Justice Dept: Wiretaps should apply to Net calls
The battle rages on, apparently. The more things change, the more things stay the same, it would seem. ;-) This is from this past Wednesday --I'm surprised that I somehow overlooked it and only just now saw this. http://www.cnn.com/2004/TECH/internet/06/16/telecoms.voip.reut/index.html FYI, - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net
The particular hearing that set this all off is the Senate Commerce Committee's review of S.2281 ("VoIP Regulatory Freedom Act") that took place on last Wednesday, and in general, the hearing has a higher content to noise ratio than the resulting press coverage. The agenda and statements of the participants can be found here: <http://commerce.senate.gov/hearings/witnesslist.cfm?id=1230> S.2281 takes the middle of the road position in areas such as lawful intercept, universal service fund, and E911. At a high-level, those VoIP services which offer PSTN interconnection (and thereby look like traditional phone service in terms of capabilities) under S.2281 pick up the same regulatory requirements. Those VoIP services which do not interconnect are continue to be treated as "information services" and therefore excluded from these requirements. With respect to facilitating lawful intercept, the opening comments of Ms. Laura Parsky (Deputy Assistant Attorney General, US DoJ) and James Dempsey, Executive Director of the Center for Democracy and Technology (CDT) are quite informative. The DoJ view is that S.2281 is not enough, and any service using switching or transport should facilitate lawful intercept. This position has the advantage of clarity, but there are lots of communications (chat/IM/etc) that are going to hard to decode and make readily available as needed. It is also an expansion of the current framework of CALEA, which specifically sets aside information services including email and messaging. The CDT position is interesting, noting that CALEA came into being to address concerns that law enforcement wouldn't be able to readily pursue lawful intercept orders without directly mandating call intercept capacity in each service provider. This works fine with one application (voice) but that replicating this model for data services makes no sense given the diversity of Internet communications applications. CDT proposes that if law enforcement really needs better intercept capabilities for data applications, it should work on its own decode capabilities or get service bureaus to handle that same, and that the Internet service providers shouldn't have to do anything other supply a copy of the relevant users raw packet stream... Despite the angst on both sides, requiring just those VoIP services which look like traditional phone service (due to PSTN interconnection) as requiring ready lawful intercept capacity will result in the equivalent situation as we have today with CALEA, and appears to be the likely outcome of the debate. Apologies for length, /John
On Sat, 19 Jun 2004, John Curran wrote:
S.2281 takes the middle of the road position in areas such as lawful intercept, universal service fund, and E911. At a high-level, those VoIP services which offer PSTN interconnection (and thereby look like traditional phone service in terms of capabilities) under S.2281 pick up the same regulatory requirements.
It sounds good, if you assume there will always be a PSTN. But its like defining the Internet in terms of connecting to the ARPANET. What about Nextel's phone-to-phone talk feature which doesn't touch the PSTN? What about carriers who offer "Free" on-net calling, which doesn't connect to the PSTN and off-net calling to customers on the PSTN or other carriers. Will the bad guys follow the law, and only conduct their criminal activities over services connected to the PSTN?
With respect to facilitating lawful intercept, the opening comments of Ms. Laura Parsky (Deputy Assistant Attorney General, US DoJ) and James Dempsey, Executive Director of the Center for Democracy and Technology (CDT) are quite informative. The DoJ view is that S.2281 is not enough, and any service using switching or transport should facilitate lawful intercept. This position has the advantage of clarity, but there are lots of communications (chat/IM/etc) that are going to hard to decode and make readily available as needed. It is also an expansion of the current framework of CALEA, which specifically sets aside information services including email and messaging.
Its a return to DoJ's pre-CALEA position. Its almost a word-for-word replay of the debates in 1992/1993 and the Digital Telephony proposals. http://www.eff.org/Privacy/CALEA/digtel92_old_bill.draft Briefing Report to the Subcommittee on Telecommunications and Finance, Committee on Energy and Commerce of the House of Representatives by the United States General Accounting Office (GAO/IMTEC-92-68BR, July 1992), The FBI now has the technical ability required to wiretap certain technologies, such as analog voice communications carried over public networks' copper wire. However, since 1986, the FBI has become increasingly aware of the potential loss of wiretapping capability due to the rapid deployment of new technologies, such as cellular and integrated voice and data services, and the emergence of new technologies such as Personal Communication Services, satellites, and Personal Communication Numbers. There are six current or imminent telecommunications technologies that the FBI needs to be able to wiretap. These are (1) analog and digital using copper wire transport, (2) analog and digital using fiber optic transport, (3) Integrated Services Digital Network (ISDN), (4) Private Branch Exchange (PBX), (5) broadband, and (6) cellular. There are also three future technologies for which wiretapping capabilities need to be addressed: (1) satellite switches, (2) Personal Communication Services (PCS), and (3) Personal Communication Number (PCN). Further, the FBI needs to be able to wiretap any special features, such as call forwarding or electronic mail.
At 12:06 AM -0400 6/20/04, Sean Donelan wrote:
On Sat, 19 Jun 2004, John Curran wrote:
S.2281 takes the middle of the road position in areas such as lawful intercept, universal service fund, and E911. At a high-level, those VoIP services which offer PSTN interconnection (and thereby look like traditional phone service in terms of capabilities) under S.2281 pick up the same regulatory requirements.
It sounds good, if you assume there will always be a PSTN. But its like defining the Internet in terms of connecting to the ARPANET.
Correct. It's a workable interim measure to continue today's practice while the edge network is transitioning to VoIP. It does not address the more colorful long-term situation that law enforcement will be in shortly with abundant, ad-hoc, encrypted p2p communications.
What about Nextel's phone-to-phone talk feature which doesn't touch the PSTN? What about carriers who offer "Free" on-net calling, which doesn't connect to the PSTN and off-net calling to customers on the PSTN or other carriers.
Will the bad guys follow the law, and only conduct their criminal activities over services connected to the PSTN?
Sean - what alternative position do you propose? /John
if the pro-ported bad guys are so swift why would they use anything packaged anyway? They have engineers and scientific minds in their ranks that understand devices, boards and the likes and could simply create their own data centers and simply use new protocols to communicate over the public lines and not one person would know the difference, all the laws in the world would not stop them, since US law doesn't apply to anyone but US citizens and most other nations could care less about what we imagine, contrive and go into hysterics about. -Henry --- John Curran <jcurran@istaff.org> wrote:
At 12:06 AM -0400 6/20/04, Sean Donelan wrote:
On Sat, 19 Jun 2004, John Curran wrote:
S.2281 takes the middle of the road position in areas such as lawful intercept, universal service fund, and E911. At a high-level, those VoIP services which offer PSTN interconnection (and thereby look like traditional phone service in terms of capabilities) under S.2281 pick up the same regulatory requirements.
It sounds good, if you assume there will always be a PSTN. But its like defining the Internet in terms of connecting to the ARPANET.
Correct. It's a workable interim measure to continue today's practice while the edge network is transitioning to VoIP. It does not address the more colorful long-term situation that law enforcement will be in shortly with abundant, ad-hoc, encrypted p2p communications.
What about Nextel's phone-to-phone talk feature which doesn't touch the PSTN? What about carriers who offer "Free" on-net calling, which doesn't connect to the PSTN and off-net calling to customers on the PSTN or other carriers.
Will the bad guys follow the law, and only conduct their criminal activities over services connected to the PSTN?
Sean - what alternative position do you propose? /John
At 12:30 AM -0400 on 6/20/04, John Curran wrote:
At 12:06 AM -0400 6/20/04, Sean Donelan wrote: [snip]
It sounds good, if you assume there will always be a PSTN. But its like defining the Internet in terms of connecting to the ARPANET.
Correct. It's a workable interim measure to continue today's practice while the edge network is transitioning to VoIP. It does not address the more colorful long-term situation that law enforcement will be in shortly with abundant, ad-hoc, encrypted p2p communications.
What about Nextel's phone-to-phone talk feature which doesn't touch the PSTN? What about carriers who offer "Free" on-net calling, which doesn't connect to the PSTN and off-net calling to customers on the PSTN or other carriers. [snip]
[I've been writing this over the past day or so in bursts; apologies if this re-hashes what others have said more succinctly or elegantly. I think there are still some points in here that haven't been addressed by others, so I'll respond to the most recent sub-thread] I think that while the debate about CALEA's short-term legislative extension to cover VoIP services is certainly interesting and scary, I fail to see how it will be relevant in the coming years as the market progresses. Because of the quickly growing diversity of VoIP technology, interconnection methods, and customer/vendor hierarchies, I do not believe it will be possible to enforce (or even legislate) an interception policy that is effective without extensive and draconian technical and legal methods. Comments to support my thesis: 1) In the debate thus far, it does seem reasonable that PSTN calls are subject to CALEA. It even sounds reasonable that services that interconnect from VoIP networks to the PSTN are subject to CALEA. But what information must be provided during an "interconnect"? What _is_ an "interconnect", anyway? If I have a service that hands off a call from my customer's SIP home media gateway to another carrier's SIP gateway device, am I obligated to tell the other carrier the real caller ID of the caller? Does caller ID provide adequate identification? What if there isn't a "real" caller ID? Which one of us must be subjected to CALEA rules? Both? How about a residential gateway (SIP->FXO) that participates in a global P2P mesh co-op to allow cheap/free local calls anywhere? (Hint: that's coming.) Is every member of such a mesh subject to CALEA? 2) Perhaps the most relevant point to my thesis is that the "service provider" may not fall under the jurisdiction of United States law, but that does not preclude them from offering service in the US that is equivalent to vendors who _do_ reside in the US. I will note that this is NANOG, and not USANOG. While the US has a significant influence in North American (and worldwide) intercept legislation, it certainly cannot require other nations to implement the same policy. We're all running scared about what the US will do, but it is a tempest in a teapot for providers who are packet-based and potentially mobile, or who are already outside of the USA. Some sub-comments on geography/national authority: a) Do you think that Skype (domain registered in Luxembourg, company in the Netherlands?) or any other non-US P2P network or software provider will implement CALEA into it's software or service because of threats by the US Department of Justice? Consistently? b) Do you think that it will be illegal for overseas firms to contract with IP->PSTN gateway providers in the USA for call termination because the origins of their calls are unknown and thus are un-distinguishable by CALEA intercepts from non-targeted calls? c) Do you think that it will be illegal for US Citizens or residents to send encrypted SRTP (or other media) streams to IP->PSTN gateways that are outside of the United States, where CALEA does not apply? d) More broadly: Do you think it should or will be illegal to accept or generate a communication method without some authoritative method to trace the origin or destination of the communication? If you answer "No", then CALEA grows more worthless by the day. If you answer "Yes", then how does your government apply this across national boundaries, and more importantly, how does a government technically enforce it without becoming a police state? e) Do you think any company will be inclined to stay in the US if the cost of doing business increases by X% due to CALEA requirements? To what number can X% rise before they close up shop and move offshore? I can tell you from firsthand experience that all the VoIP providers I've talked with are running on the assumption that they can deploy their models on 10-20% of the costs of a traditional telco, and even a slight deviation in this will send them scattering to look for alternatives to whatever costs are presented. Look at the on-line gambling industry for very relevant examples of this diaspora effect. 3) It seems that the most easily graspable part of the industry is to somehow apply rules to any entity that uses number space out of the North American Numbering Plan (NANP) that is ultimately overseen by the US Government. It's easy for the FTC/DOJ/FCC to say "You don't get the right to use, route, or sub-allocate numbers unless you adhere to our CALEA requirements, and force all your customers to adhere to those requirements as well." That sounds easy, and it might even be possible.... for a while. This quickly changes when non-US or non-national numbering (+878, anyone?) becomes more accepted by domestic US customers, and is completely irrelevant to those services which don't use NANP space and just provide anonymous or semi-anonymous gateways for outbound and two stage dialing for inbound (see FWD, Voiceglo, and others for examples of this.) I think again CALEA will fall into a chaotic jumble by trying to apply laws to service providers or software developers to enforce basic identification criteria when those criteria will lose relevance in the next few years. Note: the long arm of the law having it's hand on NANP allocations might a pretty good "tax" handle as well - watch out for the triple-whammy of taxes, CALEA, and E911 being tied to NANP numbers, as has been discussed before in other forums with very visible momentum of approval. This has positive and negative results. Of this method of control/taxation, I haven't decided if I'm in favor or not. 4) The last comment will agree with another comment made here previously: the smart (and possibly the most dangerous) criminals and terrorists will use widely-available crypto, tunnels, or darknets to move their VoIP packets. CALEA agencies have got to get the method of interception closer to the source or destination of the communications to overcome these obstacles. Are we implementing this huge expense, inconvenience, and market uncertainty to catch only dumb criminals, or should these energies and funds be focused elsewhere to have possibly "better" results? PS: anyone want to draft the "US Telecommunications Discipline Pact"? ;-) PPS: Yes, I do run an ITSP, but these comments reflect my personal views, and not necessarily those of my current employer. JT
At 8:20 PM -0400 6/20/04, John Todd wrote:
I think that while the debate about CALEA's short-term legislative extension to cover VoIP services is certainly interesting and scary, I fail to see how it will be relevant in the coming years as the market progresses. Because of the quickly growing diversity of VoIP technology, interconnection methods, and customer/vendor hierarchies, I do not believe it will be possible to enforce (or even legislate) an interception policy that is effective without extensive and draconian technical and legal methods.
JT - It's not just the US Goverment with interest in this matter. Lawful Intercept has basis in both EU directives and laws of many member states. The last RIPE meeting had a very good presentation by Jaya Baloo on this particular topic, and I'll note that describes an ETSI framework for a lot more than just facilitating VoIP intercept: <http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-eof-etsi.pdf> As I noted earlier, the coming reality of abundant, ad-hoc, encrypted, p2p communication is going to eventually make efforts to facilitate just VoIP intercept seem quaint, unless we all recognize that only most obtuse criminal will be likely to have their communications uncovered in this manner. There's likely to be disagreement on how far away that day is; based on different views of technology availability and criminal behavior. As long as facilitating lawful intercept has a reasonable cost and perceived benefit tradeoff, there will be significant pressure to come up with viable architectures for deployment. In the US, this may take the direction of simply facilitation of VoIP intercept, or could be something more inclusive such as the architecture as outlined by ETSI for mail, transport headers, and entire packet streams. Finally, it is not simply through tax or regulatory measures that governments can seek compliance. Not many firms are going to offer services contrary to law in this area if the consequences are defined as criminal violations, since most corporate officers dislike the potential consequences. /John
On Sun, 20 Jun 2004, John Curran wrote:
It's not just the US Goverment with interest in this matter. Lawful Intercept has basis in both EU directives and laws of many member states.
You are aware the US Government pays for consultants to assist in the development of international and other directives or standards. The great thing about standards is there are so many to choose from. When one group rejects the proposal, it is shopped around to a more friendly forum and then re-introduced. The US Government tried Key Escrow, and was more successful getting other countries to adopt it than in the USA. History is a good teacher. But it will require visiting the library, not just using Google.
There's likely to be disagreement on how far away that day is; based on different views of technology availability and criminal behavior. As long as facilitating lawful intercept has a reasonable cost and perceived benefit tradeoff, there will be significant pressure to come up with viable architectures for deployment. In the US, this may take the direction of simply facilitation of VoIP intercept, or could be something more inclusive such as the architecture as outlined by ETSI for mail, transport headers, and entire packet streams.
Every type of electronic communications in the USA may, and probably has been intercepted at one time or another, not just VoIP. Everything outlined in the ETSI standards, and more, is available for purchase today from vendors in the USA. Its a lot more than simply facilitating access. Under Title III, carriers already had to provide reasonable technical assistance, with compensation. The objection generally isn't about facilitating "access." Law enforcement already has "access," and has shown no reluctance in obtaining court orders for ISPs to give them "access." So what is the real problem? What is law enforcement actually asking for?
At 11:11 PM -0400 6/20/04, Sean Donelan wrote:
Every type of electronic communications in the USA may, and probably has been intercepted at one time or another, not just VoIP. Everything outlined in the ETSI standards, and more, is available for purchase today from vendors in the USA.
Its a lot more than simply facilitating access. Under Title III, carriers already had to provide reasonable technical assistance, with compensation. The objection generally isn't about facilitating "access." Law enforcement already has "access," and has shown no reluctance in obtaining court orders for ISPs to give them "access."
Access isn't the question. This is about assisting law enforcement by facilitating access, which by CALEA is providing mechanisms and capacity for lawful intercept in advance. As you are aware, it is possible to be unable to fulfill a court order for intercept due to technical reasons, and the DoJ sees this as a real distinct possibility for an increasing volume of voice calls if S.2281 is approved as-is.
So what is the real problem? What is law enforcement actually asking for?
Amazingly, that's contained in the DoJ comments: "In both the IP-enabled services and CALEA proceedings at the FCC, the Department of Justice has made the same points that I want to emphasize here this morning: (1) that public safety and national security will be compromised unless court orders for electronic surveillance can be implemented by providers; (2) that assistance requirements should apply to every service provider that provides switching or transmission, regardless of the technologies they employ; and (3) that if any particular technology is singled out for a special exemption from these requirements, that technology will quickly attract criminals and create a hole in law enforcement's ability to protect the public and the national security." Looks pretty clear to me: assistance requirements (i.e. the requirement to have LI capacity and mechanisms in place in advance) should apply to all providers, and in particular, that VoIP providers who do not provide direct PSTN access (e.g. FWD, Skype) should not get an exception here as specified in the draft bill. /John
On Mon, 21 Jun 2004, John Curran wrote:
Looks pretty clear to me: assistance requirements (i.e. the requirement to have LI capacity and mechanisms in place in advance) should apply to all providers, and in particular, that VoIP providers who do not provide direct PSTN access (e.g. FWD, Skype) should not get an exception here as specified in the draft bill.
And what would satisfy those law enforcement requirements? In 10 years of CALEA, law enforcement has never agreed anything done was good enough to satisfy CALEA. Instead, LEAs have repeatly stated all attempts at compliance so far have been deficient. If LEA thinks everything the PSTN tried to do was deficient, why does anyone think applying the same regime to other things will be any more successfull at meeting LEA's requirements? If law enforcement was trumpeting the success of CALEA, how much money it saved, how it caught criminals, how it saved lives; there might be a better argument for extending it to all communications. The problem is law enforcement has said CALEA is a failure in its eyes, so why do we want Congress to expand a broken regime? What's goofy is when ISPs perform investigations, they use lots of tools which could be useful to law enforcement. Some of those tools don't have a clear equivalent in other types of communication systems. So law enforcement asks for things that don't always make sense simply because that's what is in the order. Why do both pen registers and mail covers exist? Because the law followed the technology. When law enforcement does a mail cover, they get what a mail cover includes. The post office doesn't cover up the return address on the envelope because law enforcement only had a pen register order, but not a trap and trace order for the postal envelope. When developing systems for the PSTN, it turned out to be easier to collect the outgoing dialed digits on a phone line than the incoming calling number (pre-ss7 days). So the law split called numbers from calling numbers instead of trying to extend the postal service mail cover into the telephone. Trying to force the technology just makes everything grumpy. Do you pay a $10,000 fine everytime you fail to include the return address on a postal letter? Other technologies have similar natural boundaries. The US J-STD-25 and the EU ETSI frameworks are trying to go backwards. It creates a very complicated framework. Great for interception vendors, lousy for everyone else. What are the natural boundaries and how do they match up with people's expectations of privacy or other legal structures?
John, While I agree that not many domestic (or EU) vendors will offer services contrary to the law in this area, do you truly believe this won't simply cause companies that really want to make money in this market to move to places where the laws are less difficult? Afterall, I can get pretty good fiber connectivity in Malaysia or other parts of Asia/SoPac without really needing to worry much about any sort of LI procedures. As long as the company offering the services does so via a web site and can collect on credit card billings (even if they have to keep rotating shell companies that do the billings), money can be made without dealing with US regulations. Frankly, the harder DOJ works on pushing this LI crap down our throats, the more damage they will do to US internet industry and consequently the more job-loss they will create. Terrorists that are sophisticated enough to be a real threat already know how to: 1. Cope with lawful intercept through disinformation and other tactics. 2. Encrypt the communications (voice or otherwise) that they don't want intercepted -- It's just not that hard any more. I think the only advantage to DOJ working this hard on LI capabilities is that it may raise public awareness of the issue, and, may help get better cryptographic technologies more widely deployed sooner. Other than that, I think it's just a lose all the way around. Owen --On Sunday, June 20, 2004 09:43:32 PM -0400 John Curran <jcurran@istaff.org> wrote:
At 8:20 PM -0400 6/20/04, John Todd wrote:
I think that while the debate about CALEA's short-term legislative extension to cover VoIP services is certainly interesting and scary, I fail to see how it will be relevant in the coming years as the market progresses. Because of the quickly growing diversity of VoIP technology, interconnection methods, and customer/vendor hierarchies, I do not believe it will be possible to enforce (or even legislate) an interception policy that is effective without extensive and draconian technical and legal methods.
JT -
It's not just the US Goverment with interest in this matter. Lawful Intercept has basis in both EU directives and laws of many member states. The last RIPE meeting had a very good presentation by Jaya Baloo on this particular topic, and I'll note that describes an ETSI framework for a lot more than just facilitating VoIP intercept:
<http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-eof-etsi. pdf> As I noted earlier, the coming reality of abundant, ad-hoc, encrypted, p2p communication is going to eventually make efforts to facilitate just VoIP intercept seem quaint, unless we all recognize that only most obtuse criminal will be likely to have their communications uncovered in this manner.
There's likely to be disagreement on how far away that day is; based on different views of technology availability and criminal behavior. As long as facilitating lawful intercept has a reasonable cost and perceived benefit tradeoff, there will be significant pressure to come up with viable architectures for deployment. In the US, this may take the direction of simply facilitation of VoIP intercept, or could be something more inclusive such as the architecture as outlined by ETSI for mail, transport headers, and entire packet streams.
Finally, it is not simply through tax or regulatory measures that governments can seek compliance. Not many firms are going to offer services contrary to law in this area if the consequences are defined as criminal violations, since most corporate officers dislike the potential consequences.
/John
At 8:04 AM -0700 6/21/04, Owen DeLong wrote:
John,
While I agree that not many domestic (or EU) vendors will offer services contrary to the law in this area, do you truly believe this won't simply cause companies that really want to make money in this market to move to places where the laws are less difficult? Afterall, I can get pretty good fiber connectivity in Malaysia or other parts of Asia/SoPac without really needing to worry much about any sort of LI procedures. As long as the company offering the services does so via a web site and can collect on credit card billings (even if they have to keep rotating shell companies that do the billings), money can be made without dealing with US regulations.
With respect to enforcement, I am sure there are ways to prevent being caught involving amusing offshore logistics, but that will still prevent the vast majority of US businesses from offering non-2281 compliant services.
Frankly, the harder DOJ works on pushing this LI crap down our throats, the more damage they will do to US internet industry and consequently the more job-loss they will create. Terrorists that are sophisticated enough to be a real threat already know how to:
1. Cope with lawful intercept through disinformation and other tactics. 2. Encrypt the communications (voice or otherwise) that they don't want intercepted -- It's just not that hard any more.
I think the only advantage to DOJ working this hard on LI capabilities is that it may raise public awareness of the issue, and, may help get better cryptographic technologies more widely deployed sooner. Other than that, I think it's just a lose all the way around.
I'm not advocating the DoJ's position on this matter, just trying to clarify it for the list (since it was rather muddled in earlier postings). /John
I think the only advantage to DOJ working this hard on LI capabilities is that it may raise public awareness of the issue, and, may help get better cryptographic technologies more widely deployed sooner. Other than that, I think it's just a lose all the way around.
I'm not advocating the DoJ's position on this matter, just trying to clarify it for the list (since it was rather muddled in earlier postings).
/John
They, "the DOJ" is just trying to do it's job, as they are under the microscope due to the fumbles that led to the compromises by an obviously inept predecessor. Now, they are tighten the screws on everything from telecoms to bank accounts; to prevent another round of fumbled information resulting in a preventable issue going unchecked. I don't like all of the hoops either but, nothing we do or say is going to change their minds or their course of action. -Peter
On Mon, 21 Jun 2004, Pete Schroebel wrote:
I think the only advantage to DOJ working this hard on LI capabilities is that it may raise public awareness of the issue, and, may help get better cryptographic technologies more widely deployed sooner. Other than that, I think it's just a lose all the way around.
I'm not advocating the DoJ's position on this matter, just trying to clarify it for the list (since it was rather muddled in earlier postings).
/John
They, "the DOJ" is just trying to do it's job, as they are under the microscope due to the fumbles that led to the compromises by an obviously inept predecessor. Now, they are tighten the screws on everything from telecoms to bank accounts; to prevent another round of fumbled information resulting in a preventable issue going unchecked.
If you mean the 'misplaced' information surrounding the 9/11 hijackers, I'm not sure any amount of wiretapping/snooping would have ever changed the situation. The problem was more related to, according to news reports and senate (house?) hearings/testimony, miscommunications inside each of the parts of the DoJ/CIA/NSA. All the wiretapping in the world wont get information passed correctly inside these organizations. Smoke screen efforts are less helpful and are simple diversions from the reality of the problem.
They, "the DOJ" is just trying to do it's job, as they are under the microscope due to the fumbles that led to the compromises by an
obviously
inept predecessor. Now, they are tighten the screws on everything from telecoms to bank accounts; to prevent another round of fumbled information resulting in a preventable issue going unchecked.
If you mean the 'misplaced' information surrounding the 9/11 hijackers, I'm not sure any amount of wiretapping/snooping would have ever changed the situation. The problem was more related to, according to news reports and senate (house?) hearings/testimony, miscommunications inside each of the parts of the DoJ/CIA/NSA. All the wiretapping in the world wont get information passed correctly inside these organizations.
Smoke screen efforts are less helpful and are simple diversions from the reality of the problem.
I disagree, as there are listening stations in almost every language that have been very useful; I've seen them, built them some over the years and watched others start-up, . The DOJ needs to be able to do the same with the voip/networks/internet and soon intranet. A few of the major ISP's / Mail Houses already have special contracts running Kenan's SQL over the mail archives before they are expunged. I imagine that issue will soon apply to us all here in the US. You are correct that there is nothing that is going to make a government organizations work or actually do their job; with exception of obtaining yet another holiday. -Peter
I disagree, as there are listening stations in almost every language that have been very useful; I've seen them, built them some over the years and watched others start-up, . The DOJ needs to be able to do the same with the voip/networks/internet and soon intranet.
and don't forget the television cameras in people's living and bed rooms. randy
On Mon, 21 Jun 2004, Pete Schroebel wrote:
Smoke screen efforts are less helpful and are simple diversions from the reality of the problem.
I disagree, as there are listening stations in almost every language that have been very useful; I've seen them, built them some over the years and watched others start-up, . The DOJ needs to be able to do the same with the voip/networks/internet and soon intranet. A few of the major ISP's / Mail
yes, agreed. moving toward the next technology of snooping is a good thing for DoJ.
Houses already have special contracts running Kenan's SQL over the mail archives before they are expunged. I imagine that issue will soon apply to us all here in the US. You are correct that there is nothing that is going to make a government organizations work or actually do their job; with exception of obtaining yet another holiday.
my smoke screen reference was aimed at the "but the doj must do this to show action, because of their floundering and poor performance in the past which lead to catastrophes". Sorry for not being clear.
On Mon, 21 Jun 2004, Christopher L. Morrow wrote:
yes, agreed. moving toward the next technology of snooping is a good thing for DoJ.
You can request copies of the law enforcement needs documents at http://www.askcalea.net/standards.html Packet Surveillance Fundamental Needs Document (PSFND) Electronic Surveillance Needs for Carrier Grade Voice over Packet Service (CGVoP) Electronic Surveillance Needs for Public IP Network Access Service (PIPNAS) If you don't like sending your name and email address to the FBI, try Google. The VOIP document is about 80 pages long, the IP document is about 100 pages. However, the historical practice has been to revise and extend the requirements. So there may be additional needs which aren't included in these documents. They are very extensive needs, not just maintaining the status quo. Is "sound transmitted" call-content or call-identification action? On the other hand, is "silence" call-content or call-identification? When reporting every packet transmitted as call-identification information really letting you partially peak into the content (sound/silence) without the hassle of a content intercept order? People have guessed the length of people's passwords based on the number of packets, even though they couldn't decrypt the packets.
On Mon, 21 Jun 2004, John Curran wrote:
With respect to enforcement, I am sure there are ways to prevent being caught involving amusing offshore logistics, but that will still prevent the vast majority of US businesses from offering non-2281 compliant services.
Off-shore would be the NSA, not the FBI. The NSA has not reported any problems tapping VOIP communications. But the NSA's budget is a lot bigger than the FBI's :-) There are lots of examples of extraterritoriality. MasterCard built a data center in Europe to process European credit card transactions. The US Department of Transportation restricts the use of Canadian train dispatchers controlling portions of US railroad tracks. All the telephone switches serving Palestinian Territory are physically located in Israel. Several third-world countries have been trying to block the use of international VOIP. There aren't that many international networks, with appropriate pressure, they could block/tap/whatever people trying to use extraterritorial VOIP.
I'm not advocating the DoJ's position on this matter, just trying to clarify it for the list (since it was rather muddled in earlier postings).
The Department of Justice has been successfully tapping computer networks since at least 1995. http://www.usdoj.gov/opa/pr/1996/March96/146.txt FEDERAL CYBERSLEUTHERS ARMED WITH FIRST EVER COMPUTER WIRERTAP ORDER NET INTERNATIONAL HACKER CHARGED WITH ILLEGALLY ENTERING HARVARD AND U.S MILITARY COMPUTERS WASHINGTON, D.C. -- The first use of a court-ordered wiretap on a computer network led today to charges against an Argentine man accused of breaking into Harvard University's computers which he used as a staging point to crack into numerous computer sites including several belonging to the Department of Defense and NASA. The wiretap, on the computer of Harvard's Faculty of Arts and Sciences during the last two months of 1995, resulted in the filing of a criminal complaint against 21-year-old Julio Cesar Ardita of Buenos Aires. An arrest warrant has been issued for Ardita. It is not a technical problem (maybe 5% technical, 95% non-technical). I don't disagree LEA may have a problem. However, almost all of the "problems" identified have been with either money, training for law enforcement, or non-IP technologies (i.e. push-to-talk on Nextel, which doesn't require a connection to the PSTN).
participants (9)
-
Christopher L. Morrow -
Fergie (Paul Ferguson) -
Henry Linneweh -
John Curran -
John Todd -
Owen DeLong -
Pete Schroebel -
Randy Bush -
Sean Donelan