CDR: Olympic email snooping -- FBI-style
[From: http://www.pbs.org/cringely/pulpit/pulpit20000803.html] ... For the second disturbing fact we jump to the Olympics -- not this year's games in Sydney -- but the 2002 Winter games in Utah. Given the 1996 bombing at the Atlanta games and the 1972 hostage crisis in Munich, I really, really wouldn't want to be responsible for public safety at an Olympic games anywhere. So it isn't surprising that the security plans for Salt Lake in 2002 are very robust - perhaps too robust for some people, including me. At the Utah games there will be a network of kiosks set up for athletes, journalists, and the public to use for e-mail and Net access. This will be the easiest way for many people to communicate in an area that will probably have its cellphone circuits maxed-out most of the time. Try making a cellphone call in Las Vegas during Comdex or the Consumer Electronics Show and you'll know what I mean. Well, the FBI has some rather specific requirements for Olympic data security, including the ability to not only COPY e-mail from these kiosks containing passwords from users' secret list, but to actually INTERCEPT e-mail and deliver it to a security office address rather than to the intended recipient. The person manning that address is supposed to make summary decisions about what to do with the reviewed email -- maybe it gets passed along as intended by its author, maybe bounced as "undeliverable" for myriad reasons, or... Seriously, that's a technical requirement, for which a vendor has not yet been chosen. The FBI gets to read mail, steal passwords, and divert mail. By the nature of the system, they have to look at all the mail -- even yours, if you are there. Remember, given the high-roller nature of Olympic audiences, the passwords being recorded to a database will likely include America's business elite. Of course those passwords would never be used for any illegal purpose, right? And the truly amazing part of this story is that there is nothing illegal about the data gathering, itself. Since the kiosk doesn't belong to you or me, we are bound by terms of usage that allow the kiosk provider to do pretty much whatever they want with the bits we run through their system. By simply using their machine, we give up our privacy without even knowing it. Okay, so maybe I have just blown the lid off a plan that could save lives, but it is hard for me to imagine a scenario in which some terrorist will stop on his way to plant a bomb to e-mail the boss about that bomb's location. This looks to me like overkill, and I don't like it. Or am I the only one who feels this way?
At 02:50 PM 9/25/00 -0400, anonymous@openpgp.net wrote:
Okay, so maybe I have just blown the lid off a plan that could save lives, but it is hard for me to imagine a scenario in which some terrorist will stop on his way to plant a bomb to e-mail the boss about that bomb's location. This looks to me like overkill, and I don't like it. Or am I the only one who feels this way?
Maybe some enterprising artist will place bumperstickers on the kiosks labelling them Carnivore II stations... or Echelon for our furriner friends...
On Tue, 26 Sep 2000, David Honig wrote:
At 02:50 PM 9/25/00 -0400, anonymous@openpgp.net wrote:
Okay, so maybe I have just blown the lid off a plan that could save lives, but it is hard for me to imagine a scenario in which some terrorist will stop on his way to plant a bomb to e-mail the boss about that bomb's location. This looks to me like overkill, and I don't like it. Or am I the only one who feels this way?
Maybe some enterprising artist will place bumperstickers on the kiosks labelling them Carnivore II stations... or Echelon for our furriner friends...
With the appropreate Olympic Spy v.s. Spy logo. alan@ctrl-alt-del.com | Note to AOL users: for a quick shortcut to reply Alan Olsen | to my mail, just hit the ctrl, alt and del keys. "In the future, everything will have its 15 minutes of blame."
At 12:44 PM -0400 9/26/00, David Honig wrote:
At 02:50 PM 9/25/00 -0400, anonymous@openpgp.net wrote:
Okay, so maybe I have just blown the lid off a plan that could save lives, but it is hard for me to imagine a scenario in which some terrorist will stop on his way to plant a bomb to e-mail the boss about that bomb's location. This looks to me like overkill, and I don't like it. Or am I the only one who feels this way?
Maybe some enterprising artist will place bumperstickers on the kiosks labelling them Carnivore II stations... or Echelon for our furriner friends...
Back in 1993, as Clipper was unfolding, I drew up a logo for use on such pieces of equipment: Big Brother Inside Done, of course, in the "Intel Inside" tradition. I understand that at least a couple of enterprising folks have had batches of stick-on labels made. Personally, I think it's a tempest in a teapot. _Of course_ using someone else's computers is a security disaster...this has been well-known for decades. If someone uses Coca Cola's kiosk, or IBM's kiosk, or whatever, then they can expect passwords to be unsecure. End to end encryption is the only real solution. By two years from now there should be more of this, especially on PDAs and WebPad types of devices. Now what would be worrisome, and unconstitutional, would be some sort of ban on such end to end encryption for the Games, or the participants, or in general. --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
participants (4)
-
Alan Olsen
-
Anonymous Remailer
-
David Honig
-
Tim May