Infoporn: VeriSign NetDiscovery "Lawful Interception Service"

Jake Appelbaum points us to an interesting page on a graph that illustrates how Verisign (apparently) works with with the FBI Wiretap Network described in this previous BB post.



  1. It’s an implementation of a CALEA “Trusted Third Party” service. Makes your ISP network CALEA-compliant without you having to worry about pesky things like subpoenas and network taps. Is CALEA a terrible thing? Is outsourcing your wiretapping wise? Dunno. But it doesn’t appear to be an FBI plot (at least, not as far as I can tell).


  2. This is a design that many of the IP based phone carriers are utilizing instead of building the hugely expensive infrastructure to do it themselves. Verisign is not the only provider offering this service, there are several others and these products provide the compliance that companies like Vonage are required to maintain.

    I have many customers who use these products but none of them have ever been served with warrants to tap their lines.

  3. I was struck by this fact when reading this Wired article just yesterday. It mentions in passing that VeriSign contracts as a wiretapper in addition to phone companies.

    IMHO this sort of activity is possibly a deep, deep conflict interest and betrayal of trust for a certificate authority like VeriSign to be engaged in. I could be wrong but it seems likely that VeriSign could, with help from ISPs, use their position to stage man-in-the-middle attacks on unsuspecting users without prompting any certificate warnings.

    Would someone with detailed background care to comment on this possibility?

Comments are closed.