Re: Internet protocol proposal raises privacy concerns
Mon, 18 Oct 1999 14:21:25 -0700

Robert J. Bradbury, <>, writes:
> Subject: Re: Internet protocol proposal raises privacy concerns
> I noticed this, but find I can't get excited over it. Maybe I
> don't understand encryption, but it seems the logical thing
> would be to encrypt all of the server-client communications?

Yes, encrypted communications would defeat the desired extensions for eavesdropping.

The real issue here is that the lines between telephone communications and internet protocols are blurring. Law enforcement in most countries has used wiretaps for years, and now technology threatens to make that obsolete. To address this, the US passed a bill called the Communications Assistance for Law Enforcement Act (CALEA), which requires new forms of telephony to be designed to be "wiretap ready". Now a question arises as to whether Internet telephony (voice over IP) is covered by the law (or by similar requirements in other countries), and if so, whether the IETF (the Internet standards body) should therefore build wiretap capabilities into Internet protocols.

Encryption doesn't moot the debate. First, not everyone uses it, and won't for a while. But more importantly, if the precedent is set that wiretap capability must be built into Internet protocols, it would increase the political leverage for law enforcement when they demand an end to unbreakable encryption. What was the point, they could argue, of all the work that was done to build in wiretap capability, if encryption prevents the wiretaps from being useful? Given the precedent of requiring wiretap capability on the Internet it would be argued that encryption must not be allowed unless the government can decrypt messages. That is how I would expect it to play out.

However it appears that the standards body is dominated by old guard Internet types, libertarian anarchists who want no part in building Big Brother into the net. To the extent this is framed as a political and philosophical issue, they will win the battle. This leaves the corporate types with a problem; they are the ones who have to comply with their local laws by selling equipment which is wiretap ready. Presumably they will have to go outside the IETF to organize any common protocols or data structures which are necessary.

> Now, of course the group in Israel has cracked the encryption
> codes, so if law enforcement/government had widespread access
> to the technology then could be a problem.

If you are referring to the recent announcment of a quantum computer that can supposedly break keys in milliseconds, this is widely considered to be bogus, a confusion of several distinct results into a meaningless mishmash.