Speaking as someone who has implemented [shallow] inspection/filtering and CALEA-type features on comms equipment for markets both in and outside of the US.)
I'm not trying to flame you here, but I really must ask: How do you live with yourself?
I know how trollish that sounds, but I seriously don't understand engineers who voluntarily work against our own ethos. It's not like this is an industry in which implementing CALEA is the only possible way to feed a family. Job opportunities are practically endless.
I've implemented CALEA type features for a major ISP. I did it because it was the law that we implement it. I'm generally in favor of following the law.
Mind you, CALEA doesn't do anything that couldn't already be done with the law. And you get more protections via CALEA than you'd get otherwise.
For one thing, there are warrants that are delivered to a judge for review which then find their way to a company attorney. Only then does any interception take place. I can live with the checks and balances that are in place under this system.
I sometimes find it incredible that people are so quick to embrace lawlessness and then expect their duly-elected governments to follow those laws to the letter. Believe me, if enough people actually cared and went to their legislature, things would change. Of course, most people agree that we should pursue criminals using all legal means.
BTW, I'm in agreement that this system could be abused. Of course, that's always been the case. Laws are just words on paper unless there are people who will enforce them. If those folks look the other way, well, you're right back where you started.
And before you go into privacy rights, let me suggest to you that the millions of people posting their personal information on FB and getting their email via Google provide a pretty substantial counterweight to your position.
But the question was not why the ISP would conform to CALEA instead of breaking it; it was why you as a programmer would take on the job of providing a snooping system, instead of some other job that does not need a lot of explanation about why it's actually not really so bad. There are reasonable answers to this, but I think it's a fair question.
(I don't agree that 'we' should pursue criminals (or suspects) using all legal means.)
So your argument is that I should not be a part of this system? Because you don't agree with it?
As a person interested in PRIVACY and LAW and INTENRET TECHNOLOGY, who would you think I'd rather have working on this type of system? Someone else? Or myself: a person who knows what his motivations are, who knows what the laws are, who knows what the implications for others are, and who wants to see things done properly.
If it's all the same to you, I'd rather it was ME. Believe me, you're lucky to have a guy like me pushing back against law enforcement when their requests get over-broad.
Remember that good people are part of this system and use their judgement to make sure abuses dont occur. I trust my judgement.
Given how much worship Richard Feynman gets around these parts, I'm wondering how people reconcile that sentiment with the fact that he worked on the development of the atomic bomb. FWIW, he seemed to be pretty OK with his role.
As I said, there are reasonable answers, and I'm ignorant of your life, but if you want my view: you should not be part of that system, not because I disagree with it, but because it's wrong. I acknowledge that I may be wrong to think so. "Oh, you think so?" is a distraction from any actual points at issue.
If you've pushed back against particular acts of snooping, then thank you for that. I did not know you're personally involved in particular acts; that's a different moral question than writing an automated system. Note that "better you have ME" is what you'd expect Nazi collaborators to say. You're not a Nazi collaborator, but it shows the at-best ambiguous advantages of this sort of involvement.
Most people trust their own judgement. According to Dunning/Kruger that's weak evidence of a problem rather than positive evidence you're doing good.
In Feynman's autobio he said he regretted keeping at work on the bomb after the Nazis went down. They were all so invested by that point it didn't even occur to them to quit. IIRC that was part of why he chose to turn down work for the feds in general over the rest of his career.
I'd rather have good people involved in "evil" systems, to at least try to balance them, than have evil people involved in "evil" systems where there's nothing but external agencies to provide balance.
And whatever the system is I'd much rather have competent people working on it.
Couldn't disagree more. Every good person should avoid working with evil systems. We should also excommunicate any people who do work with evil from our circle as best we can so they can't grow as well in their profession.
So what? What's your proposal: do nothing because that's the high road, right? Right now doing evil pays pretty good. So long as there is financial incentive to do it and absolutely no downside, why would anyone stop?
Your comment is absurd. Every country has laws and if you break those laws you will be "crushed". Is the very law itself "a fascist viewpoint"? Please put more thought into your commenting as responding to this sort of nonsense is tedious.
I'd ask you to go back and consider the definition of a "just" law.
You just suggested that people who work on "evil" systems be "excommunicated". Exactly how do you do that in the context of a functioning legal system without the involvement of a substantial majority of the people who would have to live under a system.
To me, it sounds like your argument is that the laws of the USA dont meet your liking, even though those laws are developed as a result of a democratic process. You're arguing against your own point, which sounds like nonsensical thinking to me.
You were basically saying that holding people accountable is "fascist". We are in a situation where bad people want to do immoral things and pay well for it. There's no downside. The government isn't going to make a downside because they are the bad people so it's up to us. If no one does anything we're going to find our internet locked down and every aspect of our lives being monitored.
And /again/ I'd point you to the words you used in your argument that depend SOLELY on human judgement:
All of these words mean nothing until someone assigns them meaning. Your meaning might be different from another persons. I've already come up with my meanings of who "immoral", "bad people" are and I'm comfortable with the mechanisms for "accountability". And I vote. And my vote counts just as much as yours does.
I once quit a job because one of my employer's servers became infected with some malware, spread it to client's computers and the employer refused to notify and apologise to said clients.
I sincerely hope that you grow up and take responsibility for your own actions. They are the only things we truly own. I do not believe that you are evil for what you did but I most certainly believe that you are ignorant in a very dangerous way.
I think maybe you missed the point that I actually agree with the mechanisms that are in place. I don't have any disagreements when the framework is used as it is designed to be used. Namely, within the context of due process and rule of law.
More importantly: it's somewhat presumptuous of you to suggest I need to "grow up" or "take responsibility". I stood up in a ballroom full of law enforcement and telecom executives and advocated for the legal, lawful reasons why someone might want to use a prepaid phone without requiring identification. I argued that once you got past accounting, there was no reason to associate the usage details of a phone with a particular party. I even used examples of law enforcement abuse of these facilities to make my point.
There is a lot of misinformation in this thread about what "interception" really means and how it's done. And I suspect in no small way that this is because LEAs dont want to tip their hands as to sources and methods. I won't either.
What I can say is this: if someone is capturing your traffic and has a court order to do it, it's because there is strong evidence that you're using that traffic to conduct illegal activity. A judge is the final arbiter and looks at the evidence (not collected traffic) to support that conclusion.
Don't try and sell Adderall on Craigslist.
Don't steal credit cards or trade secrets via bots that "phone home".
Don't kidnap children and then send pictures of them to your friends.
The Fourth Amendment protects you against UNREASONABLE search. The reasonableness test is left up to the courts to decide on.
The problem with due process and the rule of law is that those things are enforced by humans. People invariably suffer from corruption, in particular, those in power. The less they are capable of, the safer everyone is. Governments and corporations have done orders of magnitude more harm than smaller entities like gangs (though from an absolute perspective, the separation between a gang and a government is mostly ontological). The criminals are (for the most part) not the ones we should be worrying about.
Not to mention that the judicial system is 'dumb' in the sense that it's primary goal is to enforce laws, not to improve society. Having a machine which processes instructions in this way and which simultaneously has the power to ruin someone's life is a bad idea by all metrics. Those two goals (enforcing the law and improving people's wellbeing) are commonly at odds due to the nature of how human societies function and how politics influence things which they ought not to.
So how can anyone take this joke of a system seriously and expect it to be capable of policing itself when emotion is so deeply embedded in the judgements and actions it yields? The judge's decisions are emotional. The system as a whole is crafted out of an inability to deal with emotion (i.e. prisons being primarily revenge mechanisms as opposed to institutions which help people to stop being violent against others).
This is the bigger picture of the situation we find ourselves in. IMO, adding to the arsonal of weapons which this system has access to will serve to cripple, not improve society. In other words, this is all counter-productive and does not take the reality of human nature into account. It is an idealistic perspective.
So our legal system is a joke? That's news to me. I'd actually argue that it's been pretty damn effective in keeping our society from devolving into complete bedlam.
Your comments reflect all the certitude of someone who has never seen real evil up close. To suggest that a system that functions properly 90% of the time is a worthless endeavor isn't a realistic position I'm willing to argue with.
And I don't agree with your assertions. Statements like "Many people have no faith in it's ability to be just or balanced" doesn't jibe with the reality of our political economy. Every single day, hundred of millions of Americans go to work and get on with their lives. If the system was as broken as you claim, I seriously doubt we'd have the strength and standing among nations that you seem to ready to dismiss.
If you're getting all your information from magazines and wikipedia, you're bound to be misinformed about the reality of the task at hand.
And finally, statements like "The criminals are (for the most part) not the ones we should be worrying about" is simply indefensible. The justice system exists because people demand that it exist to protect them. They have agreed either explicitly or implicitly to the arrangement that we have today.
I know many members of law enforcement. They are by and large good people trying to do a hard job. A very hard job. Ask yourself if you have the courage to confront dangerous situations every single day, deal with persistent mendacity from nearly everyone you meet, and still maintain a level of professionalism and respect for individual liberty. That's an awfully high bar to set for a person and part of the miracle of our system is that it happens with such a level of regularity that we take it for granted. That's NOT the case in other countries.
> And finally, statements like "The criminals are (for the most part) not the ones we should be worrying about" is simply indefensible. The justice system exists because people demand that it exist to protect them.
People also demand iPhones, junk food, drugs and violence. This is another logical fallacy (argumentum ad populum).
> I know many members of law enforcement.
I did not make a judgement on these people. In WW2, perfectly normal people committed atrocities because their culture and leadership dictated it. Normal people are capable of thoroughly horrible acts.
> I seriously doubt we'd have the strength and standing among nations that you seem to ready to dismiss.
You have your strength and standing because you are an empire with fingers in everyone's pie. The US has overthrown countless democractically elected leaders over the last century for profit. The world does not speak because it will be beaten for it. Why do you think the UN condems Israels actions but does nothing? This is not respect, it is fear. http://en.wikipedia.org/wiki/Covert_United_States_foreign_re...
Disagree all you want but the facts speak for themselves.
Everybody is trying to get citizenship in the west because the west has destroyed half of the world. Read about why your country (and the west in general) is so rich in the first place. Read about why places like the DRC and Latin American countries are so poor and conflicted. All of this prosperity is built on the blood, sweat and tears of countless people. All empires are the same - rotten at the core. So it was with Stalin's Russia and Britain's empire and Hitler's Germany and Spain's empire and France's empire and I could go on and on.
So, sure, everything's peachy if you just keep your eyes on your house. As soon as you start to look around you'll find that your smile will drop through the floor.
You're talking to someone who has parents from Central America and Germany. Believe me when I say that there is so much blame to go around, it's unlikely that any unbiased reading of history would place it SOLELY at the hands of the west.
I'm well acquainted with the history of the world and my point still stands: the oppression of the "other" is a HUMAN problem, not a USA/West problem. As long as there are people, there will be these kinds of problems.
Tell me what country you live in and I'll list all the reasons why you are not the USA.
> it's unlikely that any unbiased reading of history would place it SOLELY at the hands of the west.
You are responding to a point that I did not argue. I asserted that in the context of recent history and current events, the west, and the US in particular, has done inordinate amounts of damage. I did not claim anything more than that. I did not state that they are the only ones causing damage, just that they are currently the most effective at it. This was in response to:
> I'd put our record up against that of any other nation in the world. ANY nation. Look hard enough at everyone else and you'll find all the reason you need to hate their countries too.
Really? China has a pretty good run going so far. How many Chinese people were imprisoned/starved during the cultural revolution? Have you taken a look at Central/South America lately? Don't even get me started on Africa.
I'd challenge you to consider the following thought experiment: if any other nation in the world was currently the sole military and economic superpower in the world, which one would you choose and why? Whose record would you suggest makes them a better candidate for that role?
IMO it is the responsibility of every citizen to ignore laws that are stupid. Civil disobedience.
I realize this would mean some people might say "going 30 by a school zone is stupid!". So be it. If you disobey laws that most people believe are right, then you lose and face the consequences. If you disobey laws that most people will realize are stupid nothing is likely to happen to you.
Every feature I've implemented has been security/stability related. Inspection/filtering/shaping/limiting are absolutely critical on ISP networks. Taps/mirrors are critical to troubleshooting. If ISPs didn't deploy all kinds of filtering, the Internet would be mostly unusable.
I work at an ISP, and this is absolutely true. Sometimes our mail servers get hammered, and we need to modify our blacklist to include servers, netblocks, and/or entire countries(!) at a time. In order to know what to block, we need to be able to know who is emailing whom. Sometimes, it's one of our customers, and we can call them up and tell them their box is owned. This kind of intrusive access is only used for maintenance, and without it we literally couldn't keep the mail servers online.
If the traffic is terminating on your own servers you in no way need deep packet inspection to determine the source of traffic and its nature. Even if the traffic wasn't terminating on your machines, you don't need DPI to determine src and dst ip:port tuples. Which is all you need to do what your suggesting.
My comment isn't about DPI specifically, but a whole range of intrusive monitoring policies at ISPs. In order to determine the originator of an email, you have to read (at least) the email headers. The IP address of the last hop is not that useful in routing email.
If you need DPI to determine what traffic to drop, you are running your pipes way too hot. It's the users traffic, why do you think you're in the best position to decide to drop one website's traffic over another?
User traffic is user traffic, if they're paying for it it should be all treated the same. I'm not saying you don't need to prioritize some traffic with QoS. I'm saying you don't need DPI to run a network.
A network engineer
User traffic is user traffic is whole lot of different kinds of traffic. So there should be QoS, but how? You cannot depend on the IP Differentiated Services Field, so perhaps heuristics to deduce what the traffic is? Thats prone to misidentifying Netflix vs. CDN download thus ruining UX.
No DPI is needed.
If you treat your network's users them all the same, more power to you. Running the network and deciding what goes through it is still out of their control. I don't get why you're against those that do use DPI to run their network more easily, though.
It is not empty. I've refused a job I was head-hunted for (IT at a morally questionable firm) on a moral basis, even though pay and conditions would have been better than what I have now. If my current job started requiring me to do something I didn't agree with morally, I would leave (or refuse to do it and be forced out if necessarily).
So I think it is a perfectly valid question (albeit an uncomfortable one) to ask. There may be valid reasons for the OP to do/stay in the job that we aren't seeing. Or there may not. We won't know if we don't ask, and the OP doesn't have to answer.
It is well within the guidelines of HN, it adds to the discourse, particularly on a topic that is basically about morals/ethics. Just because it is an uncomfortable question, doesn't make it fall within what should be flagged.
I didn't read it to be empty, it actually displayed a point of view that is missing in public discourse. Questioning white wash may or may not look mean depending on the observer. It also proposes a very simple moral implication for this type of white wash. I think the white wash is real and it is very mean.
But like you, I also like spending time with what is really interesting to me. I hope I don't read void. Or mean-spirited.