North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: S.2281 Hearing (was: Justice Dept: Wiretaps...)
While I agree that not many domestic (or EU) vendors will offer services
contrary to the law in this area, do you truly believe this won't simply cause
companies that really want to make money in this market to move to places where
the laws are less difficult? Afterall, I can get pretty good fiber connectivity
in Malaysia or other parts of Asia/SoPac without really needing to worry much about
any sort of LI procedures. As long as the company offering the services does so
via a web site and can collect on credit card billings (even if they have to keep
rotating shell companies that do the billings), money can be made without dealing
with US regulations.
Frankly, the harder DOJ works on pushing this LI crap down our throats, the
more damage they will do to US internet industry and consequently the more job-loss
they will create. Terrorists that are sophisticated enough to be a real threat
already know how to:
1. Cope with lawful intercept through disinformation and other tactics.
2. Encrypt the communications (voice or otherwise) that they don't want
intercepted -- It's just not that hard any more.
I think the only advantage to DOJ working this hard on LI capabilities is that
it may raise public awareness of the issue, and, may help get better cryptographic
technologies more widely deployed sooner. Other than that, I think it's just a lose
all the way around.
--On Sunday, June 20, 2004 09:43:32 PM -0400 John Curran <email@example.com> wrote:
At 8:20 PM -0400 6/20/04, John Todd wrote:I think that while the debate about CALEA's short-term legislative extension to cover VoIP services is certainly interesting and scary, I fail to see how it will be relevant in the coming years as the market progresses. Because of the quickly growing diversity of VoIP technology, interconnection methods, and customer/vendor hierarchies, I do not believe it will be possible to enforce (or even legislate) an interception policy that is effective without extensive and draconian technical and legal methods.JT - It's not just the US Goverment with interest in this matter. Lawful Intercept has basis in both EU directives and laws of many member states. The last RIPE meeting had a very good presentation by Jaya Baloo on this particular topic, and I'll note that describes an ETSI framework for a lot more than just facilitating VoIP intercept: <http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-eof-etsi. pdf> As I noted earlier, the coming reality of abundant, ad-hoc, encrypted, p2p communication is going to eventually make efforts to facilitate just VoIP intercept seem quaint, unless we all recognize that only most obtuse criminal will be likely to have their communications uncovered in this manner. There's likely to be disagreement on how far away that day is; based on different views of technology availability and criminal behavior. As long as facilitating lawful intercept has a reasonable cost and perceived benefit tradeoff, there will be significant pressure to come up with viable architectures for deployment. In the US, this may take the direction of simply facilitation of VoIP intercept, or could be something more inclusive such as the architecture as outlined by ETSI for mail, transport headers, and entire packet streams. Finally, it is not simply through tax or regulatory measures that governments can seek compliance. Not many firms are going to offer services contrary to law in this area if the consequences are defined as criminal violations, since most corporate officers dislike the potential consequences. /John