Re: Obama administration revives Draconian communications intercept plans

2010-09-29 Thread Josh Rubin

 On 9/28/2010 1:47 AM, Florian Weimer wrote:

   Essentially, officials want Congress to require all services that
   enable communications — including encrypted e-mail transmitters like
   BlackBerry, social networking Web sites like Facebook and software
   that allows direct “peer to peer” messaging like Skype — to be
   technically capable of complying if served with a wiretap order. The
   mandate would include being able to intercept and unscramble
   encrypted messages.

Isn't this just a clarification of existing CALEA practice?

In most jurisdictions, if a communications services provider is served
an order to make available communications, it is required by law to
provide it in the clear.  Anything else doesn't make sense, does it?
Service providers generally acknowledge this (including Research In
Motion, so I don't get why they are singled out in the article).

SNIP
This post from the IETF Wiretapping list [RAVEN] from October, 1999 
may be relevant to the discussion.


Should Tin Cans and String comply with CALEA?
http://www.ietf.org/mail-archive/web/raven/current/msg7.html

The question has special significance to me as proprietor of 
tincansandstring.net

--
Josh Rubin
jlru...@tincansandstring.net




-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Obama administration revives Draconian communications intercept plans

2010-09-29 Thread Ken Buchanan
On Tue, Sep 28, 2010 at 1:47 AM, Florian Weimer f...@deneb.enyo.de wrote:
 Isn't this just a clarification of existing CALEA practice?

 In most jurisdictions, if a communications services provider is served
 an order to make available communications, it is required by law to
 provide it in the clear.  Anything else doesn't make sense, does it?
 Service providers generally acknowledge this (including Research In
 Motion, so I don't get why they are singled out in the article).


Florian,

The article seems to be saying that this would prohibit service
providers from building strong end to end encryption onto their
service offerings, where they do not possess the key themselves. There
are only a handful of services that currently have offerings that fit
this description, because it generally requires that clients at both
end points are both made by the provider. It does not appear that this
would affect crypto offerings by other technology companies who do not
provide communications services.

Of course, the text of any forthcoming bill is not yet known, and in
any case I am not a lawyer.

Neither is Chris Soghoian, but he makes an interesting point about
CALEA: http://paranoia.dubfire.net/2010/09/calea-and-encryption.html

Ken

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Obama administration revives Draconian communications intercept plans

2010-09-28 Thread Florian Weimer
   Essentially, officials want Congress to require all services that
   enable communications — including encrypted e-mail transmitters like
   BlackBerry, social networking Web sites like Facebook and software
   that allows direct “peer to peer” messaging like Skype — to be
   technically capable of complying if served with a wiretap order. The
   mandate would include being able to intercept and unscramble
   encrypted messages.

Isn't this just a clarification of existing CALEA practice?

In most jurisdictions, if a communications services provider is served
an order to make available communications, it is required by law to
provide it in the clear.  Anything else doesn't make sense, does it?
Service providers generally acknowledge this (including Research In
Motion, so I don't get why they are singled out in the article).

There are indications that governments have access to Skype these
days  Here's a blog post mentioning it:

http://www.lawblog.de/index.php/archives/2010/08/17/skype-staat-hort-mit/

(Udo Vetter is sometimes a bit sensationalist, though.)  Another
indicator is that German law enforcement no longer calls for new laws
granting them access to Skype traffic.

In any case, the cleartext requirement for lawful intercept has always
been very public.  Oddly enough, it has not been perceived as some
sort of crypto regulation, although it puts some constraints on key
management. 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Obama administration revives Draconian communications intercept plans

2010-09-27 Thread Perry E. Metzger
[Moderator's note: there are messages still in the queue that will go
 out later today, but I felt this had to go out ASAP --Perry]

From the New York Times, word that the Obama administration wants to
compel access to encrypted communications.

http://www.nytimes.com/2010/09/27/us/27wiretap.html

Excerpt:

  U.S. Wants to Make It Easier to Wiretap the Internet
  By CHARLIE SAVAGE
  Published: September 27, 2010

  WASHINGTON — Federal law enforcement and national security officials
  are preparing to seek sweeping new regulations for the Internet,
  arguing that their ability to wiretap criminal and terrorism
  suspects is “going dark” as people increasingly communicate online
  instead of by telephone.

  Essentially, officials want Congress to require all services that
  enable communications — including encrypted e-mail transmitters like
  BlackBerry, social networking Web sites like Facebook and software
  that allows direct “peer to peer” messaging like Skype — to be
  technically capable of complying if served with a wiretap order. The
  mandate would include being able to intercept and unscramble
  encrypted messages.


-- 
Perry E. Metzgerpe...@piermont.com

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Obama administration revives Draconian communications intercept plans

2010-09-27 Thread David G. Koontz
On 28/09/10 1:26 AM, Perry E. Metzger wrote:

 From the New York Times, word that the Obama administration wants to
 compel access to encrypted communications.
 
 http://www.nytimes.com/2010/09/27/us/27wiretap.html

Someone should beat up the FBI for using specious arguments:

 But as an example, one official said, an investigation into a drug cartel 
 earlier this year was stymied because smugglers used peer-to-peer software,
 which is difficult to intercept because it is not routed through a central
 hub. Agents eventually installed surveillance equipment in a suspect’s
 office, but that tactic was “risky,” the official said, and the delay
 “prevented the interception of pertinent communications.”

You could note that the communications either went through a phone system or
through an ISP. The qualifier 'delay prevented the interception of
pertinent communications' means they couldn't get a wiretap instantly.
Seems they wouldn't either if they asked for a court order first.

This sort of argumentation is why privacy advocates won in the Clipper
debate.  The FBI isn't arguing 'for' rationally, but then again they'd
probably have a hard time winning without resorting to propaganda.

 And their envisioned decryption mandate is modest, they contended, because
 service providers — not the government — would hold the key.

 “No one should be promising their customers that they will thumb their nose
  at a U.S. court order,” Ms. Caproni said. “They can promise strong
 encryption. They just need to figure out how they can provide us plain text.”

Sounds like an effort to legitmize and institutionalize the ability of
government to perform SSL MITM with service providers footing the bill.

There's also a Declan McCullagh article Report: Feds to push for Net
encryption backdoors.  http://news.cnet.com/8301-31921_3-20017671-281.html


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com