On Nov 8, 2007, at 4:16 PM, Paul Kyzivat wrote:
Brian Stucker wrote:
Apparently at the moment communications within a private
enterprise, even a distributed one with VPN interconnects via
carriers, hasn't resulted in demanding that enterprises support LI.
No, because their ISPs are required to cooperate with law enforcement
and another aspect of LI is that you don't want the target of the
intercept to be aware that they're being intercepted. It'd have been
pretty tough for the FBI to go to ENRON and tell them that they'd
like
to collect all of their VPN traffic as part of an SEC
investigation, so
they go to the ISP instead.
But the end effect is that if the enterprise starts encrypting all
of its voice traffic over the VPN then tapping the ISP isn't going
to help much in getting a tap.
So if that starts happening much will the Feds insist that
enterprises turn over the keys to their VPNs and to each voice
session?
Yes. That is exactly how the orders will read. Or, they will insist
that the IT department hang a black box on a flood port, or that the
enterprise install a specific software patch. I've also seen orders
that just demanded clear-text transcripts, recordings, etc. And
orders for the entire contents of a hard drive. Decrypted. Why do you
think your IT department restricted which crypto you could use?
What do you think those corporate IT push-the-patch-to-the-user
packages are about? Sometimes corporate IT gets an order to "install
this package on the PC used by Joe Smith without him knowing."
--
Dean
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
