Date: Sun, 26 Sep 1999 10:26:37 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: peter@netplex.com.au (Peter Wemm) Cc: mike@smith.net.au (Mike Smith), dwhite@resnet.uoregon.edu (Doug White), billf@jade.chc-chimes.com (Bill Fumerola), cpiazza@FreeBSD.org (Chris Piazza), chat@FreeBSD.org Subject: Re: cvs commit: ports/net/nstreams - Imported sources Message-ID: <199909261726.KAA10064@gndrsh.dnsmgr.net> In-Reply-To: <19990926154411.41C871CA7@overcee.netplex.com.au> from Peter Wemm at "Sep 26, 1999 11:44:11 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
[FreeBSD-* CC's replaced by chat, users left intact] > Mike Smith wrote: > > > On Sat, 25 Sep 1999, Rodney W. Grimes wrote: > > > > > > > We have just removed BPF from all standard deployment kernel config files > , > > > > Sigh :-(. > > > > > > What, did you just break DHCP again? > > > > No, Rod is just having another panic attack. Don't worry about it. > > IMHO, BPF is no more "illegal" than an Ethernet card that can be put in > promiscuous mode. When they stop making promisc-capable Ethernet cards > *THEN* (and only then) I'll worry about BPF. From my reading of the code an Ethernet card with promiscuous mode features does not qualify as a wire tapping device due to the fact that the primary function of an Ethernet card is not to listen to everything on the wire. BPF on the other hand, or worse, a lanalyzer, is specifically designed designed for this purpose. The law speaks about ``primary purpose'', in the case of an Ethernet card it is not the primary purpose. In the case of BPF/tcpdump it is the primary purpose. Now one could expand the view that BPF is a part of the kernel, and say that the primary purpose of the kernel is not to listen to traffic and probably get away with it. _But_, and this is a big _BUT_, something like net/nstreams is primary designed to listen to conversations. BPF still scares me quite a bit, but then we have a situation quite different than most others, in that we are governed by 47 USC, and many more Federal and State laws than most other businesses due to being a licensed carrier. I know on our telco switching we have to demonstrate that it requires a court order before a trap and trace or pen register can be applied to a circuit, or in the case of the same function performed by a switch under software it has to have very stringent safe guards to insure that the software is only activated under very stringent conditions. The old days of using an inductive pickup handset are long gone, to my knowledge it is now illegal for a lineman to carry such a device. In fact the law has been amended to specifically allow manufactures of such devices to send via certain means _advertisements_ of such devices to official law enforcement and government agencies. [They screwed the law up at one point and it was technically illegal to advertise these types of devices anyplace to anyone. So the law enforcement folks had a bill introduced that changed the law so that they could be sent advertisements. [If I recall correctly this was done in public law 105-112, 1998 time frame] Specifically 18 USC 2512 (3) was added: It shall not be unlawful under this section to advertise for sale a device described in subsection (1) of this section if the advertisement is mailed, sent, or carried in interstate or foreign commerce solely to a domestic provider of wire or electronic communication service or to an agency of the United States, a State, or a political subdivision thereof which is duly authorized to use such device. So another company can send _us_ BPF _advertisements_, as a ``domestic provider of wire or electronic communication ... duly authorized to use such device''. I don't know if all ISP qualify under this as I have not done the proper set of cross references to get a definition of ``domestic provider'' and the even harder search of ``duly authorized''. Please don't come crashing down on the messenger on this one folks, I don't like what I have read in the last 24 hours any more than any of you like reading what I have said here. It's bad, bumming, bogus law, that was poorly written. The original 1948 version of the code was much more concise, was restricted to only governmental entities and has now been hacked to death by amendments that it's so screwed up little things like the above amendment are having to be done so that even law enforcement hands are not tied by the letter of the law. I suspect some crook got off in a court case some place by showing that the police found out about the wire tapping device they used to catch him via an advertisement sent by the manufacture to them via mail, which was illegal until the 1998 amendment, causing the evidence so collected to be inadmissible in court. Twisted, but then so is the law. I did find some good news... there was a Senate Bill introduced in the 105th congress, 1998 S1, that would in effect make DES and lots of other encryption code totally legal to export by the nature of equivalent functional cryptography available outside the US. Unfortunately this bill has been sitting in a sub-comity since shortly after it was introduced :-(. If your interested in writing your Senator about it, let me know and I'll find the it again and give you the bill number to bend his ear over. There where 10 originating Senators, so it has wide support, or at least more support than most bills of this nature. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909261726.KAA10064>