Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
The Internet Your Rights Online

Tap-Tap-Tapping the Net 132

Posted by michael from the who's-there?-FBI-who? dept.
The IETF will be considering building wiretapping into internet protocols (see previous slashdot story) tonight at their conference; the Washington Post has a story on the subject. A great many civil liberties and technically-oriented organizations have signed onto an Open Letter urging the IETF to reject any attempt to build snooping into the net.
This discussion has been archived. No new comments can be posted.

Tap-Tap-Tapping the Net More

Tap-Tap-Tapping the Net

Comments Filter:
  • ...and they said I was *too* paranoid. This is very scary. Of course, this makes me wish that Zero Knowledge [freedom.net] would hurry up with a linux client.

  • Whatever. (Score:5)

    by Signal 11 ( 7608 ) on Wednesday November 10, 1999 @09:23AM (#1544952)
    Sure, let the IETF build in wiretapping stuff. I think they need to fail horribly before they stop doing stupid things like that. For one, if it's at the protocol level it will be exploited. Alot. Remember source-routing? Notice how everybody even remotely concerned about security has it disabled, and infact under linux and most UN*X implimentations require you to specifically enable it?

    Secondly, why should we care? Anyone doing anything illicit will be using encryption anyway. So catching criminals isn't the issue here. Hell, I frequently use PGP for stuff that I don't consider sensitive - like sending source back and fourth between my friends. The only use for a wiretapping protocol will be to let the l335 h4x0r d00ds have a reign of terror on the 'net.

    I say to hell with the IETF - Let the chips fall where they may (and they will fall!).

    --

  • Encryption (Score:3)

    by Hermetic ( 85784 ) on Wednesday November 10, 1999 @09:26AM (#1544953)
    What with this and the recent stories about echelon, it is high time we started encrypting everything that we hold dear. Unfortuneately, we can't encrypt everything on the internet.

    There was a story some time back about Freedom, a web encrption scheme that encrypts all communication between your PC and the servers you are communicating with. Does anyone have a link, or more info? I have lost mine since then.
  • Hmm, how do I connect to other computers? SSH.

    What if I need to talk about important stuff on IRC? Encrypted DCC Chat.

    File Transfers? Easy, compress with a password.

    Any kind of protocol for this would be easy to break past. Just remember, they can't watch everyone all the time so they won't watch most of the people any of the time. Encryption wouldn't even have to be extremely strong...just powerful enough for them to not be able to look directly at it. There's FAR too much information out there to decode it all.

  • Wiretapping protocols (Score:5)

    by jd ( 1658 ) <imipak@ y a hoo.com> on Wednesday November 10, 1999 @09:33AM (#1544956) Homepage Journal
    This begs some interesting questions:

    1. How do the IETF propose to wiretap -AND- have strong PtP IPSec encryption?
    2. How do the IETF propose to locate packets, given that routers decide paths on-the-fly?
    3. How do the IETF propose to enforce this, when they are not a regulatory body? In fact, the strongest the IETF can do is release an RFC, which is just that - a request for comments.
    4. Who, exactly, is going to implement this wiretapping protocol? Even if the entire backbone used it, all you need do is tunnel through and the protocol becomes useless.
    5. What protections can the IETF impose, which guarantee that the wiretapping would even work, even assuming you -could- find all the fragments of all the packets and re-assemble them all? It's easy enough to modify a TCP/IP stack. A few tweaks here, a few tweaks there, and you're sending valid data which the sniffer will reject, but which your intended recipient will accept.
    In balance, I think it's useless, pointless and stupid. Stick to IPv6 promotion. That's useful. This isn't.
  • Let's make our own. Why the hell should we use a protocol which will let the scum of the earth track our net usage? I say we should get a competing group together to make an ipv6 that won't kill privacy.
  • If they do this I can easily imagine a open standards group forming to make their own standards and a large portion of the community would switch to those standards instead. With operating systems such as Linux at the heart of the Internet I can't see the technical community being forced into being spyed on. It might be pretty messy opening a standards war with Internet protocols but in the end open standards would win. The Internet is where open/sane standards have the most force because it is implemented by smart people. And as others have pointed out you can just encrypt everything on top. I'd imagine we'd soon see strong encryption being worked into all protocols giving the government an even harder time snooping.

  • A matter of principle... (Score:3)

    by Anonymous Coward on Wednesday November 10, 1999 @09:39AM (#1544961)
    The Clipper chip initiative was supposed to be no big deal, because the government would only use it when they had reason to suspect. When people got upset, a smaller group of people said, "Well, the NSA can probably crack your messages anyway, so why not give them your keys?" (Now, of course, it's being shown that maybe we *aren't* so far behind the NSA-- they probably *can't* break some of the stuff out there!).

    The response was simple: Just because somebody can open up an envelope doesn't mean that we send all our mail on post cards. The envelope may *not* help privacy in a lot of cases, but we still use it. It's a matter of principle-- just because somebody can violate your privacy, there is no reason to openly invite them to do so!

    Some people have been saying that the government is able to listen in on our communications anyway, so why not add in a provision to allow them to do it more easily?

    Simple: we can't *condone* a violation of privacy. Scott McNealy may say that we have no privacy, so get over it, but I'll bet he'd raise all holy hell if one of his employees were to read through all his e-mail.

    By implementing a standard that would allow the government the ability to snoop in on our conversations, we are not only condoning such action, but encouraging it! Never, at any time, should we encourage the government to (with or without permission) monitor our communications!

    Just my $0.02

  • I mean sure, you'd lose some compatibility, but just like Alternic [alternic.org], it personal/private protocols could definitely have their places and uses. Build an encrypted protocol, or a protocol which could be encrypted/signed with a pgp key and the world will love you. Keep your communications private and your own. Nobody owns you, nobody owns your communcations, nobody owns your thoughts, and nobody should own your entire means of communications.
  • Your god is dead.
    And no one cares...

    I kinda like that song ;)

    But really, if there is a God, I hope he isn't the self rightous bastard they describe in the Bible.. I mean, come on, who wants to worhsip I guy like this? ...

    Why is it every God(s/ess(es)) mankind has dreamed up has the behavior of a child?

    Worhsip me or you burn in hell! Come on, a nice god would let you in no matter what, as long as you were a nice person.. and so on and on..

    Anyways, I'm outta here - relisgious discussions give me headaches..

  • Can be patched with fair sucess at another.

    For example, I think it'd be harder to make IPv6 less secure than IPv4, but we have layers on top of IPv4 that are sufficently secure.

    On another related point: will the relaxation on exporting cryptographic source lead to the 'secure linux' patch being merged with the main kernel tree any time soon? Or are there other problems with the patch?
  • But then recovers, and proposes a worldwide ID number.

    And then launches MS Four Horsemen

    George
  • Well if yo do anything illegal there's a record on you. And you must be naive to think that those people aren't going to be targeted.

    To much information to decode, Yes, But a selective attack makes things alot easier. And what kind of equipment do you think the gov. has. Gotta be things that we only know about in theory. The things that we think aren't breakable for years they might be able to break in hours.

    And by the way, why would you want anyone gov. or not to intentionally put in a security hole? Just leaving another door for crackers.

  • Is Wiretap Immunity An Absolute Right? (Score:4)

    by Effugas ( 2378 ) on Wednesday November 10, 1999 @09:45AM (#1544967) Homepage
    This isn't going to be very popular, but I'd really appreciate some responses from people who've dedicated much more energy to the analysis of these type of questions.

    Now, I say this as a hardcore privacy advocate. I'm not the enemy. I'm a theorist, who wants to know:

    Is wiretapping evil?

    By that, I mean do people have an intrinsic right to privacy that doesn't end when they begin violating the rights of others?

    After all, few of us would complain about the subpeonas that have been delivered unto Tobacco Companies, Microsoft, and hopefully RealNetworks. Subpeonas are after the fact violations of privacy--society is demanding some chunk of personal information from the subpeona'd party. Steganography is designed to defeat such information gathering techniques...but the existence of the technology doesn't mean subpeonas must be evil.

    Nor too does the existence of wiretapping prevention technology automatically make wiretaps illegal.

    From what I've been able to discern from the literature, there's a slant towards arguing that wiretapping should be difficult--essentially, so it's only used for cases where national security is at risk. Can a system be designed where it is intrinsically difficult, but not impossible for society to spy on certain individuals' communications?

    Again, I'm the guy at work who is the point man on SSH, on custom designed secured VPN proxy links(believe me, that actually makes sense), and all these types of technology. But I'm also the guy that, when his friend was attacked by somebody who called her on the phone a half hour before, ran to campus Information Technology demanding the phone logs(and was oh-so-irate when they wouldn't let me write the simple Perl scripts necessary to extract them from the logging port on the switch. And people wonder why IT hates me. ;-)

    Screaming about how child molestors are being used to justify widespread Big Brother monitoring is all too appropriate...but begs the question, what about the child molestors? Is it possible to shield everyone but expose those who society does need exposed?

    At least a government intrinsically possesses citizen oversight. Corporations and "Mafia" style operations have no such limitations, and flourish quite well under power vacuums. A government that cannot keep tabs on such organizations is arguably irrelevant to them--just look at Russia lately.

    Sooner or later, I'm going to be taken to task over the secure technologies I'm personally involved with designing and deploying, and I want to be able to reply with something I believe in. I want to be able to defend my position, and I need your help to do so.

    So, is wiretapping evil?

    Yours Truly,

    Dan Kaminsky
    DoxPara Research
    http://www.doxpara.com

  • Big company fears (Score:4)

    by fizzbin ( 110016 ) <7fl8o4rqr2is001@sneakemail.com> on Wednesday November 10, 1999 @09:46AM (#1544968) Homepage
    It seems that (according to the Washington Post story) companies who make communications equipment were worried about the Feds requiring their equipment to comply.

    This leads me to wonder: Since this has arisen because of IP telephony, is it possible that traditional phone companies, fearing a loss of business to entities who don't comply with wiretap laws, are pushing this proposal? Seems like an interesting conspiracy theory at least.

    Anyway, the IETF will probably kill this bad idea.
  • Sure. It's a great idea. Just make sure that everyone has the ability to utilize that functionality. (Think of it as adding sight to the net.)

  • Obviously, this would have to be only the first step; outlawing implementations w/o the trapdoor would have to follow or we'd all just ignore it. Outlawing all other forms of encryption would be necessary too. I don't -think- that there's a chance in hell we'd let it get that far, but I'm not taking any chances. Between the DVD-blowup and this nonsense and the censorship issues, I just went and signed up to be a member of the EFF [eff.org]. Lots of us are tech professionals. I, at least, can put off a memory upgrade on my linux box for a few more weeks for a little piece of mind.

    --Parity
  • The IETF, contrary to many posts here,

    (1) isn't the bad guys, and
    (2) probably will decide to ignore wiretapping concerns in protocol definitions

    The question the IETF is debating the answer to is, roughly, "should wiretapping laws (of varoius countries) be considered a factor in protocol designs." It's a good and important question to ask and folks shouldn't demonize them for asking it.

    That having been said, the answer will probably -- quite sensibly -- be "no."
    --G
  • What the heck is going on with colors on Slashdot. I went to the BSD article a few days ago, and it was all red. I go to this one, and the colors are maroon and gold.

    Is it just me and my version of Netscape? Is Rob color blind? Is there some secret conspiracy to make me go crazy? What is going on?

  • A subpoena or search warrant is served to an individual. They come and knock on your door. The government doesn't (ostensibly) wiretap Bill Gates. There is no check or balance when law enforcement can wiretap. Using technology, it becomes feasible to place a huge number of people remotely connected to someone they are investigating, scan for key words (even in voice, if not now, then soon). It's 1984. * And that's just government wiretapping. That doesn't even touch criminal wiretapping (and its technological cousins...)

    * yes I know the 1984 card is overplayed, but it actually applies here.
  • At the end of the article there is something said by an FBI agent about Internet Service Providers already being required by law to be able to provide wiretapping services.

    I hate to tell you all of this, but this is not echelon. This is not a grand government plot. This is about the application of existing law-enforcement techniques (wiretapping phones) to new technology (wiretapping information transactions). The same procedures for getting a wiretap on a phone will be required for getting a wiretap on information transactions.

    So, what, exactly, is the problem? Unless you are a criminal, and quite a significant one, you have nothing to fear from the FBI. If you did have something to fear from the FBI, your phone would be wiretapped already, your house will be bugged, and your actions monitored. And no, the FBI does not have the manpower to listen into your phone unless you are quite the bad*ss. Even then, a federal judge has to approve the warrant (the legal document, not the band) that will allow them to wiretap you.

    While I feel there are some security issues introduced by this, I hardly think that it isn't worth the value given. I mean, on one hand, some incompetent sysadmin gets his system hacked (and it would have been anyway), or we can't get the information needed to convict dangerous criminals.

    I hate to be this way, but I feel that some /.ers are law-enforcement luddites. On one hand, they believe technology is great, and we can use it in new and exciting ways. On the other hand, they believe law-enforcement shouldn't be allowed to expand their existing abilities to take new technologies into account.

    I'm just rambling anyway -- really, if ISP's would really be required by law to provide wiretapping capabilities to the FBI, they'll have to figure out some way to do it, regardless of what the IETF says or does.

  • Re:Is Wiretap Immunity An Absolute Right? (Score:3)

    by Effugas ( 2378 ) on Wednesday November 10, 1999 @10:07AM (#1544977) Homepage
    A subpoena or search warrant is served to an individual. They come and knock on your door.

    Or search through your files if you're a corporation. They take over your office and demand you deliver all emails archived over the course of the last year.

    The government doesn't (ostensibly) wiretap Bill Gates.

    After the fact, they got Gates' private email...

    There is no check or balance when law enforcement can wiretap. Using technology, it becomes feasible to place a huge number of people remotely connected to someone they are investigating, scan for key words (even in voice, if not now, then soon). It's 1984. * And that's just government wiretapping. That doesn't even touch criminal wiretapping (and its technological cousins...)

    So all wiretapping is bad because some wiretapping can be abused?

    This is the kind of logic we hate in Internet discussions--"Some people seduce 16 year olds on IRC, so all of IRC is BAD!"

    Yours Truly,

    Dan Kaminsky
    DoxPara Research
    http://www.doxpara.com

  • Meet the MS Four Horsemen 2000:
    MS Mutual Violent Intent
    MS Lack-of-Food
    MS Viral Outbreak aka Outlook
    MS Unsurvivable Occurrence

    MS Four Horsemen 2000 comes bundled with the intuitive MS LeviathanPlayer for streaming media formats, and fully supports the MS WhoreOfBabylon web page extensions, because we value our ability to innovate. MS Apocalypse can be a pretty intimidating place. MS Four Horsemen 2000 is designed to make the experience a whole lot easier.

    (this goes along the lines of the old joke among my friends that one day we will wake up and find that MS has released a wonderful new product entitled "MS Breathable Gas")


    --
  • I'll worry when the temple is rebuilt. There's a great big mosque there right now. Until then, party time.
  • If you break open the seals on MS Horseman, you absolve MS of all damages incurred by plague, war, hunger, sun turned black, moon turned to blood, earthquake, accidental loss of damage, as well as any implied responsibilities or liabilities in this kingdom, and the one to follow.

    George

  • the problem is who do you trust? (Score:3)

    by SEAL ( 88488 ) on Wednesday November 10, 1999 @10:17AM (#1544981)
    I think the U.S. government has shown little evidence of trustworthiness. THAT is the issue and that is why privacy advocates hate this sort of thing. The government thinks it knows what's best for the peons, and be damned if they want to run their own lives.

    Stop for a moment and imagine the government's ideal scenario. They want unhampered access to as many forms of communication as possible. At the same time, they want people to think their communications are secure. That way, people will talk openly, and they can gather more information on the bad guys.

    So they say.

    How far does it go, though? Take a few sample cases...

    • The FBI has evidence of a guy sharing kiddie porn over the net. Instead of busting him right away, they listen in, and get enough evidence to nail his circle of friends who are involved. Pretty straightforward - mission accomplished. I think most would agree that's a job well done.
    • Another federal organization suspects a group of "religious" fanatics of hoarding weapons and plotting generally Bad Things(tm). They tap in on conversations to prepare an assault. Now if laws were being violated, ok. But it begins to blur the line a bit eh?
    • During an information sweep, gathering from many source emissions (Echelon?) another government organization hears you joke about the president's life. Not so funny when they show up at your door...
    • You're a witness to a crime, but fearful of testifying (for whatever reason). The government digs up past info on you and "leans" on you, even though you were not involved in the crime in question. (This has really happened). Is that a fair use of wiretapping info?

    Frankly, I think the government can shove wiretapping up its ass. Joe Average is the one who really gets the brunt of their scrutiny. Is our society so paranoid that we must spy on our own people? That's not the kind of life I want, although it gets more that way every day.

    Best regards,

    SEAL

  • Is it just me and my version of Netscape?

    no. it's at least both of us. I wonder if there are meanings to the colors, or if they're testing a feature which will allow user configurable slashdot colors?
  • One thing most /. users are ignoring is that the internet is a global phenomenon; for me, arguments about the validity of the FBI's actions are irrelevent.
    I'm not saying that the US has a monopoly on intrusive surveillance (Enfopol may (or may not) be as bad as anything y'all can come up with). But what's needed is a global perspective.
    (In case you were wondering, btw, I don't want to be tapped by the CIA any more than you want to be tapped by the FBI).
  • They can't do it now?

  • Huh? (Score:2)

    by john187 ( 32291 )
    Tapping is already built into 'the net.'

    Anybody ever look at the output from a packet sniffer?

    Moreover, there are three key problems:

    1. Any protocol for transmitting data, can also transmit encrypted data.

    2. Any protocol is a software specification, and therefore must be adopted by the industry before having impact on the community.

    3. Any Internet protocol must support the wide variety of computers on the Internet, including, old computers, legacy systems, and technology being deployed TODAY. Who's gonna upgrade software to facilitate snooping their data?

    John
  • Ya I know why they give you headaches, because your a moron, you have maybe heard a little about the bible. Do you even know who angst mac og is or jupiter?

  • Where? (Score:1)

    by bluGill ( 862 )

    I have in fact read my bible, and I have read the Revelation, several times. I see nothing that gives me any impression that everything will be recorded. Well, God will do some recording, but nothing indicates either a goverment or other human institution will do recording.

    For your post to be on topic it must be true, that is there must really be something in the bible that says in the last days everything will be recorded.

  • www.zeroknowledge.com

    Kaa
  • I feel safe with my data, and you can too. All you need is:
    -Set up a dedicated secure linux firewall running IP_MASQ
    -Install and configure CIPE [sites.inka.de]. Here's the HOW-TO [linuxdoc.org]

    That allows Virtual Private Networking with 128bit encryption. Its GPLed, and after you get it set up its incredibly fast (I use it over a cable modem). Its a lot more secure than a NFS+SAMBA solution.
  • It's not the FBI that scares me. The federal Government scares em, PERIOD! Ever hear of the NSA ( these jackasses read everything including your mail ) I am not a criminal, nor do I aspire to be, however, let me point out the following: If you have ever worked anywhere, you realize that management watches you. ( reads your email, listens to phone calls, etc ) Now, think about how dumb your management is and then magnify that by a factor of 10 and then you have our government. Beleive me brothers and sisters those who can do can and those who can't end up in government service. Just because the law says these guys need to have a warrant to watch you doesn't mean you might not be watched anyway. Never underestimate the power of stupidity in government agencies, maybe you make a joke and offend somebody - oops! gone to jail because some wierdo in California was offended by your sense of humor!! The less power those idiots have the safer we all are. If you don't beleive me, go through an IRS audit and you will feel differently. See ya, P.S. - I ain't paranoid, I'm yo Brother!

  • Bill of Rights. (Score:3)

    by zCyl ( 14362 ) on Wednesday November 10, 1999 @10:45AM (#1544991)
    "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probably cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

    - Ammendment IV

    It looks to me like they got it right the first time. Nowhere in there does the U.S. Government have the mandate to universally require wiretap ability, but may force it only on specific people or places when justified by probable cause with supporting testimony.

    I've seen no politicians stand up and oppose this section of the Bill of Rights, yet far too many try to violate it. I think the U.S. would do well as a country if its politicians read the Constitution once through...
  • if they were going to tap someone, it's much more likely that they'd place the tap as close to the source as possible. though, if they could do that, it would mean they already know their IP or can find it out, which means they could just plug into the lan at the pop site and filter it out. seems to me, that routers with promisc ports would be more usefull than anything you could add to the protocol layer.
  • What I could never figure out was why a God who could create the entire universe would care if he/she/it was worshipped. Does God really have such deep-seated self-esteem issues that God insists that everyone worship him/her/it? And if you don't you're gonna pay?

    Seriously, I don't get it. Maybe God needs a shrink.
  • The IETF is discussing the following questions:

    "should the IETF develop new protocols or modify existing protocols to support mechanisms whose primary purpose is to support wiretapping or other law enforcement activities"

    "what should the IETF's position be on informational documents that explain how to perform message or data-stream interception without protocol modifications"

  • Ummmm.. I'm confused...

    Since when the hell did IETF gain any form of actual control? They can release an RFC, right? BFD... It's not like they write any actual CODE or anything..

    You don't want people spying on your communications? Use code that doesn't implement that spec. Wheeee!

    Does anyone honestly think that, given a choice, an indiviual would choose a piece of software that is intentionally insecure? Really, given an actual, informed choice, mind you...

    IETF has no real power. They can define the spec all they want, just don't use that spec. There's already specs out there which are not tapable. Use those instead. The whole point of the RFC system is "may the best protocol win", right? So.. May the best protocol win. :-)

    ---
  • against unreasonable searches and seizures

    This presumes there are reasonable searches and seizures.

    Nowhere in there does the U.S. Government have the mandate to universally require wiretap ability,

    Well, if there are reasonable searches, there must be an ability to execute that search. Since it's impossible to predetermine which communications can be reasonably searched, all must be made searchable, and the courts must determine which ones may be searched.

    At least, that's how the argument goes. Where's the flaw in it?

    Yours Truly,

    Dan Kaminsky
    DoxPara Research
    http://www.doxpara.com



  • Means of appeasement (Score:3)

    by jabber ( 13196 ) on Wednesday November 10, 1999 @10:57AM (#1544997) Homepage
    The IETF full-well knows that IPv6 will make wiretapping of the internet a moot point. "Yeah Mr. NSA, you can listen to ciphertext zip by, be my guest"...

    My suspicion is that this is a way of saying "Nice doggy" to the 'powers that be', because the 'powers that be' can fund backbone upgrades, provide research grants, and lobby in favor of certain protocols and technologies...

    This support from the federal government would mean a lot to the members of the IETF, and if the price of the support is providing a back door that leads nowhere, so be it.

    The people on the IETF are not as dumb as those twisting their arms are.

    Besides, what better way to convince big business to lobby for strong encryption than to show that lack thereof is tapable?

    Slickness points to the IETF.
  • Unless you are a criminal, and quite a significant one, you have nothing to fear from the FBI.

    Am I the only one that finds that statement scary? Was Martin Luther King Jr. a significant criminal?
  • They'd better make damn sure they only tap US citizens, if they'd start tapping. Otherwise they would somehow be out of their jurisdiction... That would be possible technically speaking, but still, if my packets would go through a US server they would have the right to read em. Or do they?


  • Re:Whatever. (Score:1)

    by Anonymous Coward
    Actually, the issue is that telcos and service providers cannot use ip telephony equipment if wiretapping is not supported, because being able to wiretap is some kind of federal law.

    If they won't use the iptel equipment, there is no reason to have iptel working groups. Solution?

    • compromise and pay lip service to the fed wiretapping requirement
    • disband the iptel working groups
    • keep going and ignore the industry
    • none of the above :)
    It's a fun world out there :)

    --ac

  • >And no, the FBI does not have the manpower to listen into your phone unless you are quite the bad*ss. Even then, a federal judge has to approve the warrant (the legal document, not the band) that will allow them to wiretap you. The reason that we get so uptight about these things is that they DO have the power to monitor people wholesale (Echelon, etc.) Anything that makes it easy for them to wiretap makes it easy for them to abuse their privelige. Do you really believe that most wiretaps go through a Judge first? In LA recently there is a big stink because the police were holding massive wiretaps using a few old warrents, or no warrent at all. Even if the data they collected wasn't admissible in court it allowed them to intimidate suspects and investigate individuals without proper probable cause. If it is easy and automatic for them to wiretap do you think they will hesitate to use their power on a whim? I don't trust the Government that far. Remember, when you give away power you are giving it to the lowest common denominator. It doesn't matter how many right and just officers would use this technology, one fuck-up loser can do alot of damage. I don't want to give that loser that kind of power. I don't think that this IETF proposal will come to anything, it is against the principles that they operate under. Even if they did recommend a wiretapping protocol it probaly wouldn't go anywhere, we would just go through, under and around it. This only works, however, if we actually do it. Reading the post about the deCSS debacle the other day I noticed a number of "I didn't download the source and now it is gone, help!" posts. What if no one, or very few, had hosted the source elsewhere, deCSS would be gone and we would have to recode it (a simplistic example, many people d/l the source to compile it on their systems). I also remember the GLDoom port that died after over a year of work because of HD failure and lack of backups. Don't let this happen to our Internet!
  • Unless you are a criminal, and quite a significant one, you have nothing to fear from the FBI.

    Bullcrap. The FBI has a historical record of using wiretaps, sometimes illegal ones, to gather information on people deemed by them to need watching. The embarassing info thus gathered was used (please note that: it was used) to pressure people into toeing the FBI line. Hoover kept himself in his job for years by gathering info on the politicans who were supposed to be his bosses. Has that kind of thing stopped now... or have they gotten better at hiding it?

    The argument that only people breaking the law have something to fear is simply not true. Having an affair isn't illegal, but it's probably not something you want everyone to know about either. The FBI has already proven themselves to be abusers of this kind of power. They do not deserve to be given even more power.
  • Areas are now being color coded. It's on purpose, and it should be consistent within a topic.

    I suspect that Rob/Andover is trying to increase ad revenue by increasing membership. Making slashdot contain more eyecandy, thereby attracting AOL users like moths to a lamp.

    I just hope that it's actually a bug-light. :)

    Just ignore them. The colors should fade in 8 to 12 hours... Have a nice trip.
  • Does anyone else realize what kind of traffic monitoring even, say, ten people would generate?

    Is icky. I suspect 'internet wiretaps' will never get too far -- at the very least places like /. and such will scream loudly enough to be heard.

    ~Owen

  • I'm a theorist, who wants to know:

    Inquiring minds, and all that, eh?

    Is wiretapping evil?

    No. It is not intrinsically evil and there are plenty of situations when it can be justified.

    By that, I mean do people have an intrinsic right to privacy that doesn't end when they begin violating the rights of others?

    Yes. However that right is generally not recognized by governments.

    ...there's a slant towards arguing that wiretapping should be difficult--essentially, so it's only used for cases where national security is at risk.

    Yes. The point is the balance of power between an individual and the government. Part of that balance is that it is infeasible for the government to keep tabs on everyone all the time. If (rather, when) that situation changes, the balance of power will shift. It is my considered opinion that we should try to prevent this balance from shifting towards the government side. Part of it is making wiretapping difficult.

    Screaming about how child molestors are being used to justify widespread Big Brother monitoring is all too appropriate...but begs the question, what about the child molestors?

    There is a trade-off. You trade off personal freedom against safety (that is, against making it easier for the police to catch law-breakers). In the US the founders had a lot to say about this trade-off, the two most noticeable ideas being that (1) Freedom is more important than safety; and (2) It is better to let a guilty man go free than to convict an innocent.

    Is it possible to shield everyone but expose those who society does need exposed?

    No, because that presupposes a conviction (you need to be exposed) before the information was gathered (otherwise, why do you need to expose the guy?).

    At least a government intrinsically possesses citizen oversight.

    Er... You probably mean "a democratic government in a Western country". Look at Pol Pot Cambodia and North Korea for extreme examples.

    So, is wiretapping evil?

    No, but it has to be hard to do. The issue is not an absolute right of an individual to be safe from search and seizure, or an absolute right of a government to find out what it wants to know -- neither exist. The issue is balance of power between an individual and the government. It can be shown that any government (any bureacracy, to be more exact) tries to accumulate as much power as it can get away with. Moreover, the interests of the government (as a collection of people with political power) are not necessarily the same, or even close to the interests of the entire society. Add to this that governments tend to be inept, clumsy, stupid, suffer from delusions of grandeur, and make mistakes on colossal scale.

    Governments are useful, no question about it. A reasonably decent government is much better than no government at all. But a government that accumulated too much power is dangerous and, as history shows, usually ends up inflicting considerable damage on the society.

    The argument above is a pragmatic one. There is also a philosophical one -- you can treat history as the struggle for power between individuals and organizations (chiefs, governments, churches, corporations, etc.) and I, personally, take the individuals' side in this struggle. But to somebody who believes that the man's unbridled nature is chaotic (at best) or evil (at worst) and that he needs to be "civilized" by the society -- to such people the philosophical argument will not make much sense.


    Kaa

  • Not for Technically Savvy Linux Users (Score:3)

    by Greyfox ( 87712 ) on Wednesday November 10, 1999 @11:13AM (#1545007) Homepage Journal
    They haven't a prayer of foisting anything on Linux users that Linux users don't want. I can just go into the kernel source and rip out anything that I don't like.

    No, the only people this would affect will be closed source OS users, notably the 90% of PC users who use Windows.

  • I said:
    A subpoena or search warrant is served to an individual. They come and knock on your door.

    You said:
    Or search through your files if you're a corporation. They take over your office and demand you deliver all emails archived over the course of the last year.

    I was afraid you wouldn't understand what my point was, since your example illustrates this. I could have written it better. When you search the files of the corporation you serve them with a warrant. The company knows it has been served with a warrant. The point I was trying to make is that it is important to know when you are being searched. Your example doesn't change this.

    I said:
    The government doesn't (ostensibly) wiretap Bill Gates.

    You said:
    After the fact, they got Gates' private email...

    And he knew when they got it. The government didn't put secretly put a packet sniffer on the network... that I know of. :) Same as above example.

    I said:
    There is no check or balance when law enforcement can wiretap. Using technology, it becomes feasible to place a huge number of people remotely connected to someone they are investigating, scan for key words (even in voice, if not now, then soon). It's 1984. * And that's just government wiretapping. That doesn't even touch criminal wiretapping (and its technological cousins...)

    You said:
    So all wiretapping is bad because some wiretapping can be abused?

    I shouldn't have changed the subject in the last sentence. Protection from criminals is a great reason to protect your privacy (through encryption). That does not have anything to do with your question, are privacy advocates necessarily against subpoenas and search warrants against suspected criminals. So I'll concede that for this discussion.

    The first part of what I said, however, attempts to explain the effective difference between subpoenas and search warrants (a lawful society, IMHO) and wiretaps (internet or otherwise).

    There is some wiggle room. It's not exactly black and white. Supposedly, FBI, police etc are required to get a court order to wiretap phones. There is room for debate. But don't suppose that all privacy advocates have nothing to stand on just because there are legitimate reasons and methods for enforcing the law.
  • Actually, now that I think about it.. You are right, it is not in Revelations. I just wish I could remember where it was. It was in one of the books that talked about the last days. Now I am going to have to go on an in depth search for the scripture. It's starting to bug me.. Oh well.

  • >Well, if there are reasonable searches, there
    >must be an ability to execute that search. Since
    >it's impossible to predetermine which
    >communications can be reasonably searched, all
    >must be made searchable, and the courts must
    >determine which ones may be searched.

    >At least, that's how the argument goes. Where's
    >the flaw in it?

    The flaw is that the concept "all must be made searchable" violates the right of the people to be secure, and the Ammendment reads that such will "not be violated".

    Wiretaps should only occur when there is already just cause for suspecting the target of committing a crime. And when such does exist, extreme measures can be taken such as planting a car outside of the targets house, or placing a small bug near the targets phone, or storming the target's home and taking the target's computer equipment. The situation of a suspected criminal sitting there committing crimes using encryption as a shield of immunity is a non-issue. The situation does not exist in a real physical world.
  • I can just go into the kernel source and rip out anything that I don't like.

    Sure. But you would also like to talk to the rest of the net, wouldn't you? And that means that you must make yourself understood by the routers, no? And if the backbone routers switch to some protocol that you just ripped out of the kernel, you are going to find some problems in your life, isn't that so?

    Kaa
  • One thing most /. users are ignoring is that the internet is a global phenomenon...

    That is certainly true, but does it really matter? There are of course many of us /.ers who are from the US, and so we naturally think first of the FBI, and we use them as an example. I doubt it would be any different in most other countries (as rde suggested), it's just a different name. And of course, if the protocols did contain wire-tapping, that would be available to all governments (and terrorists, too, yikes!), not just the US. And personally, I don't think there's any chance that wire-tapping will be build in to the standards, so I'm not going to worry about it anyways.
  • "So all wiretapping is bad because some wiretapping can be abused?"

    No, but under new laws, the FBI will use their new power to constantly scan for illegal activity.

    Currently, new cellular protocols are requiring that the FBI be allocated 10% of the total infrastructure for wiretapping. Also, the FBI will be able to "listen" in on active conversations.. they will also be able to use inactive cell phones as microphones.

    Now, 10% is a HECK of alot of bandwidth. 1% would be more feasable. But 10% would mean that 1 of 10 people will activly be tapped. And you can bet your buns that the FBI will tap tap tap.

    Now, would you say that 10% of the population who carries cell phones are law breakers?

    In other words, does the civil BENIFIT of indescriminatly wiretapping match the potential lowering of criminal actions? Will all conversations eventually be public record? Would political views, first amendment rights, and religeous beliefs be genuinly protected? What kind of watermarking or proof will we have that cellular monitoring presented in court is indeed unaltered?

    Pan
  • You raise some good questions. Something to consider is that wiretapping is a relatively new capability, dating only to the advent of the telegraph/telephone. Until then, there existed no way to perform this kind of invasive monitoring.

    In my humble opinion, the writers of the Bill of Rights would consider built-in wiretap capability not only a violation of the Fourth Amendment, but possibly also the Third and Fifth -- against compelling persons to quarter troops in their houses and compelling persons to testify against themselves.

    The existence of a court order does not remove the fact that an individual having an expectation of privacy acts very differently than when that expectation is not there. Do individuals tell falsehoods in private conversation? In many cases, yes.

    In my opinion, wiretapping is the magic bullet for LEAs in the way that polygraphs were until they were proven unreliable and unnecessary. Is wiretapping *necessary*, even if it is reliable? I doubt that it is. Such invasive procedures should be difficult and costly. Making invasion of privacy cheap and convenient will only make it ubiquitous. So many things in our society are done for the convenience of those in control, and not for the well-being of individuals. (As an example, look at how hospitals treat women in labor -- everything designed to make medical intervention convenient, nothing designed to make it unnecessary.)
  • Well, if there are reasonable searches, there must be an ability to execute that search. Since and the courts must determine which ones may be searched.
    it's impossible to predetermine which communications can be reasonably searched, all must be made searchable,
    At least, that's how the argument goes. Where's the flaw in it?


    If I may take a stab at this...

    Even with easily tappable communications, there is nothing preventing the parties trying to communicate from encrypting the communication. In this case, being able to tap it gains the police nothing. Having the legal right to tap a communication does not guarantee the actual ability to listen in.

    That (I think) is the flaw. Since it's impossible to predetermine which communications can be actually searched, why make any of them searchable? It's all a matter of whose life is going to be made easier: the police or the citizens (both good and bad). The police vote for the police. I myself favor the citizens.

    I already have relatives who refuse to share certain political beliefs over the phone, due to the possibility of police wiretaps. Even though expressing such beliefs is supposedly protected as free speech, the climate in this country is already to the point where people are afraid to speak. Is giving the police another avenue to monitor everyone more important than having a climate where people aren't afraid to speak their minds?
  • I think that there is an important distinction which is very often overlooked here. That is, corporations are not people. The law creates this fiction that they are, but ultimately, a "real" person should have much stronger rights than a "fake" corporation.

    What really bugs me is that the supreme court has declared that corporations have more rights in court than illegal immigrants.
  • The flaw is that all communications are interceptable already. As has been pointed out in the DVD issue. Data has to be in plaintext to be viewed or seen. It also has to be in plaintext when its written. So all they have to do is install a bug or camera on the computer monitor at either endpoint. Or install some monitoring software onto their computer.

    Thus, they are searchable anyways. The search doesn't require wiretapping. Therefore wiretapping is not needed.

    Just because the government has the right to search my property in a court-mandated fashion does not give them the right to keep me from hiding something (Personal papers, money, or whatever), or making door-locks illegal.

  • I use this solely between 3 private networks that need 128bit encryption. This is overkill for everyday usage.
  • Ummm... yes, that's what the paper says. What does this have to do with my position that the IETF needs to be burned before it wakes up and goes back to it's original charter of creating reliable protocols? They're engineers, afterall, not spooks.

    --
  • Well, if there are reasonable searches, there must be an ability to execute that search.

    First, the Constitution does not specify what *must* be -- only what must *not* be. It permits reasonable searches, but does not make them obligatory.

    Since it's impossible to predetermine which communications can be reasonably searched, all must be made searchable...

    And here is the flaw. You are saying that everything under the sun must be made searchable and seizurable by the government, in case at some point in time the court system will let it. This implies that if I write some document, encrypt it and destroy the key, I have committed a crime since at some later point the government may present me with a subpoena for this document and I cannot produce it. I don't think that this is how the law works.

    To reiterate, the Constitution does not *prohibit* the government from establishing wiretapping facilities, but it also does not *demand* them.

    Kaa
  • 1. The ability to do wiretap is a law enforcement (hence mostly FBI) thing. If other intel (NSA, CIA) agencies do wiretap in the states, nobody knows about it. And somebody probably would if they did, seeing as how they have to ask phone companies, etc. for permission. If they don't ask permission, then we aren't talking about them at the moment, are we?

    3. The NSA and CIA are rather closed, and nobody knows exactly what they do. The FBI, on the other hand, is a large federal law enforcement agency, and everything they do is just as open to the public as whatever your local police may do, i.e. whatever you do not know is to most likely to protect the privacy of the defendants and the integrity of case.

    3. Citing Hoover-era FBI tactics as current FBI policy is absurd. It's like saying the army is inches away from running out of their bases and killing native americans. Sure, it happened, and it was terrible. But we live in a different era today. We don't have perfect law enforcement (never will), but we aren't illicitly wiretapping our president -- that's the Mossad's job now ;)

    3a. Citing anything ever done by the LAPD as general law enforcement practice by anybody but the LAPD is also absurd. :)BR

  • Well personal privacy is marooned on a distant planet it seems therefore maroon is an appropriate color here.
  • I mean come on... this freedom stuff is for the birds. What we really need is a good dosage of big brother to make us happy. How do I know? Big brother told me so. That's good enough reason for me.

    So, I think that this is a really good first step. Now every packet I have can be monitored and checked. Honestly, I don't care if they do it to me whether I am a criminal or a working class person. Its all just fine with me. Don't think of it as the FBI or the NSA eavesdropping, think of it as your own personal entourage. Every thing I do, whether I type or I talk on the telephone, they can listen to me. That doesn't sound bad... Its comforting really, like the AT&T commercials, but without having to pay for long distance.

    Maybe one day I'll be lucky enough to get a barcode stamped on me, or maybe a subdermal implant, either way - if it helps the NSA or the FBI catch the bad guys, it must be a good thing. After all, the FBI and the NSA are the good guys, they would never use any information in an illegal fashion. That is important to me.

    Sure their history may house a, well, a few tarnishing events, but that's ok. Everybody makes mistakes, lets not penalize them for that... that would be... unfair, and we want to be fair.

    See, I will gladly be compliant... Niether the FBI nor the CIA, nor the NSA have anything to fear from me. I will gladly be a sheep.


  • I'd hazard a guess that most /. readers had run-ins with authority figures when younger and quickly learned how idiotic people can be. The Hellmouth series of stories is a good indication of this.

    We're different; mappers instead of packers, to use another metaphor recently seen on here. One day the Government could decide we're dangerous and should be tracked. Ever see the Sci Fi show about the kid who's killed because his IQ was too high? (Outer Limits, I think it was.) We innately distrust authority because we've seen what idiots buerocrats can be, from the school administration who classified us as "Learning-impared" because we didn't do well in classes that bored us to Pointy-hairs at any given company.

    And just because you're paranoid doesn't mean they're not out to get you. Abuses of power within the various three letter agencies are well documented in the states. From the McCarthy witchunts to the surveilance of assorted leaders of the 1960's to the incidents just recently in WACO and Ruby Ridge, the proof is there that you can be eliminated or harassed for the rest of your life if you attract the wrong attention, even if you're innocent of any wrongdoing. The government and its agencies need lots of accountability and lots of roadblocks to keep such abuses to a minimum. And we need to make sure that every government keeps their hands the hell off the Internet, which will one day be the main medium for communication around the world, not because we're not afraid that criminals will use it and leave no tracks in the real world but because we're afraid that the government will use it to, say, silence a whistle blower who is trying to force some accountability.

  • Freedom is found at ZKS -- http://www.zks.net (a very cool company, IMO).

    John Gilmore's homepage http://www.toad.com/gnu/index.html has more
    about SWAN http://www.toad.com/gnu/swan.html which seems like a good
    idea to me. http://www.xs4all.nl/~freeswan/ is the main site. Linux FreeS/WAN
    is an implementation of IPSEC & IKE for Linux.

    I personally hope that there's a financial privacy (as well as personal privacy)
    backlash from all this garbage, for obvious very-selfish reasons.
    JMR
  • Whatever it is, it's really annyoing.

    Stick to the default color scheme, please!!

  • In response #66 [slashdot.org], Kaa makes a pretty good case for why that might not work. If all the routers between you and your destinations won't route your packets, you will be effectively unplugged. Whatever you do has to be compatible with the rest of the world; more to the point, if the protocol in the router you connect to can be jiggered to send copies of your traffic to a snooper, they can "tap" (even if they can't immediately understand) everything that goes between you and the Internet. This is pretty important for the snoops, because traffic analysis carries a lot of intelligence even without having access to the content.
    --
    Advertisers: If you attach cookies to your banner ads,
  • The FBI, on the other hand, is a large federal law enforcement agency, and everything they do is just as open to the public as whatever your local police may do, i.e. whatever you do not know is to most likely to protect the privacy of the defendants and the integrity of case.


    Oh, I understand now. We exist in different reality tunnels.

    It must be nice in your reality tunnel... mine kind of sucks.
  • OK, here's my view (I hope I'm not rehashing too much from other people)...

    The problem with wiretapping, as I see it, is one of responsibility. In the real world, if the police want to search your home, they have to convince a judge that there's at least some reason to do so. Fair enough. "We want to search John's house because this Frank says John is selling drugs in there". So the police get their warrent and look around. Whether or not John is committing a crime (selling drugs), he KNOWS he's being searched and can see the warrent.

    Now, with wiretapping, it's different. The police just want to listen in to what John is saying to his friends. But John doesn't know he's being searched. He has no reason to suspect he's being searched (especially if he hasn't committed a crime). If he doesn't even know he's being searched, how can he verify if a warrent has even been issued?

    This is the fundamental problem with wiretapping. If the police show up at your door and ask to search your house and don't have a warrent, you can tell them to go away. You can refuse their request to search. But with wiretapping, you can't refuse because they never even ask (assuming they don't really have a warrent). Now I don't know exactly what sort of safeguards against unwarrented wiretaps there are, but I can imagine there are ways around them if someone wanted to (i.e. for personal gain).

    I don't have much issue with warrented wiretaps, because they ARE WARRENTED. Some judge somewhere is convinced that there's at least some good reason to tap your phone. I assume the warrents also specify things like for how long the tap can go on and what sort of data can be gathered. But it's the potential for abuse that I take issue with. Who will stop the abusers? With real-world searches, it's the one being searched (and his/her attorney). But in wiretapping, by definition, the one being searched doesn't know and cannot prevent an illegal wiretap. Depending on the honesty and integrety of law enforcement agencies, though 99% of the time is a good bet, is not good 100% of the time. It's that last 1% that worries me.
  • The Bible also says the Pi=3.

    I wish I had a nickel for every time someone said "Information wants to be free".
  • Benjamin Franklin had a quote that goes something like;
    "I cannot conceive otherwise that the Infinite Father, neither desires, nor requires worship, but that He is infinitely above that."
    (not exact wording)

    Actually, a lot of Christian doctrine points to this worship thing as not something that is for God, but is actually more of a mental excercise for the worshipper. I know there's language to the contrary in the Bible (I am a jealous God, you shall have no other above me - etc.), but fundamentally, it's the subjugation of one's Free Will to His Will that counts, and worship is more of a path to that end, rather than an end in of itself. Just like Jesse Ventura said; "organized religion is for those with weak minds." But he didn't necessarily say that he was opposed to religion, itself, or God.

    I wish I had a nickel for every time someone said "Information wants to be free".
  • There is that one goofy propaganda page out there somewhere that has all kinds of relationships between the number 666 and Bill Gates' name, Windows95, etc. . .
    And, he IS the son of a Lawyer. . .

    I wish I had a nickel for every time someone said "Information wants to be free".
  • He already has. Ever hear of a GUID?

    I wish I had a nickel for every time someone said "Information wants to be free".

  • And we're not criminals, are we? Perish the thought!

  • thanks for the urls.. that Gilmore is one active geeky dude ... I like this quote attributed to him the best...
    • "The Net treats censorship as damage and routes around it."

  • Re:Huh? (Score:1)

    by Xenu ( 21845 )
    The IETF is not adding wiretapping capabilities to Internet protocols. The discussion has been centered on the following:

    1. Is there a legal requirement to support wiretapping (CALEA in USA)?

    2. If wiretapping capabilities must be added to certain types of equipment (VOIP), in certain countries, should this be standardized?

    3. Should the IETF tailor its protocols to the legal requirements of specific countries?

    4. Is wiretapping good or bad?

    Some people are confusing the discussion of these issues with a particular position on the issues. Do we start burning people as witches because they discuss the morality of witchcraft?

    Many members of the IETF are engineers, some are probably spooks. Protocol design and engineering are performed in an environment that interacts with political and economic factors. You can't make them go away by clicking your heels together three times.

  • 4th amendment (Score:3)

    by sterno ( 16320 ) on Wednesday November 10, 1999 @01:12PM (#1545045) Homepage
    The fourth amendment guarantees your right not to be searched without due process of law. Most of the time this is the case. This same guarantee protects your right not to be wiretapped.

    Now, the problem with building in backdoors into the fundamental security of the Internet or any system is that it provides the possibility for abuse by both authorities and third party criminals (as opposed to the criminals who are the authorities). If somebody can get access to that back door they can create endless havoc.

    The other problem is that with this back door so readily available, authorities will be very tempted to use the door without warrants. If they think you are a bad guy they can sniff your traffic get enough evidence then go get the warrant to get the rest of your traffic. And don't think they won't do it. There are countless cases of cops using wiretaps illegaly to get information and go after people who otherwise would not be prosecutable. In all likelyhood they would surrpeticiously just sniff all traffic for naughty bits, and nobody would be the wiser because it is all the kind of stuff locked up in the dark recesses of the FBI and NSA headquarters.

    Nah I'm not paranoid... :)

    ---

  • Where in the world did you get your information? I work with the standardisation of cellular protocols (specifically 3rd Generation GSM/UMTS protocols) and can tell you that your statements are waaaay off base.

    Before you start spreading rumors, you may want to check your facts. Take a look at this link [fcc.gov] at the FCC's website concerning CALEA (Communications Assistance for Law Enforcement Act) if you want to find out what is really going on.
    ---

  • So, a bit off topic, but let's say after all this hubbub and 5 or 10 years from now there's a wiretapping backdoor into everything IP. Even today a lot of people are starting to get (as in understand and use) encryption for personal use. By the time all this wiretapping stuff comes to a head, don't you think it will be fairly moot? Yeah, the spec and implementation has wasted a lot of hours and slows performance, that another argument. But as someone has mentioned, all the snoopers will see is cyphertext flying by.

    Does it really matter? Let's just not let big bro force a back door into everyday encryption, ok?

    Jason
  • What I have missed in most comments is a sense of the world as it will be in 10 years, because that is what is being decided. You're cell-phone will be IP-based. Basically anything could be connected to IP... look in Ask slashdot for that. But in the end we will see a host of appliances running over the Internet. Many of these appliances will be embedded in alot of different hardware.

    Most of these appliances will offer no ability to install any extra encryption schemes. It is this data that the FBI is after. Espescially ofcourse the phonecalls, but anything extra is considered to be a nice bonus.

    Now, just to be sure, don't think everything will be used against you. Heck, most of you are to insignificant to reckon with. Don't think that if the IETF will not go ahead with aiding the snoopers the battle is won. Just see it in the right perspective. A world filled with IP based appliances, which broadcast data that might be valuable to someone interested in it.

  • This is about the application of existing law-enforcement techniques (wiretapping phones) to new technology (wiretapping information transactions).

    Why is it that when some new developements erode an existing zone of privacy, the privacy baseline shifts downward to accomodate them, but when other new developments erode an existing zone of surveillance, special government privileges are demanded to maintain the status quo? Where is it written that technological advance is supposed to be a one-way ratchet, so that the State's pressures are efficiently applied against the individual, but the individual's pressures in the other direction produce nothing but a bit of noise?

    Unless you are a criminal, and quite a significant one, you have nothing to fear from the FBI.

    Define "criminal". The government scores 0 out of 2 when the questions are "Was Vicki Weaver a criminal?" and "Is Lon Horiuchi a criminal?"

    or we can't get the information needed to convict dangerous criminals

    Bravo Sierra. The police managed to get the evidence required to convict dangerous criminals when the most advanced communication systems known to man were literally based upon smoke and mirrors.

    I hate to be this way, but I feel that some /.ers are law-enforcement luddites. On one hand, they believe technology is great, and we can use it in new and exciting ways. On the other hand, they believe law-enforcement shouldn't be allowed to expand their existing abilities to take new technologies into account.

    I believe that the technology of firearms is great. I wouldn't hand a gun to a serial killer. I believe that the technology of automated banking is great. I wouldn't hire someone who just served 2-5 for embezzlement to maintain such a system. I believe that the technology to monitor complex data flows is great. I wouldn't provide the root password to government agencies that have a long and disgraceful record of using the Constitution for a doormat.

    What part of this progression eludes you?
    /.

  • Can a system be designed where it is intrinsically difficult, but not impossible for society to spy on certain individuals' communications?

    It is trivially easy to design such a system. Just say no to any form of general built-in tap capability. If the government wants to spy on Joe Blow, it will always be possible for them to send in a black bag man to install a hardware bug or software Trojan Horse on Joe Blow's equipment. Alternatively, monitoring of Van Eck emissions can be performed from anywhere within a hundred yards or so (depending on local conditions and shielding).

    Of course, this means a lot of work and a risk of getting caught at it if they do it illegally -- which is a bug for them (hence their Big Brother wish list) but a feature for a free citizenry.
    /.

  • If you've got multicast (hah!), you can listen to the IETF plenary discussion of the wiretapping issue in about fifteen minutes (20:30 Washington time).

    The question was asked. It's time to find out how to answer it.

  • So the NSA and FBI want to consideration for wire tapping built into INTERnet protocols/devices? Ummm what about the INTER part.. these are united states organisations that do not have international juristiction.. I don't care what they want to be able to do and I certainly don't want them influencing the design of facilities that I, as a non US internet user, will be making use of.
  • Requiring wiretapping capabilities hurts the national security of our country.

    The new threats of encryption and internet manifest new challenges to the NSA and FBI. There have been new challenges emerging every generation since people baked messages into clay envelopes two thousand years ago. We need to sieze creativity to solve the problem, not brute force.

    Human nature prefers the easy way of using the advantages we gained from the genius at Bletchy Park, from half a century of great SIGINT, and from one of the largest factories of intelligence operations ever made. Human nature prefers to work with well understood technology and process.

    Still.

    Our continued survival lies in countering emerging chain by intelligence, guile, and advancement. If we allow our intelligence groups to become lazy, relying on ever great search powers, then they will be useless and clueless when a major threat arises.

    If we permit NSA and FBI to have wiretapping capabilities, they will be lazy, useless, and clueless to prevent concerted attacks on the US.


    A Devout Capitalist
  • *AHEM*
    Network Associates is a member of the Key Recovery Alliance. Check them out: http://www.kra.org. I wont touch anything those fools claim is secure.
  • One problem... if you have encryption, wiretapping is irrelevant. Ideally, we could CC: everything to the 'bad guys' and they wouldn't be able to read it.

    I'd imagine that as CPU power gets cheaper, encryption will start to pop up in more places. Currently, to serve every copy of Slashdot with public key crypto would be unfeasible. But in ten years, it'll probably be the default. Especially as the usability of things like PGP gets better. (ie, download encrypted data onto palmtop, run pgp there with smart-card crypto, upload back to 'unsecure' desktop if it's unimportant (ie, web surfing, etc)).

    This crypto explosion will mean that the contents of most packets will be garbage to a snooper, and anonymous tunneling software could even hide most of the routing info...

    So, by all means, let them implement a way to have 'tapped' packets being sent across a router duplicated in the logs on another machine. It'll be used for debugging more than wiretapping.

    And, if it's default to sell 'phones' for VOIP that either don't encrypt, or only barely (CLIPPER, etc) encrypt, then this will allow wiretapping. Even if some restrictive country makes these phones mandatory, we're no worse off than we are now, with China, etc. And people in other countries would simply buy secure phones that encrypted the data, much like their email software would encrypt all email.



    Hmmmm. In the future, because cell phones have such a huge ammount of memory (for a phone), maybe when you give someone your number, you can IR transfer it to them along with your public key and have *very* secure transmissions (regardless of the technology the telco uses to pass packets along.)
  • Sorry to burst your bubble, but I don't live in Sweden anymore. I live in Dallas. And as for your "friend" I would be interested to see what "standard committee" he is on. If you do have a "friend" on a "standards committee" then he is just plain lying to you, because there is no such standards activity for what has been claimed here. And btw, yes this does have to do with the FCC. The Law Enforcement Agencies are working through the FCC to produce the standards.
    ---
  • Well... there is no such "right to privacy" for individuals.
    Wrong!! It happens that that bunch of lawless tyrants in Washington may violate the Constitutional provisions, but those provisions are still there and are still the fundamental law of the land, in the US, anyway. The Tenth Amendment says that the fundamental rights of the people are too numerous to be enumerated but that they must still be preserved, that the government only has those powers delegated to it, and that it may not violate those non-enumerated rights.

    And by their behavior in using encryption for both their public and private correspondence, as well as by various public statements they made on the subject, it is clear that at least Washington, Jefferson (inventor of that encryption device called the "Jefferson Wheel"), Franklin, Madison, and Monroe considered communications privacy to be one of those Tenth-Amendment rights.

  • Actually, there's a big scandal going on in LA right now about literally thousands of illegal LAPD wiretaps used to surreptitiously gain evidence in a great number of cases.

    One basic principle in any strategic endeavor: do threat analysis ("How can this be used to attack me?") in addition to intent analysis ("Who has motive to attack me?"). The threat analysis for a tappable IPV6 is decidedly hostile to a free society.

  • Huh? I don't see Sony mentioned anywhere in Revelations. Oh, sure, Sun is mentioned in the Bible, but I think they're talking about the orb in the sky and not the thing on my desk. (Okay, I don't have a Sun on my desk. Wishful thinking.) And I don't think there is one mention of Computers anywhere in either the old or new testiments.

    I am assuming you are talking about the Christian Bible and not the Linux Bible. Right?


  • Unless you are a criminal, and quite a significant one, you have nothing to fear from the FBI.
    Do you simultaneously trust Bill Clinton [Filegate] and Richard Nixon [Watergate] on that? If so, can I interest you in a fine piece of revenue-producing architecture in a great urban location? -- it's called the Brooklyn Bridge...

  • Good idea.

    I'm a little converned with there being any circumstance in which you are compelled to give the government a way to decrypt your data.

    And, there are forms of encryption designed to allow decryption of the cyphertext into two plaintexts, one decoy, and the other the 'real' plaintext. A user of this software could decrypt the cyphertext of him arranging for the sale of kiddyporn into him talking about church, mom, and apple pie. Or, to avoid suspicion, talking about slightly illegal things, like buying small quantities of dope, or something similarly mundane.

    What would theoretically work is if there were two copies of the message made when the machinery was signalled to tap. One encrypted for decryption by the standard recipient, and the other for decryption by the government, and maybe another by the ACLU, or some other uninvolved third-party.

    This would work if there was a machine the user didn't own, like in the days of AT&T rental phones. Now the user would simply use a phone that didn't have this hidden tap capability and the government would be SOL. The secret copies would have to be made before encryption, and because paranoid users would insist on rolling their own encryption, we could be pretty sure they wouldn't allow a machine they didn't control to have the unencrypted signal.

    And relying on cell-phone makers to add this tech secretly for instance, will never happen. The DVD consortium couldn't keep DVDs secure and that involved reverse engineering. All it would take to ruin the tampered cell-phone idea would be to let the secret out somewhere along the line.

    So, it's a good idea, but it'll never happen in hardware, and if you're ever forced to give up your secret keys it'll either 1) accomplish nothing because you'll BS about the real message, or 2) be a major privacy violation.
  • Well no. Actually you make them go away by releasing a draft copy, whereupon the marketing department throws it out because it doesn't meet market demands, so you design a new one, then management throws it out because it's too expensive, so you go back and design *another* prototype, and the government likes it, but wants it in a stylish black case instead of a dull grey one... after which you actually get to build the damn thing.. which takes three months longer.. and by the time you actually get it out on the 'net it'll be out of date because BackOrifice 2001 has hit the streets and includes all the functionality of Wiretap 2000 - Spookish Pack 1. Did I mention their NIC card was built to military standards and hence weighs 450 lbs and glows in the dark?



    --

  • Wow, I REALLY like the IR transfer of keys idea for phones. Meet in person once, be secure on the phone from then on! I hadn't thought of that one. Unfortunately I cant see any company wanting to implement it due to the probability that you would probably be paid a visit if you tried...

Slashdot Top Deals

Get hold of portable property. -- Charles Dickens, "Great Expectations"

Close