Fwd: [Cryptography] ISPs caught in STARTTLS downgrade attacks
---------- Forwarded message ---------- From: Dave Horsfall <dave@horsfall.org> Date: Fri, Nov 14, 2014 at 12:47 AM Subject: Re: [Cryptography] ISPs caught in STARTTLS downgrade attacks To: Cryptography List <cryptography@metzdowd.com> On Thu, 13 Nov 2014, grarpamp wrote:
that can provide the practical privacy of a paper letter in a paper envelope.
No!, there is no privacy there whatsoever. 1) All addressing/envelope info is recorded/imaged at the processing facility, tracked, stored forever, and shared with adversaries. 2) Users are similarly imaged and linked via payments at drop off and pick up. 3) It's not encrypted. 4) The user has to trust untrustworthy entities with 1, 2 and 3.
Funny you should say that; it seems Australia Post has come clean: http://www.smh.com.au/national/australia-post-data-shows-more-mail-being-acc... (You may need to be a subscriber) Australia Post data shows more mail being accessed by government agencies Australia Post disclosed confidential information to law enforcement, security and other government agencies more than 10,000 times in 2013-14, an increase of 25 per cent over the past four years. According to statistics released by the postal corporation, "specially protected" information, which includes information about letters and parcels and other private client information was provided to government agencies by Australia Post on 5635 occasions – more than twice the number four years ago. Federal government investigators accessing specially protected information include the Australian Federal Police, the Australian Crime Commission, the Department of Immigration and Border Protection, the Australian Customs Service, the Australian Taxation Office, Centrelink, Medicare and the Child Support Agency. Victorian and Queensland police as well as the NSW Crime Commission and the Western Australian Corruption and Crime Commission also received such private information. Postal information that is not "specially protected", including names and addresses on the outside of letters and parcels, was disclosed by Australia Post on another 4367 occasions. Government agencies accessing this postal "metadata" include the Australian Securities and Investments Commission, the Australian Communications and Media Authority, and the federal departments of agriculture, environment, defence, foreign affairs and trade, health and ageing. State police and anti-corruption agencies, state revenue offices, consumer affairs, workplace and environmental regulators as well as the RSPCA also accessed the information. An Australia Post spokesperson said the corporation only discloses information to authorised agencies "under a law of the Commonwealth, or for the enforcement of criminal law, or for enforcement of a law imposing a pecuniary penalty, or the protection of the public revenue". The spokesperson emphasised information is disclosed "only after the 'authorised agency' requesting the information from us establishes that the information is reasonably required for … lawful purposes". The total of 10,002 disclosures in 2013-14 was 5 per cent higher than in the previous year, despite a 4.8 per cent decline in the volume of letters delivered by Australia Post. Only 19 disclosures of postal information were made to the Australian Security Intelligence Organisation. This figure for 2013-14 is down from 31 disclosures in the previous year and is the lowest in a decade. Australia Post's statistics show ASIO's access to postal information peaked in 2005-06 and 2006-07, with 117 and 226 disclosures respectively, a period that covered major counter-terrorism investigations in Victoria and New South Wales. ASIO must obtain a warrant from the Attorney-General to seek any postal information from Australia Post. Although the 2013-14 disclosure statistics precede the recent surge in counter-terrorism operations focused on supporters of the so-called Islamic State, the figures do suggest that ASIO's investigations target quite small numbers of people. However, the Australia Post statistics also show that despite consistent declines in mail volume, confidential postal information is increasingly accessed by police, by government agencies enforcing laws that impose financial penalties and for "the protection of the public revenue". -- Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD server." http://www.horsfall.org/spam.html (and check the home page whilst you're there) _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
participants (1)
-
grarpamp