July 2018 - cypherpunks-legacy

Re: [serval-project-dev] Serval Mesh and ham radio
by W5SVL 06 Jul '18

06 Jul '18

A quick internet search shows the Australian Advanced and Standard ham licenses are very similar to the US licenses. There is no longer a requirement to learn morse code. The US hams are allowed use of the 902-928 Mhz frequencies, but I did not see these frequencies allocated to Australian hams. The Australian Standard license allows hams to use the 2.4-2.45 Ghz frequencies which would cover the first 6 wifi channels. Ham radio operations within these 6 wifi channels would allow experimentation with higher power levels. Ham radio is worldwide, so many of the operating practices are quite similar. My coverage with the 15 db vertical extends out about 5-6 miles, but it is not reliable at these distances because of local trees. I really should find a way to put my antenna up higher or try another location. You are correct with the +42 db gain, but I must have some unknown losses in the connectors or coax. Miccrowave frequencies easily lose power in coax transmission. I have experimented with horizontal polarization and this works better because you receive much less vertically polarized interference from conventional wifi. The 36 db commercial internet providers advertise coverage for about 9 miles, so you see what you could do with a taller antenna. And yes, your handheld phones can operate at long wifi distances because I have done that during a test of emergency operations. The US hams seem to be drawn to the HSMM MESH concept. I have tried to send Serval Mesh messages through HSMM by using 4 routers, but it does not work. There is very little experimenting being done with smartphones as I have done. Perhaps this may change if the Serval Mesh becomes known. Good luck with your program....... David, W5SVL On Tuesday, October 30, 2012 2:39:16 PM UTC-5, Paul Gardner-Stephen wrote: > Hello, > > This is really interesting. What range were you able to obtain > between the phones and your 15db omni? > > Also, to clarify my understanding of your link budget versus "normal" > WiFi, you had +27db from your amplifier, then +15db from your antenna, > for a total of +42db gain. 42/6.02 ~= 7, so we should expect 2^7 = > 128x range compared with WiFi, provided that there is no source of > interference to drown out the phone being heard by your amplifier on > the way back in (excuse my fairly crude understanding and > terminology). > > If all of that is correct, and you have a low noise floor so that your > amplifier can be fully effective, it sounds like the typical > ~100m-150m outdoor range of a wifi phone should become up to 12.8km - > 19.2km. Naturally I am very intrigued to find out just how far you > were able to get coverage. > > Meanwhile, what are the ham regulations like in the ISM band centred > around 915MHz? > Also, do you have any knowledge of how the ham regulations differ > between the USA and Australia? > > Paul. > > On Wed, Oct 31, 2012 at 4:20 AM, W5SVL <w5...(a)aol.com <javascript:>> > wrote: > > > > On Tuesday, October 30, 2012 12:56:12 AM UTC-5, Jeremy Lakeman wrote: > >> > >> On Tue, Oct 30, 2012 at 2:50 PM, W5SVL <w5...(a)aol.com> wrote: > >> > Greetings from Texas. I am a ham radio operator and I have been > >> > experimenting with the Serval Mesh by using 2 inexpensive unactivated > >> > Android smartphones. I am attempting to use the Serval Mesh through > an > >> > existing HSMM MESH network. HSMM MESH is an experimental ham radio > mesh > >> > network that uses the first 6 wifi channels in the 2.4 Ghz band. The > >> > radios > >> > used are older versions of the WRT54G router that have been flashed > with > >> > a > >> > new firmware. There are some awesome communication possibilities > here, > >> > but > >> > I do not have the networking skills to do this. Maybe my idea is not > >> > possible, but hopefully someone will comment. > >> > >> So after a quick bit of research; > >> - HSMM is a custom radio protocol that exposes a standard IP network > >> interface > >> - olsr is being used to mesh these devices together > >> - other devices may use the network through the LAN interface > >> So you would have a second access point that the serval phone can > >> connect to for internet and mesh traffic? > >> This doesn't sound like a network that serval can transparently > >> co-exist on. Yet. > >> > >> Though we have done some initial work to support serval nodes > >> discovering each other over an olsr network, we haven't built any > >> protocol to exchange reach-ability information for other locally > >> connected serval phones. This is a reasonably large piece of work that > >> we don't have the time to build right now. > >> > >> You could build servald for the mesh routers and run it on every > >> device in the network. Though our routing protocol is not as mature as > >> olsr. > >> > >> > Also as a ham, I can legally use much more power on the 2.4 Ghz > band, > >> > and I > >> > have found the Serval Mesh to work very well through a bi directional > RF > >> > amplifier installed between a router and an external antenna. There > is > >> > no > >> > internet connection here. I am just using the router as a radio > >> > repeater. > >> > Has anyone else tried this? This would not be using the HSMM MESH as > I > >> > mentioned above, since only one router would be used. This one > router > >> > repeater could really be useful in emergencies. Please give me some > >> > comments on both of these experimental ideas. Perhaps I should > consult > >> > with > >> > a ham operator who has more networking knowledge than I have. Any > help > >> > will > >> > be appreciated. > >> > >> So this router is operating as a simple ethernet bridge? > >> > > I configured an old Airlink router to broadcast my ham call as the > SSID. > > The router was in the access point mode. I used wifi channel 1, which > is in > > the ham bands. No encryption was used and I did not connect my DSL > internet > > into the WAN port. This router had a removable antenna which I removed. > I > > then connected the router to a 27 db gain bi directional amplifier whose > > output was sent to an external antenna amout 25 feet up. I used 25 feet > of > > low loss microwave coax. The external antenna was omnidirectional and > had a > > 15 db gain. I connected my 2 Android phones, that were configured to > the > > Serval client mode, with the router. Now I was able to make Serval Mesh > > calls and send SMS messages over a large coverage area. This was all > > experimental, but it showed me that the Serval Mesh could cover a large > area > > with only one wifi router. This trial was just to see how my wifi could > be > > used on the ham bands and it had nothing to do with the HSMM MESH > > configuration. > >> > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "Serval Project Developers" group. > >> > To view this discussion on the web visit > >> > > >> > > https://groups.google.com/d/msg/serval-project-developers/-/QZOyRXnW8M0J. > >> > To post to this group, send email to > >> > serval-proje...(a)googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > serval-project-developers+unsubscribe(a)googlegroups.com <javascript:>. > > >> > For more options, visit this group at > >> > http://groups.google.com/group/serval-project-developers?hl=en. > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Serval Project Developers" group. > > To view this discussion on the web visit > > https://groups.google.com/d/msg/serval-project-developers/-/PbE4ZPLvn98J. > > > > > To post to this group, send email to > > serval-proje...(a)googlegroups.com <javascript:>. > > To unsubscribe from this group, send email to > > serval-project-developers+unsubscribe(a)googlegroups.com <javascript:>. > > For more options, visit this group at > > http://groups.google.com/group/serval-project-developers?hl=en. > -- You received this message because you are subscribed to the Google Groups "Serval Project Developers" group. To view this discussion on the web visit https://groups.google.com/d/msg/serval-project-developers/-/JZLxQIyt2YIJ. To post to this group, send email to serval-project-developers(a)googlegroups.com. To unsubscribe from this group, send email to serval-project-developers+unsubscribe(a)googlegroups.com. For more options, visit this group at http://groups.google.com/group/serval-project-developers?hl=en. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[btns] Protocol Action: 'IPsec Channels: Connection Latching' to Proposed Standard
by The IESG 06 Jul '18

06 Jul '18

The IESG has approved the following document: - 'IPsec Channels: Connection Latching ' <draft-ietf-btns-connection-latching-11.txt> as a Proposed Standard This document is the product of the Better-Than-Nothing Security Working Group. The IESG contact persons are Tim Polk and Pasi Eronen. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-btns-connection-latching-11.… Technical Summary This document specifies, abstractly, how to interface applications and transport protocols with IPsec so as to create "channels" by latching "connections" (packet flows) to certain IPsec Security Association (SA) parameters for the lifetime of the connections. Connection latching is layered on top of IPsec and does not modify the underlying IPsec architecture. Connection latching can be used to protect applications against accidentally exposing live packet flows to unintended peers, whether as the result of a reconfiguration of IPsec or as the result of using weak peer identity to peer address associations. Weak association of peer ID and peer addresses is at the core of Better Than Nothing Security (BTNS), thus connection latching can add a significant measure of protection to BTNS IPsec nodes. Finally, the availability of IPsec channels will make it possible to use channel binding to IPsec channels. Working Group Summary This document is a product of the Better Than Nothing Security (BTNS) working group. Document Quality A version of Connection Latching is implemented in OpenSolaris. The document has been reviewed by Daniel McDonald who worked on the Connection Latching implementation in OpenSolaris. Personnel The Document Shepherd for this document is Julien Laganier (BTNS WG co-chair). The Responsible Area Director is Tim Polk (Security Area Director). _______________________________________________ btns mailing list btns(a)ietf.org https://www.ietf.org/mailman/listinfo/btns ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

EDRI-gram newsletter - Number 4.22, 22 November 2006
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 4.22, 22 November 2006 ============================================================ Contents ============================================================ 1. Draft Audiovisual Directive limited to the TV-like services on the web 2. German draft law on data retention presented 3. New law proposal on data retention submitted in Italy 4. UK biometric passports project set back by simple cloning possibilities 5. Microsoft in danger of additional fining from the European Commission 6. Italian Minister of Justice proposes an authority for violent videogames 7. Logging of IP addresses banned in Germany 8. Swiss Big Brother Awards 2006 9. Italian postal codes can be freely accessed 10. FIPR report on children's databases - likely to harm rather than help 11. Support EDRi-gram 12. Agenda 13. About ============================================================ 1. Draft Audiovisual Directive limited to the TV-like services on the web ============================================================ At the EU's Council of Ministers meeting on 14 November a new version of the Audiovisual Media Services directive has been agreed, that limits the new regulation regarding video on the Internet only to the TV-like services (linear services). The video clips on the Internet will not be subject of this new directive. The initial version of the Audiovisual Media Services, which is a revision of the 1997 Television without Frontiers (TWF) directive, has been seriously criticized by various players - from the UK government to a number of media scholars that signed the Budapest Declaration for Freedom of the Internet. The new version agreed by the Council of Ministers, but also by the European Parliament Culture committee introduces the notion of audiovisual media services and distinguishes between television broadcasts ("linear" services" e.g. scheduled broadcasting via traditional TV, the internet or mobile phones, which "pushes" content to viewers) and on-demand services ("non-linear" such as video on-demand, which the viewer "pulls" from a network). In distinguishing between these two categories of audiovisual media services, both the Commission and the Committee have stressed that they are seeking to subject providers of "on demand services" to only a minimum set of rules. Linear services, on the other hand, are more thoroughly regulated. One of the main supporters of the reduction of the content were the UK broadcasting regulator Ofcom and Culture Secretary Tessa Jowell. Ofcom will now have to regulate only the TV Internet broadcast from major televisions, but will not include the social networking websites - so popular these days. "Today's outcome is testament to the substantial progress we have made in persuading our European partners to take our arguments on board," underlined one of the supporters of the change, the UK creative industries minister, Shaun Woodward. Continuing the country of origin principle foreseen in the TWF directive, the draft Audiovisual directive puts the national regulators in charge of regulating the broadcasters that operate within their borders. The agreed text includes also a mechanism allowing a destination Member State under certain limited circumstances to take measures against a provider established in another Member State. Television in the digital age: MEPs adopt a new approach to product placement (14.11.2006) http://www.europarl.europa.eu/news/expert/infopress_page/039-12616-317-11-4… 906-20061113IPR12607-13-11-2006-2006-false/default_en.htm Britain kills EU attempt to regulate net video clips (14.11.2006) http://technology.guardian.co.uk/news/story/0,,1947176,00.html Regulation of web video watered down in Europe (16.11.2006) http://www.out-law.com/default.aspx?page=7488 EDRI-gram: Draft Audiovisual Media Services Directive under criticism (24.05.2006) http://www.edri.org/edrigram/number4.10/audiovisualEDRI-gram EU Audiovisual Directive:Budapest Declaration for Freedom of the Internet (30.08.2006) http://www.edri.org/edrigram/number4.16/budapestdeclaration ============================================================ 2. German draft law on data retention made public ============================================================ On 8 November 2006, the German Minister of Justice Brigitte Zypries presented a draft law aimed at transposing the EU directive on data retention. The law would override the recent jurisprudence on IP logging by mandating the retention of traffic data for a period of six months. Retention requirements are also to apply to anonymization services, making them practically superfluous. Furthermore anonymous e-mail accounts are to be banned. Access to traffic data shall be permissible for the investigation of "substantial" offences, but also for the investigation of any offence committed by use of telecommunications networks (including sharing of copyrighted content). The law is to enter into force on 15 September 2007. Until 15 March 2009 data retention is to be optional for providers of internet access, Internet telephony and e-mail services. The draft law was sharply criticised by the activist Working Group on Data Retention (Arbeitskreis Vorratsdatenspeicherung) for being unconstitutional. The German Federal Constitutional Court (Bundesverfassungsgericht) has repeatedly ruled in the past that human rights permit the collection of personal data only where they are needed for a specific purpose. The Working Group called for the transposition process to be aborted or, at least, suspended until the ECJ has ruled on Ireland's action for annulment of the directive on data retention. The Working Group also criticized the German draft law for going beyond EU requirements in relation to anonymization services, e-mail services and access to retained data. The EU directive applies to the investigation of "serious" offences only and does not ban anonymous or anonymization services. The activist group presented a class action to be submitted to the Federal Constitutional Court in case the proposed law is adopted. The Court is to be asked to provisionally suspend data retention in Germany while examining its constitutionality. According to the draft application published on the Internet, the EU directive on data retention is void for violating human rights and for lacking a legal basis. The planned class action is supported by several German jurists and is open for all German citizens to join. Draft law on data retention in Germany (in German only, 8.11.2006) http://www.humanistische-union.de/fileadmin/hu_upload/doku/vorratsdaten/de-… cht/bmj_2006.11.pdf Website of the Working Group on Data Retention including information on the class action against data retention (in German only) http://www.vorratsdatenspeicherung.de/ (Contribution by Patrick Breyer - Working Group on Data Retention - Germany) ============================================================ 3. New law proposal on data retention submitted in Italy ============================================================ Thanks to Italian MP Maurizio Turco (Rosa nel Pugno) a law proposal on data retention authored by the Winston Smith Project has been recently submitted to the Italian Parliament as DDL (Disegno di Legge) number 1728. The proposal, whose title is "Regulations for the collection, usage, retention and deletion of geo-referenced or chrono-referenced data, containing unique user identifiers, through automatic devices" aims to limit the "side effects" of the current "data retention culture", in which - due to political and technological reasons - logging and retention of all sorts of data is the norm rather than the exception. According to the explanatory text of the proposal, ISP connections, web surfing patterns, mail, news, chats can be logged and stored indefinitely with relatively small investments, even by small and medium organisations. The phenomenon is not limited to the Internet "per se": GSM "cell data", i.e. the list of cells to which a mobile phone connects while the owner moves, or data resulting from RFID usage are two other examples. Technological automation allows the creation of huge databases on activities that are not necessarily considered "personal data" according to Italian law 196/2003, the main legal source for privacy protection in Italy, and are therefore not subject to the protection guaranteed thereof. Such databases can quickly become a privacy nightmare as access controls tend to be lax either for lack of funding or for a commercial interest into giving such access in the first place, and as data mining theory and applications become more and more sophisticated in cross-referencing apparently innocuous data from different sources. Three Italian laws regulate the duration of data retention: Legislative Decree 259/2003 ("Codice delle comunicazioni elettroniche"), Law 196/2003 ("Codice in materia di protezione dei dati personali) and, most recently, the so-called "decreto Pisanu", from the name of the former Ministry of Internal Affairs of the last Berlusconi government. The law proposal by the Winston Smith Project does not want to negotiate the current obligations related to data retention; rather, it aims at acting "ex ante" by reducing the quantity of data that are automatically collected without any specific legal obligation imposing such collection in the first place. The law introduces the "duty to delete" principle, according to which automatically collected data shall not be preserved for longer than strictly necessary to achieve the goal for which collection took place in the first place. In a nutshell, the law proposal aims at making deletion of data the rule, rather than the exception. The Winston Smith Project http://www.winstonsmith.info/ An interoperable world: the European Commission vs Microsoft Corporation and the value of open interfaces (04.2005) http://www.bileta.ac.uk/Document%20Library/1/An%20Interoperable%20World%20-… 0the%20European%20Commission%20vs%20Microsoft%20Corporation%20and%20the%20Val ue%20of%20Open%20Interfaces.pdf Text of the law proposal (only in Italian) https://www.winstonsmith.info/proposta_di_legge_rdp_v6.rtf (Contribution by Andrea Glorioso, Italian consultant on digital policies) ============================================================ 4. UK biometric passports project set back by simple cloning possibilities ============================================================ UK Government faces now a big problem related to the introduction of the new biometric passports as recently it has been proven these passports can be easily and very cheaply copied by means of a microchip reader that can be legally bought on the Internet. As a big embarrassment to the Home Office, a project having led to the increase of the travel documents by 60 per cent since March 2006, and that brought about 90 million euro costs for the passport production lines, may be entirely dropped as the new passports are more a risk for their owners rather than an improvement to the old documents. "Three million people now have passports that expose them to a greater risk of identity fraud than before." said Nick Clegg, the Liberal Democrat home affairs spokesman. UK government decided to introduce the micro-chipped biometric passports in order to make theft more difficult, but an investigation led by the Guardian has shown the respective passports can be easily read and copied. The data obtained from three passports were transferred to a PC after gaining access to the chips by means of a simple microchip reader, purchased from the Internet for less than 150 euro, and then cloned with photograph included. Computer expert Adam Laurie, who needed only 48 hours to write a software capable to copy the information from the passports said: "The Home Office is using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are breaking one of the fundamental principles of encryption by using non-secret information published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and putting the key under the mat." The Home Office commented on that considering the fact as not important: "The information itself cannot be altered; the photo would still be the same so the copy would be of no use to an impersonator trying to use it fraudulently. Other than the photograph, which could be obtained easily by other means, they would gain no information that they did not already have - so the whole exercise would be utterly pointless." stated a spokesman. As Phil Booth of NO2ID said: "The government is clearly derelict in its duty to protect the privacy and security of British citizens". Recall demand after cloning of new biometric passports (17.11.2006) http://www.guardian.co.uk/uk_news/story/0,,1950199,00.html New biometric passports can be cloned using #100 equipment sold over internet (17.11.2006) http://www.dailymail.co.uk/pages/live/articles/news/news.html?in_article_id… 17101&in_page_id=1770 Now, clone UK's new biometric passports with a 100 pound download from the Net! (18.11.2006) http://www.newkerala.com/news4.php?action=fullnews&id=52763 ============================================================ 5. Microsoft in danger of additional fining from the European Commission ============================================================ Microsoft faces additional fines for not having yet complied with the 2004 antitrust order through which it was ordered to provide the complete and accurate interface documentation ensuring other companies to write software that would work on systems running Windows . The Commission considered in 2004 that Microsoft had abused its position in the software market as its operation system Windows, used on more than 95% of the PCs in the world, did not allow sufficient interoperability for other software producers. Microsoft had already been fined with 479 million euro and another fine of 280.5 million euro was established by the EC for Microsoft not having observed the 19 July deadline. Now, the penalties will increase from 2 to 3 million euro per day in case the company does not meet the new deadline established for 23 November 2006. After that date, the information to be received from Microsoft will be supplied to its competitors to decide whether it is enough for interoperability. Although Microsoft has said that it is ready to provide the remaining information, the Commission seems to have lost its patience on the matter. Commissioner Neelie Kroes stated to the UK newspaper The Guardian: "I am not impressed if someone says 90% of the information is already there when we need 100%. It's a jigsaw and some parts are missing. In my opinion, this information should have been here a couple of months ago." Microsoft's new operating system Vista that had been initially scheduled for the middle on 2006 has been largely affected by this issue. Microsoft had to agree to make changes to Vista as EU threatened to ban it based on concerns that the software included in the operating system was violating antitrust laws. This delay in releasing Vista on the market is estimated to have cost Microsoft about 80 million euro per month and to have caused a drop of 20% in sales on the PC market. Microsoft is now planning to launch the product on 30 January 2007. In case the Commission and other software companies are pleased with the documents Microsoft is expected to provide, Microsoft will decide how much to charge for licenses and, in case the Commission finds the cost too high, it can again fine the US company. Professor Neil Barrett, the Commission's 'monitoring trustee' will help the Commission interpret the information provided by Microsoft and will monitor the compliance with the Commission's decisions. Microsoft has still not complied with 2004 ruling, says Commission (17.11.2006) http://www.out-law.com/default.aspx?page=7490 EU threatens Microsoft with new fines (15.11.2006) http://www.eetimes.com/news/semi/showArticle.jhtml?articleID=194400583 EU sets Microsoft deadline, warns patience is thin (15.11.2006) http://today.reuters.com/news/articleinvesting.aspx?type=governmentFilingsN… s&storyID=2006-11-15T161511Z_01_L15777929_RTRIDST_0_TECH-EU-MICROSOFT-UPDATE- 3.XML&WTmodLoc=InvArt-C2-NextArticle-1 Microsoft Vista operating system to be released on 30th January 2007 (12.11.2006) http://www.marketoracle.co.uk/Article120.html EDRI-gram : Microsoft Vista gets criticism before its launching in Europe (27.09.2006) http://www.edri.org/edrigram/number4.18/vista ============================================================ 6. Italian Minister of Justice proposes an authority for violent videogames ============================================================ According to the Italian national newspaper La Repubblica, the Italian Minister of Justice, Mr. Clemente Mastella, has recently claimed that it would be advisable to create an "authority" that would "decide on acceptable standards related to the modalities of sale" of videogames, so that it might be possible to "find those [videogames] that contain unacceptable levels of violence". An "authority", in Italian political lingo, is a theoretically independent public body that ought to check and control certain subsets of public life. Examples include the "Autorit` per le Telecomunicazioni" (Authority for Telecommunications) and the "Autorit` Garante della Concorrenza e del Mercato" (Authority for Guaranteeing Competition and [Free] Market), both criticized in the past for their inability to clearly fulfil their mission due to too much internal bureaucracy and/or a sort of "psychological dependence" towards the Government in charge and other powers-that-be. Mr. Mastella's remarks, together with those of Mr. Giuseppe Fioroni, Minister of Education, according to whom "freedom for videogames must stop in front of the freedom of sons to live in serenity and without violence", and those of Mr. Paolo Gentiloni, Minister of Communications, according to whom "the issues in protecting minors is not limited to television, but must extend to new media", seem to have been spurred by the videogame "Rule of Rose". It is not clear at this point how an "Authority for Violent Videogames" would be supposed to fare any better than the existing institutions; it is also not clear whether Mr. Mastella is suggesting the creation of a new rating system for the videogaming market in Italy - where the European rating system PEGI, or Pan European Gaming Information, is already in use - or rather he is proposing the introduction of new tools to control the circulation of videogames on the basis of existing rating systems. La Repubblica also quotes Mr. Mastella as adding that "both criminal [law] intervention and commercial and administrative actions can serve as methods of deterrence" and that "seizure is possible only when there is the possibility of a crime such as incitement to commit a crime". La Repubblica does not report Mr. Mastella explaining in detail how a videogame could incite to commit a crime, nor the way in which respect of the right to freedom of expression, as enshrined in art. 21 of the Italian Constitution would be achieved. In the same article Mr. Giovanni Maria Pirroni, director of the IIMS, the Istituto Italiano di Medicina Sociale (Italian Institute of Social Medicine), is reported as saying that "inhibiting sales of videogames is not a guarantee, since any kind of content can be downloaded through the Internet". It is not clear whether this constitutes recognition of the difficulties that an Authority as proposed by Mr. Mastella would face, or rather a call for similar regulations to be applied to online as well as to offline transactions and sales. This Italian desire for more regulation in the field seems to be finding listening ears in the European Commission: Franco Frattini, Commissioner for Justice, Freedom and Security, has recently demanded that the European Union improve the protection of children against violent videogames. Mr. Frattini has been quoted as saying that during the meeting of justice ministers, scheduled for 5 December 2006, he would engage in "a first exchange of views on this issue with the objective of identifying a possible scope for complementary, national and European level activities [...] including issues such as awareness raising, the labelling of such games and the selling to minors." La Repubblica: Violent videogames in the government gun sight (only in Italian, 14.11.2006) http://www.repubblica.it/2006/11/sezioni/scuola_e_universita/servizi/videog… chi-violenti/videogiochi-violenti/videogiochi-violenti.html EU Justice Commissioner highlights dangers of video games glorifying violence (17.11.2006) http://www.heise.de/english/newsticker/news/81200 (Contribution by Andrea Glorioso, Italian consultant on digital policies) ============================================================ 7. Logging of IP addresses banned in Germany ============================================================ On 25 January 2006, the District Court of Darmstadt (Germany) ruled that the German ISP T-Online was legally banned from logging the session IP addresses it assigned to its customers. German law requires this data to be deleted upon termination of the connection as it is not needed for billing purposes. According to the judgement, security requirements do not justify the general logging of all users' IP addresses. The collection of such data is permitted only in reaction to specific incidents (faults or unlawful use) on a case by case basis. On 28 October 2006 The German Federal Court of Justice (Bundesgerichtshof) dismissed, on formal grounds, the appeal filed by T-Online. The District Court's ruling has thereby become legally binding between the parties of the dispute. The legal reasoning of the court applies more generally to all German ISPs and to all tariff models. A draft complaint for other Germans willing to sue their ISP was published on the internet. The German Federal Data Protection Commissioner Peter Schaar announced that he would take steps to enforce the ruling in relation to all customers. The plaintiff Holger Voss was prosecuted in 2003 for supposedly having endorsed the 9/11 bomb attacks in an Internet forum. Only in court room was it found that his remarks were clearly of a sarcastic nature. In consequence, Voss was acquitted. In order to trace Voss' forum post, the prosecutors had asked the forum provider Heise to hand over the poster's IP address. Voss' ISP T-Online then told the prosecutor whom the IP address had been assigned to. The T-Online case raised voices pointing out that German law also bans web site providers such as Heise, Amazon and Ebay from logging the IP addresses of their users. At present such logging is widespread, partly because US designed software (including open source software) does not take data protection requirements into account. Data protection expert Patrick Breyer called for a law mandating commercial software for sale in Europe to be provided with a standard configuration that conforms to European data protection requirements. Ruling of the District Court of Darmstadt on IP logging (in German only) http://www.olnhausen.com/law/olg/lgda-verbindungsdaten.html Draft complaint against log retention (in German only) http://www.daten-speicherung.de/wiki/index.php/Musterklage (Contribution by Patrick Breyer - Working Group on Data Retention - Germany) ============================================================ 8. Swiss Big Brother Awards 2006 ============================================================ On 16 November 2006, Sudhaus cultural centre of Bble hosted the Swiss Big Brother Awards ceremony of 2006 organised by Archives de l'Etat Fouineur Swiss and the EDRI-member Swiss Internet User Group SIUG. The jury deciding on the winners included 11 people from various institutions and organizations having acted against control and surveillance. The winners received concrete trophies, a certificate and were mentioned on the "Hall of Shame" list. The trophy for the category "State" was awarded to the Federal Council of Corpore represented by Christoph Blocher, the head of the Federal Department of Justice and Police for the application of internal security measures involving phone tapping, secret search of information systems and installation of secret microphones in apartments without concrete basis just under the cover of preventive investigations. The winner of the "Business" category was the insurance company Assurance CSS for having given their collaborators large access to their clients' data that included medical information and even HIV test results. Other candidates were companies such as Microsoft, Cablecom, Swisscom or Cridit Suisse as well as many sports clubs and associations and transport companies who survey their employees and clients. The "Working Place" category was won by the Dietikon branch of the Media-Markt chain where the employees were continuously under surveillance not only at their working place, but even in the rest rooms. The fourth award for the category "Activity" was received by Hans Wegmuller, director of SRS (Strategic Information Service), a department created 5 years ago which is actually the military Swiss Intelligence Service, a service that uses ONYX telecom mass surveillance devices. Besides the negative awards, a positive "Winkelried" award has been lately given during BBA ceremonies. This year, the Swiss awarded this to the Referendum Committee LMIS, made out of groups of sports fans and political groups that will launch a referendum in Spring against the introduction of an "anti-hooligan" law. Press Release Big Brother Awards 2006 (Only in French - 16.11.2006) http://www.bigbrotherawards.ch/2006/presse/pressemitteilungen/bba.pressemit… ilung.20061116.6f.txt ============================================================ 9. Italian postal codes are again freely accesible ============================================================ At the end of September 2006, after a reorganisation of the postal codes system (CAP), the Italian Post (Poste Italiane), now a private company, as well as the Italian Ministry of Communications have changed the way in which one could access the postal code online , limiting it to just one entry at a time, without the possibility to access the entire database. A multiple query could be made only by buying a proprietary software sold by Poste Italiane. According to the Italian laws, postal codes, together with telephone numbers, laws and normative acts are public data, but also in the public domain, and therefore should be publicly available without restrictions. Further more, the postal codes, as public information, are collected and gathered with public money and therefore Poste Italiane cannot consider itself as the owner of these data and should not condition the access to a proprietary software that runs only on a single operating system. Poste Italiane has put out for sale a CD costing 6.9 Euro that can be run only on Windows system. However, also free software was available for the same purpose, such as Trovocap, a program allowing the search of postal codes on Linux, Windows and McOS as well. Caprone, another free software available in Linux and Windows versions even allowed the arrangement of the postal codes in various formats. The Free Software Foundation Europe (FSFE) considered that public data should be universally available without discrimination and drafted an open letter addressed to the Ministry of Communications asking that the postal codes list should be available as before. In the meantime, with the assistance of the Italian FSDE team, it has rebuilt the codes list from the Poste Italiano site, through a crawler and has made it publicly available in a SQL format. The list is not entirely complete yet and those who intend to use it for professional purposes are advised of this risk. For whom the zip tolls ? (only in Italian, 20.11.2006) http://www.piana.eu/cms/index.php?option=com_content&task=view&id=24&Itemid… 4 The Italian ZIP codes freed (Only in Italian - 06.11.2006) http://www.italy.fsfeurope.org/it/projects/cap/ (Thanks to Stefano Maffulli - FSFE Italy) ============================================================ 10. FIPR report on children's databases - likely to harm rather than help ============================================================ The UK Information Commissioner has just published a report on the UK Government's plans to link up most of the public-sector databases that contain information on children. The report was written by experts from the Foundation for Information Policy Research (FIPR), who conclude that aggregating this data will be both unsafe and illegal. The report, 'Children's Databases: Safety and Privacy', analyses databases being built to collate information on children in education, youth justice, health, social work and elsewhere. Although linking the databases is supposed to safeguard children, the report's authors point out that extending Britain's child protection systems - from the 50,000 children at substantial risk of serious harm to the 3-4 million children with some health, education or other welfare issue - means that child protection will receive less attention. The project will also feed information into police systems that try to identify children likely to offend by scoring various risk factors (socioeconomic status, medical diagnoses such as hyperactivity, school conduct reports, and whether the child's father has been in prison). This carries a serious risk of stigmatising innocent children, and may also undermine children's and patents' trust in doctors, teachers and other professionals. The report's authors also conclude that the systems will intrude so much into privacy and family life that they will violate European data protection law and human rights law. Report "Children's Databases - Safety and Privacy" (22.11.2006) http://www.fipr.org/childrens_databases.pdf IT systems designed to protect kids will put them at risk instead (22.11.2006) http://www.fipr.org/press/061122kids.html (Contribution by Ross Anderson, EDRI-member FIPR, UK) ============================================================ 11. Support EDRI-gram ============================================================ European Digital Rights needs your help in upholding digital rights in the EU. Thanks to your last years donations EDRi is able to issue 24 editions of EDRi-gram in 2006. To continue with EDRi-gram in 2007 we again ask for your support. If you wish to help us promote digital rights, please consider making a private donation, or interest your organisation in sponsorship. We will gladly send you a confirmation for any amount above 250 euro. KBC Bank Auderghem-Centre, Chaussie de Wavre 1662, 1160 Bruxelles, Belgium Name: European Digital Rights Asbl Bank account nr.: 733-0215021-02 IBAN: BE32 7330 2150 2102 BIC: KREDBEBB ============================================================ 12. Agenda ============================================================ 22-24 November 2006, Barcelona, Spain UOC UNESCO Chair in eLearning Third International Seminar: Open Educational Resources: Institutional Challenges http://www.uoc.edu/web/eng/index.html 30 November - 1 December 2006, Berlin, Germany The New Surveillance - A critical analysis of research and methods in Surveillance Studies. A two day international Conference hosted at the Centre for Technology and Society of the Technical University Berlin. http://www.ztg.tu-berlin.de/surveillance 2 December 2006, London, United Kingdom Reclaiming Our Rights www.londonmet.ac.uk/reclaimingourrights 6 December 2006, Oxford, United Kingdom The Internet: Power and Governance in a Digitised World http://www.sant.ox.ac.uk/jcr/stair 11-12 December 2006, Paris, France LeWeb3: Third Les Blogs Conference http://www.leweb3.com/leweb3 14 December 2006, Madrid, Spain Conference on the Admissibility of Electronic Evidence in Court in Europe. The final event of the project Admissibility of the Electronic Evidence in Court in Europe (A.E.E.C.) funded by the European Commission and led by the Spanish company Cybex. http://www.cybex.es/AGIS2005/ 20 January 2007, Paris, France Big Brother Awards France http://bigbrotherawards.eu.org/ ============================================================ 13. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 25 members from 16 European countries. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

1 0

[btns] Protocol Action: 'IPsec Channels: Connection Latching' to Proposed Standard
by The IESG 06 Jul '18

06 Jul '18

The IESG has approved the following document: - 'IPsec Channels: Connection Latching ' <draft-ietf-btns-connection-latching-11.txt> as a Proposed Standard This document is the product of the Better-Than-Nothing Security Working Group. The IESG contact persons are Tim Polk and Pasi Eronen. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-btns-connection-latching-11.… Technical Summary This document specifies, abstractly, how to interface applications and transport protocols with IPsec so as to create "channels" by latching "connections" (packet flows) to certain IPsec Security Association (SA) parameters for the lifetime of the connections. Connection latching is layered on top of IPsec and does not modify the underlying IPsec architecture. Connection latching can be used to protect applications against accidentally exposing live packet flows to unintended peers, whether as the result of a reconfiguration of IPsec or as the result of using weak peer identity to peer address associations. Weak association of peer ID and peer addresses is at the core of Better Than Nothing Security (BTNS), thus connection latching can add a significant measure of protection to BTNS IPsec nodes. Finally, the availability of IPsec channels will make it possible to use channel binding to IPsec channels. Working Group Summary This document is a product of the Better Than Nothing Security (BTNS) working group. Document Quality A version of Connection Latching is implemented in OpenSolaris. The document has been reviewed by Daniel McDonald who worked on the Connection Latching implementation in OpenSolaris. Personnel The Document Shepherd for this document is Julien Laganier (BTNS WG co-chair). The Responsible Area Director is Tim Polk (Security Area Director). _______________________________________________ btns mailing list btns(a)ietf.org https://www.ietf.org/mailman/listinfo/btns ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

<nettime> WikiLeaks and the Culture of Classification
by Felix Stalder 06 Jul '18

06 Jul '18

I don't think Wikileaks works on the level of operationally-relevant secrets. It's not about espionage. So the fact that there are other forums where more highly valuable stuff is being exchanged, doesn't diminish the value of Wikileaks. It's precisely its high profile and media exposure that constitutes its value. It's not about espionage, it's about politics. And, it's about inducing inducing dysfunctional habits into the organizations trying to prevent information from leaking. Assange called this once 'secrecy tax' and if I take this article here at face value, it seems to be working. Felix http://www.stratfor.com/weekly/20101027_wikileaks_and_culture_classification WikiLeaks and the Culture of Classification October 28, 2010 | 0853 GMT By Scott Stewart On Friday, Oct. 22, the organization known as WikiLeaks published a cache of 391,832 classified documents on its website. The documents are mostly field reports filed by U.S. military forces in Iraq from January 2004 to December 2009 (the months of May 2004 and March 2009 are missing). The bulk of the documents (379,565, or about 97 percent) were classified at the secret level, with 204 classified at the lower confidential level. The remaining 12,062 documents were either unclassified or bore no classification. This large batch of documents is believed to have been released by Pfc. Bradley Manning, who was arrested in May 2010 by the U.S. Army Criminal Investigations Command and charged with transferring thousands of classified documents onto his personal computer and then transmitting them to an unauthorized person. Manning is also alleged to have been the source of the classified information released by WikiLeaks pertaining to the war in Afghanistan in July 2010. WikiLeaks released the Iraq war documents, as it did the Afghanistan war documents, to a number of news outlets for analysis several weeks in advance of their formal public release. These news organizations included The New York Times, Der Spiegel, The Guardian and Al Jazeera, each of which released special reports to coincide with the formal release of the documents Oct. 22. Due to its investigation of Manning, the U.S. government also had a pretty good idea of what the material was before it was released and had formed a special task force to review it for sensitive and potentially damaging information prior to the release. The Pentagon has denounced the release of the information, which it considers a crime, has demanded the return of its stolen property and has warned that the documents place Iraqis at risk of retaliation and also place the lives of U.S. troops at risk from terrorist groups that are mining the documents for tidbits of operational information they can use in planning their attacks. When one takes a careful look at the classified documents released by WikiLeaks, it becomes quickly apparent that they contain very few true secrets. Indeed, the main points being emphasized by Al Jazeera and the other media outlets after all the intense research they conducted before the public release of the documents seem to highlight a number of issues that had been well-known and well-chronicled for years. For example, the press has widely reported that the Iraqi government was torturing its own people; many civilians were killed during the six years the documents covered; sectarian death squads were operating inside Iraq; and the Iranian government was funding Shiite militias. None of this is news. But, when one steps back from the documents themselves and looks at the larger picture, there are some interesting issues that have been raised by the release of these documents and the reaction to their release. The Documents The documents released in this WikiLeaks cache were taken from the U.S. governments Secret Internet Protocol Router Network (SIPRNet), a network used to distribute classified but not particularly sensitive information. SIPRNet is authorized only for the transmission of information classified at the secret level and below. It cannot be used for information classified top secret or more closely guarded intelligence that is classified at the secret level. The regulations by which information is classified by the U.S. government are outlined in Executive Order 13526. Under that order, secret is the second-highest level of classification and applies to information that, if released, would be reasonably expected to cause serious damage to U.S. national security. Due to the nature of SIPRNet, most of the information that was downloaded from it and sent to WikiLeaks consisted of raw field reports from U.S. troops in Iraq. These reports discussed things units encountered, such as IED attacks, ambushes, the bodies of murdered civilians, friendly-fire incidents, traffic accidents, etc. For the most part, the reports contained raw information and not vetted, processed intelligence. The documents also did not contain information that was the result of intelligence-collection operations, and therefore did not reveal sensitive intelligence sources and methods. Although the WikiLeaks material is often compared to the 1971 release of the Pentagon Papers, there really is very little similarity. The Pentagon Papers consisted of a top secret-level study completed for the U.S. secretary of defense and not raw, low-level battlefield reports. To provide a sense of the material involved in the WikiLeaks release, we will examine two typical reports. The first, classified at the secret level, is from an American military police (MP) company reporting that Iraqi police on Oct. 28, 2006, found the body of a person whose name was redacted in a village who had been executed. In the other report, also classified at the secret level, we see that on Jan. 1, 2004, Iraqi police called an American MP unit in Baghdad to report that an improvised explosive device (IED) had detonated and that there was another suspicious object found at the scene. The MP unit responded, confirmed the presence of the suspicious object and then called an explosive ordnance disposal unit, which came to the site and destroyed the second IED. Now, while it may have been justified to classify such reports at the secret level at the time they were written to protect information pertaining to military operations, clearly, the release of these two reports in October 2010 has not caused any serious damage to U.S. national security. Another factor to consider when reading raw information from the field is that, while they offer a degree of granular detail that cannot be found in higher-level intelligence analysis, they can often be misleading or otherwise erroneous. As anyone who has ever interviewed a witness can tell you, in a stressful situation people often miss or misinterpret important factual details. Thats just how most people are wired. This situation can be compounded when a witness is placed in a completely alien culture. This is not to say that all these reports are flawed, but just to note that raw information must often be double-checked and vetted before it can be used to create a reliable estimate of the situation on the battlefield. Clearly, the readers of these reports released by WikiLeaks now do not have the ability to conduct that type of follow-up. Few True Secrets By saying there are very few true secrets in the cache of documents released by WikiLeaks, we mean things that would cause serious damage to national security. And no, we are not about to point out the things that we believe could be truly damaging. However, it is important to understand up front that something that causes embarrassment and discomfort to a particular administration or agency does not necessarily damage national security. As to the charges that the documents are being mined by militant groups for information that can be used in attacks against U.S. troops deployed overseas, this is undoubtedly true. It would be foolish for the Taliban, the Islamic State of Iraq (ISI) and other militant groups not to read the documents and attempt to benefit from them. However, there are very few things noted in these reports pertaining to the tactics, techniques and procedures (TTP) used by U.S. forces that could not be learned by simply observing combat operations and the Taliban and ISI have been carefully studying U.S. TTP every hour of every day for many years now. These documents are far less valuable than years of careful, direct observation and regular first-hand interaction. Frankly, combatants who have been intensely watching U.S. and coalition forces and engaging them in combat for the better part of a decade are not very likely to learn much from dated American after-action reports. The insurgents and sectarian groups in Iraq own the human terrain; they know who U.S. troops are meeting with, when they meet them and where. There is very little that this level of reporting is going to reveal to them that they could not already have learned via observation. Remember, these reports do not deal with highly classified human-intelligence or technical-intelligence operations. This is not to say that the alleged actions of Manning are somehow justified. From the statements released by the government in connection with the case, Manning knew the information he was downloading was classified and needed to be protected. He also appeared to know that his actions were illegal and could get him in trouble. He deserves to face the legal consequences of his actions. This is also not a justification for the actions of WikiLeaks and the media outlets that are exploiting and profiting from the release of this information. What we are saying is that the hype surrounding the release is just that. There were a lot of classified documents released, but very few of them contained information that would truly shed new light on the actions of U.S. troops in Iraq or their allies or damage U.S. national security. While the amount of information released in this case was huge, it was far less damaging than the information released by convicted spies such as Robert Hanssen and Aldrich Ames information that crippled sensitive intelligence operations and resulted in the execution or imprisonment of extremely valuable human intelligence sources. Culture of Classification Perhaps one of the most interesting facets of the WikiLeaks case is that it highlights the culture of classification that is so pervasive inside the U.S. government. Only 204 of the 391,832 documents were classified at the confidential level, while 379,565 of them were classified at the secret level. This demonstrates the propensity of the U.S. government culture to classify documents at the highest possible classification rather than at the lowest level really required to protect that information. In this culture, higher is better. Furthermore, while much of this material may have been somewhat sensitive at the time it was reported, most of that sensitivity has been lost over time, and many of the documents, like the two reports referenced above, no longer need to be classified. Executive Order 13526 provides the ability for classifying agencies to set dates for materials to be declassified. Indeed, according to the executive order, a date for declassification is supposed to be set every time a document is classified. But, in practice, such declassification provisions are rarely used and most people just expect the documents to remain classified for the entire authorized period, which is 10 years in most cases and 25 years when dealing with sensitive topics such as intelligence sources and methods or nuclear weapons. In the culture of classification, longer is also seen as better. This culture tends to create so much classified material that stays classified for so long that it becomes very difficult for government employees and security managers to determine what is really sensitive and what truly needs to be protected. There is certainly a lot of very sensitive information that needs to be carefully guarded, but not everything is a secret. This culture also tends to reinforce the belief among government employees that knowledge is power and that one can become powerful by having access to information and denying that access to others. And this belief can often contribute to the bureaucratic jealously that results in the failure to share intelligence a practice that was criticized so heavily in the 9/11 Commission Report. It has been very interesting to watch the reaction to the WikiLeaks case by those who are a part of the culture of classification. Some U.S. government agencies, such as the FBI, have bridled under the post-9/11 mandates to share their information more widely and have been trying to scale back the practice. As anyone who has dealt with the FBI can attest, they tend to be a semi-permeable membrane when it comes to the flow of information. For the bureau, intelligence flows only one way in. The FBI is certainly not alone. There are many organizations that are very hesitant to share information with other government agencies, even when those agencies have a legitimate need to know. The WikiLeaks cases have provided such people a justification to continue to stovepipe information. In addition to the glaring personnel security issues regarding Mannings access to classified information systems, these cases are in large part the result of a classified information system overloaded with vast quantities of information that simply does not need to be protected at the secret level. And, ironically, overloading the system in such a way actually weakens the information-protection process by making it difficult to determine which information truly needs to be protected. Instead of seeking to weed out the overclassified material and concentrate on protecting the truly sensitive information, the culture of classification reacts by using the WikiLeaks cases as justification for continuing to classify information at the highest possible levels and for sharing the intelligence it generates with fewer people. The ultimate irony is that the WikiLeaks cases will help strengthen and perpetuate the broken system that helped lead to the disclosures in the first place. --- http://felix.openflows.com ----------------------- books out now: *|Deep Search.The Politics of Search Beyond Google.Studienverlag 2009 *|Mediale Kunst/Media Arts Zurich.13 Positions.Scheidegger&Spiess2008 *|Manuel Castells and the Theory of the Network Society. Polity, 2006 *|Open Cultures and the Nature of Networks. Ed. Futura/Revolver, 2005 # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: http://mail.kein.org/mailman/listinfo/nettime-l # archive: http://www.nettime.org contact: nettime(a)kein.org ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

<nettime> WikiLeaks and the Culture of Classification
by Felix Stalder 06 Jul '18

06 Jul '18

I don't think Wikileaks works on the level of operationally-relevant secrets. It's not about espionage. So the fact that there are other forums where more highly valuable stuff is being exchanged, doesn't diminish the value of Wikileaks. It's precisely its high profile and media exposure that constitutes its value. It's not about espionage, it's about politics. And, it's about inducing inducing dysfunctional habits into the organizations trying to prevent information from leaking. Assange called this once 'secrecy tax' and if I take this article here at face value, it seems to be working. Felix http://www.stratfor.com/weekly/20101027_wikileaks_and_culture_classification WikiLeaks and the Culture of Classification October 28, 2010 | 0853 GMT By Scott Stewart On Friday, Oct. 22, the organization known as WikiLeaks published a cache of 391,832 classified documents on its website. The documents are mostly field reports filed by U.S. military forces in Iraq from January 2004 to December 2009 (the months of May 2004 and March 2009 are missing). The bulk of the documents (379,565, or about 97 percent) were classified at the secret level, with 204 classified at the lower confidential level. The remaining 12,062 documents were either unclassified or bore no classification. This large batch of documents is believed to have been released by Pfc. Bradley Manning, who was arrested in May 2010 by the U.S. Army Criminal Investigations Command and charged with transferring thousands of classified documents onto his personal computer and then transmitting them to an unauthorized person. Manning is also alleged to have been the source of the classified information released by WikiLeaks pertaining to the war in Afghanistan in July 2010. WikiLeaks released the Iraq war documents, as it did the Afghanistan war documents, to a number of news outlets for analysis several weeks in advance of their formal public release. These news organizations included The New York Times, Der Spiegel, The Guardian and Al Jazeera, each of which released special reports to coincide with the formal release of the documents Oct. 22. Due to its investigation of Manning, the U.S. government also had a pretty good idea of what the material was before it was released and had formed a special task force to review it for sensitive and potentially damaging information prior to the release. The Pentagon has denounced the release of the information, which it considers a crime, has demanded the return of its stolen property and has warned that the documents place Iraqis at risk of retaliation and also place the lives of U.S. troops at risk from terrorist groups that are mining the documents for tidbits of operational information they can use in planning their attacks. When one takes a careful look at the classified documents released by WikiLeaks, it becomes quickly apparent that they contain very few true secrets. Indeed, the main points being emphasized by Al Jazeera and the other media outlets after all the intense research they conducted before the public release of the documents seem to highlight a number of issues that had been well-known and well-chronicled for years. For example, the press has widely reported that the Iraqi government was torturing its own people; many civilians were killed during the six years the documents covered; sectarian death squads were operating inside Iraq; and the Iranian government was funding Shiite militias. None of this is news. But, when one steps back from the documents themselves and looks at the larger picture, there are some interesting issues that have been raised by the release of these documents and the reaction to their release. The Documents The documents released in this WikiLeaks cache were taken from the U.S. governments Secret Internet Protocol Router Network (SIPRNet), a network used to distribute classified but not particularly sensitive information. SIPRNet is authorized only for the transmission of information classified at the secret level and below. It cannot be used for information classified top secret or more closely guarded intelligence that is classified at the secret level. The regulations by which information is classified by the U.S. government are outlined in Executive Order 13526. Under that order, secret is the second-highest level of classification and applies to information that, if released, would be reasonably expected to cause serious damage to U.S. national security. Due to the nature of SIPRNet, most of the information that was downloaded from it and sent to WikiLeaks consisted of raw field reports from U.S. troops in Iraq. These reports discussed things units encountered, such as IED attacks, ambushes, the bodies of murdered civilians, friendly-fire incidents, traffic accidents, etc. For the most part, the reports contained raw information and not vetted, processed intelligence. The documents also did not contain information that was the result of intelligence-collection operations, and therefore did not reveal sensitive intelligence sources and methods. Although the WikiLeaks material is often compared to the 1971 release of the Pentagon Papers, there really is very little similarity. The Pentagon Papers consisted of a top secret-level study completed for the U.S. secretary of defense and not raw, low-level battlefield reports. To provide a sense of the material involved in the WikiLeaks release, we will examine two typical reports. The first, classified at the secret level, is from an American military police (MP) company reporting that Iraqi police on Oct. 28, 2006, found the body of a person whose name was redacted in a village who had been executed. In the other report, also classified at the secret level, we see that on Jan. 1, 2004, Iraqi police called an American MP unit in Baghdad to report that an improvised explosive device (IED) had detonated and that there was another suspicious object found at the scene. The MP unit responded, confirmed the presence of the suspicious object and then called an explosive ordnance disposal unit, which came to the site and destroyed the second IED. Now, while it may have been justified to classify such reports at the secret level at the time they were written to protect information pertaining to military operations, clearly, the release of these two reports in October 2010 has not caused any serious damage to U.S. national security. Another factor to consider when reading raw information from the field is that, while they offer a degree of granular detail that cannot be found in higher-level intelligence analysis, they can often be misleading or otherwise erroneous. As anyone who has ever interviewed a witness can tell you, in a stressful situation people often miss or misinterpret important factual details. Thats just how most people are wired. This situation can be compounded when a witness is placed in a completely alien culture. This is not to say that all these reports are flawed, but just to note that raw information must often be double-checked and vetted before it can be used to create a reliable estimate of the situation on the battlefield. Clearly, the readers of these reports released by WikiLeaks now do not have the ability to conduct that type of follow-up. Few True Secrets By saying there are very few true secrets in the cache of documents released by WikiLeaks, we mean things that would cause serious damage to national security. And no, we are not about to point out the things that we believe could be truly damaging. However, it is important to understand up front that something that causes embarrassment and discomfort to a particular administration or agency does not necessarily damage national security. As to the charges that the documents are being mined by militant groups for information that can be used in attacks against U.S. troops deployed overseas, this is undoubtedly true. It would be foolish for the Taliban, the Islamic State of Iraq (ISI) and other militant groups not to read the documents and attempt to benefit from them. However, there are very few things noted in these reports pertaining to the tactics, techniques and procedures (TTP) used by U.S. forces that could not be learned by simply observing combat operations and the Taliban and ISI have been carefully studying U.S. TTP every hour of every day for many years now. These documents are far less valuable than years of careful, direct observation and regular first-hand interaction. Frankly, combatants who have been intensely watching U.S. and coalition forces and engaging them in combat for the better part of a decade are not very likely to learn much from dated American after-action reports. The insurgents and sectarian groups in Iraq own the human terrain; they know who U.S. troops are meeting with, when they meet them and where. There is very little that this level of reporting is going to reveal to them that they could not already have learned via observation. Remember, these reports do not deal with highly classified human-intelligence or technical-intelligence operations. This is not to say that the alleged actions of Manning are somehow justified. From the statements released by the government in connection with the case, Manning knew the information he was downloading was classified and needed to be protected. He also appeared to know that his actions were illegal and could get him in trouble. He deserves to face the legal consequences of his actions. This is also not a justification for the actions of WikiLeaks and the media outlets that are exploiting and profiting from the release of this information. What we are saying is that the hype surrounding the release is just that. There were a lot of classified documents released, but very few of them contained information that would truly shed new light on the actions of U.S. troops in Iraq or their allies or damage U.S. national security. While the amount of information released in this case was huge, it was far less damaging than the information released by convicted spies such as Robert Hanssen and Aldrich Ames information that crippled sensitive intelligence operations and resulted in the execution or imprisonment of extremely valuable human intelligence sources. Culture of Classification Perhaps one of the most interesting facets of the WikiLeaks case is that it highlights the culture of classification that is so pervasive inside the U.S. government. Only 204 of the 391,832 documents were classified at the confidential level, while 379,565 of them were classified at the secret level. This demonstrates the propensity of the U.S. government culture to classify documents at the highest possible classification rather than at the lowest level really required to protect that information. In this culture, higher is better. Furthermore, while much of this material may have been somewhat sensitive at the time it was reported, most of that sensitivity has been lost over time, and many of the documents, like the two reports referenced above, no longer need to be classified. Executive Order 13526 provides the ability for classifying agencies to set dates for materials to be declassified. Indeed, according to the executive order, a date for declassification is supposed to be set every time a document is classified. But, in practice, such declassification provisions are rarely used and most people just expect the documents to remain classified for the entire authorized period, which is 10 years in most cases and 25 years when dealing with sensitive topics such as intelligence sources and methods or nuclear weapons. In the culture of classification, longer is also seen as better. This culture tends to create so much classified material that stays classified for so long that it becomes very difficult for government employees and security managers to determine what is really sensitive and what truly needs to be protected. There is certainly a lot of very sensitive information that needs to be carefully guarded, but not everything is a secret. This culture also tends to reinforce the belief among government employees that knowledge is power and that one can become powerful by having access to information and denying that access to others. And this belief can often contribute to the bureaucratic jealously that results in the failure to share intelligence a practice that was criticized so heavily in the 9/11 Commission Report. It has been very interesting to watch the reaction to the WikiLeaks case by those who are a part of the culture of classification. Some U.S. government agencies, such as the FBI, have bridled under the post-9/11 mandates to share their information more widely and have been trying to scale back the practice. As anyone who has dealt with the FBI can attest, they tend to be a semi-permeable membrane when it comes to the flow of information. For the bureau, intelligence flows only one way in. The FBI is certainly not alone. There are many organizations that are very hesitant to share information with other government agencies, even when those agencies have a legitimate need to know. The WikiLeaks cases have provided such people a justification to continue to stovepipe information. In addition to the glaring personnel security issues regarding Mannings access to classified information systems, these cases are in large part the result of a classified information system overloaded with vast quantities of information that simply does not need to be protected at the secret level. And, ironically, overloading the system in such a way actually weakens the information-protection process by making it difficult to determine which information truly needs to be protected. Instead of seeking to weed out the overclassified material and concentrate on protecting the truly sensitive information, the culture of classification reacts by using the WikiLeaks cases as justification for continuing to classify information at the highest possible levels and for sharing the intelligence it generates with fewer people. The ultimate irony is that the WikiLeaks cases will help strengthen and perpetuate the broken system that helped lead to the disclosures in the first place. --- http://felix.openflows.com ----------------------- books out now: *|Deep Search.The Politics of Search Beyond Google.Studienverlag 2009 *|Mediale Kunst/Media Arts Zurich.13 Positions.Scheidegger&Spiess2008 *|Manuel Castells and the Theory of the Network Society. Polity, 2006 *|Open Cultures and the Nature of Networks. Ed. Futura/Revolver, 2005 # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: http://mail.kein.org/mailman/listinfo/nettime-l # archive: http://www.nettime.org contact: nettime(a)kein.org ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[tahoe-announce] ANN: Tahoe-LAFS 1.9.1 Released!
by Brian Warner 06 Jul '18

06 Jul '18

ANNOUNCING Tahoe, the Least-Authority File System, v1.9.1 The Tahoe-LAFS team has announced the immediate availability of version 1.9.1 of Tahoe-LAFS, an extremely reliable distributed storage system. Get it here: https://tahoe-lafs.org/source/tahoe-lafs/trunk/docs/quickstart.rst Tahoe-LAFS is the first distributed storage system to offer "provider-independent security" b meaning that not even the operators of your storage servers can read or alter your data without your consent. Here is the one-page explanation of its unique security and fault-tolerance properties: https://tahoe-lafs.org/source/tahoe-lafs/trunk/docs/about.rst The previous stable release of Tahoe-LAFS was v1.9.0, released on October 31, 2011. v1.9.1 is a critical bugfix release which fixes a significant security issue [#1654]. See the NEWS file [1] and known_issues.rst [2] file for details. WHAT IS IT GOOD FOR? With Tahoe-LAFS, you distribute your filesystem across multiple servers, and even if some of the servers fail or are taken over by an attacker, the entire filesystem continues to work correctly, and continues to preserve your privacy and security. You can easily share specific files and directories with other people. In addition to the core storage system itself, volunteers have built other projects on top of Tahoe-LAFS and have integrated Tahoe-LAFS with existing systems, including Windows, JavaScript, iPhone, Android, Hadoop, Flume, Django, Puppet, bzr, mercurial, perforce, duplicity, TiddlyWiki, and more. See the Related Projects page on the wiki [3]. We believe that strong cryptography, Free and Open Source Software, erasure coding, and principled engineering practices make Tahoe-LAFS safer than RAID, removable drive, tape, on-line backup or cloud storage. This software is developed under test-driven development, and there are no known bugs or security flaws which would compromise confidentiality or data integrity under recommended use. (For all important issues that we are currently aware of please see the known_issues.rst file [2].) COMPATIBILITY This release is compatible with the version 1 series of Tahoe-LAFS. Clients from this release can write files and directories in the format used by clients of all versions back to v1.0 (which was released March 25, 2008). Clients from this release can read files and directories produced by clients of all versions since v1.0. Servers from this release can serve clients of all versions back to v1.0 and clients from this release can use servers of all versions back to v1.0. This is the sixteenth release in the version 1 series. This series of Tahoe-LAFS will be actively supported and maintained for the foreseeable future, and future versions of Tahoe-LAFS will retain the ability to read and write files compatible with this series. LICENCE You may use this package under the GNU General Public License, version 2 or, at your option, any later version. See the file "COPYING.GPL" [4] for the terms of the GNU General Public License, version 2. You may use this package under the Transitive Grace Period Public Licence, version 1 or, at your option, any later version. (The Transitive Grace Period Public Licence has requirements similar to the GPL except that it allows you to delay for up to twelve months after you redistribute a derived work before releasing the source code of your derived work.) See the file "COPYING.TGPPL.rst" [5] for the terms of the Transitive Grace Period Public Licence, version 1. (You may choose to use this package under the terms of either licence, at your option.) INSTALLATION Tahoe-LAFS works on Linux, Mac OS X, Windows, Solaris, *BSD, and probably most other systems. Start with "docs/quickstart.rst" [6]. HACKING AND COMMUNITY Please join us on the mailing list [7]. Patches are gratefully accepted -- the RoadMap page [8] shows the next improvements that we plan to make and CREDITS [9] lists the names of people who've contributed to the project. The Dev page [10] contains resources for hackers. SPONSORSHIP Atlas Networks has contributed several hosted servers for performance testing. Thank you to Atlas Networks [11] for their generous and public-spirited support. And a special thanks to Least Authority Enterprises [12], which employs several Tahoe-LAFS developers, for their continued support. HACK TAHOE-LAFS! If you can find a security flaw in Tahoe-LAFS which is serious enough that we feel compelled to warn our users and issue a fix, then we will award you with a customized t-shirts with your exploit printed on it and add you to the "Hack Tahoe-LAFS Hall Of Fame" [13]. ACKNOWLEDGEMENTS This is the tenth release of Tahoe-LAFS to be created solely as a labor of love by volunteers. Thank you very much to the team of "hackers in the public interest" who make Tahoe-LAFS possible. Brian Warner on behalf of the Tahoe-LAFS team January 12, 2011 San Francisco, California, USA [#1654] https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1654 [1] https://tahoe-lafs.org/trac/tahoe-lafs/browser/NEWS.rst [2] https://tahoe-lafs.org/trac/tahoe-lafs/browser/docs/known_issues.rst [3] https://tahoe-lafs.org/trac/tahoe-lafs/wiki/RelatedProjects [4] https://tahoe-lafs.org/trac/tahoe-lafs/browser/COPYING.GPL [5] https://tahoe-lafs.org/trac/tahoe-lafs/browser/COPYING.TGPPL.rst [6] https://tahoe-lafs.org/trac/tahoe-lafs/browser/docs/quickstart.rst [7] https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev [8] https://tahoe-lafs.org/trac/tahoe-lafs/roadmap [9] https://tahoe-lafs.org/trac/tahoe-lafs/browser/CREDITS [10] https://tahoe-lafs.org/trac/tahoe-lafs/wiki/Dev [11] http://atlasnetworks.us/ [12] http://leastauthority.com/ [13] https://tahoe-lafs.org/hacktahoelafs/ _______________________________________________ tahoe-announce mailing list tahoe-announce(a)tahoe-lafs.org http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-announce ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: [cryptography] (off-topic) Bitcoin is a repeated lesson in cryptography applications - was "endgame"
by lodewijk andri de la porte 06 Jul '18

06 Jul '18

> > That's it! Now, leave aside the libertarian hopes and the politics and > the freedom bias and right to code and the "this time it's different" and > all that crap -- and ask yourself. > > Where do you want to invest your future? > I will invest my time and skill to improve the people's knowledge and sovereignty. For the sake of brevity I will omit my reasons to do so. I find that in a capitalist society everything starts with money. Anything will have finances in it's foundation. If we are to create anything pure, elegant and satisfying we've can't have shaky foundations; we can't have bad money. Improving money will improve everything. Whether or not Bitcoins can do it, I can't be sure. I think it has the potential to. What better way to spend our time than to try and make it so? Thank you for the e-mail iang. I very much appreciate it. _______________________________________________ cryptography mailing list cryptography(a)randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: [tahoe-dev] erasure coding makes files more fragile, not less
by Shawn Willden 06 Jul '18

06 Jul '18

Although your provocative statement tries so hard to be provocative it fails to be true, there's clearly a kernel of truth there -- and there's no argument at all that Tahoe needs better monitoring and more transparency. The arguments make are the basis for the approach I (successfully) pushed when we started the VG2 grid: We demand high uptime from individual servers because the math of erasure coding works against you when the individual nodes are unreliable, and we ban co-located servers and prefer to minimize the number of servers owned and administered by a single person in order to ensure greater independence. How has that worked out? Well, it's definitely constrained the growth rate of the grid. We're two years in and still haven't reached 20 nodes. And although our nodes have relatively high reliability, I'm not sure we've actually reached the 95% uptime target -- my node, for example, was down for over a month while I moved, and we recently had a couple of outages caused by security breaches. However, we do now have 15 solid, high-capacity, relatively available (90%, at least) nodes that are widely dispersed geographically (one in Russia, six in four countries in Europe, seven in six states in the US; not sure about the other). So it's pretty good -- though we do need more nodes. I can see two things that would make it an order of magnitude better: monitoring and dynamic adjustment of erasure-coding parameters. Monitoring is needed both to identify cases where file repairs need to be done before they become problematic and to provide the node reliability data required to dynamically determine erasure coding parameters. Dynamic calculation of erasure coding parameters is necessary both to improve transparency and to provide more reliability. The simple 3-of-7 (shares.total is meaningless; shares.happy is what matters) default parameters do not automatically provide high reliability, even if server failure is independent (and the direct relationship between individual server reliability and K/N is meaningless; it's more complicated than that). The only way erasure coding parameters can be appropriately selected is by doing some calculations based on knowledge of the size of the available storage nodes and their individual reliabilities. Since these factors change over time, therefore, the only way to know what the parameters should be at the moment of upload is calculate them dynamically. Specifically, N/H should be set to the number of storage nodes currently accepting shares and K should be computed to meet a user-specified per-file reliability probability over a user-specified timeframe (the repair interval). Not only would this approach make it easier for users to specify their reliability goals (at the expense of less-predictable expansion), it would also make Tahoe inherently more robust, particularly if it actually observed and measured individual node reliabilities over time, with conservative initial assumptions. It would likely reduce failure-to-upload errors, because rather than just giving up when there aren't "enough" storage nodes available, it would just increase redundancy. At the same time, it would be able to properly fail uploads when it is simply impossible to meet the desired reliability goals. It would also simplify repair and monitoring, at least from a conceptual perspective. The goal of a "reliability monitor" would be to check to see if, under current estimates of reliability of the nodes holding a file's shares, if that file's estimated reliability meets the stated user requirement (assuming independence of node failures -- interdependence actually could also be easily factored into the calculations, but configuration would be a bear and it would require lots of ad-hoc estimates of hard-to-measure probabilities). It wouldn't even be difficult to include path-based considerations in reliability estimates. The biggest downside of this approach, I think, would be that it would still be hard to understand how the specified reliability relates to the * actual* file reliability, because it would be neither an upper bound nor a lower bound but an estimate with unknown deviation. -- Shawn _______________________________________________ tahoe-dev mailing list tahoe-dev(a)tahoe-lafs.org http://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

EDRI-gram newsletter - Number 4.22, 22 November 2006
by EDRI-gram newsletter 06 Jul '18

06 Jul '18

============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 4.22, 22 November 2006 ============================================================ Contents ============================================================ 1. Draft Audiovisual Directive limited to the TV-like services on the web 2. German draft law on data retention presented 3. New law proposal on data retention submitted in Italy 4. UK biometric passports project set back by simple cloning possibilities 5. Microsoft in danger of additional fining from the European Commission 6. Italian Minister of Justice proposes an authority for violent videogames 7. Logging of IP addresses banned in Germany 8. Swiss Big Brother Awards 2006 9. Italian postal codes can be freely accessed 10. FIPR report on children's databases - likely to harm rather than help 11. Support EDRi-gram 12. Agenda 13. About ============================================================ 1. Draft Audiovisual Directive limited to the TV-like services on the web ============================================================ At the EU's Council of Ministers meeting on 14 November a new version of the Audiovisual Media Services directive has been agreed, that limits the new regulation regarding video on the Internet only to the TV-like services (linear services). The video clips on the Internet will not be subject of this new directive. The initial version of the Audiovisual Media Services, which is a revision of the 1997 Television without Frontiers (TWF) directive, has been seriously criticized by various players - from the UK government to a number of media scholars that signed the Budapest Declaration for Freedom of the Internet. The new version agreed by the Council of Ministers, but also by the European Parliament Culture committee introduces the notion of audiovisual media services and distinguishes between television broadcasts ("linear" services" e.g. scheduled broadcasting via traditional TV, the internet or mobile phones, which "pushes" content to viewers) and on-demand services ("non-linear" such as video on-demand, which the viewer "pulls" from a network). In distinguishing between these two categories of audiovisual media services, both the Commission and the Committee have stressed that they are seeking to subject providers of "on demand services" to only a minimum set of rules. Linear services, on the other hand, are more thoroughly regulated. One of the main supporters of the reduction of the content were the UK broadcasting regulator Ofcom and Culture Secretary Tessa Jowell. Ofcom will now have to regulate only the TV Internet broadcast from major televisions, but will not include the social networking websites - so popular these days. "Today's outcome is testament to the substantial progress we have made in persuading our European partners to take our arguments on board," underlined one of the supporters of the change, the UK creative industries minister, Shaun Woodward. Continuing the country of origin principle foreseen in the TWF directive, the draft Audiovisual directive puts the national regulators in charge of regulating the broadcasters that operate within their borders. The agreed text includes also a mechanism allowing a destination Member State under certain limited circumstances to take measures against a provider established in another Member State. Television in the digital age: MEPs adopt a new approach to product placement (14.11.2006) http://www.europarl.europa.eu/news/expert/infopress_page/039-12616-317-11-4… 906-20061113IPR12607-13-11-2006-2006-false/default_en.htm Britain kills EU attempt to regulate net video clips (14.11.2006) http://technology.guardian.co.uk/news/story/0,,1947176,00.html Regulation of web video watered down in Europe (16.11.2006) http://www.out-law.com/default.aspx?page=7488 EDRI-gram: Draft Audiovisual Media Services Directive under criticism (24.05.2006) http://www.edri.org/edrigram/number4.10/audiovisualEDRI-gram EU Audiovisual Directive:Budapest Declaration for Freedom of the Internet (30.08.2006) http://www.edri.org/edrigram/number4.16/budapestdeclaration ============================================================ 2. German draft law on data retention made public ============================================================ On 8 November 2006, the German Minister of Justice Brigitte Zypries presented a draft law aimed at transposing the EU directive on data retention. The law would override the recent jurisprudence on IP logging by mandating the retention of traffic data for a period of six months. Retention requirements are also to apply to anonymization services, making them practically superfluous. Furthermore anonymous e-mail accounts are to be banned. Access to traffic data shall be permissible for the investigation of "substantial" offences, but also for the investigation of any offence committed by use of telecommunications networks (including sharing of copyrighted content). The law is to enter into force on 15 September 2007. Until 15 March 2009 data retention is to be optional for providers of internet access, Internet telephony and e-mail services. The draft law was sharply criticised by the activist Working Group on Data Retention (Arbeitskreis Vorratsdatenspeicherung) for being unconstitutional. The German Federal Constitutional Court (Bundesverfassungsgericht) has repeatedly ruled in the past that human rights permit the collection of personal data only where they are needed for a specific purpose. The Working Group called for the transposition process to be aborted or, at least, suspended until the ECJ has ruled on Ireland's action for annulment of the directive on data retention. The Working Group also criticized the German draft law for going beyond EU requirements in relation to anonymization services, e-mail services and access to retained data. The EU directive applies to the investigation of "serious" offences only and does not ban anonymous or anonymization services. The activist group presented a class action to be submitted to the Federal Constitutional Court in case the proposed law is adopted. The Court is to be asked to provisionally suspend data retention in Germany while examining its constitutionality. According to the draft application published on the Internet, the EU directive on data retention is void for violating human rights and for lacking a legal basis. The planned class action is supported by several German jurists and is open for all German citizens to join. Draft law on data retention in Germany (in German only, 8.11.2006) http://www.humanistische-union.de/fileadmin/hu_upload/doku/vorratsdaten/de-… cht/bmj_2006.11.pdf Website of the Working Group on Data Retention including information on the class action against data retention (in German only) http://www.vorratsdatenspeicherung.de/ (Contribution by Patrick Breyer - Working Group on Data Retention - Germany) ============================================================ 3. New law proposal on data retention submitted in Italy ============================================================ Thanks to Italian MP Maurizio Turco (Rosa nel Pugno) a law proposal on data retention authored by the Winston Smith Project has been recently submitted to the Italian Parliament as DDL (Disegno di Legge) number 1728. The proposal, whose title is "Regulations for the collection, usage, retention and deletion of geo-referenced or chrono-referenced data, containing unique user identifiers, through automatic devices" aims to limit the "side effects" of the current "data retention culture", in which - due to political and technological reasons - logging and retention of all sorts of data is the norm rather than the exception. According to the explanatory text of the proposal, ISP connections, web surfing patterns, mail, news, chats can be logged and stored indefinitely with relatively small investments, even by small and medium organisations. The phenomenon is not limited to the Internet "per se": GSM "cell data", i.e. the list of cells to which a mobile phone connects while the owner moves, or data resulting from RFID usage are two other examples. Technological automation allows the creation of huge databases on activities that are not necessarily considered "personal data" according to Italian law 196/2003, the main legal source for privacy protection in Italy, and are therefore not subject to the protection guaranteed thereof. Such databases can quickly become a privacy nightmare as access controls tend to be lax either for lack of funding or for a commercial interest into giving such access in the first place, and as data mining theory and applications become more and more sophisticated in cross-referencing apparently innocuous data from different sources. Three Italian laws regulate the duration of data retention: Legislative Decree 259/2003 ("Codice delle comunicazioni elettroniche"), Law 196/2003 ("Codice in materia di protezione dei dati personali) and, most recently, the so-called "decreto Pisanu", from the name of the former Ministry of Internal Affairs of the last Berlusconi government. The law proposal by the Winston Smith Project does not want to negotiate the current obligations related to data retention; rather, it aims at acting "ex ante" by reducing the quantity of data that are automatically collected without any specific legal obligation imposing such collection in the first place. The law introduces the "duty to delete" principle, according to which automatically collected data shall not be preserved for longer than strictly necessary to achieve the goal for which collection took place in the first place. In a nutshell, the law proposal aims at making deletion of data the rule, rather than the exception. The Winston Smith Project http://www.winstonsmith.info/ An interoperable world: the European Commission vs Microsoft Corporation and the value of open interfaces (04.2005) http://www.bileta.ac.uk/Document%20Library/1/An%20Interoperable%20World%20-… 0the%20European%20Commission%20vs%20Microsoft%20Corporation%20and%20the%20Val ue%20of%20Open%20Interfaces.pdf Text of the law proposal (only in Italian) https://www.winstonsmith.info/proposta_di_legge_rdp_v6.rtf (Contribution by Andrea Glorioso, Italian consultant on digital policies) ============================================================ 4. UK biometric passports project set back by simple cloning possibilities ============================================================ UK Government faces now a big problem related to the introduction of the new biometric passports as recently it has been proven these passports can be easily and very cheaply copied by means of a microchip reader that can be legally bought on the Internet. As a big embarrassment to the Home Office, a project having led to the increase of the travel documents by 60 per cent since March 2006, and that brought about 90 million euro costs for the passport production lines, may be entirely dropped as the new passports are more a risk for their owners rather than an improvement to the old documents. "Three million people now have passports that expose them to a greater risk of identity fraud than before." said Nick Clegg, the Liberal Democrat home affairs spokesman. UK government decided to introduce the micro-chipped biometric passports in order to make theft more difficult, but an investigation led by the Guardian has shown the respective passports can be easily read and copied. The data obtained from three passports were transferred to a PC after gaining access to the chips by means of a simple microchip reader, purchased from the Internet for less than 150 euro, and then cloned with photograph included. Computer expert Adam Laurie, who needed only 48 hours to write a software capable to copy the information from the passports said: "The Home Office is using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are breaking one of the fundamental principles of encryption by using non-secret information published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and putting the key under the mat." The Home Office commented on that considering the fact as not important: "The information itself cannot be altered; the photo would still be the same so the copy would be of no use to an impersonator trying to use it fraudulently. Other than the photograph, which could be obtained easily by other means, they would gain no information that they did not already have - so the whole exercise would be utterly pointless." stated a spokesman. As Phil Booth of NO2ID said: "The government is clearly derelict in its duty to protect the privacy and security of British citizens". Recall demand after cloning of new biometric passports (17.11.2006) http://www.guardian.co.uk/uk_news/story/0,,1950199,00.html New biometric passports can be cloned using #100 equipment sold over internet (17.11.2006) http://www.dailymail.co.uk/pages/live/articles/news/news.html?in_article_id… 17101&in_page_id=1770 Now, clone UK's new biometric passports with a 100 pound download from the Net! (18.11.2006) http://www.newkerala.com/news4.php?action=fullnews&id=52763 ============================================================ 5. Microsoft in danger of additional fining from the European Commission ============================================================ Microsoft faces additional fines for not having yet complied with the 2004 antitrust order through which it was ordered to provide the complete and accurate interface documentation ensuring other companies to write software that would work on systems running Windows . The Commission considered in 2004 that Microsoft had abused its position in the software market as its operation system Windows, used on more than 95% of the PCs in the world, did not allow sufficient interoperability for other software producers. Microsoft had already been fined with 479 million euro and another fine of 280.5 million euro was established by the EC for Microsoft not having observed the 19 July deadline. Now, the penalties will increase from 2 to 3 million euro per day in case the company does not meet the new deadline established for 23 November 2006. After that date, the information to be received from Microsoft will be supplied to its competitors to decide whether it is enough for interoperability. Although Microsoft has said that it is ready to provide the remaining information, the Commission seems to have lost its patience on the matter. Commissioner Neelie Kroes stated to the UK newspaper The Guardian: "I am not impressed if someone says 90% of the information is already there when we need 100%. It's a jigsaw and some parts are missing. In my opinion, this information should have been here a couple of months ago." Microsoft's new operating system Vista that had been initially scheduled for the middle on 2006 has been largely affected by this issue. Microsoft had to agree to make changes to Vista as EU threatened to ban it based on concerns that the software included in the operating system was violating antitrust laws. This delay in releasing Vista on the market is estimated to have cost Microsoft about 80 million euro per month and to have caused a drop of 20% in sales on the PC market. Microsoft is now planning to launch the product on 30 January 2007. In case the Commission and other software companies are pleased with the documents Microsoft is expected to provide, Microsoft will decide how much to charge for licenses and, in case the Commission finds the cost too high, it can again fine the US company. Professor Neil Barrett, the Commission's 'monitoring trustee' will help the Commission interpret the information provided by Microsoft and will monitor the compliance with the Commission's decisions. Microsoft has still not complied with 2004 ruling, says Commission (17.11.2006) http://www.out-law.com/default.aspx?page=7490 EU threatens Microsoft with new fines (15.11.2006) http://www.eetimes.com/news/semi/showArticle.jhtml?articleID=194400583 EU sets Microsoft deadline, warns patience is thin (15.11.2006) http://today.reuters.com/news/articleinvesting.aspx?type=governmentFilingsN… s&storyID=2006-11-15T161511Z_01_L15777929_RTRIDST_0_TECH-EU-MICROSOFT-UPDATE- 3.XML&WTmodLoc=InvArt-C2-NextArticle-1 Microsoft Vista operating system to be released on 30th January 2007 (12.11.2006) http://www.marketoracle.co.uk/Article120.html EDRI-gram : Microsoft Vista gets criticism before its launching in Europe (27.09.2006) http://www.edri.org/edrigram/number4.18/vista ============================================================ 6. Italian Minister of Justice proposes an authority for violent videogames ============================================================ According to the Italian national newspaper La Repubblica, the Italian Minister of Justice, Mr. Clemente Mastella, has recently claimed that it would be advisable to create an "authority" that would "decide on acceptable standards related to the modalities of sale" of videogames, so that it might be possible to "find those [videogames] that contain unacceptable levels of violence". An "authority", in Italian political lingo, is a theoretically independent public body that ought to check and control certain subsets of public life. Examples include the "Autorit` per le Telecomunicazioni" (Authority for Telecommunications) and the "Autorit` Garante della Concorrenza e del Mercato" (Authority for Guaranteeing Competition and [Free] Market), both criticized in the past for their inability to clearly fulfil their mission due to too much internal bureaucracy and/or a sort of "psychological dependence" towards the Government in charge and other powers-that-be. Mr. Mastella's remarks, together with those of Mr. Giuseppe Fioroni, Minister of Education, according to whom "freedom for videogames must stop in front of the freedom of sons to live in serenity and without violence", and those of Mr. Paolo Gentiloni, Minister of Communications, according to whom "the issues in protecting minors is not limited to television, but must extend to new media", seem to have been spurred by the videogame "Rule of Rose". It is not clear at this point how an "Authority for Violent Videogames" would be supposed to fare any better than the existing institutions; it is also not clear whether Mr. Mastella is suggesting the creation of a new rating system for the videogaming market in Italy - where the European rating system PEGI, or Pan European Gaming Information, is already in use - or rather he is proposing the introduction of new tools to control the circulation of videogames on the basis of existing rating systems. La Repubblica also quotes Mr. Mastella as adding that "both criminal [law] intervention and commercial and administrative actions can serve as methods of deterrence" and that "seizure is possible only when there is the possibility of a crime such as incitement to commit a crime". La Repubblica does not report Mr. Mastella explaining in detail how a videogame could incite to commit a crime, nor the way in which respect of the right to freedom of expression, as enshrined in art. 21 of the Italian Constitution would be achieved. In the same article Mr. Giovanni Maria Pirroni, director of the IIMS, the Istituto Italiano di Medicina Sociale (Italian Institute of Social Medicine), is reported as saying that "inhibiting sales of videogames is not a guarantee, since any kind of content can be downloaded through the Internet". It is not clear whether this constitutes recognition of the difficulties that an Authority as proposed by Mr. Mastella would face, or rather a call for similar regulations to be applied to online as well as to offline transactions and sales. This Italian desire for more regulation in the field seems to be finding listening ears in the European Commission: Franco Frattini, Commissioner for Justice, Freedom and Security, has recently demanded that the European Union improve the protection of children against violent videogames. Mr. Frattini has been quoted as saying that during the meeting of justice ministers, scheduled for 5 December 2006, he would engage in "a first exchange of views on this issue with the objective of identifying a possible scope for complementary, national and European level activities [...] including issues such as awareness raising, the labelling of such games and the selling to minors." La Repubblica: Violent videogames in the government gun sight (only in Italian, 14.11.2006) http://www.repubblica.it/2006/11/sezioni/scuola_e_universita/servizi/videog… chi-violenti/videogiochi-violenti/videogiochi-violenti.html EU Justice Commissioner highlights dangers of video games glorifying violence (17.11.2006) http://www.heise.de/english/newsticker/news/81200 (Contribution by Andrea Glorioso, Italian consultant on digital policies) ============================================================ 7. Logging of IP addresses banned in Germany ============================================================ On 25 January 2006, the District Court of Darmstadt (Germany) ruled that the German ISP T-Online was legally banned from logging the session IP addresses it assigned to its customers. German law requires this data to be deleted upon termination of the connection as it is not needed for billing purposes. According to the judgement, security requirements do not justify the general logging of all users' IP addresses. The collection of such data is permitted only in reaction to specific incidents (faults or unlawful use) on a case by case basis. On 28 October 2006 The German Federal Court of Justice (Bundesgerichtshof) dismissed, on formal grounds, the appeal filed by T-Online. The District Court's ruling has thereby become legally binding between the parties of the dispute. The legal reasoning of the court applies more generally to all German ISPs and to all tariff models. A draft complaint for other Germans willing to sue their ISP was published on the internet. The German Federal Data Protection Commissioner Peter Schaar announced that he would take steps to enforce the ruling in relation to all customers. The plaintiff Holger Voss was prosecuted in 2003 for supposedly having endorsed the 9/11 bomb attacks in an Internet forum. Only in court room was it found that his remarks were clearly of a sarcastic nature. In consequence, Voss was acquitted. In order to trace Voss' forum post, the prosecutors had asked the forum provider Heise to hand over the poster's IP address. Voss' ISP T-Online then told the prosecutor whom the IP address had been assigned to. The T-Online case raised voices pointing out that German law also bans web site providers such as Heise, Amazon and Ebay from logging the IP addresses of their users. At present such logging is widespread, partly because US designed software (including open source software) does not take data protection requirements into account. Data protection expert Patrick Breyer called for a law mandating commercial software for sale in Europe to be provided with a standard configuration that conforms to European data protection requirements. Ruling of the District Court of Darmstadt on IP logging (in German only) http://www.olnhausen.com/law/olg/lgda-verbindungsdaten.html Draft complaint against log retention (in German only) http://www.daten-speicherung.de/wiki/index.php/Musterklage (Contribution by Patrick Breyer - Working Group on Data Retention - Germany) ============================================================ 8. Swiss Big Brother Awards 2006 ============================================================ On 16 November 2006, Sudhaus cultural centre of Bble hosted the Swiss Big Brother Awards ceremony of 2006 organised by Archives de l'Etat Fouineur Swiss and the EDRI-member Swiss Internet User Group SIUG. The jury deciding on the winners included 11 people from various institutions and organizations having acted against control and surveillance. The winners received concrete trophies, a certificate and were mentioned on the "Hall of Shame" list. The trophy for the category "State" was awarded to the Federal Council of Corpore represented by Christoph Blocher, the head of the Federal Department of Justice and Police for the application of internal security measures involving phone tapping, secret search of information systems and installation of secret microphones in apartments without concrete basis just under the cover of preventive investigations. The winner of the "Business" category was the insurance company Assurance CSS for having given their collaborators large access to their clients' data that included medical information and even HIV test results. Other candidates were companies such as Microsoft, Cablecom, Swisscom or Cridit Suisse as well as many sports clubs and associations and transport companies who survey their employees and clients. The "Working Place" category was won by the Dietikon branch of the Media-Markt chain where the employees were continuously under surveillance not only at their working place, but even in the rest rooms. The fourth award for the category "Activity" was received by Hans Wegmuller, director of SRS (Strategic Information Service), a department created 5 years ago which is actually the military Swiss Intelligence Service, a service that uses ONYX telecom mass surveillance devices. Besides the negative awards, a positive "Winkelried" award has been lately given during BBA ceremonies. This year, the Swiss awarded this to the Referendum Committee LMIS, made out of groups of sports fans and political groups that will launch a referendum in Spring against the introduction of an "anti-hooligan" law. Press Release Big Brother Awards 2006 (Only in French - 16.11.2006) http://www.bigbrotherawards.ch/2006/presse/pressemitteilungen/bba.pressemit… ilung.20061116.6f.txt ============================================================ 9. Italian postal codes are again freely accesible ============================================================ At the end of September 2006, after a reorganisation of the postal codes system (CAP), the Italian Post (Poste Italiane), now a private company, as well as the Italian Ministry of Communications have changed the way in which one could access the postal code online , limiting it to just one entry at a time, without the possibility to access the entire database. A multiple query could be made only by buying a proprietary software sold by Poste Italiane. According to the Italian laws, postal codes, together with telephone numbers, laws and normative acts are public data, but also in the public domain, and therefore should be publicly available without restrictions. Further more, the postal codes, as public information, are collected and gathered with public money and therefore Poste Italiane cannot consider itself as the owner of these data and should not condition the access to a proprietary software that runs only on a single operating system. Poste Italiane has put out for sale a CD costing 6.9 Euro that can be run only on Windows system. However, also free software was available for the same purpose, such as Trovocap, a program allowing the search of postal codes on Linux, Windows and McOS as well. Caprone, another free software available in Linux and Windows versions even allowed the arrangement of the postal codes in various formats. The Free Software Foundation Europe (FSFE) considered that public data should be universally available without discrimination and drafted an open letter addressed to the Ministry of Communications asking that the postal codes list should be available as before. In the meantime, with the assistance of the Italian FSDE team, it has rebuilt the codes list from the Poste Italiano site, through a crawler and has made it publicly available in a SQL format. The list is not entirely complete yet and those who intend to use it for professional purposes are advised of this risk. For whom the zip tolls ? (only in Italian, 20.11.2006) http://www.piana.eu/cms/index.php?option=com_content&task=view&id=24&Itemid… 4 The Italian ZIP codes freed (Only in Italian - 06.11.2006) http://www.italy.fsfeurope.org/it/projects/cap/ (Thanks to Stefano Maffulli - FSFE Italy) ============================================================ 10. FIPR report on children's databases - likely to harm rather than help ============================================================ The UK Information Commissioner has just published a report on the UK Government's plans to link up most of the public-sector databases that contain information on children. The report was written by experts from the Foundation for Information Policy Research (FIPR), who conclude that aggregating this data will be both unsafe and illegal. The report, 'Children's Databases: Safety and Privacy', analyses databases being built to collate information on children in education, youth justice, health, social work and elsewhere. Although linking the databases is supposed to safeguard children, the report's authors point out that extending Britain's child protection systems - from the 50,000 children at substantial risk of serious harm to the 3-4 million children with some health, education or other welfare issue - means that child protection will receive less attention. The project will also feed information into police systems that try to identify children likely to offend by scoring various risk factors (socioeconomic status, medical diagnoses such as hyperactivity, school conduct reports, and whether the child's father has been in prison). This carries a serious risk of stigmatising innocent children, and may also undermine children's and patents' trust in doctors, teachers and other professionals. The report's authors also conclude that the systems will intrude so much into privacy and family life that they will violate European data protection law and human rights law. Report "Children's Databases - Safety and Privacy" (22.11.2006) http://www.fipr.org/childrens_databases.pdf IT systems designed to protect kids will put them at risk instead (22.11.2006) http://www.fipr.org/press/061122kids.html (Contribution by Ross Anderson, EDRI-member FIPR, UK) ============================================================ 11. Support EDRI-gram ============================================================ European Digital Rights needs your help in upholding digital rights in the EU. Thanks to your last years donations EDRi is able to issue 24 editions of EDRi-gram in 2006. To continue with EDRi-gram in 2007 we again ask for your support. If you wish to help us promote digital rights, please consider making a private donation, or interest your organisation in sponsorship. We will gladly send you a confirmation for any amount above 250 euro. KBC Bank Auderghem-Centre, Chaussie de Wavre 1662, 1160 Bruxelles, Belgium Name: European Digital Rights Asbl Bank account nr.: 733-0215021-02 IBAN: BE32 7330 2150 2102 BIC: KREDBEBB ============================================================ 12. Agenda ============================================================ 22-24 November 2006, Barcelona, Spain UOC UNESCO Chair in eLearning Third International Seminar: Open Educational Resources: Institutional Challenges http://www.uoc.edu/web/eng/index.html 30 November - 1 December 2006, Berlin, Germany The New Surveillance - A critical analysis of research and methods in Surveillance Studies. A two day international Conference hosted at the Centre for Technology and Society of the Technical University Berlin. http://www.ztg.tu-berlin.de/surveillance 2 December 2006, London, United Kingdom Reclaiming Our Rights www.londonmet.ac.uk/reclaimingourrights 6 December 2006, Oxford, United Kingdom The Internet: Power and Governance in a Digitised World http://www.sant.ox.ac.uk/jcr/stair 11-12 December 2006, Paris, France LeWeb3: Third Les Blogs Conference http://www.leweb3.com/leweb3 14 December 2006, Madrid, Spain Conference on the Admissibility of Electronic Evidence in Court in Europe. The final event of the project Admissibility of the Electronic Evidence in Court in Europe (A.E.E.C.) funded by the European Commission and led by the Spanish company Cybex. http://www.cybex.es/AGIS2005/ 20 January 2007, Paris, France Big Brother Awards France http://bigbrotherawards.eu.org/ ============================================================ 13. About ============================================================ EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 25 members from 16 European countries. European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea <edrigram(a)edri.org> Information about EDRI and its members: http://www.edri.org/ - EDRI-gram subscription information subscribe by e-mail To: edri-news-request(a)edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request(a)edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/edrigram-mk.php - EDRI-gram in German EDRI-gram is also available in German, with delay. Translations are provided Andreas Krisch from the EDRI-member VIBE!AT - Austrian Association for Internet Users http://www.unwatched.org/ - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask <edrigram(a)edri.org> if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

1 0