FC: Reply from Dutch technologist to column about Cisco, wiretapping

[Declan McCullagh <declan () well com>]

[Lots of details and interesting suggestions. Keep reading. --Declan]

---

Date: Wed, 23 Apr 2003 15:35:23 +0200 (MET DST)
From: Paul Wouters <paul () xtdnet nl>
To: Declan McCullagh <declan () well com>
cc: Fred Baker <fred () cisco com>, John Gilmore <gnu () toad com>
Subject: Re:  FC: Weekly column: Cisco's wiretapping plans, int'v with Fred 
Baker

Declan,

I am a concerned Dutch citizen, keeping a public eye on the wiretapping
situation there, especially since we were, until Cisco announced their
plans, far "ahead" of the world (even before 9-11). Articles I have
written on this subject are availble online, often in dutch and English,
and include:

http://www.fnl.nl/ct-nl/archief2001/ct2001-06/ct200106032033.htm (Dutch)
http://www.opentap.org/ct/ct.aftappen-eng.html (English)
http://www.fnl.nl/ct/archief2002/ct2002-12/aftappen.htm (English)
http://www.opentap.org/ccc/ (English)


In response to your article "Inside Cisco's eavesdropping apparatus"
on http://news.com.com/2010-1071-997528.html?tag=fd_nc_1 I have a few
comments to make:

First you quote Baker saying:

> We've had direct contact with the FBI and other agencies. When I was in
> Holland I (spoke at a conference with the head of the equivalent of the
> country's Central Intelligence Agency). The fact that he came out and
> said something made the 8 o'clock news. I had a meeting with him and
> some of his people a few days later to figure out what he wanted and
> what he intended to do with this. As an engineer I wanted to understand
> a customer's problem.

The 8 o'clock newsitem Baker is referring to can be seen at:

http://www.xtdnet.nl/paul/fb.mpg

Only the introduction is Dutch, the remainder is in English with Dutch
subtitles

Let me put this a bit in context though. Baker spoke at the ISOC
on januari 16, 2002.  I was there as well. Baker explained that any
wiretapping technology should not go into the protocols (eg TCP/IP)
themselves, because it would make the internet infrastructure weaker. It
is the same argument as the Clipper chip. Backdoors are bad. Escrow keys
leaking out would mean an international disaster.  Baker, or rather
the IETF, made a conscious decision not to weaken the protocols, even
though the LEA's (Lawful Enforcement Agencies) wanted this. Baker did
acknowledge that some sort of wiretapping needed to exist for those
LEA's. But he would not comment on what he or Cisco deemed to be the
solution, except that Cisco was working on it.

The boasting of our Dutch CIA being present is really out of context. Our
intelligence agencies have been going through various reorganisation
rounds, with the Old generation leaving (Dr. van Leeuwen) and new people
settling in. Veenstra was just doing some PR for the BVD. Both the
military intelligence and the civil intelligence units had ben revamped,
now called MIVD (Militaire Inlichtingen en Veiligheids Dienst) and AIVD
(Algemene Inlichtingen en Veiligheids Dienst). Note the difference
between "binnelandse" (Internal affairs) and "algemene" (generic). By
now, we also know that our government "needed" more and better SIGINT
to protect against fundamentalists and terrorists. A new organisation,
the NSO (Nationale SIGINT Organisatie) was setup to cater for those post
9-11 worries.

All that Veenstra said that day was that they had an "extreme focus on
terrorist activity". That took about 10 to 15 minutes.  How ironic that
only four months later Pim Fortuyn, the leader of the new political party
LPF that rose from nothing to become the second largest political party in
the Netherlands, was shot dead. Unfortunately, the secret nature of LEA's
can explain both failure and success as a reason for more power and money.


One of the other things I would like to comment on is Baker's remark
in the news item that he didn't believe "new laws were being made". I
think by now it has become quite obvious that all Western governments are
quickly morphing into a police state. Though I will let others comment
on the "no new laws" statement Baker made regarding the US situation, I
will comment on the Dutch situation. In the last four years, most of the
"temporary laws" (In Dutch "nood-verordeningen") protecting big events
such as the Eurpoean soccer Championship or our Royal Wedding are still
in place. Any engineer walking in the center of Amsterdam after 7pm
officially violates one of these laws if he carries a screwdriver with
him. In the entire downtown area of Rotterdam and Amsterdam you can be
"preventatively searched". Without any cause or suspicion. By being in
the center of Amsterdam you must be a criminal.

But let me get back onto the topic of wiretapping.  We now know Cisco
would like to implement a wiretapping solution in their hardware, instead
of in the protocols. From a first cursory glance over the document, it
seems that Baker's draft complies with the ETSI norm. The Netherlands
already has such a system in place. It is called Transport of Intercepted
IP Traffic (TIIT) of which the (secret!) specifications can be found
on http://www.opentap.org/ The one line explanation of the system is
"Digitally signed XML warrant goes in, tapping data comes out". The
government stressed that it would never automate tapping without involvig
the ISP.

The experiences with this system are currently fairly limited. The
government is tapping about 100kb continiously, with peaks going to 0.5 to
1 mbit. These figures are based on their public router statistics. Bits
of Freedom (www.bof.nl) tried to obtain numbers on the telephone and
internet taps using the Dutch version of the Freedom of Information Act,
but despite a government reimbursement system for telco's, it claimed it
had no central registration of these taps, the government didn't want or
need these numbers themselves, and therefor these numbers do not exist,
and cannot be obtained by worried citizens.

NLIP (www.nlip.nl), the Dutch branche organisation of ISP's, has a long
history of behind doors negotiations with the government on behalve of
their members. The government swept away their 'demands'. So they have
foccused their effords on making tapping as cheap as possible for their
members instead (while publicly not stating that they are no longer
"nationally involved". Unfortunately, they do still seem to be used as
an excuse by the government to claim "they are talking to the ISPs".
This kind of conflict of interest (ISP's involved in law making only
secondary to their own reduction of expenses) is very dangerous. Two weeks
ago I also learned, indirectly through this NLIP, that the government
is writing up a decree (Dutch: "Algemene Maatregel van Bestuur"), that
is, a law that does not need the aprovement of parlemant, that will
allow LEA's to control the tapping equiptment of ISP's remotely. The
goal is to reduce the number of people who know about a tap. The side
effect (or one could argue that this is in fact the intended effect)
is that the legal system will be bypassed completely. The ISP doesn't
know when it is tapping its customers, and cannot check the validity of
the warrant. We will just "have to trust them".

But can we? Only two months ago, the Dutch had their own version of
"FoxNews" when the program Zembla reported that the Dutch tapping room
is completely outsourced to a questionable Israeli company:

http://www.opentap.org/zembla/   (Dutch)
http://www.fnl.nl/ct/archief2002/ct2002-12/aftappen.htm
http://www.opentap.org/foxnews/

Comverse (sorry, Verint-systems) has to come in and fix/repair/maintain
the digital tapping rooms very regularly. They hook up Hebrew keyboards
and no one knows what they are doing.  An anonymous source within Comverse
told c't magainze (www.fnl.nl/ct) that 9.1GB Sony MO disks are used:
http://www.sony.net/Products/DataMedia/products/525MO/91GBMO.pdf And
that they can put 240 hour of conversations on one such MO using the
following codec: http://www.vidicode.nl/Dutch/scr_nl.htm

So even if our government means well, our data apparently leaks out
anyway. (Then again, the Wassenaar Agreement the Netherlands signed
includes Israel anyway, so Israel could just order their own taps from our
government anyway). But worse, the Zembla newsitem also showed that the
police had manipulated evidence. This became painfully obvious when one
of the "intercepted GSM phone calls" was heard pulse dailing (Remember
those days when dialing was done with a dial?)

I have long ago come to the conclusion that yes, tapping is a neccessary
evil. We need to accomodate this. But it is of vital importance
that tapping does NOT become an automatic system that only involves
LEA's. There is a valid reason that LEA's don't trust LEA's. That is
why they want to be able to tap each other, and that is the reason for
the ETSI demand for multiple parallel invisible taps. We should not play
their game. LEA's have their own, secret, agenda.

Back to Mr. Baker,

Mr Baker also mentions:

> What we're doing is putting the capability in a separate image so you
> know what you're getting when you get it. Under U.S. law, if you have
> that ability, you could be required to use it. Our service provider
> customers have asked us not to put it in the standard image, so that
> they can't be forced to use it.

Though this seems like a reasonable stance, let's not forget that a
far more important argument for Cisco is that putting a tapping image
in their Cisco's per default would cause two thirds of the worlds to no
longer buy Cisco. This is coming dangerously close to putting "Trusted
computing" into the router. I am sure it's trusted, but who owns the
device? It is of vital importance that any tapping accomodating protocol
is completely free and open, so that opensource implementations can be
written.

The solution?

In the TIIT specification, there is a special function to ensure
that the tap is still working properly. Ever 64 packets or 5 minutes,
a cryptographical checksum is generated by the tapping box over the
intercepted data, and also send to the LEA. This is to ensure the
integrity of the datastream to the LEA. I believe that the ISP should
not only be allowed, but should be forced to keep those checksums
themselves. Those can then later on be given to the courts to determine
any evidence tampering by the police. And it also ensures that the ISP
will always know about a tap in his network, and will always have the
means to check the legality of such a tap. I sincerely hope Mr. Baker
will add something similar into his Cisco's. If he does not, ISP's
will be prevented from checking the legality of warrants, and on top
of it they will face a rush of LEA's taking over their Cisco's.

If we are not allowed to investigate the correctness of a warrant, nor
the proper functioning of our LEA's, then we might as well end the charade
of the courtroom and admit that we have chosen to live in a police state.

Paul Wouters
Opentap




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
-------------------------------------------------------------------------
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------