×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Monday is Wiretap the Internet Day

Zonk posted more than 6 years ago | from the i-had-other-plans-but-okay dept.

The Internet 264

Alien54 wrote with a link to a Wired blog entry noting that May 14th is the official deadline for internet service providers to modify their networks, and meet the FBI and FCC's new regulations. The Communications Assistance for Law Enforcement Act requires that everyone from cable services to Universities give them access, within certain parameters, to the usage habits of customers. "So, if you're a broadband provider (separately, some VOIP companies are covered too) ... Hurry! The deadline has already passed to file an FCC form 445, certifying that you're on schedule, or explaining why you're not. You can also find the 68-page official industry spec for internet surveillance here. It'll cost you $164.00 to download, but then you'll know exactly what format to use when delivering customer packets to federal or local law enforcement, including 'e-mail, instant messaging records, web-browsing information and other information sent or received through a user's broadband connection, including on-line banking activity.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

264 comments

Limits on government (5, Insightful)

BWJones (18351) | more than 6 years ago | (#19101813)

Of course this has been going on for some time, but we are only just now getting around to making it legal (Constitutional arguments aside). I really do find this incredibly disturbing and believe that the founding members of this country would be shocked and dismayed at where we have gone in the past few years (last six or so in particular). What I cannot believe is how anyone on either side of the political spectrum would 1) think this is a good idea and 2) allow this to happen. Remember people that this country is still young and has the appearance of a country that is not only spinning out of control, but it seems to be edging closer to devolving into a shell of its former self. Don't get me wrong here. I am proud to be an American, but we should not stand silent while this country falls apart either through selfish motivation or criminal negligence.

Remember folks that the Constitution is not a document about what rights people possess, nor is it a document that outlines what governments can do. Rather it is a document that describes limits on what government can do and it could be clearly argued that the Communications Assistance for Law Enforcement Act violates those provisions in the Constitution designed to protect the individual from unreasonable governmental surveillance.

Re:Limits on government (2, Interesting)

calidoscope (312571) | more than 6 years ago | (#19101911)

Remember folks that the Constitution is not a document about what rights people possess, nor is it a document that outlines what governments can do. Rather it is a document that describes limits on what government can do and it could be clearly argued that the Communications Assistance for Law Enforcement Act violates those provisions in the Constitution designed to protect the individual from unreasonable governmental surveillance.


The central part of the US Constitution pretty much describes what the Federal government can do and gives authority to do so. It is the Bill of Rights and subsequent amendments that puts the limits on government powers - and the Bill of Rights was passed because of concerns with the powers granted in the Constitution. The Constitution was created and ratified because the central government under the Articles of Confederation was too weak to be effective.

Re:Limits on government (3, Insightful)

MindKata (957167) | more than 6 years ago | (#19102459)

The government, any government from any party is made up of people who's career has been to seek power. In other words, seek power over other people. Its no surprise anyone in power would seek to gain more power over others and technology allows this, so there's an inevitable drift towards wanting more power. This applies to all governments in all countries, its not just American, although its more saddening to hear from countries which claim to allow personal freedom. But that freedom has always been mostly an illusion caused by the people in power lacking the resources to control to the level some of them would wish to have.

This is why people throughout the political spectrum would 1) think its a good idea and 2) allow this to happen.

Without restraint then unfortunately I think the world could walk into a big brother scenario. All the time people in power fear opponents seeking to oppose them or bully them in their point of view, or simply undermine their power, they will want to secure stronger controls of people.

Its being driven by basic human natures, (such as fear), rather than being driven specifically by any one political ideology.

Re:Limits on government (5, Insightful)

Anonymous Coward | more than 6 years ago | (#19102969)

Disclaimer: I am not American, so I possibly don't know enough about your constitution.

The way I understand it is that the constitution limits the powers that the government has by enumerating them. It defines the upper limit of the power of the government. In contrast, the bill of rights defines the lower limit of rights that the people have by enumerating basic rights. People have more rights than are defined in the bill of rights. They are only limited by the law (the manifestation of other people's rights).

Re:Limits on government (-1, Troll)

Anonymous Coward | more than 6 years ago | (#19102007)

Ok Slashdot, I'll tell you my first incest experience. It was about 2 years ago; I was 18 and my sister was 16 (and a half). We had a cousin staying at our house for the summer and she was either 16 or 17. Got along great with the cousin, but not so great with the sister. She felt she should have the run of the house since I was about to move out to college and I thought she was a bitch. This caused conflict.

Anyway, the parents were at work, I was chilling in my room, and the two girls were sunbathing/swimming outside. I had nothing for my sister at this point, but my cousin was a different matter. From an objective standpoint, she's good looking. She's the big athlete in the family so the body is pretty good as well. here [tinyurl.com] is a photo, face hidden of course.

Here's where things get crazy. I'm building up jack material on my cousin, but I can't stop looking at my sister. Cousin is hot, but my sister has a RACK. Her boobs look like they wanna bust out of the bikini. So I start storing images of her as well. It feels a little sick at first, but that just makes things more exciting.

I want a closer look, so I go outside to the pool and say that I'm going to bust into the booze cabinet and to come inside if they want any. They think it's a great idea and follow me in. They get wasted pretty fast, but I only have a couple drinks. It gets to the point where they're basically passed out on the floor, wearing skimpy bikinis, and I'm sitting there with a raging hard on. So I make the decision.

I run to the basement to grab a camcorder and set it up in the den where we are. Just then, my grandpa busts through the door, tears off my pants, and fucks me in the ass. He's wearing a cowboy hat. Once he unloads, he runs back out of the house and yells, "I have the weirding way!"

Re:Limits on government (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#19102057)

I'm know we shouldn't encourage the trolls but that was just awesome.

Re:Limits on government (0)

Anonymous Coward | more than 6 years ago | (#19102095)

Not to mention funny too without being stupidly smutty...

Re:Limits on government (2, Insightful)

Heembo (916647) | more than 6 years ago | (#19102163)

I hear you, but what can we do to really stop this? Submit more digg posts? Write our congressman? Protest at the FCC HQ? What can we do to really stop this? I'm all ears!

Re:Limits on government (5, Funny)

Lavene (1025400) | more than 6 years ago | (#19102223)

I hear you, but what can we do to really stop this? Submit more digg posts? Write our congressman? Protest at the FCC HQ? What can we do to really stop this? I'm all ears!
Well, in the rest of the 'free' world we do it through something called an 'election'. We actually get to choose our government and thereby exercise a fair amount of control. If we want something really bad we can even involve our self directly by joining a political party or even start our own. The entire process is commonly known as 'democracy'.

You Americans should try it once... it's pretty cool actually.

Re:Limits on government (1)

stonedcat (80201) | more than 6 years ago | (#19102295)

Well as it turns out, one of the qualifications to choosing our government is being white. Just ask Florida.

The American people havn't been in control of anything for a long time now. Keep up the good work sheeple.

Re:Limits on government (1)

iminplaya (723125) | more than 6 years ago | (#19102505)

The American people havn't been in control of anything for a long time now.

Well, you should understand, that's generally what happens when they fall asleep at the wheel, it's the preferred method to die, not yelling and screaming like the other passengers in the car.

Re:Limits on government (0, Redundant)

Heembo (916647) | more than 6 years ago | (#19102345)

We actually get to choose our government and thereby exercise a fair amount of control.
You must be new here. That ceased happening a long time ago. The US political system is only a tiny representation of the true political spectrum.

Re:Limits on government (5, Insightful)

asninn (1071320) | more than 6 years ago | (#19102323)

Basically, it boils down to Howdershelt's four boxes again - soap, ballot, jury, ammo. Google for the exact quote.

Re:Limits on government (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#19102329)

SaturdayNoon - spread the word.

Re:Limits on government (0)

iminplaya (723125) | more than 6 years ago | (#19102331)

Digg...Pffft! Screw congress. F* the FCC! Talk to your neighbors. See if they will look past their own wallet when voting. Try to get them to stop voting for crooks. The cause of all these problems don't live and work in Washington. The cause lives right there on your street. Down the block. Around the corner. Right next door! Maybe even inside your own house! Some will see, but not recognize the cause in the bathroom mirror every morning. To those that accept this and inflict it upon the rest of us, Thanks! You're all heart! Words cannot describe how I feel about you.

Re:Limits on government (3, Informative)

boolithium (1030728) | more than 6 years ago | (#19102519)

Anyone can find the details here. http://www.askcalea.net/calea/ [askcalea.net] http://www.askcalea. net/calea/ Now I have read through this and there is one really disturbing term. Here is the summary statement. /* Communications Assistance for Law Enforcement Act of 1994 (CALEA) In October 1994, Congress took action to protect public safety and national security by enacting CALEA. The law further defines the existing statutory obligation of telecommunications carriers to assist law enforcement in executing electronic surveillance pursuant to court order or other lawful authorization. CALEA is codified at 47 U.S.C. 1001-1021. */ The verbage "pursuant to court order or other lawful authorization" is all through the law. Now I know what a court order is, and if a federal judge determines you might just be selling Vietnamese slaves on ebay, I got no beef with them checking up on your daily myspace blogs. In other words big brother isn't so bad, if he's kicking your school bully's ass. But what the fuck does lawful authorization mean? In my small amount of knowledge that college didn't destroy, I thought the judicial branch was the only one who could authorize court orderish kind of shit. All I can say to anyone monitoring without a court order is, if you get lawful authorization without a court, then so do the rest of us. "By any means necessary!"

Speaking of limits... (1)

lunixbochs (1094435) | more than 6 years ago | (#19102729)

There are other limits...

Like bandwidth...
What happens when everyone in the country joins a network designed to thwart this?
All it would take is a program that uses idle bandwidth to connect to a mediation server, establish a random connection to another user, and transfer seemingly important, but utterly useless data.
Every minute, start a new connection at random.

Copy text from released government documents.
Heck, just send this one back and forth...

When an individual person or organization can see everything, the best way to make them regret it is to simply flood them with useless crap.
They won't have the capacity to sort the bad from the good.

suggestion (5, Informative)

toby (759) | more than 6 years ago | (#19101847)

Get a colo service, preferably in another country; OpenVPN to it and use a web proxy running on it. Not perfect, but better than nothing.

Interestingly, this is the same kind of solution often resorted to by residents of those countries usually tagged as 'repressive regimes' by the good ole U.S. of A. Make ya think, at all?

Re:suggestion (1, Informative)

Anonymous Coward | more than 6 years ago | (#19101965)

Like Relakks.com? I used it for a little while just to see how it was, terrible the first month but surprisingly fast after the hype died down and they got their infrastructure running better. Was quite amazing to just browse the web and have everything loading pretty much as fast as normal cable, even with all the packets being routed from me to Sweden, the destination, back to Sweden and then back to me again. I was quite impressed.

Re:suggestion (1)

someone1234 (830754) | more than 6 years ago | (#19102015)

Yeah, it will be quite useful when Sweden will let the FBI to monitor their net too. Special priority to relocation services.

Re:suggestion (1)

J'raxis (248192) | more than 6 years ago | (#19102135)

Are there any services like this located in known "shelter"/"haven" countries like Luxembourg, Switzerland, the Cayman Islands, and so on? These countries are already pretty well-versed in giving the finger to tax authorities around the world and protecting client confidentiality in other ways; what about ISPs?

Re:suggestion (1)

DrMrLordX (559371) | more than 6 years ago | (#19102187)

An old friend of mine had the idea of setting up colocation services on Native American reservations. They have virtual immunity from state and local laws, but I'm not sure how much protection they'd offer from federal law.

Re:suggestion (3, Funny)

kanweg (771128) | more than 6 years ago | (#19102203)

With one smoke cloud equivalent to one bit, it might not be as popular as one might think.

Bert
Who is considering encryption in the Navaho language

Re:suggestion (1)

iminplaya (723125) | more than 6 years ago | (#19102527)

Everything in modulation, my friend. It is truly amazing what can be packed into a single cycle of the carrier wave.

Wouldn't work (2, Insightful)

Wyatt Earp (1029) | more than 6 years ago | (#19102657)

American Indian reservations act like States or Terriories in that Federal Law applies there. Worse, since all Capital and violent crimes are handled by the FBI, almost every reservation has a local FBI office.

anonet.org (0)

Anonymous Coward | more than 6 years ago | (#19102537)

or just join anonet.org [anonet.org] , and remember 2048bit+ is your friend.

Re:suggestion (4, Interesting)

Antique Geekmeister (740220) | more than 6 years ago | (#19102607)

SSL private keys and SSH private keys can and have been stolen from remotely deployed systems and used for man-in-the-middle monitoring. And a penetrated router or smart switch on the *internal* side of the OpenVPN is a common approach for really sophisticated crackers to tap all your traffic *after* it's been decrypted by the VPN system.

Weven where communications are more secure at the application layer, most people simply click on the "do you accept this key" buttons when making an encrypted connection, which makes such monitoring even easier because the user in the field winds up using the man-in-the-middle's public keys, instead of the target destination's public keys. I saw this about six years ago in a rather clever router reconfiguration to minotor all SSH traffic to a victim's internal network administration servers. We only noticed it when I got brought in to see why there were such large latencies on incoming traffic, and dumped the configuration to plain text and actually *read* it, along with noticing that the previous admin had never bothered to install and enable the SSH tools. Then I found out he had been programming it, via telnet, from his laptop on the road.

We had a long, private talk before I went to the company president with the analysis. He hadn't been allowed the time or resources to do things more securely, and his manager had been saying "we have a firewall, we can trust people inside the network" and had denied this engineer's attempts to do things more securely. It would have been a lot cheaper to do it right than to have me try to clean up the mess later, but it's often difficult to get people to do things right.

If you think a colo service is robust protection, then go ahead and check how many of your colo setups have encrypted file systems, password protected boot loaders, and password protected BIOS's, just to start with. Then compare what you could do with the same money and resources to secure your systems against rootkits, implement proper password management, etc.

Bot me up, baby... (4, Interesting)

Itninja (937614) | more than 6 years ago | (#19101857)

I want to create a bot will do nothing but search for, and then go to, 'illegal' sites. I figure if it hits a few porn sites, maybe an offshore gambling site, and *any* site in Arabic that should be enough. If we get enough of these bot going it should create so much white noise that the g-men couldn't tell the real stuff from the botted stuff. Or maybe I won't. y'know, whatever...

Re:Bot me up, baby... (1)

mcrbids (148650) | more than 6 years ago | (#19101931)

So, do it. It's an open-source world, after all. Write something together - a simple perl script, perhaps - and release it! You just might be surprised at what happens, and you're pretty much guaranteed to learn something, if only how to code something in perl!

Re:Bot me up, baby... (1)

J'raxis (248192) | more than 6 years ago | (#19102029)

Hah, like the old trick of including suspicious keywords in your email signature to fuck with Echelon [wikipedia.org] , eh?

Something as simple as a Perl script googling for suspicious keywords (e.g., "kiddie porn", "assassinate president", "jihadi", "moqawama", "site:.sa", "site:.lb", ...) and then fetching some/all the results at random would do what you want.

Look into the LWP::Simple and HTML::LinkExtor Perl modules to get started. Make sure you set the user-agent line to something like Internet Explorer or Firefox uses, use random sleep()s to make requests look like human downloading, &c.

Re:Bot me up, baby... (1)

suv4x4 (956391) | more than 6 years ago | (#19102037)

I want to create a bot will do nothing but search for, and then go to, 'illegal' sites. I figure if it hits a few porn sites, maybe an offshore gambling site, and *any* site in Arabic that should be enough. If we get enough of these bot going it should create so much white noise that the g-men couldn't tell the real stuff from the botted stuff. Or maybe I won't. y'know, whatever...

So in short, if under surveillance, perform every crime you could possibly conceive! That's confuse the surveillance team and it'll do absolutely nothing about it.

That bot of yours. Could I possibly load it with some adware with my affiliate id? Cause I think, we got ourselvses some brand spanking new business model.

"Feeling repressed? Show your government what you think: install the FREE F*R*E*E FREE RebelBot today! It's FREE as well, did we say that."

Re:Bot me up, baby... (2, Insightful)

aussie_a (778472) | more than 6 years ago | (#19102171)

So in short, if under surveillance, perform every crime you could possibly conceive!
Looking at porn and going to gambling sites as well as harmless arabic sites is a crime in America? Wow, I never knew America was so repressive. So much for being the land of the free.

Re:Bot me up, baby... (1)

AresTheImpaler (570208) | more than 6 years ago | (#19102175)

So in short, if under surveillance, perform every crime you could possibly conceive! That's confuse the surveillance team and it'll do absolutely nothing about it.

He's not performing any crime at all.. It's still not illegal to just browse any of the pages that he said:
few porn sites, maybe an offshore gambling site, and *any* site in Arabic that should be enough

Re:Bot me up, baby... (3, Insightful)

Repton (60818) | more than 6 years ago | (#19102139)

Yeah! The false positive rates will be so high the government will have no choice but to kill the programme! It'll be just like the no-fly list!

Re:Bot me up, baby... (2)

Hal_Porter (817932) | more than 6 years ago | (#19102211)

Why would you want to do that though? The police are trying to catch terrorists and you're making the job harder. And they'll probably find some way to screw you if you do it, and it will end up making everyone less free.

Seriously, it's the high tech equivalent of yelling fire falsely in a crowded theatre. And these days, the government will overreact in some insane way like banning theatres.

Parent apparently didn't think before typing. (2, Insightful)

Anonymous Coward | more than 6 years ago | (#19102327)

"you're making the job harder" - the same could be said when you close the door on a cop sans search warrant. It could be that the police are just trying to catch criminals. But there's no guarentee that they're not just spying on everyone, prying in their private lives. Nor is there any guarantee that they won't do that tomorrow. In free countries the law imposes limits on the power of the goverment for a reason.

Re:Bot me up, baby... (1)

iminplaya (723125) | more than 6 years ago | (#19102575)

Naw, that's just what they're expecting you to do. If you really want to freak them out, unplug your computer and go to Vegas, or take a nice cruise around the Mediterranean.

$164 (5, Funny)

mastershake_phd (1050150) | more than 6 years ago | (#19101859)

$164 to find out how to comply with the law? That cant be right. I suppose you could read the law they passed, but I hear most of congress doesnt even do that.

Re:$164 (2, Interesting)

creimer (824291) | more than 6 years ago | (#19102091)

It's call nickling-and-diming the public. Unless Joe Blow Public have a financial stake in this process, he'll probably won't fork out the cash to see what it is or hire a lobbyist. The law may have enough legal jargon that it doesn't make sense without having a lawyer explaining it. Joe Blow can't start a grassroot movement when the price of learning enough to do something about it is too high.

Re:$164 (5, Interesting)

Anonymous Coward | more than 6 years ago | (#19102197)

It's not that uncommon. Here in SC you have to pay to have access to the law. It is copyrighted and the state vigorously protects that copyright. In 1998 I was threatened by the state AG's office for having a copy of a .doc file on my web site that quoted a section of the state's vehicle laws. Us peons aren't allowed access to the laws. Knowledge of the law is only for the protected lawyer class.

I still find it amusing that a friend of mine at the time disagreed with the thuggish tactics they used but is now OK w/ denying commoners access to the law. The difference is that he recently graduated from Duke law school. He is now very anti-Constitution, anti-EFF (despite having donated money to them several years ago!), and very pro-Democrat.

The text from the SC law:

"The State of South Carolina owns the copyright to the Code of Laws of South Carolina, 1976, as contained herein. Any use of the text, section headings, or catchlines of the 1976 Code is subject to the terms of federal copyright and other applicable laws and such text, section headings, or catchlines may not be reproduced in whole or in part in any form or for inclusion in any material which is offered for sale or lease without the express written permission of the Chairman of the South Carolina Legislative Council or the Code Commissioner of South Carolina."

They consider distribution for free on a web site a sale for $0 so that makes it illegal without written permission. I tried to obtain permission and after making around four dozen phone calls and two trips to Columbia, SC, I finally gave-up.

Mod parent up, seriously (1, Insightful)

Anonymous Coward | more than 6 years ago | (#19102431)

(no text)

Re:$164 (1)

Fez (468752) | more than 6 years ago | (#19102599)

Oh that's nothing, check this part out:

Section 109(b)(1) Petitions for Cost-Shifting Relief

CALEA section 109(b) permits a "telecommunications carrier," as that term is defined by CALEA, to file a petition with the FCC and an application with the Department of Justice (DOJ) to request that DOJ pay the costs of the carrier's CALEA compliance ... First, the carrier must file a section 109(b)(1) petition with the FCC
[...]
Please note that a filing fee of $5,000.00 is required to accompany all CALEA section 109(b)(1) petitions filed with the FCC.
(Emphasis mine)

They want you to pay $5,000 to file a request for financial assistance! How ridiculous is that?!

Amendment IV (5, Insightful)

poor_boi (548340) | more than 6 years ago | (#19101869)


Amendtment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Re:Amendment IV (2, Interesting)

DreadSpoon (653424) | more than 6 years ago | (#19102111)

"Public and private communications" is not within that Ammendment, you might notice.

Scanning Internet packets also does not constitute either a search nor a seizure. You are already passing the information through the ISP. All the new law requires is that the ISP willingly pass over any of that information to the FBI upon issuance of a warrant.

Re:Amendment IV (0)

Anonymous Coward | more than 6 years ago | (#19103079)

Scanning Internet packets also does not constitute either a search nor a seizure.

In my history class, we had a lesson one day about how for hundreds of years, whenever you wanted to move your data from one place to another, there were businesses that specialized in moving these things, and you gave them your data and they took it wherever you wanted them to take it... what were they called? Oh, right, post offices. The founding fathers thought that scanning people's mail without a warrant wasn't appropriate, and I see no reason why it's different now just because the messages are electronic.

Re:Amendment IV (1, Insightful)

koreth (409849) | more than 6 years ago | (#19102131)

Don't be naive. Here are two workarounds off the top of my head, either of which would be solid enough to be repeated ad nauseum to the nodding masses on talk shows: 1) It's not unreasonable to search and seize whatever we have to, if it means keeping the public safe from another 9/11. 2) We have probable cause to believe that terror cells are operating somewhere in the US, and the Internet is the place it's holding its meetings.

The Constitution has never been much of an obstacle to people in power. Hell, if the past is any indication, they'll probably find some way to twist the commerce clause to allow it; that seems to be the "feds get to do whatever the hell they want" section of the Constitution.

Re:Amendment IV (2, Insightful)

iminplaya (723125) | more than 6 years ago | (#19102667)

You can knock people over head with the law all you want, and all you will do is knock them unconscious. Ignore the government and take it up with the people around you. Remember, many of them think the bill of rights "grants" too much freedom. That is what you're up against. The government is just the result, not the cause.

Re:Amendment IV (1)

vmfedor (586158) | more than 6 years ago | (#19102913)

Just playing devil's advocate, really, but this law technically doesn't violate the rights of anybody because it only gives the government more mobility in doing something it already has the reasonable right to do. What *they're* saying is that they want to make it easier on themselves in the rare cases they have to use it, which I technically agree with, however what *I* feel is that if you make something like this easy then it'll be abused far more often. The answer, though, probably lies somewhere in the middle.

However, even if only *1* unreasonable wiretap is carried out this begins to violate the 5th amendment. Until then, though, they're in "full compliance" with the Constitution.

not cool (1, Insightful)

Anonymous Coward | more than 6 years ago | (#19101887)

those who give up freedoms for security get neither security nor freedom. these morons work for us not the other way around damn it...

and.. (4, Funny)

SQLz (564901) | more than 6 years ago | (#19101897)

Using this technology, we'll be able to detect and weed out people who disagree with the current adminstration. That way, the US will be restored to its former glory.

Re:and.. (1)

Archtech (159117) | more than 6 years ago | (#19102955)

"Using this technology, we'll be able to detect and weed out people who disagree with the current adminstration. That way, the US will be restored to its former glory".

Typo alert! Don't you mean "agree"?

encrypt all your traffic (1, Funny)

Anonymous Coward | more than 6 years ago | (#19101903)

with the key 09 F9...

Re:encrypt all your traffic (0)

Anonymous Coward | more than 6 years ago | (#19101945)

that number is too famous and might be one of the first brute force attempts. use guidgen instead.

Re:encrypt all your traffic (0)

Anonymous Coward | more than 6 years ago | (#19101969)

But there's no key management issue if everyone has the same key. The idea is to stay just as plaintext as we are now among ourselves, but illegal to decrypt for the government.

So the next step (1)

Z00L00K (682162) | more than 6 years ago | (#19101915)

is a requirement for all internet traffic to be unencrypted so that the agencies throughout the world can read your emails, IM and torrent downloads.

Save us from the "big brother" mentality, since then the terrorists of the world have won by letting the governments take over to make things miserable for the citizens.

A government shall serve the citizens, not the other way around. Sometimes the people in government should be taking a step back and consider what is really the consequences of the actions.

Re:So the next step (4, Interesting)

J'raxis (248192) | more than 6 years ago | (#19101957)

This law actually makes a special exception for encrypted data:

Section 103(b)(3) ENCRYPTION- A telecommunications carrier shall not be responsible for decrypting, or ensuring the government's ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.

Full text here [wikisource.org] .

Re:So the next step (3, Interesting)

Torvaun (1040898) | more than 6 years ago | (#19102021)

Pity. This could be a social engineers dream. Walk into an ISP, look official, and get all the packets to and from addresses assigned to the US government. Something about a counterspy program or something ought to get you in. Now, start posting things on random forums that us regular citizens aren't supposed to know about. It'd be a bitch to try and catch all of it.

Re:So the next step (1)

cp.tar (871488) | more than 6 years ago | (#19102035)

There you go, people... your government is just making you use really strong encryption. Always.

In other words, it'll be good for you.

/me ducks

Re:So the next step (1)

J'raxis (248192) | more than 6 years ago | (#19102093)

Hopefully this will drive people and information service providers to use encryption wherever they can. Web (SSL/HTTPS), SMTP ("STARTTLS" over port 25 or SSMTP over port 465), IMAPS, POPS, SSH, VPN (SSL or IPsec), and so on. Some IRC servers and IM protocols offer SSL connections. There're a few encrypted p2p services such as Freenet or I2P. Practically all your basic Internet services can be encrypted nowadays; for the rest, there's SSH tunneling to a safe place so the plaintext traffic doesn't originate from your box/network.

Re:So the next step (4, Insightful)

bmo (77928) | more than 6 years ago | (#19102401)

"Hopefully this will drive people and information service providers to use encryption wherever they can."

Of the general population of the US, only the technically minded minority will do that.

Seriously. Try to talk to someone who thinks that the Internet is the IE icon (really, a co-worker keeps saying this) and all you'll get is glazed eyeballs and a "I don't get it. It's too complicated. I have nothing to hide" reaction.

Such people can't even be trusted to keep their anti-malware software for Windows up to date. You think the general public is going to start encrypting everything suddenly because of this?

"Think of how stupid the average person is, and realize half of them are stupider than that." - George Carlin

Only if encryption gets as transparent as the fish:// ioslave in KDE will it get serious adoption, and even then it will have to be enabled by default. Don't expect Microsoft to lead the way in this department.

--
BMO

Re:So the next step (1)

cp.tar (871488) | more than 6 years ago | (#19102461)

You think the general public is going to start encrypting everything suddenly because of this?

If by this you mean these new regulations, then no, the general public will not start encrypting everything.

They will eventually realize that unencrypted traffic is like sending postcards instead of letters and like yelling in a town square instead of making a phonecall (though I remember seeing people using a phone in a town square, yelling so loudly I thought they didn't really need the phone in the first place. But I digress.)

If no sooner, then when governments and their agencies start abusing their self-awarded authority to wiretap in such a manner that even the general public wouldn't swallow that. And while I agree that the general public can swallow quite a lot, the gagging point is almost quantum in nature - one moment, there is not a sign of it anywhere; the other, it punches you in the face.

Re:So the next step (1)

bmo (77928) | more than 6 years ago | (#19102621)

"They will eventually realize that unencrypted traffic is like sending postcards instead of letters and like yelling in a town square instead of making a phonecall (though I remember seeing people using a phone in a town square, yelling so loudly I thought they didn't really need the phone in the first place....)"

I must be a cynical bastard because I see that what you say in the first half is contradicted in the second half of what you wrote. People don't know or care how wide open most communication is. Let's take cordless phones. For the longest time, they were simple part 15 devices that didn't frequency hop (DSS) were pure analog (as opposed to digital), and broadcast everything in the clear in easy to tune frequencies. Only when DSS was available would I consider cordless phones "safe". 20 years ago I tried explaining this to my _parents_ about cordless phones WRT scanners. No traction. Zero. And my dad isn't technically illiterate.

His sister still uses a 20 year old cordless. She won't upgrade.

Most people assume that nobody will ever listen. Got a baby monitor? You might be very entertaining to your neighbors. Personally I don't have a scanner. I don't want to know. I _really_ don't want to know. But that's just me.

"the gagging point is almost quantum in nature - one moment, there is not a sign of it anywhere; the other, it punches you in the face."

You have much more faith in fellow human beings than I do. People will "swallow camels and strain at gnats."

Quote from someone probably smarter than me long ago. Written down in a book that's kinda popular.

'Tis the way of the world.

--
BMO

Re:So the next step (1)

NinjaNoh (968664) | more than 6 years ago | (#19102001)

Hey Z00L00K! Come check out the inside of this van! Don't mind the big letters "F" "B" "I", this van was purchased used from a pizza shop.

They made blue pizzas.

With un-feathered chickens as the topping.

The chickens were bred to look like eagles.

Just get in the van.

Telecommunications services only (5, Informative)

J'raxis (248192) | more than 6 years ago | (#19102005)

It's important to note that CALEA doesn't apply to "information services" or "electronic messaging services", only "telecommunications". Here are the relevant parts of the actual law [wikisource.org] :

SEC. 102. DEFINITIONS.
For purposes of this title--
[...]
(4) The term `electronic messaging services' means software-based services that enable the sharing of data, images, sound, writing, or other information among computing devices controlled by the senders or recipients of the messages.
[...]
(6) The term `information services'--
(A) means the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications; and
(B) includes--
(i) a service that permits a customer to retrieve stored information from, or file information for storage in, information storage facilities;
(ii) electronic publishing; and
(iii) electronic messaging services;
[...]
(b) LIMITATIONS-
[...]
(2) INFORMATION SERVICES; PRIVATE NETWORKS AND INTERCONNECTION SERVICES AND FACILITIES- The requirements of subsection (a) do not apply to--
(A) information services
[...]

Frequently misunderstood questions (1, Insightful)

Anonymous Coward | more than 6 years ago | (#19102011)

From the askCALEA FAQs:
http://www.askcalea.net/faq_answers/020_faq.html [askcalea.net]

Frequently Misunderstood Questions

On March 17, 2004, we published a press release regarding our joint petition.

Q: Does the petition for CALEA rulemaking propose to apply CALEA to all types of online communication, including instant messaging and visits to websites?

A: No. The petition proposes CALEA coverage of only broadband Internet access service and broadband telephony service. Other Internet-based services, including those classified as "information services" such as email and visits to websites, would not be covered.

Q: Does the petition propose extensive retooling of existing broadband networks that could impose significant costs?

A: No. The petition contends that CALEA should apply to certain broadband services but does not address the issue of what technical capabilities those broadband providers should deliver to law enforcement. CALEA already permits those service providers to fashion their own technical standards as they see fit. If law enforcement considers an industry technical standard deficient, it can seek to change the standard only by filing a special "deficiency" petition before the Commission. It is the FCC, not law enforcement, that decides whether any capabilities should be added to the standard. The FCC may refuse to order a change in a standard on many different grounds. For example, a capability may be rejected because it is too costly. Therefore CALEA already contains protections for industry against paying undue compliance costs.

Q: Did law enforcement ask the FCC to curtail its usual review process to implement the petition?

A: No. Law enforcement asked the FCC to give the proposed rulemaking expedited treatment. Such treatment is often requested and granted when urgent matters are brought to the FCC's attention. Some FCC rulemaking proceedings can take years to complete. Law enforcement believes expedited treatment is warranted in this case based on evidence that terrorists, criminals, and/or spies are already exploiting the networks of broadband communication providers to evade lawful electronic surveillance.

Q: Is Law enforcement trying to dictate how the Internet should be engineered to permit whatever level of surveillance law enforcement deems necessary?

A: No. Law enforcement does not seek the power to dictate how the Internet should be engineered or even to decide how broadband communications networks should be engineered. As explained above, CALEA already allocates those decisions to industry and any resulting capability disputes between industry and law enforcement are decided by the FCC. Moreover, the level of surveillance is not an issue raised in the petition, is not within the scope of CALEA, and is not decided by law enforcement. Based on a statute known as "Title III," before a law enforcement agent or officer is permitted to engage in lawful electronic surveillance, he or she must seek an appropriate court order from a judge or magistrate. Only if a judicial order is issued can the lawful surveillance take place, and the level of surveillance is prescribed by the order.

Q: Does the petition ignore the letter or spirit of CALEA's "information services" exemption by seeking to apply CALEA to such services?

A: No. The petition notes that CALEA contains a definition of "telecommunications carrier" that is different from and broader than the definition of that term in the Communications Act, which governs most FCC actions. The petition therefore asks the FCC to decide the scope of CALEA coverage based on the CALEA definition, not the Communications Act definition. As a result, some carriers classified as "information service" providers for purposes of the Communications Act would be simultaneously deemed "telecommunications carriers" for purposes of CALEA.

Q: Would the petition force carriers to decode data that might be encrypted?

A: No. The petition does not raise the issue of encryption. That issue is already addressed by CALEA. The statute states that if encryption is provided by a telecommunications carrier and the carrier possesses the information necessary to decrypt the communication, it must decrypt the communications subject to an order for lawful interception. But if the encryption is provided by a subscriber or customer, the carrier is not responsible for decrypting the targeted communications.

The use of Trusted Third Parties (1, Interesting)

Anonymous Coward | more than 6 years ago | (#19102023)

From http://www.fcc.gov/calea/ [fcc.gov]

Regarding the use of trusted third parties, the Commission provided the following guidance on the use of TTPs in the CALEA Second Report and Order, at paragraph 26: "The record indicates that TTPs are available to provide a variety of services for CALEA compliance to carriers, including processing requests for intercepts, conducting electronic surveillance, and delivering relevant information to LEAs. Given the effectively unanimous view of commenters that the use of TTPs should be permitted but not required, we conclude that TTPs may provide a reasonable means for carriers to comply with CALEA, especially broadband access and VoIP providers and smaller carriers.


I've done little research on this, but I read that the original CALEA created in 1994 was extended
in May 2006 to cover broadband and VoIP providers. How suddenly have all these
businesses [google.com] popped
up to fill this niche? I wonder how many ordinary people considered starting one of
these businesses themselves?

Hooray for Skype! (0)

Anonymous Coward | more than 6 years ago | (#19102053)

Given the excesses in the US, it's no wonder Skype is incorporated in Luxembourg!

-jl

Praise Allah! (0)

Anonymous Coward | more than 6 years ago | (#19102069)

We will be victorious, for we are on dialup!

e-mail, instant messaging records, web-browsing information and other information sent or received through a user's broadband connection, including on-line banking activity.

Sincerely,

the evildoers

So glad I'm expat now... (1)

mudshark (19714) | more than 6 years ago | (#19102075)

although my email is still handled by the same small stateside ISP that I've had for 13ish years. Are significant numbers of providers going to give the feds the finger? Or will they all roll over and expose their soft parts in the name of the War on Terra?

When are the massive demonstrations going to take place? When are thousands of fed-up-to-the-gills decent Americans going to march on the Capitol and demand an end to the gratuitous use of the Bill of Rights as bumwipe? Feckin' bread-n-circuses wussies....

Re:So glad I'm expat now... (1)

J'raxis (248192) | more than 6 years ago | (#19102125)

If that ISP of yours is only providing you with email, they're not bound by CALEA. See #19102005 [slashdot.org] and #19102011 [slashdot.org] .

A good business decision by ISPs that provide both connectivity and Internet services (i.e., most ISPs) might be to spin off their services to a subsidiary, provide only encrypted access to the them (SSMTP, IMAPS, POPS for email; HTTPS for the company website) for customers, and then when the feds demand to wiretap a connection, they won't be able to get much.

Re:So glad I'm expat now... (1)

mudshark (19714) | more than 6 years ago | (#19102191)

Serious? Really? What if I also have a shell account and a smidgen of ftp and http space? Still golden?

w00+!

If I was still in the US, I'd definitely be tunneling all traffic that I cared about. Too bad about the packet overhead.

Re:So glad I'm expat now... (1)

locketine (1101453) | more than 6 years ago | (#19102281)

The law states that if the ISP has the decryption key they must hand it over. Secure email be damned.

But the obvious "solution"... (2, Interesting)

jdickey (1035778) | more than 6 years ago | (#19102387)

for the Reich is to have PATRIOT III include language to require logging and storage of unencrypted copies of all data that has an endpoint on said ISP's server. All your POPS belong to us..... For the guy a few posts earlier who asked the obvious question about when we're going to get riots in the street, watering Jefferson's "tree of liberty" [quotedb.com] : the two obvious answers are that 1) thanks to the efforts of those who really run the country, consumers (formerly known as "the people" or, in even more archaic terms, "voters") have been relieved of the burdens of "critical thinking" and "political dynamism" since about 1974, and 2) just in case, the Best Congress Money Can Buy [google.com] has been funding military semi-lethal weapons and domestic deployments (Posse Comitatus [homelandsecurity.org] ? The Decider [about.com] says it's "just a scrap of paper") since shortly after the events in Item 1. Short version: The United States of America was a Constitutional republic from 4 March 1789 to sometime around November 1974; a hybrid state from 1974 to 12 December 2000, and a fascist kleptocracy since that time. This is just another warhead tossed onto the pile to see how high the rubble of freedom can be bounced.

Re:So glad I'm expat now... (5, Informative)

Antique Geekmeister (740220) | more than 6 years ago | (#19102819)

Unless your email is encrypted, much of your domestic and almost all international traffic is already monitored via the spy rooms installed by the NSA in core backbone network provider's facilities, such as those installed at AT&T. And with the massive bandwidth and facilities available at such centers, and the truly abysmal security of many switches and routers including documented backdoors installed for federal use, it's easy to reroute other traffic to those rooms. So let's be clear: almost all unencrypted internet traffic is monitorable by the NSA. Even though it's illegal for the NSA to monitor most domestic traffic, there are no safeguards in place to prevent it, and with the US Patriot Act in place, all they or other federal agencies need do is mumble "terrorists" to gain unfettered access to it.

I'm afraid it's going to be difficult to coordinate protests with this kind of monitoring in place. And we're still seeing people say "but if it saves one life from terrorists", not realizing that it actually encourages terrorism by ruining trust in government and making people feel that only violent action might be effective.

Monday (2, Funny)

suv4x4 (956391) | more than 6 years ago | (#19102097)

Hmmm... "Monday is Wiretap the Internet Day"... Quick, everybody tell their friends to perform cybercimes only Tuesday to Sunday.

We win again, government, MUAHAHAHAH!

FCC.gov slashdotted? (1)

bir0 (315616) | more than 6 years ago | (#19102143)

I'm having trouble accessing the link to the FCC's site linked in the original post? Am I the only one?

Maybe staff at ISP's, etc are all trying to get to the documents in a last minute attempt to comply.

I will take my beating now (0, Offtopic)

iminplaya (723125) | more than 6 years ago | (#19102275)

America, you are my dominatrix for life. I shall submit only to you, my dearest. I've been a baaad, bad boy. I eagerly await my punishment. Chain me to the bedposts, and whip me with all your might. Open me up and let the sun shine in. Oh, yeah...OH! Sweet Mystery of Life at Last I've Found Yoouu...

Nobody does it better [stlyrics.com] ...

Re:I will take my beating now (0)

Anonymous Coward | more than 6 years ago | (#19102357)

Open me up and let the sun shine in

You have NO idea what kind of image that produces in the context of your earlier line.

Shudder.. :-)

Re:I will take my beating now (2, Insightful)

iminplaya (723125) | more than 6 years ago | (#19102439)

That's precisely the image I'm trying to impart as to what's happening to all of the Americans. But it appears they know, and they like it. And they will be voting for more of the same in 08. Too bad the mods aren't getting the message, because it certainly isn't offtopic. But then I can understand that people don't like to be told they are being raped. We are expected to lie down, relax, and enjoy it. Then pretend it never happened...for the sake of the country of course. "The needs of the many..."

Miss Hillary! Miss Hillary! Come quick! Someone left the gate open and the slaves they are escapin'.

Yes, expect revocation of your passports soon. Travel restrictions won't just apply to Cuba. Anywhere outside the border will be considered off limits. Poor lost, pitiful souls. I hope they are grateful that the weather is better than Siberia.

Re:I will take my beating now (1)

boolithium (1030728) | more than 6 years ago | (#19102573)

I'm sure this is just someone trying to make a point. A quick google search revealed the headline "Russian President Putin introduces widespread state monitoring of the Internet".
http://www.wsws.org/articles/2000/feb2000/put-f04. shtml [wsws.org]
We are all in the same boat, and it seems the water is rising.

Re:I will take my beating now (1)

iminplaya (723125) | more than 6 years ago | (#19102611)

We are all in the same boat...

Of course we are. After all, it's a small world. But it's all okay. We'll always have our iPods and are never very far from Mickey Dees. What more could we possibly ask for? There's nothing to complain about. Unless you're some kind of malcontent.

Thankfully... (1)

GC (19160) | more than 6 years ago | (#19102405)

the rest of the world not in the USA is exempt.

Re:Thankfully... (0)

Anonymous Coward | more than 6 years ago | (#19102523)

And except Sweden, which already hands off just about all traffic to the MAFIAA.

Wish it were so... (2, Interesting)

Anonymous Coward | more than 6 years ago | (#19102633)

But even if you colocate outside USA, your protections will actually be much worse than at home. Not so long ago FBI cracked servers in Russia to get evidence. Never mind breaking their laws. FBI/CIA doesn't need any warrants to go after foreign targets. No privacy laws cover foreigners from americans' intrusion. Even crimes are ok, it seems. SWIFT, Airport, banking, health data, google data, all is OK to have and to spread and to sell if it's a US company and the target is a foreigner.

Ever had a stranger mock you about your health issues to fuck up your social life?

That's what it means to be a target abroad.

Bummer (1)

castrox (630511) | more than 6 years ago | (#19102475)

Things are really going to hell, aren't they.

/a sad Swede expecting the same in Sweden in the future

Routing (0)

Anonymous Coward | more than 6 years ago | (#19102705)

Many packets with both source and destination points outside of US jurisdiction are nonetheless routed through the US. Does this law apply to carriers?

If so, what would happen if the rest of the world started dropping US routes because of this?

misunderstood (1)

spottedkangaroo (451692) | more than 6 years ago | (#19102775)

I work for a very small ISP. I was initially disturbed to find out we needed to assist in this sort of thing. But you know what? It's not like law enforcement can just listen in willy nilly. They need to provide evidence, get a court order, and disclose their discoveries to the defense when they press criminal charges.

People act like this is a new processes, but they've been taping phones, installing listening devices, and charging criminals with crimes for years. As long as the three branches of government are involved, what precisely is the problem please?

Re:misunderstood (0)

Anonymous Coward | more than 6 years ago | (#19102903)

What initially disturbed you about this, as an emotional gut reaction? You know, the doubts you had before you went into frightened authoratarian denial and rationalised the pretense of due process? That will be your answer, if you still have the courage to ask yourself the question.

Re:misunderstood (4, Interesting)

Antique Geekmeister (740220) | more than 6 years ago | (#19103015)

I'm sorry, but you are sadly mistaken. Go actually read the unclassified parts of the Patriot Act. Then take a look at the existence of the secret NSA wiretap rooms in on the core internat backbone providers such as AT&T, rooms whose existence was revealed by a company whistleblower and for which AT&T is being suied now by the EFF and other civil liberties groups. The NSA certainly can and does monitor international traffic legally, with no authorization required. It's their *job*. Unfortunately, so do other countries. And the NSA trades with them to get domestic materials.

The three branches are *not* involved in this. The handling of the monitoring does not require warrants, and is thus executive policy, without court involvement or even notification of what is beiing monitored. And even if the three branches are involved, the people being monitored are *not* being notified of the monitoring!!! There is no warrant served: even libraries are prohibited by the Patriot Act from telling book borrowers that they've been forced to turn over records, without warrants, under the Patriot Act.

Yes, it's been going on for years. It's going to happen again and again, and it needs to get slapped down each time it occurs to prevent it becoming ubiquitous and a means of interfering with public policy or personal lives of the innocent. Given the documented monitoring of Martin Luther King by the FBI, the McCarthy era files of who was a communist and forced confessions of other potential "communist" americans, and stupidities of federal raids with warrants such as the "Operation Sundevil" raids on Steve Jackson games, there is just no reason to trust federal investigations or monitoring without public exposure and review.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...