Politech mailing list archives

Previous By Date Next
Previous By Thread Next

FC: Poland may require ISPs to install monitoring devices

From: Declan McCullagh <declan () well com>
Date: Wed, 27 Dec 2000 20:55:28 -0500

********
Background on the similar SORM system:
http://www.politechbot.com/cgi-bin/politech.cgi?name=sorm
********

Date: Wed, 20 Dec 2000 18:00:52 +0100
From: =?iso-8859-2?Q?Pawe=B3_Krawczyk?= <kravietz () ceti pl>
To: jya () jya com
Cc: declan () well com
Subject: Poland wants SORM-2 too
Organization: CETI internet services, Krakow, Poland

Hello! In case you didn't know yet...

Yesterday Polish Ministry for Internal Affairs and
Administration (MSWiA) sent a draft of new wiretapping law to
the Polish Chamber of Information Technology and Telecommunications.

According to the draft all operators (PSTN, mobile, ISP, IAP, ICP) are
required to install equipment allowing the law enforcement agencies
unattended capturing of data from their networks. The draft actually
specifies what the equipment is expected to do. Almost no technical
details were given, but as I guess this would mean buying and installing
a black box behind every border router and firewall, and providing a
leased line to the spooks location.

The operator is also expected to provide an access to the plaintext,
if they encrypt any data flowing through their network for their own
purposes or in customer's behalf. This would probably mean breaking all
security provided by internally used IPSec and requirement to capture
the data sent outside via secure VPNs before they actually get encrypted.

I expect that introducing the law would simply kill many of the smaller
operators,  because they can't afford to buy and install the
equipment, which will be then used once in several years or never. This
is because there are several hundreds of Internet providers in Poland,
but most of them are small and private businesses with several dozens
of customers.

There are also obvious risks associated with installing untrusted third
party equipment in your core network, behind all firewalls and with access
to all your data. The data would be captured at the spooks discretion
and no one would now what is actually captured and when. Polish police
and special forces get much less public attention and scrutiny than in
e.g. US, so this would allow wide range of potential abuses like economic
or political espionage.

As you can see, this is a lightweight version of British RIP and
very similiar to Russian SORM-2. Currently it is widely discussed
here and the draft is waiting for the Chamber to express their opinnion.
No English version of the draft is available AFAIK and I can't translate
the juristic language, but all the important details are described above.

Below are some useful links:

The Chamber  (in Polish and English, but no comments on the draft yet)
http://www.piit.org.pl/

My article and the draft itself (in Polish)
http://ipsec.pl/ipsec/article/291

--
Pawe³ Krawczyk <http://ceti.pl/~kravietz/>




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if it remains intact.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: