Wiretapping the Internet: Legal and Dangerous?

"Various jurisdictions around the world have legal requirements to ensure that voice and data traffic can be wiretapped in the interest of public safety and national security. According to an IBM researcher, that same requirement for wiretapping, or lawful intercept of data, could potentially be abused by an attacker.

"IBM Internet Security Systems researcher Tom Cross today detailed during a live Black Hat Webcast event some of the specific issues he uncovered looking into a lawful-intercept implementation developed by Cisco. Cisco's architecture for lawful intercept is now used by more than 15 vendors.

"In the U.S., lawful intercept capabilities on Internet infrastructure are a legal requirement under the Communications Assistance for Law Enforcement Act (CALEA). Cross noted that many ISPs meet their CALEA compliance obligations by implementing Cisco's lawful intercept technology. The Cisco architecture is published as Internet RFC 3924, and provides a mechanism for a network to send data to law enforcement, but is not a blanket 'sniffing' of all traffic, according to Cross."

Complete Story

Related Stories:

• AT&T: Linux is why the Internet isn't Working(Feb 10, 2010)
• Yahoo Issues Takedown Notice for Spying Price List(Dec 07, 2009)
• The ACTA Internet Chapter: Putting the Pieces Together(Nov 09, 2009)
• Hardware Hacker, E-Voting Investigator, and Public Domain Advocate Win Pioneer Awards(Oct 06, 2009)
• Consumer Groups Outline Privacy Law Wish List(Sep 04, 2009)