July 2018 - cypherpunks-legacy

Re: [liberationtech] What I've learned from Cryptocat
by Dan Auerbach 06 Jul '18

06 Jul '18

Making an informed decision as a user or a developer when it comes to real-world tradeoffs between usability and security of course hinges upon your threat model. I think this is ultimately an empirical question -- we should be aiming to create a taxonomy of various actual tools packaged and sold by companies like FinFisher, beyond just the brochures. For example, Morgan and Citizen Lab did an excellent analysis recently of FinSpy (in case you missed it: http://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exp…) Expanding this research and getting an inside view into the industry will help everyone make non-speculative decisions about threat models. It's a difficult problem -- getting this inside view -- but it seems worthwhile. Is anyone working towards compiling such a list? And I'll just add that I agree with Moxie about recommending gchat over cryptocat for users in jurisdictions where Google is unlikely to hand over information to LE. However, even in this case it may not be so black and white. The FinSpy software mentioned above, for example, may intercept Google's chat traffic because it's a popular service, and may ignore cryptocat because it is relatively unknown. This isn't an argument that cryptocat v1 is a tenable long-term alternative, but just shows that it's very difficult to be maximally protect every single user when it comes to real-world recommendations. Finally, I'll just support the idea that usability is critical and the burden of making something usable should always be on the developer, never on the intelligence or know-how of the user. Although I agree cryptocat v1 has significantly more security issues than v2, I think the sacrifice in usability moving to v2 is significant and I'd hypothesize that installing an extension is much harder for people than visiting a website. Though, again, it's an empirical question that can be answered rigorously through user experience research. On 08/07/2012 08:02 AM, Maxim Kammerer wrote: > On Tue, Aug 7, 2012 at 4:21 AM, Moxie Marlinspike > <moxie(a)thoughtcrime.org> wrote: >> However, my position is that Google Chat is currently more secure than >> CryptoCat. To be more specific, if I were recommending a chat tool for >> activists to use, *particularly* outside of the United States, I would >> absolutely recommend that they use Google Chat instead of CryptoCat. >> Just as I would recommend that they use GMail instead HushMail. >> >> The security of CryptoCat v1 is reducible to the security of SSL, as >> well as to the security of the server infrastructure serving the page. >> Any attacker who can intercept SSL traffic can intercept a CryptoCat >> chat session, just as any attacker who can compromise the server (or the >> server operator themselves) can intercept a CryptoCat chat session. > Are you equating passive attacks with active attacks? If I understand > how CryptoCat works correctly, it is resistant against passive > interception attacks, whereas Google Chat stores cleartext on Google > servers, which are easily accessible to law enforcement. Active > attacks against SSL can be mitigated by pinning CryptoCat > certificates, so you are left with what, compromise of server > infrastructure? That requires LE jurisdiction where the servers are > located, domain expertise, and dealing with the risk that the > compromise is detected. All that vs. Google servers, which, if I > remember right, provide a friendly interface to user accounts once > served with a simple wiretapping order (and as has been already > mentioned, Google is a multinational corporation, subject to a > multitude of jurisdictions, and is known to bend over for whoever is > in charge). > _______________________________________________ liberationtech mailing list liberationtech(a)lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

RE: Bell trial schedule
by Gordon Jeff TIGTA 06 Jul '18

06 Jul '18

I asked Robb about the transcript - he says that per Rule 6 we can't give it to you. You would need to file a motion with the US District Court, and the Judge would have to order them released to you. Robb thinks that Judge Pechman was the Judge responsible for your grand jury. You can get more court info at http://www.wawd.uscourts.gov/ Jeff -----Original Message----- From: John Young [mailto:jya@pipeline.com] Sent: Friday, March 09, 2001 7:15 AM To: Gordon Jeff TIGTA Subject: Re: Bell trial schedule Jeff, Thanks for the information. Could you find out if I can buy a transcript of my grand jury testimony before the trial? Robb London has not answered my three inquiries. The court reporters office told me it can be released only with Robb's approval. John

1 0

Bell trial postponed 1 day
by Gordon Jeff TIGTA 06 Jul '18

06 Jul '18

: : John The Judge has decided he will not actually start Bell's trial until Tuesday, 4/3 - everyone's testimony will be delayed 1 day - So you will need to be at the Federal courthouse in Tacoma by Wed, 4/4 at 9:00am, and you should be done no later than Thursday afternoon If you want to be reimbursed for your expenses, you will need to make travel arrangements through the US Attorney's office, Dru Mercer, (206) 553-7970 Jeff --- And an older message:

1 0

RE: Bell trial schedule
by Gordon Jeff TIGTA 06 Jul '18

06 Jul '18

I asked Robb about the transcript - he says that per Rule 6 we can't give it to you. You would need to file a motion with the US District Court, and the Judge would have to order them released to you. Robb thinks that Judge Pechman was the Judge responsible for your grand jury. You can get more court info at http://www.wawd.uscourts.gov/ Jeff -----Original Message----- From: John Young [mailto:jya@pipeline.com] Sent: Friday, March 09, 2001 7:15 AM To: Gordon Jeff TIGTA Subject: Re: Bell trial schedule Jeff, Thanks for the information. Could you find out if I can buy a transcript of my grand jury testimony before the trial? Robb London has not answered my three inquiries. The court reporters office told me it can be released only with Robb's approval. John

1 0

Bell trial postponed 1 day
by Gordon Jeff TIGTA 06 Jul '18

06 Jul '18

: : John The Judge has decided he will not actually start Bell's trial until Tuesday, 4/3 - everyone's testimony will be delayed 1 day - So you will need to be at the Federal courthouse in Tacoma by Wed, 4/4 at 9:00am, and you should be done no later than Thursday afternoon If you want to be reimbursed for your expenses, you will need to make travel arrangements through the US Attorney's office, Dru Mercer, (206) 553-7970 Jeff --- And an older message:

1 0

SDMI announcement
by sacraver＠ivy.ee.princeton.edu 06 Jul '18

06 Jul '18

Hello, If you read Salon or Slashdot, you may have already read of this. Our research group, comprising of crypto-folk from Princeton U, Rice U and Xerox have issued a press release and faq (http://www.cs.princeton.edu/sip/sdmi/) detailing comprehensive success in the 1st round of the SDMI challenge. Basically, we got positive results from the oracles for all four watermarking technologies. These oracles would yield a positive result if music submitted to it was modified enough that a watermark could not be detected, and if quality was good enough relative to 64Kbps MP3 compression. We dont know how they measured quality. But we passed all four oracles, and repeated our results as much as we could before the challenge deadline was over. A full technical writeup is coming soon, as we plan on sharing all our findings with the cryptographic and steganographic community. This is part of the reason we are not participating in the second phase: we are not interested in the prize money, and at this point the challenge is more like a contest, providing no real value to us from a scientific perspective. Further participation may also restrict our ability to publish our results---to be eligible for the prize, it appears one must sign a form transferring intellectual property rights to the analysis. Finally, if you are also a research team who has received positive results from SDMI oracles, wed love to hear about it. We are making a list of links to others who have received positive results in the first round. Keep in mind that if youre going after the money, you might become ineligible if you publicize these details. -Scott Heres the official statement, as found at the URL: --------------------------------------------------------------- Statement Regarding the SDMI Challenge The Secure Digital Music Initiative (SDMI) is developing a comprehensive system to prevent music piracy. Central to this system is watermarking, in which an inaudible message is hidden in music to provide copyright information to devices like MP3 players and recorders. Devices may then refuse to make copies of pieces of music, depending on the meaning of the watermark contained therein. In September 2000, SDMI issued a public challenge to help them choose among four proposed watermarking technologies. During the three-week challenge, researchers could download samples of watermarked music, and were invited to attempt to remove the secret copyright watermarks. During the challenge period, our team of researchers, from Princeton University, Rice University, and Xerox, successfully defeated all four of the watermarking challenges, by rendering the watermarks undetectable without significantly degrading the audio quality of the samples. Our success on these challenges was confirmed by SDMIs email server. We are currently preparing a technical report describing our findings regarding the four watermarking challenges, and the two other miscellaneous challenges, in more detail. The technical report will be available some time in November. This statement, a Frequently Asked Questions document, the full technical report (when it is ready), and other related information can be found on the Web at http://www.cs.princeton.edu/sip/sdmi. For more information, please contact Edward Felten at (609) 258-5906 or felten0x40cs0x2Eprinceton0x2Eedu. Editors note: replace 0x40 with @ and 0x2E with . ---------------------------------------------------------------- Scott Craver, Patrick McGregor, Min Wu, Bede Liu Dept. of Electrical Engineering, Princeton University Adam Stubblefield, Ben Swartzlander, Dan S. Wallach Dept. of Computer Science, Rice University Drew Dean Computer Science Laboratory, Xerox Palo Alto Research Center Edward W. Felten Dept. of Computer Science, Princeton University

1 0

CRYPTO-GRAM, April 15, 2009
by Bruce Schneier 06 Jul '18

06 Jul '18

CRYPTO-GRAM April 15, 2009 by Bruce Schneier Chief Security Technology Officer, BT schneier(a)schneier.com http://www.schneier.com A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. For back issues, or to subscribe, visit <http://www.schneier.com/crypto-gram.html>. You can read this issue on the web at <http://www.schneier.com/crypto-gram-0904.html>. These same essays appear in the "Schneier on Security" blog: <http://www.schneier.com/blog>. An RSS feed is available. ** *** ***** ******* *********** ************* In this issue: Fourth Annual Movie-Plot Threat Contest Who Should be in Charge of U.S. Cybersecurity? News Privacy and the Fourth Amendment Schneier News The Definition of "Weapon of Mass Destruction" Stealing Commodities Comments from Readers ** *** ***** ******* *********** ************* Fourth Annual Movie-Plot Threat Contest Let's face it, the War on Terror is a tired brand. There just isn't enough action out there to scare people. If this keeps up, people will forget to be scared. And then both the terrorists and the terror-industrial complex lose. We can't have that. We're going to help revive the fear. There's plenty to be scared about, if only people would just think about it in the right way. In this Fourth Movie-Plot Threat Contest, the object is to find an existing event somewhere in the industrialized world -- Third World events are just too easy -- and provide a conspiracy theory to explain how the terrorists were really responsible. The goal here is to be outlandish but plausible, ridiculous but possible, and -- if it were only true -- terrifying. Entries should be formatted as a news story, and are limited to 150 words (I'm going to check this time) because fear needs to be instilled in a population with short attention spans. Submit your entry, by the end of the month, in comments to the blog post. Submit your entry here: http://www.schneier.com/blog/archives/2009/04/fourth_annual_m.html An example from The Onion: http://www.theonion.com/content/cartoon/feb-23-2009 The First Movie-Plot Threat Contest: http://www.schneier.com/blog/archives/2006/04/announcing_movi.html http://www.schneier.com/blog/archives/2006/06/movieplot_threa_1.html The Second Movie-Plot Threat Contest: http://www.schneier.com/blog/archives/2007/04/announcing_seco.html http://www.schneier.com/blog/archives/2007/06/second_annual_m.html http://www.schneier.com/blog/archives/2007/06/second_movieplo.html The Third Movie-Plot Threat Contest: http://www.schneier.com/blog/archives/2008/04/third_annual_mo.html http://www.schneier.com/blog/archives/2008/05/third_annual_mo_2.html http://www.schneier.com/blog/archives/2008/05/third_annual_mo_1.html ** *** ***** ******* *********** ************* Who Should be in Charge of U.S. Cybersecurity? U.S. government cybersecurity is an insecure mess, and fixing it is going to take considerable attention and resources. Trying to make sense of this, President Barack Obama ordered a 60-day review of government cybersecurity initiatives. Meanwhile, the U.S. House Subcommittee on Emerging Threats, Cybersecurity, Science and Technology is holding hearings on the same topic. One of the areas of contention is who should be in charge. The FBI, DHS and DoD -- specifically, the NSA -- all have interests here. Earlier this month, Rod Beckstrom resigned from his position as director of the DHS's National Cybersecurity Center, warning of a power grab by the NSA. Putting national cybersecurity in the hands of the NSA is an incredibly bad idea. An entire parade of people, ranging from former FBI director Louis Freeh to Microsoft's Trusted Computing Group Vice President and former Justice Department computer crime chief Scott Charney, have told Congress the same thing at this month's hearings. Cybersecurity isn't a military problem, or even a government problem -- it's a universal problem. All networks, military, government, civilian and commercial, use the same computers, the same networking hardware, the same Internet protocols and the same software packages. We all are the targets of the same attack tools and tactics. It's not even that government targets are somehow more important; these days, most of our nation's critical IT infrastructure is in commercial hands. Government-sponsored Chinese hackers go after both military and civilian targets. Some have said that the NSA should be in charge because it has specialized knowledge. Earlier this month, Director of National Intelligence Admiral Dennis Blair made this point, saying "There are some wizards out there at Ft. Meade who can do stuff." That's probably not true, but if it is, we'd better get them out of Ft. Meade as soon as possible -- they're doing the nation little good where they are now. Not that government cybersecurity failings require any specialized wizardry to fix. GAO reports indicate that government problems include insufficient access controls, a lack of encryption where necessary, poor network management, failure to install patches, inadequate audit procedures, and incomplete or ineffective information security programs. These aren't super-secret NSA-level security issues; these are the same managerial problems that every corporate CIO wrestles with. We've all got the same problems, so solutions must be shared. If the government has any clever ideas to solve its cybersecurity problems, certainly a lot of us could benefit from those solutions. If it has an idea for improving network security, it should tell everyone. The best thing the government can do for cybersecurity world-wide is to use its buying power to improve the security of the IT products everyone uses. If it imposes significant security requirements on its IT vendors, those vendors will modify their products to meet those requirements. And those same products, now with improved security, will become available to all of us as the new standard. Moreover, the NSA's dual mission of providing security and conducting surveillance means it has an inherent conflict of interest in cybersecurity. Inside the NSA, this is called the "equities issue." During the Cold War, it was easy; the NSA used its expertise to protect American military information and communications, and eavesdropped on Soviet information and communications. But what happens when both the good guys the NSA wants to protect, and the bad guys the NSA wants to eavesdrop on, use the same systems? They all use Microsoft Windows, Oracle databases, Internet email, and Skype. When the NSA finds a vulnerability in one of those systems, does it alert the manufacturer and fix it -- making both the good guys and the bad guys more secure? Or does it keep quiet about the vulnerability and not tell anyone -- making it easier to spy on the bad guys but also keeping the good guys insecure? Programs like the NSA's warrantless wiretapping program have created additional vulnerabilities in our domestic telephone networks. Testifying before Congress earlier this month, former DHS National Cyber Security division head Amit Yoran said "the intelligence community has always and will always prioritize its own collection efforts over the defensive and protection mission of our government's and nation's digital systems." Maybe the NSA could convince us that it's putting cybersecurity first, but its culture of secrecy will mean that any decisions it makes will be suspect. Under current law, extended by the Bush administration's extravagant invocation of the "state secrets" privilege when charged with statutory and constitutional violations, the NSA's activities are not subject to any meaningful public oversight. And the NSA's tradition of military secrecy makes it harder for it to coordinate with other government IT departments, most of which don't have clearances, let alone coordinate with local law enforcement or the commercial sector. We need transparent and accountable government processes, using commercial security products. We need government cybersecurity programs that improve security for everyone. The NSA certainly has an advisory and a coordination role in national cybersecurity, and perhaps a more supervisory role in DoD cybersecurity -- both offensive and defensive -- but it should not be in charge. A copy of this essay, with all embedded links, is here: http://www.schneier.com/blog/archives/2009/04/who_should_be_i.html A version of this essay appeared on The Wall Street Journal website. http://online.wsj.com/article/SB123844579753370907.html ** *** ***** ******* *********** ************* News Privacy in Google Latitude: good news. http://blog.wired.com/business/2009/03/googles-latitud.html Leaving infants in the car. It happens, and sometimes they die. http://www.schneier.com/blog/archives/2009/03/leaving_infants.html Interesting piece of cryptographic history: a cipher designed by Robert Patterson and sent to Thomas Jefferson in 1801. http://www.schneier.com/blog/archives/2009/03/1801_cipher_sol.html The Bayer company is refusing to talk about a fatal accident at a West Virginia plant, citing a 2002 terrorism law. http://pubs.acs.org/cen/news/87/i11/8711news6.html The meeting has been rescheduled. No word on how forthcoming Bayer will be. http://www.csb.gov/index.cfm?folder=news_releases&page=news&NEWS_ID=461 or http://tinyurl.com/cckma9 Research on fingerprinting paper: http://www.freedom-to-tinker.com/blog/felten/fingerprinting-blank-paper-usi… or http://tinyurl.com/djvdkz http://citp.princeton.edu/pub/paper09oak.pdf Blowfish on the television series 24, again: http://www.schneier.com/blog/archives/2009/03/blowfish_on_24_1.html Interesting analysis of why people steal rare books. http://www.ft.com/cms/s/2/d41a83d6-09dc-11de-add8-0000779fd2ac.html Last month, I linked to a catalog of NSA video courses from 1991. Here's an update, with new information (the FOIA redactions were appealed). http://www.governmentattic.org/2docs/NSA_TV_Center_Catalog_1991-Update.pdf or http://tinyurl.com/d2ds68 You just can't make this stuff up: a UK bomb squad is called in because someone saw a plastic replica of the Holy Hand Grenade of Antioch, from the movie Monty Python and the Holy Grail. http://www.schneier.com/blog/archives/2009/03/holy_hand_grena.html Interesting research in explosives detection. http://www.aip.org/press_release/detecting_explosives.html A Psychology Today article on fear and the availability heuristic: http://blogs.psychologytoday.com/blog/the-narcissus-in-all-us/200903/mass-m… or http://tinyurl.com/c8mkzm >From Kentucky: I think this is the first documented case of election fraud in the U.S. using electronic voting machines (there have been lots of documented cases of errors and voting problems, but this one involves actual maliciousness). Lots of details; well worth reading. http://www.schneier.com/blog/archives/2009/03/election_fraud.html Sniffing keyboard keystrokes with a laser: http://news.zdnet.com/2100-9595_22-280184.html Where you stand matters in surviving a suicide bombing. http://www.sciencedaily.com/releases/2009/03/090323161125.htm Presumably they also discovered where the attacker should stand to be as lethal as possible, but there's no indication they published those results. An impressive solar plasma movie-plot threat. http://www.newscientist.com/article/mg20127001.300-space-storm-alert-90-sec… or http://tinyurl.com/c3xphd Security fears drive Iran to Linux: http://www.theage.com.au/articles/2004/09/21/1095651288238.html A gorilla detector, from Muppet Labs. http://www.youtube.com/watch?v=4QrelL9fOjY Bob Blakley makes an interesting point about what he calls "the zone of essential risk": "if you conduct medium-sized transactions rarely, you're in trouble. The transactions are big enough so that you care about losses, you don't have enough transaction volume to amortize those losses, and the cost of insurance or escrow is high enough compared to the value of your transactions that it doesn't make economic sense to protect yourself." http://notabob.blogspot.com/2009/03/zone-of-essential-risk.html Massive Chinese espionage network discovered: http://www.schneier.com/blog/archives/2009/03/massive_chinese.html Thefts at the Museum of Bad Art: http://en.wikipedia.org/wiki/Museum_Of_Bad_Art Be sure to notice the camera: http://en.wikipedia.org/wiki/File:MOBAcamera.JPG Here's a story about a very expensive series of false positives. The German police spent years and millions of dollars tracking a mysterious killer whose DNA had been found at the scenes of six murders. Finally they realized they were tracking a worker at the factory that assembled the prepackaged swabs used for DNA testing. http://scienceblogs.com/authority/2009/03/the_phantom_of_heilbronn_and_n.php or http://tinyurl.com/d5cwww This story could be used as justification for a massive DNA database. After all, if that factory worker had his or her DNA in the database, the police would have quickly realized what the problem was. Identifying people using anonymous social networking data: http://www.schneier.com/blog/archives/2009/04/identifying_peo.html What to fear: a great rundown of the statistics. http://www.counterpunch.org/goekler03242009.html Crypto puzzle and NSA problem: http://www.cryptosmith.com/archives/565 Clever social networking identity theft scams: http://www.schneier.com/blog/archives/2009/04/social_networki.html Police powers and the UK government in the 1980s: http://www.schneier.com/blog/archives/2009/04/police_powers_a.html Research into preserving P2P privacy: http://www.physorg.com/news158419063.html Fact-free article about foreign companies hacking the U.S. power grid suggests we panic. My guess is that it was deliberately planted by someone looking for leverage in the upcoming budget battle. http://www.schneier.com/blog/archives/2009/04/us_power_grid_h.html Here's a tip: when walking around in public with secret government documents, put them in an envelope. Don't carry them in the open where people can read (and photograph) them. http://www.schneier.com/blog/archives/2009/04/how_not_to_carr.html Details of the arrests made in haste after the above disclosure: http://www.timesonline.co.uk/tol/news/uk/article6078397.ece It is a measure of our restored sanity that no one has called the TSA about Tweenbots: http://www.tweenbots.com/ How to write a scary cyberterrorism story. From Foreign Affairs, no less. http://neteffect.foreignpolicy.com/posts/2009/04/11/writing_the_scariest_ar… ** *** ***** ******* *********** ************* Privacy and the Fourth Amendment In the United States, the concept of "expectation of privacy" matters because it's the constitutional test, based on the Fourth Amendment, that governs when and how the government can invade your privacy. Based on the 1967 Katz v. United States Supreme Court decision, this test actually has two parts. First, the government's action can't contravene an individual's subjective expectation of privacy; and second, that expectation of privacy must be one that society in general recognizes as reasonable. That second part isn't based on anything like polling data; it is more of a normative idea of what level of privacy people should be allowed to expect, given the competing importance of personal privacy on one hand and the government's interest in public safety on the other. The problem is, in today's information society, that definition test will rapidly leave us with no privacy at all. In Katz, the Court ruled that the police could not eavesdrop on a phone call without a warrant: Katz expected his phone conversations to be private and this expectation resulted from a reasonable balance between personal privacy and societal security. Given NSA's large-scale warrantless eavesdropping, and the previous administration's continual insistence that it was necessary to keep America safe from terrorism, is it still reasonable to expect that our phone conversations are private? Between the NSA's massive internet eavesdropping program and Gmail's content-dependent advertising, does anyone actually expect their e-mail to be private? Between calls for ISPs to retain user data and companies serving content-dependent web ads, does anyone expect their web browsing to be private? Between the various computer-infecting malware, and world governments increasingly demanding to see laptop data at borders, hard drives are barely private. I certainly don't believe that my SMSs, any of my telephone data, or anything I say on LiveJournal or Facebook -- regardless of the privacy settings -- is private. Aerial surveillance, data mining, automatic face recognition, terahertz radar that can "see" through walls, wholesale surveillance, brain scans, RFID, "life recorders" that save everything: Even if society still has some small expectation of digital privacy, that will change as these and other technologies become ubiquitous. In short, the problem with a normative expectation of privacy is that it changes with perceived threats, technology and large-scale abuses. Clearly, something has to change if we are to be left with any privacy at all. Three legal scholars have written law review articles that wrestle with the problems of applying the Fourth Amendment to cyberspace and to our computer-mediated world in general. George Washington University's Daniel Solove, who blogs at Concurring Opinions, has tried to capture the Byzantine complexities of modern privacy. He points out, for example, that the following privacy violations -- all real -- are very different: A company markets a list of 5 million elderly incontinent women; reporters deceitfully gain entry to a person's home and secretly photograph and record the person; the government uses a thermal sensor device to detect heat patterns in a person's home; and a newspaper reports the name of a rape victim. Going beyond simple definitions such as the divulging of a secret, Solove has developed a taxonomy of privacy, and the harms that result from their violation. His 16 categories are: surveillance, interrogation, aggregation, identification, insecurity, secondary use, exclusion, breach of confidentiality, disclosure, exposure, increased accessibility, blackmail, appropriation, distortion, intrusion and decisional interference. Solove's goal is to provide a coherent and comprehensive understanding of what is traditionally an elusive and hard-to-explain concept: privacy violations. (This taxonomy is also discussed in Solove's book, Understanding Privacy.) Orin Kerr, also a law professor at George Washington University, and a blogger at Volokh Conspiracy, has attempted to lay out general principles for applying the Fourth Amendment to the internet. First, he points out that the traditional inside/outside distinction -- the police can watch you in a public place without a warrant, but not in your home -- doesn't work very well with regard to cyberspace. Instead, he proposes a distinction between content and non-content information: the body of an e-mail versus the header information, for example. The police should be required to get a warrant for the former, but not for the latter. Second, he proposes that search warrants should be written for particular individuals and not for particular internet accounts. Meanwhile, Jed Rubenfeld of Yale Law School has tried to reinterpret the Fourth Amendment not in terms of privacy, but in terms of security. Pointing out that the whole "expectations" test is circular -- what the government does affects what the government can do -- he redefines everything in terms of security: the security that our private affairs are private. This security is violated when, for example, the government makes widespread use of informants, or engages in widespread eavesdropping -- even if no one's privacy is actually violated. This neatly bypasses the whole individual privacy versus societal security question -- a balancing that the individual usually loses -- by framing both sides in terms of personal security. I have issues with all of these articles. Solove's taxonomy is excellent, but the sense of outrage that accompanies a privacy violation -- "How could they know/do/say that!?" -- is an important part of the harm resulting from a privacy violation. The non-content information that Kerr believes should be collectible without a warrant can be very private and personal: URLs can be very personal, and it's possible to figure out browsed content just from the size of encrypted SSL traffic. Also, the ease with which the government can collect all of it -- the calling and called party of every phone call in the country -- makes the balance very different. I believe these need to be protected with a warrant requirement. Rubenfeld's reframing is interesting, but the devil is in the details. Reframing privacy in terms of security still results in a balancing of competing rights. I'd rather take the approach of stating the -- obvious to me -- individual and societal value of privacy, and giving privacy its rightful place as a fundamental human right. (There's additional commentary on Rubenfeld's thesis at ArsTechnica.) The trick here is to realize that a normative definition of the expectation of privacy doesn't need to depend on threats or technology, but rather on what we -- as society -- decide it should be. Sure, today's technology make it easier than ever to violate privacy. But it doesn't necessarily follow that we have to violate privacy. Today's guns make it easier than ever to shoot virtually anyone for any reason. That doesn't mean our laws have to change. No one knows how this will shake out legally. These three articles are from law professors; they're not judicial opinions. But clearly something has to change, and ideas like these may someday form the basis of new Supreme Court decisions that brings legal notions of privacy into the 21st century. A copy of this essay, with all embedded links, is here: http://www.schneier.com/blog/archives/2009/03/privacy_and_the_1.html This essay originally appeared on Wired.com. http://www.wired.com/politics/security/commentary/securitymatters/2009/03/s… or http://tinyurl.com/dh3xg5 ** *** ***** ******* *********** ************* Schneier News I was interviewed on Federal News Radio about insider threats: http://www.federalnewsradio.com/index.php?nid=56&sid=1632741 I'm speaking at the Taiwan Information Security Center on April 17 in Taipei: http://forum.twisc.ncku.edu.tw/dm.html I'll be on the Cryptographers' Panel at the RSA Conference on April 21 in San Francisco: http://www.rsaconference.com/2009/US/Home.aspx I'll be the keynote speaker at the IPSI Research Symposium on May 6 in Toronto: http://www.ipsi.utoronto.ca/events/IPSI_Research_Symposium_2009.htm I'm speaking at the International Workshop on Coding and Cryptography on May 12 in Lofthus, Norway: http://www.selmer.uib.no/WCC2009/callWCC2009.pdf I'm giving the keynote speech on Day 2 of the European OWASP Application Security Conference, May 14 in Krakow, Poland: http://www.owasp.org/index.php/AppSecEU09 And I'm giving the keynote speech at CONfidence on May 15 in Krakow, Poland: http://2009.confidence.org.pl/ ** *** ***** ******* *********** ************* The Definition of "Weapon of Mass Destruction" At least, according to U.S. law: 18 U.S.C. 2332a (2) the term "weapon of mass destruction" means -- (A) any destructive device as defined in section 921 of this title; (B) any weapon that is designed or intended to cause death or serious bodily injury through the release, dissemination, or impact of toxic or poisonous chemicals, or their precursors; (C) any weapon involving a biological agent, toxin, or vector (as those terms are defined in section 178 of this title); or (D) any weapon that is designed to release radiation or radioactivity at a level dangerous to human life; 18 U.S.C. 921 (4) The term "destructive device" means-- (A) any explosive, incendiary, or poison gas-- (i) bomb, (ii) grenade, (iii) rocket having a propellant charge of more than four ounces, (iv) missile having an explosive or incendiary charge of more than one-quarter ounce, (v) mine, or (vi) device similar to any of the devices described in the preceding clauses; (B) any type of weapon (other than a shotgun or a shotgun shell which the Attorney General finds is generally recognized as particularly suitable for sporting purposes) by whatever name known which will, or which may be readily converted to, expel a projectile by the action of an explosive or other propellant, and which has any barrel with a bore of more than one-half inch in diameter; and (C) any combination of parts either designed or intended for use in converting any device into any destructive device described in subparagraph (A) or (B) and from which a destructive device may be readily assembled. The term "destructive device" shall not include any device which is neither designed nor redesigned for use as a weapon; any device, although originally designed for use as a weapon, which is redesigned for use as a signaling, pyrotechnic, line throwing, safety, or similar device; surplus ordnance sold, loaned, or given by the Secretary of the Army pursuant to the provisions of section 4684 (2), 4685, or 4686 of title 10; or any other device which the Attorney General finds is not likely to be used as a weapon, is an antique, or is a rifle which the owner intends to use solely for sporting, recreational or cultural purposes. This is a very broad definition, and one that involves the intention of the weapon's creator as well as the details of the weapon itself. In an e-mail, Ohio State University Professor John Mueller commented to me: "As I understand it, not only is a grenade a weapon of mass destruction, but so is a maliciously-designed child's rocket even if it doesn't have a warhead. On the other hand, although a missile-propelled firecracker would be considered a weapon of mass destruction if its designers had wanted to think of it as a weapon, it would not be so considered if it had previously been designed for use as a weapon and then redesigned for pyrotechnic use or if it was surplus and had been sold, loaned, or given to you (under certain circumstances) by the Secretary of the Army. "It also means that we are coming up on the 25th anniversary of the Reagan administration's long-misnamed WMD-for-Hostages deal with Iran. "Bad news for you, though. You'll have to amend that line you like using in your presentations about how all WMD in all of history have killed fewer people than OIF (or whatever), since all artillery, and virtually every muzzle-loading military long arm for that matter, legally qualifies as an WMD. It does make the bombardment of Ft. Sumter all the more sinister. To say nothing of the revelation that The Star Spangled Banner is in fact an account of a WMD attack on American shores." Amusing, to be sure, but there's something important going on. The U.S. government has passed specific laws about "weapons of mass destruction," because they're particularly scary and damaging. But by generalizing the definition of WMDs, those who write the laws greatly broaden their applicability. And I have to wonder how many of those who vote in favor of the laws realize how general they really are, or -- if they do know -- vote for them anyway because they can't be seen to be "soft" on WMDs. It reminds me of those provisions of the USA PATRIOT Act -- and other laws -- that created police powers to be used for "terrorism and other crimes." Prosecutions based on this unreasonable definition: http://www.ph2dot1.com/2008/04/wmd-arent-what-they-used-to-be.html ** *** ***** ******* *********** ************* Stealing Commodities Before his arrest, Tom Berge stole lead roof tiles from several buildings in south-east England, including the Honeywood Museum in Carshalton, the Croydon parish church, and the Sutton high school for girls. He then sold those tiles to scrap metal dealers. As a security expert, I find this story interesting for two reasons. First, amongst increasingly ridiculous attempts to ban, or at least censor, Google Earth, lest it help the terrorists, here is an actual crime that relied on the service: Berge needed Google Earth for reconnaissance. But more interesting is the discrepancy between the value of the lead tiles to the original owner and to the thief. The Sutton school had to spend #10,000 to buy new lead tiles; the Croydon Church had to repair extensive water damage after the theft. But Berge only received #700 a ton from London scrap metal dealers. This isn't an isolated story; the same dynamic is in play with other commodities as well. There is an epidemic of copper wiring thefts worldwide; copper is being stolen out of telephone and power stations--and off poles in the streets--and thieves have killed themselves because they didn't understand the dangers of high voltage. Homeowners are returning from holiday to find the copper pipes stolen from their houses. In 2001, scrap copper was worth 70 cents per pound. In April 2008, it was worth $4. Gasoline siphoning became more common as pump prices rose. And used restaurant grease, formerly either given away or sold for pennies to farmers, is being stolen from restaurant parking lots and turned into biofuels. Newspapers and other recyclables are stolen from curbs, and trees are stolen and resold as Christmas trees. Iron fences have been stolen from buildings and houses, manhole covers have been stolen from the middle of streets, and aluminum guard rails have been stolen from roadways. Steel is being stolen for scrap, too. In 2004 in Ukraine, thieves stole an entire steel bridge. These crimes are particularly expensive to society because the replacement cost is much higher than the thief's profit. A manhole cover is worth $5-$10 as scrap, but it costs $500 to replace, including labor. A thief may take $20 worth of copper from a construction site, but do $10,000 in damage in the process. And even if the thieves don't get to the copper or steel, the increased threat means more money being spent on security to protect those commodities in the first place. Security can be viewed as a tax on the honest, and these thefts demonstrate that our taxes are going up. And unlike many taxes, we don't benefit from their collection. The cost to society of retrofitting manhole covers with locks, or replacing them with less resalable alternatives, is high; but there is no benefit other than reducing theft. These crimes are a harbinger of the future: evolutionary pressure on our society, if you will. Criminals are often referred to as social parasites; they leech off society but provide no useful benefit. But they are an early warning system of societal changes. Unfettered by laws or moral restrictions, they can be the first to respond to changes that the rest of society will be slower to pick up on. In fact, currently there's a reprieve. Scrap metal prices are all down from last year's--copper is currently $1.62 per pound, and lead is half what Berge got--and thefts are down along with them. We've designed much of our infrastructure around the assumptions that commodities are cheap and theft is rare. We don't protect transmission lines, manhole covers, iron fences, or lead flashing on roofs. But if commodity prices really are headed for new higher stable points, society will eventually react and find alternatives for these items--or find ways to protect them. Criminals were the first to point this out, and will continue to exploit the system until it restabilizes. A copy of this essay, with all embedded links, is here: http://www.schneier.com/blog/archives/2009/04/stealing_commod.html A version of this essay originally appeared in The Guardian. http://www.guardian.co.uk/technology/2009/apr/02/google-earth-censorship-cr… or http://tinyurl.com/coo59n ** *** ***** ******* *********** ************* Comments from Readers There are hundreds of comments -- many of them interesting -- on these topics on my blog. Search for the story you want to comment on, and join in. http://www.schneier.com/blog ** *** ***** ******* *********** ************* Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. You can subscribe, unsubscribe, or change your address on the Web at <http://www.schneier.com/crypto-gram.html>. Back issues are also available at that URL. Please feel free to forward CRYPTO-GRAM, in whole or in part, to colleagues and friends who will find it valuable. Permission is also granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety. CRYPTO-GRAM is written by Bruce Schneier. Schneier is the author of the best sellers "Schneier on Security," "Beyond Fear," "Secrets and Lies," and "Applied Cryptography," and an inventor of the Blowfish, Twofish, Phelix, and Skein algorithms. He is the Chief Security Technology Officer of BT BCSG, and is on the Board of Directors of the Electronic Privacy Information Center (EPIC). He is a frequent writer and lecturer on security topics. See <http://www.schneier.com>. Crypto-Gram is a personal newsletter. Opinions expressed are not necessarily those of BT. Copyright (c) 2009 by Bruce Schneier. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

What Brought on the French Revolution?
by Mises Daily Article 06 Jul '18

06 Jul '18

<http://www.mises.org/fullstory.asp?control=1489>http://www.mises.org/fullstory.asp?control=1489 What Brought on the French Revolution? By H.A. Scott Trask [Posted April 9, 2004] No matter how much the American economy grows during the next decade, the government will have serious trouble funding expanding entitlements, increased education spending, and ongoing wars in the Middle East, while maintaining a global military constabulary and presence everywhere. Something has to give. No matter how one crunches the numbers, a crisis is looming, and Americans are bound to see their standard of living fall and their global empire collapse. It has happened before. Consider that seminal and catastrophic event that inaugurated the era of mass politics, bureaucratic centralism, and the ideological statethe French Revolution. It is a large and complex event worthy of a Gibbon, but it may not have happened at all if the French monarchy had balanced its budget. While the causes of the Revolution are many, the cause of the crisis that brought on the Revolution is not. It was a fiscal and credit crisis that weakened the authority and confidence of the monarchy so much that it thought it had to convene a defunct political assembly before it had safely carried out a successful program of liberal constitutional and free market reform. It would be as if the American federal government called a constitutional convention with an open agenda and hoped that all would go smoothly. The Estates General lasted only a little over a month before the leaders of the Third Estate (the bourgeoisie, artisans, and peasantry) transformed it into a National Assembly and took political power from the monarchy. The Revolution was on. Revisionist historians have challenged the standard interpretation of pre-revolutionary France as a country with a stagnant economy, an oppressed peasantry, a shackled bourgeoisie, and an archaic political structure. In Citizens (1989), Simon Schama describes France under Louis XVI as a rapidly modernizing nation with entrepreneurial nobles, a reform-minded monarchy, nascent industrialization, growing commerce, scientific progress, and energetic intendants (royal administrators in the provinces). Moreover, Montesquieu was in vogue; the English mixed constitution was the cynosure of political reform, and the economic philosophy of physiocracy, with its belief in economic law and advocacy of laissez faire, had discredited the dogmas of state mercantilism. Turgot argued perceptively that another war with England would derail his reform program, bankrupt the state, and, even if successful, do little to weaken British power. In 1774, Louis XVI appointed Jacques Turgot, a Physiocrat, to be Controller-General of Finances. Turgot believed that subsidies, regulations, and tariffs were crippling productivity and enterprise in France. End them, he advised the king, and business would thrive and state revenues increase. He proposed an ambitious reform program that included taking down internal custom barriers, lifting price controls on grain, abolishing the guilds and the corvee (forced labor service), and devolving political power to newly created provincial assemblies (two of which he established). Turgot envisioned a federated France, with a chain of elected bodies extending from the village through the provinces to some form of national assembly. Not surprisingly, there was both aristocratic and popular opposition to these reforms, but what really doomed them was Turgot's inveterate opposition to French intervention in the American War of Independence. Many were still stewing over the humiliating and catastrophic defeat suffered by France in the Seven Years' War (17561763). The country had lost her North American possessions (Quebec, Louisiana) and all of French India, except two trading stations. The foreign minister (Vergennes) calculated that by helping the Americans gain their independence they could weaken the British Empire, gain revenge, and restore France's previous position as one of the world's two superpowers. Turgot argued perceptively that another war with England would derail his reform program, bankrupt the state, and, even if successful, do little to weaken British power. "The first gunshot will drive the state to bankruptcy," he warned the king. It was to no avail. International power politics and considerations of national prestige took precedence over domestic reform, and the king dismissed him in May 1776. He would be proved right on all three points. The French began covertly supplying war material to the rebellious colonists in 1777, and in 1778 they signed a treaty of alliance with the Americans. Throughout the war, they supplied hard money loans, and underwrote others for the purchase of war supplies in Europe. In 1780, they landed a 5,000-man army in Rhode Island. In 1781, the French navy blockaded Lord Cornwallis's army at Yorktown. Turgot's successor Jacques Necker, a Swiss banker, financed these expenditures almost entirely through loans. Although successful, France's intervention cost 1.3 billion livres and almost doubled her national debt. Schama writes, "No state with imperial pretensions has, in fact, ever subordinated what it takes to be irreducible military interests to the considerations of a balanced budget. And like apologists for military force in twentieth-century America," imperialists "in eighteenth century France pointed to the country's vast demographic and economic reserves and a flourishing economy to sustain the burden." Even more, they claimed that prosperity was "contingent on such military expenditures, both directly in naval bases like Brest and Toulon, and indirectly in the protection it gave to the most rapidly expanding sector of the economy." Plus ca change, plus c'est la meme chose. The new Controller General made no effort to restrain domestic or court spending. The result was a peacetime spending spree and chronic budget deficits. Necker was neither a financial profligate nor an ultra royalist. He was simply financing a war that the government deemed to be in the national interest. During the conflict, he held down royal expenditures at home, eliminated many sinecures, published a national budget in 1781, and proposed the formation of a third provincial assembly. However, when his request to join the royal council (as a Protestant, he was barred) was rejected, he resigned. His immediate successor, Joly de Fleury, restored many of the offices he had eliminated. Upon the return of peace with the signing of the Treaty of Paris (1783), the monarchy had another opportunity to institute economic, financial, and political reforms, but it squandered it. Just as with the first Bush administration after the Cold War, there would be no peace dividend. The government was determined to exploit the vacuum created by British defeat to restore French imperial power. Their global strategy was to maintain a standing army of 150,000 men to defend the borders and preserve the balance of power on the Continent while building up a transoceanic navy capable of challenging the British in all the world's oceans. What is more, the new Controller General, Calonne, made no effort to restrain domestic or court spending. The result was a peacetime spending spree, chronic budget deficits, and the addition of 700 million livres to the national debt. By 1788, debt service alone would absorb fifty percent of annual revenue. It was guns and butter, French style. Today we are savoring it, Texas style. In a few years, Calonne was faced with an imminent fiscal catastrophe. The annual deficit in 1786 was projected to be 112 million livres, and the American war loans would begin falling due the next year. Action was imperative. Such was the power of liberal and federalist ideas in France that Calonne summoned the Physiocrat Dupont de Nemours, a former Turgot associate, to advise him. Meanwhile, with their blessing, the foreign minister, Vergennes, signed a free trade agreement with Great Britain (1786). With the help of Nemours, Calonne proposed the following measures to open up the French economy: the deregulation of the domestic grain trade, the dismantling of internal custom barriers, and commuting the corvee into a public works tax. To raise a regular and equitable revenue, he suggested a "territorial subvention," (i.e. a direct tax levied on all landowners, without exception, to be assessed and levied by representative provincial assemblies). Calonne remembered the mistake Turgot had made ten years before. He had relied exclusively on royal authority to enact his program and in so doing had antagonized the nobility who did not like being presented with a fait accompli. To avoid a similar fate, Calonne suggested the summoning of an Assembly of Notables for early 1787 to consider, modify, and sanction the reforms before they were sent to the Parlement of Paris for registration (making them law). The king approved Calonne's whole program in December 1786. Here was the last chance for the monarchy to institute a program of decentralist constitutional and liberal economic reform that would free the economy, solve the fiscal crisis, transmute absolutism into constitutionalism, and avert an impending political cataclysm. Alas, as excellent and necessary as were Calonne's reforms, he was not the right man to see them through. He was deeply unpopular for his lavish court spending and for using his office to cultivate various corrupt stock schemes. The nobility did not trust him, and the people despised him. Recognizing he was a liability, the king dismissed him and appointed Lomenie de Brienne in his stead. Brienne was a high noble, a Notable, and a reformer. The Assembly was supportive of all the reforms, except the taxes. Here they balked. Before they would give their sanction to new taxes, they wanted the king to publish an annual budget and to agree to a permanent commission of auditors. Their concern was obvious. Why should they agree to changes that would increase royal revenue if they had no way of monitoring royal expenses to see if those funds were being prudently spent? Now the king balked. He thought the proposals an infringement on his prerogatives over the finances and the budget. He vetoed them. It was a grievous error, but typical of the vacillating mind of the king and the intellectual fetters of an absolutist political tradition. The Parlement of Paris duly registered the decrees freeing the grain trade, commuting the corvee, and setting up the provincial assemblies, but they would not register the stamp duty or the land tax. They claimed that only the Estates General, the medieval representative assembly of the three estates of the kingdom (clergy, nobility, and commons) that had last met in 1614, could approve the taxes. The nobles were gambling that Louis would never dare call for an assembly of the Estates. It was a clever stratagem for defeating the tax proposals without incurring the popular odium for doing so. The nobility and clergy would not give up their tax exemptions nor grant the monarchy a potentially inexhaustible new source of revenue without a share of political power. An unforeseen consequence was to create a popular expectation for the reconvening of the Estates. This time the nobility erred. If the monarchy had not been so pressed for funds to stave off bankruptcy, they could have declared the registered edicts a victory for reform and waited for another day to deal with taxes. Not having that luxury, Brienne and the king panicked. They decided to resort to the weapons of royal absolutism to force through the tax reforms. They issued lits de justice declaring the new taxes to be law by royal will. Second, they exiled the recalcitrant Parlement to Troyes. The public outcry and institutional resistance to these tyrannical measures was such that the monarchy had to back down. The king recalled the Parlement and withdrew the lits de justice. Brienne now requested that the Parlement register new royal loans to stave off bankruptcy. It did so, but it again called for the re-convening of the Estates General. It also attempted to establish its new position as a de facto parliament. It declared that royal decrees were not law unless duly registered by the parlements and denied the constitutionality of both lits de justice and lettres de cachet (royal arrest warrants). The king and Brienne believed that the future of royal absolutism was at stake, so they responded with force. They surrounded the Parlement with troops. The king stripped it of its powers of remonstrance and registry, and he invested those powers in a new Plenary Court to be appointed by him. The May coup turned both the nobility and the clergy against the Crown, excited civil protest and unrest, and created a political crisis to match the seriousness of the fiscal crisis. Once again, a foolish attempt to preserve inviolate the senescent institutions of absolutism had failed. By August 1788, the monarchy was bankrupt and without credit. It could borrow new funds neither in Paris nor Amsterdam. Brienne had no choice but to resign. The king recalled Necker, who was the one man who had the confidence of investors, was trusted by the nobility, and popular among the masses. The king also summoned the Estates General to meet in May 1789. The people would assemble by order in local assemblies and elect delegates. The electorate would comprise over six million Frenchmen. Schama calls it "the most numerous experiment in political representation attempted anywhere in the world." By tradition, the assemblies could draw up a list of grievances and requests which their representatives would take with them to Versailles. They would carry 25,000 of them. Students are taught that the nobility and clergy were determined to preserve the old order, the ancien regime, with most of their privileges intact, and admit only a modicum of change, while the Third Estate demanded a transformed France in which the watchwords would be liberty, progress, and modernity. The truth is almost precisely the opposite. The majority of the nobility envisioned a France that was rational, liberal, and constitutional. They were willing to surrender their tax exemptions and seigniorial dues. They called for the abolition of lettres de cachet and all forms of censorship; they wanted an Anglo-Saxon style bill of rights with constitutional protection for civil liberties. They recommended financial reforms: a published national budget, the abolition of the sale of government offices, and an end to tax farming. They also urged the abolition of the trade guilds and the suppression of internal custom barriers. While many of these recommendations are found in the cahiers of the Third Estate, they are eclipsed by material concernsunderstandable complaints about the high price of bread, the game laws, the gabelle (the salt tax), and the depredations of the tax collectors. There are also numerous criticisms of recent reforms, such as the free trade agreement with England, the lifting of price controls on grain, agricultural enclosures, and the granting of civil rights to Protestants. In short, the voice of the Third Estate was largely one of reaction, and while they wanted fewer taxes they wanted more government. According to Schama, "much of the anger firing revolutionary violence arose from hostility towards that modernization, rather than from impatience with the speed of its progress." If only the French elites had reformed. There would have been no Terror, no Napoleon, no centralizing, statist revolution. The Third Estate had some liberal merchants and innovative industrialists, but it had many more urban artisans and peasants. The latter believed they were getting the shaft and that the nobility and clergy, as well as the wealthy members of their own estate, were to blame. They wanted price controls reimposed on grain, restrictions put on its exportation, the prohibition of foreign manufactures, and the punishment of "speculators" and "hoarders." They found leaders among lawyer intellectuals of their own estate, and some visionary members of the others, who spoke in a charged language of grievance, polarity, and combat. Knowing little and caring less about economic liberty or federal constitutionalism, they spoke of patriots versus traitors, citizens versus aristocrats, virtue versus vice, the nation assailed by its enemies. They offered the masses panaceas for their plight, villains to blame, and promises that the possession of political power would heave in the dikes of privilege and unleash the fountains of wealth. Schama correctly deduces that it was the politicization of the masses that "turned a political crisis into a full-blooded revolution." Once the vast Third Estate was told that they were the nation and that a "true national assembly would, by virtue of its higher moral qualityits common patriotismprovide satisfaction, they were given a direct stake in sweeping institutional change." The abbe Sieyes' pamphlet What is the Third Estate? appeared in January 1789 and would be to the French Revolution what Thomas Paine's Common Sense (1776) had been to the American. By the time the Estates General convened in May, the masses and leading intellectuals regarded the continued existence of separate social orders with their own institutional representation not only as an obstacle to reform, but as unpatriotic, even treasonous. When the Estates General metastasized into the National Assembly in June 1789, it was the onset of a radical revolution. Liberty would not fare well on the guillotine. Through 1788 and into 1789 the gods seemed to be conspiring to bring on a popular revolution. A spring drought was followed by a devastating hail storm in July. Crops were ruined. There followed one of the coldest winters in French history. Grain prices skyrocketed. Even in the best of times, an artisan or factor might spend 40 percent of his income on bread. By the end of the year, 80 percent was not unusual. "It was the connection of anger with hunger that made the Revolution possible," observed Schama. It was also envy that drove the Revolution to its violent excesses and destructive reform. Take the Reveillon riots of April 1789. Reveillon was a successful Parisian wall-paper manufacturer. He was not a noble but a self-made man who had begun as an apprentice paper worker but now owned a factory that employed 400 well-paid operatives. He exported his finished products to England (no mean feat). The key to his success was technical innovation, machinery, the concentration of labor, and the integration of industrial processes, but for all these the artisans of his district saw him as a threat to their jobs. When he spoke out in favor of the deregulation of bread distribution at an electoral meeting, an angry crowded marched on his factory, wrecked it, and ransacked his home. >From thenceforth, the Paris mob would be the power behind the Revolution. Economic science would not fare well. According to Jean Baptiste Say, "The moment there was any question in the National Assembly of commerce or finances, violent invectives could be heard against the economists." That is what happens when political power is handed over to pseudo-intellectuals, lawyers, and the mob. The exponents of the rationalistic Enlightenment had stood for a constitutional monarchy, a liberal economic and legal order, scientific progress, and a competent administration. According to Schama, "They were heirs to the reforming ethos of Louis XVI's reign, and authentic predictors of the 'new notability' to emerge after the Revolution had run its course. Their language was reasonable and their tempers cool. What they had in mind was a nation vested, through its representatives, with the power to strip away the obstructions to modernity. Such a state . . . would not wage war on the France of the 1780s but consummate its promise." If only the French elites could have agreed on a course of reform along these lines, there would have been no Terror, no Napoleon, no centralizing, statist revolution. And it was the pressing financial crisis, brought on by deficit spending to fund a global empire that in the end frustrated the kind of evolutionary political and economic liberalization that is the true road of civilized progress. __________________________ Historian Scott Trask is an adjunct scholar of the Mises Institute. <mailto:hstrask@highstream.net>hstrask(a)highstream.net. See his <http://www.mises.org/articles.asp?mode=a&author=Trask>article archive. Discuss this article on the <http://www.mises.org/blog>blog. In response to many requests, it is now possible to set your credit-card contribution to the Mises Institute to be recurring. You can easily set this up on-line with a donation starting at $10 per month. See the <https://www.mises.org/donate.asp>Membership Page. This is one way to ensure that your support for the Mises Institute is ongoing. <http://www.mises.org//fullstory.asp?printFriendly=Yes&control=1489>[Print Friendly Page] <http://www.mises.org/blog/> <http://www.mises.org/elist.asp>Mises Email List Services <https://www.mises.org/donate.asp>Join the Mises Institute <http://www.mises.org/store>Mises.org Store <http://www.mises.org/>Home | <http://www.mises.org/about.asp>About | <http://www.mises.org/elist.asp>Email List | <http://www.google.com/u/Mises>Search | <http://www.mises.org/contact.asp>Contact Us | <http://www.mises.org/journals.asp>Periodicals | <http://www.mises.org/articles.asp>Articles | <http://www.mises.org/fun.asp>Games & Fun <http://www.mises.org/news.asp>News | <http://www.mises.org/scholar.asp>Resources | <http://www.mises.org/catalog.asp>Catalog | <https://www.mises.org/donate.asp>Contributions | <http://www.mises.org/calendar.asp>Freedom Calendar You are subscribed as: rah(a)shipwright.com Manage <http://mises.biglist.com/list/article/?p=prefs&pre=l&e=1883638&pw=xujje2srnt>your account. Unsubscribe <http://mises.biglist.com/list/article/?p=unsub&pre=l&e=1883638&pw=xujje2srnt>here or send email to <mailto:article-unsub-1883638@mises.biglist.com>this address. --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah(a)ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

1 0

[IP] New NSA Spying Map and White Paper]
by Dave Farber 06 Jul '18

06 Jul '18

-------- Original Message -------- Subject: New NSA Spying Map and White Paper Date: Tue, 31 Jan 2006 17:06:48 -0500 From: Barry Steinhardt <bsteinhardt(a)aclu.org> To: dave(a)farber.net Dave, The IP list may be interested in a new ACLU white paper and interactive map detailing what is known and suspected about how the NSA's illegal spying on Americans occurs and where the interceptions are likely taking place.. The white paper is entitled "Eavesdropping 101: What Can the NSA Do?" It looks at the probable connections that the NSA has made to the U.S. civilian communications infrastructure. The map shows how the NSA's "surveillance octopus" likely entangles the country. We believe it is the first effort to visually illustrate what is happening. You can find both the white paper and the map at http://www.aclu.org/safefree/nsaspying/23989res20060131.html > http://www.aclu.org/safefree/nsaspying/23989res20060131.html. A complete range of materials can be found at www.nsawatch.org <http://www.nsawatch.org> . Barry Steinhardt Director Technology and Liberty Project American Civil Liberties Union (ACLU) ------------------------------------- You are subscribed as eugen(a)leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

1 0

CRYPTO-GRAM, April 15, 2009
by Bruce Schneier 06 Jul '18

06 Jul '18

CRYPTO-GRAM April 15, 2009 by Bruce Schneier Chief Security Technology Officer, BT schneier(a)schneier.com http://www.schneier.com A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. For back issues, or to subscribe, visit <http://www.schneier.com/crypto-gram.html>. You can read this issue on the web at <http://www.schneier.com/crypto-gram-0904.html>. These same essays appear in the "Schneier on Security" blog: <http://www.schneier.com/blog>. An RSS feed is available. ** *** ***** ******* *********** ************* In this issue: Fourth Annual Movie-Plot Threat Contest Who Should be in Charge of U.S. Cybersecurity? News Privacy and the Fourth Amendment Schneier News The Definition of "Weapon of Mass Destruction" Stealing Commodities Comments from Readers ** *** ***** ******* *********** ************* Fourth Annual Movie-Plot Threat Contest Let's face it, the War on Terror is a tired brand. There just isn't enough action out there to scare people. If this keeps up, people will forget to be scared. And then both the terrorists and the terror-industrial complex lose. We can't have that. We're going to help revive the fear. There's plenty to be scared about, if only people would just think about it in the right way. In this Fourth Movie-Plot Threat Contest, the object is to find an existing event somewhere in the industrialized world -- Third World events are just too easy -- and provide a conspiracy theory to explain how the terrorists were really responsible. The goal here is to be outlandish but plausible, ridiculous but possible, and -- if it were only true -- terrifying. Entries should be formatted as a news story, and are limited to 150 words (I'm going to check this time) because fear needs to be instilled in a population with short attention spans. Submit your entry, by the end of the month, in comments to the blog post. Submit your entry here: http://www.schneier.com/blog/archives/2009/04/fourth_annual_m.html An example from The Onion: http://www.theonion.com/content/cartoon/feb-23-2009 The First Movie-Plot Threat Contest: http://www.schneier.com/blog/archives/2006/04/announcing_movi.html http://www.schneier.com/blog/archives/2006/06/movieplot_threa_1.html The Second Movie-Plot Threat Contest: http://www.schneier.com/blog/archives/2007/04/announcing_seco.html http://www.schneier.com/blog/archives/2007/06/second_annual_m.html http://www.schneier.com/blog/archives/2007/06/second_movieplo.html The Third Movie-Plot Threat Contest: http://www.schneier.com/blog/archives/2008/04/third_annual_mo.html http://www.schneier.com/blog/archives/2008/05/third_annual_mo_2.html http://www.schneier.com/blog/archives/2008/05/third_annual_mo_1.html ** *** ***** ******* *********** ************* Who Should be in Charge of U.S. Cybersecurity? U.S. government cybersecurity is an insecure mess, and fixing it is going to take considerable attention and resources. Trying to make sense of this, President Barack Obama ordered a 60-day review of government cybersecurity initiatives. Meanwhile, the U.S. House Subcommittee on Emerging Threats, Cybersecurity, Science and Technology is holding hearings on the same topic. One of the areas of contention is who should be in charge. The FBI, DHS and DoD -- specifically, the NSA -- all have interests here. Earlier this month, Rod Beckstrom resigned from his position as director of the DHS's National Cybersecurity Center, warning of a power grab by the NSA. Putting national cybersecurity in the hands of the NSA is an incredibly bad idea. An entire parade of people, ranging from former FBI director Louis Freeh to Microsoft's Trusted Computing Group Vice President and former Justice Department computer crime chief Scott Charney, have told Congress the same thing at this month's hearings. Cybersecurity isn't a military problem, or even a government problem -- it's a universal problem. All networks, military, government, civilian and commercial, use the same computers, the same networking hardware, the same Internet protocols and the same software packages. We all are the targets of the same attack tools and tactics. It's not even that government targets are somehow more important; these days, most of our nation's critical IT infrastructure is in commercial hands. Government-sponsored Chinese hackers go after both military and civilian targets. Some have said that the NSA should be in charge because it has specialized knowledge. Earlier this month, Director of National Intelligence Admiral Dennis Blair made this point, saying "There are some wizards out there at Ft. Meade who can do stuff." That's probably not true, but if it is, we'd better get them out of Ft. Meade as soon as possible -- they're doing the nation little good where they are now. Not that government cybersecurity failings require any specialized wizardry to fix. GAO reports indicate that government problems include insufficient access controls, a lack of encryption where necessary, poor network management, failure to install patches, inadequate audit procedures, and incomplete or ineffective information security programs. These aren't super-secret NSA-level security issues; these are the same managerial problems that every corporate CIO wrestles with. We've all got the same problems, so solutions must be shared. If the government has any clever ideas to solve its cybersecurity problems, certainly a lot of us could benefit from those solutions. If it has an idea for improving network security, it should tell everyone. The best thing the government can do for cybersecurity world-wide is to use its buying power to improve the security of the IT products everyone uses. If it imposes significant security requirements on its IT vendors, those vendors will modify their products to meet those requirements. And those same products, now with improved security, will become available to all of us as the new standard. Moreover, the NSA's dual mission of providing security and conducting surveillance means it has an inherent conflict of interest in cybersecurity. Inside the NSA, this is called the "equities issue." During the Cold War, it was easy; the NSA used its expertise to protect American military information and communications, and eavesdropped on Soviet information and communications. But what happens when both the good guys the NSA wants to protect, and the bad guys the NSA wants to eavesdrop on, use the same systems? They all use Microsoft Windows, Oracle databases, Internet email, and Skype. When the NSA finds a vulnerability in one of those systems, does it alert the manufacturer and fix it -- making both the good guys and the bad guys more secure? Or does it keep quiet about the vulnerability and not tell anyone -- making it easier to spy on the bad guys but also keeping the good guys insecure? Programs like the NSA's warrantless wiretapping program have created additional vulnerabilities in our domestic telephone networks. Testifying before Congress earlier this month, former DHS National Cyber Security division head Amit Yoran said "the intelligence community has always and will always prioritize its own collection efforts over the defensive and protection mission of our government's and nation's digital systems." Maybe the NSA could convince us that it's putting cybersecurity first, but its culture of secrecy will mean that any decisions it makes will be suspect. Under current law, extended by the Bush administration's extravagant invocation of the "state secrets" privilege when charged with statutory and constitutional violations, the NSA's activities are not subject to any meaningful public oversight. And the NSA's tradition of military secrecy makes it harder for it to coordinate with other government IT departments, most of which don't have clearances, let alone coordinate with local law enforcement or the commercial sector. We need transparent and accountable government processes, using commercial security products. We need government cybersecurity programs that improve security for everyone. The NSA certainly has an advisory and a coordination role in national cybersecurity, and perhaps a more supervisory role in DoD cybersecurity -- both offensive and defensive -- but it should not be in charge. A copy of this essay, with all embedded links, is here: http://www.schneier.com/blog/archives/2009/04/who_should_be_i.html A version of this essay appeared on The Wall Street Journal website. http://online.wsj.com/article/SB123844579753370907.html ** *** ***** ******* *********** ************* News Privacy in Google Latitude: good news. http://blog.wired.com/business/2009/03/googles-latitud.html Leaving infants in the car. It happens, and sometimes they die. http://www.schneier.com/blog/archives/2009/03/leaving_infants.html Interesting piece of cryptographic history: a cipher designed by Robert Patterson and sent to Thomas Jefferson in 1801. http://www.schneier.com/blog/archives/2009/03/1801_cipher_sol.html The Bayer company is refusing to talk about a fatal accident at a West Virginia plant, citing a 2002 terrorism law. http://pubs.acs.org/cen/news/87/i11/8711news6.html The meeting has been rescheduled. No word on how forthcoming Bayer will be. http://www.csb.gov/index.cfm?folder=news_releases&page=news&NEWS_ID=461 or http://tinyurl.com/cckma9 Research on fingerprinting paper: http://www.freedom-to-tinker.com/blog/felten/fingerprinting-blank-paper-usi… or http://tinyurl.com/djvdkz http://citp.princeton.edu/pub/paper09oak.pdf Blowfish on the television series 24, again: http://www.schneier.com/blog/archives/2009/03/blowfish_on_24_1.html Interesting analysis of why people steal rare books. http://www.ft.com/cms/s/2/d41a83d6-09dc-11de-add8-0000779fd2ac.html Last month, I linked to a catalog of NSA video courses from 1991. Here's an update, with new information (the FOIA redactions were appealed). http://www.governmentattic.org/2docs/NSA_TV_Center_Catalog_1991-Update.pdf or http://tinyurl.com/d2ds68 You just can't make this stuff up: a UK bomb squad is called in because someone saw a plastic replica of the Holy Hand Grenade of Antioch, from the movie Monty Python and the Holy Grail. http://www.schneier.com/blog/archives/2009/03/holy_hand_grena.html Interesting research in explosives detection. http://www.aip.org/press_release/detecting_explosives.html A Psychology Today article on fear and the availability heuristic: http://blogs.psychologytoday.com/blog/the-narcissus-in-all-us/200903/mass-m… or http://tinyurl.com/c8mkzm >From Kentucky: I think this is the first documented case of election fraud in the U.S. using electronic voting machines (there have been lots of documented cases of errors and voting problems, but this one involves actual maliciousness). Lots of details; well worth reading. http://www.schneier.com/blog/archives/2009/03/election_fraud.html Sniffing keyboard keystrokes with a laser: http://news.zdnet.com/2100-9595_22-280184.html Where you stand matters in surviving a suicide bombing. http://www.sciencedaily.com/releases/2009/03/090323161125.htm Presumably they also discovered where the attacker should stand to be as lethal as possible, but there's no indication they published those results. An impressive solar plasma movie-plot threat. http://www.newscientist.com/article/mg20127001.300-space-storm-alert-90-sec… or http://tinyurl.com/c3xphd Security fears drive Iran to Linux: http://www.theage.com.au/articles/2004/09/21/1095651288238.html A gorilla detector, from Muppet Labs. http://www.youtube.com/watch?v=4QrelL9fOjY Bob Blakley makes an interesting point about what he calls "the zone of essential risk": "if you conduct medium-sized transactions rarely, you're in trouble. The transactions are big enough so that you care about losses, you don't have enough transaction volume to amortize those losses, and the cost of insurance or escrow is high enough compared to the value of your transactions that it doesn't make economic sense to protect yourself." http://notabob.blogspot.com/2009/03/zone-of-essential-risk.html Massive Chinese espionage network discovered: http://www.schneier.com/blog/archives/2009/03/massive_chinese.html Thefts at the Museum of Bad Art: http://en.wikipedia.org/wiki/Museum_Of_Bad_Art Be sure to notice the camera: http://en.wikipedia.org/wiki/File:MOBAcamera.JPG Here's a story about a very expensive series of false positives. The German police spent years and millions of dollars tracking a mysterious killer whose DNA had been found at the scenes of six murders. Finally they realized they were tracking a worker at the factory that assembled the prepackaged swabs used for DNA testing. http://scienceblogs.com/authority/2009/03/the_phantom_of_heilbronn_and_n.php or http://tinyurl.com/d5cwww This story could be used as justification for a massive DNA database. After all, if that factory worker had his or her DNA in the database, the police would have quickly realized what the problem was. Identifying people using anonymous social networking data: http://www.schneier.com/blog/archives/2009/04/identifying_peo.html What to fear: a great rundown of the statistics. http://www.counterpunch.org/goekler03242009.html Crypto puzzle and NSA problem: http://www.cryptosmith.com/archives/565 Clever social networking identity theft scams: http://www.schneier.com/blog/archives/2009/04/social_networki.html Police powers and the UK government in the 1980s: http://www.schneier.com/blog/archives/2009/04/police_powers_a.html Research into preserving P2P privacy: http://www.physorg.com/news158419063.html Fact-free article about foreign companies hacking the U.S. power grid suggests we panic. My guess is that it was deliberately planted by someone looking for leverage in the upcoming budget battle. http://www.schneier.com/blog/archives/2009/04/us_power_grid_h.html Here's a tip: when walking around in public with secret government documents, put them in an envelope. Don't carry them in the open where people can read (and photograph) them. http://www.schneier.com/blog/archives/2009/04/how_not_to_carr.html Details of the arrests made in haste after the above disclosure: http://www.timesonline.co.uk/tol/news/uk/article6078397.ece It is a measure of our restored sanity that no one has called the TSA about Tweenbots: http://www.tweenbots.com/ How to write a scary cyberterrorism story. From Foreign Affairs, no less. http://neteffect.foreignpolicy.com/posts/2009/04/11/writing_the_scariest_ar… ** *** ***** ******* *********** ************* Privacy and the Fourth Amendment In the United States, the concept of "expectation of privacy" matters because it's the constitutional test, based on the Fourth Amendment, that governs when and how the government can invade your privacy. Based on the 1967 Katz v. United States Supreme Court decision, this test actually has two parts. First, the government's action can't contravene an individual's subjective expectation of privacy; and second, that expectation of privacy must be one that society in general recognizes as reasonable. That second part isn't based on anything like polling data; it is more of a normative idea of what level of privacy people should be allowed to expect, given the competing importance of personal privacy on one hand and the government's interest in public safety on the other. The problem is, in today's information society, that definition test will rapidly leave us with no privacy at all. In Katz, the Court ruled that the police could not eavesdrop on a phone call without a warrant: Katz expected his phone conversations to be private and this expectation resulted from a reasonable balance between personal privacy and societal security. Given NSA's large-scale warrantless eavesdropping, and the previous administration's continual insistence that it was necessary to keep America safe from terrorism, is it still reasonable to expect that our phone conversations are private? Between the NSA's massive internet eavesdropping program and Gmail's content-dependent advertising, does anyone actually expect their e-mail to be private? Between calls for ISPs to retain user data and companies serving content-dependent web ads, does anyone expect their web browsing to be private? Between the various computer-infecting malware, and world governments increasingly demanding to see laptop data at borders, hard drives are barely private. I certainly don't believe that my SMSs, any of my telephone data, or anything I say on LiveJournal or Facebook -- regardless of the privacy settings -- is private. Aerial surveillance, data mining, automatic face recognition, terahertz radar that can "see" through walls, wholesale surveillance, brain scans, RFID, "life recorders" that save everything: Even if society still has some small expectation of digital privacy, that will change as these and other technologies become ubiquitous. In short, the problem with a normative expectation of privacy is that it changes with perceived threats, technology and large-scale abuses. Clearly, something has to change if we are to be left with any privacy at all. Three legal scholars have written law review articles that wrestle with the problems of applying the Fourth Amendment to cyberspace and to our computer-mediated world in general. George Washington University's Daniel Solove, who blogs at Concurring Opinions, has tried to capture the Byzantine complexities of modern privacy. He points out, for example, that the following privacy violations -- all real -- are very different: A company markets a list of 5 million elderly incontinent women; reporters deceitfully gain entry to a person's home and secretly photograph and record the person; the government uses a thermal sensor device to detect heat patterns in a person's home; and a newspaper reports the name of a rape victim. Going beyond simple definitions such as the divulging of a secret, Solove has developed a taxonomy of privacy, and the harms that result from their violation. His 16 categories are: surveillance, interrogation, aggregation, identification, insecurity, secondary use, exclusion, breach of confidentiality, disclosure, exposure, increased accessibility, blackmail, appropriation, distortion, intrusion and decisional interference. Solove's goal is to provide a coherent and comprehensive understanding of what is traditionally an elusive and hard-to-explain concept: privacy violations. (This taxonomy is also discussed in Solove's book, Understanding Privacy.) Orin Kerr, also a law professor at George Washington University, and a blogger at Volokh Conspiracy, has attempted to lay out general principles for applying the Fourth Amendment to the internet. First, he points out that the traditional inside/outside distinction -- the police can watch you in a public place without a warrant, but not in your home -- doesn't work very well with regard to cyberspace. Instead, he proposes a distinction between content and non-content information: the body of an e-mail versus the header information, for example. The police should be required to get a warrant for the former, but not for the latter. Second, he proposes that search warrants should be written for particular individuals and not for particular internet accounts. Meanwhile, Jed Rubenfeld of Yale Law School has tried to reinterpret the Fourth Amendment not in terms of privacy, but in terms of security. Pointing out that the whole "expectations" test is circular -- what the government does affects what the government can do -- he redefines everything in terms of security: the security that our private affairs are private. This security is violated when, for example, the government makes widespread use of informants, or engages in widespread eavesdropping -- even if no one's privacy is actually violated. This neatly bypasses the whole individual privacy versus societal security question -- a balancing that the individual usually loses -- by framing both sides in terms of personal security. I have issues with all of these articles. Solove's taxonomy is excellent, but the sense of outrage that accompanies a privacy violation -- "How could they know/do/say that!?" -- is an important part of the harm resulting from a privacy violation. The non-content information that Kerr believes should be collectible without a warrant can be very private and personal: URLs can be very personal, and it's possible to figure out browsed content just from the size of encrypted SSL traffic. Also, the ease with which the government can collect all of it -- the calling and called party of every phone call in the country -- makes the balance very different. I believe these need to be protected with a warrant requirement. Rubenfeld's reframing is interesting, but the devil is in the details. Reframing privacy in terms of security still results in a balancing of competing rights. I'd rather take the approach of stating the -- obvious to me -- individual and societal value of privacy, and giving privacy its rightful place as a fundamental human right. (There's additional commentary on Rubenfeld's thesis at ArsTechnica.) The trick here is to realize that a normative definition of the expectation of privacy doesn't need to depend on threats or technology, but rather on what we -- as society -- decide it should be. Sure, today's technology make it easier than ever to violate privacy. But it doesn't necessarily follow that we have to violate privacy. Today's guns make it easier than ever to shoot virtually anyone for any reason. That doesn't mean our laws have to change. No one knows how this will shake out legally. These three articles are from law professors; they're not judicial opinions. But clearly something has to change, and ideas like these may someday form the basis of new Supreme Court decisions that brings legal notions of privacy into the 21st century. A copy of this essay, with all embedded links, is here: http://www.schneier.com/blog/archives/2009/03/privacy_and_the_1.html This essay originally appeared on Wired.com. http://www.wired.com/politics/security/commentary/securitymatters/2009/03/s… or http://tinyurl.com/dh3xg5 ** *** ***** ******* *********** ************* Schneier News I was interviewed on Federal News Radio about insider threats: http://www.federalnewsradio.com/index.php?nid=56&sid=1632741 I'm speaking at the Taiwan Information Security Center on April 17 in Taipei: http://forum.twisc.ncku.edu.tw/dm.html I'll be on the Cryptographers' Panel at the RSA Conference on April 21 in San Francisco: http://www.rsaconference.com/2009/US/Home.aspx I'll be the keynote speaker at the IPSI Research Symposium on May 6 in Toronto: http://www.ipsi.utoronto.ca/events/IPSI_Research_Symposium_2009.htm I'm speaking at the International Workshop on Coding and Cryptography on May 12 in Lofthus, Norway: http://www.selmer.uib.no/WCC2009/callWCC2009.pdf I'm giving the keynote speech on Day 2 of the European OWASP Application Security Conference, May 14 in Krakow, Poland: http://www.owasp.org/index.php/AppSecEU09 And I'm giving the keynote speech at CONfidence on May 15 in Krakow, Poland: http://2009.confidence.org.pl/ ** *** ***** ******* *********** ************* The Definition of "Weapon of Mass Destruction" At least, according to U.S. law: 18 U.S.C. 2332a (2) the term "weapon of mass destruction" means -- (A) any destructive device as defined in section 921 of this title; (B) any weapon that is designed or intended to cause death or serious bodily injury through the release, dissemination, or impact of toxic or poisonous chemicals, or their precursors; (C) any weapon involving a biological agent, toxin, or vector (as those terms are defined in section 178 of this title); or (D) any weapon that is designed to release radiation or radioactivity at a level dangerous to human life; 18 U.S.C. 921 (4) The term "destructive device" means-- (A) any explosive, incendiary, or poison gas-- (i) bomb, (ii) grenade, (iii) rocket having a propellant charge of more than four ounces, (iv) missile having an explosive or incendiary charge of more than one-quarter ounce, (v) mine, or (vi) device similar to any of the devices described in the preceding clauses; (B) any type of weapon (other than a shotgun or a shotgun shell which the Attorney General finds is generally recognized as particularly suitable for sporting purposes) by whatever name known which will, or which may be readily converted to, expel a projectile by the action of an explosive or other propellant, and which has any barrel with a bore of more than one-half inch in diameter; and (C) any combination of parts either designed or intended for use in converting any device into any destructive device described in subparagraph (A) or (B) and from which a destructive device may be readily assembled. The term "destructive device" shall not include any device which is neither designed nor redesigned for use as a weapon; any device, although originally designed for use as a weapon, which is redesigned for use as a signaling, pyrotechnic, line throwing, safety, or similar device; surplus ordnance sold, loaned, or given by the Secretary of the Army pursuant to the provisions of section 4684 (2), 4685, or 4686 of title 10; or any other device which the Attorney General finds is not likely to be used as a weapon, is an antique, or is a rifle which the owner intends to use solely for sporting, recreational or cultural purposes. This is a very broad definition, and one that involves the intention of the weapon's creator as well as the details of the weapon itself. In an e-mail, Ohio State University Professor John Mueller commented to me: "As I understand it, not only is a grenade a weapon of mass destruction, but so is a maliciously-designed child's rocket even if it doesn't have a warhead. On the other hand, although a missile-propelled firecracker would be considered a weapon of mass destruction if its designers had wanted to think of it as a weapon, it would not be so considered if it had previously been designed for use as a weapon and then redesigned for pyrotechnic use or if it was surplus and had been sold, loaned, or given to you (under certain circumstances) by the Secretary of the Army. "It also means that we are coming up on the 25th anniversary of the Reagan administration's long-misnamed WMD-for-Hostages deal with Iran. "Bad news for you, though. You'll have to amend that line you like using in your presentations about how all WMD in all of history have killed fewer people than OIF (or whatever), since all artillery, and virtually every muzzle-loading military long arm for that matter, legally qualifies as an WMD. It does make the bombardment of Ft. Sumter all the more sinister. To say nothing of the revelation that The Star Spangled Banner is in fact an account of a WMD attack on American shores." Amusing, to be sure, but there's something important going on. The U.S. government has passed specific laws about "weapons of mass destruction," because they're particularly scary and damaging. But by generalizing the definition of WMDs, those who write the laws greatly broaden their applicability. And I have to wonder how many of those who vote in favor of the laws realize how general they really are, or -- if they do know -- vote for them anyway because they can't be seen to be "soft" on WMDs. It reminds me of those provisions of the USA PATRIOT Act -- and other laws -- that created police powers to be used for "terrorism and other crimes." Prosecutions based on this unreasonable definition: http://www.ph2dot1.com/2008/04/wmd-arent-what-they-used-to-be.html ** *** ***** ******* *********** ************* Stealing Commodities Before his arrest, Tom Berge stole lead roof tiles from several buildings in south-east England, including the Honeywood Museum in Carshalton, the Croydon parish church, and the Sutton high school for girls. He then sold those tiles to scrap metal dealers. As a security expert, I find this story interesting for two reasons. First, amongst increasingly ridiculous attempts to ban, or at least censor, Google Earth, lest it help the terrorists, here is an actual crime that relied on the service: Berge needed Google Earth for reconnaissance. But more interesting is the discrepancy between the value of the lead tiles to the original owner and to the thief. The Sutton school had to spend #10,000 to buy new lead tiles; the Croydon Church had to repair extensive water damage after the theft. But Berge only received #700 a ton from London scrap metal dealers. This isn't an isolated story; the same dynamic is in play with other commodities as well. There is an epidemic of copper wiring thefts worldwide; copper is being stolen out of telephone and power stations--and off poles in the streets--and thieves have killed themselves because they didn't understand the dangers of high voltage. Homeowners are returning from holiday to find the copper pipes stolen from their houses. In 2001, scrap copper was worth 70 cents per pound. In April 2008, it was worth $4. Gasoline siphoning became more common as pump prices rose. And used restaurant grease, formerly either given away or sold for pennies to farmers, is being stolen from restaurant parking lots and turned into biofuels. Newspapers and other recyclables are stolen from curbs, and trees are stolen and resold as Christmas trees. Iron fences have been stolen from buildings and houses, manhole covers have been stolen from the middle of streets, and aluminum guard rails have been stolen from roadways. Steel is being stolen for scrap, too. In 2004 in Ukraine, thieves stole an entire steel bridge. These crimes are particularly expensive to society because the replacement cost is much higher than the thief's profit. A manhole cover is worth $5-$10 as scrap, but it costs $500 to replace, including labor. A thief may take $20 worth of copper from a construction site, but do $10,000 in damage in the process. And even if the thieves don't get to the copper or steel, the increased threat means more money being spent on security to protect those commodities in the first place. Security can be viewed as a tax on the honest, and these thefts demonstrate that our taxes are going up. And unlike many taxes, we don't benefit from their collection. The cost to society of retrofitting manhole covers with locks, or replacing them with less resalable alternatives, is high; but there is no benefit other than reducing theft. These crimes are a harbinger of the future: evolutionary pressure on our society, if you will. Criminals are often referred to as social parasites; they leech off society but provide no useful benefit. But they are an early warning system of societal changes. Unfettered by laws or moral restrictions, they can be the first to respond to changes that the rest of society will be slower to pick up on. In fact, currently there's a reprieve. Scrap metal prices are all down from last year's--copper is currently $1.62 per pound, and lead is half what Berge got--and thefts are down along with them. We've designed much of our infrastructure around the assumptions that commodities are cheap and theft is rare. We don't protect transmission lines, manhole covers, iron fences, or lead flashing on roofs. But if commodity prices really are headed for new higher stable points, society will eventually react and find alternatives for these items--or find ways to protect them. Criminals were the first to point this out, and will continue to exploit the system until it restabilizes. A copy of this essay, with all embedded links, is here: http://www.schneier.com/blog/archives/2009/04/stealing_commod.html A version of this essay originally appeared in The Guardian. http://www.guardian.co.uk/technology/2009/apr/02/google-earth-censorship-cr… or http://tinyurl.com/coo59n ** *** ***** ******* *********** ************* Comments from Readers There are hundreds of comments -- many of them interesting -- on these topics on my blog. Search for the story you want to comment on, and join in. http://www.schneier.com/blog ** *** ***** ******* *********** ************* Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. You can subscribe, unsubscribe, or change your address on the Web at <http://www.schneier.com/crypto-gram.html>. Back issues are also available at that URL. Please feel free to forward CRYPTO-GRAM, in whole or in part, to colleagues and friends who will find it valuable. Permission is also granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety. CRYPTO-GRAM is written by Bruce Schneier. Schneier is the author of the best sellers "Schneier on Security," "Beyond Fear," "Secrets and Lies," and "Applied Cryptography," and an inventor of the Blowfish, Twofish, Phelix, and Skein algorithms. He is the Chief Security Technology Officer of BT BCSG, and is on the Board of Directors of the Electronic Privacy Information Center (EPIC). He is a frequent writer and lecturer on security topics. See <http://www.schneier.com>. Crypto-Gram is a personal newsletter. Opinions expressed are not necessarily those of BT. Copyright (c) 2009 by Bruce Schneier. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0