On Sat, 6 Aug 2005, Tony Li wrote:
I'm sorry, but this is simply an unsupportable statement. What is required of routers is that the provider be able to configure the device to make copies of certain packets to a monitoring port. Assuming that the monitoring port is duly managed, how does this qualify as "insecure"?
Unfortunately, things are never as simple as they appear. The department of justice/fbi/dea/etc wish lists have been published/leaked with a suitable google search. Port mirroring may not be considered sufficient. I think the EFF is missing the important part of the wish list items. The wish list items aren't for wiretaps, but defining as many things as possible as "non-content." Its important for network operators because they will end up doing a lot more work digging through packets for non-content information, and important for lawyers because it lessens the legal requirements for non-content information. What is the "expectation of privacy" of non-content information?