RE: New CALEA Backdoors annouced

["Stout, Bill" <StoutB () pios com>]

> ----- Original Message -----
<snip>
> Bill,
>
> I would like to point out that the "backdoor" proposed is really a
"front 
> door" with a big dead bolt on it.  The proposed method of providing 
> access to encrypted traffic to law enforcement officials does not
weaken 
> the key length.  The key remains as strong.  Access to the information
is 
> granted to law enforcement agencies by the sysadmin.  The sysadmin can

> chose to comply with law agencies or not.  I would recommend that they
do 
> comply, but the option to fight an inappropriately obtained warrant
still 
> exists.

CALEA is a sniffer law, Key Escrow/GAK/Crypto export/and covert crypto
acts are encryption issues.  The CALEA doorbell as proposed is only a
crypto backdoor as far as it exists on the black or clear side
(plaintext) of traffic, for the purpose of bypassing the encrypted
stream.  Sorry if I mislead anyone by making it sound as if it
compromised encryption keys or algoritms.

Which devices will surveillance be built into is the question, as the
Cisco Whitepaper states: "Specifically, it is a viable approach to
access to plaintext for devices where the individual responsible for
data creation/reception is not the same individual responsible for
platform operation. Such devices constitute a significant percentage of
the available networked platforms, including firewalls, routers,
switches and other networking devices... [table listing 3rd party
managed devices] ...Enterprise desktop, Enterprise telephone, Set-top
box, Service Provider VPN, Outsourced firewall."
http://www.cisco.com/warp/public/146/july98/2.html

Will firewalls be required by law to be CALEA compliant?  What will your
companies policy be on permitting CALEA access; wide-open, or will they
seek advice?  If your system does IP forwarding, is it defined as a
router, and will it by default include the backdoor?  Will NT5.0 be
CALEA compliant, or only 'Routing and RAS'?  Where then would the best
place be to capture plaintext, if IE is an 'integral part of the OS'?
Will NT5.0 as a home W98 replacement include set-top/gateway/CALEA
compliance?  These are some of the questions it raises for me.

Surveillance may be a 'too technical to believe' issue to grasp, but
VanEck enforcement of TV broadcasts is a normal part of daily life in
Great Britain.  Recently Cambridge University submitted VanEck screen
snooping to Microsoft for license enforcement: 
http://www.techweek.com/articles/7-13-98/paranoia.htm 

It's a Slippery slope:
If I said everyone now has to get a micro-strip ID chip embedded in
their palm or forehead, there'd be an uproar.  However if I said over
many years we'd issue voluntary then mandatory identification
numbers(SSNs), ID numbers, digital certificates, then the digital ID
chips, that would cause mild sporadic grumbling, but sadly would come to
pass.  Digital Certificates may soon be available for everyone in the
U.S.:
http://www.networkworld.com/news/0713set.html

Bill Stout