1 / 38

Issues in Lawful Intercept

Issues in Lawful Intercept. Fred Baker. Perspective. This is my personal viewpoint I am not speaking as a representative of IETF, ISOC, Cisco Systems, or anybody else My intention is to inform public debate Focused on technology issues resulting from law

whitney-wolf
Download Presentation

Issues in Lawful Intercept

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Issues in Lawful Intercept Fred Baker

  2. Perspective • This is my personal viewpoint • I am not speaking as a representative of IETF, ISOC, Cisco Systems, or anybody else • My intention is to inform public debate • Focused on technology issues resulting from law • No activist view expressed pro or con • Forensic surveillance is a legal requirement of service providers in every country • I am interested and involved because I have a personal viewpoint: • Abide by and support law in a context of privacy

  3. The legal mandate for Lawful Intercept

  4. Lawful intercept • Forensic investigation of specific persons or organizations • Involves disclosure of a person's communications • Focuses on the crime/criminal being investigated

  5. Current state of law • Cybercrime treaty signed 27 November 2001 • Initial signatories: • 26 European states, US, Canada, Japan, South Africa • Mandates • Content controls by anyone who stores data • Lawful intercept capabilities if you move data • Data retention and production • 11 September attack used to push US legislation • Cryptography limitations and export controls discussed during debate

  6. ” Cybercrime treaty, Article 21 • Each Party shall … • a.     collect or record … • b.     compel a service provider… • i.     collect or record … • ii.     co-operate … in the collection or recording of, • content data, in real-time, of specified communications in its territory transmitted by means of a computer system. http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm

  7. IETF Comments on the thrust of law

  8. Two fundamental thrusts in law • Access to traffic data • Logs of various kinds • Content • Overcoming encryption that protects content

  9. IETF Issues in Internet Privacy and Security • IETF primary concern: • Security of the infrastructure • Two statements: • RFC 1984 - “IAB and IESG Statement on Cryptographic Technology and the Internet” • RFC 2804 - “IETF Policy on Wiretapping”

  10. ” RFC 2804 on Lawful Intercept • Wiretapping ... releases information that the information sender did not expect to be released. • The system is less secure than it could be had this function not been present. • The system is more complex than it could be had this function not been present. • Being more complex, the risk of unintended security flaws in the system is larger. • Wiretapping, even when it is not being exercised, therefore lowers the security of the system. RFC 2804

  11. Cryptographic Technology and the Internet • Law enforcement needs the ability to track criminals, who are increasingly sophisticated • September 11 terrorists reportedly used steganographic encryption • Legislative proposals: • Disallow use of cryptography, or • Make it easy for authorities to obtain encryption keys

  12. Need for Internet cryptography • Internet needs strong cryptography for commercial and management reasons • Authentication of merchants and clients • Authentication of infrastructure data such as routing • Encryption of financial information

  13. Weak cryptography weakens those who use it • Weakening cryptography: • Export controls, Weak keys, Weak algorithms • Weak cryptography weakens • Companies in countries that inhibit it, in competition with foreign competitors • Internet infrastructure, which is not permitted to use it

  14. Weak cryptography weakens those who require its use • Weak cryptography also enables forgery • A key which can be broken or obtained can be used to digitally sign documents • Key escrow/recovery defeats legal cases • Key constructively available to other parties, • Forgeries indiscernible from real signatures: cannot be detected or proven false

  15. ” RFC 1984 on the use of Cryptography As more and more companies connect to the Internet, and as more and more commerce takes place there, security is becoming more and more critical. Cryptography is the most powerful single tool that users can use to secure the Internet. Knowinglymaking that tool weaker threatens their ability to do so, and has no proven benefit. RFC 1984

  16. Technical issues

  17. The optical internet backbone Gigabit to terabit links Access networks xDSL, cable modem, ISDN, asynchronous dial 20,000 instantaneous sessions per GBPS backbone bandwidth Today’s Internet Campus Networks (LANs) UoSAT-12 Internet in Airlines

  18. Lawful intercept in an Internet environment Control Device: Call Manager, SIP Proxy, Authentication Server, etc • Whom did they “speak” with? • What did they “say”? IP Control Traffic IP Data Log Stream Control Mediation Data ACL Intercept Configuration Warrant Intercepted Data Certified Intercepted Information Data Mediation

  19. Issues to address today • What gets included in different kinds of intercepts • Differences in the tap order • Reliability of delivery • Control vs Data planes • Traffic analysis information

  20. Historical capability in telephone network • Pen register • “Whom did he call?” • Trap and trace • “Who called him, and where are they?” • Content intercept • “What is he saying?”

  21. “Pen Register” and “Trap and Trace” • Much of “pen register” tracing is simply access to billing logs in real time • Present an edited copy of log information to LEA • Such logs generally do not exist in the Internet • Billing by month, not by site or URL accessed • For example, if question is whether a person is accessing a certain web site or type of site, only web site and personal computer have logs – both of which may be surveillance subjects

  22. “Some content should be accessible to a pen register” • Telephone systems • Traces often report the event of a call • Some content necessary to determine who is called (DTMF tones) • Data systems • If I have to deliver any content at all, I have to build the system that delivers content • When is “some” content “delivery of content”?

  23. What is “content”? • Certainly information that is permanent • Control information in same message? • Signaling information? At what layer?

  24. Differences in intercept orders • Issues of law in what controls what gets intercepted: • Specified traffic to or from a specific user of a device • Traffic to or from a device • Traffic to or from any device used by a specified person • Traffic to or from an organization

  25. Correlation to users is difficult • To accomplish this, the network must correlate the person with his data streams • The network must therefore authenticate the user • Most internet traffic has no authentication in any given network • For example, while I log on to my computers at work, traffic leaving my company is simply “traffic from the company” • The person is not readily identified outside of his home network

  26. One size does not fit all • Traffic to or from devices or organizations is more readily intercepted • Volume can vary immensely • Tap of a company is potentially gigabits per second • Tap of a personal computer may be on the order of tens to hundreds of KBPS

  27. Telephone system routing Call control and data follow same path Internet access routing Often follows different path Data path may not be in control jurisdiction Many data exchanges have no corresponding control exchange Control and data planes

  28. Reliability of delivery • LEAs would like reliable data delivery • “TCP is a ‘reliable’ protocol • Therefore, we want intercepted data delivered in TCP” • “Reliable” is a technical term in data communications • “Reliable” protocols deliver their data or die trying • TCP has well documented upper bounds on throughput, due to congestion avoidance procedures

  29. Rational requirements regarding resilience • Ensure that delivery is robust around normal loss • In failure circumstances, probably want to keep the intercept connection up but lose the content for a few seconds

  30. Transport protocols for resilience • Therefore, probably should not use TCP for intercept delivery • Resilient alternatives include so-called “reliable multicast” approaches • RTP Ack/Nack proposals in IETF • Negative Acknowledge triggers retransmission • Path loss does not tear down session

  31. ” Real-time collection of traffic data • Each Party shall… • … compel a service provider, within its existing technical capability, to: • i. collect or record … • traffic data, in real-time, associated with specified communications in its territory transmitted by means of a computer system. http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm

  32. Traffic Analysis • Capabilities exist to record traffic behavior • For example, log start and stop times of individual TCP sessions, with packet and octet counts • Not normally done or universally supported • And not stored for any long period of time

  33. Why are traffic logs not kept? • There is no business reason to do that • Billing is based on months, not TCP sessions • Individual sessions in the Internet are usually very short • The volume of traffic required to log production traffic is comparable to the traffic logged

  34. Conclusions

  35. There are significant political questions • It has not been my purpose to address these, and I have not.

  36. There are technical issues in the security of the system • The IETF is concerned about the technical soundness of the Internet • It has said that deliberately reducing security or increasing complexity doesn’t help

  37. What Law Enforcement says it wants it may not be able to get • There is a need for direct dialog between Law Enforcement and the Internet technical community • Neither side has been willing to do that effectively • Laws written for the telephone system often don’t work well in the Internet • Need to have legal base that reflects Internet technology

  38. Issues in Lawful Intercept Fred Baker

More Related