Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Privacy United States Your Rights Online

Cisco Support for Lawful Intercept In IP Networks 328

cf_33073 writes "Scary stuff for the privacy advocates out there. Your Internet telephone conversations may soon be tapped by the government. Anyone else concerned about these intercepts being hacked? Full text of the RFC Is available (mirror)"
This discussion has been archived. No new comments can be posted.

Cisco Support for Lawful Intercept In IP Networks

Comments Filter:
  • by phuturephunk ( 617641 ) on Wednesday April 16, 2003 @08:20PM (#5748218)
    William Gibson future HERE WE COME!!..
  • by Anonymous Coward on Wednesday April 16, 2003 @08:21PM (#5748219)
    does this mean that I'll have to start purchasing technology from other countries to keep my own government from snooping on me?
    • by Anonymous Coward
      didn't Cisco sell China some equipment that allowed for some 'monitoring' already?

      People will vote with their dollars...I wouldn't worry about it too terribly much. Behold, the glory of capitalism.

      Now seriously...pop a prozac and move along. Not much to see here, as with most /. postings.
  • by Anonymous Coward on Wednesday April 16, 2003 @08:21PM (#5748221)
    All packets are freely available to the fed. No special intercept equipment required. Decryption may be a different story.

    • Crypto is your friend..

    • by ronaldcromwell ( 596642 ) on Wednesday April 16, 2003 @10:13PM (#5748687) Homepage
      Is Crypto getting secure to the point that we don't have to worry about anyone decrypting our communications? As open-source solutions become more and more viable, will networks like Freenet set the standard in the future for those of us who actually give a rip about privacy? Are we doomed, or is there a light at the end of the tunnel?
    • by Tuxinatorium ( 463682 ) on Wednesday April 16, 2003 @10:14PM (#5748697) Homepage
      That is a lie. There are no such things as "packets". They are a fabrication of the American news media. These so-called "1"s and "0"s are committing suicide at the logic gates as we speak. Praise be to Allah!
    • by 1u3hr ( 530656 ) on Wednesday April 16, 2003 @10:47PM (#5748811)
      Encryption is useless if your keys are compromised. From the RFC:
      * If the information being intercepted is encrypted by the service provider and the service provider has access to the keys, then the information MUST be decrypted before delivery to the LEA or the encryption keys MUST be passed to the Law Enforcement Agency to allow them to decrypt the information.....

      * Content Encryption: If the intercept content is encrypted and the service provider has access to the encryption keys (e.g., receives keys in Session Description Protocol for Voice over IP), then the keys can be sent via IRI. It is, however, possible for end-users to exchange keys by some other means without any knowledge of the service provider in which case the service provider will not be able to provide the keys.

  • Encryption (Score:5, Informative)

    by StillAnonymous ( 595680 ) on Wednesday April 16, 2003 @08:23PM (#5748229)
    Since the connection is digital, it shouldn't be tough to add a layer of encryption onto your conversation. Let 'em monitor scrambled data.
    • Re:Encryption (Score:3, Interesting)

      by colenski ( 552404 )
      Read your Cryptonomicon. Sometimes, knowing that a conversation took place can yield information as well.
      • sure. (Score:3, Interesting)

        by Erris ( 531066 )

        ... knowing that a conversation took place can yield information as well.

        So? run and use an anoymizer. Works the same way for TCP/IP connections, no? If you don't know your host number the packets can't find the host. If your host does not know your IP, the reply can't find it's way back. No need for the data to be voice over IP.

        In the imortal works of Khan, "Let them eat static."

        • Re:sure. (Score:4, Insightful)

          by ConsumedByTV ( 243497 ) on Wednesday April 16, 2003 @09:55PM (#5748616) Homepage
          I agree with you, but it's hard to contact a party under watch without causing a stir doing that.

          Both parties need to be anonymous.

          If you read deeper in cryptonomicon you will remember the idea about constant noise being better than burst traffic.
    • by jo42 ( 227475 )
      Use coded conversations, something like "I tell you, there are NO Americans in Baghdad!", which really meant there are Americans in Baghdad and you had better run and hide.
  • Long time coming (Score:2, Interesting)

    by Anonymous Coward
    CALEA (http://www.fcc.gov/calea/) is something that has been in the works for quite some time. Interesting reading if you are a privacy person. Oh, the days of Fiderus.....
  • by anon*127.0.0.1 ( 637224 ) <slashdot AT baudkarma DOT com> on Wednesday April 16, 2003 @08:25PM (#5748248) Journal
    I'm sure the security experts are much smarter then the hackers.

  • I'm more concerned over the rash of unauthorized charges on one of my credit cards over the last two weeks...

    I'm seeing an unabated string of charges that appear to be 'internet phone' related. $30 here....$50 there.

    I had one c'card number discontinued last Dec., over a string of eBay charges I didn't make, and now this. Anything that can help control this kind of abuse is ok by me...at least for now.
    • You're just bleeding troll juice, but I'll bite. First, you not responsible for unauthorized activity on your CCs (call company, dispute charge, end of story). Second, if any card numbers were to be "stolen" from you, it is extremely improbable that they were sniffed off the wire; more than likely they were discovered on one of your pieces of litter, i.e. receipts. Third, if you want to give up your right to privacy for negating some petty inconveniences, I promise you that I'll hire you a maid/bodyguard if
      • Funny stuff.

        First, you not responsible for unauthorized activity on your CCs (call company, dispute charge, end of story).

        Royal PITA, especially when it's an ongoing thing.

        if you want to give up your right to privacy for negating some petty inconveniences [...]

        That's not what he's saying. His problems are more pressing to him than the feds tapping his potential internet phone, that's all.

    • Anyone who would give up essential freedom for a little bit of security deserves neither.
      • Anyone who would give up essential freedom for a little bit of security deserves neither.

        The kind of person who would make a statement like this is the kind of person who has never faced death at the hands of another. I and many others have.

        The most essential freedom is the freedom to live. The only question is how best to guarantee that most essential freedom of all, without unduly affecting other, less essential freedoms (yes, I'm sorry, but not all freedoms are created equal). Now, sometimes yo
        • The kind of person who would make a statement like this is the kind of person who has never faced death at the hands of another.

          Actually, one of the founding father's said that (I believe Benjamin Franklin). The founding father's obviously faced death at the hands of others (e.g., war for independence), so shut your cakehole.

          And I think the point was that security and freedom aren't mutually exclusive. It is only lazy people who hate freedom that want to try to convince you that they are.
        • The kind of person who would make a statement like this is the kind of person who has never faced death at the hands of another. I and many others have.

          And the kind of person who would reply like that is the kind who has never faced slavery at the hands of another. Or at least never bothered to notice.

          Personal security is a very important thing, but likewise it is a very personal thing. When someone else claims the power to provide all your security and all they ask is that you also let them decide wh

        • Evolve (Score:3, Insightful)

          Scatterbrained. Maxim 1. If it is true, it is true at the extremes. If it is not true at the extremes, it simply is not true.

          You face the possibility of death at the hands of another just crossing the street. Do we embeded GPS systems on every vehicle and on every person with some override system overlooking it? And what if that system fails? Well, another system overlooking that system, ad nausem until the entire world is focused on your safety.

          Or we could trust you to look both ways before crossing the
    • I had a similar problem with several $9.95 charges appearing on my bill from various national ISPs every month. I am about 95% certain that my number was abused by some random pricewatch vendor. Anyway, upon calling earthlink to cancel the service that I never signed up for, the person on the otherside of the phone line informed me, "I'm sorry I can't cancel your service, your name is not in our database." After alot of trouble and having to refuse to give them my SSN I was able to cancel the service.

      Anwa

    • Anything that can help control this kind of abuse is ok by me...at least for now.

      Don't use credit cards if you don't like what happens when you do. That's OK by me. You giving the feds permision to tap into my phone line without a warrent? Not OK.

      • Re:Anything huh? (Score:2, Informative)

        by araemo ( 603185 )
        It says "Lawfull" intercept.. that implies they have a warrant.

        Yeah.. I know that making it digital just makes abuse of it easier, but stop complaining and go make sure the privacy watchdog groups know about it, and help them make sure there are proper checks in place.
    • Hell, I've used my credit card on the 'net, over the phone and in person around Australia, Asia and South America. Never had a problem.

      Of course, the fact that my card was almost perpetually over the limit *may* have had something to do with it :)
  • Didn't already support this on their routers sold in China?
  • by account_deleted ( 4530225 ) on Wednesday April 16, 2003 @08:27PM (#5748258)
    Comment removed based on user account deletion
  • by Renraku ( 518261 ) on Wednesday April 16, 2003 @08:27PM (#5748259) Homepage
    Add a layer of encryptation to your packets. The government won't like having to waste extra time decoding your Slashdot traffic, so they'll just make it against the DMCA to encrypt your packets.

    Eventually, internet traffic today will be like people traffic. I'm sure if I wore a big cloak and walked down the street, the police would be nervous of 'what I'm hiding under there' and might be so inclined to ask me about it.

    While its legal to carry a concealed weapon if you have a licence, most people don't bother. So criminals and police alike can see that people aren't hiding a rocket launcher on their person or trying to move their crate of coccaine.
    • In arizona, the you don't need a special license (unless the law has since changed)::::

      okay, back on topic, I will go to a Gary Larson cartoon for inspiration. In it, the general sez "but what if we had a war and everbody came?" (hold on, i'll make it relavent) Now, if a great percentage of people used the encryption, and a majority were using it just for privacy (not to hide illegal stuff), then they couldn't possibley monitor everyone, or have reason to be suspicios. After all, if everyone wore a large t
    • Except that computers _can_ scan all the traffic, and there are IDS systems that can flag transactions that the user doesn't like. Which translates into the gov't looking you up when you discuss stuff _they_ don't want the citizenry talking about.

      The next step is to delete the traffic, then park a black van outside your house for two weeks, then to "disappear" you. It already happenned to the guy from Intel. I can't wait for it to happen to me.
    • I'm sure if I wore a big cloak and walked down the street, the police would be nervous of 'what I'm hiding under there' and might be so inclined to ask me about it.

      Most people are scared shitless of asking me what I'm hiding under my cloak/clothes - most have to do a SAN check at the meer thought of seeing me without clothing! :)
    • Yep, the only people that register their guns/carry concealed with a license are those that are the law abiding citizens.

      Thus making a 'concealed weapons permit' completely pointless and self defeating - just like gun registration. It helps nobody but the gov't in controling your life and gathering information on you.
  • this isn't an rfc (Score:5, Insightful)

    by keithmoore ( 106078 ) on Wednesday April 16, 2003 @08:28PM (#5748260) Homepage
    it's just a draft by one guy. anybody can submit a draft. it doesn't mean anything in terms of IETF approval. however since it purports it might eventually get published as an Informational document (not a standard).

    if you think this is a transparent attempt to get IETF to appear to endorse a heinous activity (as I do) then you might want to write the IESG and/or the RFC Editor (as I intend to) and object to such publication. in order to avoid flooding their normal mailboxes, perhaps someone would like to set up a mailing list?

    when governments think they have the right to kill thousands of people with scant justification, the last thing we need is to help them standardize on surveillance technologies.
    • Re:this isn't an rfc (Score:3, Interesting)

      by adri ( 173121 )
      If the IP world standardises on interception technologies then we'll have some idea of how to thwart it.

      Bring it on. I know you're doing it anyway. Bring it on, let people see what you're doing, let privacy advocates explain to the general public that yes, major internet equipment supports sniffing their traffic, look here for the standard and bewm! Maybe you'll get some sympathy.

      I've tried explaining to lay people (non-technical friends) what can be done with todays technology and they look at me dumbfou
    • if you think this is a transparent attempt to get IETF to appear to endorse a heinous activity

      The IETF basically told the FBI to bugger off with regards to working CALEA into standards a long time ago. One lawyer who handles CALEA related cases doesn't seem to think this was a good idea, though;

      "The IETF's long-ago refusal to consider this issue was hailed as a civil
      liberties victory at the time. In fact, it has had the ironic effect of
      making it more likely that wiretap solutions will be proprietary and
      d

  • by patbob ( 533364 ) on Wednesday April 16, 2003 @08:29PM (#5748265)
    Let's see if I have this right.. you broadcast your packets on a public network where you already assume anyone can potentially get access to them, then you worry about what happens when the government steps in and asks to receive a copy of those packets?

    Like what, the government isn't already part of "anybody"?

    I'm far more worried about entities that are not part of the government getting a copy of my packets. Flawed though their procedures, checks and balances may be, at least the government folks have some. What procedures, checks and balances are on the criminals?

    • Let's see if I have this right.. you broadcast your packets on a public network where you already assume anyone can potentially get access to them, then you worry about what happens when the government steps in and asks to receive a copy of those packets?

      Just because they can do it, or even if they do it, doesn't mean that it is necessary lawful for them to do it. It may be considered a form of wiretapping, but it would be for the court to decide; I'm not aware of any case law on this.

      Like what, the gov

      • We elect "somebody", not "anybody"; if they start acting like they're anybody, then they're history in the long term in any true democracy.

        That's a nice turn of a phrase, but may I suggest a little touch-up:

        We elect "somebodies", not "anybodies"; in any true democracy if the elected "somebodies" start acting like they're "anybodies", then they'll become "nobodies" in no time.

    • Like what, the government isn't already part of "anybody"?

      Nope, they are not. You have authorized the govenment to do certian things with the tax monies you give them willingly. It will be a sorry day when you authorize the government to spend money on equpment and manpower required to listen in on that public network. What do you want your govenment to do for you? Listen to your kid sister whine about NStink? I like that people go to jail for wiretaps and consider that a reasonable check on that kin

    • by netwiz ( 33291 ) on Wednesday April 16, 2003 @09:47PM (#5748578) Homepage
      Not really. You don't actually broadcast packets, even at layer 2. In every case, there's a specific destination to the frame. It's like the gov't spying on your mail by opening them all in the post office. And while yes, they can do this, it requires a court order and probably cause to do so (someone back me up, I'm not actually certain of this fact).

      As for private entities, packet capture is a time consuming task to perform constantly. I know for a fact that the ISP at which I work moves about a terabyte a day thru the network I maintain. It's not cost-effective (and there's not really any juicy stuff to be garnered), so they (corporations) won't do it.

      Plus, the litigious backlash should ISPs start doing this of their own volition would be prohibitively expensive.
  • or so i would assume. After all, phones started out as a relatively private and secure method of communication. (don't tell, i already know that the phone company Bell has used interception techniques since WW2 [IIRC], i'm talking about joe six-pack here). So, now it's a process of time that dictates that your nice "safe" network gets interception put to it. I am not all that happy about it. In fact, I'm rather mad. But, hey, it was bound to happen.

    Here's a toast to inevitability. or better put:
    "Hear that
  • by MntlChaos ( 602380 ) on Wednesday April 16, 2003 @08:30PM (#5748279)
    First off, this is not an RFC, but an internet-draft. This means that its put out but subject to change.

    Second, this is not giving governments any new authority. The only thing this is doing is defining a specific way for the data to be collected and sent, along with standards for any implementation of this (for instance that it has to be on the typical route, not on user-owned equipment, etc)

    One thing that DID worry me is that if your ISP can find out the key for a secure session, then they give decrypted information to the government
  • Hmm.. (Score:4, Interesting)

    by stevezero ( 620090 ) on Wednesday April 16, 2003 @08:30PM (#5748281)
    "* If the information being intercepted is encrypted by the
    intercept subject and its associate and the service provider has
    access to the keys, then the service provider MAY deliver the
    keys to the LEA. "

    So, this should be interesting. Does this mean that if the ISP can "get" access to the keys, they can, or does this mean that if the ISP happen to have your PGP/GPG keys they can use them?

    " * Maintenance & Management: The lawful intercept solution
    SHOULD minimally interfere with normal maintenance and
    management procedures. "

    Now I'm not a TCP/IP expert, but how can they say that something this intrusive into a large-bandwith activity (which I understand VoIP is), be limited to "minimally interfere"...in addition, I'm concerned that if someone has one of these attached to him/her/it (through a roving wiretap via the Patriot Act) how that would really work. Theoretically, the scope of the search could be all internet traffic over a huge area if the LEA can show that a person has sometime in the past used it.

    In addition, despite the Patriot Act and it's horrors, I don't know if this will hold up under the Fourth Amendment, (see Berger v. New York 388US41) I'm wondering if this would be construed as "outside the scope" of a ordinary wiretap/search.

  • by Gothmolly ( 148874 ) on Wednesday April 16, 2003 @08:30PM (#5748282)
    Then only outlaws will use encryption. Feel free to encrypt folks, try the opportunistic encryption [freeswan.org] with all your friends. Guess what, Uncle Sam (that's the U.S. Gov't for all your foreigners) will just break it anyway [securityfocus.com]. 1 Billion USD, the cost to break 1024bit RSA, is peanuts.

    Your best bet? One-time keys, burned to a CDROM, and make a copy that you and your friend share. Make sure you use a good random number generator, not some crappy rand() function or even /dev/random. I'm talking true random values, perhaps generated by radioactive decay [fourmilab.ch] or some other similar trick.
    • The cost and requirements increase exponentially when you increase the bit length.
    • 1 Billion USD, the cost to break 1024bit RSA, is peanuts.

      No, most cases would not warrant $2k of cray time - much less a billion. Rather than crack your massive key cipher, they would just stick a keyboard dongle or a camera above your keyboard to snag your pass phrase. Most folk's personal stash of pr0n is not worth even that... If you had anything worth a billion dollars, what makes you think someone would not remove family members, toenails, digits, etc. until you told them the key?

      Just using any e
    • uses random data derived from the various peripherals of the computer. It's slower than /dev/random, but gets the job done.
    • Let me just be the first to announce publicly, that for a billion dollars, I'll tell you *anything* you want to know about me, including the combination of my luggage. Unfortunately, I fear the spammers would overwhelm me with penis enlargement ads if they found out the embarassing truth.
  • by Anonymous Coward on Wednesday April 16, 2003 @08:33PM (#5748300)
    Don't kid yourself, if September 11 2001 didn't happen, then the current government would have no collective trauma [wikipedia.org] to exploit and introduce all these restrictions of freedom and a total violation of privacy. Only in Nazi, Communist countries do laws say, "well if you got nothing to hide then we can walse into your house uninvited".

    Ever since September 11 2001, the hawks and zionists have been laughing in these joyous times. We've seen a complete restriction in our own freedoms, yet they preach to have brought freedom and liberation to Iraq although the place is in total anarchy. Who takes out the garbage, makes the trains run on time, runs the police, fire service, runs the hospitals? Currently nobody and it will be this way for a while.

    In case you're wondering if Syria _is next, it is, and then it's the Palestinians and last of all the Osama Bin Laden. This should all have occured in time for the next election, sometime next year. This was expressed in a letter to the president on September 20 2001 by 25 hawks and zionists that have hijacked the whitehouse.

    [newamericancentury.org]
    Letter to President Bush

    Of course the saddest thing about this letter is that the people who are supposed to be protecting the american people and going after the perpetrators of September 11 seized it as an opportunity to fulfill their personal agendas. This is indeed a slap in the face to the victims and their families and to humanity.

  • by Geekenstein ( 199041 ) on Wednesday April 16, 2003 @08:33PM (#5748301)
    But I have to say it. For anyone who isn't a Montana militia, I hate everything law type, this isn't really a bad thing if proper judicial controls are instituted.

    We do have an amendment to the constitution that protects against random search and seizure. Frankly, if law enforcement can give enough evidence to an informed judge that the party in question needs to be monitored in connection to a criminal offense, more power to them.

    If you really think your geeky attempts at phone sex with some hot level 5,000,000 elf from EverQuest with a +50 con dildo are worth protecting from the evil shadow government, please encrypt!

    Oh, and to head off all the "But the PATRIOT Act.." replies I'm sure to get, I firmly believe that its wire tap provisions are too ambiguous and when truly challenged in the Supreme Court, it will be shot down. Amazing how the whole checks and balances thing works, isn't it?
    • ... the whole checks and balances thing works. When the Supreme Court does strike it down, I'll be amazed right along with you.
    • ...countless lives get ruined while the wheels of justice turn, slow year by slow year. But since Order, and not Chaos, causes the harm, it is quite alright! We kill civilians to make the world a better place -- it's for progress, it wasn't intentional, so it's not criminal!

      If you really think your geeky attempts at phone sex with some hot level 5,000,000 elf from EverQuest with a +50 con dildo are worth protecting from the evil shadow government, please encrypt!
      As amusing as your example may be, repeat

  • by Anonymous Coward
    I've got a vonage phone, which uses cisco hardware. (I've seen vonage ads on slashdot, and thought, hmm... they're hip to slashdot, must be good! :-) )

    The first question I asked was about encryption, the response was that "any POTS line can be tapped, so it's just as secure". (yea, right..)

    I doubt they'll ever support encryption, but I wish they would.

    The present age seems really quite spooky, does anyone remember the MacArthy(sp) days? I'm curious to hear if the general atmosphere today is similiar to t
    • I did some research on McCarthy a while ago... the atmosphere today isn't nearly as bad as it was in his day. If it was, you'd probably be put on trial before the House Un-American Activities Committee (HUAC) - which was exempt from the requirement of due process - just for talking negatively about monitoring technologies, and your employer would likely fire you. I guess it's true that heightened fear of terrorism since September 11th has made US citizens a little more agreeable to legislation like the Patr
    • I've spoken with some upper-level engineers at Vonage. They sell more of Cisco's ATA 186's than ANYONE else. Because of this, they dictate a lot of the hardware and software design/changes in the product to Cisco. You'd be surprised how responsive their upper-level techs are. They are definitely looking for new ideas and ways to improve their service.

      More specifically, the tech said that the current hardware in the ATA's is insufficient for doing hardware encryption and that they are looking at a new modif
  • by Guppy06 ( 410832 ) on Wednesday April 16, 2003 @08:44PM (#5748345)
    "Your Internet telephone conversations may soon be tapped by the government."

    Note the lack of the phrase "without a warrant" in this sentence. The RFC talks about "lawful intercept," which means they'd need a warrant before they're allowed to do it legally.

    You don't say "without a warrant." The RFC doesn't say "without a warrant." You think maybe we can save our kneejerk reactions for something [slashdot.org] more [slashdot.org] worthy [slashdot.org]?
  • by Fritz Benwalla ( 539483 ) <randomregs@gma[ ]com ['il.' in gap]> on Wednesday April 16, 2003 @08:51PM (#5748365)

    Of course I'm concerned that they will be hacked. . .Which is why I advocate that the design of these intercepts be standardized and subject to a public RFC process.

    *Of course* we need a mechanism for *lawful* intercepts in this society. Some capability to (shall I say it again) *lawfully* monitor bad guys on the Internet is necessary to protect the rest of us, just as it exists in every other medium including human conversation. What I'm much more concerned about is half-wit J. Edgar Hoover wanna-bes who take an ad-hoc approach to collecting information, not giving a dump about collateral damage, and coyly taking an unregulated look at any other network traffic that "just happens" to get caught in their filters.

    I suggest that this RFC is just the right way to go about it:

    1. Publicly design a logical box that does what we need it to do and no more.
    2. Force the authorities to stay inside that box.
    3. Hand them their ass if they're caught outside the box.

    As for the /. write-up, it's just (increasingly common around here) ill-informed, let's-go-occupy-the-provost's-office hyperbole.

    What the privacy movement needs are intellectuals who can process enough complex facts to actually aid in the effort to balance a society that needs to be both free and safe. Automatically shouting "free!" when someone shouts "safe!" or "safe!" when someone shouts "free!" is not a useful debate. It's not even a good start.

    -----

  • by Cokelee ( 585232 ) on Wednesday April 16, 2003 @08:53PM (#5748376)

    Ahem,

    When I am able to have any degree of privacy (short of living in a bomb shelter) would someone please notify me--contact information below.

    Roger Hammond
    164 Rochester Ln
    Tucson, AZ 8546
    U.S.A.

    Phone:(520)791-4544
    Fax: (520)791-4124
    Email: rhammond64@excite.com [mailto]
    AIM/MSN/Yahoo!: rhammond64
    My Server: rhammond.org [rhammond.org]

    I also post here [circleoflegends.org] quite often.

    Thank you,
    R.E.G. [good thing I didn't tell 'em my middle name]


    FEARLESS AND STUPID

  • by sstory ( 538486 )
    I'd hate for the well-established need for law enforcement to be able to tap phones with a warrant to be thwarted by this sort of technical implementation detail.

    Note to flamers: I belong to, and contribute to, the ACLU, so weigh in with a little more than "You don't care about keepin gummint off my back..." please.

  • by Anonymous Coward on Wednesday April 16, 2003 @09:10PM (#5748443)
    Many of the comments in response to this story demonstrate that the posters have neither read the referenced RFC nor understand the problem it is trying to solve. I'll restate it for the stupid or perpetually lazy among you (i.e. most of you who've responded so far):

    Telecommunications companies in many countries must by law provide "assistance to law enforcement" on occasion. Note: in many countries, not just the United States. This assistance has traditionally been in the form of providing call intercept and tracing on voice networks. Some governments in many countries now want to do the same thing for data packets, but moreover, when data networks are used to emulate "traditional" voice services, the existing laws already apply. Just because your ISP's telecom backbone runs over ATM or IP doesn't mean that they're off the hook when it comes to lawful intercept and emergency services (e.g. E911) regulations. When voice is extended to "the edge" in packet form, little changes in that regard.

    Now, that said, this RFC proposes an architecture to support tapping data (and any application layer-services that run on it, e.g. voice) in a uniform and scalable manner. Whether you like the idea of tapping or not is immaterial and irrelevant. Service providers must obey the law. If they cannot, they go out of business, or in some cases, never get off the ground. And make no mistake; this RFC is no more about "voice" than any other data service; it describes some of the special problems with enabling the enforcement of existing wiretap laws for packet voice, yet the aim of the RFC is to solve the general problem.

    The architecture proposed makes no assumptions about the use of encryption except that no assumptions can be made about the use of encryption; i.e. deliver "tapped" packets to the LEA as packets, not transcoded or decoded into some other format.
  • This is a true story.

    My friend make a long distance call to me and at some point he jokingly said he'll "boom my ass". Just that. A moment later he excused himself and got the door only to be greeted by Government agents.

    This sounds like a sick /. joke and I could never imagine it'd really happen. My friend was questioned and released but he was very pissed, questioning their ground of tapping, and his civil right. He even thought of file a racial discrimination suit(he's an American Chinese) but I sugg
  • by CSG_SurferDude ( 96615 ) <wedaa.wedaa@com> on Wednesday April 16, 2003 @09:18PM (#5748484) Homepage Journal

    Now I KNOW somebody changed the /. calendar on me. We're only supposed to bash Cisco
    ON THE SECOND AND FOURTH THURSDAYS

    and this is Wednesday in the U.S., and not even the right week count.

    Can somebody please point me to the revised /. Love|Hate calendar so I can get with the program?


  • This isn't necessarily scary for the privacy advocates. It's just another battle, and not a surprising decision based on recent trends.
    The people that should really be scared are those that use this technology, privacy advocate or not.
  • First off, I wish the author/poster had pointed out that this is a _draft_ and that it has not been published.

    Anyways, what is so scary about this? Any ISP between any two hosts that are transmitting packets to one another could intercept those packets, and they always could.

    I'm sure you all know that what is being described could probably be accomplished by a *nix box running tcpdump if it receives copies of all the packets. However, I don't think very much high-end telco/ISP equipment was really desig
    • However, I don't think very much high-end telco/ISP equipment was really designed to duplicate packets to someone other than the intended recipient

      I'm not much of a network guy, but in cisco lingo it is called "port span" which will echo the packet set to or from a port TO ANOTHER PORT. Just hook up a sniffer to the "spanned" port and you can listen to all the packets.

      ISPs do this for their _secret_ monitoring / gov't-email-spying stuff. ISPs do it to find why they are having a network problem by moni
  • Homeland Security (Score:2, Insightful)

    by dbCooper0 ( 398528 )
    What strikes me as odd (after briskly scanning through the RFC) is at the end of page 3:

    Because of the requirement to limit accessibility to authorized personnel, as well as the requirement that LEA's not know about each other, this interface must be strictly controlled.

    Isn't the Homeland Security Administration supposed to coordinate knowledge between (L)aw (E)nforcement (A)gencies?

    WTF?

  • If it's lawful and legal, then it must obviously be right, right?
  • by fobbman ( 131816 ) on Wednesday April 16, 2003 @10:14PM (#5748693) Homepage
    I speak ROT13 fluently.

  • by nate.sammons ( 22484 ) on Wednesday April 16, 2003 @10:30PM (#5748754) Homepage
    This ad [sybase-ads.com] from Sybase has information about a "compliance solution" for customers complying with the new USA PATRIOT Act [eff.org].

    From their ad:
    "It integrates your existing customer and transaction information systems into a consolidated compliance system that detects unusual activity and automates its investigation and resolution in a timely, secure and meticulously documented manner."

    Yikes.
  • Strikes me that this would already have been doable...configure the router to multicast packets from your source IP to the destination IP as well as to the government listening address...
  • by FuzzyBad-Mofo ( 184327 ) <fuzzybadNO@SPAMgmail.com> on Wednesday April 16, 2003 @11:10PM (#5748897)

    .. does this mean Cisco will honor the evil bit?

  • Oh, I dunno... (Score:4, Interesting)

    by KC7GR ( 473279 ) on Wednesday April 16, 2003 @11:18PM (#5748946) Homepage Journal
    Seems to me that VOIP transmissions could be pretty easily encrypted, just like E-mail can be with PGP. In fact, it's easier to encrypt digital traffic than it is any analog device (think POTS phones).

  • by TerryAtWork ( 598364 ) <research@aceretail.com> on Thursday April 17, 2003 @06:24AM (#5750079)
    Listen - with a cheap pentium, two NICs and OpenBSD you can do stuff no $50,000 Cisco machine can do.

    PLUS you can encrypt it out the wazoo.

    ONCE WE GET A GRIP they can intercept all they want, for all the good it will do them.

  • Comment removed (Score:3, Insightful)

    by account_deleted ( 4530225 ) on Thursday April 17, 2003 @08:13AM (#5750574)
    Comment removed based on user account deletion
  • by RobertNotBob ( 597987 ) on Thursday April 17, 2003 @10:02AM (#5751442)
    As a geek in the telecom world I have seen the large difference in regulations when it comes to intercepting data vs. voice communications. Here in the USA, judges have known since the creation of our country that speach needs to be protected. However since the dawn of the digital age, the extent to which that protection extends to data has been passionately debated.

    I would be very pleased to see legislation that clearly identifies data communication as identical to verbal communication. After reading the document, I think that this (or something close to it) may be exactly what is needed to put a legitimate legal framework around this topic. The more we can make the technical process of LI (lawfull intercept... you did RTA right?) more like the technical process of wire tapping, the easier it will be to approximate the two in the minds of the people who make, judge and execute the law.

We are each entitled to our own opinion, but no one is entitled to his own facts. -- Patrick Moynihan

Working...