Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
The Internet Programming IT Technology

Oasis Forms "Lawful Intercept" XML Committee 96

An anonymous reader writes "Oasis has announced the formation of the Lawful Intercept XML Technical Committee. The announcement refers to it as a "universal global framework for supporting rapid discovery and sharing of suspected criminal and terrorist evidence by law enforcement agencies." It's not really clear if this is supposed to aid in information exchange about suspicious activities/individuals, or 'intercepting' in the sense of eavesdropping, or what exactly."
This discussion has been archived. No new comments can be posted.

Oasis Forms "Lawful Intercept" XML Committee

Comments Filter:
  • by TheVidiot ( 549995 ) on Monday January 27, 2003 @06:44AM (#5166518) Homepage
    I had no idea Liam and Noel were XML literate. THAT'S why you can't understand Noel... he hasn't released his DTD.
  • by Big Mark ( 575945 ) on Monday January 27, 2003 @06:47AM (#5166531)
    Lawful Intercept XML Technical Committee.
    Aha! Your use of non-valid XML is in breach of the DMCA! Your entire possessions are to be seized and you will be shipped off to Guatameno Bay!

    -Mark
  • by terrencefw ( 605681 ) <slashdot@@@jamesholden...net> on Monday January 27, 2003 @06:49AM (#5166536) Homepage
    ...is what this is all about. Packaging ISP and cellphone data up into a nice easily-datamined format for law enforcers. Just what your average man in the street wants done with his data.
    • by jodonoghue ( 143006 ) on Monday January 27, 2003 @07:27AM (#5166630) Homepage Journal
      Indeed so. While 'uncool', lawful interception tends to be a prerequisite to deploying many types of technology - for example the GSM mobile system has had a detailed specification for what information can be intercepted, and how this must be achieved, for many years (you can start from GSM 01.33 specification and work your way out...)

      This type of technology can, self-evidently, generate vast quantities of data, and each network equipment vendor currently generates in a different format. It's simply a way to ensure that data which would have been logged anyway is provided to law enforcement agencies in a standardised way.

      Probably true to argue that this will be used for ISP logs etc. but the key point is this: "lawful interception". In the UK, and doubtless most of the 'Western' world, this requires a court order, but in these 'terrorist' domainated days, the criteria which are sufficient to get such an order are becoming ever less stringent "...well, he was a commie as a student, and anyone with a beard like that must be an international terrorist, your honour..."

      The job of the concerned citizen is not to fight the enabling technology, but to ensure, through the democratic process, lobbying and protest as required, that the use by government agencies of these technologies stays within reasonable (whatever that means) grounds.
      • by HiThere ( 15173 ) <charleshixsn@earthlinkLION.net minus cat> on Monday January 27, 2003 @11:47AM (#5167870)
        It seems that I've heard of several cases where no court order was obtained. The ISP was merely "requested" to cooperate. Well, it wasn't THEIR data. So they forked it over without compulsion, compunction, notification, or reason demanded.

        Now they weren't legally obligated to do this. They could have held out for a warrant. But why should they? So they didn't.

        Now one doesn't know how often this happens, as one only hears about it when:
        1) It's used in court records
        2) It's a slow news day, and
        3) Some reporter happens to think it might make a story.

        Of course, item 3 makes the whole argument dubious. (I've been at events that were later reported. ... Any similarity between what I saw and what was reported falls within 1 standard deviation of chance. [OK, so I exaggerate. But not that much.]) Still...

        I'm sure that most police do the best job they can for the good of the community. Nearly all of the time. And that it's quite dangerous. Spies and wiretappers aren't "most police". And frequently neither are those setting the priorities or legal interpretations. And in most organizations the folk that rise to the top tend to be those that are most interested in rising to the top, not those most interested in doing a good job.

        But you're right. There tends to be a requirement to provide a kind of quid-pro-quo to get a favor out of the government. Like approval for a new service. This doesn't mean that it's in the best interest of the citizenry, or even of the government, but the people who run approval processes display their status by exercising control. And this has to look at least halfway reasonable (if only so they aren't ashamed of themselves). And controllers love new fields to be controlled. So I can easily see why they would insist on "lawful intercept". (I might be dubious about it's constitutionality, but I doubt that the courts would be...I'm conservative in that way.)

        As to how this will be used...
        Cell phones are required to carry GSM transponders. I don't know whether they are live if the power is switched off (I suspect they aren't, as my battery lasts a long time). But this kind of standard format allows real-time tracking of what is already a large fragment of the population, and will probably soon expand to nearly everyone. And if batteries improve, then they'll probably adopt an "always on" approach rather like the latest desktop computers, where the power switch doesn't actually turn the thing off.

        "Fight enabling technology"? That's not precisely the problem. We currently have the potential for more technologies than we can imagine. We select which ones we develop. By our choices, we are determining a part of the texture of the future that we will encounter. (And, yes, I do find this one quite dubious.)

        • A thought provoking and intelligent post, which I'd moderate up if I wasn't already a contributor in the thread. Think you've misunderstood how cellular phones operate somewhat, however. No mobile phone carries a 'transponder' as such, but a mobile phone needs to have some means of telling the network where it is, so that the network knows where to look if there is a call for the mobile.

          This is normally done by having the mobile 'tell' the network when it moves from the coverage of one cell to another (in GSM it's called Location Update - see 24.008 specification (www.3gpp.org) for gruesome details. UMTS works similarly, CDMA2000 doubtless a little different, but the principle will be the same).

          The consequence is that the network will have a log of which cell you are in at any given time that your phone is turned on. Now, this doesn't accurately locate you (although in many cities, where cell sizes are 300 meters, it could be pretty close), which could establish a pattern of behaviour (or invalidate a false alibi, for example). Forthcoming US legislation (E911, IIRC) requires closer location fixes ( 100 meters) to be possible in the US, and this will inevitably be deployed everywhere as it allows for many useful services (think "give me directions to the nearest bar/restaurant/train station etc"). Point is that your phone already does this, has for many years, and there's no need for an 'always on' connection to allow for this.

          As it happens, I have absolutely nothing against the use of these technologies - indeed, I've even been involved with their design. I *do* think it's important to ensure that the authorities use them according to the law. Of course they normally will, because a conviction could be impossible if the evidence was gathered illegally, but you've correctly pointed out how this can be abused at times.

          My point is really that concerned citizens of any nation should scruitinize the actions of their governments and ensure that they remain within what the majority find acceptable, and ensure that firm action is taken against those responsible when the accepted legal boundaries are overstepped.

          Unfortunately, at this time, governments all over the world are using the current 'security' crisis as a means to extend the extent to which our actions are monitored. This may well be necessary, but an informed and intelligent is required about the balance between the need to protect citizens and the right to reasonable privacy when you are going about your lawful business.

          In my opinion, at least here in the UK, we had that balance about right 5 years ago, and are moving somewhat in the wrong direction. If the majority feel I'm wrong, and after due consideration, that's fine with me.
      • The job of the concerned citizen is not to fight the enabling technology...

        WTF is 'enabling technology'? All tech is enabling. It's enabling someone to do something they couldn't before. Whether it's enabling me to make mp3s, or enabling someone my ability to do so.

    • Cops (Score:1, Insightful)

      by Anonymous Coward
      Did you miss the LAWFUL interception part? There are plenty of good reasons to tap phones, rooms and net traffic.

      If you people had a cop in the family or for a friend, you'd know that they the vast majority of them aren't nightsticking thugs or hellbent on invading your privacy. Yes, if you dig deep enough you will always find dirt and there are always a few rotten apples in the basket. However, that applies to doctors, lawyers, system administrators, coders, janitors and to any other profession as well.

      • If you people had a cop in the family or for a friend, you'd know that they the vast majority of them aren't nightsticking thugs or hellbent on invading your privacy. Yes, if you dig deep enough you will always find dirt and there are always a few rotten apples in the basket.

        I did have a cop as a friend of the family. He confirmed that most ARE 'rotten apples', as you put it. That, coupled with the stories people have for being pulled over without cause leads me to belive the old saying: 'Power corrupts.'
      • Did you miss the LAWFUL interception part? There are plenty of good reasons to tap phones, rooms and net traffic.

        The part you're missing is that recent legislation - like the "patriot" act - has greatly expanded what can be considered lawful interception. Concurrently King George II has limited your ability to get information out of the government. The result is a civil rights train-wreck waiting to happen.

  • XML easedropping (Score:1, Interesting)

    by Anonymous Coward
    At first I thought this had to do something with Microsoft's new ISA server's ability to "firewall" XML content...ah, the idea of a server that can spy on service content....hmm, didnt we already have echelon for this??
  • So now terrorists are supposed to use valid XML (with respect to the approved Bin Laden DTD) to arrange bombings and the such. This is a natural step forward since XML is easier to parse and to detect by law enforcement agencies... This IS a joke, right?
  • Hey kids! (Score:5, Insightful)

    by Nemus ( 639101 ) <astarchman@hotmail.com> on Monday January 27, 2003 @06:57AM (#5166562) Journal
    Come on everybody, grab your Buzzword Bingo cards, and lets play the game! [coverpages.org]

    On the other hand, for those of you, like me, who have just woken up, a translation is provided below:

    [translation]"We're gonna, um, do some security stuff, because, uh, security is cool, and uh, terrorism, is like, bad. We don't know what we're going to do yet, though. Or how. Or why. But, ummm......dude this is some good shit *sniiiiiiiifffffff*"[/translation]

    Sorry for the sarcasm, but any press release that takes up three pages, and could be summarised into thirty words, deserves to be mocked shamlessly. Mod me down, it needed to be said!!

    • Re:Hey kids! (Score:5, Informative)

      by Hellkitten ( 574820 ) on Monday January 27, 2003 @07:04AM (#5166574)

      Real translation:

      Telecoms, ISP-s etc in some countries are required by law to intercept data when the police asks them to (with a warrant). Since the police isn't that bright we'll make a standard format to provide this information in to make it easier for them

      • tcpdump or sniff and hand them a tape ;-)
      • Except that the law enforcement (or other) agencies are responsible for interpreting the intercepted data. These types of investigations don't typically involve Random Joe Patrol Cop, so there is no reason, legal or otherwise, for service providers to go to great effort to make it easy.
  • Open standards (Score:1, Insightful)

    by Anonymous Coward
    The whole point of XML is to be extensible to store any kind of information. For my money, this is better than having it stored in some opaque proprietary database format.

    It's also a lot easier to hack and change at will, if that's your bag.

    Have fun.
  • Suspected criminal: Anyone.
  • It appears that when you combine lawyers and XML you end up with a linguistic quagmire that is completely impossible for mere mortals to comprehend, or escape from.
  • P2P (Score:2, Funny)

    by giel ( 554962 )

    Why don't they simply download Kazaa? It has been proven to be very usefull for sharing all kinds of information, no matter where and how one got it.

  • by alext ( 29323 ) on Monday January 27, 2003 @07:08AM (#5166586)
    ...we predict a resurgence of interest in CSV files among diabolical masterminds everywhere.

    Just wondering whether this really has anything to do with XML... if so, should it? Not sure when a data structure last had its own universal global framework for supporting rapid discovery and sharing of suspected criminal and terrorist evidence by law enforcement agencies but I suppose this counts as progress of a kind, though personally I think I'd sleep better if the authorities kept an eye on all manifestations of Directed Acyclic Graphs.
  • by hughk ( 248126 ) on Monday January 27, 2003 @07:35AM (#5166656) Journal
    One of the things that caused problems for the KGB and the Stasi (the state security organisation of the former DDR) was the work involved in processing an intercept. Despite the fact that both regimes were totally fscked, they used legalistic and bureaucratic procedures. The system became limited by the need to approve and process their equivalent of intercept warrants and what to do with the information.

    Neither the KGB nor the STASI had much in the way of computer power to process the information gathered and the legal procedures were manual. What is happening here is that one of the last brakes to quick intercepts is being removed. The bottleneck connected with the approval process made law enforcement types think before ordering an intercept: Do they really need it?

    It will be possible for intercepts to be implemeneted with less controls and far faster than in Soviet Russia).

    • I appreciate your concern that once they know how to use computers, they can be lightning-fast and eliminate all the paperwork. But, realistically, will this ever happen?. If anything, the introduction of a computer system to any government agency only results in more copies of more pieces of paper flying around, not less. (That's assuming that the computer system is ever put into production; 95% of government-procured systems are either never delivered or by the time they're delivered they've forgotten why they bought them.)
      • Yes, it does seem unlikely that it would really work but I still don't like the idea of speeding up the process - it would be just a little too dangerous if it functioned properly.

        Effficient bureacracy did a lot of damage during the era of Nazi Germany. It wasn't enough to win them the war but it caused a lot of people to be eliminated (all with supporting paperwork). This is an extreme example, but I like the fact that certain processes needed by law enforcement take time - it makes everyone think whether they really should be doing this.

    • the Stasi (the state security organisation of the former DDR)

      Fortunately, when the Dance Dance Revolution came they were the first against the wall!
  • Ah, yet another committee or new beauracracy created to fight terrorism. I bet those terrorists are really scared now.

    The only good thing about the formation of the Department of Homeland Security is that it will set back by years the attempts of individual government agencies to spy on US citizens.

    • Yeah, I wondered about this a while ago. The Department for Homeland security is a federal agency charged with ensuring national security, right? So what the hell does the NSA do? Aren't they a bit pissed off that there's this new kid on the block treading on their toes?

      Perhaps I'm missing something here, but even if that's not what the NSA do, there must have been some kind of group looking after domestic security before 9/11?

      • by shoppa ( 464619 ) on Monday January 27, 2003 @08:38AM (#5166884)
        So what the hell does the NSA do?

        Small hint: I work in downtown Washington DC.

        The Federal Government, like most behemoth agencies, is very good at over-reacting to a problem after it is far too late to do anything about it. What amazes me is that the Department of Homeland Security seems to be a much bigger beauracracy than any of the agencies that it is "swallowing", yet it's being built by an administration that sells itself as anti-big-government.

        • Correction (Score:2, Interesting)

          by uptownguy ( 215934 )
          What amazes me is that the Department of Homeland Security seems to be a much bigger beauracracy than any of the agencies that it is "swallowing", yet it's being built by an administration that sells itself as anti-big-government. {Emphasis added by me}

          Correction... it is being built by an administration that sold itself as anti-big-government. See, there was this thing that happened called 9/11 and a lot of people shifted their positions on a lot of things. Its not like this is a big secret and its not like you are going to inspire outrage or shock by pointing out that DHS is big government.

          ...Seriously, I swear half the people on /. have at least a mild case of Asperger's Syndrome [udel.edu].

          • Nice ... somebody actually wasted mod points to mod my parent comment a troll but didn't even have the courage/imagination to post anonymously saying what they disagreed with...
  • Translation (Score:3, Interesting)

    by Badgerman ( 19207 ) on Monday January 27, 2003 @07:47AM (#5166702)
    "We figure there will be benefits to helping out law enforcement, so it's jumping on the bandwagon time."

    After cutting through the buzzwords and acronyms, thats all I could really get out of this article.

    Now, how long until there are copycat activities claiming better methods, more efficiency? Watch as various security consultants have yet another bag of tricks to bring out to sell their services.
  • by dilute ( 74234 ) on Monday January 27, 2003 @07:48AM (#5166703)
    What this appears to be is XML so that the authorities can trade information they gather via intercept, much like businesses communicate with each other via XML. I suppose the idea is to get law enforcement people using a common markup convention, to get them all on the same page. Not a bad idea, it seems to me.
  • After reading the announcement and a couple of the links off it, this sounds more like an XML standard that law enforcement agencies and legal departments can use to send each other information during an investigation - not something they'd foist on the general public to make it easier for government to spy on us.
  • oxymoron? (Score:3, Interesting)

    by Unfallen ( 114859 ) on Monday January 27, 2003 @08:27AM (#5166831) Homepage
    All my own emphasisising...

    "XML Specification Will Deliver Reliable Authentication and Auditing to Safeguard Privacy and Increase Effectiveness of Lawful Intercepts"

    So they're coming up with a standard to protect your data and make it available? Nice.
    Roll up, roll up, get yer snake oil!
  • If you read between the lines, they mention protecting privacy while enhancing the ability to do legal interception...

    Between all the happy-speak this sounds a bit sinister. Could this modification to the XML standard be the software equivalent of the clipper chip?
  • by dirkx ( 540136 ) <dirkx@vangulik.org> on Monday January 27, 2003 @08:37AM (#5166879) Homepage
    See for example www.opentap.org. Since August 2000 internet providers had to comply. The original standard JTS ( Justitiële Tap Standaard) was outdated; the ETSI standard (which oasis does build on) back then does not meet the requiremetns of the netherlands (google 'RapportageTWRT' if you can read dutch); a temporary system was instated for the time being (see SC/28/02/2000; again, in dutch only). What is interesting is that this is a mix between intelligence (which generally does not get to be used (or is usable) in a court against anyone) and the more real information gaterhed by the police authoritys for further criminal actions.

    Dw

  • by Anonymous Coward
    I'm sitting here trying to convince myself to use DocBook for my next book and finding it very difficult to justify it as anything other than an intriguing intellectual exercise.
    XML sounds great when you're in the planning stages of a big project, but once you get into the details it seems to make even simple tasks more complex than they need to be. It's tempting to go for it if you're the only one on the project, but a complex project rarely fits that criteria. Trying to keep everyone on the same page when you're working with people who are only going to be doing small parts is tough unless everybody understands the big picture and that in itself becomes a major hurdle.
  • Obviously.. (Score:1, Flamebait)

    by mattr ( 78516 )
    The sample xml uses the Poindexters' home phone log.

    (urk)
  • by Qzukk ( 229616 ) on Monday January 27, 2003 @09:55AM (#5167219) Journal
    I suppose there will be a click through agreement:

    "I agree not to use this technology to spy on CEOs to determine when to sell my stock. I also agree not to use this technology to spy on my SO, neighbors, or to get juicy blackmail bits on the person who cut me off this morning on the way to work."

    Of course, with the FBI's proven track record, they'll just hit I Agree and do it anyway.
  • So what, are they going to have a catch terrorism web service? In any case, it's good to see the government fighting terrorism.
  • by Aexia ( 517457 ) on Monday January 27, 2003 @11:35AM (#5167812)
    if the FBI and CIA had the authority to intercept e-mails using the [terrorist] XML tag.

    Curse you liberals and your "bill of rights"! How many more people have to die before you let go of your precious "freedoms"?
  • I, for one, am glad that they are giving us the opportunity to properly form our incriminating evidence against ourselves. I was convinced that I would need to come up with my own file spec for that.
  • by Anonymous Coward
    There is an example [cryptome.org] for what such a specification might look like. The second pdf document [cryptome.org] (in English) is especially interesting as it gives some rather technical details of how the surveillence data must be structured (XML) and encrypted (PGP) before sending it to the Swiss authorities.
  • Compare:

    SPECIAL INVESTIGATION: ILETS AND THE ENFOPOL 98 AFFAIR [heise.de]
    America's guiding hand revealed - the secret international organisation behind Europe's controversial plans for Internet surveillance

    Related stories: Telepolis-enfopol papers [heise.de]

  • And the shelters don't cave We will "standardise" it into XML And send Osama to his grave!

Life is a game. Money is how we keep score. -- Ted Turner

Working...