Chris Rigby wrote:
Does anyone feel the need to meet with DIA (and whoever else in the govt) who know the technicalities of this to discuss the issue?
Much of this is being driven by the need for the Government officials to be in-line with the email surveillence now being legislated/proposed in various other countries. Legislation was recently passed in the UK to require the ISP's to provide a surveillence feed if required to do so by the Authorities. The question of costs, and the technical wisdom of providing such a feed was completely sidestepped. The situation is currently that NZ, if it wishes to continue to be a member of "the US/UK/EU security club" will need to put in place this legislation, or simply be excluded from all the security info that the club provides. (lets take a positive view, and assume much of this info is to do with drug smuggling, human smuggling, illegal arms trade etc etc). Since the authorities are likely to wish to continue their club membership, then one way or another, the powers to tap email/web/data will be put in place. The fact that it is incredibly technically difficult to do, with many routes out of the country, and widespread use of encryption technology makes it very difficult to decrypt any messages. This supposes of course that a message can be extracted intact from the millions of packets flying around. There is no mention yet of the fact that ISP's do not store anything, so how to deal with the storage issue......
Lets say the NZ police decide to look at all my e-mials. Do they have the right to say "Give us your passphrase.. here's a warrant" and if I say. "No bugger off" do I run the risk of imprisonment for "Opposeing police business"
If you oppose a validly issued warrant, then..... What would organising a conference do, apart from encouraging them? I think it would be more appropriate to let sleeping dogs lie, encourage widespread use of PGP, and wait until the first request comes, and then attempt to mould the resulting technical requirement. IMHO, I am intrigued by the idea that the authorities can actually deal with the sheer volume of data, and reconstruct it into anything useful. Rgds Roger De Salis, speaking for myself only, and neither Cisco nor ISOCNZ.
I think a meeting would be a good idea.. perhaps a proper confrence on this issue in NZ would be a good plan... if we can get enough interest we could perhaps organise a convention room somewhere and have a proper NZ internet security and the Law confrence with some of the important people in this feild in NZ attending.
I also don't believe in scanning emails for particular text strings to perhaps highlight possible problems (and I know this isn't effective especially with people being able to use pgp etc)
What if someone is using encrypted or securirty like ssh/ssl/pgp/ and whatever other encryption there is.
This issue is one I think needs to be looked at... I persoanlly use PGP for many e-mails with vendors overseas when transmitting commecially sensative information.
Lets say the NZ police decide to look at all my e-mials. Do they have the right to say "Give us your passphrase.. here's a warrant" and if I say. "No bugger off" do I run the risk of imprisonment for "Opposeing police business"
Where do you stand on port scanning? For example some say there's nothing wrong with portscanning - it is what they do with the information after they scan. Others say if they port scan they must be guilty or told off.
And what about ISP's scanning their customers? It could be said to be a security issue. I used my parents ISP in the US and got portscanned from their NS server 2 times in one hour.. thinking they might have been hacked I called them and apparently they do it as a "service to their customers" They scan for open BO, netbus and other hacker things such as default redhat installs. Is this a breech of privacy?
Meeting - Yes please
Agreed perhaps a security and the law conferance.. I'ld be happy to help organise this.
So please raise hands if you want it.
Raise.
Chris Rigby Senior Systems Engineer IHUG - Into the Internet
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
-- \_ Roger De Salis Cisco Systems NZ Ltd