On Mon, 29 Oct 2001 alex@yuriev.com wrote:
number of publications, including current issue of Forbes. The author, whose name escapes me at this time, is under the ill-belief that since the internet traffic does flow though hubs, it would be possible to intercept it and store it on the computers located in those hubs. It is more likely that a white paper describing the issues arising from attempts to intercept and store that much data would do better than an argument about unreliability of the source.
The Dutch NAO organisation has tried to describe that problem. NAO is a colaborate effort of most of the Dutch ISP/Telco's (note: not Colocation facilities or webhosters) who faced these exact requirements half a year ago when the Dutch mandatory tapping requirement became effective. They managed to produce a presentation on "possible network topologies" that ISP's might face. http://www.nlip.nl/nl/nao/spec/main/main.html Their workgroup "topologie" produced something as well, but I can't find it on their on site (There is a confusing policy on what parts are government secrets and what parts are public information, which is so badly specified that I as an ISP can't get any tapping specification, while I need to comply to the tapping laws). Here's the copy of the document on Opentap: http://www.opentap.org/documents/ExamplesOfTopologies.pdf I went to the vendor day that was helt by NAO to bring vendors of tapping boxes closer to their potential ISP clients. There were two kind's of products 1) Vapourware ("Do you have something ready that complies to Dutch law NOW?") 2) standard sniffing boxes/carnivore compatibles ("Do you have something ready that complies to Dutch law NOW?") For the vendors who claimed to be "almost ready" or my favourite one "already doing labtesting on some secret location within the NL" I asked them how the box plugged in, parallell on the network, or as a link in the chain. If they answered it was a link in the chain, I asked them about redundancy, high availability and failover, and asked them how to convince my boss that a single point of failure should be added to our network. If they said in parallel I asked them how I could catch all traffic. If they tried to say something clever about puttings ports in management mode to see the traffic of all ports, I asked them why I should tell my boss to reduce our backbone to the capacity of a single 100MB ethernet port. Needless to say, I was in awe. So I wrote: http://www.opentap.org/ct/ct.aftappen-eng.html And later added some comments: http://cryptome.org/nl-tap2.htm For the Law Enforcement Agencies (LEA's) the answer is always quite simple. "You should be able to tap everything we want". From the ISP's point of view this is often impossible. He's not allowed to change the service of a user, in case the user might detect that, but how is an ISP going to tap traffic that never gets onto his network. Two neighbouring cable users, two dailin users in the same local modem pool. And last but not least, the entire VPOP structures where lots of smaller ISP's buy "national dailup" from the big guys. They don't even have access to the infrastructure to add a tapping box. The government's answer "Administrative issue, can be dealt with by bilateral talks". My interpretation for that is "You've broken the law, you will do everything we say". Our government learned that trick from the US government. The FBI will face similar problems, the interpop traffic is not going to be captured. It's not a big problem, since the terrible crimes on that traffic will mostly be copying illegal movies and songs. If two terrorists are neighbours, I'd assume they would go to a sauna (I loved Icepick) to talk. The problem will become worse with all the 802.11 networks popping up everywhere (esp if people are using things like IPSec with oppurtunistic) Paul