FITUG e.V.
Förderverein Informationstechnik und Gesellschaft
FITUG e.V.Förderverein Informationstechnik und Gesellschaft |
|
http://cryptome.org/pl-sorm-rip.htm
20 December 2000
Date: Wed, 20 Dec 2000 18:00:52 +0100 From: Pawel_Krawczyk <kravietz@ceti.pl> To: jya@jya.com Cc: declan@well.com Subject: Poland wants SORM-2 too
Hello! In case you didn't know yet...
Yesterday Polish Ministry for Internal Affairs and Administration (MSWiA) sent a draft of new wiretapping law to the Polish Chamber of Information Technology and Telecommunications.
According to the draft all operators (PSTN, mobile, ISP, IAP, ICP) are required to install equipment allowing the law enforcement agencies unattended capturing of data from their networks. The draft actually specifies what the equipment is expected to do. Almost no technical details were given, but as I guess this would mean buying and installing a black box behind every border router and firewall, and providing a leased line to the spooks location.
The operator is also expected to provide an access to the plaintext if they encrypt any data flowing through their network for their own purposes or in customer's behalf. This would probably mean breaking all security provided by internally used IPSec and requirement to capture the data sent outside via secure VPNs before they actually get encrypted.
I expect that introducing the law would simply kill many of the smaller operators, because they can't afford to buy and install the equipment, which will be then used once in several years or never. This is because there are several hundreds of Internet providers in Poland, but most of them are small and private businesses with several dozens of customers.
There are also obvious risks associated with installing untrusted third party equipment in your core network, behind all firewalls and with access to all your data. The data would be captured at the spooks discretion and no one would now what is actually captured and when. Polish police and special forces get much less public attention and scrutiny than in e.g. US, so this would allow wide range of potential abuses like economic or political espionage.
As you can see, this is a lightweight version of British RIP and very similiar to Russian SORM-2. Currently it is widely discussed here and the draft is waiting for the Chamber to express their opinnion. No English version of the draft is available AFAIK and I can't translate the juristic language, but all the important details are described above.
Below are some useful links:
The Chamber (in Polish and English, but no comments on the draft yet)
My article and the draft itself (in Polish)
http://ipsec.pl/ipsec/article/291
--
Pawel Krawczyk <http://ceti.pl/~kravietz/>