Monday is Wiretap the Internet Day

Alien54 wrote with a link to a Wired blog entry noting that May 14th is the official deadline for internet service providers to modify their networks, and meet the FBI and FCC's new regulations. The Communications Assistance for Law Enforcement Act requires that everyone from cable services to Universities give them access, within certain parameters, to the usage habits of customers. "So, if you're a broadband provider (separately, some VOIP companies are covered too) ... Hurry! The deadline has already passed to file an FCC form 445, certifying that you're on schedule, or explaining why you're not. You can also find the 68-page official industry spec for internet surveillance here. It'll cost you $164.00 to download, but then you'll know exactly what format to use when delivering customer packets to federal or local law enforcement, including 'e-mail, instant messaging records, web-browsing information and other information sent or received through a user's broadband connection, including on-line banking activity.'"

Limits on government

[BWJones]

Of course this has been going on for some time, but we are only just now getting around to making it legal (Constitutional arguments aside). I really do find this incredibly disturbing and believe that the founding members of this country would be shocked and dismayed at where we have gone in the past few years (last six or so in particular). What I cannot believe is how anyone on either side of the political spectrum would 1) think this is a good idea and 2) allow this to happen. Remember people that this country is still young and has the appearance of a country that is not only spinning out of control, but it seems to be edging closer to devolving into a shell of its former self. Don't get me wrong here. I am proud to be an American, but we should not stand silent while this country falls apart either through selfish motivation or criminal negligence.

Remember folks that the Constitution is not a document about what rights people possess, nor is it a document that outlines what governments can do. Rather it is a document that describes limits on what government can do and it could be clearly argued that the Communications Assistance for Law Enforcement Act violates those provisions in the Constitution designed to protect the individual from unreasonable governmental surveillance.

Re:

[calidoscope]

Remember folks that the Constitution is not a document about what rights people possess, nor is it a document that outlines what governments can do. Rather it is a document that describes limits on what government can do and it could be clearly argued that the Communications Assistance for Law Enforcement Act violates those provisions in the Constitution designed to protect the individual from unreasonable governmental surveillance.

The central part of the US Constitution pretty much describes what the Federal government can do and gives authority to do so. It is the Bill of Rights and subsequent amendments that puts the limits on government powers - and the Bill of Rights was passed because of concerns with the powers granted in the Constitution. The Constitution was created and ratified because the central government under the Articles of Confederation was too weak to be effective.

Re:

[MindKata]

The government, any government from any party is made up of people who's career has been to seek power. In other words, seek power over other people. Its no surprise anyone in power would seek to gain more power over others and technology allows this, so there's an inevitable drift towards wanting more power. This applies to all governments in all countries, its not just American, although its more saddening to hear from countries which claim to allow personal freedom. But that freedom has always been mostl

Re:Limits on government

[Anonymous Coward]

Disclaimer: I am not American, so I possibly don't know enough about your constitution.

The way I understand it is that the constitution limits the powers that the government has by enumerating them. It defines the upper limit of the power of the government. In contrast, the bill of rights defines the lower limit of rights that the people have by enumerating basic rights. People have more rights than are defined in the bill of rights. They are only limited by the law (the manifestation of other people's rights).

Re:

[Maxwell'sSilverLART]

Bravo, sir! You clearly understand exactly what the US Constitution says. I would be proud to sponsor your citizenship, if you'll promise me you'll vote along those lines. Unfortunately, almost nobody in America does, particularly those in power.

Re:

[Heembo]

I hear you, but what can we do to really stop this? Submit more digg posts? Write our congressman? Protest at the FCC HQ? What can we do to really stop this? I'm all ears!

Re:Limits on government

[Lavene]

I hear you, but what can we do to really stop this? Submit more digg posts? Write our congressman? Protest at the FCC HQ? What can we do to really stop this? I'm all ears!

Well, in the rest of the 'free' world we do it through something called an 'election'. We actually get to choose our government and thereby exercise a fair amount of control. If we want something really bad we can even involve our self directly by joining a political party or even start our own. The entire process is commonly known as 'democracy'.

You Americans should try it once... it's pretty cool actually.

Re:

[Alsee]

You Americans should try it once... it's pretty cool actually.

Oh, we did try it once. We didn't think it nearly so cool as watching Paris Hilton go to jail for being a spoiled twit.

-

Re:

[roystgnr]

Well, in the rest of the 'free' world we do it through something called an 'election'. We actually get to choose our government and thereby exercise a fair amount of control. If we want something really bad we can even involve our self directly by joining a political party or even start our own. The entire process is commonly known as 'democracy'.

You Americans should try it once... it's pretty cool actually.

We've actually been trying it for a centuries - so long that the powers that be have learned to game

Re:

[billcopc]

Only problem is the democrats don't have enough money to buy all the votes.

The United States were built through wars, not diplomacy. Why does anyone expect that to change now ? It's a young country whose only history involves fighting... fighting others, fighting itself... It takes a long time for a nation to stabilize and harmonize, the only reason the US is even on the map is because of their notoriety and a few long streaks of financial success, as well as some pretty serious tunnel-vision as evidenced

Re:

[yabos]

Well as someone said(I think on South Park actually), what do you do when you're choices are a total idiot and a douche? Face it, in the US(and here in Canada, Liberal vs. Conservative, both equally useless parties), there aren't really any choices. The other small parties have no idea what they'd do if they actually won.

Re:

[roystgnr]

No difference between Bush and Gore? Jesus fucking hell, get a clue.

While I agree with you that there are many huge differences between Bush and Gore, this probably isn't the right discussion in which to depend on those differences. Google "Clipper chip" and "key escrow" for more information. Gore doesn't exactly have a history of valuing individual privacy rights over ease of government wiretapping.

Also, thanks to the electoral college system, it is often possible to safely vote for a third party, becaus

Re:

[mikkelm]

And now, so is the federal government!

Re:Limits on government

[asninn]

Basically, it boils down to Howdershelt's four boxes again - soap, ballot, jury, ammo. Google for the exact quote.

Re:

[SunTzuWarmaster]

There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order.
-- Ed Howdershelt

Re:

[Kjella]

Unfortunately, they're mostly eliminated:

Soapbox - the real "soap box" is the TV, only big media moguls and rich corporations get to play. Blogs don't have nearly the same impact, but I guess this one is fairly alive. Too bad there's so little left people can do that matter.

Ballot box - two parties, both on a power trip. Even if a third party started to gain traction, they'd shift politics a little and it'd disappear into nothingness again. Not to mention that going to a third party makes your side weaker -

Re:

[BalanceOfJudgement]

When the Soviet Union and the East Bloc fell, it wasn't because of a few "enemies of the state". It was because millions of people were sick and tired of having their lives interfered with and controlled by a government that wanted to know every detail of their life. They should call this "The STASI archive act", maybe that'd raise a few eyebrows. Then again, how many Americans would recognize history if it was staring them right in the face...

The really sick part is, once we do realize it it will be way

Re:

[penix1]

I always love how people try to put all the blame on the voters. While they do bear the burden for some of it the lions share goes to the lame ass candidates. I can't remember the last time I actually felt confident in a candidate enough to say "I voted for him". Instead, it is "Oh my god! I have to vote against the other guy or the whole thing will really be fucked!" It has become a choice of the idiot behind door number one or the other idiot behind door number two with both being paid the big bucks by co

Re:

[ratsnapple tea]

Or you could get involved in the political process earlier, like in the primaries, before all the loonies have been weeded out. But then, of course, you'd be giving up the chance to whine endlessly about door one and door two.

Re:

[penix1]

That's only valid if you are associated with one of the two parties.....Which I am not being registered independent...

Re:

[boolithium]

Anyone can find the details here. http://www.askcalea.net/calea/ [askcalea.net]http://www.askcalea. net/calea/ Now I have read through this and there is one really disturbing term. Here is the summary statement. /* Communications Assistance for Law Enforcement Act of 1994 (CALEA) In October 1994, Congress took action to protect public safety and national security by enacting CALEA. The law further defines the existing statutory obligation of telecommunications carriers to assist law enforcement in executing electronic

the Constitution is academic

[nanosquid]

It doesn't, ultimately, matter what the Constitution says if the majority of US citizens want something different. That's not a judgment, it's simple reality in a democratic system. Democracies frequently self-destruct if they lose the faith of their citizens.

So, harping on the Constitution doesn't change anything; if you want less centralized government and more liberties, you have to convince your fellow citizens to ignore the fear mongering by power-hungry politicians. Oddly enough (or perhaps not), t

Re:

[Syberghost]

It's rather disingenuous to take a law that Bill Clinton signed and supported, and which was in existence for 7 years of his Presidency, and try to spin your disagreement with it into an indictment of the current administration. Especially considering the fact that a Democrat wrote it, and all the Democrats in both houses of Congress voted for it. As did all the Republicans; I'll neither whitewash nor spin this.

Re:

[BWJones]

What are you talking about? I specifically made reference to both sides of the isle in my criticism of this law and the only reference I made to the current administration was in the statement about the last six years where *many* other rollbacks on Constitutional issues have taken place. Habeus Corpus? Have you seen it? That was on Bush and Company's shoulders. We could go on and on here, and while I agree with you in principle here, most Constitutional scholars would agree that the current administra

suggestion

[toby]

Get a colo service, preferably in another country; OpenVPN to it and use a web proxy running on it. Not perfect, but better than nothing.

Interestingly, this is the same kind of solution often resorted to by residents of those countries usually tagged as 'repressive regimes' by the good ole U.S. of A. Make ya think, at all?

Re:

[cabinetsoft]

Get a colo service, preferably in another country

or just move there...

Re:

[iminplaya]

Make ya think, at all?

Won't help. Tuesday is wiretap your brain stem day.

Re:suggestion

[Antique Geekmeister]

SSL private keys and SSH private keys can and have been stolen from remotely deployed systems and used for man-in-the-middle monitoring. And a penetrated router or smart switch on the *internal* side of the OpenVPN is a common approach for really sophisticated crackers to tap all your traffic *after* it's been decrypted by the VPN system.

Weven where communications are more secure at the application layer, most people simply click on the "do you accept this key" buttons when making an encrypted connection, which makes such monitoring even easier because the user in the field winds up using the man-in-the-middle's public keys, instead of the target destination's public keys. I saw this about six years ago in a rather clever router reconfiguration to minotor all SSH traffic to a victim's internal network administration servers. We only noticed it when I got brought in to see why there were such large latencies on incoming traffic, and dumped the configuration to plain text and actually *read* it, along with noticing that the previous admin had never bothered to install and enable the SSH tools. Then I found out he had been programming it, via telnet, from his laptop on the road.

We had a long, private talk before I went to the company president with the analysis. He hadn't been allowed the time or resources to do things more securely, and his manager had been saying "we have a firewall, we can trust people inside the network" and had denied this engineer's attempts to do things more securely. It would have been a lot cheaper to do it right than to have me try to clean up the mess later, but it's often difficult to get people to do things right.

If you think a colo service is robust protection, then go ahead and check how many of your colo setups have encrypted file systems, password protected boot loaders, and password protected BIOS's, just to start with. Then compare what you could do with the same money and resources to secure your systems against rootkits, implement proper password management, etc.

Yes, of course.

[toby]

I did suggest a colo "in another country". Some countries still have restraints on their governments.

The real vulnerability in my suggestion is the unencrypted side of the proxy.

But I already said it's NOT PERFECT but BETTER THAN NOTHING.

Re:

[Antique Geekmeister]

I'm just saying it doesn't buy you as much protection as you seem to think, since the communication channels are still vulnerable and the storage itself is accessible to another country's screwups.

A famous example of this is the death of anon.penet.fi, after numerous assaults on it with and without warrants. It's well-described over at Wikipedia.

Re:

[someone1234]

Yeah, it will be quite useful when Sweden will let the FBI to monitor their net too. Special priority to relocation services.

Re:

[J'raxis]

Are there any services like this located in known "shelter"/"haven" countries like Luxembourg, Switzerland, the Cayman Islands, and so on? These countries are already pretty well-versed in giving the finger to tax authorities around the world and protecting client confidentiality in other ways; what about ISPs?

Re:

[kanweg]

With one smoke cloud equivalent to one bit, it might not be as popular as one might think.

Bert
Who is considering encryption in the Navaho language

Wouldn't work

[Wyatt Earp]

American Indian reservations act like States or Terriories in that Federal Law applies there. Worse, since all Capital and violent crimes are handled by the FBI, almost every reservation has a local FBI office.

Bot me up, baby...

[Itninja]

I want to create a bot will do nothing but search for, and then go to, 'illegal' sites. I figure if it hits a few porn sites, maybe an offshore gambling site, and *any* site in Arabic that should be enough. If we get enough of these bot going it should create so much white noise that the g-men couldn't tell the real stuff from the botted stuff. Or maybe I won't. y'know, whatever...

Re:

[mcrbids]

So, do it. It's an open-source world, after all. Write something together - a simple perl script, perhaps - and release it! You just might be surprised at what happens, and you're pretty much guaranteed to learn something, if only how to code something in perl!

Re:

[J'raxis]

Hah, like the old trick of including suspicious keywords in your email signature to fuck with Echelon [wikipedia.org], eh?

Something as simple as a Perl script googling for suspicious keywords (e.g., "kiddie porn", "assassinate president", "jihadi", "moqawama", "site:.sa", "site:.lb", ...) and then fetching some/all the results at random would do what you want.

Look into the LWP::Simple and HTML::LinkExtor Perl modules to get started. Make sure you set the user-agent line to something like Internet Explorer or Firefox us

Re:

[suv4x4]

I want to create a bot will do nothing but search for, and then go to, 'illegal' sites. I figure if it hits a few porn sites, maybe an offshore gambling site, and *any* site in Arabic that should be enough. If we get enough of these bot going it should create so much white noise that the g-men couldn't tell the real stuff from the botted stuff. Or maybe I won't. y'know, whatever...

So in short, if under surveillance, perform every crime you could possibly conceive! That's confuse the surveillance team and it

Re:

[aussie_a]

So in short, if under surveillance, perform every crime you could possibly conceive!

Looking at porn and going to gambling sites as well as harmless arabic sites is a crime in America? Wow, I never knew America was so repressive. So much for being the land of the free.

Re:

[Alsee]

the land of the free.

Hey hey there! Don't you go butchering a treasured American phrase! The proper phrase is:

The land of the free and the home of the brave.

In fact just a few days ago on Slashdot I happened to write about my strong feelings on the bravery and behavior of so many of may fellow Americans, [slashdot.org] particularly in the wake of 9/11. And it just so happens to be relevant to the internet surveillance topic as well.

-

Re:

[AresTheImpaler]

So in short, if under surveillance, perform every crime you could possibly conceive! That's confuse the surveillance team and it'll do absolutely nothing about it.

He's not performing any crime at all.. It's still not illegal to just browse any of the pages that he said:
few porn sites, maybe an offshore gambling site, and *any* site in Arabic that should be enough

Re:

[yabos]

Not a crime but if they're really monitoring everyone it could be enough for them to screw with your life like put you on the terrorist watch list. Try flying on any airline then.

Re:Bot me up, baby...

[Repton]

Yeah! The false positive rates will be so high the government will have no choice but to kill the programme! It'll be just like the no-fly list!

Re:

[Hal_Porter]

Why would you want to do that though? The police are trying to catch terrorists and you're making the job harder. And they'll probably find some way to screw you if you do it, and it will end up making everyone less free.

Seriously, it's the high tech equivalent of yelling fire falsely in a crowded theatre. And these days, the government will overreact in some insane way like banning theatres.

Parent apparently didn't think before typing.

[Anonymous Coward]

"you're making the job harder" - the same could be said when you close the door on a cop sans search warrant. It could be that the police are just trying to catch criminals. But there's no guarentee that they're not just spying on everyone, prying in their private lives. Nor is there any guarantee that they won't do that tomorrow. In free countries the law imposes limits on the power of the goverment for a reason.

$164

[mastershake_phd]

$164 to find out how to comply with the law? That cant be right. I suppose you could read the law they passed, but I hear most of congress doesnt even do that.

Re:

[__aaclcg7560]

It's call nickling-and-diming the public. Unless Joe Blow Public have a financial stake in this process, he'll probably won't fork out the cash to see what it is or hire a lobbyist. The law may have enough legal jargon that it doesn't make sense without having a lawyer explaining it. Joe Blow can't start a grassroot movement when the price of learning enough to do something about it is too high.

Re:$164

[Anonymous Coward]

It's not that uncommon. Here in SC you have to pay to have access to the law. It is copyrighted and the state vigorously protects that copyright. In 1998 I was threatened by the state AG's office for having a copy of a .doc file on my web site that quoted a section of the state's vehicle laws. Us peons aren't allowed access to the laws. Knowledge of the law is only for the protected lawyer class.

I still find it amusing that a friend of mine at the time disagreed with the thuggish tactics they used but is now OK w/ denying commoners access to the law. The difference is that he recently graduated from Duke law school. He is now very anti-Constitution, anti-EFF (despite having donated money to them several years ago!), and very pro-Democrat.

The text from the SC law:

"The State of South Carolina owns the copyright to the Code of Laws of South Carolina, 1976, as contained herein. Any use of the text, section headings, or catchlines of the 1976 Code is subject to the terms of federal copyright and other applicable laws and such text, section headings, or catchlines may not be reproduced in whole or in part in any form or for inclusion in any material which is offered for sale or lease without the express written permission of the Chairman of the South Carolina Legislative Council or the Code Commissioner of South Carolina."

They consider distribution for free on a web site a sale for $0 so that makes it illegal without written permission. I tried to obtain permission and after making around four dozen phone calls and two trips to Columbia, SC, I finally gave-up.

Re:

[Compholio]

It's not that uncommon. Here in SC you have to pay to have access to the law. It is copyrighted and the state vigorously protects that copyright.

I don't know if a state counts as an entity of the United States Government, but it seems to me like it would. So, your state cannot copyright anything because of an over-riding federal law [copyright.gov]. My understanding was that the reason for that law was to prevent the exact problem you're experiencing.

Re:

[Anonymous Coward]

I found it pretty hard to believe that SC actually prevents free public access to its code of laws. While I don't doubt the original poster had a problem at one time, the code is available here [scstatehouse.net]. They go on to say that material from the aforementioned Web site "may be copied from this website at the reader's expense and effort without need for permission."

Re:$164

[Alsee]

In 1998...

There has since been a court ruling against copyrighting law. I did a Search of SC law for the term COPYRIGHT [scstatehouse.net] and only got five hits.... none of which have any relation to the "text from the SC law" that you quoted. Maybe the law you quoted did exist in 1998, but it does not appear to exist now. They may have specifically repealed it in response to the court ruling on the subject.

-

Re:

[Fez]

Oh that's nothing, check this part out:

Section 109(b)(1) Petitions for Cost-Shifting Relief

CALEA section 109(b) permits a "telecommunications carrier," as that term is defined by CALEA, to file a petition with the FCC and an application with the Department of Justice (DOJ) to request that DOJ pay the costs of the carrier's CALEA compliance ... First, the carrier must file a section 109(b)(1) petition with the FCC
[...]
Please note that a filing fee of $5,000.00 is required to accompany all CALEA section 109(b)(1) petitions filed with the FCC.

(Emphasis mine)

They want you to pay $5,000 to file a request for financial assistance! How ridiculous is that?!

Amendment IV

[poor_boi]

Amendtment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Re:

[DreadSpoon]

"Public and private communications" is not within that Ammendment, you might notice.

Scanning Internet packets also does not constitute either a search nor a seizure. You are already passing the information through the ISP. All the new law requires is that the ISP willingly pass over any of that information to the FBI upon issuance of a warrant.

Re:

[koreth]

Don't be naive. Here are two workarounds off the top of my head, either of which would be solid enough to be repeated ad nauseum to the nodding masses on talk shows: 1) It's not unreasonable to search and seize whatever we have to, if it means keeping the public safe from another 9/11. 2) We have probable cause to believe that terror cells are operating somewhere in the US, and the Internet is the place it's holding its meetings.

The Constitution has never been much of an obstacle to people in power. Hell,

Re:

[iminplaya]

You can knock people over head with the law all you want, and all you will do is knock them unconscious. Ignore the government and take it up with the people around you. Remember, many of them think the bill of rights "grants" too much freedom. That is what you're up against. The government is just the result, not the cause.

Re:

[vmfedor]

Just playing devil's advocate, really, but this law technically doesn't violate the rights of anybody because it only gives the government more mobility in doing something it already has the reasonable right to do. What *they're* saying is that they want to make it easier on themselves in the rare cases they have to use it, which I technically agree with, however what *I* feel is that if you make something like this easy then it'll be abused far more often. The answer, though, probably lies somewhere in t

and..

[SQLz]

Using this technology, we'll be able to detect and weed out people who disagree with the current adminstration. That way, the US will be restored to its former glory.

Re:

[Archtech]

"Using this technology, we'll be able to detect and weed out people who disagree with the current adminstration. That way, the US will be restored to its former glory".

Typo alert! Don't you mean "agree"?

Re:

[Alsee]

Ahhh... but you overlooked something. The law has an inbuilt process for ISPs to file delays on implementing the system, and many if not most major ISPs have filed for such deferrals. It is going to another year probably two before everything is really up and running.

Just in time to this technology to detect and weed out people who disagree with the HILLARY administration, and to restore the US to its former glory.

Muahahahahahaha!

-

So the next step

[Z00L00K]

is a requirement for all internet traffic to be unencrypted so that the agencies throughout the world can read your emails, IM and torrent downloads.

Save us from the "big brother" mentality, since then the terrorists of the world have won by letting the governments take over to make things miserable for the citizens.

A government shall serve the citizens, not the other way around. Sometimes the people in government should be taking a step back and consider what is really the consequences of the actions.

Re:So the next step

[J'raxis]

This law actually makes a special exception for encrypted data:

Section 103(b)(3) ENCRYPTION- A telecommunications carrier shall not be responsible for decrypting, or ensuring the government's ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.

Full text here [wikisource.org].

Re:So the next step

[Torvaun]

Pity. This could be a social engineers dream. Walk into an ISP, look official, and get all the packets to and from addresses assigned to the US government. Something about a counterspy program or something ought to get you in. Now, start posting things on random forums that us regular citizens aren't supposed to know about. It'd be a bitch to try and catch all of it.

Re:

[cp.tar]

There you go, people... your government is just making you use really strong encryption. Always.

In other words, it'll be good for you.

/me ducks

Re:

[J'raxis]

Hopefully this will drive people and information service providers to use encryption wherever they can. Web (SSL/HTTPS), SMTP ("STARTTLS" over port 25 or SSMTP over port 465), IMAPS, POPS, SSH, VPN (SSL or IPsec), and so on. Some IRC servers and IM protocols offer SSL connections. There're a few encrypted p2p services such as Freenet or I2P. Practically all your basic Internet services can be encrypted nowadays; for the rest, there's SSH tunneling to a safe place so the plaintext traffic doesn't originate f

Re:So the next step

[bmo]

"Hopefully this will drive people and information service providers to use encryption wherever they can."

Of the general population of the US, only the technically minded minority will do that.

Seriously. Try to talk to someone who thinks that the Internet is the IE icon (really, a co-worker keeps saying this) and all you'll get is glazed eyeballs and a "I don't get it. It's too complicated. I have nothing to hide" reaction.

Such people can't even be trusted to keep their anti-malware software for Windows up to date. You think the general public is going to start encrypting everything suddenly because of this?

"Think of how stupid the average person is, and realize half of them are stupider than that." - George Carlin

Only if encryption gets as transparent as the fish:// ioslave in KDE will it get serious adoption, and even then it will have to be enabled by default. Don't expect Microsoft to lead the way in this department.

--
BMO

Re:

[cp.tar]

You think the general public is going to start encrypting everything suddenly because of this?

If by this you mean these new regulations, then no, the general public will not start encrypting everything.

They will eventually realize that unencrypted traffic is like sending postcards instead of letters and like yelling in a town square instead of making a phonecall (though I remember seeing people using a phone in a town square, yelling so loudly I thought they didn't really need the phone in the first place

Re:

[bmo]

"They will eventually realize that unencrypted traffic is like sending postcards instead of letters and like yelling in a town square instead of making a phonecall (though I remember seeing people using a phone in a town square, yelling so loudly I thought they didn't really need the phone in the first place....)"

I must be a cynical bastard because I see that what you say in the first half is contradicted in the second half of what you wrote. People don't know or care how wide open most communication is.

Re:

[J'raxis]

There's more than one definition of "drive."

My employer is in the process of migrating all of us from one email system to another. The new email system does not support plaintext IMAP, POP, or SMTP access. We're also migrating all our websites to new servers; the ones that require authorization forcibly redirect to the HTTPS version of the site.

This is the same route ISPs could take. An HTTP->HTTPS redirect for the company website is transparent to the end-user. For services like email, they can prov

Re:

[J'raxis]

Yes, in my comment I was specifically talking about websites that the ISP owns: company website, support site, whatever. Obviously not something an ISP's customers spend a lot of time at, but every little migration to HTTPS helps.

Slashdot has the HTTPS server for signing up for subscriptions, I believe. Since HTTPS adds a bit of overheard to do the encryption, supporting site-wide HTTPS for a busy site like Slashdot would probably require a lot more hardware, so that's probably why they push ordinary brow

Re:So the next step

[Bob Gelumph]

So when will slashdot enable https://slashdot.org [slashdot.org]?

Re:

[Alsee]

This law actually makes a special exception for encrypted data

Hahahaha. Yes, thank god there is an exception for encrypted data!

For anyone out there who finds it difficult to real legalese, or who may be unfamiliar with the technical issues of cryptography involved here, allow me to translate that "exception" into plain English. It effectively says:

This law does not require companies to do things that are effectively impossible to do, nor does this law require companies to provide information that they do n

Telecommunications services only

[J'raxis]

It's important to note that CALEA doesn't apply to "information services" or "electronic messaging services", only "telecommunications". Here are the relevant parts of the actual law [wikisource.org]:

SEC. 102. DEFINITIONS.
For purposes of this title--
[...]
(4) The term `electronic messaging services' means software-based services that enable the sharing of data, images, sound, writing, or other information among computing devices controlled by the senders or recipients of the messages.
[...]
(6) The term `information services'--
(A) means the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications; and
(B) includes--
(i) a service that permits a customer to retrieve stored information from, or file information for storage in, information storage facilities;
(ii) electronic publishing; and
(iii) electronic messaging services;
[...]
(b) LIMITATIONS-
[...]
(2) INFORMATION SERVICES; PRIVATE NETWORKS AND INTERCONNECTION SERVICES AND FACILITIES- The requirements of subsection (a) do not apply to--
(A) information services
[...]

So glad I'm expat now...

[mudshark]

although my email is still handled by the same small stateside ISP that I've had for 13ish years. Are significant numbers of providers going to give the feds the finger? Or will they all roll over and expose their soft parts in the name of the War on Terra?

When are the massive demonstrations going to take place? When are thousands of fed-up-to-the-gills decent Americans going to march on the Capitol and demand an end to the gratuitous use of the Bill of Rights as bumwipe? Feckin' bread-n-circuses wussies

Re:

[J'raxis]

If that ISP of yours is only providing you with email, they're not bound by CALEA. See #19102005 [slashdot.org] and #19102011 [slashdot.org].

A good business decision by ISPs that provide both connectivity and Internet services (i.e., most ISPs) might be to spin off their services to a subsidiary, provide only encrypted access to the them (SSMTP, IMAPS, POPS for email; HTTPS for the company website) for customers, and then when the feds demand to wiretap a connection, they won't be able to get much.

Re:

[mudshark]

Serious? Really? What if I also have a shell account and a smidgen of ftp and http space? Still golden?

w00+!

If I was still in the US, I'd definitely be tunneling all traffic that I cared about. Too bad about the packet overhead.

Re:

[J'raxis]

Those all seem to fall under "information services" and "electronic messaging services" according to the law, from my IANAL reading of it. Of course, the question is, if the ISP is approached by law enforcement with a wiretap demand under CALEA:

1. Will the ISP understand the request is invalid?
2. If so, will they bother fighting it realizing it'll cost the money to do so?
3. If so, and if the ISP also provides "telecommunications services", will the courts find some arcane way of labeling the email/web/FTP servi

But the obvious "solution"...

[jdickey]

for the Reich is to have PATRIOT III include language to require logging and storage of unencrypted copies of all data that has an endpoint on said ISP's server. All your POPS belong to us..... For the guy a few posts earlier who asked the obvious question about when we're going to get riots in the street, watering Jefferson's "tree of liberty" [quotedb.com]: the two obvious answers are that 1) thanks to the efforts of those who really run the country, consumers (formerly known as "the people" or, in even more archaic t

Re:But the obvious "solution"...

[J'raxis]

What happened in 1974-11? From this list [wikipedia.org], are you talking about:

Democrats make significant gains in the U.S. Congressional midterm elections, as voters punish the Republican Party over the Watergate scandal.

What, Democrats wrecking the country? I'd pick FDR (ca. 1933) if I wanted to point to a turning point in which the Democrats got a bunch of overbearing laws passed, not 1974. Or perhaps 1917-1918, with the passage of the Sedition Act and Espionage Act, under president Wilson. But plenty of things happened prior to even that that have slowly eroded any meaning of "republic" or "freedom" in this country.

It was in 1886 [wikipedia.org] when corporations really got free reign to run this country.

In 1861, a constitutional crisis over secession by states was settled through war [wikipedia.org], by a president who also suspended the Constitution, instituted the first military draft, had congressional opponents accused of treason, and began printing massive amounts of paper fiat currency, among other things. The outcome of the war was also the beginning of rapid industrialization in the United States, turning the vast majority of Americans into wage slaves working in factories. This one is of course particularly ironic because it's been justified as a war for freedom.

And as for the first power grab by the federal government? Let's look at the passage of the U.S. Constitution itself, replacing the much weaker Articles of Confederation, justified as a response to Shays Rebellion [wikipedia.org]:

[T]he nationalists took advantage of a propitious rebellion, that of Daniel Shays, ...

[T]he nationalists wanted to scare the country into supporting a more vigorous government. George Washington was terrified. "We are fast verging toward anarchy and confusion," he wrote. His nationalist friends did their best to heighten his terror. Henry Knox wrote Washington of the Shaysites that "their creed is that the property of the United States" having been freed from British exactions "by the joint exertions of all, ought to be the common property of all." This was utterly false, but it did the trick. Washington agreed to be the presiding officer at the constitutional convention. Later, [James] Madison in Federalist No. 10 warned that without the strong arm of a vigorous central government, the states would be vulnerable to movements motivated by "a rage for paper money, for an abolition of debts, for an equal division of property" and for other "improper or wicked project[s]."

Re:

[J'raxis]

That's what PKI is for.

ENCRYPTION- A telecommunications carrier shall not be responsible for decrypting, or ensuring the government's ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.

You're right that current implementations of things like SSMTP and IMAPS (using SSL) have the private key on the server-side, but SSL also allows for client-side certi

Re:So glad I'm expat now...

[Antique Geekmeister]

Unless your email is encrypted, much of your domestic and almost all international traffic is already monitored via the spy rooms installed by the NSA in core backbone network provider's facilities, such as those installed at AT&T. And with the massive bandwidth and facilities available at such centers, and the truly abysmal security of many switches and routers including documented backdoors installed for federal use, it's easy to reroute other traffic to those rooms. So let's be clear: almost all unencrypted internet traffic is monitorable by the NSA. Even though it's illegal for the NSA to monitor most domestic traffic, there are no safeguards in place to prevent it, and with the US Patriot Act in place, all they or other federal agencies need do is mumble "terrorists" to gain unfettered access to it.

I'm afraid it's going to be difficult to coordinate protests with this kind of monitoring in place. And we're still seeing people say "but if it saves one life from terrorists", not realizing that it actually encourages terrorism by ruining trust in government and making people feel that only violent action might be effective.

Re:

[NormalVisual]

It's not a "tin-foil hat" thing if you've been reading the news at all over the past year or so.

Monday

[suv4x4]

Hmmm... "Monday is Wiretap the Internet Day"... Quick, everybody tell their friends to perform cybercimes only Tuesday to Sunday.

We win again, government, MUAHAHAHAH!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Skapare]

The actions of this government and administration more resemble those of Fascism [wikipedia.org] than of Communism [wikipedia.org], although the subject of this article would certainly be exercised by either, as both are characterized by totalitarianism.

"Fascism may be defined as a form of political behavior marked by obsessive preoccupation with community decline, humiliation, or victim-hood and by compensatory cults of unity, energy, and purity, in which a mass-based party of committed nationalist militants, working in uneasy but effec

Re:

[k1e0x]

Funny and true..

How bad will it have to get before people realize this post 9/11 government we are creating is little different than those we were fighting against less than 50 years ago.

misunderstood

[spottedkangaroo]

I work for a very small ISP. I was initially disturbed to find out we needed to assist in this sort of thing. But you know what? It's not like law enforcement can just listen in willy nilly. They need to provide evidence, get a court order, and disclose their discoveries to the defense when they press criminal charges.

People act like this is a new processes, but they've been taping phones, installing listening devices, and charging criminals with crimes for years. As long as the three branches of go

Re:misunderstood

[Antique Geekmeister]

I'm sorry, but you are sadly mistaken. Go actually read the unclassified parts of the Patriot Act. Then take a look at the existence of the secret NSA wiretap rooms in on the core internat backbone providers such as AT&T, rooms whose existence was revealed by a company whistleblower and for which AT&T is being suied now by the EFF and other civil liberties groups. The NSA certainly can and does monitor international traffic legally, with no authorization required. It's their *job*. Unfortunately, so do other countries. And the NSA trades with them to get domestic materials.

The three branches are *not* involved in this. The handling of the monitoring does not require warrants, and is thus executive policy, without court involvement or even notification of what is beiing monitored. And even if the three branches are involved, the people being monitored are *not* being notified of the monitoring!!! There is no warrant served: even libraries are prohibited by the Patriot Act from telling book borrowers that they've been forced to turn over records, without warrants, under the Patriot Act.

Yes, it's been going on for years. It's going to happen again and again, and it needs to get slapped down each time it occurs to prevent it becoming ubiquitous and a means of interfering with public policy or personal lives of the innocent. Given the documented monitoring of Martin Luther King by the FBI, the McCarthy era files of who was a communist and forced confessions of other potential "communist" americans, and stupidities of federal raids with warrants such as the "Operation Sundevil" raids on Steve Jackson games, there is just no reason to trust federal investigations or monitoring without public exposure and review.

Re:

[spottedkangaroo]

Right, all the above is true I'm sure. However, the may 14th deadline is for CALEA (it does require a court order) which has little to do with anything you're saying.

Re:

[Antique Geekmeister]

But that's not what you said. You said, and I quote "They need to provide evidence, get a court order, and disclose their discoveries to the defense when they press criminal charges.".

This is clearly not the case. And whatever made you think charges will be pressed? Not only do they not need to press charges, under the Patriot Act and similar laws and policies, you can be held without bail, without a lawyer, and without the government admitting you exist under situations like Guantanamo Bay. And you can be

Re:

[J'raxis]

Then what you (or whoever is responsible for this at your ISP) need to do is make sure this procedure is accurately and vigorously followed. Make it expensive and time-consuming for them to go on fishing expeditions under this law.

Too many ISPs and telecommunications providers comply with subpoenas and/or court orders authorized under laws like this, the DMCA, OCILLA [wikipedia.org], and so on, when such orders were in fact invalid for a variety of reasons. Worse, the government is also in the habit of making noncompulso

Re:

[spottedkangaroo]

What initially disturbed me was my initial misunderstanding that this had something to do with the patriot act or the stripping of my civil liberties. But it does not.

The only new thing here is the standard format for the compliance with the court order (and the new requirement that you be able to produce the records for the court). Most ISPs have been saying, "yeah, we don't have that information because we wouldn't have the capacity to store it, duh" up until now.

Did you feel like your civil liber

finally ... now I know what....

[3seas]

.... all the spam is good for.

ah that explains it

[nanosquid]

My Internet connection went away for a couple of hours last night; they were probably installing something. Those fools thought nobody would notice at 3am!

Re:

[smchris]

You too?

Actually, my ISP announced over the last couple weeks that we would be switching over to a new email and filtering system by "Sunday evening". Coincidence?

Another reason to kill internet radio in the U.S.?

[smchris]

Or is that just paranoid? Wouldn't a wiretap want to digest _all_ ports? Sixteen hours of stream a day might be annoying to our diligent guardians of freedom (that "they" hate us for).

Re:

[iminplaya]

That's precisely the image I'm trying to impart as to what's happening to all of the Americans. But it appears they know, and they like it. And they will be voting for more of the same in 08. Too bad the mods aren't getting the message, because it certainly isn't offtopic. But then I can understand that people don't like to be told they are being raped. We are expected to lie down, relax, and enjoy it. Then pretend it never happened...for the sake of the country of course. "The needs of the many..."

Miss Hil

Wish it were so...

[Anonymous Coward]

But even if you colocate outside USA, your protections will actually be much worse than at home. Not so long ago FBI cracked servers in Russia to get evidence. Never mind breaking their laws. FBI/CIA doesn't need any warrants to go after foreign targets. No privacy laws cover foreigners from americans' intrusion. Even crimes are ok, it seems. SWIFT, Airport, banking, health data, google data, all is OK to have and to spread and to sell if it's a US company and the target is a foreigner.

Ever had a stranger m

Re:

[chill]

Sorry, but you are probably in the same boat. These companies do a driving business overseas as well.

I know of one setup that has installed probe systems in the following countries in just the past month: South Africa, Singapore, Israel, Turkey, Germany, Britain and Poland.

That was just in offhand conversation with a sales manager for one company. And considering I'm a contracted installer who has been putting these systems in all over the U.S. for the past couple months, and the discussion was about "he

Re:

[starfishsystems]

Under CALEA section 105, if this service is based in the United States, you will have to provide decryption of traffic to and from this service if presented with a court order or other lawful authorization. The FCC contemplates fines of up to $100,000 per day per incident for noncompliance.

Don't say that I didn't warn ya.

http://www.askcalea.net/docs/calea.pdf [askcalea.net]