> -----Original Message----- > From: Paul Kyzivat [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 08, 2007 3:50 PM > To: Stucker, Brian (RICH1:AR00) > Cc: Dean Willis; IETF SIP List; Joel M. Halpern > Subject: Re: [Sip] media-security-requirements and lawful intercept > > > > Brian Stucker wrote: > >> -----Original Message----- > >> From: Paul Kyzivat [mailto:[EMAIL PROTECTED] > >> > >> The question is: when can they come and tell you that you must > >> install LI hooks into your system? > >> > > > > (9/11) Whenever the (9/11) government decides to do so (9/11). > > Otherwise, (9/11) the terrorists (9/11) win. > > > > Seriously. There's no way of knowing when a law may change. The key > > here really isn't so much collecting the data, by the way. You can > > collect the data, it's reporting the keys to interpret the data. > > Understood. My question was essentially "what kind of usage > would be found sufficiently offensive that the law would be > changed to require a new class of network to do LI, including > reporting of keys.?"
I don't think this is the way governments look at the problem. Voice traffic, on the face of it, is not a particularly offensive usage but it obviously has LI requirements. It's more a matter of technical feasibility. As a common carrier, operators have the only technically feasible point of collection for this type of data because they are the transport provider. If all of your voice communications were able to be collected outside of the provider network, I don't think they'd care so much to force providers to give them LI capabilities. I don't think that's as strongly the case with wireline VoIP because your service provider could be entirely different from your transport provider in markets where there are a large number of ISPs and they'll want to collect all of your traffic, not just RTP packets. When you look towards cellular wireless, your service provider is again, vertically integrated with your transport provider (at least today). That said, the government certainly isn't going to relax any existing capabilities to perform legal intercept. So even if a traditional operator starts providing VoIP service to subscribers that utilize an ISP not owned by that operator the government isn't going to say "oh, you don't need to support LI anymore" because there's always the CYA element to be considered. As long as they can control the chokepoints in the network to ensure that they can capture the traffic they need, and they have the keys reported to them to interpret the material if someone in the network has them (or is compelled to make sure that they get them if technically feasible) then there's going to be a requirement to report that information. > > Apparently at the moment communications within a private > enterprise, even a distributed one with VPN interconnects via > carriers, hasn't resulted in demanding that enterprises support LI. No, because their ISPs are required to cooperate with law enforcement and another aspect of LI is that you don't want the target of the intercept to be aware that they're being intercepted. It'd have been pretty tough for the FBI to go to ENRON and tell them that they'd like to collect all of their VPN traffic as part of an SEC investigation, so they go to the ISP instead. > > Paul > _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
