S.2281 Hearing (was: Justice Dept: Wiretaps...)
Owen DeLong
owen at delong.com
Mon Jun 21 15:04:52 UTC 2004
John,
While I agree that not many domestic (or EU) vendors will offer services
contrary to the law in this area, do you truly believe this won't simply
cause
companies that really want to make money in this market to move to places
where
the laws are less difficult? Afterall, I can get pretty good fiber
connectivity
in Malaysia or other parts of Asia/SoPac without really needing to worry
much about
any sort of LI procedures. As long as the company offering the services
does so
via a web site and can collect on credit card billings (even if they have
to keep
rotating shell companies that do the billings), money can be made without
dealing
with US regulations.
Frankly, the harder DOJ works on pushing this LI crap down our throats, the
more damage they will do to US internet industry and consequently the more
job-loss
they will create. Terrorists that are sophisticated enough to be a real
threat
already know how to:
1. Cope with lawful intercept through disinformation and other tactics.
2. Encrypt the communications (voice or otherwise) that they don't want
intercepted -- It's just not that hard any more.
I think the only advantage to DOJ working this hard on LI capabilities is
that
it may raise public awareness of the issue, and, may help get better
cryptographic
technologies more widely deployed sooner. Other than that, I think it's
just a lose
all the way around.
Owen
--On Sunday, June 20, 2004 09:43:32 PM -0400 John Curran
<jcurran at istaff.org> wrote:
>
> At 8:20 PM -0400 6/20/04, John Todd wrote:
>>
>> I think that while the debate about CALEA's short-term legislative
>> extension to cover VoIP services is certainly interesting and scary, I
>> fail to see how it will be relevant in the coming years as the market
>> progresses. Because of the quickly growing diversity of VoIP
>> technology, interconnection methods, and customer/vendor hierarchies, I
>> do not believe it will be possible to enforce (or even legislate) an
>> interception policy that is effective without extensive and draconian
>> technical and legal methods.
>
> JT -
>
> It's not just the US Goverment with interest in this matter.
> Lawful Intercept has basis in both EU directives and laws
> of many member states. The last RIPE meeting had a very
> good presentation by Jaya Baloo on this particular topic, and
> I'll note that describes an ETSI framework for a lot more than
> just facilitating VoIP intercept:
>
> <http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-eof-etsi.
> pdf>
> As I noted earlier, the coming reality of abundant, ad-hoc,
> encrypted, p2p communication is going to eventually make
> efforts to facilitate just VoIP intercept seem quaint, unless
> we all recognize that only most obtuse criminal will be likely
> to have their communications uncovered in this manner.
>
> There's likely to be disagreement on how far away that day
> is; based on different views of technology availability and
> criminal behavior. As long as facilitating lawful intercept
> has a reasonable cost and perceived benefit tradeoff,
> there will be significant pressure to come up with viable
> architectures for deployment. In the US, this may take the
> direction of simply facilitation of VoIP intercept, or could be
> something more inclusive such as the architecture as outlined
> by ETSI for mail, transport headers, and entire packet streams.
>
> Finally, it is not simply through tax or regulatory measures that
> governments can seek compliance. Not many firms are going to
> offer services contrary to law in this area if the consequences
> are defined as criminal violations, since most corporate officers
> dislike the potential consequences.
>
> /John
>
>
>
>
>
More information about the NANOG
mailing list