ISP compliance < LEAs - tech and logistics [was: snfc21 sniffer docs]
Wired posted what are suppossedly the docs Mark Klein wrote 'bout the NSA sniffing project. Interesting read...
http://blog.wired.com/27BStroke6/att_klein_wired.pdf
John
Indeed. To be honest, I am more interested in NANOG-related operational issues involved, which I am not sure many here will be able to discuss in case they had experience on the subject. So let us put privacy and legal issues aside for the purpose of this discussion. How does a service provider handle the requirement to meet a law enforcement agency with their wiretapping needs? The logistics and technology can be exerting, annoying and business-wise, even prohibiting. As I just mentioned somewhere else, I should probably point out that if I was a major ISP often asked to answer the call of law enforcement with legal wiretaps, this could be very annoying as well as technologically a killer to my network architecture. Just sticking some hub somewhere in my network may not cut it, and will certainly not cover all of the communication. What about different lines and locations? As a large provider, AT&T probably had to find better solutions to the call of the law, or reply on the law's technology to not kill their business. This indeed happened before. As some of you may remember, according to one NANOGer at the FBI's Carnivore presentation a few years ago, "sticking" just such a hub is what caused his network to break-down. Creating a centralized wiretapping point under strict security may be just the thing to both comply and save costs, not to mention staying on the air. I don't see how that _by_itself_ is wrong of AT&T. There are other issues here as well. The Internet Infrastructure in a significant way sits in the US. We all know that. Is it really a surprise to anyone that the NSA, which states it listens to the Internet, is using a local resource such as that on US soil? They would be crazy not to. They rivals and enemies in other countries certainly won't think twice. There is the issue of separating domestic communication from the rest, but that's just something they have to deal with and US citizens have to be paranoid about. This whole situation will probably result in better supervision/monitoring of activities rather than stopping any of them (i.e. simply more people in-the-know of what the NSA is up to). That said, I am not a US citizen nor up-to-date on the details of this ATT/NSA issue or the privacy implications, and I am sure enough of the US folks here are. Gadi.
On Tue, May 23, 2006 at 05:39:26AM -0500, Gadi Evron wrote:
Wired posted what are suppossedly the docs Mark Klein wrote 'bout the NSA sniffing project. Interesting read...
http://blog.wired.com/27BStroke6/att_klein_wired.pdf
John
Indeed. To be honest, I am more interested in NANOG-related operational issues involved, which I am not sure many here will be able to discuss in case they had experience on the subject. So let us put privacy and legal issues aside for the purpose of this discussion.
How does a service provider handle the requirement to meet a law enforcement agency with their wiretapping needs? The logistics and technology can be exerting, annoying and business-wise, even prohibiting.
See RFC 3924, "Cisco Architecture for Lawful Intercept in IP Networks." -- Jim Lippard jl@gblx.net Global Security Organization, Information Security Architecture Global Crossing GPG Key ID: 0xED3D63C0
On Tue, 23 May 2006 05:39:26 -0500 (CDT), Gadi Evron <ge@linuxbox.org> wrote:
Wired posted what are suppossedly the docs Mark Klein wrote 'bout the NSA sniffing project. Interesting read...
http://blog.wired.com/27BStroke6/att_klein_wired.pdf
John
Indeed. To be honest, I am more interested in NANOG-related operational issues involved, which I am not sure many here will be able to discuss in case they had experience on the subject. So let us put privacy and legal issues aside for the purpose of this discussion.
How does a service provider handle the requirement to meet a law enforcement agency with their wiretapping needs? The logistics and technology can be exerting, annoying and business-wise, even prohibiting.
In the US, see 18 USC 2518(4): Any provider of wire or electronic communication service, landlord, custodian or other person furnishing such facilities or technical assistance shall be compensated therefor by the applicant for reasonable expenses incurred in providing such facilities or assistance. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
On Tue, 23 May 2006, Steven M. Bellovin wrote:
Indeed. To be honest, I am more interested in NANOG-related operational issues involved, which I am not sure many here will be able to discuss in case they had experience on the subject. So let us put privacy and legal issues aside for the purpose of this discussion.
How does a service provider handle the requirement to meet a law enforcement agency with their wiretapping needs? The logistics and technology can be exerting, annoying and business-wise, even prohibiting.
In the US, see 18 USC 2518(4):
Any provider of wire or electronic communication service, landlord, custodian or other person furnishing such facilities or technical assistance shall be compensated therefor by the applicant for reasonable expenses incurred in providing such facilities or assistance.
The NANOG meeting archives are full of presentations as the result of very sophisticated network monitoring. Like most technology, it can be used for good and evil. You can't tell the motivation just from the technology.
At 09:48 PM 5/23/2006, Sean Donelan wrote:
On Tue, 23 May 2006, Steven M. Bellovin wrote:
Indeed. To be honest, I am more interested in NANOG-related operational issues involved, which I am not sure many here will be able to discuss in case they had experience on the subject. So let us put privacy and legal issues aside for the purpose of this discussion.
How does a service provider handle the requirement to meet a law enforcement agency with their wiretapping needs? The logistics and technology can be exerting, annoying and business-wise, even prohibiting.
In the US, see 18 USC 2518(4):
Any provider of wire or electronic communication service, landlord, custodian or other person furnishing such facilities or technical assistance shall be compensated therefor by the applicant for reasonable expenses incurred in providing such facilities or assistance.
The NANOG meeting archives are full of presentations as the result of very sophisticated network monitoring. Like most technology, it can be used for good and evil. You can't tell the motivation just from the technology.
Sean, please drop this subject. You have no experience here and it's annoying that you keep making authoritative claims like you have some operational experience in this area. If you do, please do elaborate and correct me. From what I understand from the folks at SBC, you did not run harassing call, annoyance call, and LAES services. I would appreciate a correction. -M< -- Martin Hannigan (c) 617-388-2663 Renesys Corporation (w) 617-395-8574 Member of Technical Staff Network Operations hannigan@renesys.com
The NANOG meeting archives are full of presentations as the result of very sophisticated network monitoring. Like most technology, it can be used for good and evil. You can't tell the motivation just from the technology.
OK, so he says in a roundabout way that you are already paying for some sophisticated network monitoring and it probably won't cost you much to just give some data to the "authorities".
Sean, please drop this subject. You have no experience here and it's annoying that you keep making authoritative claims like you have some operational experience in this area. If you do, please do elaborate and correct me. From what I understand from the folks at SBC, you did not run harassing call, annoyance call, and LAES services. I would appreciate a correction.
Huh!?!?!? Are you saying that people should buzz off from the NANOG list if they change jobs and their latest position isn't operational enough? Are you saying that people should not be on the NANOG list unless they have TELEPHONY operational experience? What is the world coming to!? --Michael Dillon
Michael.Dillon@btradianz.com wrote:
The NANOG meeting archives are full of presentations as the result of very sophisticated network monitoring. Like most technology, it can be used for good and evil. You can't tell the motivation just from the technology.
OK, so he says in a roundabout way that you are already paying for some sophisticated network monitoring and it probably won't cost you much to just give some data to the "authorities".
Sean, please drop this subject. You have no experience here and it's annoying that you keep making authoritative claims like you have some operational experience in this area. If you do, please do elaborate and correct me. From what I understand from the folks at SBC, you did not run harassing call, annoyance call, and LAES services. I would appreciate a correction.
Huh!?!?!? Are you saying that people should buzz off from the NANOG list if they change jobs and their latest position isn't operational enough? Are you saying that people should not be on the NANOG list unless they have TELEPHONY operational experience?
What is the world coming to!?
--Michael Dillon
The guy wants to say, please raise your eyes above the horizon of your plate and view a not yet existing country named europe. Here our infrastructure is a lot more advanced and we have standardized a common eavesdropping api. That makes sense with shifting points of view from IRA and Basque Separatists to the European Central Bank everybody can use the standart API and start listening. Of course nobody except the European Central Bank is allowed listening, but - who cares? I am told china too is very advanced. But I am shure North America will catch up fast. Or does he mean Operations, the IRA guys who are running the London Docklands eavesdropping facility, that connects europe via the glc fibre? </ranting> <? remember where we started ??? Cheers Peter and Karin -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Graeffstrasse 14 D-64646 Heppenheim +49(6252)671-788 (Telekom) +49(179)108-3978 (O2 Genion) +49(6252)750-308 (VoIP: sipgate.de) mail: peter@peter-dambier.de mail: peter@echnaton.serveftp.com http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/
The guy wants to say, please raise your eyes above the horizon of your plate and view a not yet existing country named europe. Here our infrastructure is a lot more advanced and we have standardized a common eavesdropping api.
We have? News to me. Steinar Haug, Nethelp consulting, sthaug@nethelp.no
The guy wants to say, please raise your eyes above the horizon of your plate and view a not yet existing country named europe. Here our infrastructure is a lot more advanced and we have standardized a common eavesdropping api.
We have? News to me.
You missed a line later in his message:
Of course nobody except the European Central Bank is allowed listening, but - who cares?
Sounds like typical lunatic ravings to me. I guess anything goes on this list now... --Michael Dillon
sthaug@nethelp.no wrote:
The guy wants to say, please raise your eyes above the horizon of your plate and view a not yet existing country named europe. Here our infrastructure is a lot more advanced and we have standardized a common eavesdropping api.
We have? News to me.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
Institut européen des normes de télécommunication http://portal.etsi.org/docbox/Workshop/GSC/GSC10_RT_Joint_Session/00index.tx... -------------------------------------------------------------------------------- Doc. Name: gsc10_joint_10r1 File Name: gsc10_joint_10r1.ppt Title: Lawful Interception standardisation, the status of ETSi LI standards Source: Peter van der Arend, Chairman ETSI TC LI Reserved by: Mr. Julian Pritchard from ETSI Secretariat on 2005-08-29 at 14:02:04 (GMT +01:00) Allocations: 4.3: Security and Lawful Interception Content Type: none specified Abstract: none -------------------------------------------------------------------------------- http://www.gliif.org/LI_standards/ts_102232v010101p.pdf This one gives an overview Cheers Peter and Karin -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Graeffstrasse 14 D-64646 Heppenheim +49(6252)671-788 (Telekom) +49(179)108-3978 (O2 Genion) +49(6252)750-308 (VoIP: sipgate.de) mail: peter@peter-dambier.de mail: peter@echnaton.serveftp.com http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/
The guy wants to say, please raise your eyes above the horizon of your plate and view a not yet existing country named europe. Here our infrastructure is a lot more advanced and we have standardized a common eavesdropping api.
We have? News to me.
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
Institut européen des normes de télécommunication
http://portal.etsi.org/docbox/Workshop/GSC/GSC10_RT_Joint_Session/00index.tx...
I see a list of documents. I see no sign that these documents are standards, nor that they are actually *implemented*. I know for a fact that the service provider I work for has not implemented this on the IP side. Steinar Haug, Nethelp consulting, sthaug@nethelp.no
On May 24, 2006, at 9:44 AM, sthaug@nethelp.no wrote:
I see a list of documents. I see no sign that these documents are standards, nor that they are actually *implemented*. I know for a fact that the service provider I work for has not implemented this on the IP side.
Now, now, Steinar, we all know that cannot be true. Case and point, everyone has implemented RFC 3514, just because it has been published as a standard. ;-) Best regards, Christian
Christian Kuhtz wrote:
On May 24, 2006, at 9:44 AM, sthaug@nethelp.no wrote:
I see a list of documents. I see no sign that these documents are standards, nor that they are actually *implemented*. I know for a fact that the service provider I work for has not implemented this on the IP side.
French and german ISPs keep complaining about what it has cost them and they keep informing us (customers) that it is on us to pay the bill. I remember one german ISP who was helpful enough to mention the cost for spying in his bill. It was a mistake and the money was refunded ... Whenever mailservers are down here in germany somebody mentions the delay is because all email is routed via the german gouvernement again :)
Now, now, Steinar, we all know that cannot be true. Case and point, everyone has implemented RFC 3514, just because it has been published as a standard.
;-)
Best regards, Christian
I just tested my NAT-router and made shure it is RFC 3514 compliant. Yes the NASTY bit is set :) Cheers Peter and Karin -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Graeffstrasse 14 D-64646 Heppenheim +49(6252)671-788 (Telekom) +49(179)108-3978 (O2 Genion) +49(6252)750-308 (VoIP: sipgate.de) mail: peter@peter-dambier.de mail: peter@echnaton.serveftp.com http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/
On Wed, 24 May 2006 10:39:05 EDT, Christian Kuhtz said:
Now, now, Steinar, we all know that cannot be true. Case and point, everyone has implemented RFC 3514, just because it has been published as a standard.
Actually, it's Informational rather than Standards Track. However, since there were patches for both a *BSD variant and Linux, we can probably scare up two interoperable implementations so we can move it along Standards Track. :)
On May 24, 2006, at 3:27 PM, Valdis.Kletnieks@vt.edu wrote:
On Wed, 24 May 2006 10:39:05 EDT, Christian Kuhtz said:
Now, now, Steinar, we all know that cannot be true. Case and point, everyone has implemented RFC 3514, just because it has been published as a standard.
Actually, it's Informational rather than Standards Track.
Nitpicky bugger, good grief. ;-) It's an RFC, therefore it is gospel. ;-)
However, since there were patches for both a *BSD variant and Linux, we can probably scare up two interoperable implementations so we can move it along Standards Track. :)
Stop, Vladis, stop, you're scarying me. ;-)
On Wed, 24 May 2006 15:27:56 -0400, Valdis.Kletnieks@vt.edu wrote:
On Wed, 24 May 2006 10:39:05 EDT, Christian Kuhtz said:
Now, now, Steinar, we all know that cannot be true. Case and point, everyone has implemented RFC 3514, just because it has been published as a standard.
Actually, it's Informational rather than Standards Track. However, since there were patches for both a *BSD variant and Linux, we can probably scare up two interoperable implementations so we can move it along Standards Track. :)
Except for routing protocols, you don't need running code for Proposed Standard. But yes, I received several implementation reports. I was also told that Junipers can almost do the filtering: Technically the CF does have the ability to see 'any bit in the first 21 bytes' of an IP packet... (I believe it's 21 bytes at least). The limitations on the software installed, however, keep you from doing the arbitrary bit field/offset business. See http://www.cs.columbia.edu/~smb/3514.html -- and note that it already mentions Lawful Intercept. Yes, it's all from real email --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
participants (10)
-
Christian Kuhtz -
Gadi Evron -
James J. Lippard -
Martin Hannigan -
Michael.Dillon@btradianz.com -
Peter Dambier -
Sean Donelan -
Steven M. Bellovin -
sthaug@nethelp.no -
Valdis.Kletnieks@vt.edu