[VOIPSEC] Governments employing MiTM attacks against SSL
Dustin D. Trammell
dtrammell at dustintrammell.com
Tue Apr 20 11:50:53 CDT 2010
On Tue, 2010-04-20 at 12:02 -0400, J. Oquendo wrote:
> The statement in its entirety is geared towards the original document
> (http://files.cloudprivacy.net/ssl-mitm.pdf) where individuals will
> complain about being snared in a wiretap. 1) If you have nothing to
> hide you have nothing to worry about PERIOD. 2) If the gov decides to
> wiretap your line, they're doing so for a reason like it or not. I
> highly doubt the government is going to waste time, resources and
> money for the sake of saying: "Gee I wonder what Oquendo is doing...
> Let's tap him!" Hell, I'd invite them over any time. Tap away. If the
> government is doing something unscrupulous (tapping without an order),
> they'd be in contempt and the taps would be worthless, so what should
A recent conversation that I was privy to on a private mailing list full
of .gov types indicated that at a point in time some years ago, it
actually became cheaper and less troublesome to simply perform bulk
surveillance. This sentiment was also echoed in public recently, but I
can't seem to find the reference.
Essentially, the argument states that the cost of surveillance used to
increase with the number of people you were performing surveillance on,
which makes sense. Now however, due to the advances in technology, it's
cheaper and easier to simply watch everyone, and the cost increases with
the number of people that you /exclude/ from the surveillance. This may
or may not apply to telephony currently as you still legally need a
warrant to wire-tap a line, but regarding data traversing the Internet,
it's likely more reasonable to assume that someone *is* watching rather
than that someone *isn't*.
--
Dustin D. Trammell
dtrammell at dustintrammell.com
http://www.dustintrammell.com
More information about the Voipsec
mailing list