[122074] in North American Network Operators' Group
Re: lawful intercept/IOS at BlackHat DC,
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Thu Feb 4 21:42:54 2010
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <75cb24521002041826u5cd62415n4fb13097d5806ec4@mail.gmail.com>
Date: Thu, 4 Feb 2010 21:42:24 -0500
To: Christopher Morrow <morrowc.lists@gmail.com>
Cc: Crist Clark <Crist.Clark@globalstar.com>, NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 4, 2010, at 9:26 PM, Christopher Morrow wrote:
> On Thu, Feb 4, 2010 at 5:49 PM, Steven Bellovin <smb@cs.columbia.edu> =
wrote:
>>=20
>> On Feb 4, 2010, at 5:42 PM, Christopher Morrow wrote:
>>=20
>>> On Thu, Feb 4, 2010 at 5:26 PM, Crist Clark =
<Crist.Clark@globalstar.com> wrote:
>>>=20
>>>>> this seems like much more work that matt blaze's work that said:
>>>> "Just
>>>>> send more than 10mbps toward what you want to sneak around... the
>>>>> LEA's pipe is saturated so nothing of use gets to them"
>>>>=20
>>>> The Cross/XForce/IBM talk appears more to be about unauthorized
>>>> access to communications via LI rather than evading them,
>>>>=20
>>>> "...there is a risk that [LI tools] could be hijacked by third
>>>> parties and used to perform surveillance without authorization."
>>>>=20
>>>> Of course, this has already happened,
>>>=20
>>> right... plus the management (for cisco) is via snmp(v3), from
>>> (mostly) windows servers as the mediation devices (sad)... and the
>>> traffic is simply tunneled from device -> mediation -> lea .... not
>>> necessarily IPSEC'd from mediation -> LEA, and udp-encapped from
>>> device -> mediation server.
>>>=20
>>>> =
http://en.wikipedia.org/wiki/Greek_telephone_tapping_case_2004-2005
>>>=20
>>> yea, good times... that's really just re-use of the normal LEA hooks
>>> in all telco phone switch gear though... not 'calea features' in
>>> particular.
>>=20
>> There's a difference? CALEA is just the US goverment profile of the =
generic international concept of lawful intercept.
>=20
> hrm, I always equate 'calea' with 'ip intercept', because I
> (thankfully) never had to see a phone switch (dms type thingy). You
> are, I believe, correct in that CALEA was first 'telephone' intercept
> implemented in phone-switch-thingies in ~94?? and was later applied
> (may 2007ish?) to IP things as well.
I can make a very good case that CALEA was not just originally intended =
for voice, but was sold to Congress as something that didn't apply to =
data networks. The EFF has said it better than I could, though, so look =
at http://w2.eff.org/Privacy/Surveillance/20040413_EFF_CALEA_comments.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
