Slashdot Mirror
IETF Rejects Wiretapping
Declan McCullagh of Wired covered the IETF meeting last night, and his report notes that the IETF rejected creating any sort of wiretapping standard. However, the companies who build routers and similar networking fundamentals stated that they would still move ahead with implementing tap-ability into their equipment - so the IETF action is a hollow victory, your internet communications will still be easily tappable.
"I'm a little concerned about [this anti-wiretap sentiment]. Clearly not all wiretapping is illegitimate," one Cisco engineer said.
Herein lies the problem. As long as people can see one use for something, all the adverse effects become secondary. Some criminals are caught by wiretaps, so everyone should be tappable.
This may be a specious argument, but if you nuke a city (say, Seattle), then you'll kill millions of innocent people. But it's okay, because you'll get some criminals, who'll never mug an old lady again.
It seems to me that the vendors who decided to continue with plans to make their equipment tapable are voluntarily taking part in a very strange experiment.
The way I see it, since there will very clearly be other vendors who do not insert taping abilities into their equipment, the ones that do are going to find out just how important an issue this is to the people who buy their equipment.
Most IT people I know have a thing about civil liberties, and I suspect that those companies that put backdoors into their products are going to get hurt in the marketplace because of their decisions (as long are there are alternatives to their products). It will be very interesting to see if the people who buy the network equipment will be willing to put up with a back door, or if they will simply find ways around it (the most obvious of which is to simply not buy the goods with the back doors built in).
Let the experiment begin...
Impossible = A fun challenge
This is just plain _wrong_. Does anyone else have flashbacks to big brother, or is it just me? Why would a private organization have _any_ responsibility to the FBI to make things "easily tappable". If it's easy for them, is it easy for any 'ol hacker to as well? Just telnet in, "come get your 0day logs here!"
This sort of thing in private industry makes me just plain sick to my stomach - I'm not an american, but I worry because this nuttiness finds it's way north of the border sooner or later. I thought america was supposed to be the land of the free, yet as an outside observer I see your rights getting quickly taken away in the name of either a drug-free (even your politicians smoke dope!) or protecting children (duh, that's what parents are for).
For example, in Canada, almost _no_ organization will require drug testing for engineering work - yet this is the opposite case in the US. Perhaps when they start looking for DNA samples, protests will start?
Federal screwing with the internet has to stop. Making the internet easy for the feds probably will make it possible for any MORON to play with your router logs.
Answer with your wallet - don't buy hardware that supports features like this. Until people stand up, you'll continue to get walked over. But why worry, you have nothing to hide, right?
Instead, buy hardware that supports idiot-friendly secure encryption, and I don't mean 48 bit DES, either. If the net is encrypted, who gives a flying @#$@# who's listening. They can get a court order to make you turn over your keys - just like they can do for your house.
Kudos..
..don't panic
The Echelon *email* concerns have always struck me as an unfeasible approach, given tapping the wire itself is (or at least has been) so much more achievable than getting ISPs to help the spooks in an organised fashion.
I wish I could recall the URL for the public guardians_of_the_law-ISP dialogue that went on in the UK a few months back, made this whole set of points about ISPs incurring costs for spook-work and jurisdictional difficulties and lack of guardians_of_the_law technical know-how.
And I also recall thinking how it was all a blind, given the spooks can almost certainly do all this stuff when they want to anyway.
To be honest it must be like herding cats getting the ISPs to pitch in when the spooks want, but the major carriers and infrastructure companies...they can be arm-twisted much more effectively.
Certainly that's the situation that sems to pertain here in the UK with BT, GCHQ, the NSA and the old-boys network.
The IETF, as a body of erudite folk, knows that it can specify, and pontificate and stay well on the side of right, (well, spooks are sinister aren't they?) and get away with it because the spooks have other ways to get what they want. Heck even though the IETF tries to be de jure, the Interenet itself tends to be de facto so whetever will be, will be.
Guess we'll need IPsec, and ssh and whatever else we can get even more than ever now the router giants are kow-towing along with the wire-owners.
Score one for the spooks.
...an Englishman in London.
So support you local Mom&Pop ISP!
Requiring wiretapping capabilities hurts the national security of our country.
The new threats of encryption and internet manifest new challenges to the NSA and FBI. There have been new challenges emerging every generation since people baked messages into clay envelopes two thousand years ago. We need to sieze creativity to solve the problem, not brute force.
Human nature prefers the easy way of using the advantages we gained from the genius at Bletchy Park, from half a century of great SIGINT, and from one of the largest factories of intelligence
operations ever made. Human nature prefers to work with well understood technology and process.
Still, our continued intelligence community lies in countering emerging change by intelligence, guile, and advancement. If we allow our intelligence groups to become lazy, relying on ever great search powers, then they will be useless and clueless when a major threat arises.
If we permit NSA and FBI to have wiretapping capabilities, they will be lazy, useless, and clueless to prevent concerted attacks on the US.
A Devout Capitalist
Profit motivates invention
Profit motivates invention.
They don't care what you send, they care when you
send and who to. That is why they want to be able
to trace encrypted data from its entry point onto
the network and out across it. That is why right
now they have PC class boxes tapping big dialup
ISPs all over the EU and Im sure the US.
In the EU its probably even an offence for the
ISP to admit to it. Internet offices and giant web
email sites are the dream target of these people,
after all if you use hotmail like sites you come
to them and they can analyse your email and other
email in bulk really easily
Alan
If you catch a criminal and you look who he
emailed around the same time you learn stuff,
much like phones. Why did the husband mail his
wifes murderers hotmail account a day before etc..
Thats the crime angle. The big one is the tax
angle. Uncle Sam's nightmare scenario goes like
this.
IBM, Microsoft, GE and other big vendors all use
people like Visa. Visa start doing encrypted
transactions. Companies start neglecting to
mention this kind of fund transfer in their tax
returns.
Next stage. A company like Visa creates a private
cryptographically managed currency of their own.
Everyone opts to use it and hard crypto, the
US tax man only sees transactions into US
currency space.
Shortly after the USA bankrupted by massive tax
revenue basically suffers a total collapse of
government power.
Welfare collapses leading to riots. The army cant
be paid, healthcare goes totally cash upfront, the
education system fails.
Whether a massive loss of Government is good or
bad is a complex political question to most people
but if you are a politician its easily answered
Alan
The admissability or strength of wiretap evidence isn't the real issue. After all, if there is a criminal case in a court it means that the government is pretty much playing by the rules. What is much more of a concern, and the reason the Bill of Rights was drafted in the first place, is the ease with which the government can probe and harass private citizens without a specific suspicion or for suspicions of political, not criminal activity.
--
"L'IT c'est moi!"
I don't think this is a hollow victory at all, even if the companies go ahead and screw us over with or without the IETF (Did you ever think better of them? The state and the industry have been each others whores for the better part of this century.)
However, this battle was never about whether they are tapping Internet nodes or not. The Internet is already tappable. The FBI can do it, a skilled hacker can do it, and the NSA is most probably already doing it. If you want your communications to be secure: encrypt them. If you don't, there is no reason to think that people aren't, or to argue that they shouldn't be, listening.
What this was about was the integrity of the IETF, and by extension the Internet community. I think that if the IETF had gone ahead with this, many of the ideals that have driven the Internet until today would have been run over once and for all. A yes to collaboration would have been a confirmation that the Net and Web had become nothing more than a PR playground for Disney and Microsoft. But by rejecting this, the IETF has showed that there is more to it than that: that there is still a thread of revolution in the very nature of connectivity, even if you have to dig through a lot of dancing baloney to find it.
That is not a hollow victory...
-
We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.
First of all, there already is a wiretapping standard called RMON. In particular, RMONv2 provides most of what law enforcement would want. RMON allows filtered packet capture, so it would be easy to configure the system to filter for a specific IP address and shunt it over to a buffer. One could easily monitor dialups this way. RMONv2 allows for fairly efficient monitoring (in its alMatrixTable) of source-destination address pairs along with an identification of the protocol (Something Japan requires, and which could easily be used to track down hackers who attempt to bounce attacks through chains of machines designed to conseal the true source).
A non-RMON solution would presumably copy packets destined to a certain IP address to be copied to another location. Presumably, this would entail simply encapsulating the IP packet inside another and shipping it off to FBI headquarters.
It seems interesting that most /.ers are against it. It seems that natural geek paranoia is winning out over geek superiority. I generally would support it, simply because I use encryption, but I know that stupid people don't. Stupid criminals really annoy me, and such constraints have no effect on ubergeeks who use encryption anyway.
Finally, there is a really good FAQ on the technology of wiretapping at: http://www.robertgraham.com/pubs /sniffing-faq.html. The information in this document could help you wiretap your own network and spy on your neighbors, though of course such activity is completely illegal and I would never encourage it.