From the New York Times: CALEA strikes universities, they sue.

2005-10-23 Thread Perry E. Metzger

[I'm posting the whole thing because the New York Times rapidly expires
all their articles, making it impossible to refer to them over the
long term. --Perry]

October 23, 2005
Colleges Protest Call to Upgrade Online Systems

The federal government, vastly extending the reach of an 11-year-old
law, is requiring hundreds of universities, online communications
companies and cities to overhaul their Internet computer networks to
make it easier for law enforcement authorities to monitor e-mail and
other online communications.

The action, which the government says is intended to help catch
terrorists and other criminals, has unleashed protests and the threat
of lawsuits from universities, which argue that it will cost them at
least $7 billion while doing little to apprehend lawbreakers. Because
the government would have to win court orders before undertaking
surveillance, the universities are not raising civil liberties issues.

The order, issued by the Federal Communications Commission in August
and first published in the Federal Register last week, extends the
provisions of a 1994 wiretap law not only to universities, but also to
libraries, airports providing wireless service and commercial Internet
access providers.

It also applies to municipalities that provide Internet access to
residents, be they rural towns or cities like Philadelphia and San
Francisco, which have plans to build their own Net access networks.

So far, however, universities have been most vocal in their

The 1994 law, the Communications Assistance for Law Enforcement Act,
requires telephone carriers to engineer their switching systems at
their own cost so that federal agents can obtain easy surveillance

Recognizing the growth of Internet-based telephone and other
communications, the order requires that organizations like
universities providing Internet access also comply with the law by
spring 2007.

The Justice Department requested the order last year, saying that new
technologies like telephone service over the Internet were endangering
law enforcement's ability to conduct wiretaps in their fight against
criminals, terrorists and spies.

Justice Department officials, who declined to comment for this
article, said in their written comments filed with the Federal
Communications Commission that the new requirements were necessary to
keep the 1994 law viable in the face of the monumental shift of the
telecommunications industry and to enable law enforcement to
accomplish its mission in the face of rapidly advancing technology.

The F.C.C. says it is considering whether to exempt educational
institutions from some of the law's provisions, but it has not granted
an extension for compliance.

Lawyers for the American Council on Education, the nation's largest
association of universities and colleges, are preparing to appeal the
order before the United States Court of Appeals for the District of
Columbia Circuit, Terry W. Hartle, a senior vice president of the
council, said Friday.

The Center for Democracy and Technology, a nonprofit civil liberties
group, has enlisted plaintiffs for a separate legal challenge,
focusing on objections to government control over how organizations,
including hundreds of private technology companies, design Internet
systems, James X. Dempsey, the center's executive director, said

The universities do not question the government's right to use
wiretaps to monitor terrorism or criminal suspects on college
campuses, Mr. Hartle said, only the order's rapid timetable for
compliance and extraordinary cost.

Technology experts retained by the schools estimated that it could
cost universities at least $7 billion just to buy the Internet
switches and routers necessary for compliance. That figure does not
include installation or the costs of hiring and training staff to
oversee the sophisticated circuitry around the clock, as the law
requires, the experts said.

This is the mother of all unfunded mandates, Mr. Hartle said.

Even the lowest estimates of compliance costs would, on average,
increase annual tuition at most American universities by some $450, at
a time when rising education costs are already a sore point with
parents and members of Congress, Mr. Hartle said.

At New York University, for instance, the order would require the
installation of thousands of new devices in more than 100 buildings
around Manhattan, be they small switches in a wiring closet or large
aggregation routers that pull data together from many sites and send
it over the Internet, said Doug Carlson, the university's executive
director of communications and computing services.

Back of the envelope, this would cost us many millions of dollars,
Mr. Carlson said.

F.C.C. officials declined to comment publicly, citing their continuing
review of possible exemptions to the order.

Some government officials said they did not 

Re: [EMAIL PROTECTED]: Skype security evaluation]

2005-10-23 Thread Joseph Ashwood
- Original Message - 
Subject: [Tom Berson Skype Security Evaluation]

Tom Berson's conclusion is incorrect. One needs only to take a look at the
publicly available information. I couldn't find an immediate reference
directly from the Skype website, but it uses 1024-bit RSA keys, the coverage
of breaking of 1024-bit RSA has been substantial. The end, the security is 
flawed. Of course I told them this now years ago, when I told them that 
1024-bit RSA should be retired in favor of larger keys, and several other 
people as well told them.


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]