Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
United States

Government Backs Down On Network Monitoring Plan? 47

GNUCyberKat writes "This article relates how the US government is now approaching their plan to monitor private sector networks. It presents both sides (mostly through links) but is otherwise a good article. "
This discussion has been archived. No new comments can be posted.

Government Backs Down On Network Monitoring Plan?

Comments Filter:
  • Actaully, I was thinking more of CALEA. The proposal that had hooks into all the telecom networks. It seems to me like their proposals are getting more daring.

  • What business does the government have with what kind of drugs are out there? So it can create lucrative black market terrorists organizations that thrive? Seems like the government is creating all these problems in the first place.

    So the government monitors traffic on the net. It learns new ways of getting in trouble after some government employees take a kickback by leaking some inside information gained by email exchange by engineers at a tech startup. Patents are issued and the government has a company paying billions in taxes on a new product on its soil.

    Monitoring can create some unhappy people. Let's play fair and everyone will get along better.
  • Just imagine the profile they could have on your name. What are your interests? What hours of the business day did you post to slashdot? Did you ever make any posts to alt.sex? Do you ever intend to run for political office?
  • Almost a non-intelligence issue. As a Democrat, I am ashamed of some of the policy coming out of my representatives.

    Maybe we need to come together and form some kind of Technocratic party and run our on canditates. Heh. Just a thought.
  • Yeah, I'm running for pres as a write in independant canidate, of course, I don't expect to win, but ya know, I'm voting for me!


  • by Daniel ( 1678 )
    It presents both sides (mostly through links) but is otherwise a good article.

    Heaven forbid that someone should write a balanced journalistic piece!

  • >I believe you've confused "right" with >"technological capability."

    More like "mathematically capability". Which is the same thing as "right" (if there is such a thing as a "right" at all) if you ask me...
  • It's not a question of whether or not they are, it's a question of how they approach it.
  • As I read this, most of what they're talking about is R&D for tools to detect intrusions and attempted intrusions at the host and LAN level in -- things decent sysadmins already use, like tripwire and portscan detectors. They're also talking about tools for correlating the alerts these detectors send out. Correlating them at the LAN or organization level seems to me to be a reasonable thing for a sysadmin to do. Correlating them nationwide is only a problem if they are gathering more information than they're supposed to -- if we insist on an open protocol and open-source, it's not a privacy threat.

    Here's the kind of thing they're worried about: imaging a virus or worm whose payload is a packet sniffer. Mostly it spreads as quietly as it can, but when a copy finds itself on a host in the target domain, it starts sniffing for l/p pairs and other critical information. When it has them, it sends out an http request. I'll leave the contents of the response to your imagination.

    Is this so implausible? Could it do serious damage to your organization? Do you know how to prevent it?

  • Hey, I might even vote for you. That would be *two* votes. ;)
  • to the recent news about ESCHELON or whatever that name of the monitoring system that Austrailia came out with just a few weeks ago? Are they trying to legitimize everything that they have already done, or are we looking at the attempt to get into a second round of systems that people "know" about?
  • I NEVER said or implied the government had any right to do these things. All I said was the government was not going to going after warez kiddies pirating Photoshop, 3DMax, or the new Prodigy album. They're after different fish. I don't like the idea of this kind of monitoring either, I was answering a specific question. (not to be rude, but don't put words in my mouth)
  • "If you've done six impossible things before breakfast, why not round it off with an attempt to ban all cryptography from the Internet?"
  • The American government as all the right in the world to watch and record and analyze and study the dataflows on the Internet, just like anyone else has. If the FBI wants to act as an online security consultant, then that is completly fine with me.

    Let's just change this a bit:

    The American government as all the right in the world to watch and record and analyze and study the dataflows on the telephone network, just like anyone else has. If the FBI wants to act as an telephone security consultant, then that is completly fine with me.

    Would you agree with this statement? I don't think there is any important difference between the original and the new one. We are talking about networks that span the whole globe, where data is normally transmitted without encryption, and in which by tapping at the right place, you may intercept lots of communications. However, it is an invasion of privacy for the government to wiretap phones without a court order. Why should it be any different for, say, email or TCP connections in general?

    Given that the these two huge holes in our human rights go away, I will gladly assume that every information generated by me on Internet (be it a random Telnet package or a slashdot post) falls into everybody's hands (including the American, Iraqee, and Chinese governments).

    This may be true of /. posts, but I don't see how if I email you this would get into chinese gov't hands. (I can traceroute the path between our mailservers and see, but I don't think this will be necessary.) Same if I telnet to my university computer from a home dialup connection.


  • No...actually they're more a technical means which makes things *much* easier for the developers of that code.

    People. Cookies Are A Good Thing. They give persistance to an environment that isn't persistant. They allow developers to code web applications that can follow you through the use of that application. I daresay that if it weren't for cookies hotmail simply wouldn't exist. How do you *think* they figure out how, at any given page, what user your are?!

    There is no secret conspiracy to use cookies to rule the world. Believe me.
  • by Anonymous Coward
    Your a fool if you think big brother isnt already watching.
  • we are born with cameras up our ass
  • The American government as all the right in the world to watch and record and analyze and study the dataflows on the Internet, just like anyone else has. If the FBI wants to act as an online security consultant, then that is completly fine with me.

    The problem is the lack of cryptography to protect yourself (which of course is their fault), and the fact that online crime is prosecuted by an authoritian state in meatspace. Information crimes should be fought with information methods.

    Given that the these two huge holes in our human rights go away, I will gladly assume that every information generated by me on Internet (be it a random Telnet package or a slashdot post) falls into everybody's hands (including the American, Iraqee, and Chinese governments).
  • They're basically saying, "Oh, we were NEVER going to do anything more than monitor critical networks for anomalous activity..." That's still a little too much for me. Any banking concern or other enterprise that forms part of the "critical infrastructure" should already be paranoid about security, and doesn't need the feds to tell them when they're under attack or help them dig out of the situation. It's like Social Security: you must do your own retirement planning; if you rely on the government to do it, you're going to be poverty-stricken a year after you retire.

    As usual, we're seeing the FBI (and most likely the NSA especially) trrying to stick its collective nose where it doesn't belong. Let us protect our own networks -- it's nobody else's business what traffic is on there. And I would tend to think it would be a lot easier for a foreign government to compromise one of these "trained, experienced analysts" once the system is in place than to actually crack all those thousands of systems and networks that such an analyst would be able to monitor.

    Call me paranoid, but any security professional knows that paranoia doesn't go far enough.
  • Could the government also be trying to do this in order to track warez, mp3, etc. sites? Doing this in the name of "proctecting our networks" seems like a cover-up. It sure would help out law enforcement if they're really interested in piracy.

    Just a thought.


  • Semtex, cocaine, Ireland, Cuba, Colombia, plutonium, 128 bit encyption, Mafia.

    I bet big brother is definieley watching now...
  • Why does anything the government do have to be done in such a wasteful manner? I would imagine most people that have a server on the net that experience a problem can deal with it just by looking at the logs, find the identity, make a phone call and see if the person needs help. You don't need a multibillion dollar spying center to replace everyone's job.

    Do morons run servers? They will if the government has its way and insists on playing big brother on everything. Its like we would be so helpless without laws and regulations covering everything. The internet was doing so good until we started getting laws about encryption it seems like its going downhill from there...
  • Even If they are watching, do you have any Idea how much information they would be collecting? WAY more than could possibly be analyzed in real time. But they're not watching (The internet is self-ran and their software would have to be installed everywhere to be effective, wouldn't it?) and you, sir, are simply paranoid.
  • I agree at the moment it's impossible but with the advances in computing power and some good algorithms who knows...

    Anyway I think they would use ISPs to warn them or track specific people over the net (remove them cookies, don't give out your e-mail, use encryption).

  • whats left of the the humanity??
    whats left of the individual freedom
    what about the right not be controlled... right to chaos?
    we're all controlled...

    Anger is gift...
    freedom? yeah right --R.A.T.M
  • Um, I think the intent was to imply that overuse of links as a substitute for writing a coherent article isn't the best thing in the world, but that despite this flaw, the evenhanded presentation of both sides of the debate makes the article good anyway.
  • by crow ( 16139 ) on Thursday July 29, 1999 @06:45AM (#1777250) Homepage Journal
    And I just saw an article reporting that Reno, I believe in a letter to the German government, stated her desire to see all cryptographic products banned from the Internet. Despite the technical and legal impossibilities involved, that was one more indication that the JustUs Department is solidly anti-privacy.

    Interestingly, this seems to be a non-partisan issue, so I can't fall back on my traditional response of complaining about the Democrats. I've yet to see either party integrate a cohesive position on privacy and technology.
  • I'm hardly a lawyer so I don't know the grey areas, but it's already illegal for the FBI or local police to tap a phone line without a warrant. Yes, anyone can sniff data off of "public" networks, but these people doing the sniffing are not also controlling access to cryptography technology. If we allow the Fed to watch all our communication, what incentive do they have to ease restrictions on encryption? For that matter, WHY should they? It would only server to hinder themselves in their "crime fighting" tactics.

  • Y'all remember the Know Your Customer program, right? Where banks were supposed to monitor accounts for "anomalous activity" and report that to the proper officials...

    No matter how many battles are won, the war for security and privacy continues...

  • The federal government doesn't give a damn about warez, mp3, etc. sites. They are looking for information about illicit drugs, terrorists, DOS attacks, etc. Of course in the process they would happily violate your privacy, and no doubt collect damning evidence for minor crimes if you are part of a unpopular political movement (i.e. something like protesting Mumia's death sentence).
  • The cited link doesn't work...
  • Which brings me to wonder. Currently, we have email systems such as hotmail going over to a cookie rich environment, where if you don't have the pass cookie on your machine, the system chokes up on your entry.
    Is this merely the progress of modern internet tracking systems, or is this a govt. movement toward cookie usage so that it won't be as suprising to have said security cookies in use, and thus easier for the govt. to track things? Talking out of my nether orfice here, but...possibility?
  • by Anonymous Coward on Thursday July 29, 1999 @06:48AM (#1777256)
    Believe it or not, the government is trying to act on the behalf of its citizens with most of these initiatives. If you read the actual text of the plan (available at http://www.cdt.org/policy/terrorism/fidnet/ )you will see that the plan calls for monitoring of mostly .gov site traffic. It calls for a plan to help certain critical infrastructure sections of the private sector in monitoring (ie, banking, utilities, perhaps stock market, etc). An outage in any of these areas of the private sector would have very detrimental long term effects on the Citizens of the US. THAT is why they want to do this.
    Plus, if you believe everything you hear, the we must already be monitored, right?
    The same rule that existed before still applies...if you want it to be secure, encrypt it; quit bitching about how THE MAN is going to screw your life and take some individual action.

    The above is only my opinion.
  • I'm sorry, this is probably totally going to blow rules one and two, but it just kinda struck me (and yeah, I'm behind on a lot of these arguments, so bop me on the head and correct it fast) But:

    If the web, as it is used and accessed, is international, then how can encryption in use on the web be national only? Only so long as the keys are NOT cracked are they national...the moment it's broken, it becomes international. So any movement that says "this algorithm/code must stay in the country for national security" seems to be more like hedging than any actual useful thing.
    I'm stating the obvious, I suppose. Okay, I'm going to shut up now.

  • As long as cryptography is legal, the disclosure that governments are monitoring communications will serve the public interest in encouraging additional use of cryptography.

    Seriously, you shouldn't expect anything sent over an open channel to be private. Now the US government is helping people to realize that. Now if only we can get lucky on some cryptography export rule relaxation, we'll be all set.
  • Note the wording in the article, "and ultimately private-sector information". Seems to me that the major revision between today and yesterday is that the plan will not include intrusive monitoring of financial or other private network activity. Yet. This is OK -- better than yesterday. But it does show who has clout, who can pull whose chain.

    As reported on some business news show yesterday, the private sector and the feds have very different goals and M.O.s when it comes to security efforts. Corporations just want to know how a breach occurs so they can fix the problem and prevent related losses and copycats. They abhor publicity. The feds are fixated on the act and catching and prosecuting the perps. As others have noted, they don't have a very good record of defending against their already known vulnerabilities. So they are fundamentally at odds.

    A day later, the feds are saying, "aw never mind. We'll set up shop on our block and talk to you later."

    If only net libertarians had such access.

  • This is news? It's fairly obvious that the real target is not criminals (who will obtain and use illegal tools anyway -- they're criminals, duh) but average citizens who get on the government's bad side or are randomly targeted in order to give the bureaucrats something to do.

    Interestingly, this seems to be a non-partisan issue, so I can't fall back on my traditional response of complaining about the Democrats.

    That is also not surprising. Personally, I suggest that the Democrats and Republicans ditch their donkey and elephant symbols in favor of green and purple neck cloths.

Thufir's a Harkonnen now.