inside cisco's eavesdropping apparatus

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: Bradley Malin <malin () andrew cmu edu>


http://news.com.com/2010-1071-997528.html?tag=fd_nc_1

Cisco Systems has created a more efficient and targeted way for police and
intelligence agencies to eavesdrop on people whose Internet service provider
uses their company's routers.

The company recently published a proposal that describes how it plans to
embed "lawful interception" capability into its products. Among the
highlights: Eavesdropping "must be undetectable," and multiple police
agencies conducting simultaneous wiretaps must not learn of one another. If
an Internet provider uses encryption to preserve its customers' privacy and
has access to the encryption keys, it must turn over the intercepted
communications to police in a descrambled form.

Cisco's decision to begin offering "lawful interception" capability as an
option to its customers could turn out to be either good or bad news for
privacy. 

Because Cisco's routers currently aren't designed to target an individual,
it's easy for an Internet service provider (ISP) to comply with a police
request today by turning over all the traffic that flows through a router or
switch. Cisco's "lawful interception" capability thus might help limit the
amount of data that gets scooped up in the process.

On the other hand, the argument that it hinders privacy goes like this: By
making wiretapping more efficient, Cisco will permit governments in other
countries--where court oversight of police eavesdropping is even more
limited than in the United States
<http://news.com.com/2010-1071-983921.html?tag=nl> --snoop on far more
communications than they could have otherwise.

Marc Rotenberg, head of the Electronic Privacy Information Center
<http://www.epic.org> , says: "I don't see why the technical community
should hardwire surveillance standards and not also hardwire accountability
standards like audit logs and public reporting. The laws that permit 'lawful
interception' typically incorporate both components--the (interception)
authority and the means of oversight--but the (Cisco) implementation seems
to have only the surveillance component. That is no guarantee that the
authority will be used in a 'lawful' manner."

U.S. history provides many examples of government and police agencies
conducting illegal wiretaps. The FBI unlawfully spied on Eleanor Roosevelt,
Martin Luther King Jr., feminists, gay rights leaders and Catholic priests.
During its dark days, the bureau used secret files and hidden microphones to
blackmail the Kennedy brothers, sway the Supreme Court and influence
presidential elections. Cisco's Internet draft may be titled "lawful
interception," but there's no guarantee that the capability will always be
used legally. 

Still, if you don't like Cisco's decision, remember that they're not the
ones doing the snooping. Cisco is responding to its customers' requests, and
if they don't, other hardware vendors will. If you're looking for someone to
blame, consider Attorney General John Ashcroft, who asked for and received
sweeping surveillance powers in the USA Patriot Act, along with your elected
representatives in Congress, who gave those powers to him with virtually no
debate. 

I talked with Fred Baker
<http://newsroom.cisco.com/dlls/innovators/Core_IP/Fred_Baker.html> , a
Cisco fellow and former chairman of the Internet Engineering Task Force
<http://www.ietf.org>  (IETF), about his work on the "lawful interception"
draft. 

Q: Why did Cisco decide to build "lawful interception" into its products?
What prompted this?
A: Cisco's customers, not just in United States but in many countries, are
finding themselves served with subpoenas to mandate lawful intercept
functionality. Cisco received requests from its customers for this
capability. 

When I found out about the project, I asked to be involved because I wanted
to ensure that it was done in a manner that was as close to balanced as I
could get. From an engineering perspective, the easiest thing is to give
everything to law enforcement and let them sort it out. But I wanted to do
better than that. 

When was that?
The actual development of this document started probably seven to eight
months ago. 

What was the reaction of the Internet community and the IETF after you
released the draft?
I've seen very little reaction so far. We have been contacted by Verisign,
with which we had an NDA relationship. They said, "We'd like to work with
you on this." That's about all we've had. John Gilmore (of the Electronic
Frontier Information Center) posted comments to an IETF mailing list. He
wanted to ensure that the capability would be as difficult to use as
possible. 

When will Cisco's customers be able to buy "lawful interception" products or
an upgrade?
We haven't yet announced anything. Any product that a service provider is
likely to purchase will have an option to provide lawful interception.
That's not for all of our products but for a fairly broad subset.

We're in the process of doing early field trials on that capability. In most
cases it's a software upgrade. What we're doing is putting the capability in
a separate image so you know what you're getting when you get it. Under U.S.
law, if you have that ability, you could be required to use it. Our service
provider customers have asked us not to put it in the standard image, so
that they can't be forced to use it.

How much will it cost?
We haven't announced that. There was some discussion at some point about
putting in a nuisance fee.

What percentage of your customers who have asked for "lawful interception"
capability are within the United States?
We have service provider customers in a number of countries that have asked
us for it. Some have been more insistent than others.

Do you have any moral problems with helping to make surveillance technology
more efficient?
I have some moral and ethical issues, but I think quite frankly that the
place to argue this is in Congress and in the courtroom, not a service
provider's machine room when he's staring down the barrel of a subpoena.

There are two sides. One is that Cisco as a company needs to let its
customers abide by the law. The other is the moral and ethical issues. There
are two very separate questions.

The current draft does not include an audit trail. Could you do that by
having your equipment digitally sign a file that says who's been intercepted
and for how long? That could be turned over to a judge. It could indicate
whether the cops were or weren't staying within the bounds of the law.
I'm not entirely sure that the machine we're looking at could make that
assurance... In fact, the way lawful interception works, a warrant comes out
saying, "We want to look at a person." That's the way it works in Europe,
the United States, Australia and in other western countries. The quest then
becomes figuring out which equipment a person is reasonably likely to use,
and it becomes law enforcement's responsibility to discard any information
that's irrelevant to the warrant. That kind of a thing would probably be
maintained on the mediation device.

Who controls the mediation device?
The Internet provider. The mediation device picks out the subset that
relates to a particular warrant.

A few years ago (in RFC 2804 <http://www.faqs.org/rfcs/rfc2804.html> ) the
IETF rejected the idea of building eavesdropping capability into Internet
protocols. The FBI supported the idea, but the IETF said, no way. You were
chair of the IETF at the time. How do you reconcile your proposal with the
decision made then?
I thought that what the IETF decided to do was actually the right thing to
decide. What it said is that the IETF would not modify protocols that were
designed for some other purpose in order to support lawful interception.

Will you discuss this at the next IETF meeting in Austria in July?
We're hoping for community review. If people see any problems with what
we're doing on a technical level, we're all ears. We want to produce the
best possible capability in terms of security and the capability required.

Have you had requests for this capability, directly or indirectly, from
government agencies?
Yes and no. We got the request from our customers. The laws relate to the
ISPs, which are our customers. Certainly, if we get a request from our
customers that we can't support, there are penalties that accrue.

We've had direct contact with the FBI and other agencies. When I was in
Holland I (spoke at a conference with the head of the equivalent of the
country's Central Intelligence Agency). The fact that he came out and said
something made the 8 o'clock news. I had a meeting with him and some of his
people a few days later to figure out what he wanted and what he intended to
do with this. As an engineer I wanted to understand a customer's problem.

We've had discussions with government agencies, but (they're generally not)
asking us to build a product. They do that with ISPs, who then come to us.

What other companies are going a similar route?
We're a little bit more open than everyone else. It really wouldn't be
appropriate for me to talk about other companies. It's not like we're coming
out and saying, "Hey, this is the reason you should buy a Cisco router."
This is something we're doing because our customers want it.

What do you think of governments with scant respect for privacy rights using
"lawful interception" technology to become more efficient eavesdroppers? Do
you ever stay up late at night worrying about what they might do with it?
Of course I do. But that problem is the reason I got involved. We have some
capabilities in some of our equipment that will allow you to take all the
traffic that goes across an interface and send it to another interface.
Right now that is used in some cases as a lawful interception technology.

When we first started talking, some engineers said, "Let's turn this on and
use that." I said, "Heavens no, if we can narrow the range of information,
let's do it." Let's let our customers meet their requirements in as
privacy-protecting a way as possible. So yes, there's a conflict, but the
conflict is why I got involved.


------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/