Linux Today: Linux News On Internet Time.

Wiretapping the Internet: Legal and Dangerous?

Feb 23, 2010, 12:33 (1 Talkback[s])
(Other stories by Sean Michael Kerner)

"Various jurisdictions around the world have legal requirements to ensure that voice and data traffic can be wiretapped in the interest of public safety and national security. According to an IBM researcher, that same requirement for wiretapping, or lawful intercept of data, could potentially be abused by an attacker.

"IBM Internet Security Systems researcher Tom Cross today detailed during a live Black Hat Webcast event some of the specific issues he uncovered looking into a lawful-intercept implementation developed by Cisco. Cisco's architecture for lawful intercept is now used by more than 15 vendors.

"In the U.S., lawful intercept capabilities on Internet infrastructure are a legal requirement under the Communications Assistance for Law Enforcement Act (CALEA). Cross noted that many ISPs meet their CALEA compliance obligations by implementing Cisco's lawful intercept technology. The Cisco architecture is published as Internet RFC 3924, and provides a mechanism for a network to send data to law enforcement, but is not a blanket 'sniffing' of all traffic, according to Cross."

Complete Story

Related Stories: