On Wed, 24 Oct 2001, Paul Wouters wrote:
The NL has already answered this question last januari. When asked who needs to be tappable, the answer is "everyone who is offering a public internet service".
And they have a strange notion of the word "public" too. I got the distinct impression (but nobody wanted to go on record for anything) they feel the Web server that's under my desk at home provides a "public" service too. So I should be prepared to aid the Dutch government in intercepting my own traffic. Which to me would seem to defeat the purpose, but what do I know?
Tapped data needs to be sent through a special protocol, the Transport of Intercepted IP Traffic (TIIT).
TIIT only specifies the transport protocol, though. There are no restrictions on network topology. As long as you can intercept the traffic (not just email--everything) in your network and deliver it, it's ok. It seems the FBI wants the traffic to flow over a number of centralized locations for easy interception. (I would rather intercept a dozen Gigabit Ethernet connections in different places than a single OC-192 POSIP, but again: what do I know?) See: http://www.interactiveweek.com/article/0,3658,s%3D605%26a%253D16678,00.asp This worries me a great deal. If we as an industry learned anything from September 11th, it is (or should be) that centralized facilities are vulnerable. Iljitsch van Beijnum