Firewall Wizards mailing list archives
RE: New CALEA Backdoors annouced
From: "Stout, Bill" <StoutB () pios com>
Date: Fri, 17 Jul 1998 15:10:05 -0400
----- Original Message -----
<snip>
Bill, I would like to point out that the "backdoor" proposed is really a
"front
door" with a big dead bolt on it. The proposed method of providing access to encrypted traffic to law enforcement officials does not
weaken
the key length. The key remains as strong. Access to the information
is
granted to law enforcement agencies by the sysadmin. The sysadmin can
chose to comply with law agencies or not. I would recommend that they
do
comply, but the option to fight an inappropriately obtained warrant
still
exists.
CALEA is a sniffer law, Key Escrow/GAK/Crypto export/and covert crypto acts are encryption issues. The CALEA doorbell as proposed is only a crypto backdoor as far as it exists on the black or clear side (plaintext) of traffic, for the purpose of bypassing the encrypted stream. Sorry if I mislead anyone by making it sound as if it compromised encryption keys or algoritms. Which devices will surveillance be built into is the question, as the Cisco Whitepaper states: "Specifically, it is a viable approach to access to plaintext for devices where the individual responsible for data creation/reception is not the same individual responsible for platform operation. Such devices constitute a significant percentage of the available networked platforms, including firewalls, routers, switches and other networking devices... [table listing 3rd party managed devices] ...Enterprise desktop, Enterprise telephone, Set-top box, Service Provider VPN, Outsourced firewall." http://www.cisco.com/warp/public/146/july98/2.html Will firewalls be required by law to be CALEA compliant? What will your companies policy be on permitting CALEA access; wide-open, or will they seek advice? If your system does IP forwarding, is it defined as a router, and will it by default include the backdoor? Will NT5.0 be CALEA compliant, or only 'Routing and RAS'? Where then would the best place be to capture plaintext, if IE is an 'integral part of the OS'? Will NT5.0 as a home W98 replacement include set-top/gateway/CALEA compliance? These are some of the questions it raises for me. Surveillance may be a 'too technical to believe' issue to grasp, but VanEck enforcement of TV broadcasts is a normal part of daily life in Great Britain. Recently Cambridge University submitted VanEck screen snooping to Microsoft for license enforcement: http://www.techweek.com/articles/7-13-98/paranoia.htm It's a Slippery slope: If I said everyone now has to get a micro-strip ID chip embedded in their palm or forehead, there'd be an uproar. However if I said over many years we'd issue voluntary then mandatory identification numbers(SSNs), ID numbers, digital certificates, then the digital ID chips, that would cause mild sporadic grumbling, but sadly would come to pass. Digital Certificates may soon be available for everyone in the U.S.: http://www.networkworld.com/news/0713set.html Bill Stout
Current thread:
- New CALEA Backdoors annouced Stout, Bill (Jul 17)
- Re: New CALEA Backdoors annouced ICMan (Jul 19)
- <Possible follow-ups>
- RE: New CALEA Backdoors annouced Stout, Bill (Jul 19)