Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] FW: Did Syria replace Facebook's security certificate with a forged one?

Moritz Bartl moritz at
Mon May 23 19:02:33 PDT 2011

On 24.05.2011 02:52, liberationtech at wrote:
> : Question 1. Do US companies like Google (gmail, YouTube) and Microsoft
> : (yahoo, skype, hotmail) allow third-parties to monitor there
> : online-services?

Under certain economic constraints I bet. More specifically, one might
ask the question on how automated this monitoring or scanning can be
performed for each service. Information about such activities is hard to
gather, and is unlikely to be ever proved for more than single
historical events.

> : Question 2. Can third-parties monitor online services from US companies
> : like Google, Microsoft without the consent / knowledge of the
> : service-providers?
> I don't know that we could ever know for sure.  Does law enforcement
> count as a third party?

For me, it doesn't sound too far off to assume that at least most Tier 1
networks are being actively monitored/scanned due to the Patriot Act or
similar violations of international law.

So far, I haven't heard of any case where lawful interception gateways
were abused on more than local scale (police officers looking up records
they don't need for their work etc).

---- example snippet ----
Operators in most countries need to meet the local authority
requirements on Lawful Interception (LI) before launching commercial GSM
(GPRS) and UMTS packet switched domain network services. Nokia Lawful
Interception Gateway (LIG) provides the essential network functionality
within the 2G and 3G packet core infrastructures to practise LI. The
Nokia LIG system allows Law Enforcement Agencies (LEA) to intercept both
GSM and UMTS mobile data calls. The method of interception for packet
switched domain networks is completely different from circuit switched
domain call interception. In the
circuit switched domain, interception is mainly voice-based audio
recording, whereas in the packet switched domain the data is intercepted
between the mobile station and the access point. Interception of IMS
users is now also possible in GSM and UMTS networks.
IMSI, IMEI, or MSISDN and SIP URI or TEL URI (for IMS) can be used for
identifying the subscriber to be intercepted. Both the Communication
Content  (CC) and the Interception-related Information (IRI) can be
collected. CC is the user data sent or received by the target, and IRI
is the control data information related to LI.
The Nokia LIG is a scalable system based on the same IPSO SW platform as
in the Nokia Gateway GPRS Support Node (GGSN). It offers an ideal
solution for building GPRS and UMTS interception systems. The HW
platform is based on the new IP1260 HW but the earlier IP740 HW is also
---- /example snippet ----

Moritz Bartl

More information about the liberationtech mailing list