[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] Internet surveillance and RIP in Poland
- To: debate@fitug.de
- Subject: [FYI] Internet surveillance and RIP in Poland
- From: "Axel H Horns" <horns@ipjur.com>
- Date: Fri, 22 Dec 2000 19:45:40 +0100
- CC: krypto@thur.de
- Comment: This message comes from the debate mailing list.
- Organization: NONE
- Sender: owner-debate@fitug.de
http://cryptome.org/pl-sorm-rip.htm
-------------------------------- CUT --------------------------------
20 December 2000
Date: Wed, 20 Dec 2000 18:00:52 +0100
From: Pawel_Krawczyk <kravietz@ceti.pl>
To: jya@jya.com
Cc: declan@well.com
Subject: Poland wants SORM-2 too
Hello! In case you didn't know yet...
Yesterday Polish Ministry for Internal Affairs and Administration
(MSWiA) sent a draft of new wiretapping law to the Polish Chamber of
Information Technology and Telecommunications.
According to the draft all operators (PSTN, mobile, ISP, IAP, ICP)
are required to install equipment allowing the law enforcement
agencies unattended capturing of data from their networks. The draft
actually specifies what the equipment is expected to do. Almost no
technical details were given, but as I guess this would mean buying
and installing a black box behind every border router and firewall,
and providing a leased line to the spooks location.
The operator is also expected to provide an access to the plaintext
if they encrypt any data flowing through their network for their own
purposes or in customer's behalf. This would probably mean breaking
all security provided by internally used IPSec and requirement to
capture the data sent outside via secure VPNs before they actually
get encrypted.
I expect that introducing the law would simply kill many of the
smaller operators, because they can't afford to buy and install the
equipment, which will be then used once in several years or never.
This is because there are several hundreds of Internet providers in
Poland, but most of them are small and private businesses with
several dozens of customers.
There are also obvious risks associated with installing untrusted
third party equipment in your core network, behind all firewalls and
with access to all your data. The data would be captured at the
spooks discretion and no one would now what is actually captured and
when. Polish police and special forces get much less public attention
and scrutiny than in e.g. US, so this would allow wide range of
potential abuses like economic or political espionage.
As you can see, this is a lightweight version of British RIP and very
similiar to Russian SORM-2. Currently it is widely discussed here and
the draft is waiting for the Chamber to express their opinnion. No
English version of the draft is available AFAIK and I can't translate
the juristic language, but all the important details are described
above.
Below are some useful links:
The Chamber (in Polish and English, but no comments on the draft
yet)
http://www.piit.org.pl/
My article and the draft itself (in Polish)
http://ipsec.pl/ipsec/article/291
--
Pawel Krawczyk <http://ceti.pl/~kravietz/>
-------------------------------- CUT --------------------------------