Okay, folks. Let's bring this into focus. I don't like unfounded allegations, especially when they are involving my own communications providers, but let's let the truth be known. I'd like to summarize to the list several trains of thought and track this down to a reliable source. If, in fact, a UUNet operator/provider has, indeed, stated that this has been common practice, I think that it may behoove them to own-up to these allegations. Before I do confront the UUNet staff, however, I must get the allegations correct, and I therefore rely on you crypto-rebels to provide them for me. Please. In my original message I stated:
From: uunet!sytex.com!fergp (Paul Ferguson) Message-Id: <VgH54B1w165w@sytex.com> Date: Tue, 25 May 93 16:30:06 EDT Organization: Sytex Communications, Inc
On Tue, 25 May 1993 14:56:48 -0400, andrew m. boardman <uunet!cs.columbia.edu!amb> wrote -
Food for thought: that, at least as of recently, the NSA bought weekly dumps of all usenet articles on tape. I highly doubt they were for their reading pleasure...
Is this hearsay, innuendo or fact? If fact, what can you site as reference to support your statement? If you know this to be fact, please cite your references and provide as much detail as possible. Cheers. - -- In subsequent posts, we received these replies. (I'd like to have additional affidavits, if necessary. If you do not care to get involved, fine. If you care, please re-affirm.) From:
Date: Tue, 25 May 1993 17:11:22 -0400 From: Marc Horowitz <uunet!GZA.COM!marc>
Is this hearsay, innuendo or fact? If fact, what can you site as reference to support your statement? If you know this to be fact, please cite your references and provide as much detail as possible.
Rick Adams of UUNET confirmed on the com-priv list that his organization had been selling the FBI a usenet feed on tape. I could find the exact reference if you want. I don't know for sure that the NSA has a feed, or from whom, but it wouldn't surprise me.
I would like. Specifically, an e-mail address other than "postmaster." The point is this, Marc: Those of us who subscribe to UUNet through third party services have no idea that our communications may be recorded or archived for intelligence purposes (I know, but that's beside the point). If UUNet _is_ doing this without a broad policy statement, then I think a change is in order. Also, (and I do not implicitly imply that UUNet is responsible), I've had some very interesting problems passing encrypted traffic. For some strange reason, it just disappears. Fancy that. Should I question that? You bet. And I shall. I, and my comm provider, pays in good faith for our Internet services. We are protected under Law, and as far I know, UUNet does not expressly forbid encrypted _private_ communications. But, it happens. They just disappear sometimes. Go figure.
However, the obvious next point is, so what? It's a public system. Any idiot can pay $20/month and get a public access account. If you say something in a news post which you wouldn't want the FBI or NSA or whoever to see, you're the person who has done something stupid.
I beg your pardon. Since when does stupidity become a prerequisite for privacy rights violations? I'm not talking about Usenet or List posts, Marc, but private e-mail.
Tapping a news feed isn't like tapping a phone line. It's more like turning on the television.
Of course it is. This is not an issue.
Date: Tue, 25 May 1993 17:26:58 -0400 From: andrew m. boardman <uunet!cs.columbia.edu!amb>
This was based on a verbal conversation at Interop with someone from uunet, from whom the tapes are purchased. I or they could be mis[led|informed|remembering], but if you really care, ask uunet.
Thank you for your insights. I will ask UUNet, but I'm beginning to wonder if other local comm providers practice the same deceptions. Does anyone have any experiences with digex.com that they would like to share? If so, it would aid in our attempts to bring these unknown anomalies to light. I don't like spending money to have my private e-mail compromised.
Date: Tue, 25 May 93 18:28:31 EDT From: Matt Blaze <uunet!crypto.com!mab>
Actually, the most alarming revelation here could be that someone at uunet is going around casually disclosing information about their customers.
Actually, I find this possibility both extremely disturbing, yet possible. I don't wish that this what we will find out; I hope that legal inquiries will not be necessary. However, if information concerning these topics is not divulged voluntarily, then we must take legal action to bring this to the surface.
Most communications companies, especially those that seek to be regarded as "common carriers", make quite clear to their employees that customer data are among their most proprietary and that revealing any of it is grounds for lightning-speed dismissal. (Obviously, they reveal data that they SELL about their customers, and will disclose anything on a court order, but that's not what we're talking about here).
Indeed, we are not speaking of the dissemination of USENet or List information, but rather private e-mail.
Date: Tue, 25 May 1993 19:13:37 -0400 From: andrew m. boardman <uunet!cs.columbia.edu!amb>
Having just spoken to someone who contracts at the NSA (and no, this name I will not post), he does not believe they get such a beast, although, as many people have pointed out, the FBI did. That, then, would be the origin of that, along with some TLA confusion.
I'd have to be presented with factual documentation to actually believe that.
A lot of people perceive the government as having neither a right nor a need to privacy. Certainly there are also quite a few who label themselves "privacy advocates" whose standards do a 180 when the privacy involved is that of the likes of Mykotronx...
Funny how that works, huh? The dumpster divers band together when t comes to stuff like that, from what I'm told. Cheers Paul Ferguson | The future is now. Network Integrator | History will tell the tale; Centreville, Virginia USA | We must endure and struggle fergp@sytex.com | to shape it. Stop the Wiretap (Clipper/Capstone) Chip.
On the cypherpunks mailing list, Paul Ferguson wrote...
The point is this, Marc: Those of us who subscribe to UUNet through third party services have no idea that our communications may be recorded or archived for intelligence purposes (I know, but that's beside the point). If UUNet _is_ doing this without a broad policy statement, then I think a change is in order.
I think you're jumping to (incorrect, IMO) conclusions here. All that was said was that an organization (the FBI, in this case) bought a USENET feed. Yes, distribution on tapes is still a feed of sorts (albeit a slow one with a bursty latency ;-). There is nothing wrong with that, as it is one of the services which UUNET Technologies provides. There is NO REASON to believe or even assume that UUNET Technologies is archiving other non-publically available communications, such as e-mail, etc.
Also, (and I do not implicitly imply that UUNet is responsible), I've had some very interesting problems passing encrypted traffic. For some strange reason, it just disappears. Fancy that. Should I question that? You bet. And I shall. I, and my comm provider, pays in good faith for our Internet services. We are protected under Law, and as far I know, UUNet does not expressly forbid encrypted _private_ communications. But, it happens. They just disappear sometimes. Go figure.
Sure, question it. But, also look into the problem from a real technical standpoint first, instead of just jumping to conclusions. Talk to the people you're attempting to communicate with -- maybe it's a problem on their end. Talk to your communications provider.. or maybe it's a problem somewhere along the path you're communicating through. Always check potential technical problems before jumping to (probably unfounded and paranoid) conclusions. [I'm not saying you shouldn't keep them in mind, as you should always consider all scenarios when trying to track down a problem. But, they should be in the background, not the foreground, at first.] I've just watched too many people jump to the conclusion that whatever problem was occurring was being done purposely to them.. NOT that it could just be a technical glitch... when, is WAS just a technical problem. Usually, it's just a technical problem that needs to be resolved.
Marc Horowitz wrote...
However, the obvious next point is, so what? It's a public system. Any idiot can pay $20/month and get a public access account. If you say something in a news post which you wouldn't want the FBI or NSA or whoever to see, you're the person who has done something stupid.
I beg your pardon. Since when does stupidity become a prerequisite for privacy rights violations? I'm not talking about Usenet or List posts, Marc, but private e-mail.
But, the discussion previously WAS referring to USENET. When you speak publically, you don't assume that it's private. So, in that context, you're not speaking of privacy rights violations.
Thank you for your insights. I will ask UUNet, but I'm beginning to wonder if other local comm providers practice the same deceptions.
I haven't seen any indication of deceptions. Unless, of course, you're referring to mentioning that the FBI is/was a customer. But, then, I (and anyone else) can find out most UUNET customers who have USENET newsfeeds very easily just by looking through the USENET maps. So, I don't see that as much of a problem, as long as they're not providing other customer details. I trust UUNET's staff on maintaining that privacy, knowing some of them personally.
If so, it would aid in our attempts to bring these unknown anomalies to light. I don't like spending money to have my private e-mail compromised.
Which is understandable, though I don't believe your e-mail has been compromised from what I've seen posted on cypherpunks. Just some thoughts on the matter... -jeff Jeff Kellem Internet: composer@Beyond.Dreams.ORG
participants (2)
-
composer@Beyond.Dreams.ORG -
fergp@sytex.com