ISP CALEA compliance
Jack Bates
jbates at brightok.net
Fri May 11 14:18:05 UTC 2007
Donald Stahl wrote:
> Working hard to defend privacy does not automatically equal protecting
> people who exploit children- and I'm getting sick and tired of people
> screaming "Think of the children!" It's a stupid, fear mongering tactic-
> and hopefully one day people will think of it in the same way as crying
> wolf.
>
Confirming a warrant == working hard to defend privacy.
Making sure check clears != working hard to defend privacy
("Yep, you are protected from the government until they pay me.")
Deleting logs to inhibit valid warrants != working hard to defend privacy.
CALEA itself is only for taps, and does not cover record storage. We'll
be hit with that next, and it probably won't be nice legislation based
on what other countries have passed. Lack of maintaining any more of
records and even purposefully deleting them to inhibit law enforcement
will leave the government no choice but to let a bunch of non-technical
people design how we should store records.
The new rules for cnpi come into effect later this year, designed to
keep telco's a little sharper on maintaining customer privacy.
As for CALEA and data taps, who are you fooling? Do you tell customers
they have an expectation of privacy on the Internet? Does anyone here
actually believe that? If so, why are there rantings and ravings about
the weakness in encryption protocols? Why encrypt data at all over the
Internet? Why sign code? If there's an expectation of privacy, then
there should be an expectation of security. If my data can't be viewed,
it won't be modified. Perhaps you believe that criminals have the right
to invade privacy, but the government doesn't have that right even when
they do have just cause.
> Great- so a bunch of people who want the laws bent for them go on a
> power trip because you expect them to OBEY THE LAW and you end up with
> no recourse against them. Yeah- this is the America I want to live in.
> You're absolutely right- it's a crying shame we aren't all buddies with
> the fed's- after all- they only want what's best for us! I'm looking
> forward to the day when the government tells me what to think- thinking
> is hard after all.
I have no problem with expecting a LEA to follow the law. I do have an
issue with making life as difficult as possible for them to do their job
when they are within the law. I'm not surprised that when they are
dealing with companies that delete all evidence they might need or push
as much red tape as possible, that the LEA turns around and scrutinizes
the company to find where they might be in breach of the law.
> If you don't have anything to hide- then why should you care right?
Privacy is always a large concern. However, privacy should be addressed
through proper channels, not by trying to circumvent the laws that have
passed.
> On the other hand- these sorts of laws may just be enough to push
> everyone to use encryption- and then what will LE do?
>
I agree that it will most likely push criminals to use encryption. On
the other hand, lots of criminals are stupid, so perhaps some good will
come out of it. If it pushes everyone to use encryption, we are better
for it. See above, what expectation of privacy did we have to begin
with? Encryption good.
Jack
More information about the NANOG
mailing list