On Sun, 18 Jan 2004, Steven M. Bellovin wrote:
In message <g3zncl5h0f.fsf@sa.vix.com>, Paul Vixie writes:
i'm fairly sure that this is what law enforcement uses for wiretap warrants.
I believe you're correct. In fact, I first learned of these devices from government documents during the Carnivore discussions a few years ago.
Lots of people seem to be making the assumption that all networks work the same way or everyone wants the same data. Tapping an OC192 SONET circuit is expensive, but relatively straightforward. Tapping a V.92 analog modem is expensive and not straightforward. Tapping WiFi-to-WiFi traffic is cheap, but only if you are local. A sniffer on an upstream switch won't see the traffic below a network access point. But a Title III warrant for "full content" is relatively difficult to obtain in the US. The public reports filed with the courts show a small percentage of wiretaps require full content. What's also interesting is if you read the various public submissions to many different working groups since the Carnivore discussions a few years a go, you'll notice a dramatic re-definition of more and more data as "call identification information" instead of "content." The public proposals also seems to be somewhat arbitrary which provider gets "tasked" with collecting the wiretap data. Should the first mile or last mile or middle mile provider be tasked with isolating call identification information and decoding it? So what is the best way to wiretap a target using public WiFi hotspots connected through multiple wholesale providers and service providers to collect call identificaiton information to call identification information about who the target is communicating with through multiple application protocols including Webmail, IM and massively multi-player role playing games.