Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tap-Tap-Tapping the Net

Posted by michael on from the who's-there?-FBI-who? dept.

The IETF will be considering building wiretapping into internet protocols (see previous slashdot story) tonight at their conference; the Washington Post has a story on the subject. A great many civil liberties and technically-oriented organizations have signed onto an Open Letter urging the IETF to reject any attempt to build snooping into the net.

12 of 132 comments (clear)

  1. Whatever. by Signal+11 · · Score: 5
    Sure, let the IETF build in wiretapping stuff. I think they need to fail horribly before they stop doing stupid things like that. For one, if it's at the protocol level it will be exploited. Alot. Remember source-routing? Notice how everybody even remotely concerned about security has it disabled, and infact under linux and most UN*X implimentations require you to specifically enable it?

    Secondly, why should we care? Anyone doing anything illicit will be using encryption anyway. So catching criminals isn't the issue here. Hell, I frequently use PGP for stuff that I don't consider sensitive - like sending source back and fourth between my friends. The only use for a wiretapping protocol will be to let the l335 h4x0r d00ds have a reign of terror on the 'net.

    I say to hell with the IETF - Let the chips fall where they may (and they will fall!).

    --
  2. Encryption by Hermetic · · Score: 3

    What with this and the recent stories about echelon, it is high time we started encrypting everything that we hold dear. Unfortuneately, we can't encrypt everything on the internet.

    There was a story some time back about Freedom, a web encrption scheme that encrypts all communication between your PC and the servers you are communicating with. Does anyone have a link, or more info? I have lost mine since then.

    --
    Computers can only simulate determinism. ~Hermetic.
  3. Wiretapping protocols by jd · · Score: 5
    This begs some interesting questions:

    1. How do the IETF propose to wiretap -AND- have strong PtP IPSec encryption?
    2. How do the IETF propose to locate packets, given that routers decide paths on-the-fly?
    3. How do the IETF propose to enforce this, when they are not a regulatory body? In fact, the strongest the IETF can do is release an RFC, which is just that - a request for comments.
    4. Who, exactly, is going to implement this wiretapping protocol? Even if the entire backbone used it, all you need do is tunnel through and the protocol becomes useless.
    5. What protections can the IETF impose, which guarantee that the wiretapping would even work, even assuming you -could- find all the fragments of all the packets and re-assemble them all? It's easy enough to modify a TCP/IP stack. A few tweaks here, a few tweaks there, and you're sending valid data which the sniffer will reject, but which your intended recipient will accept.
    In balance, I think it's useless, pointless and stupid. Stick to IPv6 promotion. That's useful. This isn't.
    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  4. A matter of principle... by Anonymous Coward · · Score: 3

    The Clipper chip initiative was supposed to be no big deal, because the government would only use it when they had reason to suspect. When people got upset, a smaller group of people said, "Well, the NSA can probably crack your messages anyway, so why not give them your keys?" (Now, of course, it's being shown that maybe we *aren't* so far behind the NSA-- they probably *can't* break some of the stuff out there!).

    The response was simple: Just because somebody can open up an envelope doesn't mean that we send all our mail on post cards. The envelope may *not* help privacy in a lot of cases, but we still use it. It's a matter of principle-- just because somebody can violate your privacy, there is no reason to openly invite them to do so!

    Some people have been saying that the government is able to listen in on our communications anyway, so why not add in a provision to allow them to do it more easily?

    Simple: we can't *condone* a violation of privacy. Scott McNealy may say that we have no privacy, so get over it, but I'll bet he'd raise all holy hell if one of his employees were to read through all his e-mail.

    By implementing a standard that would allow the government the ability to snoop in on our conversations, we are not only condoning such action, but encouraging it! Never, at any time, should we encourage the government to (with or without permission) monitor our communications!

    Just my $0.02

  5. Is Wiretap Immunity An Absolute Right? by Effugas · · Score: 4

    This isn't going to be very popular, but I'd really appreciate some responses from people who've dedicated much more energy to the analysis of these type of questions.

    Now, I say this as a hardcore privacy advocate. I'm not the enemy. I'm a theorist, who wants to know:

    Is wiretapping evil?

    By that, I mean do people have an intrinsic right to privacy that doesn't end when they begin violating the rights of others?

    After all, few of us would complain about the subpeonas that have been delivered unto Tobacco Companies, Microsoft, and hopefully RealNetworks. Subpeonas are after the fact violations of privacy--society is demanding some chunk of personal information from the subpeona'd party. Steganography is designed to defeat such information gathering techniques...but the existence of the technology doesn't mean subpeonas must be evil.

    Nor too does the existence of wiretapping prevention technology automatically make wiretaps illegal.

    From what I've been able to discern from the literature, there's a slant towards arguing that wiretapping should be difficult--essentially, so it's only used for cases where national security is at risk. Can a system be designed where it is intrinsically difficult, but not impossible for society to spy on certain individuals' communications?

    Again, I'm the guy at work who is the point man on SSH, on custom designed secured VPN proxy links(believe me, that actually makes sense), and all these types of technology. But I'm also the guy that, when his friend was attacked by somebody who called her on the phone a half hour before, ran to campus Information Technology demanding the phone logs(and was oh-so-irate when they wouldn't let me write the simple Perl scripts necessary to extract them from the logging port on the switch. And people wonder why IT hates me. ;-)

    Screaming about how child molestors are being used to justify widespread Big Brother monitoring is all too appropriate...but begs the question, what about the child molestors? Is it possible to shield everyone but expose those who society does need exposed?

    At least a government intrinsically possesses citizen oversight. Corporations and "Mafia" style operations have no such limitations, and flourish quite well under power vacuums. A government that cannot keep tabs on such organizations is arguably irrelevant to them--just look at Russia lately.

    Sooner or later, I'm going to be taken to task over the secure technologies I'm personally involved with designing and deploying, and I want to be able to reply with something I believe in. I want to be able to defend my position, and I need your help to do so.

    So, is wiretapping evil?

    Yours Truly,

    Dan Kaminsky
    DoxPara Research
    http://www.doxpara.com

    1. Re:Is Wiretap Immunity An Absolute Right? by Effugas · · Score: 3

      A subpoena or search warrant is served to an individual. They come and knock on your door.

      Or search through your files if you're a corporation. They take over your office and demand you deliver all emails archived over the course of the last year.

      The government doesn't (ostensibly) wiretap Bill Gates.

      After the fact, they got Gates' private email...

      There is no check or balance when law enforcement can wiretap. Using technology, it becomes feasible to place a huge number of people remotely connected to someone they are investigating, scan for key words (even in voice, if not now, then soon). It's 1984. * And that's just government wiretapping. That doesn't even touch criminal wiretapping (and its technological cousins...)

      So all wiretapping is bad because some wiretapping can be abused?

      This is the kind of logic we hate in Internet discussions--"Some people seduce 16 year olds on IRC, so all of IRC is BAD!"

      Yours Truly,

      Dan Kaminsky
      DoxPara Research
      http://www.doxpara.com

  6. Big company fears by fizzbin · · Score: 4

    It seems that (according to the Washington Post story) companies who make communications equipment were worried about the Feds requiring their equipment to comply.

    This leads me to wonder: Since this has arisen because of IP telephony, is it possible that traditional phone companies, fearing a loss of business to entities who don't comply with wiretap laws, are pushing this proposal? Seems like an interesting conspiracy theory at least.

    Anyway, the IETF will probably kill this bad idea.

    --
    Fizz
  7. the problem is who do you trust? by SEAL · · Score: 3
    I think the U.S. government has shown little evidence of trustworthiness. THAT is the issue and that is why privacy advocates hate this sort of thing. The government thinks it knows what's best for the peons, and be damned if they want to run their own lives.

    Stop for a moment and imagine the government's ideal scenario. They want unhampered access to as many forms of communication as possible. At the same time, they want people to think their communications are secure. That way, people will talk openly, and they can gather more information on the bad guys.

    So they say.

    How far does it go, though? Take a few sample cases...

    • The FBI has evidence of a guy sharing kiddie porn over the net. Instead of busting him right away, they listen in, and get enough evidence to nail his circle of friends who are involved. Pretty straightforward - mission accomplished. I think most would agree that's a job well done.
    • Another federal organization suspects a group of "religious" fanatics of hoarding weapons and plotting generally Bad Things(tm). They tap in on conversations to prepare an assault. Now if laws were being violated, ok. But it begins to blur the line a bit eh?
    • During an information sweep, gathering from many source emissions (Echelon?) another government organization hears you joke about the president's life. Not so funny when they show up at your door...
    • You're a witness to a crime, but fearful of testifying (for whatever reason). The government digs up past info on you and "leans" on you, even though you were not involved in the crime in question. (This has really happened). Is that a fair use of wiretapping info?

    Frankly, I think the government can shove wiretapping up its ass. Joe Average is the one who really gets the brunt of their scrutiny. Is our society so paranoid that we must spy on our own people? That's not the kind of life I want, although it gets more that way every day.

    Best regards,

    SEAL

  8. Bill of Rights. by zCyl · · Score: 3

    "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probably cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

    - Ammendment IV

    It looks to me like they got it right the first time. Nowhere in there does the U.S. Government have the mandate to universally require wiretap ability, but may force it only on specific people or places when justified by probable cause with supporting testimony.

    I've seen no politicians stand up and oppose this section of the Bill of Rights, yet far too many try to violate it. I think the U.S. would do well as a country if its politicians read the Constitution once through...

  9. Means of appeasement by jabber · · Score: 3

    The IETF full-well knows that IPv6 will make wiretapping of the internet a moot point. "Yeah Mr. NSA, you can listen to ciphertext zip by, be my guest"...

    My suspicion is that this is a way of saying "Nice doggy" to the 'powers that be', because the 'powers that be' can fund backbone upgrades, provide research grants, and lobby in favor of certain protocols and technologies...

    This support from the federal government would mean a lot to the members of the IETF, and if the price of the support is providing a back door that leads nowhere, so be it.

    The people on the IETF are not as dumb as those twisting their arms are.

    Besides, what better way to convince big business to lobby for strong encryption than to show that lack thereof is tapable?

    Slickness points to the IETF.

    --

    -- What you do today will cost you a day of your life.
  10. Not for Technically Savvy Linux Users by Greyfox · · Score: 3
    They haven't a prayer of foisting anything on Linux users that Linux users don't want. I can just go into the kernel source and rip out anything that I don't like.

    No, the only people this would affect will be closed source OS users, notably the 90% of PC users who use Windows.

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  11. 4th amendment by sterno · · Score: 3
    The fourth amendment guarantees your right not to be searched without due process of law. Most of the time this is the case. This same guarantee protects your right not to be wiretapped.

    Now, the problem with building in backdoors into the fundamental security of the Internet or any system is that it provides the possibility for abuse by both authorities and third party criminals (as opposed to the criminals who are the authorities). If somebody can get access to that back door they can create endless havoc.

    The other problem is that with this back door so readily available, authorities will be very tempted to use the door without warrants. If they think you are a bad guy they can sniff your traffic get enough evidence then go get the warrant to get the rest of your traffic. And don't think they won't do it. There are countless cases of cops using wiretaps illegaly to get information and go after people who otherwise would not be prosecutable. In all likelyhood they would surrpeticiously just sniff all traffic for naughty bits, and nobody would be the wiser because it is all the kind of stuff locked up in the dark recesses of the FBI and NSA headquarters.

    Nah I'm not paranoid... :)

    ---

    --
    This sig has been temporarily disconnected or is no longer in service