[***Originally posted on the <politech@politechbot.com> listserv, Mod.***] Hello! In case you didn't know yet... Yesterday Polish Ministry for Internal Affairs and Administration (MSWiA) sent a draft of new wiretapping law to the Polish Chamber of Information Technology and Telecommunications. According to the draft all operators (PSTN, mobile, ISP, IAP, ICP) are required to install equipment allowing the law enforcement agencies unattended capturing of data from their networks. The draft actually specifies what the equipment is expected to do. Almost no technical details were given, but as I guess this would mean buying and installing a black box behind every border router and firewall, and providing a leased line to the spooks location. The operator is also expected to provide an access to the plaintext, if they encrypt any data flowing through their network for their own purposes or in customer's behalf. This would probably mean breaking all security provided by internally used IPSec and requirement to capture the data sent outside via secure VPNs before they actually get encrypted. I expect that introducing the law would simply kill many of the smaller operators, because they can't afford to buy and install the equipment, which will be then used once in several years or never. This is because there are several hundreds of Internet providers in Poland, but most of them are small and private businesses with several dozens of customers. There are also obvious risks associated with installing untrusted third party equipment in your core network, behind all firewalls and with access to all your data. The data would be captured at the spooks discretion and no one would now what is actually captured and when. Polish police and special forces get much less public attention and scrutiny than in e.g. US, so this would allow wide range of potential abuses like economic or political espionage. As you can see, this is a lightweight version of British RIP and very similar to Russian SORM-2. Currently it is widely discussed here and the draft is waiting for the Chamber to express their opinion. No English version of the draft is available AFAIK and I can't translate the juristic language, but all the important details are described above. Below are some useful links: The Chamber (in Polish and English, but no comments on the draft yet) http://www.piit.org.pl/ My article and the draft itself (in Polish) http://ipsec.pl/ipsec/article/291 -- Paweł Krawczyk <http://ceti.pl/~kravietz/> ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if it remains intact. To subscribe, visit http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ ------------------------------------------------------------------------- ========== HURIDOCS-Tech listserv ========== Send mail intended for the list to <huridocs-tech@hrea.org>. Archives of the list can be found at: http://www.hrea.org/lists/huridocs-tech/ To subscribe to the list, send a message to <majordomo@hrea.org>, with the following text in the message: subscribe huridocs-tech To unsubscribe from the list, send a message to <majordomo@hrea.org>, with the following text in the message: unsubscribe huridocs-tech If you have problems (un)subscribing, contact <owner-huridocs-tech@hrea.org>.
[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]