IT World Canada reports on ISP regulation at the Canadian ISP Summit (I was panelist) where Chris Tacit, who acts from the Canadian Network Operators Consortium, indicated that the costs associated with implementing lawful access could cause some smaller operators to close up shop.
The 90’s called, they want their gov’t back! Is this ANOTHER case of our government enacting a law that technology has already made irrelevant?
With the proliferation of public wi-fi (airports, coffee shops, even McDonald’s offers it) more and more users are sensitized to casual eaves dropping. And web sites are responding by offering secured HTTP (that is HTTPS) connections.
So what would the government or the police gain from spying on my secured traffic? If I understand correctly there’s no way (apart from lengthy brute force) that they could decode what passes through my ISP? They’d have to get a search-warrant for either my computer or for the servers of the web site I was communicating with.
This isn’t some esoteric secret message system used by spies; any web site can easily offer it, every web browser supports it, and any user can easily use it.
And HTTPS has been around for how long? And we’re getting a law now predicated on it’s non-existence? How ’bout a law requiring governments not waste our tax money – oh, never mind!
@Schultzter There is a way to do a man-in-the-middle attack on SSL traffic, and the police could use it easely since it requires to compel a Certificate authority to create a certificate for a domain, but it would be immoral to do so… but then again Lawful Access, by it’s very definition, is immoral since there is no oversight to prevent abuse or prevent the use of that technology to create profile on an citizens.
Countries are already using the “Man in the Middle” Iran, Egypt, Syria, even Israel (Israel is where a LOT of anonymous HTTPS proxies are to overcome that, if you know where to look). For the US to throw a couple billion at it and have Canada kick in some quid to get a look at the data would be a non-issue.
(don’t chuckle, how do you think the border security deal is going to be done? Days after Lawful Access is in)
Ridiculous This law is ridiculous. It will do nothing to deter crime, illegal online activities or cyber terrorism. Here in North America we are so blinded under the guise of big security that we fail to look at the big picture.
We should be training entire armies on how to defend the nation’s critical infrastructure from foreign cyber espionage. Last week it was a pump in Illinois. What happens when a complete fire sale happens. What are we doing to ensure that it never happens. It happened in Georgia, Iran (stuxnet) …so what makes us believe that it won’t happen here. Canada doesn’t even have cyber command center in place. Yikes! If you don’t believe this old guy, then just see what Kevin Mitnick and Mark Russinovich have to say about this subject lately.
Lawful access ….really. If you are going after such a high profile criminal, then they are probably smart enough to use tor, proxy and a myriad of other technology to evade these filters from the get go.
Just another lame attempt by the feds to snoop into our lives. Wake up and smell the coffee!
Law Bytes
Episode 214: Erin Millar on Trust in Media and the Implementation of the Online News Act
The 90’s called, they want their gov’t back!
Is this ANOTHER case of our government enacting a law that technology has already made irrelevant?
With the proliferation of public wi-fi (airports, coffee shops, even McDonald’s offers it) more and more users are sensitized to casual eaves dropping. And web sites are responding by offering secured HTTP (that is HTTPS) connections.
So what would the government or the police gain from spying on my secured traffic? If I understand correctly there’s no way (apart from lengthy brute force) that they could decode what passes through my ISP? They’d have to get a search-warrant for either my computer or for the servers of the web site I was communicating with.
This isn’t some esoteric secret message system used by spies; any web site can easily offer it, every web browser supports it, and any user can easily use it.
And HTTPS has been around for how long? And we’re getting a law now predicated on it’s non-existence? How ’bout a law requiring governments not waste our tax money – oh, never mind!
@Schultzter
There is a way to do a man-in-the-middle attack on SSL traffic, and the police could use it easely since it requires to compel a Certificate authority to create a certificate for a domain, but it would be immoral to do so… but then again Lawful Access, by it’s very definition, is immoral since there is no oversight to prevent abuse or prevent the use of that technology to create profile on an citizens.
@anonyme
And then you throw self signed or “cooperating hobbyists” into that cert mix. Lots more of them (and there are lots of them already).
Schultzter is right. Useless waste of time and money – for everyone.
Countries are already using the “Man in the Middle”
Iran, Egypt, Syria, even Israel (Israel is where a LOT of anonymous HTTPS proxies are to overcome that, if you know where to look). For the US to throw a couple billion at it and have Canada kick in some quid to get a look at the data would be a non-issue.
(don’t chuckle, how do you think the border security deal is going to be done? Days after Lawful Access is in)
Ridiculous
This law is ridiculous. It will do nothing to deter crime, illegal online activities or cyber terrorism. Here in North America we are so blinded under the guise of big security that we fail to look at the big picture.
We should be training entire armies on how to defend the nation’s critical infrastructure from foreign cyber espionage. Last week it was a pump in Illinois. What happens when a complete fire sale happens. What are we doing to ensure that it never happens. It happened in Georgia, Iran (stuxnet) …so what makes us believe that it won’t happen here. Canada doesn’t even have cyber command center in place. Yikes! If you don’t believe this old guy, then just see what Kevin Mitnick and Mark Russinovich have to say about this subject lately.
Lawful access ….really. If you are going after such a high profile criminal, then they are probably smart enough to use tor, proxy and a myriad of other technology to evade these filters from the get go.
Just another lame attempt by the feds to snoop into our lives. Wake up and smell the coffee!