Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy

Verisign Offers Wiretapping Services 178

LinuxDeckard writes "According to this article at FindLaw, VeriSign will soon be offering its 'NetDiscovery' wire tapping services for a monthly fee. NetDiscovery will allow Telecoms to comply with court ordered wire taps." Verisign's press release is informative. This appears to be tapping of voice calls rather than internet usage. I assume it would work something like this: telecom company gets a wiretap notification from the FBI or local police; it routes all calls to/from $TARGET through a Verisign switch; Verisign does the tapping and reporting to the tappers. If you think this doesn't affect you, keep in mind that under the PATRIOT Act the barrier for wiretapping is set very low indeed.
This discussion has been archived. No new comments can be posted.

Verisign Offers Wiretapping Services

Comments Filter:
  • s/ISP/\$TELCO/
  • 1984 (Score:2, Insightful)

    by Anonymous Coward
    This is like, so 1984.

    When why will they stop trampling on our rights? When the private sector offers wiretapping, then the terrorists have already won.

    • Re:1984 (Score:2, Insightful)

      by Anonymous Coward
      No, when you get your hands chopped of for stealing and women gets stoned to death because someone had raped them, then the terrorists have won.
      • Re:1984 (Score:1, Insightful)

        by Anonymous Coward
        You're talking about the IRA?

        As long as the responsible citizens of the US have the freedom to murder doctors who believe in giving women the right to a safe abortion, then we'll be so much better than the Islamic fundamentalists.

        Give me an example of what someone does wrong, and I'll give you one where we do something else wrong.

    • This is like, so 1984.

      It's even worse than 1984. Instead of an ominous, stalinist-grey motif that at least conveys the nature of what's going on, they've slapped a catchy and cheery name on it - NetDiscovery! I wouldn't be surprised if they advertise this complete with Disney characters and a big fucking smiley face.

      It's so post-1984-cum-signs-of-the-impending-fall-of-the-r oman-empire.

  • Remember that you have to get a court order even to get very limited wiretapping ability (like looking at where call are going to/from and not listening to them at all. There are time limits and all kinds of restrictions.) Remember what you read in the Tracking Mafiaboy [slashdot.org] article.

    This is not another carnivore.

    • Wasn't that in Canada? different laws?
    • by Mr Guy ( 547690 ) on Tuesday June 04, 2002 @08:17AM (#3637561) Journal
      Either you read the articles attached and didn't believe them, or you didn't read. I guess this is why people post "in case the server goes down". From:The PATRIOT Act [eff.org] link above.

      Expanded Surveillance With Reduced Checks and Balances. USAPA expands all four traditional tools of surveillance -- wiretaps, search warrants, pen/trap orders and subpoenas. Their counterparts under the Foreign Intelligence Surveillance Act (FISA) that allow spying in the U.S. by foreign intelligence agencies have similarly been expanded. This means:

      Be careful what you put in that Google search. The government may now spy on web surfing of innocent Americans, including terms entered into search engines, by merely telling a judge anywhere in the U.S. that the spying could lead to information that is "relevant" to an ongoing criminal investigation. The person spied on does not have to be the target of the investigation. This application must be granted and the government is not obligated to report to the court or tell the person spied up what it has done.

      Nationwide roving wiretaps. FBI and CIA can now go from phone to phone, computer to computer without demonstrating that each is even being used by a suspect or target of an order. The government may now serve a single wiretap, FISA wiretap or pen/trap order on any person or entity nationwide, regardless of whether that person or entity is named in the order. The government need not make any showing to a court that the particular information or communication to be acquired is relevant to a criminal investigation. In the pen/trap or FISA situations, they do not even have to report where they served the order or what information they received. The EFF believes that the opportunities for abuse of these broad new powers are immense. For pen/trap orders, ISPs or others who are not named in the do have authority under the law to request certification from the Attorney General's office that the order applies to them, but they do not have the authority to request such confirmation from a court.

      ISPs hand over more user information. The law makes two changes to increase how much information the government may obtain about users from their ISPs or others who handle or store their online communications. First it allows ISPs to voluntarily hand over all "non-content" information to law enforcement with no need for any court order or subpoena. sec. 212. Second, it expands the records that the government may seek with a simple subpoena (no court review required) to include records of session times and durations, temporarily assigned network (I.P.) addresses; means and source of payments, including credit card or bank account numbers. secs. 210, 211.

      New definitions of terrorism expand scope of surveillance. One new definition of terrorism and three expansions of previous terms also expand the scope of surveillance. They are 1) 802 definition of "domestic terrorism" (amending 18 USC 2331), which raises concerns about legitimate protest activity resulting in conviction on terrorism charges, especially if violence erupts; adds to 3 existing definition of terrorism (int'l terrorism per 18 USC 2331, terrorism transcending national borders per 18 USC 2332b, and federal terrorism per amended 18 USC 2332b(g)(5)(B)). These new definitions also expose more people to surveillance (and potential "harboring" and "material support" liability, 803, 805).

      • Be careful what you put in that Google search. The government may now spy on web surfing of innocent Americans, including terms entered into search engines, by merely telling a judge anywhere in the U.S. that the spying could lead to information that is "relevant" to an ongoing criminal investigation.
        Oh, neato! Let's write the next Outlook worm, a worm whose only deed is to, once in a while (not more than 10 times an hour, please), randomly ask Google for some juicy Echelon bait [attrition.org]... But the worm should'nt do ANYTHING ELSE, so to escape early detection...
    • It's all about the money. I read somewhere (I forgot where) that the average wire-tap costs about $50,000 a pop, and rarely results in a conviction. For me I feel like this a waste of the goverment's (and by extention my) money.

      This kills me that the govt is wasteing my hard earned tax dollars on this crap. Wire taps need to be difficult to get if only because they are too expensive.
  • ... I live in Europe
  • by pinkUZI ( 515787 ) <slashdot.7.jmask ... et.com minus cat> on Tuesday June 04, 2002 @07:59AM (#3637480) Journal
    Let's not give Verisign a hard time - they're just trying to make a buck by filling a need that is currently out there. If you really have a problem with this, you should focus on the politics [eff.org] that allow wire tapping in the first place and then consider taking an active role in government by contacting your Senator [senate.gov] or Representative [house.gov].
    • by Anonymous Coward
      Of course, after they've made enough money to employ people to lobby for them, and buy some politicians, they will be working hard to make sure the laws don't change.
    • No, Verisign deserves a hard time over this. In fact, if enough people find this objectionable they deserve to go out of business. Just because something happens to be legal doesn't mean that I can't find it morally or politically objectionable. Corporations have a lot more political clout than citizens, even when they use eff.org, since they can afford to hand out more large bags of cash. Part of the defense against enabling unjust wiretaps is to make it financially harmful for a company to support them.
      • Just because something happens to be legal doesn't mean that I can't find it morally or politically objectionable.

        The problem here is that wiretapping is 100% moral and ethical -- in the context of law enforcement and a court order.

        Anyone who thinks wiretaps are always bad are not living in any sort of real world.

        • The problem here is that wiretapping is 100% moral and ethical -- in the context of law enforcement and a court order.

          The law does not define either moral or ethical - it defines the law, and nothing else. Usually we hope that the law reflects morals and ethics, but there are certain laws that do not.

          On the other hand, expecting Verisign to behave either morally or ethically is misguided. Verisign has repeatedly demonstrated that they don't give a damn about morals and ethics - I would rate them as far more morally corrupt than Microsoft. They do not care about the value of their services to society, and have actively set out to thwart that value in order to rake in larger profits for themselves.

          This latest move is hardly newsworthy - it's just more of the same from a company that has become corrupt, greedy and deserves no place in civilised society.

    • Clearly, its time to transfer my last VeriSign domain to my preferred registrar...

      I'd have done it already, but it's a critical domain and I needed to test the smoothness of the transfer process with one less critical - worked like a charm, but I had to make the request a second time to get them to let go of it...
    • So acting in a crappy fashion, as long as they can make a buck means they should be excluded from criticism???? Stop justifying every unethical and alarming encroachment of privacy by saying, just because they make money, that makes it A-OK.
    • Not so much that Verisign is acting "wisely", but that the problem should not be dealth with at the Verisign node, and that this is probably wise while the problem has not been dealt with.

      As long as US law makes it disturbingly easy for different agencies to get a wiretap on a private citizen, such wiretaps will happen. If said wiretaps happen, it would be nice if only the FBI were listening to your calls and there were no mistakes in the process.

      If going wiretap crazy creates a logistics problem for the telcos, and the results of the telcos' messing up is more likely to be more private information flying around (I would think it more probable than cancelling the wiretap), I'd prefer them to outsource the effort to someone with a higher level of commitment to the task.

      The telcos' business is not wiretapping. If they screw up, they don't lose business. It would be Verisign's business, however, not to screw up... plus I expect they would be under constant surveillance by the ACLU and similars.
  • Now when they start doing the internet stuff... We are supposed to trust them with our encrypted keys?
    • Re:Verisign (Score:1, Insightful)

      by Anonymous Coward
      Now when they start doing the internet stuff... We are supposed to trust them with our encrypted keys?

      No, you generate your own key and VeriSign never sees it.

      Think of the CALEA package as simply creating more incentives to use cryptography.

      Actually the CALEA package is there because at present the telcos have a massive problem. The government is not going to give further extensions to CALEA and if they are out of compliance they can get fined $10K per day per warrant.

      The back end of the telco service is a mess. The system was designed for a single operator with the security model being 'if you can send data to this switch you must be trusted'. That was a goodish model before they broke up the phone company and allowed anyone to become a telco with very few restrictions.

      Nobody knows the extent of unauthorized phone tapping, we do know it goes on but there is absolutely no way to measure it. At present the security is all security through obscurity. However those controls are not very deep, basically there is an open access system with some naive detection/retribution stuff. Enough to keep out the script kiddies but not a well resourced adversary.

      The real task for CALEA implementation is to introduce controls so that only authorized parties can make taps.

  • by Anonymous Coward
    ..because you're all encrypting your communications, right? You're also all inquiring as to why there isn't more transparent encryption and authentication going on too, right?

    Sad I don't want to post this logged in, though.
  • heh heh. michael used an environment variable.
  • Today we outsource wire tapping.Tommorrow we will outsource the analysis of the wiretaps.Then outsource "crime detection and response systems" and mebbe do away with judiciary. Bah!

    What is concerning is that this is the same company that does not think twice about either law or morality [com.com] when it comes to business. Mebbe with companies as liberal as Verisign we will also be able to buy wire tapping services on ebay [slashdot.org]. ~!nrk

    • > Today we outsource wire tapping.Tommorrow we will outsource the analysis of the wiretaps.Then outsource "crime detection and response systems" and mebbe do away with judiciary. Bah!

      Given the quality of work from our current law enforcement personnel, maybe that's not a bad thing.

      The problem isn't the personnel per se - most of 'em are hard-working SOBs trying to do their best, but they're are overworked, underpaid, and fettered by layer upon layer of bureaucracy.

      We don't have the money (as a society) to hire enough agents or to pay 'em what they're worth. Gubmint jobs have therefore often tended to attract a lower-skilled (or they'd find work elsewhere) and more easily-corrupted (because they need the money) worker.

      And it's the Gubmint, after all. These are the folks who raised bureaucracy to an art form. Doesn't matter who's in charge, nothing's gonna get done. Witness the INS fuckups that have been going on for years, but are only now receiving media attention.

      Next issue - why won't this (as you fear) spread to outsourcing of the law enforcement task? Well, "what's a cop?" Any citizen can make an arrest - a cop is a guy who happens to do it for a living, and who's been trained in how to do it without (a) getting killed, and (b) getting sued for taking down the wrong guy. He's paid from tax dollars because there's a lot of work involved, and there ain't much money in it, on account of criminals not necessarily having lots of money to sieze. I suppose you could go to a bounty system, but I can't see enforcement being profitable. Who wants to risk getting blown away for the $100 bounty on graffiti taggers?

      Back to the issue at hand - by outsourcing data collection to people who actually know something about technology, you increase the probability of getting the data you need. This frees up money to hire better analysts.

      Finally, and critically, unlike Gubmint drones, if a Verislime drone fscks up and wiretaps the wrong guy, or (let's outsource everything :) if issues visas to dead hijackers, you can fire his monkey ass and replace him with someone competent.

      While I understand your concerns, I think this new approach could ultimately be a win-win for both law enforcement and the public.

      • We don't have the money (as a society) to hire enough agents or to pay 'em what they're worth. Gubmint jobs have therefore often tended to attract a lower-skilled (or they'd find work elsewhere) and more easily-corrupted (because they need the money) worker.
        Actually, that's part of the anglo-saxon mindset. The most prevalent anglo-saxon collective neurosis is not trusting the State/Government.

        Anglo-saxon elected officials are generally failed businessmen (because a successfull businessman would rather be skinned and boiled alive with minced onions (hold the anchovies, please) than be seen as part of Government).

        Unelected officials are those who are not/would not be successful in private entreprise; working for the government holds so much stigma that people of quality will seldom seek governmental jobs.

        So, by that corollary, government is performed haphazardly by people of dubious quality, because nothing else is available.

        Contrast this to France, where public service carries a lot of prestige, and the most prestigious schools are those designed to churn-out high-quality public officials. There, people of quality DO seek public jobs, and the results are there: a mixed government/private economic system where State entreprises are extremely competitive and innovative, even when they compete with private entreprises.

        Better yet, many civil servants jump into politics, and when they are elected, they come to parliament well-versed in the mechanics of the civil service, thus streamlining the legislative process as it comes better suited to the executive apparatus.

        Heck, France had the fastest trains in the world for more than 20 years, and those were designed and built by a goverment-owned entreprise!!!

        • "Contrast this to France, where public service carries a lot of prestige, and the most prestigious schools are those designed to churn-out high-quality public officials."

          And where the economy is perpetually in the crapper.

  • I dunno if I can call 900 numbers now that I know that the FBI might be listening!
  • The Irony (Score:4, Insightful)

    by DrXym ( 126579 ) on Tuesday June 04, 2002 @08:07AM (#3637510)
    It is ironic that one of the sleaziest, untrustworthy companies on the internet expects people to buy "trust" in the form of digital certification from them. I suggest people remember that next time they need a certificate and instead turn to one of their competitors.
    • People's memories are short. In about a year, I'll have probably forgotten about the disgraceful domain-slamming practise [theregister.co.uk] that VeriSign were sued over. Fortunately, Google has a very long memory when it comes to cached pages, so I always do a Google search on any company I plan to do business with beforehand. So perhaps the irony is that VeriSign is the hostname registrar for Google ;)
    • It is ironic that one of the sleaziest, untrustworthy companies on the internet expects people to buy "trust" in the form of digital certification from them. I suggest people remember that next time they need a certificate and instead turn to one of their competitors.

      Tried that, they bought the competitor, and the SEC and FTC didn't do a damned thing to stop them. In Australia the competition rules wouldn't have allowed this to happen so quickly, and the competition watchdog wouldn't allow it to happen at all. But the US authorities let it happen within the space of a couple of weeks.

      If you know of somebody not owned by Verisign who offers ActiveX and Netscape code signing certificates who has their root certificates in all major browsers, I'd switch again, but there doesn't appear to be such an animal. There are organisations that have the root certificates there, but they don't sell the code signing certificates.

  • Security (Score:2, Insightful)

    by mericet ( 550554 )
    That might be a good or bad thing, depending how you look at it:

    If any small telco needs to create a secure repository, some will not be as secure as others... and privacy might be more compromised that it should according to the wiretap order (i.e. hackers accessing the wiretapped phone calls...)

    OTOH, this is a kind of single point of failure I do not entirely like...

  • by Anonymous Coward
    The Patriot Act? That's great. The terrorists have won. Their purpose was to change our lives so we'd never be back to the way we were. We give them fame and glamour. A Patriot Act is just one more way we have proven how stupid we really are. The only way to beat the terrorists is to not let them phase us. Let's not talk about them, not care about them, and maybe they'll go away. Here we go, let's make some laws to restrict our own people. It's all bullshit.
    • The Patriot Act? That's great. The terrorists have won. Their purpose was to change our lives so we'd never be back to the way we were.

      Actually their purpose was to kill people.

      • Actually their purpose was to kill people.

        No, that was not their purpose, it was their means.
        If it had been the sole purpose, I bet that could have been arranged more easily. They have an issue/agenda to push, and killing these people was their way of getting attention. Or to get revenge, whatever. But the killing itself was not the purpose.
  • by xyzzy ( 10685 ) on Tuesday June 04, 2002 @08:13AM (#3637536) Homepage
    Why would Verisign get into such an unrelated business as this? They're not a telecom company! If CALEA-compliance is too expensive for the telcos, I can't believe that Verisign is better positioned. This is totally unrelated to their business model!
    • by signe ( 64498 ) on Tuesday June 04, 2002 @08:16AM (#3637554) Homepage
      Actually, Verisign recently acquired Illuminet, which is the largest independant carrier switching network. So they do have a pretty big investment in telecom that plays into this pretty well.

      -Todd
      • Oh,wild -- I had no idea. Yup, looking at their web site, they do tons of that stuff. It still doesn't seem central to their business (their OLD business) to me, but I suppose the fact that digital certificates weren't exactly leaping off the shelf, and the domain thing would eventually come to an end, they had to look elsewhere.
      • > Actually, Verisign recently acquired Illuminet, which is the largest independant carrier switching network. So they do have a pretty big investment in telecom that plays into this pretty well.

        I knew it was an Illumineti plot to take over the world!

  • Of course, this method works EXTREMELY well for us with broadband connections....
  • Worse than that (Score:1, Informative)

    by Anonymous Coward
    very low indeed

    In fact, even without the patriot act, state courts did not deny a single law enforcement request for a wiretap. Not a single one.
    --G
  • ...to help U.S. telecommunications carriers comply with wiretapping regulations that have gained more prominence since the attacks of Sept. 11.

    I prefer to see them as regulations that were pushed through legislation by taking advantage of public fears after Sept. 11. I'm from NYC and I hear the warnings every week and occassionally still hear military fighters and helicopters fly over my home, but that batch of regulations under the Patriot Act are nothing patriotic. I want terrorists caught just as much as anyone else. Some people had been pushing for more wiretapping freedom for years. They took advantage of our fears to slip these regulations through which give too much power to our government.
    • The sad bit is that the info coming out of the sessions up on the Hill tends to indicate that the FBI et. al. had all the data they needed to nab the hijackers, even as restricted as they were before USAPATRIOT was enacted.

      Tell me again why this crap is necessary to protect my "safety"? If I want to take the risk, can I opt out? *sigh*
  • One should think that the "professionel" criminals would be smarter than that. One should think that it was only small time dudes that would blabber away on the phone etc.
  • Ideally .... (Score:2, Insightful)

    by Tranvisor ( 250175 )
    Ideally this is good. Wiretaps are a needed part of law-enforcement. You have evidence against a suspect, you go to a judge, show him the evidence and he makes a informed decison on the matter. Wiretaps, traditionally, were pretty hard to get.

    The part where this breaks down is the recent Patriot act (damn I hate calling it that), where a FBI agent hands a judge a list of 5,000 names and says "I think that these people might be terrorists, gimme a wiretap."

    "Do you have any evidence Mr. FBI agent?"

    "What do you care Mr. Judge? US law says you have to let me spy on these people, even if I don't have any tangible evidence. Just don't mind my wife's name hidden in the list."

    "Ok, here's your signature." (Thinking to himself: Man I wish my job was more than fulfilling the function of a rubber stamp.)

    Without the aforementioned act, this would be semi-good news. With that act, more peoples privacy will now likely be senselessly violated. Oh, well.

    • Call me 'old-fashion' but I still Love My Country, and things like this..make me Fear My Government. I'm willing to be as patriotic as the next red-blooded American. But I still have -some- faith in the courts and in the judges out there to at least look twice at a wiretap or similar spy-order/request.

      Without the checks and ballances we've previously had in place, who will be in charge of oversight? Will there be any oversight? Who keeps track of whose wire we're tapping?

      Imagine the implications if you could convince your long-time friend over in the FBI/CIA/NSA/ETC that you need to have him plug in and give a listen to your political nemisis?

      Say, do you suppose the Secret Service is allowed these broad powers under this act? Could the President order them to wiretap someone, for little to no reason, without someone to keep a check and ballance in place?
      • "Without the checks and ballances we've previously had in place, who will be in charge of oversight? Will there be any oversight? Who keeps track of whose wire we're tapping?"

        And with the Senate holding up Judiciary confirmation hearings... There aren't enough judges in the Judicial branch to get their regular jobs done and provide said oversight. Convenient, neh? Notice that the Republicans stonewalled Clinton's nominees too. It's not a party thing... Congress as a whole has simply found a way to tip the balance firmly in its favor.
    • So what happens the first time a judge says "I don't think so" when one of these applications comes before him ? Do the FBI arrest him ? or do they appeal to a higher court ? - it just seems to me passing a law requiring a judge to grant a warrant in all cases without meeting any legal standard of proof is denying the judicial branch it's constitutional role in the government of the country.
  • Small country (Score:3, Interesting)

    by sofist ( 556213 ) on Tuesday June 04, 2002 @08:27AM (#3637602)
    That's whay I like to live in a small country and speaking a languange only 2 Million Popole speak - so come on FBI/CIA/NSA tap me, spend millions on translations and listen to all my boring phone calls to my girlfriend...
  • Now, Correct me if I'm wrong, but does verisign even offer a voice service?
    I havent seen a single thing on their site about offering a voice service.

    Would this be some sort of insight that their planning on offering some sort of VOIP service?

    Or perhaps their just letting big brother listen in on people calling to bitch about why their domain is suddenly under their control. *snicker*

    -Una
  • by Anonymous Coward
    This is how the Patriot Act is explained if you follow the link: Expanded Surveillance With Reduced Checks and Balances
    • But before you go and buy into that, you should consider the link you followed. Rather than posting a link to the text of the Patriot Act, a link was offered to a group that is strongly opposed to the Patriot Act so, of course, they are going to present you with a description of the act that isn't as wholesome as the US government wants you to believe. My quarrel with this is that the link text was simply "Patriot Act" - which implies that this watchdog organization's view of the Patriot Act is the only view. Don't get me wrong, I think the Patriot Act is a horrible piece of legislation that is trampling our freedoms and should be challenged and, eventually, overturned as unconstitutional but if a link is being provided with the text "Patriot Act", it should go to the text of the Patriot Act. Let's assume for a moment that most readers are intelligent enough to make their own informed decisions and don't need everything interpretted for them. That's my thought on this story.
  • Hmmmm.... (Score:2, Interesting)

    by Anonymous Coward
    I wonder how long until Verisign offers this "service" to the business community at large. PI's, security firms, stalkers, and identity thieves will be jumping at the chance to fork over money to them.
  • Ok, let me get this straight, they plan to route all voice calls from/to $TARGET thru verisign.. There's a lot of different phone / conference apps out there, which all use different ports, and most of the time ports are configurable. Presumably the fbi/cia/nsa/mib do not want their wiretaping so easely defeated, so they would want all trafic routed thru verisign right?

    So if you want to find out if you are being wiretaped, simply do a couple of traceroutes and see if you hit verisigns switches? It beats listening to clicking sounds in the background of the phone conversation i gues ;-)
    • So if you want to find out if you are being wiretaped, simply do a couple of traceroutes and see if you hit verisigns switches?

      Well, since the service is about tapping ordinary voice phone calls, you might have a hard time doing a traceroute.
      Has anyone ever heard someone being able to modulate the TTL of their voice? ;)

      If Verisign were to tap IP traffic as well, they would surely not alter it in any such way. They'd just copy the packet (at some intercept point), send it on its merry way, and have the copy sent to them.
  • by simpleguy ( 5686 ) on Tuesday June 04, 2002 @08:41AM (#3637665) Homepage

    Just replace $TARGET with $VICTIM and then re read the story. *shudder*

  • That when the Government screws up, its the citizens that get punished for the mistake? I couldn't believe last week that the FBI's solution to its screw up was to give itself new powers so they can make sure that I go to confession before taking a communion. Spying in churches? Is nothing sacred anymore!?!?
  • I cannot help but wonder how usefull the efforts put into this service is going to be over the next 3-5 years during the take-over of the world by broadband and IP telephony. With the dissapointing earnings produced by all the major telco's they are all putting a lot of effort into getting IP telephony going in order to boost sales.

    I must say this whole thing is going to let me think twice about that Verisign Certificate I bought which only I have the private key for ...

    I guess the moment we have our SSL encrypted, fully fledged PKI infrastructure based IP telephony system up and running Verisign will be selling our Private keys to the highest bidder!

    Now if you take that into account this is not all that far off the Business Model that Verisign has been following ...

    Maybe they are just one step ahead of the rest of the pack!
  • There are a number of commercial entities that provide these services, or at the very least turn-key systems that handle the information. Do you really think that law enforcement organizations can build their own from scratch? (Yeah, that's funny...imagine Sipowitz from NYPD Blue debugging!) The thing that made this newsworthy is that instead of some obscure firm that solely does LEO support and that 99.9% of the population has never heard of, it's a well-known company this time.
    • And that this self same well-known company happens to be in posession of the private keys of a large number of commercial servers.

      If they climbed into bed with the FED's, as it seems they already have, not even encrypted IP conversations will be safe.

      The way the world is changeing the next step will be ordering of wire taps on internet connections, even SSL ones, and this the government will only be able to do in conjunction with the only bunch with the key to unlock the conversations.

      It is pretty easy to tap into a SSL or IPSEC session if you have the private keys of both the individuals!
    • You should re-read the posting, dude...they're only doing voice wiretapping. I don't know about you, but I can't speak in IPSEC.
  • What if someone develops a way to encrypt all voice phone traffic in the US? Something like ssh for audio (I know that ssh is a bad analogy because of man-in-the-middle attacks). If all phone traffic was encrypted then wiretaps on random citizens wouldn't matter. Just like ssh for remote sessions and gpg for email. I understand the value of wiretaps for legitimate law enforcement, but when it evolves into a Big Brother watch-everyone-for-the-sake-of-the-children kind of thing, we have to fight back somehow.
  • I can see the banner ads now... get your tap in telecommunications! you can get wiretapping service at the number of your choice, (if it's not taken), free redirect, up to five POP email accounts, and up to four MB of webspace, all for the rock-bottom price of $70 for two years!
  • Don't blame Verisign, they're merely complying with tne new regulations as required.

    If you ask me, this wiretapping business is little more than a measure to make us feel safe at the expense of our privacy with little hope of actually capturing terrorists.

    Looking back to 9/11, the feds obviously don't have too much trouble getting a hold of our phone conversations. How do you think that all of those cell phone transcripts were made availabe so rapidly, or evan at all? Someone constantly has the record button on, regardless. We've all read in the news about just how close US agents actually were to these guys using only their previously available methods. Now the US agencies are looking for deniability so they blame "limitations" placed on them. The terrorists aren't stupid, and they obviously know better than to speak in more than vague terms when they are in the presence of a possible rat, including unencrypted communications on the internet and on the phone. They're not using this technology to catch anything but small fish.

    Personally, I'm not afraid of terrorists. I don't think they could ever launch an attack powerful enough to topple the institution that our belief (if hypocritically administered, looking at foreign policy) in individual rights and freedom stand for. What I am afraid of is our paranoid fear in terrorists destroying those rights that have made the free world great. Once our freedoms are gone, we may as well have let the terrorists kill every one of us. Death would be preferable to 1984.

    ~Ben
  • Does anyone have any idea how this would actually work? I've worked in telecom for several years, and in PKI for several years, and I really don't know how this could work from a technical stand.

    Anyone have any insight? The press release is mighty vague, as usual.

  • Let's all learn Navajo! After all if the Japanese can't break it during the whole pacific war....

    :)
  • I run the risk of getting hammered here, but I fail to see why this is such a big deal. For years the Feds and other authorities have gotten the wire-taps they needed. Technology progresses and so does their methods.

    I have absolutly NOTHING to hide from the feds. They can tap me all they want. They will hear phone sex with the girlfriend, Hey mom & dad how are ya to the parents, and damn did you see that chick in the corner lastnight to my friends...

    If it stops some jacka$$ from flying a plane into a building them listening to me talk here and there is a small price to pay.
  • I especially love the name, the Patriot [sic] Act. Bush is using the so-called war on terrorism to justify trampling over civil rights and expand federal powers to a ridiculous amount. The excuse they had their hands tied pre-911 is a load of crap. Look at the recent info about the 2 terrorists they knew were in this country for more than a year, both involved in the 911 act. They had the information, but the CIA/FBI screwed up, and their answer is to give themeselves more power, it's complete bs. What sickens me the most, is the idea questioning the government is unpatriotic. If it were, we'd all be British still. 911 was terrible obviously, but so is stripping away rights, sneaking by new federal powers, and making anyone who says "wait a minute Uncle Sam" seem like a traitor - isn't much better.
  • Become informed; read the CALEA standard (TIA/EIA- J-STD-025):

    http://216.239.35.100/search?q=cache:EOI2S1LqKLg C: ftp.tiaonline.org/TR-45/TR452/Incoming/EIA-J-STD-0 25.pdf+J-STD-025+pdf&hl=en

    Let's not forget that modem singalling is also able to be intercepted.
  • Locally we had at least one police department farming out their photo radar to a third-party. In essence, a non-police entity handing out tickets for speeding. It was challenged in court, and several thousand (pending) tickets were thrown out. I don't see much difference between this, and what Verisign is proposing.

    Overall, I'm not sure it's a good idea to have private companies assume responsibilities that belong to the government- especially where enforcement is concerned. It's just one more point of failure - if something goes wrong, it makes it that much easier to pass the blame.

    Is it just me, or does anyone else think that it would take a real stupid t3rr0rist to conduct business in any way that might be tracked so easily?
  • So the goverement allows anyone (within limits) to get a wiretap on any unsavory characters. It looks like to me that Al-quada won round 1 where Americans lose all their privacy from the goverment. The intention of Al-Quada was to get Americans so parinoid they use the goverment aginst themselves. 1st rule of terrorism is to use anything you can aginst your enemy--this includes the goverment. They won that round and there is no turning back as long as the pussys keep bending over. So whos going to bend over for round two?

    All this BS over some deaths in the lower east side of NYC? Keep in mind that Sep 11th didn't even make a stistical blip in the death rate in NYC since the first major cold of the winter will kill somewhere between 5 to 10 thousand elderly and wtc only has about 900 confirmed about about 1700 maybes. There have been over 3000 investigations and fraud arrest in NYC for WTC death fraud over this. Consider only about 50,000 people could have been in the area at the time. 3 out of 50 is a very high rate for any illegal activity.

    This may seem a bit callus but most of the people that have tried to rip me off in the last three years worked in those buildings. I don't have any problem with thouse assholes ending up jobless or even dead. I've got names of 8 jerks that were involed with things like over billing fraud, insurance frand and loan fraud that had addresses as 1 WTC or 2 WTC.

    What does bother me is how Americans are bending over and getting screwed in the name of anti-buzworrd of the year. Does anyone remember the concepts that created America? Is histroy that forgotten? Much worse things have happened but can the average American name even one? I suspect not.
  • by Animats ( 122034 ) on Tuesday June 04, 2002 @11:55AM (#3638878) Homepage
    Verisign owns Illuminet [illuminet.com], which runs the routing backbone for the US phone system, called Signalling System 7 (SS7). This gives them enormous power over the phone system.

    For example, one commonly used feature is "Internet Offload". This replaces ISP modem pools. When you dial up an ISP's "dial-in number", what may actually happen is that the call gets diverted to a unit in your local central office which performs the modem/POP function and forwards the data as IP messages.

    The SS7 system has the database that determines when this happens. Every call today goes out to the SS7 network and its databases to determine where it goes. Thus, control of the SS7 network allows calls to be diverted to wiretapping access points.

    I'm surprised that the telcos put up with Verisign having a monopoly in this area.

  • Now they can use their popups as blackmail, anyone who closes them without clicking the ad can be labeled as a terrorist...
  • I've long wondered about Verisign. Any organization that controls most of the digital certificate and domain name registrations as well as buying up commercial PGP have a little more power than I'm thrilled with, but Verisign has something more... they've managed to land some awesome deals with the US government and have done so seemingly without significant competition. Why?

    If I'd suggested yesterday that Verisign was going to get into the wiretapping business, I would likely have been laughed at. Well, it's not a laughing matter any longer. What's next? Ever wonder who else Verisign gives your certificates to?

    Bah! Ignore all of that. There's one and only one reason that you should never do business with Verisign. Their customer support is some of the worst in the world, and that's a challenge. Just call them sometime and try to get an HST record removed... you'll know fear, then you will know pain and then you will wish you were dead to badly paraphrase Babylon 5.
  • Now the government can listen to me telling telemarketers to go fuck themselves.

You know you've landed gear-up when it takes full power to taxi.

Working...