Date: Fri, 10 Oct 2003 00:15:03 +0200 (MET DST) From: Paul Wouters <[EMAIL PROTECTED]> To: Declan McCullagh <[EMAIL PROTECTED]> Subject: Dutch tapping spec goes EU Message-ID: <[EMAIL PROTECTED]>
Hi Declan,
It seems that ETSI is about to more or less adopt the Dutch tapping specification for IP traffic:
tp://www.theinquirer.net/?article=11946
European Union chooses Dutch to tap IP wires
[ ... ]
The Dutch started codifying standards in the late '90s that evolved into the TIIT specifications, a nice tidy package likely to be adapted by the ETSI.
[ ... ]
The spec leaked out years ago, and can be downloaded from OpenTap at:
http://www.opentap.org/documents/TIIT-v1.0.0.pdf (protocol) http://www.opentap.org/documents/101WAI-GT-FuncspecV1.0.1.doc (operations)
I've critized parts of these documents on various occasions, including on this list http://lists.jammed.com/politech/2003/04/0050.html and at the CCC conference a few years ago: http://www.opentap.org/ccc/
I have been afraid of the dangers of "Black box tapping" in the past. But now
that not one, but many nations, who often like to tap each other, are going to
use this same form of black box tapping, it becomes more important then ever
to have a tapping system that is accountable and verifiably secure. It is also
time that the cryptographic hashes transmitted to the lawful interception
agencies are not just used to verify the transmission, but that the ISP is
also capable and allowed to store and sign these hashes so that the interception
agencies themselves can be hold accountable, and any potejtial tampering with
evidense by the LEA's become impossible.
People interested in assisting the funding of the opensource version of this EU wide tapping protocol are strongly encouraged to contact me.
Paul Wouters _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
