Coverage of my talk at Blackhat Vegas.
The larger barrier to closing the gaps in networking equipments’ wiretap functions may be what Cross calls a “market failure.” Unlike many security vulnerabilities in products, the product’s buyer isn’t the one who suffers from this flaw. Internet service providers want to make sure they comply with law enforcement’s demands, and agencies who use the intercept function want it to provide the maximum surveillance, with as few people aware of the wiretap as possible.
“Network providers aren’t demanding [a fix],” says Cross. “The customer for this is law enforcement. You are not the customer.”
