[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NSA WATCHES INTERNATIONAL TELE COMMUNICATIONS AND DATA TRANSFER FORUM - Sigint/Surveillance/Denmark
Bo - I'm disappointed that your article departs from the usually high
standard of rest of your Echelon material. I work for a major US
telecom company that's also on the forum, but this note is my own
personal comments. I've spent the last 4-5 years in a marketing department
that provides technical support for large data customers, including
companies buying frame relay services in the US and other countries.
(We also support lots of other networking technologies.)
I'm also part of the Cypherpunks group which discusses technology and privacy,
particularly the development of encryption software to prevent
privacy intrusions by governments or private eavesdroppers.
I'm distinctly no friend of the NSA or their eavesdropping mission,
but I haven't seen any improper influence by them in Frame Relay standards.
This is a major contrast to their interference in US cell phone standards,
where they have bullied the committees into providing poor technology.
Frame Relay is a Link-Layer protocol that's a modern replacement for X.25.
Companies use it to build private data networks - it's more economical
than dedicated private lines, but more private than the Internet.
Most users carry TCP/IP or SNA protocols over their frame relay networks.
While there are many places that eavesdroppers can tap into a network,
I have not seen this in Frame Relay networks or the equipment supporting them;
it's much more practical to attack one of the user endpoints than the network.
Similarly, encryption can be included at many layers of the protocol stack;
Link Layer, also known as Layer 2, isn't usually the best place to include it,
but there are some products that provide encryption for frame relay,
and some banks use them. These products are installed by the end user,
not by the network provider, which is the right choice for protecting the
end user's data. Usually, a better choice for encryption is to encrypt
at the TCP/IP layer, which can be done by the end user's router which
connects to the frame relay network.
If you want to investigate NSA activity in standards committees,
I have some suggestions for better targets than the frame relay forum:
- Voice over IP and other Voice Over Data standards, like H.320, H.323, H.324.
None of these systems use encryption, though some may provide
standard methods that aren't being used. As a large fraction of voice
traffic begins to move to the Internet and to private TCP/IP networks,
this means that it will be much easier to eavesdrop than before,
including illegal eavesdropping. I haven't worked on these committees,
but you could check whether the NSA has influenced their members.
- IPSEC IP Security and the IPv6 next generation IP -
The IKE Keying protocols are baroque, clumsy, and hard to develop.
The NSA has been very "helpful" about contributing technology -
I don't know how much of this "help" is deliberately intended to
slow down commercial and free software development, and how much
is just clumsy incompetence, ego, and the usual reasons that make
standards committees' output resemble badly-designed camels.
US Export Laws have also interfered with standards committee development,
and with products that support the standards developed by those committees.
The NSA increases the Fear, Uncertainty, and Doubt on the standards
committees
they work on, especially by suggesting that good standards will be forbidden
from export, and has often discouraged them from developing necessary
standards for security, but this does not mean the other committee members
are conspiring with the NSA to do evil things.
Bill Stewart
At 09:11 PM 12/27/1999 +0100, Bo Elkjaer wrote:
>FYI: Tele Danmark is the national tele communications company in Denmark.
>It was privatized in 1996 and sold to the U.S. company Ameritech. Tele
>Danmarks monopoly for 'providing the copper' in Denmark hasn't been broken
>yet.
>
>The article was printed in Ekstra Bladet sept. 26. 1999
>
>TELE DANMARK IN A CLUB WITH ECHELON SPIES
>Tele Danmark participates in a world-wide forum with
>the Echelon-organization NSA.
>
>Tele Danmark cooperates directly with the US intelligence agency NSA. This
>collaboration takes place in an organization named Frame Relay Forum. In
>addition to Tele Danmark and spies from the NSA, there are representatives
>from just about every imaginable international data and telecommunications
>company. We name at random: Ericsson, British TeleCom, Nokia, Deutsche
>Telekom, AT&T, Intel, Hewlett Packard, IBM and Intelsat, as well as Tele
>Danmark's parent company, Ameritech.
>Tele Danmark's representative is Chief Planner Jens Ulrik Mouritsen. Last
>Thursday, Tele Danmark's security manager, J�rgen Bo Madsen, stated that
>Tele Danmark did not cooperate with the NSA.
>
>SINCE 1992
>Nevertheless, this collaboration has actually existed since 1992, and ever
>since, the Frame Relay Forum has been working on the development of common
>standards for data transfer - something of great interest to the NSA,
>whose work involves monitoring these data transfers.
>The disclosure that Tele Danmark consequently cooperates directly with the
>NSA is somewhat of a shock in the local discussion in Denmark on the
>Echelon surveillance network that involves a global surveillance alliance.
>This alliance specializes in monitoring and tapping all communication -
>telephones, the Internet and telefaxes. The surveillance is carried out
>systematically, across a broad spectrum and without court orders.
>In light of the fact that the NSA is running the illegal global
>surveillance through Echelon, today's disclosure of the cooperation
>between Tele Danmark and the NSA raises additional questions regarding
>security over the telephone and the Internet.
.......
>Frame Relay Forum. Here you can check out if your local telco is in bed
>with the biggest of all big brothers:
>WORLDWIDE, AFFILIATE AND AUDITING MEMBERS
>http://www.frforum.com/3000/members/index.html
Thanks!
Bill
Bill Stewart, [email protected]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639