LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Decreased security through monitoring

[Posted July 16, 2003 by corbet]

Worth a read: this Cringely column on electronic eavesdropping. The "Communications Assistance to Law Enforcement Act" (CALEA), passed in the mid 1990's, requires telecommunications providers to make life easy for law enforcement agencies wanting to listen to phone conversations. Apparently, the implementation of CALEA is not all that one might wish for:

The typical CALEA installation on a Siemens ESWD or a Lucent 5E or a Nortel DMS 500 runs on a Sun workstation sitting in the machine room down at the phone company. The workstation is password protected, but it typically doesn't run Secure Solaris. It often does not lie behind a firewall. Heck, it usually doesn't even lie behind a door. It has a direct connection to the Internet because, believe it or not, that is how the wiretap data is collected and transmitted.

CALEA systems have, according to Cringely, been hacked into by numerous bad guys, both domestic and foreign.

CALEA can be seen as a classic example of a bad governmental project gone worse, and as a dark omen of what the "total information awareness" system could bring. But there is a wider lesson here as well. Many organizations put monitoring capabilities into their networks as part of their security and policy enforcement operations. This monitoring can be performed by web proxies, mailers, intrusion detection systems, outsourced security services, and so on. Knowing what is happening on a network can be most helpful in keeping that network secure, but it is always worth remembering that these monitoring capabilities can be turned against you. Before putting in a facility that watches what you and your users are doing, it's worth putting some thought into how that facility will be secured and what could happen if it is compromised. Sometimes it might be better to watch a bit less.

(Log in to post comments)

Decreased security through monitoring

Posted Jul 17, 2003 19:05 UTC (Thu) by acorliss (subscriber, #3710) [Link]

As much as I like Cringely I would take this with a huge grain of salt. While I can't vouch for how things are done in the lower 48, I have (and am) worked at both of the largest telcos in Alaska, the first time as a Lucent 5ESS tech, no less.

The federal guidelines don't mandate a specific methodology/platform/whatever to comply, they only detail what services telcos must provide to law enforcement. When I worked on the 5ESS it would took phone calls and paper trails to activate a trace and/or tap on line activity. The reports were delivered on paper or magentic media. All human bandwidth.

I'm corporate IT sys-admin for the state's largest telco now, but I'd be real surpised if we had an exposed Sun box dishing that info out (not least of which the fact that we're primarily an IBM shop ;-). From what I understand, our NOC still gets human visitors when they're doing active tapping (or we'll psuedo-conference an agency phone in).

I'll look forward to seeing some lower-48 responses to this article, but my initial reaction is that it's being blown a bit out of proportion.

--Arthur Corliss

Copyright © 2003, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds