IP: more on " I read this article and I can't help wondering." Beyond Carnivore: FBI Eyes Packet Taps

[David Farber <dave () farber net>]

> From: "Caspar Bowden" <cb () fipr org>
> To: <farber () cis upenn edu>
> Subject: RE: " I read this article and I can't help wondering." 
> Beyond  Carnivore: FBI Eyes
>
> > >From: Dan Steinberg <synthesis () videotron ca>
> ...
> > >  Dave, I read this article and I can't help wondering....
> > >how on earth do they think they can do this?
>
> It might be helpful to refer to some of documents in the analagous
> proposal in Britain, which can require ISPs in Britain to install
> permanently connected "black-boxes". These feed into a hub monitoring
> centre in the MI5 building (equiv FBI Washington HQ). This became law as
> the RIP Act 2000, but is still being implemented.
>
> The law allows the boxes to be remote controlled from the centre, so
> that the target can be selected without the lawful need to serve a
> warrant on an ISP.
>
> The law can require that the boxe(s) can have access to the entire ISP
> flow for filtering under a special trawling warrant (RIP S.16(3)) -
> which over-rides limitations on trawling domestic traffic. There is no
> limitation to the processing power that can be specified for the box
> (and ISPs must foot the bill after compensation for the initial
> deployment)
>
> ...
> > >OK. Now go to the packet level. First of all you can't do all your
> > >processing locally  at each ISP.
>
> But it may become efficient if the filtering is distributed, and the
> protocols reconstructed locally, for shipping back to the monitoring
> centre for further analysis. The Home Office commissioned a study (now
> discredited at least in terms of cost) which seemed to recognise that an
> interface of this kind was needed, rather than just shunting raw packets
> back - http://www.homeoffice.gov.uk/ripa/techcost.pdf
> ...
> > >yes you have to look at *every* packet.  And you have
> > re-assemble all the traffic
>
> Yes and it will be done locally, and the packaged reconstructed
> protocols selected to be of interest will be shipped back.
>
> >>...
> > >etc.  You don't know who you are looking for.
> > > If you did, you woulnd't need the central place to
> > >track packets. You could just go to an ISP or better stilll
> > go tap their phone or something traditional.
>
> Suppose they want to correlate information from a much wider base of
> suspects. Once you have a "black-box" apparatus you can use it to obtain
> "traffic data" (cf. Anti-Terrorism Act) - i.e. email From/To, Websites
> (pages), Usenet articles, search engine terms etc. That can be got
> simply if "relevant" for some investigation. Once obtained, there are
> really no limits to how it can be used for traffic analysis of who you
> talk to, what you read, and with 3G mobiles where you go.
>
> ...
> > >Do they have
> > >any idea how many packets are flying about?
>
> FBI's point I suspect is that if NSA have a shedload of computers to
> preserve national security, why should FBI be using a few desktop
> workstations ?
>
> --
> Caspar Bowden                           www.fipr.org
> Director, Foundation for Information Policy Research
> Tel: +44(0)20 7354 2333


For archives see:
http://www.interesting-people.org/archives/interesting-people/