On 12/9/2010 12:31 PM, Michael Smith wrote:
How is "what to block" identified? ...by content key words? ..traffic profiles / signatures? Deny all, unless flow (addresses/protocol/port) is pre-approved / registered?
CALEA doesn't provide block. It provides full data dumps to the authorities. It's up to them to analyze, prove illegality, and seek warrants. A single CALEA tap on a bot, for example, could provide the government with a bot controller, or with details of what a specific bot is doing. A tap on the controller itself could show the large number of bots and their location, or provide the next step in backtracking the connection to the person using the controller. On and On. Is it ideal? No. Is it possible to do within current law, until it crosses international boundaries, but even then there is some amount of recourse. The law is designed to track down and prosecute people, not stop malicious activity. In order for the law to try and stop malicious activities (digital or real), it must place constraints on our freedoms. See TSA/Airport Security. Jack