FBI's Carnivore went quiet but methods under scrutiny again
January 30, 2007
Some of you may have seen articles about a presentation made by Professor Paul Ohm (former trial attorney at the Justice Department) at the "Search & Seizure in the Digital Age" symposium held at Stanford University last Friday. Professor Ohm, currently a law professor at Univ. of Colorado, spoke about the new "full-pipe recording" approach the FBI is now using when doing a broadband intercept.
His description asserts that instead of just intercepting the IP traffic of the target, they are collecting traffic from a point in the network that includes other user's traffic as well. I would suggest that in an environment that hasn't achieved CALEA compliance yet (the FCC CALEA deadline is May 14, 2007 see earlier entries) this may be necessary. But once true LI solutions are in place this will no longer be necessary. Current LI technology provides for both active and passive solutions that can identify the specific traffic of a target, assuming the target is known. There may be challenges with some enterprises in identifying their users but certainly all service providers know who their users are since they have to bill them :-)
And don't be surprised if you continue to hear about "full-pipe" intercepts even after CALEA compliant solutions are in place. In LI circles "full-pipe" actually has a different meaning and references the traffic on the "pipe" that goes to the target's location. This is in contrast to an intercept that would intercept a specific type of traffic (email, VoIP, chat, http etc.).
An example makes this clear. I happen to use Charter as my cable/broadband provider and Vonage as my VoIP provider. Because Vonage operates within the U.S., law enforcement could get a warrant, serve Vonage with it and only intercept my voice IP traffic. Now if my VoIP provider happened to be out of the country, then law enforcement could go to Charter and intercept the "full pipe" going to my house in order to access the voice traffic that is embedded in the IP stream going across the pipe I have from Charter. They would have the "full-pipe" but it would only be my traffic, not any one else's.
His description asserts that instead of just intercepting the IP traffic of the target, they are collecting traffic from a point in the network that includes other user's traffic as well. I would suggest that in an environment that hasn't achieved CALEA compliance yet (the FCC CALEA deadline is May 14, 2007 see earlier entries) this may be necessary. But once true LI solutions are in place this will no longer be necessary. Current LI technology provides for both active and passive solutions that can identify the specific traffic of a target, assuming the target is known. There may be challenges with some enterprises in identifying their users but certainly all service providers know who their users are since they have to bill them :-)
And don't be surprised if you continue to hear about "full-pipe" intercepts even after CALEA compliant solutions are in place. In LI circles "full-pipe" actually has a different meaning and references the traffic on the "pipe" that goes to the target's location. This is in contrast to an intercept that would intercept a specific type of traffic (email, VoIP, chat, http etc.).
An example makes this clear. I happen to use Charter as my cable/broadband provider and Vonage as my VoIP provider. Because Vonage operates within the U.S., law enforcement could get a warrant, serve Vonage with it and only intercept my voice IP traffic. Now if my VoIP provider happened to be out of the country, then law enforcement could go to Charter and intercept the "full pipe" going to my house in order to access the voice traffic that is embedded in the IP stream going across the pipe I have from Charter. They would have the "full-pipe" but it would only be my traffic, not any one else's.
Feel free to comment. Till next time ...
Related Tags: traffic, intercept, target, provider, charter, Vonage
- Related Entries
Technorati
Del.icio.us
Slashdot
Digg
Furl
Spurl
Listed below are links to sites that reference FBI's Carnivore went quiet but methods under scrutiny again:
Trackback Pings
TrackBack URL for FBI's Carnivore went quiet but methods under scrutiny again:
http://blog.tmcnet.com/mt3/t.fcgi/31721
Previous blog:
Bush Administration Changes Stance on "Unauthorized" WiretappingDemystifying Lawful Intercept and CALEA Home Page
Next blog:
Filing date for CALEA "Monitoring Report" upon us