A reminder from a Common Raven
For over a year I and a bunch of IETFers argued the issues on the Raven List, and the result was RFC 2804 IETF Policy on Wiretapping. In a nutshell, after we tried to clear our heads of everything we believed about Anglo-American jurisprudence since Charles I was shortened by a head, we tried to come to grips with wiretap as a functional requirement in the architecture of the net.
From my perspective, as an OS geek, it amounted to a requirement that the allocators for threads, memory and scheduling set up not one flow-forwarding collection of resources, but a replication resource, the tap. Fair enough, an interesting problem, a kind of malloc() that had a (let's be sophisticated) lazily evaluted copy-on-write semantics to a second execution context ... so the data plane is done. But the control plane must perform both flow set-up, and independently, that is, from independent from call set-up (viewing the target packet train within a potentially larger set of packet trains as a "call"), there is the call intercept.
The control plane requirement is for a means to over-ride any access control mechanism associated with any access restriction placed by the control plane, and priority over, and therefore more fundamental resource allocation primitives than those contained in the data-path for flow set-up, forwarding and tear-down. If that last bit wasn't obvious (it wasn't to us, initially), think of trying to get a fully loaded box to start a tap on an existing flow. To succeed some resources have to be recovered from existing flows. Starting a tap has to slow down some calls, and just to make it more fun, the call to be tapped can't be in the set of calls to experience resource starvation, least the tap be detectable directly from the tapped flow.
Oh. And that over-ride-all-protections and starve-the-innocents control and data plane capabilities have to be protected from misuse, because the Mob shouldn't be able to just hire CMU grads and conduct surveillance operations on the FBI ... or worse scenarios.
So politely, we opined in our collective judgment that "legal intercept" was unsound engineering.
Abstract
The Internet Engineering Task Force (IETF) has been asked to take a
position on the inclusion into IETF standards-track documents of
functionality designed to facilitate wiretapping.This memo explains what the IETF thinks the question means, why its
answer is "no", and what that answer means.
So the statement by John Brennan link is not just a political problem for those he successfully advises (Senator Barrak Obama), but is a technical problem for anyone with policy oversight over the National Telecommunications and Information Administration, within the Department of Commerce.
There is this great debate over whether or not the telecom companies should in fact be given immunity for their agreement to provide support and cooperate with the government after 9/11. I do believe strongly that they should be granted that immunity, because they were told to do so by the appropriate authorities that were operating in a legal context, and so I think that's important. And I know people are concerned about that, but I do believe that's the right thing to do. I do believe the Senate version of the FISA bill addresses the issues appropriately.
Shall the US data infrastructure be be consistent with RFC 2804, or inconsistent with it, for non-technical considerations? Its a question you can vote on.
The image is from Orgone Lab, which looks like they'd be happy to sell my mom this blanket. I'd prefer something in a woodpecker with acorns.
