RE: [Raven] Clarifying questions

[Christian Huitema <huitema@research.telcordia.com>]

The issue of "design support for wiretap" arise in the Megaco working group
a few months ago.  Megaco set up to define protocols for controlling
Internet Telephony gateways, and when the issue of wiretap was debated,
three different points of view arised:

1) One extreme view was that we should engineer the protocol so that it
could provide explicit support for a lot of wiretap variants, such as
tapping some legs of a phone calls (e.g. some members in a conference call)
but not some other members.

2) Another extreme view was that we should not do anything special at all
in the telephony application, and that if any wiretap was conducted, it
should be performed at the packet level (IP).

3) An attentist point of view was that we did not exactly know what the
requirements were, that we already had partial support for wiretap by using
a slight modification of the 3-ways calling facility, and that we should
study the whole issue in a separate working group.

Megaco ending up with the 3rd approach, and so the balled rolled into the
IESG court, which explains the creation of this mailing list. With all due
respect to the civil libertarian, the issues here is not so much whether we
should allow the ploice to conduct wiretaps or not, as to study the
technical issues.  Some form of wiretap are more difficult to implement
than others; some forms of wiretap are also more intrusive into people's
privacy that others. For example, IP level wiretap is easy to implement,
but more intrusive than a wiretap restricted to the voice exchanges.

The exchanges within Megaco also showed that this is by no means a
single-country issue.  In fact, the initial proposal to have extensive
wiretap support in the gateway control protocol originated from a desire of
compliance with the Swedish laws. But it showed that different countries
may have different requirements.  For example, when wiretapping a
conference call, the police in some countries will be satisfied with
receiving the conference channel, the sum of all participants' voices,
while in other countries they would insist on receiving each participant's
voice in a separate "circuit." Another difference would be the handling of
calls placed on hold -- in some countries, in order to protect the privacy
of 3rd parties, the wiretap is suspended when this 3rd party is placed on
hold by the wiretapped party. 

Among the questions:

1) Is voice special? Does it make any sense to have wiretapping of Internet
Telephony, rather than wiretapping of all Internet communication?

2) When the application, for example the Internet telephone, is located in
the users' premises, who is responsible for the wiretap? Is it the
equipment manufacturer or the ISP?

3) If an ISP does not provide any telephony support, but the user get it
through end to end equipment and, maybe, a telephony portal operated by an
independent company, should the ISP be concerned with wiretap of voice
conversations?

4) There are Internet PC games available where players can speak to each
other during the game.  Are these subject to wiretap?

As in the encryption case, I think that it would be useful to first explain
the issue, and then provide guidance to regulators.
-- Christian Huitema

_______________________________________________
raven mailing list
raven@ietf.org
http://www.ietf.org/mailman/listinfo/raven