode stamped on me, or maybe a subdermal implant, either way - if it helps the NSA or the FBI catch the bad guys, it must be a good thing. After all, the FBI and the NSA are the good guys, they would never use any information in an illegal fashion. That is important to me.
Sure their history may house a, well, a few tarnishing events, but that's ok. Everybody makes mistakes, lets not penalize them for that... that would be... unfair, and we want to be fair.
See, I will gladly be compliant... Niether the FBI nor the CIA, nor the NSA have anything to fear from me. I will gladly be a sheep.
You say you want a revolution?
We're different; mappers instead of packers, to use another metaphor recently seen on here. One day the Government could decide we're dangerous and should be tracked. Ever see the Sci Fi show about the kid who's killed because his IQ was too high? (Outer Limits, I think it was.) We innately distrust authority because we've seen what idiots buerocrats can be, from the school administration who classified us as "Learning-impared" because we didn't do well in classes that bored us to Pointy-hairs at any given company.
And just because you're paranoid doesn't mean they're not out to get you. Abuses of power within the various three letter agencies are well documented in the states. From the McCarthy witchunts to the surveilance of assorted leaders of the 1960's to the incidents just recently in WACO and Ruby Ridge, the proof is there that you can be eliminated or harassed for the rest of your life if you attract the wrong attention, even if you're innocent of any wrongdoing. The government and its agencies need lots of accountability and lots of roadblocks to keep such abuses to a minimum. And we need to make sure that every government keeps their hands the hell off the Internet, which will one day be the main medium for communication around the world, not because we're not afraid that criminals will use it and leave no tracks in the real world but because we're afraid that the government will use it to, say, silence a whistle blower who is trying to force some accountability.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
The FBI, on the other hand, is a large federal law enforcement agency, and everything they do is just as open to the public as whatever your local police may do, i.e. whatever you do not know is to most likely to protect the privacy of the defendants and the integrity of case.
Oh, I understand now. We exist in different reality tunnels.
It must be nice in your reality tunnel... mine kind of sucks.
Is a conversation a place to be searched, or a thing that can be seized? If so, does this definition mean that speech is property? Go back to the text:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
i've heard this term used often, usually, (it seems, to me at least.) in comments laced with sarcasm. Can anyone please tell me what 'sic' means? thanks. :)
He already has. Ever hear of a GUID?
I wish I had a nickel for every time someone said "Information wants to be free".
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Now, the problem with building in backdoors into the fundamental security of the Internet or any system is that it provides the possibility for abuse by both authorities and third party criminals (as opposed to the criminals who are the authorities). If somebody can get access to that back door they can create endless havoc.
The other problem is that with this back door so readily available, authorities will be very tempted to use the door without warrants. If they think you are a bad guy they can sniff your traffic get enough evidence then go get the warrant to get the rest of your traffic. And don't think they won't do it. There are countless cases of cops using wiretaps illegaly to get information and go after people who otherwise would not be prosecutable. In all likelyhood they would surrpeticiously just sniff all traffic for naughty bits, and nobody would be the wiser because it is all the kind of stuff locked up in the dark recesses of the FBI and NSA headquarters.
Nah I'm not paranoid...
---
This sig has been temporarily disconnected or is no longer in service
So, a bit off topic, but let's say after all this hubbub and 5 or 10 years from now there's a wiretapping backdoor into everything IP. Even today a lot of people are starting to get (as in understand and use) encryption for personal use. By the time all this wiretapping stuff comes to a head, don't you think it will be fairly moot? Yeah, the spec and implementation has wasted a lot of hours and slows performance, that another argument. But as someone has mentioned, all the snoopers will see is cyphertext flying by.
Does it really matter? Let's just not let big bro force a back door into everyday encryption, ok?
Jason
The evil of promiscuous snooping outweighs the good of catching a few lawbreakers along the way.
Courts are too cooperative with police agencies, and have lowered the "reasonable suspicion" standard too low.
What I have missed in most comments is a sense of the world as it will be in 10 years, because that is what is being decided. You're cell-phone will be IP-based. Basically anything could be connected to IP... look in Ask slashdot for that. But in the end we will see a host of appliances running over the Internet. Many of these appliances will be embedded in alot of different hardware.
Most of these appliances will offer no ability to install any extra encryption schemes. It is this data that the FBI is after. Espescially ofcourse the phonecalls, but anything extra is considered to be a nice bonus.
Now, just to be sure, don't think everything will be used against you. Heck, most of you are to insignificant to reckon with. Don't think that if the IETF will not go ahead with aiding the snoopers the battle is won. Just see it in the right perspective. A world filled with IP based appliances, which broadcast data that might be valuable to someone interested in it.
Use Adsense for Charity
If you've got multicast (hah!), you can listen to the IETF plenary discussion of the wiretapping issue in about fifteen minutes (20:30 Washington time).
The question was asked. It's time to find out how to answer it.
So the NSA and FBI want to consideration for wire tapping built into INTERnet protocols/devices? Ummm what about the INTER part.. these are united states organisations that do not have international juristiction.. I don't care what they want to be able to do and I certainly don't want them influencing the design of facilities that I, as a non US internet user, will be making use of.
- PrinciplyUncertain
Requiring wiretapping capabilities hurts the national security of our country.
The new threats of encryption and internet manifest new challenges to the NSA and FBI. There have been new challenges emerging every generation since people baked messages into clay envelopes two thousand years ago. We need to sieze creativity to solve the problem, not brute force.
Human nature prefers the easy way of using the advantages we gained from the genius at Bletchy Park, from half a century of great SIGINT, and from one of the largest factories of intelligence operations ever made. Human nature prefers to work with well understood technology and process.
Still.
Our continued survival lies in countering emerging chain by intelligence, guile, and advancement. If we allow our intelligence groups to become lazy, relying on ever great search powers, then they will be useless and clueless when a major threat arises.
If we permit NSA and FBI to have wiretapping capabilities, they will be lazy, useless, and clueless to prevent concerted attacks on the US.
A Devout Capitalist
Profit motivates invention.
Cheesy title, but listen.
The IETF has an important decision to make. As I understand it, this is a global organization tasked with making a decision affecting a global community. Also, from what I understand, there are a few governments (namely the U.S. F.B.I.) that are requesting they add wire tapping capabilities to the internet.
O.K., sure,"what does it matter?" If it passes, we can use encryption, yada, yada, yada. I don't think that this should be the point here. In my view point, the Internet is a place to build a new society. One that is free from all the trappings that have been interwoven into "the real-world". A place to build a global society from scratch, and this time, try not to fall into all those trappings.
The FBI seems to the driving force behind the proposed changes. The U.S. is only one segment of a global community. IMHO, the IETF, a global organization, should take a stand and refuse to implement these changes. The Internet may have been founded on governments, and big business may be a driving force behind its explosion in the past few years, but, I believe that the people brought life to the Internet. They have created this "global community." Therefore, it is their thoughts and feelings that should be considered. It is their community in the hands of the IETF. The fate of the Internet should not be dictated by govenments or businesses, but rather by the people who use it as a part of their lives.
What if the IETF refuses and the goverment brings legal action against them? Again, the IETF is a global organization working for a global community. I say don't do it. IF the IETF doesn't do it, who will? The government? Even if they do manage to develop something usuable, the society should refuese to use it. "What about businesses regulated by government?" you ask. Let me respond by saying that we are individuals. We do not have to blindly do as we are told. We are a community. Together we stand as a community. We as a community should decide the future of the Internet.
--Anonymous U.S. Citizen
(NAC)
Its part of the new world order/one world government/third way bullshit. here are the steps: 1. dumb down the population (its easy to manage sheep) 2. outlaw all guns (hard to start a revolution or overthrow anything without weapons) 3. have total control over everyone (to punish anyone that does speak up)
The paranoia surrounding the possiblity of illegal search and seizure is unfounded. The US Supreme Court has been sympathic to the Fourth Ammendment since the 1970's especially regarding electronic surveillance.
There have been many good uses of wiretaps over the years that have allowed government agencies to target organized crime, drug smugglers, and the such.
In United States v. United States Distric Court [407 US 297 (1972)]:
"a governmental search and seizure should represent both the efforts of the officer to gather evidence of wrongful acts and the judgment of the magistrate that the collected evidence is sufficient to justify invasion of a citizen's private premises or conversation."
In the same case Justice Douglas speaks more precisely about electronic surveillance:
"the need is acute for placing on the Government [407 U.S. 297, 325] the heavy burden to show that exigencies of the situation [make electronic surveillance] course imperative."
Wire tapping:
IP Telephony? (IETF WG: magaco)
- Traditional voice networks tend to support wiretapping.
- The internet has traditionally not.
- Hence the question above. (*)
The RAVEN list: mailing list setup for this matter.- Established in october.
- 453 people on the mailing list. (51 people talked)
- 253? messages since then
Comments from people in favor of it:- The IETF can ensure it is auditable.
- We have to do it, so lets do it in the IETF.
Comments from opponents:- Over my dead body.
- Violates my rights as a human being.
- Weakens security.
(Selected) Comments from the crowd at the meeting:The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
"What would the image of the IETF be if we were to refuse to standardize any technology that supported wiretapping? In the Interne community? In the business community? To the national regulatory authorities?"
It is a tough balance act. I'm sure they want to simply refuse it if they can, but they understand it would be an irresiponsible thing to do. Don't scream from one side just reading the headline, and follow the Raven discussion if you care.
InterNET, meaning between NETWORKS, not between NATIONS.
BTW, spying on you is none of the FBI's business. It's the CIA's job.