[IP] Telecoms required to save logs of e-mail

To: ip@xxxxxxxxxxxxxx
Subject: [IP] Telecoms required to save logs of e-mail
From: David Farber <dave@xxxxxxxxxx>
Date: Sat, 3 Dec 2005 06:44:12 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <439106A5.4040308@xxxxxxxx>
Reply-to: dave@xxxxxxxxxx



Begin forwarded message:

From: Phil Karn <karn@xxxxxxxx>
Date: December 2, 2005 9:44:53 PM EST
To: dave@xxxxxxxxxx
Cc: ip@xxxxxxxxxxxxxx
Subject: Re: [IP] Telecoms required to save logs of e-mail

BRUSSELS, Belgium—EU justice and interior ministers agreed Fridayon plans that would require telecommunications companies to retainrecords of phone calls and e-mails for a minimum of six months foruse in investigations of terrorism and other serious crimes.


and Bob Franksten comments:

> Too bad reporters don't ask question such as whether thelegislatures understand that you don’t need a phone company to make aphone call and you don’t need a PTT to send email.

Note that an ISP can easily log email even when a user runs his ownSMTP server and/or delivers his own outbound mail. You just recordall the raw packets to port 25.

On the other hand, the SMTP STARTTLS (start transport layer security)command is getting pretty common these days, as most MTA senders willnow use it automatically whenever the receiving MTA advertisessupport for it. Receiver support is not the default because itrequires a X.509 certificate, but some installation scripts (e.g.,Debian Linux) automatically generate and install a self-signedcertificate if required.

Even much of my incoming spam comes in with STARTTLS these days. Ifigure that should make traffic analysis just a little more difficult.

When a SMTP session uses STARTTLS, only the IP addresses of the MTAsare visible to a passive wiretap at the ISP. Because self-signedcertificates are so common, however, an active man-in-the-middleattack would probably work in most cases. Clearly we need certificatecaching like that implemented in SSH.

Under Friday's deal, investigators will be able to view logs ofphone calls and e-mail messages, but it does not allow them to viewcontent of the messages.

That implies that only headers need be logged, so PGP or S/MIME byitself (without STARTTLS) provide no protection at all as they bothleave all email headers in the clear.





-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] NYU administration goes to despicable lengths to stop a graduate student strike
Next by Date: [IP] more on Sony's Escalating "Spyware" Fiasco
Previous by thread: [IP] Telecoms required to save logs of e-mail
Next by thread: [IP] EFFector 18.42: North Carolina Illegally Certifies Diebold E-voting System
Index(es):
- Date
- Thread