What Do You Learn from Taps?

• Much interesting information is not end-to-end.

  • End-user IP addresses are generally transient.

• Higher-level information from log files can be more useful.

• This may change if and when peer-to-peer protocols become common.

  • But the bad guys will then have to solve the rendezvous problem, which provides another monitoring point.

• What kind of court orders are needed?

• Is the end-user a “U.S. person”? How do you know?

Previous slide

Next slide

Back to first slide

View graphic version