Per the following article: http://www.foxnews.com/story/0,2933,37203,00.html it appears as if the FBI now wants to route ALL Internet traffic through it's central servers!!!! What gall!! What nerve!!!! Now, for all of you who said, "Hey, I'm not doing anything wrong, let the FBI monitor what it wants to." can go shove hot spikes up your nose. I don't think the FBI really wants to control the Internet, they want to destabilize it. As tyranny approaches the only thing more dangerous than an armed populace is an informed one. If they can monitor all the traffic, they can certainly control it. The ISP's (whatever those are) need to collectively tell the FBI to go jump off a bridge. Information campaigns need to be sent to the customers to alert them of the potential loss of civil liberties. I'm gonna stop before I say something that will get me arrested. Regards, Larry Diffey
If you don't like it, contact the ACLU, I'm sure they'll be moving quickly for a constitutionality challenge. Brian ----- Original Message ----- From: Larry Diffey To: nanog@merit.edu Sent: Friday, October 26, 2001 11:13 PM Subject: FBI is at it again Per the following article: http://www.foxnews.com/story/0,2933,37203,00.html it appears as if the FBI now wants to route ALL Internet traffic through it's central servers!!!! What gall!! What nerve!!!! Now, for all of you who said, "Hey, I'm not doing anything wrong, let the FBI monitor what it wants to." can go shove hot spikes up your nose. I don't think the FBI really wants to control the Internet, they want to destabilize it. As tyranny approaches the only thing more dangerous than an armed populace is an informed one. If they can monitor all the traffic, they can certainly control it. The ISP's (whatever those are) need to collectively tell the FBI to go jump off a bridge. Information campaigns need to be sent to the customers to alert them of the potential loss of civil liberties. I'm gonna stop before I say something that will get me arrested. Regards, Larry Diffey
On Fri, 26 Oct 2001, Larry Diffey wrote:
Per the following article: http://www.foxnews.com/story/0,2933,37203,00.html <http://www.foxnews.com/story/0,2933,37203,00.html> it appears as if the FBI now wants to route ALL Internet traffic through it's central servers!!!!
What gall!! What nerve!!!!
Be weary of such distinguished sources as "lawyers familiar with the FBI's plans". Congrats to Fox News. Media hypes = ratings, whether the information is accurate or not. Write your local congressman about your privacy concerns, and take this story about the "FBI's plans" with a grain of salt.
Oh please stop before this goes into a another full blown session of having to delete junk from my nanog folder again be rational and consider the situation. (1) Media rumor (2) You have got to be kidding (3) Businesses will not let this happen as it will cost them money so the PACs will go nuts (4) Privacy groups will sue (5) Law enforcement and military makes plans for everything and I mean every crazy next to impossible scenario. Thinking about something is not wrong (6) Partisan politics will come into play (7) Individuals will lobby and make noise But for all this to happen they have to DO something not just acknowledge making plans and thinking. Now sit down the wolf is not here yet. -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Larry Diffey Sent: Saturday, October 27, 2001 2:13 AM To: nanog@merit.edu Subject: FBI is at it again Per the following article: http://www.foxnews.com/story/0,2933,37203,00.html it appears as if the FBI now wants to route ALL Internet traffic through it's central servers!!!! What gall!! What nerve!!!! Now, for all of you who said, "Hey, I'm not doing anything wrong, let the FBI monitor what it wants to." can go shove hot spikes up your nose. I don't think the FBI really wants to control the Internet, they want to destabilize it. As tyranny approaches the only thing more dangerous than an armed populace is an informed one. If they can monitor all the traffic, they can certainly control it. The ISP's (whatever those are) need to collectively tell the FBI to go jump off a bridge. Information campaigns need to be sent to the customers to alert them of the potential loss of civil liberties. I'm gonna stop before I say something that will get me arrested. Regards, Larry Diffey
On Fri, 26 Oct 2001, Larry Diffey wrote: :Per the following article: <SNIP> it appears as if the FBI now wants to :route ALL Internet traffic through it's central servers!!!! : :I'm gonna stop before I say something that will get me arrested. Or mocked mercilessly. :P I'm willing to bet that it's not an issue of routing all traffic, but the ability to route any traffic. Far be it from me to speculate wildly, but I think this screams CenterTrack. I say the FBI just wants the ability to pick routes an transit them transparently through their network for sniffage. This could be done easily with existing technology (GRE tunnels, MPLS VPN, and others) It would be substantially cheaper to have a vpn that passed through the FBI's AS, whereby they can arbitrarily tell a remote router to route a prefix through their tunnel interface, which goes to fedland, gets looped back to the original router, which also starts advertising the prefix via the other fbi tunnel interface. It's pretty straight forward technically, and almost impossible to detect from layer 3 from the users perspective. It's also way cheaper than a $5-10k PC that requires staff with clearances to operate or even be in the same room with. I would imagine that with the new legislation being passed, you won't so much see g-men with carnivores knocking on your door, but a new configuration requirement for a particular tier of network provider. Just a guess tho. ;) -- batz Reluctant Ninja Defective Technologies
I suspect that the FBI is the least of your worries: http://www.acq.osd.mil/dsb/dio.pdf http://www.homelandsecurity.org/ Lucy E. Lynch Academic User Services Computing Center University of Oregon llynch@darkwing.uoregon.edu (541) 346-1774/Cell: 912-7998 On Fri, 26 Oct 2001, Larry Diffey wrote:
Per the following article: http://www.foxnews.com/story/0,2933,37203,00.html it appears as if the FBI now wants to route ALL Internet traffic through it's central servers!!!!
What gall!! What nerve!!!!
Now, for all of you who said, "Hey, I'm not doing anything wrong, let the FBI monitor what it wants to." can go shove hot spikes up your nose.
I don't think the FBI really wants to control the Internet, they want to destabilize it. As tyranny approaches the only thing more dangerous than an armed populace is an informed one. If they can monitor all the traffic, they can certainly control it.
The ISP's (whatever those are) need to collectively tell the FBI to go jump off a bridge. Information campaigns need to be sent to the customers to alert them of the potential loss of civil liberties.
I'm gonna stop before I say something that will get me arrested.
Regards,
Larry Diffey
Larry, Are you kidding? The problems with this are numerous. First, the source is Fox News, which is about a half step up from the Drudge Report. Secondly, what is the basis for believing that this is even possible? I am unaware of any technology that would allow all internet traffic to be proxied through a single location. Finally, your assetion that you should stop before saying something that will get you arrested is an interesting one. Larry - nothing you can say, short of threatening people or yelling fire in a crowded theater will get you arrested. Thank you for your opinion, and be sure to wear your tinfoil hat, when walking outdoors... - Daniel Golding -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Larry Diffey Sent: Saturday, October 27, 2001 2:13 AM To: nanog@merit.edu Subject: FBI is at it again Per the following article: http://www.foxnews.com/story/0,2933,37203,00.html it appears as if the FBI now wants to route ALL Internet traffic through it's central servers!!!! What gall!! What nerve!!!! Now, for all of you who said, "Hey, I'm not doing anything wrong, let the FBI monitor what it wants to." can go shove hot spikes up your nose. I don't think the FBI really wants to control the Internet, they want to destabilize it. As tyranny approaches the only thing more dangerous than an armed populace is an informed one. If they can monitor all the traffic, they can certainly control it. The ISP's (whatever those are) need to collectively tell the FBI to go jump off a bridge. Information campaigns need to be sent to the customers to alert them of the potential loss of civil liberties. I'm gonna stop before I say something that will get me arrested. Regards, Larry Diffey
On Mon, 29 Oct 2001 13:16:58 EST, Daniel Golding <dgolding@sockeye.com> said:
Fox News, which is about a half step up from the Drudge Report. Secondly, what is the basis for believing that this is even possible? I am unaware of any technology that would allow all internet traffic to be proxied through a single location.
The fact that something is unworkable or impossible or just plain stupid hasn't stopped UCITA shrink-wrapped licenses, the DMCA anti-circumvention clause, proposed requirements for key escrow for crypto... the list goes on. Valdis Kletnieks Operating Systems Analyst Virginia Tech
Daniel,
Are you kidding? The problems with this are numerous. First, the source is Fox News, which is about a half step up from the Drudge Report. Secondly, what is the basis for believing that this is even possible? I am unaware of any technology that would allow all internet traffic to be proxied through a single location.
Unfortunately, just because we know how difficult it is to provide a solution to this problem, does not mean that everyone subscribes to it. One should not discount the argument made based purely on the source, especially since recently a few very "interesting" articles showed up in a number of publications, including current issue of Forbes. The author, whose name escapes me at this time, is under the ill-belief that since the internet traffic does flow though hubs, it would be possible to intercept it and store it on the computers located in those hubs. It is more likely that a white paper describing the issues arising from attempts to intercept and store that much data would do better than an argument about unreliability of the source. Alex --
Unfortunately, just because we know how difficult it is to provide a solution to this problem, does not mean that everyone subscribes to it. One should not discount the argument made based purely on the source, especially since recently a few very "interesting" articles showed up in a number of publications, including current issue of Forbes. The author, whose name escapes me at this time, is under the ill-belief that since the internet traffic does flow though hubs, it would be possible to intercept it and store it on the computers located in those hubs. It is more likely
that
a white paper describing the issues arising from attempts to intercept and store that much data would do better than an argument about unreliability of the source.
Alex
It's obvious that many people spreading this information (no matter how credible the source, have little knowledge of how much data flows through such hubs). If I remember correctly, AOL-TW for example does over 100 Terabits of traffic every day. No storage system in the world (that I know of) can write at 10 GB/sec (not forgetting that at OC-192 speeds we are writing 36 Terabytes of Data per hour). Not even the most prestigious government agencies have the ability to sort through petabytes of data per day.
Well, writing data at that speed is relatively easy (hint - get a box which does IP trunk bonding based on SRC/DST hash to step down OC-192 or whatever to, say, 64x OC-3s - which is within range of commercial RAIDs). The cost of such solution (including disk storage, about 40 exabytes) will be about US$200 mil per OC-192 trunk per year. Now the question is how to extract any useful information out of it. I guess the only feasible option would be to analyze data in real time, and record only "interesting" bits. As a guesstimate, this would require about 1000 PC boxes per OC-192 trunk. A specialized hardware (pattern-recognition chips, etc) could make it a lot easier. Not cheap, but doable, and it is well within the budget of NSA to sift through all overseas Internet traffic. Of course, encrypting data makes all that pretty irrelevant. That's why FBI and NSA are so keen to stall public adoption of encryption. (When encrypted communications are rare, they can record them and break them at their leasure; when everybody's using it - they're helpless). Particle physicists are doing very high volume real-time data analysis on comparable scale routinely, sifting through trillions of particle interactions to find dozen or two of interesting ones. So i wouldn't dismiss their ability to do that kind of surveiliance as a technical or economical impossibility. It is certainly doable with todays technology and a bit of cleverness. --vadim On Mon, 29 Oct 2001, Wojtek Zlobicki wrote:
Unfortunately, just because we know how difficult it is to provide a solution to this problem, does not mean that everyone subscribes to it. One should not discount the argument made based purely on the source, especially since recently a few very "interesting" articles showed up in a number of publications, including current issue of Forbes. The author, whose name escapes me at this time, is under the ill-belief that since the internet traffic does flow though hubs, it would be possible to intercept it and store it on the computers located in those hubs. It is more likely that a white paper describing the issues arising from attempts to intercept and store that much data would do better than an argument about unreliability of the source.
Alex
It's obvious that many people spreading this information (no matter how credible the source, have little knowledge of how much data flows through such hubs). If I remember correctly, AOL-TW for example does over 100 Terabits of traffic every day. No storage system in the world (that I know of) can write at 10 GB/sec (not forgetting that at OC-192 speeds we are writing 36 Terabytes of Data per hour). Not even the most prestigious government agencies have the ability to sort through petabytes of data per day.
On Mon, 29 Oct 2001 alex@yuriev.com wrote:
number of publications, including current issue of Forbes. The author, whose name escapes me at this time, is under the ill-belief that since the internet traffic does flow though hubs, it would be possible to intercept it and store it on the computers located in those hubs. It is more likely that a white paper describing the issues arising from attempts to intercept and store that much data would do better than an argument about unreliability of the source.
The Dutch NAO organisation has tried to describe that problem. NAO is a colaborate effort of most of the Dutch ISP/Telco's (note: not Colocation facilities or webhosters) who faced these exact requirements half a year ago when the Dutch mandatory tapping requirement became effective. They managed to produce a presentation on "possible network topologies" that ISP's might face. http://www.nlip.nl/nl/nao/spec/main/main.html Their workgroup "topologie" produced something as well, but I can't find it on their on site (There is a confusing policy on what parts are government secrets and what parts are public information, which is so badly specified that I as an ISP can't get any tapping specification, while I need to comply to the tapping laws). Here's the copy of the document on Opentap: http://www.opentap.org/documents/ExamplesOfTopologies.pdf I went to the vendor day that was helt by NAO to bring vendors of tapping boxes closer to their potential ISP clients. There were two kind's of products 1) Vapourware ("Do you have something ready that complies to Dutch law NOW?") 2) standard sniffing boxes/carnivore compatibles ("Do you have something ready that complies to Dutch law NOW?") For the vendors who claimed to be "almost ready" or my favourite one "already doing labtesting on some secret location within the NL" I asked them how the box plugged in, parallell on the network, or as a link in the chain. If they answered it was a link in the chain, I asked them about redundancy, high availability and failover, and asked them how to convince my boss that a single point of failure should be added to our network. If they said in parallel I asked them how I could catch all traffic. If they tried to say something clever about puttings ports in management mode to see the traffic of all ports, I asked them why I should tell my boss to reduce our backbone to the capacity of a single 100MB ethernet port. Needless to say, I was in awe. So I wrote: http://www.opentap.org/ct/ct.aftappen-eng.html And later added some comments: http://cryptome.org/nl-tap2.htm For the Law Enforcement Agencies (LEA's) the answer is always quite simple. "You should be able to tap everything we want". From the ISP's point of view this is often impossible. He's not allowed to change the service of a user, in case the user might detect that, but how is an ISP going to tap traffic that never gets onto his network. Two neighbouring cable users, two dailin users in the same local modem pool. And last but not least, the entire VPOP structures where lots of smaller ISP's buy "national dailup" from the big guys. They don't even have access to the infrastructure to add a tapping box. The government's answer "Administrative issue, can be dealt with by bilateral talks". My interpretation for that is "You've broken the law, you will do everything we say". Our government learned that trick from the US government. The FBI will face similar problems, the interpop traffic is not going to be captured. It's not a big problem, since the terrible crimes on that traffic will mostly be copying illegal movies and songs. If two terrorists are neighbours, I'd assume they would go to a sauna (I loved Icepick) to talk. The problem will become worse with all the 802.11 networks popping up everywhere (esp if people are using things like IPSec with oppurtunistic) Paul
participants (12)
-
Adam Herscher
-
alex@yuriev.com
-
batz
-
Brian
-
Daniel Golding
-
Larry Diffey
-
Lucy E. Lynch
-
Paul Wouters
-
Tom Thomas
-
Vadim Antonov
-
Valdis.Kletnieks@vt.edu
-
Wojtek Zlobicki