FC: More on the IETF and building in wiretapping

[Declan McCullagh <declan () well com>]

As I mentioned in my article
(http://www.wired.com/news/politics/0,1283,31853,00.html), IETF has set up
a mailing list to discuss this issue. Some excerpts follow.

-Declan

*******

From: Brian Rosen <brosen () eng fore com>
Date: Wed, 13 Oct 1999 11:12:12 -0400
Mime-Version: 1.0
Subject: [Raven] What is a poor vendor to do?

Those who advocate that the IETF stay out of this area
seem to be doing so from an end-user perspective.
If you are a vendor, or a network operator, these issues
are bet-your-business issues.  If you refuse a wiretap order, or do not have
the technical capability the law
requires you to have, you get fined or sent to jail.
It is all well and good to say "hell no, we won't go"
but we don't get the option.  Even in China, with
the draconian firewall rules, if you are in business
in China and you break the law, there are consequences.

We can, as individuals and companies work to change the
laws.  I think we should, as this one is silly - too 
easy to use encryption to make it null and void.  Today
however, the law IS, and it is in many countries.

We have three choices:
        Let there be no standards - every vendor must do
                it themselves, every network operator has
                to deal with incompatibilities when the
                LEAs come with a court order
        Let someone else do it - put our collective head
                in the rarefied air of the morally right,
                practically wrong, and have some less competent
                people do the work, or more likely, the very
                same people with more work than they can
                handle anyway having to use some other body
                to get what needs to be done, done
        Sit down and do it right. 

Can we just write the preface that says this is a useless 
disgusting, repugnant thing, but if we need to do it, 
this is how we do it, and get on with doing it?

Brian

********

From: hal () finney org
Received: (from hal@localhost)
        by finney.org (8.8.7/8.8.7) id PAA11437
        for raven () ietf org; Tue, 12 Oct 1999 15:49:28 -0700
Date: Tue, 12 Oct 1999 15:49:28 -0700
Message-Id: <199910122249.PAA11437 () finney org>
Subject: [Raven] US centricism

I agree with the comments of Paul Krumviede:

> I don't know what the equivalents, if any, are in other countries,
> but I am a bit surprised at the US-centric nature of some of the
> comments (namely the CALEA specific comments). I think we
> need to think about this in the more general setting, where
> anything that is done may need to be capable of satisfying
> differing criteria. This is not to advocate that anything be done.

There are many countries in the world which are even more threatened by
the thought of people communicating freely and privately than the US.
What mechanism can the IETF use to decide which countries' demands
are legitimate?

Today in Afghanistan many women are denied access to education and
training.  In ten years if the Internet becomes popular in that country,
will IETF build mechanisms into protocols to make sure that women can
be kept off the net?

China and other countries also see the Internet as a threat by providing
unfettered access to information (as do many western politicians).
These groups would like the ability to enforce filtering and make sure
that information is available only from approved sources.  For efficiency
such mechanisms may need to be built into many Internet protocols.  Is the
IETF prepared to go to work on that once they've got CALEA taken care of?

The Internet is an international system.  No country has jurisdiction
over the net.  If the IETF sets the precedent of acceding to the wishes of
countries like the US and Europe, it may find itself forced to similarly
honor the desires of less open societies.

Hal Finney
hal () finney org
--
I do not speak for my employer

********

Date: Tue, 12 Oct 1999 23:34:57 -0700 (PDT)
From: Nate Lawson <nate () root org>
Subject: [Raven] Protocol vs. Host/Router Tapping

I often see this issue brought up and yet I don't understand why existing
paradigms aren't used.  In the cryptography[1] and telecommunications[2]
industries, there have been quite a few cases of intermediate switches or
terminal units being backdoored to allow LEA.  Current wiretaps are done
at the switching center or by placing bugs at the target host.

This same method can apply to computer communications.  Instead of
worrying about adjusting protocols to allow LEA, just leave the question
to the host vendors.  Microsoft is free to backdoor Windows to store the
key on the local disk when generating an SA for IPsec.  Cisco is free to
place a public key on its boxes which gives full access to the person who
possesses the corresponding private key.  Since this kind of tapping has a
long-established precedent in the telecom field, I see no reason not to
allow vendors to follow it in the datacom field.

Keep the protocols simple and secure; leave the backdoor decisions to the
host implementors.

-Nate

[1] "NSA, Crypto AG, and the Iraq-Iran Conflict";
    http://www.aci.net/kalliste/speccoll.htm
[2] "Nortel Agrees To Wiretap"; 
    http://cryptome.org/fbi-nortap.htm

********

From: "Thomas Junker" <tjunker () phoenix net>
Date: Tue, 12 Oct 1999 04:19:06 -0500
:
:
:

On Mon, 11 Oct 1999 15:47:10 -0400, The IESG <iesg-
secretary () ietf org> wrote:

> The wiretap question has come up in one of these
> working groups, but the IESG has concluded that the
> general questions should be discussed, and conclusions
> reached, by the entire IETF, not just one WG.  The key
> questions are:  

>   "should the IETF develop new protocols or modify
> existing protocols to support mechanisms whose primary
> purpose is to support wiretapping or other law
> enforcement activities" 

No.  Most emphatically "NO!"

>  and 
>
>  "what should the IETF's position be on informational
> documents that explain how to perform message or
> data-stream interception without protocol
> modifications".   

That they have no place in the literature sanctioned, 
promulgated or disseminated by the IETF.

Wiretapping and government surveillance are inseparable 
from political considerations.  Even superficially 
ordinary, authorized, supposedly constitutional (where 
constitutions even govern) information gathering for 
unremarkable law enforcement activities cannot escape the  
political.

Official wiretapping in virtually all venues has been 
marked by excesses and abuses.  The present clamor of law 
enforcement for more and better wiretapping seems, if 
anything, to represent laziness and the path of least 
resistance more than any legitimate requirement for access 
to otherwise private information.  In the vaunted United 
States, home of the much-abused and tattered Fourth 
Amendment prohibition against unreasonable searches and 
seizures, the standard of privacy _before_ the advent of 
any of the current technology was far higher than it is 
today.  A hundred years ago any two people could walk into 
an area empty of other people and where interlopers could 
be observed, and have a conversation virtually impossible 
for any third party to overhear.  Thomas Jefferson and 
others used hand ciphers, at least one of which was secure 
enough to see use into the 20th century, and they faced no 
export restrictions or laws criminalizing the use of 
cryptography in any way, shape or form.  Law enforcement 
fanatics and the politicians who carry their water have 
turned the development of and availability of new forms of 
communication into an excuse to violate privacy in ways 
not even possible during the first 100+ years of the U.S. 
Constitution, on the incredible theory that since the new 
forms of communication did not exist in 1789 they cannot 
be covered by the protections guaranteed by that 
Constitution.  It would be _far_ more logical and 
reasonable to instead extend the identical protections 
enjoyed since 1789 to any and all new ways of doing the 
same fundamental things -- whether communicating, 
publishing, keeping records, or anything else.

There is a distinct trend today in law enforcement to want 
to take the easy way, without regard to human or civil 
rights or the long term destructiveness of those rights by 
institutional programs that undermine privacy and security 
of individuals and groups.  Worse, there is a strongly 
developing trend toward what can only be described as a 
unified world police state.  Remarkably arrogant demands 
for official access to traditionally private information 
are routinely appearing today in the two principal 
bastions of traditional rights -- the United States and 
the United Kingdom -- while extreme surveillance and 
control of individuals at a level that would shock 
Americans is common in European and other countries where 
few to no traditions of privacy or natural rights exist.

In the end, there is no line of demarcation between so-
called "legitimate" wiretapping and other access to 
private information and dictatorial, suppressive use of 
the same legal and technical mechanisms.  The same 
wiretapping and eavesdropping techniques and equipment 
used (presumably) under court order in the U.S. are 
exported and used in suppressive regimes to discover and 
gather evidence against dissidents, who may then suffer 
torture, imprisonment, even death, in ways and under legal 
systems entirely alien to civilized people.  Internet 
filtering technology whose only acceptable use in the U.S. 
might be to wall children off from objectionable material 
finds use in censorial regimes to wall off the entire 
domestic populace from political material deemed dangerous 
to the powers that be.  All technology cuts two ways, and 
none knows geographical or temporal boundaries to its use. 
Not only are "other" regimes demonstrably abusive while 
"ours" may not be, a regime that is well-behaved in one 
era may turn abusive in the next.  If _anyone_ should have 
learned that lesson many times over it is the peoples of 
Europe.

The question facing the IETF is fundamentally a political 
one: whether to become involved in the specification of 
the technologies of the police state or to remain aloof.  
I suggest that to become involved is to enter upon a 
slippery slope into a quagmire of arbitrary issues and 
requirements that will take the IETF ever farther from 
purely technical issues and deeply into the political.  It 
is a path from which there is no return.  Remaining aloof 
is the only viable option.  While it does little to solve 
the larger problem, at least it doesn't aggravate it, and 
leaves it for solution by other bodies, other interest 
groups, other constituencies.  Better still, the IETF 
could take active steps to frustrate Internet wiretapping 
and surveillance.

> In addition to the general questions identified above,
> we believe it would be helpful for mailing list comments
> to address the following more specific questions: 

>   Adding wiretap capability is by definition adding a
> security hole. Considering the IETF's commitment to
> secure protocols, is it a reasonable thing to open such
> a hole to meet these requirements? 

No, of _course_ it would _not_ be a reasonable thing.  The 
Clipper Chip fiasco showed pretty clearly that wiretapping 
schemes can be the downfall of otherwise protective 
security mechanisms, precisely because they _are_ security 
holes.  Not only was the security of law enforcement 
access keys impossible to guarantee, technical analysis 
revealed that the entire scheme was fatally flawed and far 
worse than the same security _without_ any provision for 
law enforcement access.

>   Should the IETF as an international standards
> organization shape its protocols to support
> country-specific legal requirements? 

Definitely not.  The IETF, merely by doing what most of us 
presume it _should_ be doing, is in a unique position to 
incorporate incentives for countries to adopt logical, 
productive, interoperable, _sane_ mechanisms, and to 
incorporate indirect disincentives for countries to swim 
against the stream.  The only rational bias for the IETF 
to apply is one that promotes freedom and privacy through 
viable networking and information security.  Anything else 
invites substantial discord, debate, and the loss of the 
IETF's credibility.

The most powerful well that the IETF taps into in 
formulating standards is the real-world effect on 
uncooperative country's economies.  While it may not be 
strictly true that "the Internet regards censorship as 
damage and routes around it," it certainly _is_ true that 
the whole world has entered into a sort of time tunnel 
race in which each economic or national group accelerates 
exponentially but at different rates, with the result that 
any entities who tie themselves down or hold themselves 
back find themselves severely outdistanced in a very short 
time.  In a very real sense, the participants in the 
Internet re-route around troublesome or dangerous 
countries, leaving those countries lacking the traffic 
that is meanwhile carrying business and personal 
opportunity, contact, and development elsewhere.  The most 
productive and widely beneficial policy the IETF could 
adopt would be a universal one of promoting sanity and 
freedom in the purposes to which its protocols and 
standards lend themselves, and frustrating to the degree 
technologically feasible the development, discussion, 
adoption, promulgation and dissemination of protocols and 
standards that particularly lend themselves to abuses of 
widely-regarded human and civil rights.  Objectivity does 
not require or even imply lending one's utility to 
destructive forces or insanity.

Suppose feudalism were to return with a vengeance in some 
small part of the world.  Would it be a properly objective 
stance for the IETF to allow itself to be used for the 
development of protocols and standards for networking the 
mechanisms of human chattel property and life indentures?  
Of course not.  If Pol Pot were active today and anxious 
to bring the Khmer Rouge into the Internet world, would it
be reasonable and "objective" to help him formulate 
protocols and standards for the systematic annihilation of 
millions of people?  That's not as outlandish as it may at 
first seem.  It's probably only a matter of time before we 
see the world's established police states becoming 
technologically more advanced and showing up at various 
Internet fora to propose and lobby for all manner of 
population and dissident control mechanisms to be 
implemented in Internet protocols and for entirely new 
protocols to be adopted to faciliate the police state.  We 
can only assume that they will also be enthusiastically in 
favor of anything that facilitates "legitimate" 
wiretapping, but I think wiretapping is only the tip of 
the awful iceberg yet to be seen.

>   If the companies who employ the IETF participants and
> deploy the IETF's technology feel that having wiretap
> capability is a business necessity due to the
> regulatory requirements in the countries where they
> want to sell their products, would that make a
> difference to the IETF position on this subject? 

No, it should not.  IETF is either the arm's-length, 
objective body shouldering the grave responsibility for 
helping us chart a path into an unknown networked future, 
or it is a handmaiden for momentary and purely pecuniary 
interests.  I suggest that the latter is a trap from which 
the IETF, once engaged, will never be able to extricate 
itself.

>   What is the appropriateness or feasibility of
> standardizing mechanisms to conform to requirements
> that may change several times over the life cycle of
> equipment built to conform to those standards?  
 
None.  It is neither appropriate nor feasible.  Basic to 
this consideration is that the law enforcement objectives 
are, viewed from the technological standpoint, arbitrary 
and external, neither driven by nor responsive to any of 
the technological issues or considerations of network 
evolution.  If the telcos, the ISPs, and/or the businesses 
who choose to cater to such things or cannot escape 
dealing with them end up wandering all over a confused 
landscape of changing mandates, dictates and requirements, 
forming without doubt an ugly patchwork quilt when viewed 
globally, that is no reason for the IETF to add legitimacy 
to what is intrinsically alien to the technological 
objectives and issues it exists to handle.  IETF 
participation in the mess will only further obscure the 
sheer idiocy of legislatures and executive edicts trying 
to direct technology for their own intrusive goals.

>   When IPv6 was under development, the IETF decided to
> mandate an encryption capability for all devices that
> claim to adhere to those standards.  This was done in
> spite of the fact that, at the time the decision was
> made, devices meeting the IPv6 standard could not then
> be exported from the U.S. nor could they be used in
> some countries. Is that a precedent for what to do in
> this case? 

The question can be interpreted in two diametrically 
opposed ways -- as suggesting that becoming involved in 
setting standards for wiretap access would be consistent 
with the IPv6 inclusion of encryption, or as suggesting 
that resisting the standardization of wiretap access would 
be consistent with the IPv6 promulgation of higher levels 
of IP security.

NO, it is NOT a precedent for setting wiretapping 
standards.  The IPv6 inclusion of encryption was in favor 
of privacy and security without regard to official 
obstacles to its implementation.  Inevitably, the standard 
will bring pressure to overcome those obstacles and the 
locales where the obstacles remain will suffer 
economically, as they should.  Should the IETF aid and 
abet the setting of wiretap standards, that too will 
inevitably work to overcome legitimate obstacles and 
objections to government surveillance and wiretap 
excesses.

YES, it is a precedent for adopting security 
specifications into standards even in advance of the wide 
availability of the mechanisms to implement those 
specifications.  With the kind of clever insight 
demonstrated in so much of what the IETF has already done 
to formulate exceptionally good protocols and standards, 
it may be possible to guide standards in directions that 
cause worldwide adoption of mechanisms that make it 
_more_difficult_ to implement wiretapping.  That is what I 
recommend.

>   Could the IETF just avoid specifying the part of the
> technology that supports wiretapping, presumably
> assuming that some industry consortium or other
> standards organization would do so?  Would letting that
> responsibility fall to others weaken the IETF's control
> over its own standards and traditional areas? 

If the IETF wants to seriously "wimp out," omission would 
be far better than active participation and the setting of 
IETF standards.  Yes, letting that responsibility fall to 
others would certainly weaken the IETF's control of those 
areas then subject to substantial independent 
specification.  The best course of action, though, would 
be to actively design protocols and standards to thwart 
systematic, automated wiretapping.  Legitimate police 
should be doing legitimate police work _anyway_, not 
fishing in everyone's communications for things they are 
too lazy to find in the real world.  If we allow them to 
fish, that will supplant all other forms of police work.  
Worse, the line between following reports of crimes and 
other overt evidence and merely snooping to find so-called 
"crimes" that are only there if overheard, is one that not 
only cannot clearly be drawn, it cannot ever be uniformly 
observed.

>   If these functions must be done, is it better for the
> IETF to do them so that we can ensure they are done in
> the most secure way and, where permitted by the
> regulations, to ensure a reliable audit capability? 

That is equivalent to, "If the functions of running 
concentration and death camps must be done, is it better 
for us to do them so that we can ensure they are done in 
the most secure way.... etc."  This is the most inane 
question of the lot.  It implicitly subscribes to the idea 
that if _someone_ will take the job of executioner or 
torturer anyway, why not us?

It is not the case that "these functions must be done."  
It remains to be seen how the overreaching democratic law 
enforcement groups and the torture-and-kill despotic law 
enforcement and security groups deal with a lack of 
standards for wiretapping and surveillance, with the high 
costs of implementation in the absence of standards, and 
with the lack of interoperability that will surely result 
from the lack of standards.  It is safe to say that the 
world will be a somewhat safer place as at least some of 
those groups modify their positions while others expend 
their time, energy and money trying to solve the problem.  
Don't make it any easier for them.

Further, to suggest that there is any benefit to ensuring 
the "security" or "audit capability" of intrusive, privacy-
destroying measures that at best will be abused in the 
more civilized countries and at worst will be used to 
persecute and kill dissidents and imagined enemies in the 
despotic regimes around the world is ludicrous.  The 
question implies that a Chinese dissident or free market 
participant arrested, tortured and imprisoned for several 
decades might somehow be reassured by the knowledge that 
IETF-sanctioned security and audit standards made sure 
that _only_ the Chinese security apparatus authorized by 
Chinese law to listen in on suspected dissidents' traffic 
was able to do so, or that a Chinese puppet judge would be 
able to subpoena the audit trail to make sure that the 
secret police _only_ listened when, where, and to whom 
authorized by the local political commissar? Is this a 
joke?

>   What would the image of the IETF be if we were to
> refuse to standardize any technology that supported
> wiretapping? 

Commendable, by any sane standard.  On the other hand, the 
image of the IETF, if it surrenders principle to the law 
enforcement and state security pressures, will be _mud_.  
If the IETF allows itself to become the tool of dictators 
and tyrants, its usefulness will have ended.

> In the Internet community? 

I believe most of the Internet community would applaud a 
refusal by the IETF to be drawn into facilitating 
invasions of privacy and persecuting people around the 
world.  In any case, a strong, pro-freedom, pro-privacy  
position of the IETF would engender no serious criticism.  
A position actively supporting the setting of wiretap 
facilitation standards, though, would undoubtedly attract 
a large amount of criticism, polarizing the Internet 
community where no major issues have ever before polarized 
it before with respect to the IETF.

> In the business
> community? 

Mixed, but by and large also a positive image.  
Unfortunately, and as exemplified by one of the very first 
posts to this discussion group, there is a substantial 
segment of business what will sell its soul for 
opportunity and revenue, or even just the comfort of 
security.  Unfortunately, that segment is all too willing 
to sell our souls as well.  If business wants to jump onto 
the surveillance and police state bandwagon, they should 
have to do it with their own resources, including their 
own standards planning, their own insightful and clear-
thinking designers, and their own money.  With luck, they 
will come up with something as clear and easy to implement 
as the SET standard.  We gain nothing by yielding to the 
temptation to cater to such interests when the mechanisms 
at issue are so entirely non-technical, political, 
arbitrary, and destructive of human dignity and freedom.

> To the national regulatory authorities? 

Why make them any gifts?  What would be your image in the 
view of the national regulatory authorities be if you 
don't stop by every Sunday with a cake and a bottle of 
wine?  What if you don't invite them to your vacation 
homes?  What if you don't offer them your daughters for 
their pleasure?  What if you refuse to help set standards 
for the interoperability of death lists and torture 
techniques?  

If you're seriously going to ask the question you ask 
above, then you have to ask all similar questions.  
How is assisting in the development and standardization of 
wiretapping technology any different than those other 
questions?  Because it is supposedly "legitimate?"  When 
was that question settled?  As far as I know, and 
notwithstanding any laws or court decisions anywhere, 
there is continuous and ongoing debate about the 
legitimacy of government information gathering activities 
and policies of _all_kinds.  

Public information is rife with countless documented 
instances of abuses and excesses with respect to 
governmental wiretapping, eavesdropping, searches and 
seizures, even break-ins and burglaries, much of it prima 
facie unlawful and actionable under criminal laws, but 
virtually never prosecuted.  I do not believe you can base 
an approach to this issue on the presumed legitimacy of 
government wiretapping, because even when and where 
seeming nominally to be authorized and within the laws and 
court decisions of the country in question, it is _still_ 
highly debatable and seen by many to be a mechanism so 
pregnant with the certainty of abuse that it should not be 
allowed in civilized, enlightened countries.

In any case, catering to the decidedly political and non-
technical interests and desires of the national regulatory 
authorities is a slippery slope with no visible bottom.  
If the IETF is going to cater to national regulatory 
authorities whose interests may range from benign to the 
most inhuman and destructive, then the IETF may just as 
well start taking government paychecks and not pretend to 
be an objective, arm's-length technology and standards 
body.  I believe it would be far better for the IETF to 
generally adopt a stance that places the worst of the 
national regulatory authorities in a position to either 
come around to a sane and civilized way of operating or to 
pay a price for their own obstinacy.

Never make life easier for fools, thieves or murderers.  
Always try to make their lives an uphill struggle fraught 
with obstacles and pitfalls.  Living any other way is not 
sane.

Regards,

Thomas Junker
tjunker () phoenix net

The Unofficial Wang VS Information Center
http://www.phoenix.net/~tjunker/wang.html




--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo () vorlon mit edu with this text:
subscribe politech
More information is at http://www.well.com/~declan/politech/
--------------------------------------------------------------------------