Re: [ISN] Cisco backs backdoor for Internet wiretaps

From: mea culpa (jerichot_private)
Date: Sun Jul 19 1998 - 17:21:42 PDT

  • Next message: mea culpa: "[ISN] Hackers Attack NZ & Aust for Joining Gulf Taskforce"

    Reply From: William T Wilson <fluffyt_private>
    > The approach made public yesterday by 13 of the largest technology firms
    > will lead to an Internet that's easily wiretappable -- it's the on-line
    > equivalent of the reviled Digital Telephony (CALEA) law planned for the
    > phone system.  [...remainder snipped...]
    I have to come forward and point out the silliness of the entire thing. 
    First, the approach places no new wiretapping abilities in the hands of
    law enforcement.  As it is now, law enforcement has to go to your sysadmin
    and ask for him to eavesdrop your network traffic.  Eavesdropping Internet
    traffic, on the difficulty spectrum, is about like overhearing a
    conversation at a singles bar.  You have to make an effort to do it, but
    once you do, nothing is going to stop you.  The new system gives exactly
    the same power to system administrators that the existing system does,
    i.e., all of it. :)
    Second, the new system will by no means guarantee security of data.  It's
    a sort of a fuzzy feel-good of encryption.  Primarily, it's because the
    router at each end of the connection must support the special encryption. 
    Depending on how much magic they managed to stuff into the system (and how
    many things besides just standard email and websurfing they're willing to
    break) it's likely that every router along the way will have to support it
    too. For example, ICQ and Quake et al, to name two popular programs,
    probably couldn't be made to work unless EVERY router involved all
    supported the new encryption.  Most of them will not initially support the
    new encryption.  Many probably never will. 
    It would of course be possible to only encrypt the data for connection
    types where it could be negotiated transparently.  That would probably
    include WWW, E-Mail, FTP, and any other TCP-based application; UDP-based
    applications would probably simply have to be left out. 
    Finally, the most common place where data is eavesdropped is not "out
    there" in the far reaches of the Internet.  A snooper does not, typically,
    find your traffic floating by on the backbone.  This is difficult to do
    (but possible).  Instead, they break into your ISP (or more likely, the
    server's ISP) and eavesdrop from there, before the encryption has a chance
    to be used (or at the server, after it has been removed).  
    The only real secure way to encrypt your data is to encrypt it at your
    computer and have the computer you're talking to decrypt it.  Anything
    else is a very imperfect solution.
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated []

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:45 PDT