1418083
story
cf_33073 writes
"Scary stuff for the privacy advocates out there. Your Internet telephone conversations may soon be tapped by the government. Anyone else concerned about these intercepts being hacked?
Full text of the
RFC
Is available (mirror)"
I'm so excited (Score:3, Funny)
Foreign equipment, anyone? (Score:5, Interesting)
Interestingly enough... (Score:2, Interesting)
People will vote with their dollars...I wouldn't worry about it too terribly much. Behold, the glory of capitalism.
Now seriously...pop a prozac and move along. Not much to see here, as with most
Welcome to intercept PGPfone (Score:5, Insightful)
Re:Welcome to intercept PGPfone (Score:2)
Crypto is your friend..
Re:Welcome to intercept PGPfone (Score:4, Interesting)
Re:Welcome to intercept PGPfone (Score:5, Funny)
Re:Welcome to intercept PGPfone (Score:4, Insightful)
Re:What an RFC (Score:3, Informative)
All RFCs are written like that:
Encryption (Score:5, Informative)
Re:Encryption (Score:3, Interesting)
sure. (Score:3, Interesting)
So? run and use an anoymizer. Works the same way for TCP/IP connections, no? If you don't know your host number the packets can't find the host. If your host does not know your IP, the reply can't find it's way back. No need for the data to be voice over IP.
In the imortal works of Khan, "Let them eat static."
Re:sure. (Score:4, Insightful)
Both parties need to be anonymous.
If you read deeper in cryptonomicon you will remember the idea about constant noise being better than burst traffic.
Re:Encryption (Score:3, Funny)
Long time coming (Score:2, Interesting)
I'm not worried (Score:5, Funny)
Concerned? Not in my case (Score:2, Interesting)
I'm seeing an unabated string of charges that appear to be 'internet phone' related. $30 here....$50 there.
I had one c'card number discontinued last Dec., over a string of eBay charges I didn't make, and now this. Anything that can help control this kind of abuse is ok by me...at least for now.
Give up my freedom of speech for ~$300? Sure! (Score:3, Insightful)
Re:Give up my freedom of speech for ~$300? Sure! (Score:2)
Funny stuff.
First, you not responsible for unauthorized activity on your CCs (call company, dispute charge, end of story).
Royal PITA, especially when it's an ongoing thing.
if you want to give up your right to privacy for negating some petty inconveniences [...]
That's not what he's saying. His problems are more pressing to him than the feds tapping his potential internet phone, that's all.
Re:I'm thoroughly confused (Score:5, Insightful)
Surely there are things that want to say in private conversation that you wouldn't feel free to say if you knew (or suspected) that you were being eavesdropped on?
For example, the Iraqi government used lack of privacy (informers listening everywhere) to deny its citizens freedom of speech (anyone who was overheard saying something bad about Saddam was hauled off to prison).
Re:I'm thoroughly confused (Score:3, Insightful)
If someone is constantly keeping track of what you are saying, and what you are sending, you might worry about "everyone" hearing it, and someone taking actions against you. The government is an example of someone you might not want taking action agianst you. When people speak out, often it is to a select audience as well, pe
Re:I'm thoroughly confused (Score:3, Insightful)
Your sex toys example is good, but there is a much more difficult situation it could put one in.
Let's say your gf buys the toys with your CC. A year later you are walking down the street, and the police pick you up. A woman was raped and murdered two blocks away, and you vaguely fit the description of the guy. The police may use the sexual CC purchase as "evidence" you are a sexual deviant and must have done it. They may even stop looking for the guy who really did it.
Then you go to court. The purchase
Re:Concerned? Not in my case (Score:2)
Re:Concerned? Not in my case (Score:2)
The kind of person who would make a statement like this is the kind of person who has never faced death at the hands of another. I and many others have.
The most essential freedom is the freedom to live. The only question is how best to guarantee that most essential freedom of all, without unduly affecting other, less essential freedoms (yes, I'm sorry, but not all freedoms are created equal). Now, sometimes yo
Re:Concerned? Not in my case (Score:2)
Actually, one of the founding father's said that (I believe Benjamin Franklin). The founding father's obviously faced death at the hands of others (e.g., war for independence), so shut your cakehole.
And I think the point was that security and freedom aren't mutually exclusive. It is only lazy people who hate freedom that want to try to convince you that they are.
Re:Concerned? Not in my case (Score:2)
And the kind of person who would reply like that is the kind who has never faced slavery at the hands of another. Or at least never bothered to notice.
Personal security is a very important thing, but likewise it is a very personal thing. When someone else claims the power to provide all your security and all they ask is that you also let them decide wh
Evolve (Score:3, Insightful)
You face the possibility of death at the hands of another just crossing the street. Do we embeded GPS systems on every vehicle and on every person with some override system overlooking it? And what if that system fails? Well, another system overlooking that system, ad nausem until the entire world is focused on your safety.
Or we could trust you to look both ways before crossing the
Re:Concerned? Not in my case (Score:2, Interesting)
Anwa
Re:Concerned? Not in my case (Score:2)
Anything huh? (Score:2)
Don't use credit cards if you don't like what happens when you do. That's OK by me. You giving the feds permision to tap into my phone line without a warrent? Not OK.
Re:Anything huh? (Score:2, Informative)
Yeah.. I know that making it digital just makes abuse of it easier, but stop complaining and go make sure the privacy watchdog groups know about it, and help them make sure there are proper checks in place.
Re:Concerned? Not in my case (Score:2)
Of course, the fact that my card was almost perpetually over the limit *may* have had something to do with it
Re:Concerned? Not in my case (Score:2)
huh? (Score:2)
Comment removed (Score:5, Funny)
Another fine DMCA violation (Score:5, Insightful)
Eventually, internet traffic today will be like people traffic. I'm sure if I wore a big cloak and walked down the street, the police would be nervous of 'what I'm hiding under there' and might be so inclined to ask me about it.
While its legal to carry a concealed weapon if you have a licence, most people don't bother. So criminals and police alike can see that people aren't hiding a rocket launcher on their person or trying to move their crate of coccaine.
Re:Another fine DMCA violation (Score:2)
okay, back on topic, I will go to a Gary Larson cartoon for inspiration. In it, the general sez "but what if we had a war and everbody came?" (hold on, i'll make it relavent) Now, if a great percentage of people used the encryption, and a majority were using it just for privacy (not to hide illegal stuff), then they couldn't possibley monitor everyone, or have reason to be suspicios. After all, if everyone wore a large t
Re: (Score:2)
Re:Another fine DMCA violation (Score:2)
The next step is to delete the traffic, then park a black van outside your house for two weeks, then to "disappear" you. It already happenned to the guy from Intel. I can't wait for it to happen to me.
Re:Another fine DMCA violation (Score:2)
Most people are scared shitless of asking me what I'm hiding under my cloak/clothes - most have to do a SAN check at the meer thought of seeing me without clothing!
Re:Another fine DMCA violation (Score:3, Insightful)
Thus making a 'concealed weapons permit' completely pointless and self defeating - just like gun registration. It helps nobody but the gov't in controling your life and gathering information on you.
this isn't an rfc (Score:5, Insightful)
if you think this is a transparent attempt to get IETF to appear to endorse a heinous activity (as I do) then you might want to write the IESG and/or the RFC Editor (as I intend to) and object to such publication. in order to avoid flooding their normal mailboxes, perhaps someone would like to set up a mailing list?
when governments think they have the right to kill thousands of people with scant justification, the last thing we need is to help them standardize on surveillance technologies.
Re:this isn't an rfc (Score:3, Interesting)
Bring it on. I know you're doing it anyway. Bring it on, let people see what you're doing, let privacy advocates explain to the general public that yes, major internet equipment supports sniffing their traffic, look here for the standard and bewm! Maybe you'll get some sympathy.
I've tried explaining to lay people (non-technical friends) what can be done with todays technology and they look at me dumbfou
Re:this isn't an rfc (Score:2)
Re:this isn't an rfc (Score:2)
Re:this isn't an rfc (Score:3, Informative)
The IETF basically told the FBI to bugger off with regards to working CALEA into standards a long time ago. One lawyer who handles CALEA related cases doesn't seem to think this was a good idea, though;
Re:this isn't an rfc (Score:2)
for that matter if you install the hardware and software necessary to support LE surveillance then it won't be because Cisco forced you to do so but because the government forced you to do so. otherwise, you wo
Why worry about lawful intercept? (Score:5, Insightful)
Like what, the government isn't already part of "anybody"?
I'm far more worried about entities that are not part of the government getting a copy of my packets. Flawed though their procedures, checks and balances may be, at least the government folks have some. What procedures, checks and balances are on the criminals?
Re:Why worry about lawful intercept? (Score:3, Insightful)
Just because they can do it, or even if they do it, doesn't mean that it is necessary lawful for them to do it. It may be considered a form of wiretapping, but it would be for the court to decide; I'm not aware of any case law on this.
Like what, the gov
Nicely put (Score:2)
That's a nice turn of a phrase, but may I suggest a little touch-up:
We elect "somebodies", not "anybodies"; in any true democracy if the elected "somebodies" start acting like they're "anybodies", then they'll become "nobodies" in no time.
little brain. (Score:2)
Nope, they are not. You have authorized the govenment to do certian things with the tax monies you give them willingly. It will be a sorry day when you authorize the government to spend money on equpment and manpower required to listen in on that public network. What do you want your govenment to do for you? Listen to your kid sister whine about NStink? I like that people go to jail for wiretaps and consider that a reasonable check on that kin
Re:Why worry about lawful intercept? (Score:5, Insightful)
As for private entities, packet capture is a time consuming task to perform constantly. I know for a fact that the ISP at which I work moves about a terabyte a day thru the network I maintain. It's not cost-effective (and there's not really any juicy stuff to be garnered), so they (corporations) won't do it.
Plus, the litigious backlash should ISPs start doing this of their own volition would be prohibitively expensive.
it was bound to happen (Score:2)
Here's a toast to inevitability. or better put:
"Hear that
Not that big a deal (Score:4, Insightful)
Second, this is not giving governments any new authority. The only thing this is doing is defining a specific way for the data to be collected and sent, along with standards for any implementation of this (for instance that it has to be on the typical route, not on user-owned equipment, etc)
One thing that DID worry me is that if your ISP can find out the key for a secure session, then they give decrypted information to the government
Hmm.. (Score:4, Interesting)
intercept subject and its associate and the service provider has
access to the keys, then the service provider MAY deliver the
keys to the LEA. "
So, this should be interesting. Does this mean that if the ISP can "get" access to the keys, they can, or does this mean that if the ISP happen to have your PGP/GPG keys they can use them?
" * Maintenance & Management: The lawful intercept solution
SHOULD minimally interfere with normal maintenance and
management procedures. "
Now I'm not a TCP/IP expert, but how can they say that something this intrusive into a large-bandwith activity (which I understand VoIP is), be limited to "minimally interfere"...in addition, I'm concerned that if someone has one of these attached to him/her/it (through a roving wiretap via the Patriot Act) how that would really work. Theoretically, the scope of the search could be all internet traffic over a huge area if the LEA can show that a person has sometime in the past used it.
In addition, despite the Patriot Act and it's horrors, I don't know if this will hold up under the Fourth Amendment, (see Berger v. New York 388US41) I'm wondering if this would be construed as "outside the scope" of a ordinary wiretap/search.
When encryption is outlawed (Score:3, Informative)
Your best bet? One-time keys, burned to a CDROM, and make a copy that you and your friend share. Make sure you use a good random number generator, not some crappy rand() function or even
That's why I use 4096b! (Score:2)
Re:When encryption is outlawed (Score:2)
No, most cases would not warrant $2k of cray time - much less a billion. Rather than crack your massive key cipher, they would just stick a keyboard dongle or a camera above your keyboard to snag your pass phrase. Most folk's personal stash of pr0n is not worth even that... If you had anything worth a billion dollars, what makes you think someone would not remove family members, toenails, digits, etc. until you told them the key?
Just using any e
Re:When encryption is outlawed (Score:2)
Consider the context... The NSA or some 13 year old, not safe. The detectives? It costs real money to recover a re-partioned, accidentally formatted hard drive. (Lets just say I found out the hard way about the only copy of mission critical data...) Even if it was within the scope of their budget, it is still a hard thing to do. For bootleg MP3's? Probably enough.
/dev/urandom (Score:2)
Bring it on! (Score:2)
Thank god for September 11 2001 (Score:3, Interesting)
Ever since September 11 2001, the hawks and zionists have been laughing in these joyous times. We've seen a complete restriction in our own freedoms, yet they preach to have brought freedom and liberation to Iraq although the place is in total anarchy. Who takes out the garbage, makes the trains run on time, runs the police, fire service, runs the hospitals? Currently nobody and it will be this way for a while.
In case you're wondering if Syria _is next, it is, and then it's the Palestinians and last of all the Osama Bin Laden. This should all have occured in time for the next election, sometime next year. This was expressed in a letter to the president on September 20 2001 by 25 hawks and zionists that have hijacked the whitehouse.
[newamericancentury.org]
Letter to President Bush
Of course the saddest thing about this letter is that the people who are supposed to be protecting the american people and going after the perpetrators of September 11 seized it as an opportunity to fulfill their personal agendas. This is indeed a slap in the face to the victims and their families and to humanity.
Unpopular, I know... (Score:5, Insightful)
We do have an amendment to the constitution that protects against random search and seizure. Frankly, if law enforcement can give enough evidence to an informed judge that the party in question needs to be monitored in connection to a criminal offense, more power to them.
If you really think your geeky attempts at phone sex with some hot level 5,000,000 elf from EverQuest with a +50 con dildo are worth protecting from the evil shadow government, please encrypt!
Oh, and to head off all the "But the PATRIOT Act.." replies I'm sure to get, I firmly believe that its wire tap provisions are too ambiguous and when truly challenged in the Supreme Court, it will be shot down. Amazing how the whole checks and balances thing works, isn't it?
You mean, amazing *if* ... (Score:3, Insightful)
And in the meantime.... (Score:2, Insightful)
If you really think your geeky attempts at phone sex with some hot level 5,000,000 elf from EverQuest with a +50 con dildo are worth protecting from the evil shadow government, please encrypt!
As amusing as your example may be, repeat
Re:Unpopular, I know... (Score:5, Interesting)
From the Court's website (supremecourtus.gov):
"While the function of judicial review is not explicitly provided in the Constitution, it
had been anticipated before the adoption of that document. Prior to 1789, state courts had
already overturned legislative acts which conflicted with state constitutions. Moreover,
many of the Founding Fathers expected the Supreme Court to assume this role in regard
to the Constitution; Alexander Hamilton and James Madison, for example, had underlined
the importance of judicial review in the Federalist Papers, which urged adoption of the
Constitution."
John Marshall, the first Chief Justice established the precedent of judicial review, and it has since become custom as strong as written law. The court's purpose has always been to interpret and explain the laws of the country, but if they put the kibash on something as unconstitutional, it becomes by decree unenforceable under the law(the court being the embodiment of law in the country).
Class dismissed.
Vonage / Cisco / encryption won't work. (Score:2, Insightful)
The first question I asked was about encryption, the response was that "any POTS line can be tapped, so it's just as secure". (yea, right..)
I doubt they'll ever support encryption, but I wish they would.
The present age seems really quite spooky, does anyone remember the MacArthy(sp) days? I'm curious to hear if the general atmosphere today is similiar to t
It's not *that* bad (Score:3, Insightful)
Re:Vonage / Cisco / encryption won't work. (Score:3, Interesting)
More specifically, the tech said that the current hardware in the ATA's is insufficient for doing hardware encryption and that they are looking at a new modif
And the problem is... what exactly? (Score:5, Insightful)
Note the lack of the phrase "without a warrant" in this sentence. The RFC talks about "lawful intercept," which means they'd need a warrant before they're allowed to do it legally.
You don't say "without a warrant." The RFC doesn't say "without a warrant." You think maybe we can save our kneejerk reactions for something [slashdot.org] more [slashdot.org] worthy [slashdot.org]?
Re:And the problem is... what exactly? (Score:2)
I'd call it information about a protocol I'll never, ever willingly use. Not a chance.
What I consider rather suspicious about it is that it's been published at all. When you put this together with all the wonderful bills popping up recently that attempt to ban firewalls and VPNs it starts to paint a rather unpleasant picture.
Re:And the problem is... what exactly? (Score:2)
- Necron69
Re:And the problem is... what exactly? (Score:2)
Re:And the problem is... what exactly? (Score:5, Insightful)
This is ridiculous. . . (Score:5, Insightful)
Of course I'm concerned that they will be hacked. .
*Of course* we need a mechanism for *lawful* intercepts in this society. Some capability to (shall I say it again) *lawfully* monitor bad guys on the Internet is necessary to protect the rest of us, just as it exists in every other medium including human conversation. What I'm much more concerned about is half-wit J. Edgar Hoover wanna-bes who take an ad-hoc approach to collecting information, not giving a dump about collateral damage, and coyly taking an unregulated look at any other network traffic that "just happens" to get caught in their filters.
I suggest that this RFC is just the right way to go about it:
1. Publicly design a logical box that does what we need it to do and no more.
2. Force the authorities to stay inside that box.
3. Hand them their ass if they're caught outside the box.
As for the /. write-up, it's just (increasingly common around here) ill-informed, let's-go-occupy-the-provost's-office hyperbole.
What the privacy movement needs are intellectuals who can process enough complex facts to actually aid in the effort to balance a society that needs to be both free and safe. Automatically shouting "free!" when someone shouts "safe!" or "safe!" when someone shouts "free!" is not a useful debate. It's not even a good start.
-----
Privacy Concerns (Score:5, Funny)
Ahem,
When I am able to have any degree of privacy (short of living in a bomb shelter) would someone please notify me--contact information below.
Roger Hammond
164 Rochester Ln
Tucson, AZ 8546
U.S.A.
Phone:(520)791-4544
Fax: (520)791-4124
Email: rhammond64@excite.com [mailto]
AIM/MSN/Yahoo!: rhammond64
My Server: rhammond.org [rhammond.org]
I also post here [circleoflegends.org] quite often.
Thank you,
R.E.G. [good thing I didn't tell 'em my middle name]
FEARLESS AND STUPID
The good and bad of this post... (Score:4, Funny)
The good news is that everyone thinks you're post was witty and stylish...
Now the bad news...
You're about to get 5000 catalogs in the mail.
Re:Privacy Concerns (Score:4, Funny)
plus (Score:2)
Note to flamers: I belong to, and contribute to, the ACLU, so weigh in with a little more than "You don't care about keepin gummint off my back..." please.
Usual Slashdot Readership Idiocy (Score:4, Informative)
Telecommunications companies in many countries must by law provide "assistance to law enforcement" on occasion. Note: in many countries, not just the United States. This assistance has traditionally been in the form of providing call intercept and tracing on voice networks. Some governments in many countries now want to do the same thing for data packets, but moreover, when data networks are used to emulate "traditional" voice services, the existing laws already apply. Just because your ISP's telecom backbone runs over ATM or IP doesn't mean that they're off the hook when it comes to lawful intercept and emergency services (e.g. E911) regulations. When voice is extended to "the edge" in packet form, little changes in that regard.
Now, that said, this RFC proposes an architecture to support tapping data (and any application layer-services that run on it, e.g. voice) in a uniform and scalable manner. Whether you like the idea of tapping or not is immaterial and irrelevant. Service providers must obey the law. If they cannot, they go out of business, or in some cases, never get off the ground. And make no mistake; this RFC is no more about "voice" than any other data service; it describes some of the special problems with enabling the enforcement of existing wiretap laws for packet voice, yet the aim of the RFC is to solve the general problem.
The architecture proposed makes no assumptions about the use of encryption except that no assumptions can be made about the use of encryption; i.e. deliver "tapped" packets to the LEA as packets, not transcoded or decoded into some other format.
You aren't worried about tapping? Read on (Score:2, Interesting)
My friend make a long distance call to me and at some point he jokingly said he'll "boom my ass". Just that. A moment later he excused himself and got the door only to be greeted by Government agents.
This sounds like a sick
Who changed the /. Calendar again? (Score:5, Funny)
Now I KNOW somebody changed the /. calendar on me. We're only supposed to bash Cisco
ON THE SECOND AND FOURTH THURSDAYS
and this is Wednesday in the U.S., and not even the right week count.
Can somebody please point me to the revised /. Love|Hate calendar so I can get with the program?
Re:Who changed the /. Calendar again?- I cant wait (Score:2)
privacy advocates? (Score:2)
This isn't necessarily scary for the privacy advocates. It's just another battle, and not a surprising decision based on recent trends.
The people that should really be scared are those that use this technology, privacy advocate or not.
What is so scary about this? (Score:2, Insightful)
Anyways, what is so scary about this? Any ISP between any two hosts that are transmitting packets to one another could intercept those packets, and they always could.
I'm sure you all know that what is being described could probably be accomplished by a *nix box running tcpdump if it receives copies of all the packets. However, I don't think very much high-end telco/ISP equipment was really desig
Re:What is so scary about this? (Score:2, Informative)
I'm not much of a network guy, but in cisco lingo it is called "port span" which will echo the packet set to or from a port TO ANOTHER PORT. Just hook up a sniffer to the "spanned" port and you can listen to all the packets.
ISPs do this for their _secret_ monitoring / gov't-email-spying stuff. ISPs do it to find why they are having a network problem by moni
Homeland Security (Score:2, Insightful)
Because of the requirement to limit accessibility to authorized personnel, as well as the requirement that LEA's not know about each other, this interface must be strictly controlled.
Isn't the Homeland Security Administration supposed to coordinate knowledge between (L)aw (E)nforcement (A)gencies?
WTF?
What's the problem? (Score:2, Insightful)
I've been preparing for this (Score:5, Funny)
Sybase markets USA PATRIOT Act transaction scanner (Score:5, Informative)
From their ad:
"It integrates your existing customer and transaction information systems into a consolidated compliance system that detects unusual activity and automates its investigation and resolution in a timely, secure and meticulously documented manner."
Yikes.
Multicast (Score:2)
What I Want To Know Is.. (Score:5, Funny)
.. does this mean Cisco will honor the evil bit?
Oh, I dunno... (Score:4, Interesting)
Throw down schoolgirl! (Score:3, Informative)
PLUS you can encrypt it out the wazoo.
ONCE WE GET A GRIP they can intercept all they want, for all the good it will do them.
Comment removed (Score:3, Insightful)
This is *GOOD* for Privacy concerns. (Score:3, Interesting)
I would be very pleased to see legislation that clearly identifies data communication as identical to verbal communication. After reading the document, I think that this (or something close to it) may be exactly what is needed to put a legitimate legal framework around this topic. The more we can make the technical process of LI (lawfull intercept... you did RTA right?) more like the technical process of wire tapping, the easier it will be to approximate the two in the minds of the people who make, judge and execute the law.
Encryption .. wont be legal much longer. (Score:5, Informative)
Can it be accomplished at this point? I donno, but a first start is calling the use of any un-approved ( i.e. , no governmental backdoor key ) encryption cause for the use to be investigated under the patriot act..
Then it will be made outright illegal, as its placed back on the 'controlled munitions' list.
Re:Encryption .. wont be legal much longer. (Score:2)
Re:Encryption .. wont be legal much longer. (Score:5, Interesting)
Ray Kurzweil [kurzweilai.net] also thinks so [amazon.com] .
Re:Encryption .. wont be legal much longer. (Score:2)
Great, so we arrange for as many people as possible to encrypt everything they do (yes, I know, some of us are already trying this) using no-backdoor encryption systems. Flood the bastards with too much shit so the "real" stuff gets through under the radar.
Then, if they make it illegal, organise civil disobedience and flood them with offend