On Warrantless Wiretapping, Part III   5 comments

Congress is still debating giving the telecommunications companies immunity for participating in the NSA domestic wiretap program. More complete indexed coverage here. Yesterday I heard an interview with Mark Klein where he talks more about the Narus equipment that is (allegedly, but likely) used in this program. Also blogged about here at Muckraker, and of course Ed Felten’s blog.

For those unclear on the technical terminology, a single Narus insight is capable of “packet processing performance that supports network speeds of up to OC-192 at layer 4 and OC-48 at layer 7, enabling carriers to monitor traffic at either the edge of the network or at the core.” (from their own website). An OC-192 is a network line with transmission speeds of up to 9953.28 Mbit/s, and is commonly used as a aggregation channel between large ISPs. An OC-48 is a common backbone speed for regional ISPs.

Layer 4 traffic inspection includes source and destination IP addresses, layer 7 traffic inspection includes reading all the way down into the data payload of an IP packet. This means that an Insight stuck on the end of an OC-48 can semantically analyze the entire contents of all of the unencrypted outbound traffic for a regional ISP.

Regardless of how this is being characterized, it is important for everyone to know that this means that something is reading all of your Internet traffic. And the Internet traffic of your elected officials, your political organizations, everybody. Since the FBI has already shown that they’re willing to collection information without a warrant, don’t kid yourself that these devices won’t ever be misused.

Advertisements

Posted November 8, 2007 by padraic2112 in politics, security, tech

5 responses to “On Warrantless Wiretapping, Part III

Subscribe to comments with RSS.

  1. pacraic2112> This means that an Insight stuck on the end of an OC-48 can semantically analyze the entire contents of all of the unencrypted outbound traffic for a regional ISP.

    That’s not really what it means. It means that a Narus could monitor all traffic on an OC-48 and inspect some of it. That’s a far cry from semantically analyzing *all* of the traffic.

    And it’s actually not that hard. There are a number of ways to accomplish this with fairly inexpensive hardware, e.g. Etherchannel-based load balancing into multiple <1Gb/s capture devices running tcpdump, and offline reconstruction. The most expensive component is whatever you use as a load balancer, particularly if it needs 10Gb/s ethernet or comparable media.

  2. > It means that a Narus could monitor all traffic on an OC-48 and inspect some of it.

    To clarify:

    According to the Narus documentation (admittedly, this is product marketing description, and may not be wholly accurate), the two layers involved in the data analysis are “capture, normalize, classify” and “correlate, analyze”.

    I consider normalization and classification to be part of “inspection”, myself, but you have a point, it’s not quite as clearly defined as I indicated in my original post.

    Any way you slice it, however, they’re slurping everything. They may not be reading all of it, but they’re at least capturing all of it. The protections against illegal search and seizure don’t say anything about illegal seizure being ok as long as you don’t look at what you’re seizing. 🙂

  3. >For those unclear on the technical terminology, a single Narus insight is capable of “packet processing performance that supports network speeds of up to OC-192 at layer 4 and OC-48 at layer 7, enabling carriers to monitor traffic at either the edge of the network or at the core.” (from their own website). An OC-192 is a network line with transmission speeds of up to 9953.28 Mbit/s, and is commonly used as a aggregation channel between large ISPs. An OC-48 is a common backbone speed for regional ISPs.

    Gee, thanks, Pat, that TOTALLY clears up the terminology for me!

  4. Pingback: Why Rudy Giuliani Should Not Be The Next President, Part I « Pat’s Daily Grind

  5. Pingback: Warrantless Wiretapping, Part VI « Pat’s Daily Grind

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: