[5908] in cryptography@c2.net mail archive
Re: IP: IETF considers building wiretapping into the Internet
daemon@ATHENA.MIT.EDU (Steve Reid)
Thu Oct 14 17:38:11 1999
Date: Thu, 14 Oct 1999 14:25:36 -0700
From: Steve Reid <sreid@sea-to-sky.net>
To: "Steven M. Bellovin" <smb@research.att.com>
Cc: Declan McCullagh <declan@well.com>, cryptography@c2.net
Message-ID: <19991014142535.A382@grok.localnet>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <19991013190858.0474A41F16@SIGABA.research.att.com>; from Steven M. Bellovin on Wed, Oct 13, 1999 at 03:08:49PM -0400
On Wed, Oct 13, 1999 at 03:08:49PM -0400, Steven M. Bellovin wrote:
> But it's also clear that folks who manufacture this gear for sale in
> the U.S. market are going to have to support CALEA, which in turn
> means that someone is going to have to standardize the interface --
> the FBI regulations at the least strongly urge that
> industry-standard protocols be used for such things.
I'm no lawyer, so I'm probably going out on a limb here, but I don't
think CALEA can apply to encryption.
If you use a 3DES-encrypted phone over a CALEA-compliant carrier it
doesn't invalidate the carrier's CALEA compliance. The LEAs still have
access to the communications, just not to the plaintext. So in practice
CALEA does not guarantee access to plaintext.
If CALEA _does_ specify access to plaintext, then what we have are
domestic restrictions on encryption, with all of the constitutional
issues that go with it.
To date the export restrictions have been the only legal means of
slowing the spread of strong crypto. CALEA is something entirely
different.
But I'm still not a lawyer.
