From rah at shipwright.com Thu Apr 1 04:25:58 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 1 Apr 2004 07:25:58 -0500 Subject: The 'Privacy' Jihad Message-ID: The Wall Street Journal April 1, 2004 COMMENTARY The 'Privacy' Jihad By HEATHER MAC DONALD April 1, 2004; Page A14 The 9/11 Commission hearings have focused public attention again on the intelligence failures leading up to the September attacks. Yet since 9/11, virtually every proposal to use intelligence more effectively -- to connect the dots -- has been shot down by left- and right-wing libertarians as an assault on "privacy." The consequence has been devastating: Just when the country should be unleashing its technological ingenuity to defend against future attacks, scientists stand irresolute, cowed into inaction. The privacy advocates -- who range from liberal groups focused on electronic privacy, such as the Electronic Privacy Information Center, to traditional conservative libertarians, such as Americans for Tax Reform -- are fixated on a technique called "data mining." By now, however, they have killed enough different programs that their operating principle can only be formulated as this: No use of computer data or technology anywhere at any time for national defense, if there's the slightest possibility that a rogue use of that technology will offend someone's sense of privacy. They are pushing intelligence agencies back to a pre-9/11 mentality, when the mere potential for a privacy or civil liberties controversy trumped security concerns. * * * The privacy advocates' greatest triumph was shutting down the Defense Department's Total Information Awareness (TIA) program. Goaded on by New York Times columnist William Safire, the advocates presented the program as the diabolical plan of John Poindexter, the former Reagan national security adviser and director of Pentagon research, to spy on "every public and private act of every American" -- in Mr. Safire's words. The advocates' distortion of TIA was unrelenting. Most egregiously, they concealed TIA's purpose: to prevent another attack on American soil by uncovering the electronic footprints terrorists leave as they plan and rehearse their assaults. Before terrorists strike, they must enter the country, receive funds, case their targets, buy supplies, and send phone and e-mail messages. Many of those activities will leave a trail in electronic databases. TIA researchers hoped that cutting-edge computer analysis could find that trail in government intelligence files and, possibly, in commercial databases as well. TIA would have been the most advanced application yet of "data mining," a young technology which attempts to make sense of the explosion of data in government, scientific and commercial databases. Through complex algorithms, the technique can extract patterns or anomalies in data collections that a human analyst could not possibly discern. Public health authorities have mined medical data to spot the outbreak of infectious disease, and credit-card companies have found fraudulent credit-card purchases with the method, among other applications. But according to the "privacy community," data mining was a dangerous, unconstitutional technology, and the Bush administration had to be stopped from using it for any national-security or law-enforcement purpose. By September 2003, the hysteria against TIA had reached a fevered pitch and Congress ended the research project entirely, before learning the technology's potential and without a single "privacy violation" ever having been committed. The overreaction is stunning. Without question, TIA represented a radical leap ahead in both data-mining technology and intelligence analysis. Had it used commercial data, it would have given intelligence agencies instantaneous access to a volume of information about the public that had previously only been available through slower physical searches. As with any public or private power, TIA's capabilities could have been abused -- which is why the Pentagon research team planned to build in powerful safeguards to protect individual privacy. But the most important thing to remember about TIA is this: It would have only used data to which the government was already legally entitled. It differed from existing law-enforcement and intelligence techniques only in degree, not kind. Pattern analysis -- the heart of data mining -- is conventional crime-solving, whether the suspicious patterns are spotted on a crime pin map, on a city street, or in an electronic database. The computing world watched TIA's demolition and rationally concluded: Let's not go there. "People and companies will no longer enter into technology research [involving national-security computing] because of the privacy debates," says a privacy officer for a major information retrieval firm. But the national-security carnage was just beginning. Next on the block: a biometric camera to protect embassies and other critical government buildings from terrorist attack; and an artificial intelligence program to help battlefield commanders analyze engagements with the enemy. In the summer of 2003, New York Times columnists Maureen Dowd and Mr. Safire sneered at the programs, portraying them as -- once again -- the personal toys of the evil Mr. Poindexter to invade the privacy of innocent Americans. The Dowd-Safire depictions of the projects were fantastically inaccurate; but Pentagon researchers, already reeling from the public-relations disaster of TIA, cancelled both projects without a fight. Special forces leaders in Afghanistan and embassies in terror-sponsoring states will just have to make do. The privacy vigilantes now have in their sights an airline-passenger screening system and an interstate network to share law-enforcement and intelligence information. Both projects could soon go down in flames. As to whether that would be in the national interest, readers should ask themselves if they would be happy to fly seated next to Mohamed Atta. If yes, they needn't worry about the cancellation of the Computer Assisted Passenger Prescreening System (known as Capps II). And if they don't care whether police can track down a child abductor within minutes of his crime, then they shouldn't care about the crippling of the Multistate Anti-Terrorism Information Exchange, either. Capps II seeks to verify that an airline passenger is who he says he is and has no terrorist ties. To that end, the program would ask passengers to supply their name, address, phone number and date of birth upon purchasing a plane ticket. A commercial databank would cross-check those four identifiers against its own files to see if they match up. Next, Capps II would run the passenger's name through anti-terror intelligence files. Depending on the results of both checks, the system would assign a risk score to air travelers -- acceptable, unknown, or unacceptable. Privacy zealots have mischaracterized Capps II as a sinister rerun of TIA -- which it is not, since it has nothing to do with data mining -- and as a plot to trample the privacy rights of Americans. They argue that, by asking your name and other minimal identifying information already available on the Internet and in countless commercial and government databases, aviation officials are conducting a Fourth Amendment "search" of your private effects for which they should obtain a warrant based on probable cause that you have committed a crime. Such a broad reading of the Constitution is groundless, but even were the collecting of publicly available information a "search," it is clearly reasonable as a measure to protect airline safety. Development of Capps II has come to a halt, due to specious privacy crusading. Air passengers can only hope that when the next al Qaeda operative boards a plane, baggage screeners are having a particularly good day, free of the human errors that regularly let weapons on board. Also under a death sentence: a state-run law-enforcement program called "Multistate Anti-Terrorism Information Exchange." Known as Matrix, it allows police officers to search multiple law-enforcement databases and public records in the blink of an eye after a crime has been committed. It uses only information that law enforcement can already routinely access: its own records on suspects, convicts and sexual offenders, as well as publicly available data from county courthouses, telephone directories and business filings. Strong protections against abuse are built into the system. Matrix developers had hoped to allow law-enforcement agencies nationwide to instantaneously connect the dots about itinerant felons like the D.C. snipers. That won't happen, however, thanks to the lies of the privacy community. Using the familiar tactic of tying the hated program to TIA and data mining, and of invoking Big Brother totalitarianism, the advocates have browbeaten nearly two-thirds of the states that had originally joined the data-sharing pact into withdrawing from it. The bottom line is clear: The privacy battalions oppose not just particular technologies, but technological innovation itself. Any effort to use computerized information more efficiently will be tarred with the predictable buzzwords: "surveillance," "Orwellian," "Poindexter." This Luddite approach to counterterrorism could not be more ominous. The volume of information in government intelligence files long ago overwhelmed the capacity of humans to understand it. Agents miss connections between people and events every day. Machine analysis is essential in an intelligence tidal wave. Before the privacy onslaught, scientists and intelligence officials were trying to find ways of identifying those fanatics who seek to destroy America before they strike again. Now many avenues are closed to them. This despite the fact that proposals for assessing risk in such areas as aviation do not grow out of an omnivorous desire to "spy on citizens" but out of a concrete need to protect people from a clear threat. And since 9/11, no one's "privacy rights" have been violated by terror pre-emption research. The "privocrats" will rightly tell you that eternal vigilance is the price of liberty. Trouble is, they're aiming their vigilance at the wrong target. Ms. Mac Donald is a fellow at the Manhattan Institute. This is adapted from the forthcoming issue of City Journal. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu Apr 1 05:03:51 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 1 Apr 2004 08:03:51 -0500 Subject: Peru's Best Export Message-ID: To me, at least, the most important task of financial cryptography is to create and transfer property rights without relying on the state at all. Below, Hernando de Soto receives the Friedman Prize from the Cato Institute for making the state *enforce* property rights to begin with. Cheers, RAH ------- The Wall Street Journal April 1, 2004 REVIEW & OUTLOOK Peru's Best Export April 1, 2004; Page A14 Today the Cato Institute will announce that its biennial $500,000 Milton Friedman Prize for Advancing Liberty goes to Peruvian economist Hernando de Soto. It is a fitting and timely tribute when global troubles so closely mirror the challenges that Mr. de Soto first tackled in his native Peru. Mr. de Soto founded the Institute for Liberty and Democracy in Lima in 1980 to understand the causes of Peruvian poverty and promote free-market ideas. In the 1986 "The Other Path" -- written with colleagues Enrique Ghersi and Mario Ghibellini -- he revolutionized development economics by chronicling the realities of Lima's shantytowns at a time when Shining Path terrorism was burgeoning. Peru's informal economies, it turned out, were already full of enormously capable entrepreneurs. What held them back was burdensome government regulation and a lack of property rights. There was no way for them to move into the formal economy. Mr. de Soto has since made it his life's work to spread the gospel of property rights in the developing world. His 2000 "The Mystery of Capital" advances the work done in Peru, looking at informal markets in places such as Egypt and the Philippines. The book also traces the evolution of property rights in the U.S., emphasizing the importance of an institutional and legal framework that recognizes and protects the value behind an ownership deed. Without such institutions wealth and creativity remain untapped and growth stagnates. The job of empowering the world's poor is far from done, especially in Africa and the Arab street. But thanks to Mr. de Soto's efforts, much has been added to our understanding of what is needed to unleash the entrepreneurial spirit that exists in every human society. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu Apr 1 06:35:27 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 1 Apr 2004 09:35:27 -0500 Subject: Mercs need to wear clean underwear In-Reply-To: <1F4ICBZG38078.2713773148@anonymous.poster> References: <1F4ICBZG38078.2713773148@anonymous.poster> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 4:30 AM +0000 4/1/04, Italy Anonymous Remailer wrote: > Yes, we do. And some of our dreams are of invading the homes of > rich Amerikan assholes to fund the jihad. "rich Amerika assholes" falls rather nicely in the Marxist concordance profile. Make sure you're not wearing your black-block clothes when you go to defend your comrades in Occupied Iraq, hmmm? I hear it's a little, warm, over there these days. And you'd stick out a bit. As for invading American homes to fund your proletarian struggle, er, jihad, please do, and remember to bring all your toys. I figure after a few smoking suburban McMansions, our auto-legislators ("the judicial branch" for you philosophy majors) will decide to bring back the second amendment as an individual right. I mean, Uncle Fed can't be everywhere at once in a geodesic war, anyway. Of course, Neo-Jacksonian America can be a bitch these days. See the collected works of the esteemed Mr. Keith for details. As for Our Boys Over There, a few more roasted mercs and, like scalps of yore, proper accessories for the fashionable new land-owner in the Sunni Triangle will be a nicely-preserved piece of facial cartilage, dangled on a belt, or possibly woven into a bracelet. Nothing so crass as a digit, you understand, but enough to get the point across. > Want to know something fun? Using >simple tools like this link > >http://www.fundrace.org/neighbors.php > > we can locate all the fascist supporters in Amerika, with address > >and phone number, and enjoy their womenfolk and riches. Yup. Please do. Go for it. Can't wait. I would consider it evolution in action. Most of these people are the same fools who think that "transparency" and "campaign finance reform" is a *good* thing. The sooner we get back to anonymous cash donations the better. Our politicians prefer whole sacks of the stuff, if you haven't noticed. Maybe they'll stay bought if there's a little more skullduggery involved in the transaction. Shared secret, and all that. Financial identity has no place in politics, or anywhere else, for that matter. In the meantime, I expect if we start auctioning off whole chunks of underutilized real-estate in various parts of the world and enforcing primary and secondary markets for same, all kinds of cool stuff will happen. I mean, if one gets tired of homesteading the fertile crescent, one can always sell whole subdivisions back to the original inhabitants, after the usual capital improvements have been made: paved streets, concrete curbs, running water, working sewers, electricity, bandwidth, vermin extermination. So, comrade, glad to know you're learning the proper tools. Just make sure you've used more than three hops on that remailer chain of yours, and that you've used Mixmaster remailers to do it with. The lack of latency in your message suggests otherwise, and, as Mr. Hussein and Mullah Omar have observed, blowback these days can be, um, problematic. :-). Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQGwn98PxH8jf3ohaEQL36wCg/RjdoKXi5MU5gsXMPRQbtRZI1KoAniIH g+kVuLqLtUPaXRqdN6bp8LVB =alXy -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga 44 Farquhar Street, Boston, MA 02131 USA "Several times a week, to enter a TV studio say, or to board a plane, I have to produce a tiny picture of my face." -- Christopher Hitchens From mv at cdc.gov Thu Apr 1 10:18:01 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 01 Apr 2004 10:18:01 -0800 Subject: Mercs need to wear clean underwear Message-ID: <406C5CD9.7ADB0BDD@cdc.gov> At 05:19 PM 3/31/04 -0500, R. A. Hettinga wrote: >So, what, declare all current property claims in Fallujah to be null and >void, sell claims off to the highest bidder, and whoever gets there with >the most men owns it. I mean, it worked in Texas with the Comanches and >Apaches... How long do we have to wait before we can name our new attack helicopters "Fallujahs"? Do Iraqis know how to run casinos? From mv at cdc.gov Thu Apr 1 10:22:11 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 01 Apr 2004 10:22:11 -0800 Subject: Israeli coders, Arab testers Message-ID: <406C5DD3.F389C11B@cdc.gov> from owner-cryptography at metzdowd.com Eugene Volokh, 3/25/2004 04:02:38 PM Israeli coders, Arab testers: A reader writes, apropos checking sensitive source code for sabotage: I spoke to [someone] from the NSA, about this subject a couple of years back. As you probably know, although the NSA has teams of cryptographers at its disposal, a large amount of the successful interception it carries out is simply due to exploiting software faults in communications soft- ware. Consequently, in their other role, as advisor to the DoD about communications security issues, they focus on software assurance to an extent that often takes new- comers by surprise. The NSA used to have a requirement that only American citizens should be allowed to work on sensitive source code, because they considered there to be too great a risk of backdoors being placed in the code by foreign nationals . . . . More recently, because of the number of H1(B)s and green cards in the computer industry, it's been impractical for the NSA to insist on that. Instead, what they've encouraged -- and this is the interesting and quite clever part -- is that programmers and testers should be of different nationalities. If you have Israeli coders, get Arabic testers. If you have British coders, get French testers. And so on. A cute solution to the problem. But I don't know if it ever worked. I suspect the NSA still insists, though, that source code for sensitive systems be written by American companies on American soil, even if it isn't written by American fingers.Of course, even if the NSA's program worked for the NSA, it would be pretty expensive to adopt for the important source code and off-the-shelf object code used by lots of other organizations -- many of which are private companies -- that manage critical American infrastructure. Nor am I sure that it would work that well even if it were adopted. Still, it struck me as interesting enough to be worth mentioning. http://volokh.com/2004_03_21_volokh_archive.html#108025935883663167 From mv at cdc.gov Thu Apr 1 13:12:44 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 01 Apr 2004 13:12:44 -0800 Subject: Mercs need to wear clean underwear Message-ID: <406C85CC.ADE87200@cdc.gov> At 01:41 PM 4/1/04 -0500, R. A. Hettinga wrote: >More to the point, once you cleaned out a bunch of injuns, *somebody* >had to ranch the land, right? Well of course. It was our destiny, our mission. Just like bringing democracy (tm) to the a-rabs, etc. If, of course, they vote for our puppets, and their presses print what we like. From mv at cdc.gov Thu Apr 1 13:15:09 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 01 Apr 2004 13:15:09 -0800 Subject: [Politech] John Gilmore on the homeless, RFID tags, and kittens Message-ID: <406C865D.FAFB5695@cdc.gov> At 03:22 PM 4/1/04 -0500, R. A. Hettinga wrote: > >Last year I found it almost impossible to adopt a kitten or cat that >didn't have an RFID tag implanted under its skin. What is his problem? You just put them in the microwave and the chip is useless. From rah at shipwright.com Thu Apr 1 10:41:50 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 1 Apr 2004 13:41:50 -0500 Subject: Mercs need to wear clean underwear In-Reply-To: <406C5CD9.7ADB0BDD@cdc.gov> References: <406C5CD9.7ADB0BDD@cdc.gov> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 10:18 AM -0800 4/1/04, Major Variola (ret) wrote: >How long do we have to wait before we can name our new >attack helicopters "Fallujahs"? > >Do Iraqis know how to run casinos? Saddle up. Remember, the first Texas "Rangers" were antsy young last-born males sent out to kill Indians freelance so that Maw and Paw and Junior and spouse could raise cattle in peace. The weapons hackers of their time, they were. A couple of them showed up at Colt's house Back East one day with a few modifications for the original six-shooter, and a large order for same, as modified. Colt became profitable. Turns out that the Commanches were holding their own with bows and arrows until some rangers figured out that a few guys with a few Colts apiece could ride up and take out a whole war-party in a few minutes. More to the point, once you cleaned out a bunch of injuns, *somebody* had to ranch the land, right? :-) Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQGxiRcPxH8jf3ohaEQLioQCg8yOrLKm7KXTQM8k8awj6okBOji8AoMm0 t3b6VbPlbAA11xeoW+AUoXvM =KjCG -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From declan at well.com Thu Apr 1 11:24:10 2004 From: declan at well.com (Declan McCullagh) Date: Thu, 01 Apr 2004 14:24:10 -0500 Subject: [Politech] John Gilmore on the homeless, RFID tags, and kittens [priv] Message-ID: -------- Original Message -------- Subject: Re: [Politech] HHS announces program to implant RFID tags in homeless [priv] Date: Thu, 01 Apr 2004 11:13:21 -0800 From: John Gilmore To: Declan McCullagh CC: politech at politechbot.com Last year I found it almost impossible to adopt a kitten or cat that didn't have an RFID tag implanted under its skin. The city animal shelter and the SPCA both "chip" all their animals -- and pet hospitals who offer adoption get all their pets from these shelters. The people we spoke with in the shelters were confused by our opposition to their "safe, sane, and humane" policy of RFID-tracking every animal that came within chip-gun range of them. When a cat is lost, they scan 'em like a bag of potato chips, pull 'em up in the database, and call their owner. Eventually by reading the bulletin boards in pet stores, we found a local Mexican family who had two litters of kittens. They had been born at home and never subjected to "chipping". Our kittens are now grown and healthy (and untracked). I would not be a bit surprised to see bureaucrats at any level advocating RFID tracking of the homeless. They're already taking blood samples of every newborn, storing them away "just in case we ever need to check their DNA". And giving every infant their own Social Security Number, just to make sure they get tracked from birth to death. A kitten or an infant who comes to the attention of the authorities can't tell you who they are or where they belong. So why not chip the homeless, who frequently can't or won't answer the same question? It's a fair question. What's YOUR answer? John PS: If Larry Hiibel had had a chip implanted in him, Deputy Dove wouldn't have had to arrest him. This would have saved the Supreme Court some work. http://hiibel.com _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) --- end forwarded text -- ----------------- R. A. Hettinga 44 Farquhar Street, Boston, MA 02131 USA 'Maybe we should just brand all babies.' -- Ronald Reagan, sarcastically, on the subject of a national ID card. From rah at shipwright.com Thu Apr 1 12:22:09 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 1 Apr 2004 15:22:09 -0500 Subject: [Politech] John Gilmore on the homeless, RFID tags, and kittens [priv] Message-ID: --- begin forwarded text From camera_lumina at hotmail.com Thu Apr 1 12:54:03 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 01 Apr 2004 15:54:03 -0500 Subject: The 'Privacy' Jihad Message-ID: Silly bitch. But then again, she may just be looking for a gig. Can someone out there slip her name into the do-not-fly registries so we can have a new privacy advocate? Here's the part I love... >As with >any public or private power, TIA's capabilities could have been abused -- >which is why the Pentagon research team planned to build in powerful >safeguards to protect individual privacy. Not just safeguards, but powerful ones at that! Well, now I feel bad about losing TIA! -TD >From: "R. A. Hettinga" >To: cryptography at metzdowd.com, cypherpunks at al-qaeda.net >Subject: The 'Privacy' Jihad >Date: Thu, 1 Apr 2004 07:25:58 -0500 > > > >The Wall Street Journal > > April 1, 2004 > > COMMENTARY > > >The 'Privacy' Jihad > >By HEATHER MAC DONALD >April 1, 2004; Page A14 > > >The 9/11 Commission hearings have focused public attention again on the >intelligence failures leading up to the September attacks. Yet since 9/11, >virtually every proposal to use intelligence more effectively -- to connect >the dots -- has been shot down by left- and right-wing libertarians as an >assault on "privacy." The consequence has been devastating: Just when the >country should be unleashing its technological ingenuity to defend against >future attacks, scientists stand irresolute, cowed into inaction. > >The privacy advocates -- who range from liberal groups focused on >electronic privacy, such as the Electronic Privacy Information Center, to >traditional conservative libertarians, such as Americans for Tax Reform -- >are fixated on a technique called "data mining." By now, however, they have >killed enough different programs that their operating principle can only be >formulated as this: No use of computer data or technology anywhere at any >time for national defense, if there's the slightest possibility that a >rogue use of that technology will offend someone's sense of privacy. They >are pushing intelligence agencies back to a pre-9/11 mentality, when the >mere potential for a privacy or civil liberties controversy trumped >security concerns. > >* * * > >The privacy advocates' greatest triumph was shutting down the Defense >Department's Total Information Awareness (TIA) program. Goaded on by New >York Times columnist William Safire, the advocates presented the program as >the diabolical plan of John Poindexter, the former Reagan national security >adviser and director of Pentagon research, to spy on "every public and >private act of every American" -- in Mr. Safire's words. > >The advocates' distortion of TIA was unrelenting. Most egregiously, they >concealed TIA's purpose: to prevent another attack on American soil by >uncovering the electronic footprints terrorists leave as they plan and >rehearse their assaults. Before terrorists strike, they must enter the >country, receive funds, case their targets, buy supplies, and send phone >and e-mail messages. Many of those activities will leave a trail in >electronic databases. TIA researchers hoped that cutting-edge computer >analysis could find that trail in government intelligence files and, >possibly, in commercial databases as well. > >TIA would have been the most advanced application yet of "data mining," a >young technology which attempts to make sense of the explosion of data in >government, scientific and commercial databases. Through complex >algorithms, the technique can extract patterns or anomalies in data >collections that a human analyst could not possibly discern. Public health >authorities have mined medical data to spot the outbreak of infectious >disease, and credit-card companies have found fraudulent credit-card >purchases with the method, among other applications. > >But according to the "privacy community," data mining was a dangerous, >unconstitutional technology, and the Bush administration had to be stopped >from using it for any national-security or law-enforcement purpose. By >September 2003, the hysteria against TIA had reached a fevered pitch and >Congress ended the research project entirely, before learning the >technology's potential and without a single "privacy violation" ever having >been committed. > >The overreaction is stunning. Without question, TIA represented a radical >leap ahead in both data-mining technology and intelligence analysis. Had it >used commercial data, it would have given intelligence agencies >instantaneous access to a volume of information about the public that had >previously only been available through slower physical searches. As with >any public or private power, TIA's capabilities could have been abused -- >which is why the Pentagon research team planned to build in powerful >safeguards to protect individual privacy. But the most important thing to >remember about TIA is this: It would have only used data to which the >government was already legally entitled. It differed from existing >law-enforcement and intelligence techniques only in degree, not kind. >Pattern analysis -- the heart of data mining -- is conventional >crime-solving, whether the suspicious patterns are spotted on a crime pin >map, on a city street, or in an electronic database. > >The computing world watched TIA's demolition and rationally concluded: >Let's not go there. "People and companies will no longer enter into >technology research [involving national-security computing] because of the >privacy debates," says a privacy officer for a major information retrieval >firm. > >But the national-security carnage was just beginning. Next on the block: a >biometric camera to protect embassies and other critical government >buildings from terrorist attack; and an artificial intelligence program to >help battlefield commanders analyze engagements with the enemy. In the >summer of 2003, New York Times columnists Maureen Dowd and Mr. Safire >sneered at the programs, portraying them as -- once again -- the personal >toys of the evil Mr. Poindexter to invade the privacy of innocent >Americans. The Dowd-Safire depictions of the projects were fantastically >inaccurate; but Pentagon researchers, already reeling from the >public-relations disaster of TIA, cancelled both projects without a fight. >Special forces leaders in Afghanistan and embassies in terror-sponsoring >states will just have to make do. > >The privacy vigilantes now have in their sights an airline-passenger >screening system and an interstate network to share law-enforcement and >intelligence information. Both projects could soon go down in flames. As to >whether that would be in the national interest, readers should ask >themselves if they would be happy to fly seated next to Mohamed Atta. If >yes, they needn't worry about the cancellation of the Computer Assisted >Passenger Prescreening System (known as Capps II). And if they don't care >whether police can track down a child abductor within minutes of his crime, >then they shouldn't care about the crippling of the Multistate >Anti-Terrorism Information Exchange, either. > >Capps II seeks to verify that an airline passenger is who he says he is and >has no terrorist ties. To that end, the program would ask passengers to >supply their name, address, phone number and date of birth upon purchasing >a plane ticket. A commercial databank would cross-check those four >identifiers against its own files to see if they match up. Next, Capps II >would run the passenger's name through anti-terror intelligence files. >Depending on the results of both checks, the system would assign a risk >score to air travelers -- acceptable, unknown, or unacceptable. > >Privacy zealots have mischaracterized Capps II as a sinister rerun of TIA >-- which it is not, since it has nothing to do with data mining -- and as a >plot to trample the privacy rights of Americans. They argue that, by asking >your name and other minimal identifying information already available on >the Internet and in countless commercial and government databases, aviation >officials are conducting a Fourth Amendment "search" of your private >effects for which they should obtain a warrant based on probable cause that >you have committed a crime. Such a broad reading of the Constitution is >groundless, but even were the collecting of publicly available information >a "search," it is clearly reasonable as a measure to protect airline >safety. > >Development of Capps II has come to a halt, due to specious privacy >crusading. Air passengers can only hope that when the next al Qaeda >operative boards a plane, baggage screeners are having a particularly good >day, free of the human errors that regularly let weapons on board. > >Also under a death sentence: a state-run law-enforcement program called >"Multistate Anti-Terrorism Information Exchange." Known as Matrix, it >allows police officers to search multiple law-enforcement databases and >public records in the blink of an eye after a crime has been committed. It >uses only information that law enforcement can already routinely access: >its own records on suspects, convicts and sexual offenders, as well as >publicly available data from county courthouses, telephone directories and >business filings. Strong protections against abuse are built into the >system. > >Matrix developers had hoped to allow law-enforcement agencies nationwide to >instantaneously connect the dots about itinerant felons like the D.C. >snipers. That won't happen, however, thanks to the lies of the privacy >community. Using the familiar tactic of tying the hated program to TIA and >data mining, and of invoking Big Brother totalitarianism, the advocates >have browbeaten nearly two-thirds of the states that had originally joined >the data-sharing pact into withdrawing from it. > >The bottom line is clear: The privacy battalions oppose not just particular >technologies, but technological innovation itself. Any effort to use >computerized information more efficiently will be tarred with the >predictable buzzwords: "surveillance," "Orwellian," "Poindexter." This >Luddite approach to counterterrorism could not be more ominous. The volume >of information in government intelligence files long ago overwhelmed the >capacity of humans to understand it. Agents miss connections between people >and events every day. Machine analysis is essential in an intelligence >tidal wave. > >Before the privacy onslaught, scientists and intelligence officials were >trying to find ways of identifying those fanatics who seek to destroy >America before they strike again. Now many avenues are closed to them. This >despite the fact that proposals for assessing risk in such areas as >aviation do not grow out of an omnivorous desire to "spy on citizens" but >out of a concrete need to protect people from a clear threat. And since >9/11, no one's "privacy rights" have been violated by terror pre-emption >research. > >The "privocrats" will rightly tell you that eternal vigilance is the price >of liberty. Trouble is, they're aiming their vigilance at the wrong target. > >Ms. Mac Donald is a fellow at the Manhattan Institute. This is adapted from >the forthcoming issue of City Journal. > > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' > _________________________________________________________________ Tax headache? MSN Money provides relief with tax tips, tools, IRS forms and more! http://moneycentral.msn.com/tax/workshop/welcome.asp From rah at shipwright.com Thu Apr 1 13:20:44 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 1 Apr 2004 16:20:44 -0500 Subject: Mercs need to wear clean underwear In-Reply-To: <406C85CC.ADE87200@cdc.gov> References: <406C85CC.ADE87200@cdc.gov> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 1:12 PM -0800 4/1/04, Major Variola (ret) wrote: >Well of course. It was our destiny, our mission. Just like >bringing democracy (tm) >to the a-rabs, etc. If, of course, they vote for our puppets, and >their > >presses print what we like. Damn betcha. F=MA. Gives new meaning to the expression "My daddy can buy your daddy." ;-) Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQGyHnsPxH8jf3ohaEQISrACfaTZUO05yOThvJtAnCV9FGSENkSsAoIdA /wiYaexsSWZ247bR4e377lh5 =5tCJ -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu Apr 1 13:21:14 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 1 Apr 2004 16:21:14 -0500 Subject: [Politech] John Gilmore on the homeless, RFID tags, and kittens In-Reply-To: <406C865D.FAFB5695@cdc.gov> References: <406C865D.FAFB5695@cdc.gov> Message-ID: At 1:15 PM -0800 4/1/04, Major Variola (ret) wrote: >You just put them in the microwave and the >chip is useless. Tastes just like chicken? Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From sfurlong at acmenet.net Thu Apr 1 14:39:40 2004 From: sfurlong at acmenet.net (Steve Furlong) Date: 01 Apr 2004 17:39:40 -0500 Subject: [Politech] John Gilmore on the homeless, RFID tags, and kittens In-Reply-To: References: <406C865D.FAFB5695@cdc.gov> Message-ID: <1080859180.24245.10.camel@daft> On Thu, 2004-04-01 at 16:21, R. A. Hettinga wrote: > Tastes just like chicken? Can we change the subject? My girlfriend is Chinese, I've already eaten things that I wouldn't have considered to be food, she doesn't like my cat, and I don't want her getting any ideas. However, to answer Robert's question, cat probably wouldn't taste like chicken. Carnivore and herbivore meat tastes much different. From dave at farber.net Thu Apr 1 16:51:10 2004 From: dave at farber.net (Dave Farber) Date: Thu, 01 Apr 2004 19:51:10 -0500 Subject: [IP] U.S. may need to step in, says cybersecurity report Message-ID: Thursday, April 01, 2004 - Page updated at 12:00 A.M. U.S. may need to step in, says cybersecurity report By Ted Bridis The Associated Press WASHINGTON - In a surprise shift, leading software companies acknowledge in a report to the Bush administration that the government might need to force the U.S. technology industry to improve the security of America's computer networks. The companies, including Microsoft and Computer Associates International, said the Homeland Security Department "should examine whether tailored government action is necessary" to compel improvements in the design of computer software. The 250-page report containing that recommendation and dozens more is being released today. It cautions that government should require security improvements only when market forces fail. It also says businesses already are demanding software that is safer and more resilient to attacks. But the report says the most sensitive computer networks - such as those operating banks, telephone networks or water pipelines - "may require a greater level of security than the market will provide." In those cases, the software companies recommend "appropriate and tailored government action that interferes with market innovation on security as little as possible." It urged the government to work with companies to produce a formal study during the 2005 fiscal year, which begins in October. The public acknowledgment that any level of new government regulation might be needed to improve software security represents an important shift by the technology industry. It has vigorously contested mandates from Washington during the past decade, even in the face of increasingly devastating attacks by new generations of hackers and viruses. "That's a big lean in the right direction," said Alan Paller of the SANS Institute in Bethesda, Md., a computer-security organization. "It's a nod to reality; they're nodding but they've got their heels dug in." The industry recommendations were solicited by the Homeland Security Department's cybersecurity division in December. Other recommendations include: * Spending at least $12 million, including $6 million in government money, during the next 19 months for a dozen new academic fellowships nationwide to teach future computer engineers to design safer software. * Providing unspecified incentives to companies for reducing software defects. * Offering bounties for information leading to the conviction of hackers and virus writers. * Establishing a cybersecurity report card for operators of the most important computer networks. * Setting up a government laboratory to keep track of software repairing patches and test how effectively they work. ------------------------------------- You are subscribed as rah at shipwright.com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Thu Apr 1 20:29:53 2004 From: mv at cdc.gov (Major Variola (ret.)) Date: Thu, 01 Apr 2004 20:29:53 -0800 Subject: Blackwater Message-ID: <406CEC40.CB6F99D8@cdc.gov> http://web.archive.org/web/*/www.blackwatersecurity.com Blackwater had no web pages before Aug 2002. Funny how the 0wn3d media doesn't question the "consultant" label. From qcgrwhpy at assateagueisland.com Thu Apr 1 15:23:34 2004 From: qcgrwhpy at assateagueisland.com (Hollis Kraft) Date: Thu, 01 Apr 2004 21:23:34 -0200 Subject: Read this to find the right st0ck Message-ID: <675903903092.JTE01598@uri.beo.li> "Stock Watch Alert" this morning are Wysak Petro|eum (WYSK), Key Energy Services, Inc. (Pink Sheets: KEGS), Medify So|utions (MFYS), Sequoia Interests Corporation (SQNC). Wysak Petro|eum (WYSK) Current Price: .23 Wysak Petro|eum announces the signing of a Letter of Intent with the European Commission Ba|tic Renewable Energy Centre (EC BREC) to assist Wysak Petroleum in the deve|opment of the Wysak Wind Power Project. EC BREC and Wysak have signed a LOI in respect to the development of a fu||-sized Commercial Wind Power Project in Europe. This letter states that EC BREC can support Wysak in matters such as financial structuring and investment, regulatory issues, government po|icies, negotiations, wind technologies, and other aspects relating to Wind Power. About the Wysak Wind Project This deve|opment will be up to a maximum 90Mw in size and cost upwards of $120 mi||i0n in deve|opment expenditures. Once comp|eted, this Wind Park wil| supply upwards of 170,000 Mw of e|ectricity annua||y for Po|and and the European Community. This is enough green energy to supply upwards of 25,000 homes with electricity and offset near|y 170,000 tonnes of Greenhouse gases. Total gross electric sa|es over a 20-year period are estimated at over $450 mi|li0n for a project this size. About the EC Ba|tic Renewab|e Energy Centre The mission of European Commission-founded EC BREC is to stimu|ate the development of renewable energy sources (RES) in Poland through the construction of RES projects, the deve|opment of innovative technologies, and the creation of relevant policies, strategies and p|ans. To fulfi|l the mission, EC BREC uses its own research capabi|ities and cooperates with partner institutions from the EU, other countries, and internationa| organizations. About Wysak Petro|eum Wysak is a diversified energy company whose goa| is to identify and deve|op traditional fossil fue| sites, as we|| as c|ean air alternative energy producing technologies. Wysak contro|s one Wyoming Federa| oil & gas |ease in the Bighorn Basin region and another in the Green River Basin. Its two Wyoming State |eases are |ocated 45 mi|es apart within the massive Coa|Bed Methane p|ay area of the Powder River Basin. Numerous |arge petroleum and exp|oration firms operate near to a|l of these properties; they include ExxonMobile (XOM), Williams Gas (WMB), and Western Gas (WGR) among others. Col|ective|y, over 26,000 wells produced 54.7 mi||ion barrels of oil and 1.75 tri||ion cubic feet of natural gas in Wyoming Conc|usion: The Examples Above Show The Awesome, Earning Potentia| of Litt|e Known Companies That Explode Onto Investor's Radar Screens; Many of You Are A|ready Fami|iar with This. Is WYSK Poised and Positioned to Do that For You? Then You May Fee| the Time Has Come to Act... And P|ease Watch this One Trade Thursday! Go WYSK. Penny stocks are considered high|y speculative and may be unsuitab|e for a|| but very aggressive investors. This Profi|e is not in any way affiliated with the featured company.We were compensated 3000 do|lars to distribute this report. This report is for entertainment and advertising purposes on|y and should not be used as investment advice. If you wish to stop future mailings, or if you feel you have been wrongfu||y p|aced in our membership, p|ease go here or send a blank e mail with No Thanks in the subject to st0ck73 @yahoo.com From rah at shipwright.com Thu Apr 1 20:34:41 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 1 Apr 2004 23:34:41 -0500 Subject: [IP] U.S. may need to step in, says cybersecurity report Message-ID: Two hints: 1. It's not the camel's nose, and, 2. It's not your tent, either. Cheers, RAH --- begin forwarded text From nobody at dizum.com Thu Apr 1 21:20:06 2004 From: nobody at dizum.com (Nomen Nescio) Date: Fri, 2 Apr 2004 07:20:06 +0200 (CEST) Subject: [Politech] John Gilmore on the homeless, RFID tags, and kittens Message-ID: <2396050e6a6d0cbf8794612455f0eb3e@dizum.com> At 05:39 PM 4/1/04 -0500, Steve Furlong wrote: >On Thu, 2004-04-01 at 16:21, R. A. Hettinga wrote: > >> Tastes just like chicken? > >Can we change the subject? My girlfriend is Chinese, Does she have a chip implant? I've already eaten >things that I wouldn't have considered to be food Ask her to shower first > she doesn't like my >cat Get a new girlfriend From mv at cdc.gov Fri Apr 2 08:59:06 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 02 Apr 2004 08:59:06 -0800 Subject: Private U.S. Guards Take Big Risks for Right Price Message-ID: <406D9BD9.74FA02FD@cdc.gov> At 10:46 AM 4/2/04 -0500, R. A. Hettinga wrote: >The idea is, if transaction and price discovery costs fall enough, >private force companies that auction their services in a free market >become better than the "public" ones that rely on confiscated tax >revenue. Only if they offer comparable services. Which they won't be able to, see below. >I'd expect that sooner or later companies like Blackwater will start >training recruits in competition with the armed forces instead of >just hiring vets. The govt has a monopoly on certain tools of the trade. Now while a private army (Wal-Marmy?) can get some of these toys on the black (free) market, they either can't get the best stuff, XOR the USG has a problem since that means anyone can get it. Everything from surveillance to weapons. And crypto-wise, reputation will clearly be important here. But yes, obviously, easy communication leads to more optimal markets, for both goods and services. From mv at cdc.gov Fri Apr 2 09:03:34 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 02 Apr 2004 09:03:34 -0800 Subject: [Politech] John Gilmore on the homeless, RFID tags, and ki ttens Message-ID: <406D9CE6.843A1762@cdc.gov> At 11:38 AM 4/2/04 -0500, Trei, Peter wrote: > >I haven't eaten domestic cat, but I have eaten lion. Suprisingly, >it was a light tender meat, resembling veal more than anything >else. Tasted good. Just out of curiosity, how did you verify that it was in fact that species? I mean, if you beat a monkey to death at your table, or buy a live civet, you see it before its served. I recently read about a firm selling "what's that meat" biochem assays on a chip. Useful for everyone from gourmets to kosher to customs. >"So who's top predator now?" You're just a mobile incubator for E. coli :-) ------- "I didn't claw my way to the top of the food chain to eat vegetables." From rah at shipwright.com Fri Apr 2 07:46:07 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 2 Apr 2004 10:46:07 -0500 Subject: Private U.S. Guards Take Big Risks for Right Price Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I see in the following article the kernel of geodesic markets for force. Actually a sort of re-emergence, I suppose, remembering letters of marque, etc., and my idea about the decline in switching costs "unwinding" the development of human-switched hierarchical social networks, with microprocessor-switched geodesic networks creating diseconomies of scale, and cash-settled auction pricing replacing "calculated" transfer pricing. The idea is, if transaction and price discovery costs fall enough, private force companies that auction their services in a free market become better than the "public" ones that rely on confiscated tax revenue. I'd expect that sooner or later companies like Blackwater will start training recruits in competition with the armed forces instead of just hiring vets. Certainly there lots of special ops vets training civilians in combat shooting at places like Frontsite, etc, for self-defense, and local militarized police for forced-entry, etc, as part of the same cold-war spin-off process that created companies like Blackwater in the first place. The fact that the NYT, below, is falling all over themselves about Blackwater being "corporatized" is the icing on the cake, I figure. :-).. Cheers, RAH - -------- The New York Times April 2, 2004 SECURITY Private U.S. Guards Take Big Risks for Right Price By JAMES DAO OYOCK, N.C., April 1 - Nestled inconspicuously amid the pinelands and horse farms of northeastern North Carolina lies a small but increasingly important part of the nation's campaign to stabilize Iraq. Here, at the 6,000-acre training ground of Blackwater U.S.A., scores of former military commandos, police officers and civilians are prepared each month to join the lucrative but often deadly work of providing security for corporations and governments in the toughest corners of the globe. On Wednesday, four employees of a Blackwater unit - most of them former American military Special Operations personnel - were killed in an ambush in the central Iraqi city of Falluja, their bodies mutilated and dragged through the streets by chanting crowds. The scene, captured in horrific detail by television and newspaper cameras, shocked the nation and outraged the tightly knit community of current and former Special Operations personnel. But it also shed new light on the rapidly growing and loosely regulated industry of private paramilitary companies like Blackwater that are replacing government troops in conflicts from South America to Africa to the Middle East. "This is basically a new phenomenon: corporatized private military services doing the front-line work soldiers used to do," said Peter W. Singer, a national security fellow at the Brookings Institution in Washington who has written a book on the industry, "Corporate Warriors" (Cornell University Press, 2003). "And they're not out there screening passengers at the airports," Mr. Singer said. "They're taking mortar and sniper fire." The Associated Press identified three of the victims as Jerry Zovko, 32, an Army veteran from Willoughby, Ohio; Mike Teague, a 38-year-old Army veteran from Clarksville, Tenn.; and Scott Helvenston, 38, a veteran of the Navy. Blackwater declined to identify the dead men, but issued a statement: "We grieve today for the loss of our colleagues and we pray for their families. The graphic images of the unprovoked attack and subsequent heinous mistreatment of our friends exhibits the extraordinary conditions under which we voluntarily work to bring freedom and democracy to the Iraqi people." Though there have been private militaries since the dawn of war, the modern corporate version got its start in the 1990's after the collapse of the Soviet Union. At that time, many nations were sharply reducing their military forces, leaving millions of soldiers without employment. Many of them went into business doing what they knew best: providing security or training others to do the same. The proliferation of ethnic conflicts and civil wars in places like the Balkans, Haiti and Liberia provided employment for the personnel of many new companies. Business grew rapidly after the Sept. 11 attacks prompted corporate executives and government officials to bolster their security overseas. But it was the occupation of Iraq that brought explosive growth to the young industry, security experts said. There are now dozens, perhaps hundreds of private military concerns around the world. As many as two dozen companies, employing as many as 15,000 people, are working in Iraq. They are providing security details for diplomats, private contractors involved in reconstruction, nonprofit organizations and journalists, security experts said. The private guards also protect oil fields, banks, residential compounds and office buildings. Though many of the companies are American, others from Britain, South Africa and elsewhere are providing security in Iraq. Among them is Global Risks Strategies, a British company that hired Fijian troops to help protect armored shipments of the new Iraqi currency around the country. Blackwater is typical of the new breed. Founded in 1998 by former Navy Seals, the company says it has prepared tens of thousands of security personnel to work in hot spots around the world. At its complex in North Carolina, it has shooting ranges for high-powered weapons, buildings for simulating hostage rescue missions and a bunkhouse for trainees. The Blackwater installation is so modern and well-equipped that Navy Seals stationed at the Little Creek Naval Amphibious Base in Norfolk, Va., routinely use it, military officials said. So do police units from around the country, who come to Blackwater for specialized training. "It's world class," said Chris Amos, a spokesman for the Norfolk Police Department. In Iraq, Blackwater personnel guard L. Paul Bremer III, the head of the civilian administration, among their other jobs. Around Baghdad, the Blackwater guards, most in their 30's and 40's, are easily identified, with their heavily muscled upper bodies, closely cropped hair or shaven heads and wrap-around sunglasses. Some even wear Blackwater T-shirts. Like Special Operations Forces, they use walkie-talkie earpieces with curled wires disappearing beneath their collars and carry light-weight automatic weapons. In the northern city of Mosul, where Mr. Bremer met with about 130 carefully vetted Iraqis on Thursday, Blackwater guards maintained a heavy presence, standing along the walls facing the Iraqi guests with their rifles cradled. More than once, Iraqis and Western reporters moving forward to take their seats in the hall were abruptly challenged by the guards, with warnings that they would be ejected if they resisted. The company also received a five-year Navy contract in 2002 worth $35.7 million to train Navy personnel in force protection, shipboard security, search-and-seizure techniques, and armed sentry duties, Pentagon officials said. The rapid growth of the private security industry has come about in part because of the shrinkage of the American military: there are simply fewer military personnel available to protect officials, diplomats and bases overseas, security experts say. To meet the rising demand, the companies are offering yearly salaries ranging from $100,000 to nearly $200,000 to entice senior military Special Operations forces to switch careers. Assignments are paying from a few hundred dollars to as much as $1,000 a day, military officials said. Gen. Wayne Downing, a retired chief of the United States Special Operations Command, said that on a recent trip to Baghdad he ran into several former Delta Force and Seal Team Six senior noncommissioned officers who were working for private security companies. "It was like a reunion," General Downing said. Sheriff Susan Johnson of Currituck County, N.C., where the entrance to Blackwater is situated, said several of her deputies had been lured away by the company to work overseas. "It's tough to keep them when they can earn as much in one month there as they can in a year here," Sheriff Johnson said. But critics say the rapid growth of the industry raises troubling concerns. There is little regulation of the quality of training or recruitment by private companies, they say. The result may be inexperienced, poorly prepared and weakly led units playing vital roles in combat situations. Even elite former commandos may not be well trained for every danger, those critics say. Representative Jan Schakowsky, Democrat of Illinois, has also argued that the United States' growing use of private military companies hides the financial, personal and political costs of military operations overseas, since the concerns face little public scrutiny. In particular, Ms. Schakowsky has objected to administration plans to increase the number of private military contractors in Colombia, where three American civilians working for a Northrup Grumman subsidiary have been held hostage by Marxist rebels for more than a year. The three were on a mission to search for cocaine laboratories and drug planes when they were captured. "I continue to oppose the use of military contractors who are not subject to the same kind of scrutiny and accountability as U.S. soldiers," Ms. Schakowsky said last week. "When things go wrong for these contractors, they and their families have been shamefully forgotten by their American employers." Eric Schmitt, in Washington, and John F. Burns, in Baghdad, contributed reporting for this article. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQG2KjcPxH8jf3ohaEQKs4gCeO65LBKmtmf7DhdMAbqMxOBpNsn0AmgNB bsdPBhZkDK1ce3TbN9zHVU71 =JS06 -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From ptrei at rsasecurity.com Fri Apr 2 08:38:07 2004 From: ptrei at rsasecurity.com (Trei, Peter) Date: Fri, 2 Apr 2004 11:38:07 -0500 Subject: [Politech] John Gilmore on the homeless, RFID tags, and ki ttens Message-ID: Steve Furlong wrote: >On Thu, 2004-04-01 at 16:21, R. A. Hettinga wrote: >> Tastes just like chicken? >Can we change the subject? My girlfriend is Chinese, I've already eaten >things that I wouldn't have considered to be food, she doesn't like my >cat, and I don't want her getting any ideas. >However, to answer Robert's question, cat probably wouldn't taste like >chicken. Carnivore and herbivore meat tastes much different. I haven't eaten domestic cat, but I have eaten lion. Suprisingly, it was a light tender meat, resembling veal more than anything else. Tasted good. "So who's top predator now?" Peter Trei From hseaver at cybershamanix.com Fri Apr 2 09:55:01 2004 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Fri, 2 Apr 2004 11:55:01 -0600 Subject: [Politech] John Gilmore on the homeless, RFID tags, and ki ttens In-Reply-To: References: Message-ID: <20040402175501.GB19833@cybershamanix.com> On Fri, Apr 02, 2004 at 11:38:07AM -0500, Trei, Peter wrote: > > Steve Furlong wrote: > > >On Thu, 2004-04-01 at 16:21, R. A. Hettinga wrote: > > >> Tastes just like chicken? > > >Can we change the subject? My girlfriend is Chinese, I've already eaten > >things that I wouldn't have considered to be food, she doesn't like my > >cat, and I don't want her getting any ideas. There must be a problem with the ds.pro-ns.net node dropping some posts. I've seen replies by several people to at least three posts in the last week that I never got the original one, like the above. > > >However, to answer Robert's question, cat probably wouldn't taste like > >chicken. Carnivore and herbivore meat tastes much different. Chickens ain't herbivores, they are omnivores, and, in fact, prefer meat, bugs, etc. to all else. We always killed snowshoe rabbits for them in the Winter, and hung the carcasses just a bit off the ground so the chickens had to hop a bit to peck at it, which kept them warm. And if you've ever seen them go after a sick chicken, you'd know they are also cannabals. In fact, if you were to hit your head or otherwise pass out in a chicken house, they'd kill you pretty quick, or at least peck out your eyes, and then go as deep as they could. Likewise with any wound you had, say if you fell and hit your head badly. > > I haven't eaten domestic cat, but I have eaten lion. Suprisingly, > it was a light tender meat, resembling veal more than anything > else. Tasted good. > A lot of old trappers I've know tell me they've eaten bobcat and lynx and that they were tasty, and a lot like chicken. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From Freematt357 at aol.com Fri Apr 2 09:34:58 2004 From: Freematt357 at aol.com (Freematt357 at aol.com) Date: Fri, 2 Apr 2004 12:34:58 EST Subject: [Politech] John Gilmore on the homeless, RFID tags, and ki ttens Message-ID: In a message dated 4/2/04 11:39:42 AM, ptrei at rsasecurity.com writes: >I haven't eaten domestic cat, but I have eaten lion. Just out of curiosity, what kind of lion was it? Because after all we do know that curiosity killed the cat. Regards, Freematt- From mv at cdc.gov Fri Apr 2 13:26:40 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 02 Apr 2004 13:26:40 -0800 Subject: Private U.S. Guards Take Big Risks for Right Price Message-ID: <406DDA90.4702A400@cdc.gov> At 03:04 PM 4/2/04 -0500, R. A. Hettinga wrote: >Nozick argues force-monopoly naturally emerges from *any* force >market, that, IIRC, associations will collude and eventually merge >under peaceful circumstances, and, of course, if one fights the >other, it takes the other's turf. > >Personally, I wonder if that's an artifact of human switched >networks, though, but I'm supposed to say that. :-). The implementation tech shouldn't matter, latency & throughput aside. Merging vs. fighting vs. stasis is a matter of physics, and game theory. Physics, because large entities have different properties (eg surface-to-mass ratio; inertia) than small entities. In the 40s it was a lot easier for the US to muster the resources for the Bomb than it was for say England. Similarly with spy satellites. In a cold environment large animals do better; in a modern tech environment high-investment entities do better. If you're maintaining territory, large pieces have less boundary to defend. Game theory, because the costs to the organism of the fight may be prohibitive. Which is why most animals bluff. And why China, Russia, etc won't be attacked. M.A.D. All your Taiwanese are belong to us. An interesting question is what happens when it doesn't take a large entity to have large force. The Colt revolver was an example of this equalization. So is a fission bomb. (However anyone could buy a Colt, soon eliminating that advantage. A. Q. Khan as a 21st century version? :-) What you get then, as Heinlein wrote, is a very polite society. (Xor one without a population growth problem :-) Sort of like the South when dueling was popular. Until the next leap in tech not accessable to all comes around. (Duelling with AKs would be pretty cool, eh?) Adding irrationality to game theory gets interesting too. "Better dead than red" changes the game. If you can sell your delusions about "heaven" or "patriotism" to warriors (and possibly the population that supports them) then the cost-benefit equation changes. Engaging the endocrines is pretty much all the bubblehead in D.C. has going for him. So what does this mean for the geodesic neo-Merc industry? It means that the US (and other large players) will keep shutter control on satellites, will pursue arms dealers, will bomb bomb-plants before they produce. The tanks that can shoot farthest will still be controlled. As will the night vision stuff, secure comms, etc. Note that shutter control can include "accidentally" bombing a chinese embassy in yugoslavia :-) In smaller terms, private security guards won't be getting fullauto weapons, high-end body armor, or the same bugging tech as the USG endorsed ones. PS: note that if the USG "endorses" a merc group too much, by allowing them (but not others) to buy the Good Stuff, the USG endangers itself. The mercs themselves needn't be American. Israel would be a good example. (How many Hellfires *does* it take to hit an old man in a wheelchair?) Plus you get the awkward political and military problems when your friends turn enemies. All this doesn't rule out proxy wars in backwaters (with official or merc troops), or underground mafia-style merc wars between factions overlayed on a government territory, but it does impose constraints on future mercs so long as the pre-existing nations continue to exist. Basically no one fucks with the elephants, and the lions are free to fight for territory, but mostly they'll bluff between themselves. (Unless they're desparate, in which case they'll probably lose.) And because you have to share your kill, there is a cost associated with merging territories. From mv at cdc.gov Fri Apr 2 13:31:48 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 02 Apr 2004 13:31:48 -0800 Subject: Shock waves from Fallujah Message-ID: <406DDBC4.98EA6211@cdc.gov> At 03:29 PM 4/2/04 -0500, R. A. Hettinga wrote: >Howie Carr is shocking Chris Wallace just now about partitioning Iraq >into three countries, Kurdish (who will have oil), Shiite (who will >have oil), and Sunni (who will not; geography's a bitch), all while >putting a Sharon-Fence around the newly created Sunni-stan. A fence is being considered around the Capital in DC also. The inhabitants think its to protect them, but some of us have other ideas... a national zoo or asylum? We could call it surdistan, or turdistan. From ptrei at rsasecurity.com Fri Apr 2 10:42:50 2004 From: ptrei at rsasecurity.com (Trei, Peter) Date: Fri, 2 Apr 2004 13:42:50 -0500 Subject: [Politech] John Gilmore on the homeless, RFID tags, and k i ttens (and lions and bears, oh my!) Message-ID: Major Variola (ret) wrote: >At 11:38 AM 4/2/04 -0500, Trei, Peter wrote: >>I haven't eaten domestic cat, but I have eaten lion. Suprisingly, >>it was a light tender meat, resembling veal more than anything >>else. Tasted good. >Just out of curiosity, how did you verify that it was in fact that >species? No direct proof. This was at a restaurant called "The New Deal" in SoHo, NYC, I think on Prince Street. Once a year they would carry a game menu for a couple weeks, and I went there with a bunch of friends. Among other things, we ordered rattlesnake, alligator, buffalo, venison, zebra, bear, and lion. I liked most of it - the alligator not so much, nor the zebra (partly because we got an unusual cut - the 'prarie oysters' :-). Were they faking it? The snake, buffalo, deer, and bear I had had before, and they seemed the real McCoy. We tried to order elephant, but they were out. If they were intent on fraud, would they have told us that? Out of curiosity, I asked about sources, and it turns out that, except for the rattlesnake and bear it all came from game ranches, mostly down in Texas. I know they also ranch lion down there. I don't know where they got elephant, but the source seemed more sporadic. At the prices they were charging, I'm sure they had no need to fake it. Peter From rah at shipwright.com Fri Apr 2 12:04:22 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 2 Apr 2004 15:04:22 -0500 Subject: Private U.S. Guards Take Big Risks for Right Price In-Reply-To: <406D9BD9.74FA02FD@cdc.gov> References: <406D9BD9.74FA02FD@cdc.gov> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 8:59 AM -0800 4/2/04, Major Variola (ret) wrote: >The govt has a monopoly on certain tools of the trade. Of course, that always hasn't worked right in other industries. The peculiar institution of geographic force monopoly will be an interesting test case. One could imagine how it would devolve, starting with licenses, like say, letters of marque... :-). Nozick argues force-monopoly naturally emerges from *any* force market, that, IIRC, associations will collude and eventually merge under peaceful circumstances, and, of course, if one fights the other, it takes the other's turf. Personally, I wonder if that's an artifact of human switched networks, though, but I'm supposed to say that. :-). >And crypto-wise, reputation will clearly be important here. Ayup. See Pierpont Morgan, an old chestnut from my .sig file, below. >But yes, obviously, easy communication leads to more optimal >markets, for both goods and services. Indeed. Ronald Coase is your friend. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQG3HA8PxH8jf3ohaEQKNIgCg6/Jy5pRSc2SM2+3qqffx4uEXTC8AnA2J WAEMhMrtgaTfvFjXr+eu2Ow9 =HZFq -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "...Character. I wouldn't buy anything from a man with no character if he offered me all the bonds in Christendom." -J. Pierpont Morgan From hseaver at cybershamanix.com Fri Apr 2 13:14:43 2004 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Fri, 2 Apr 2004 15:14:43 -0600 Subject: Shock waves from Fallujah In-Reply-To: References: Message-ID: <20040402211443.GA20428@cybershamanix.com> Bah -- none of these clueless idiots get it. The Shiites will start doing the same thing as soon as it becomes clear that they're not going to get any real election. The dimwit westerners keep talking about civil war, but the Sunnies and Shiites aren't. They both know full well who's trying to promote that agenda. That's not to say Iraq shouldn't be broken up, it probably should, just as the US needs to be broken up. On Fri, Apr 02, 2004 at 03:29:01PM -0500, R. A. Hettinga wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > National devolution proceeds apace. > > Howie Carr is shocking Chris Wallace just now about partitioning Iraq > into three countries, Kurdish (who will have oil), Shiite (who will > have oil), and Sunni (who will not; geography's a bitch), all while > putting a Sharon-Fence around the newly created Sunni-stan. > > Kewl. > > The Globe, below, doesn't know it, but they're advocating the same > thing. > > Also cool. > > "The legitimate aspirations of the Kurdish and Shiite people being > irreconcilable with a unified Iraq, the assembled signatories > declare..." > > Cheers, > RAH > - ------- > > lujahP.shtml> > > The Boston Globe > > > > > > THIS STORY HAS BEEN FORMATTED FOR EASY PRINTING > > GLOBE EDITORIAL > Shock waves from Fallujah > > 4/2/2004 > > THE SCENES of barbarism in Fallujah that have flashed around the > world since Wednesday will reverberate in many quarters, not least > among Iraq's Sunni Arab minority. Sunni Arabs, who predominate in > Fallujah, belong to the group that ruled Iraq during Saddam Hussein's > dictatorship. They now face the prospect not only of losing old > privileges but of being dependent upon the benevolence of Shi'ites > and Kurds, whose kin were massacred by Saddam and his agents. > > The burning and mutilation of the contract workers' bodies will > likely affect US tactics in Fallujah and the rest of the Sunni > Triangle. No doubt those horrific acts will also strain the patience > of the American public with the daunting challenges of > nation-building and democratization in Iraq. Civilians working for > companies fulfilling contracts to rebuild Iraq's power plants, oil > industry, roads, and other essential infrastructure may be deterred > from continuing their work and will certainly demand more security. > And UN officials who have been contemplating a major role for the > world body in organizing Iraqi elections for January 2005 will have > to question the wisdom of exposing UN workers to the kind of violence > on display in Fallujah. > > But the principal effect of that violence inside Iraq will be to > make the situation of the Sunni Arabs in the area around Fallujah > even more tenuous than it has been. If the populace of the Sunni > Triangle allows itself to be carried away with the bravado of > Ba'athist and Islamist armed gangs -- accepting the delusion that the > Sunnis can use guns and bombs to prevent the coming of a political > order based on the principle of one Iraqi, one vote -- Sunnis > themselves will stand to lose the most. > > If they frighten away UN election organizers and no legitimate > electoral process can be safeguarded, the Sunnis will have brought > themselves a step closer to one of the two perils most at odds with > their interests: civil war or the split-up of Iraq. > > Americans are understandably appalled by the lynch mob horror of the > Fallujah atrocities, but over the past few months most of the > bombings and ambushes have been directed against Iraqis -- > particularly police, local administrators, and political figures. > This violence signifies not simply hostility to the US occupying > power but resistance to the advent of a democratic system that would > deprive Sunnis of an inherent right to rule. But if Sunni mayhem > makes it impossible to preserve the unity of the Iraqi state, Sunnis > will end up the biggest losers. Should Iraq break into three > countries, the Kurds in the north and the Shi'ites in the south will > have oil; the Sunnis in their triangle will not. > > And if the bombers and assassins succeed in provoking a civil war, > they will discover that losing a civil war is far worse than relying > on minority rights in a constitutional democracy. > > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.0.3 > > iQA/AwUBQG3M+cPxH8jf3ohaEQKw/gCfd1H/3qT0adJcF5w/LqudKX5LjB4AnAxE > bCeo0KsdVeq6EAIkTgjRDt9l > =984G > -----END PGP SIGNATURE----- > > -- > ----------------- > R. A. Hettinga > The Internet Bearer Underwriting Corporation > 44 Farquhar Street, Boston, MA 02131 USA > "... however it may deserve respect for its usefulness and antiquity, > [predicting the end of the world] has not been found agreeable to > experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From rah at shipwright.com Fri Apr 2 12:29:01 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 2 Apr 2004 15:29:01 -0500 Subject: Shock waves from Fallujah Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National devolution proceeds apace. Howie Carr is shocking Chris Wallace just now about partitioning Iraq into three countries, Kurdish (who will have oil), Shiite (who will have oil), and Sunni (who will not; geography's a bitch), all while putting a Sharon-Fence around the newly created Sunni-stan. Kewl. The Globe, below, doesn't know it, but they're advocating the same thing. Also cool. "The legitimate aspirations of the Kurdish and Shiite people being irreconcilable with a unified Iraq, the assembled signatories declare..." Cheers, RAH - ------- The Boston Globe THIS STORY HAS BEEN FORMATTED FOR EASY PRINTING GLOBE EDITORIAL Shock waves from Fallujah 4/2/2004 THE SCENES of barbarism in Fallujah that have flashed around the world since Wednesday will reverberate in many quarters, not least among Iraq's Sunni Arab minority. Sunni Arabs, who predominate in Fallujah, belong to the group that ruled Iraq during Saddam Hussein's dictatorship. They now face the prospect not only of losing old privileges but of being dependent upon the benevolence of Shi'ites and Kurds, whose kin were massacred by Saddam and his agents. The burning and mutilation of the contract workers' bodies will likely affect US tactics in Fallujah and the rest of the Sunni Triangle. No doubt those horrific acts will also strain the patience of the American public with the daunting challenges of nation-building and democratization in Iraq. Civilians working for companies fulfilling contracts to rebuild Iraq's power plants, oil industry, roads, and other essential infrastructure may be deterred from continuing their work and will certainly demand more security. And UN officials who have been contemplating a major role for the world body in organizing Iraqi elections for January 2005 will have to question the wisdom of exposing UN workers to the kind of violence on display in Fallujah. But the principal effect of that violence inside Iraq will be to make the situation of the Sunni Arabs in the area around Fallujah even more tenuous than it has been. If the populace of the Sunni Triangle allows itself to be carried away with the bravado of Ba'athist and Islamist armed gangs -- accepting the delusion that the Sunnis can use guns and bombs to prevent the coming of a political order based on the principle of one Iraqi, one vote -- Sunnis themselves will stand to lose the most. If they frighten away UN election organizers and no legitimate electoral process can be safeguarded, the Sunnis will have brought themselves a step closer to one of the two perils most at odds with their interests: civil war or the split-up of Iraq. Americans are understandably appalled by the lynch mob horror of the Fallujah atrocities, but over the past few months most of the bombings and ambushes have been directed against Iraqis -- particularly police, local administrators, and political figures. This violence signifies not simply hostility to the US occupying power but resistance to the advent of a democratic system that would deprive Sunnis of an inherent right to rule. But if Sunni mayhem makes it impossible to preserve the unity of the Iraqi state, Sunnis will end up the biggest losers. Should Iraq break into three countries, the Kurds in the north and the Shi'ites in the south will have oil; the Sunnis in their triangle will not. And if the bombers and assassins succeed in provoking a civil war, they will discover that losing a civil war is far worse than relying on minority rights in a constitutional democracy. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQG3M+cPxH8jf3ohaEQKw/gCfd1H/3qT0adJcF5w/LqudKX5LjB4AnAxE bCeo0KsdVeq6EAIkTgjRDt9l =984G -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri Apr 2 12:49:27 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 2 Apr 2004 15:49:27 -0500 Subject: [IP] U.S. may need to step in, says cybersecurity report In-Reply-To: References: Message-ID: At 2:58 PM -0500 4/2/04, Jerrold Leichter wrote: >Ahem. Did you notice the issue date and time? Damn. My only gotcha all day... April fool, indeed. :-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From sfurlong at acmenet.net Fri Apr 2 13:18:23 2004 From: sfurlong at acmenet.net (Steve Furlong) Date: 02 Apr 2004 16:18:23 -0500 Subject: [Politech] John Gilmore on the homeless, RFID tags, and ki ttens In-Reply-To: <20040402175501.GB19833@cybershamanix.com> References: <20040402175501.GB19833@cybershamanix.com> Message-ID: <1080940703.4786.5.camel@daft> On Fri, 2004-04-02 at 12:55, Harmon Seaver wrote: > Chickens ain't herbivores, they are omnivores, and, in fact, prefer meat, > bugs, etc. to all else. Yah, ducks and geese, too. But factory chickens, which is almost all of the chicken most Americans eat, are fed mostly grain. > A lot of old trappers I've know tell me they've eaten bobcat and lynx and > that they were tasty, and a lot like chicken. Huh. The carnivores I've eaten had a distinctive taste, bitter or something. But I've never eaten any feline, so far as I know. From nfpboyou at angelsbyangellady.com Fri Apr 2 15:30:06 2004 From: nfpboyou at angelsbyangellady.com (Gilda Ewing) Date: Sat, 03 Apr 2004 04:30:06 +0500 Subject: This wi|l run higher with trade vO|ume way up Message-ID: <005827646392.BLA06378@disyllable.asserta.com> "St0ck Watch Alert" this morning are Wysak Petroleum (WYSK), Key Energy Services, Inc. (Pink Sheets: KEGS), Medify So|utions (MFYS), Sequoia Interests Corporation (SQNC). Wysak Petroleum (WYSK) Current Price: O.24 Wysak Petro|eum announces the signing of a Letter of Intent with the European Commission Baltic Renewable Energy Centre (EC BREC) to assist Wysak Petroleum in the development of the Wysak Wind Power Project. EC BREC and Wysak have signed a LOI in respect to the deve|opment of a fu||-sized Commercial Wind Power Project in Europe. This letter states that EC BREC can support Wysak in matters such as financia| structuring and investment, regu|atory issues, government policies, negotiations, wind techno|ogies, and other aspects re|ating to Wind Power. About the Wysak Wind Project This development wi|| be up to a maximum 9OMw in size and cost upwards of $12O mi|liOn in development expenditures. Once comp|eted, this Wind Park wi|| supply upwards of 170,O00 Mw of e|ectricity annua|ly for Po|and and the European Community. This is enough green energy to supp|y upwards of 25,0O0 homes with e|ectricity and offset nearly 170,O00 tonnes of Greenhouse gases. Total gross electric sales over a 20-year period are estimated at over $450 mi||i0n for a project this size. About the EC Baltic Renewable Energy Centre The mission of European Commission-founded EC BREC is to stimu|ate the deve|opment of renewable energy sources (RES) in Po|and through the construction of RES projects, the deve|opment of innovative technologies, and the creation of relevant po|icies, strategies and plans. To fulfil| the mission, EC BREC uses its own research capabi|ities and cooperates with partner institutions from the EU, other countries, and international organizations. About Wysak Petroleum Wysak is a diversified energy company whose goal is to identify and deve|op traditional fossi| fue| sites, as we|l as clean air alternative energy producing technologies. Wysak controls one Wyoming Federa| oi| & gas |ease in the Bighorn Basin region and another in the Green River Basin. Its two Wyoming State leases are |ocated 45 miles apart within the massive Coa|Bed Methane p|ay area of the Powder River Basin. Numerous large petroleum and exp|oration firms operate near to a|| of these properties; they inc|ude ExxonMobi|e (XOM), Wi|liams Gas (WMB), and Western Gas (WGR) among others. Col|ective|y, over 26,O0O wells produced 54.7 mil|ion barrels of oi| and 1.75 trillion cubic feet of natural gas in Wyoming Conc|usion: The Examples Above Show The Awesome, Earning Potential of Litt|e Known Companies That Exp|ode Onto Investor's Radar Screens; Many of You Are A|ready Familiar with This. Is WYSK Poised and Positioned to Do that For You? Then You May Feel the Time Has Come to Act... And Please Watch this One Trade Friday! Go WYSK. Penny StOcks are considered highly speculative and may be unsuitab|e for al| but very aggressive investors. This Profile is not in any way affiliated with the featured company.We were compensated 3O00 dollars to distribute this report. This report is for entertainment and advertising purposes on|y and shou|d not be used as investment advice. If you wish to stop future mailings, or if you fee| you have been wrongfu|ly p|aced in our membership, please go here or send a b|ank e mail with No Thanks in the subject to st0ck67 @ yahoo.com From rah at shipwright.com Sat Apr 3 05:59:59 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 3 Apr 2004 08:59:59 -0500 Subject: Shock waves from Fallujah In-Reply-To: <406DDBC4.98EA6211@cdc.gov> References: <406DDBC4.98EA6211@cdc.gov> Message-ID: At 1:31 PM -0800 4/2/04, Major Variola (ret) wrote: >A fence is being considered around the Capital in DC also. You need a bigger fence than that, at least out to places like the Beltway, maybe out to Fort Meade, right? ;-). Of course, if they just got rid of the attractive nuisance, if all those congresscritters weren't able to steal money to buy votes at election time, maybe we wouldn't have to build such a big fence? Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat Apr 3 06:03:14 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 3 Apr 2004 09:03:14 -0500 Subject: Private U.S. Guards Take Big Risks for Right Price In-Reply-To: <406DDA90.4702A400@cdc.gov> References: <406DDA90.4702A400@cdc.gov> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 1:26 PM -0800 4/2/04, Major Variola (ret) wrote: >Physics, because large entities have different properties (eg >surface-to-mass ratio; inertia) than small entities. Well, certainly, that's the current wisdom about such things. However, I'm talking about markets, and firms, which are all creatures of information flow. As William Gibson put it once, a corporation is a being which eats information and shits money. In those terms, then, since, Coase's theorem again, reduced transaction cost (lowered by lower information gathering, and most important to cypherpunks, lower transaction *security* costs lowering transaction execution/settlement/clearing) how do we get the large behavior current in modern markets without large firms? Easy. Swarms, if you will, ala Kevin Kelly's "Out of Control." Lots of little devices acting in common, in their own self interest, using markets to price their services. Remember the scene in Stephenson's "The Diamond Age" about defense in depth, where you enter a perimeter and little diamond-skinned dirigibles clot around you and slow you down, and the more force you present, the more derigibles there are, including the ones with lethal capabilities? Or the bit about "warfare" being conducted at the nano-level and whatshername's brother dying from allergies, for the lack of a better term, from all the airborne ditritus? (They just figured out that buckyballs might be a pathogen if inhaled this week, if you remember...) Somewhere, on the Shipwright site, is a John Young - discovered DOD paper from the mid-90's about "The Mesh and The Net", which looks like a toe-hold on the idea of geodesic warfare. I used to joke about keeping the landmines in your front yard paid or they wouldn't let you out the door. :-). So, I would bet that lower costs of market entry means that smaller firms could compete in large, temporary groups, in the same way that market sell-off stampedes happen, only with guns. The net allows more collaboration between the troops without central control, in the same way that more information allows capital markets to price transactions without central control. Leadership is temporary, and non-monopolistic, non-dynastic. Anyway, that's all I can think about at the moment. Off to breakfast at Auntie B's. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQG7DoMPxH8jf3ohaEQIIvgCfQXi/yj7Cf8hqAF3kD3fkvAwsWOYAoMBP RO9NgIZM1tQUARqrMlHrX1/d =iiXa -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat Apr 3 07:07:00 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 3 Apr 2004 10:07:00 -0500 Subject: Shock waves from Fallujah In-Reply-To: References: Message-ID: At 4:38 PM +0200 4/3/04, Anonymous wrote: >Major Variola wrote: >> A fence is being considered around the Capital in DC also. > >Capitol. Outed as a marxist, apparently. Shame on you, Mr. Pox. ;-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From measl at mfn.org Sat Apr 3 14:22:46 2004 From: measl at mfn.org (J.A. Terranson) Date: Sat, 3 Apr 2004 16:22:46 -0600 (CST) Subject: Powell admits "mobile weapons factory" scam In-Reply-To: <20040403215846.GA27161@dreams.soze.net> References: <20040403215846.GA27161@dreams.soze.net> Message-ID: <20040403162002.C88648@mx1.mfn.org> On Sat, 3 Apr 2004, Justin wrote: > The intelligence, even if it was originally true, may have been leaked and > then the mobile (and other) weapons factories and storage destroyed. The > intended result would have been the current situation, with the Bush > administration and intel community looking like idiots and the "soft on > terror" Democrats having a foreign policy advantage in Nov 2004. Has it not occurred to you that having Powell make the first statement may be designed to avoid having Bush make the [obvious and needed] statement? The truth is more likely along the lines of Bush demanded certain Intel be "found", and it was. Now that it cannot be substantiated, and is becoming a slow but growing thorn, making it go away as quietly as possible is the rule of the day. But it won't die quietly if Shrub makes the announcement: it has to be an underling. And lets face it - Powell is the *only* underling with *any* credibility. -- "One of the nice things about ignorance is that it is curable. Unlike Neo-Conservatism. Eric Michael Cordian From nobody at paranoici.org Sat Apr 3 06:38:00 2004 From: nobody at paranoici.org (Anonymous) Date: Sat, 3 Apr 2004 16:38:00 +0200 (CEST) Subject: Shock waves from Fallujah Message-ID: # In-Reply-To: <406DDBC4.98EA6211 at cdc.gov> Major Variola wrote: > A fence is being considered around the Capital in DC also. Capitol. From hseaver at cybershamanix.com Sat Apr 3 14:44:36 2004 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Sat, 3 Apr 2004 16:44:36 -0600 Subject: Powell admits "mobile weapons factory" scam In-Reply-To: <20040403162002.C88648@mx1.mfn.org> References: <20040403215846.GA27161@dreams.soze.net> <20040403162002.C88648@mx1.mfn.org> Message-ID: <20040403224436.GA23001@cybershamanix.com> Here's another meme on the issue: >U.S. Unloading WMD in Iraq > >TEHRAN (Mehr News Agency) - Over the past few days, in the wake of the >bombings in Karbala and the ideological disputes that delayed the signing >of Iraq's interim constitution, there have been reports that U.S. forces >have unloaded a large cargo of parts for constructing long-range missiles >and weapons of mass destruction (WMD) in the southern ports of Iraq. > >A reliable source from the Iraqi Governing Council, speaking on condition >of anonymity, told the Mehr News Agency that U.S. forces, with the help >of British forces stationed in southern Iraq, had made extensive efforts >to conceal their actions. > >He added that the cargo was unloaded during the night as attention was >still focused on the aftermath of the deadly bombings in Karbala and the >signing of Iraq's interim constitution. > >The source said that in order to avoid suspicion, ordinary cargo ships >were used to download the cargo, which consisted of weapons produced in >the 1980s and 1990s. > >He mentioned the fact that the United States had facilitated Iraq's WMD >program during the 1980-1988 Iran-Iraq and said that some of the weapons >being downloaded are similar to those weapons, although international >inspectors had announced Saddam Hussein's Baath regime had destroyed all >its WMD. > >The source went on to say that the rest of the weapons were probably >transferred in vans to an unknown location somewhere in the vicinity of >Basra overnight. > >"Most of these weapons are of Eastern European origin and some parts are >from the former Soviet Union and the Eastern Bloc. The U.S. obtained them >through confiscations during sales of banned arms over the past two >decades," he said. > >This action comes as certain U.S. and Western officials have been >pointing out the fact that no weapons of mass destruction have been >discovered in Iraq and the issue of Saddam's trial begins to take center >stage. > >In addition, former chief UN weapons inspector Hans Blix has emphasized >that the U.S. and British intelligence agencies issued false reports on >Iraq leading to the U.S. attack. >Meanwhile, the suspicious death of weapons inspector David Kelly is also >an unresolved issue in Britain. > >------Occupation Forces Official Claims to Have No Information About >Transfer of WMD to Iraq ------- > >A security official for the coalition forces in Iraq said that he has not >received any information about the unloading of weapons of mass >destruction in ports in southern Iraq. >Shane Wolf told the Mehr News Agency that the occupation forces have >received no reports on such events, but said he hoped that the coalition >forces would find the Iraqi weapons of mass destruction one day. > >Coalition forces and inspectors have so far been unable to find any Iraqi >weapons of mass destruction. The U.S. invaded Iraq under the pretext that >Iraq possessed a stockpile of weapons of mass destruction. >~~~~~~~~~~ >And, the url to Ira's story: >http://www.commondreams.org/views04/0318-04.htm > >Ira Chernus is Professor of Religious Studies at the University of >Colorado at Boulder. chernus at colorado.edu -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From rah at shipwright.com Sat Apr 3 16:44:50 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 3 Apr 2004 19:44:50 -0500 Subject: The New Right and Anarcho-capitalism Message-ID: At any rate, this whole train of thought brings to mind Peter Marshall's recent compendium, _Demanding_the_Impossible:_A_History_of_Anarchism_ -- London: Fontana Press, 1992 (ISBN 0 00 686245 4). An informative and vastly entertaining read, recommended for anyone with an anti-authority bent, it logs anarchistic thought from the Tao to the Sex Pistols (700+ pages). Marshall labels these old-guard classical liberals "anarcho-capitalists" -- a superior term to right-wing anarchist, for reasons Marshall gives in summation of this short chapter (Chomsky gets his on section in the chapter called Modern Libertarians). Capital is what they really seek to liberate, not people. For your enjoyment, I present the relevant chapter from Marshall's book. * Chapter 36: The New Right and Anarcho-capitalism Anarcho-capitalism has recently had a considerable vogue in the West where it has helped put the role of the State back on the political agenda. It has become a major ideological challenge to the dominant liberalism which sees a role for government in the protection of property. The anarcho-capitalists would like to dismantle government and allow complete _laissez-faire_ in the economy. Its adherents propose that all public services be turned over to private entrepreneurs, even public spaces like town halls, streets and parks. Free market capitalism, they insist, is hindered not enhanced by the State. Anarcho-capitalists share Adam Smith's confidence that somehow private interest will translate itself into public good rather than public squalor. They are convinced that the 'natural laws' of economics can do without the support of positive man-made laws. The 'invisible hand' of the market will be enough to bring social order. Anarcho-capitalism has recently had the greatest impact in the United States, where the Libertarian Party has taken it up as the house ideology, and where Republicans like Ronald Reagan wanted to be remembered for cutting taxation and for getting 'the government off peoples' backs'. In the United Kingdom, neo-Conservatives argue that 'there is no such thing as society' and wish to 'roll back the frontiers of the State' -- a view adopted evangelically, in theory if not always in practice, by Margaret Thatcher, Prime Minister from 1979 to 1990. State socialism is attacked not so much because it is egalitarian but because it seeks to accrue more powers for the State to exercise centrally. The phenomenon of anarcho-capitalism is not however new. With the demise of Benjamin Tucker's journal _Liberty_ in 1907, American individualist anarchism lost its principal voice; but its strain of libertarianism continued to re-emerge occassionally in the offerings of isolated thinkers. The young essayist Randolph Bourne, writing outside the anarchist movement, distinguished between society and the State, invented the famous slogan 'War is the Health of the State', and drew out the authoritarian and conformist dangers of the 'herd'.[1] FRANZ OPPENHEIMER's view of the State as 'the organization of the political means' and as the 'systematization of the predatory process over a given territory' influenced libertarians and conservatives alike in the twenties.[2] The Jeffersonian liberal ALBERT JAY NOCK reached anarchist conclusions in _Our_Enemy_The_State_ (1935) at the time of the New Deal. A conservative of the _laissez-faire_ school, he foresaw 'a steady progress in collectivism running into a military despotism of a severe type'.[3] It would involve steadily-increasing centralization, bureaucracy, and political control of the market. The resulting State-managed economy would be so inefficient and corrupt that it would need forced labor to keep it going. Nock's warning did not go unheeded. FRIEDRICH A. HAYEK spelt out in _The_Road_to_Serfdom_ (1944) the dangers of collectivism. In his restatement of classic liberalism in _The_Constitution_of_Liberty_ (1960), he rejected the notion of social justice and argued that the market creates spontaneous social order. But while he wished to reduce coercion to a minimum, he accepted the need for the coercion of a minimal State to prohibit coercive acts by private parties through law enforcement. He also accepted taxation and compulsory military service. While a harsh critic of egalitarianism and of government intervention in the economy, he was ready to countenance a degree of welfare provision which cannot be adequately provided by the market. His views have had an important influence on neo-Conservatives, especially those on the right wing of the Conservative Party in Britain. Anarcho-capitalists like David Friedman and Murray Rothbard go much further. In some ways, their position appears to be a revival of the principles of the Old Right against the New Deal which sought government interference in the economy, but they are not only motivated by a nostalgia for a thoroughly free market but are aggressively anti-authoritarian. Where Tucker called anarchism 'consistent Manchesterism', that is taking the nineteenth-century _laissez-faire_ school of economists to their logical conclusion, anarcho-capitalists might be called consistent Lockeans. Following Locke, classic liberals argue that the principals task of government is to protect the natural rights to life, liberty and property because a 'state of nature' where there is no common law the enjoyment of such rights would be uncertain and inconvenient. The anarch-capitalists also ask, like Locke in his _Second_Treatise_, 'If Man in the state of Nature be so free as has been said, if he be absolute lord of his own person and possessions, equal to the greatest and subject to nobody, why will he part with his freedom?'[4] Unlike Locke, however, the anarch-capitalists do not find such a state of nature without a common judge inconvenient or uncertain. They maintain that even the minimal State is unnecessary since the defence of person and property can be carried out by private protection agencies. DAVID FRIEDMAN sees such agencies as both brokers of mini-social contracts and producers of 'laws' which conform to the market demand for rules to regulate commerce. Each person would be free to subscribe to a protective association of his choice, since 'Protection from coercion is an economic good'.[5] Apart from adumbrating _The_Machinery_of_Freedom_ (1973), Friedman has populated Hayek's defence of capitalism as the best antidote to the serfdom of collectivism and the State. The writings of AYN RAND, a refugee from the Soviet Union, best represent the intellectual background to the new right-wing libertarianism in the United States. In her _The_Virtue_of_Selfishness:_ A_New_Concept_of_Egoism_ (1964), she attempted a philosophical defence of egoism while in her novels she portrayed a superior individual fighting the forces of collectivism, particularly in the form of the State. Her superior individual, driven by a Nietzschean will to power, appears in the guise of a capitalist entrepreneur who is presented as the source of all wealth and creator of all progress. Rand claimed that she had a direct knowledge of objective reality, and her 'Objectivist' movement had a considerable vogue in the sixties. Like most anarch-capitalists, she is convinced of the truth of her own views, which to others appear mere dogma. She remains a minimal statist rather than a strict anarchist. Amongst anarch-capitalist apologists, the economist MURRAY ROTHBARD is probably most aware of the anarchist tradition. He was originally regarded as an extreme right-wing Republican, but went on to edit la Boetie's libertarian classic _Of_Voluntary_Servitude_ and now calls himself an anarchist. 'If you wish to know how the libertarians regard the State and any of its acts," he wrote in _For_A_New_Liberty:_ _The_Libertarian_Manifesto_ (1973), 'simply think of the State as a criminal band, and all the libertarian attitudes will logically fall into place.' He reduces the libertarian creed to one central axiom, 'that no man or group of men may aggress against the person or property of anyone else'.[6] Neither the State nor any private party therefore can initiate or threaten the use of force against any person for any purpose. Free individuals should regulate their affairs and dispose of their property only by voluntary agreement based on contractual obligation. Rejecting the State as a 'protection' with an illegitimate claim on the monopoly of force, Rothbard would like to see it dissolved, as would Friedman, into social and market arrangements. He proposes that disputes over violations of persons and property may be settled voluntarily by arbitration firms whose decisions are enforceable by private protection agencies. Rothbard described an anarchist society where 'there is no legal possibility for coercive aggression against the person or property of any individual'. But where Tucker recognized no inherent right to property, Rothbard insists on the need for a 'basic libertarian code of the inviolate right of person and property'.[7] In addition, for all his commitment to a Stateless society, Rothbard is willing to engage in conventional politics. He helped found the Libertarian Party in the USA which wants to abolish the entire federal regulatory apparatus as well as social security, welfare, public education, and taxation. Accepting Bourne's view that war is the health of the State, the Party wants the United States to withdraw from the United Nations, end its foreign commitments, and reduce its military forces to those required for minimal defence. Rothbard argued at the 1977 Libertarian Party Congress that to become a true libertarian it was necessary to be 'born again', not once ut twice, in a baptism of reason as well as of will. Since in his view libertarianism is the only creed compatible with the nature of man and the world, he is convinced that it will win because it is true. Whatever the workers and bureaucrats might think or want, Statism will collapse of its own contradictions and the free market will prevail throughout the world. However libertarian in appearance, there are some real difficulties in the anarch-capitalists' position. If laws and courts are replaced by arbitrary firms, why should an individual accept their verdict? And since he 'buys' justice, what assurances are there that the verdicts would be fair and impartial? If the verdicts are enforced by private protection agencies, it would seem likely, as ROBERT NOZICK has pointed out, that a dominant protective agency (the one offering the most powerful and comprehensive protection) would eventually emerge through free competition.[8] A _de_facto_ territorial monopoly would thus result from the competition among protection agencies which would then constitute a proto-State. The only difference between the 'ultraminimal' State of a dominant protection agency and a minimal State would be that its services would be available only to those who buy them. Nozick's work _State,_Anarchy_and_Utopia_ (1974) is widely regarded as [um, Anarchy, State, and Utopia -- RAH] one of the most important works in contemporary political philosophy. Inspired in part by individual anarchist arguments, especially those of Spooner and Tucker, and replying to the libertarian view of Rothbard and Rand, he calls for a minimal State to oversee private protection agencies to ensure contracts are kept by property-owning individuals. He insists however that a man ruled by others against his will, whose life and property are under their control, is no less a slave because he has the vote and periodically may 'choose' his masters. Nozick has helped to make libertarian and anarchist theory acceptable in academic circles. But in the end he opts for a nightwatchman State in order to protect the individual's rights to life, liberty and property. In his 'framework for utopia', he proposes a society of independent city-States organized according to their inhabitants' preferences. He defends capitalism under the theory of just entitlement, arguing that just acquisitions and just transfers made in the absence of force or fraud legitimize the distribution of wealth resulting from capitalist exchange. However poorly a person may fare in the exercise of human liberty, there is no moral reason to correct market forces by redistributing wealth. The acceptable maxim of capitalism for Nozick is therefore: 'From each as they choose, to each as they are chosen'.[9] Nozick joins a group of American philosophers like JOHN HOSPERS and ERIC MACK who adopt 'minarchy' rather than anarchy. They call for a minimal State, restricting the scope of the modern state to Locke's 'common judge with authority' to make laws (for the protection of property), to punish thieves and malefactors, and to defend the nation against foreign aggression.[10] They are right-wing libertarians rather than anarchists in the tradition of Jefferson, insisting 'that government is best which governs least'. A more thorough-going philosophical defence of anarchism has been put forward by ROBERT PAUL WOLFF. He rejects the political legitimacy of the State on a neo-Kantian principle of moral autonomy. he assumes that in so far as people are rational and are to act they must be autonomous. The autonomous man who determines his own acts refuses to be ruled and denies all claims to political authority: 'For the autonomous man, there is no such thing, strictly speaking, as a command.'[11] Wolff does not however see any immediate implications for his philosophical anarchism and ethical individualism. In his 'Utopian Glimpses of a World Without States' in _A_Defense_of_Anarchism_ (1970), he maintains that a high order of social co-ordination in a society in which no one claims legitimate authority would only be possible after its members had achieved a high level of moral and intellectual development. Indeed, rather than offering a defence of anarchism as a political theory, he seems more concerned with elaborating a form of moral and political scepticism.[12] Wolff's practical proposals are also problematic. He recommends a form of 'instant direct democracy' based on a system of 'voting machines' in every home linked to a computer in Washington. Each Bill would then be voted on by all the people after it had been discussed by their representatives in a national assembly. But such a system could easily lead to representatives manipulating their votes as they do in existing parliamentary democracies. There is also a big difference, recognized in part by Wolff, between the passive role of listener and the active role of participant in a debate. The kind of direct democracy practiced in ancient Athens, which actively involved all the citizens, would appear to be preferable to television viewers being merely able to register their response to decisions made by an elected elite. Wolff's proposal would turn citizenship into little more than a spectator-sport. He allows no meaningful debate or collective discussion of ends. Although he recommends extreme economic decentralization, Wolff alines himself with the anarcho-capitalists and right-libertarians by wanting to retain private property and the market to co-ordinate human behavior. Again, he suggests that the army could be run on the basis of voluntary commitment and submission to orders but this would seem little different from existing forms of voluntary conscription. In the utopias of the anarcho-capitalists, there is little reason to believe that the rich and powerful will not continue to exploit and oppress the powerless and poor as they do at present. It is difficult to imagine that protective services could impose their ideas of fair procedure without resorting to coercion. With the free market encouraging selfishness, there is no assurance that 'public goods' like sanitation and clean water would be provided for all. Indeed, the anarcho-capitalists deny the very existence of collective interests and responsibilities. They reject the rich communitarian tradition of the ancient Greek _polis_ in favor of the most limited form of possessive individualism. In their drive for self-interest, they have no conception of the general good or public interest. In his relationship with society, the anarcho-capitalist stands alone, an egoistic and calculating consumer; society is considered to be nothing more than a loose collection of autonomous individuals. The anarcho-capitalist definition of freedom is entirely negative. It calls for the absence of coercion but cannot guarantee the positive freedom of individual autonomy and independence. Nor does it recognize the equal right of all to the means of subsistence. Hayek speaks on behalf of the anarcho-capitalist when he warns: 'Above all we must recognize that we may be free and yet miserable.'[13] Others go even further to insist that liberty and bread are not synonymous and that we have 'the liberty to die of hunger'.[14] In the name of freedom, the anarcho-capitalists would like to turn public spaces into private property, but freedom does not flourish behind high fences protected by private companies but expands in the open air when it is enjoyed by all. Anarcho-capitalists are against the State simply because they are capitalists first and foremost. Their critique of the State ultimately rests on a liberal interpretation of liberty as the inviolable rights to and of private property. They are not concerned with the social consequences of capitalism for the weak, powerless and ignorant. Their claim that all would benefit from a free exchange in the market is by no means certain; any unfettered market system would most likely sponsor a reversion to an unequal society with defence associations perpetuating exploitation and privilege. If anything, anarcho-capitalism is merely a free-for-all in which only the rich and cunning would benefit. It is tailor-made for 'rugged individualists' who do not care about the damage to others or to the environment which they leave in their wake. The forces of the market cannot provide genuine conditions for freedom any more than the powers of the State. The victims of both are equally enslaved, alienated and oppressed. As such, anarcho-capitalism overlooks the egalitarian implications of traditional individualist anarchists like Spooner and Tucker. In fact, few anarchists would accept 'anarcho-capitalists' into the anarchist camp since they do not share a concern for economic equality and social justice. Their self-interested, calculating market men would be incapable of practising voluntary co-operation and mutual aid. Anarcho-capitalists, even if they do reject the State, might therefore best be called right-wing libertarians rather than anarchists.[15] eof [ ... glad to see you actually made it all the way... ;)] -- "Don't HATE the media... | K.K.Campbell beCOME the media!" --*-- - J. Biafra | . . . . cum grano salis -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From measl at mfn.org Sat Apr 3 19:12:33 2004 From: measl at mfn.org (J.A. Terranson) Date: Sat, 3 Apr 2004 21:12:33 -0600 (CST) Subject: Powell admits "mobile weapons factory" scam In-Reply-To: References: Message-ID: <20040403211123.C88648@mx1.mfn.org> On Sat, 3 Apr 2004, Tyler Durden wrote: > Was that a splash sound I heard? Hope this rat likes the water... > > -TD That rat can swim. And it's got a decent shot at becoming the Rodent In Chief down the road... -- "One of the nice things about ignorance is that it is curable. Unlike Neo-Conservatism. Eric Michael Cordian From justin-cypherpunks at soze.net Sat Apr 3 13:58:46 2004 From: justin-cypherpunks at soze.net (Justin) Date: Sat, 3 Apr 2004 21:58:46 +0000 Subject: Powell admits "mobile weapons factory" scam Message-ID: <20040403215846.GA27161@dreams.soze.net> http://news.bbc.co.uk/2/hi/middle_east/3596033.stm > In February last year he told the UN Security Council that Iraq had > developed mobile laboratories for making biological weapons. > > On Friday he conceded that information "appears not to be... that solid". ... > Mr Powell said the US intelligence officers "indicated to me" that the > information about the mobile labs was reliable, and "I made sure it was > multi-sourced". > > "Now, if the sources fell apart we need to find out how we've gotten > ourselves in that position," he said. > > "I have discussions with the CIA about it," he said, without providing > further details. ... > This admission by Mr Powell could further hurt the credibility of the > Bush administration in what is an election year, our correspondent says. Is this that surprising? The CIA isn't doing too well if they cannot figure out that there are good reasons to doubt anti-Iraq intelligence. The intelligence, if untrue, may have been disseminated by Saddam or the Ba'athists for unknown purposes, perhaps to destabilize the region even at the cost of Ba'athist leadership, for instance. Even if he's truly a "Bad man" and a psychopath, I don't believe that he's a coward who is unwilling to die for his beliefs. Ba'athists live by the sword, and I don't see him being that hypocritical. The intelligence may have been disseminated by the Kurds or other anti-Ba'athist forces for obvious reasons. The intelligence, even if it was originally true, may have been leaked and then the mobile (and other) weapons factories and storage destroyed. The intended result would have been the current situation, with the Bush administration and intel community looking like idiots and the "soft on terror" Democrats having a foreign policy advantage in Nov 2004. -- "You took my gun. It's just your word against mine!" "Not necessarily." -Bernie vs Tom, Miller's Crossing From camera_lumina at hotmail.com Sat Apr 3 19:08:41 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sat, 03 Apr 2004 22:08:41 -0500 Subject: Powell admits "mobile weapons factory" scam Message-ID: "Is this that surprising? The CIA isn't doing too well if they cannot figure out that there are good reasons to doubt anti-Iraq intelligence." The stuff I've been reading would indicate almost the contrary. Apparently, the Bush administration decided to more or less bypass the CIA's 'value added' analysis and grabbed the raw intelligence and interpreted it for itself. Was that a splash sound I heard? Hope this rat likes the water... -TD >From: Justin >To: cypherpunks at al-qaeda.net >Subject: Powell admits "mobile weapons factory" scam >Date: Sat, 3 Apr 2004 21:58:46 +0000 > >http://news.bbc.co.uk/2/hi/middle_east/3596033.stm > > > In February last year he told the UN Security Council that Iraq had > > developed mobile laboratories for making biological weapons. > > > > On Friday he conceded that information "appears not to be... that >solid". >... > > Mr Powell said the US intelligence officers "indicated to me" that the > > information about the mobile labs was reliable, and "I made sure it was > > multi-sourced". > > > > "Now, if the sources fell apart we need to find out how we've gotten > > ourselves in that position," he said. > > > > "I have discussions with the CIA about it," he said, without providing > > further details. >... > > This admission by Mr Powell could further hurt the credibility of the > > Bush administration in what is an election year, our correspondent says. > >Is this that surprising? The CIA isn't doing too well if they cannot >figure out that there are good reasons to doubt anti-Iraq intelligence. > >The intelligence, if untrue, may have been disseminated by Saddam or the >Ba'athists for unknown purposes, perhaps to destabilize the region even at >the cost of Ba'athist leadership, for instance. Even if he's truly a "Bad >man" and a psychopath, I don't believe that he's a coward who is unwilling >to die for his beliefs. Ba'athists live by the sword, and I don't see him >being that hypocritical. > >The intelligence may have been disseminated by the Kurds or other >anti-Ba'athist forces for obvious reasons. > >The intelligence, even if it was originally true, may have been leaked and >then the mobile (and other) weapons factories and storage destroyed. The >intended result would have been the current situation, with the Bush >administration and intel community looking like idiots and the "soft on >terror" Democrats having a foreign policy advantage in Nov 2004. > >-- >"You took my gun. It's just your word against mine!" >"Not necessarily." > -Bernie vs Tom, Miller's Crossing > _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar  get it now! http://toolbar.msn.com/go/onm00200415ave/direct/01/ From justin-cypherpunks at soze.net Sat Apr 3 16:07:09 2004 From: justin-cypherpunks at soze.net (Justin) Date: Sun, 4 Apr 2004 00:07:09 +0000 Subject: David Kelly's "suspicious death" In-Reply-To: <20040403224436.GA23001@cybershamanix.com> References: <20040403215846.GA27161@dreams.soze.net> <20040403162002.C88648@mx1.mfn.org> <20040403224436.GA23001@cybershamanix.com> Message-ID: <20040404000709.GA31453@dreams.soze.net> Harmon Seaver (2004-04-03 22:44Z) wrote: > Here's another meme on the issue: > > >U.S. Unloading WMD in Iraq > > > >In addition, former chief UN weapons inspector Hans Blix has emphasized > >that the U.S. and British intelligence agencies issued false reports on > >Iraq leading to the U.S. attack. > >Meanwhile, the suspicious death of weapons inspector David Kelly is also > >an unresolved issue in Britain. Everyone knows that he committed suicide. Just like Vince Foster. Incidentally, last Tuesday the Supreme Court ruled that the Vince Foster death-scene photos are not subject to FOIA requests. Kennedy even cited _Antigone_ as reason to protect already-taken death-scene photos of a scandal-embroiled public official (p. 9). The claimed rationale was that people requesting such photos must have some evidence (presumably a witness who claims knowledge that Foster was murdered) rather than just an unsubstantiated hunch. Otherwise, says Kennedy, privacy interests of the family outweigh public right to know. It's amusing the Supreme Court is unwilling to extend it's fear of "appearance of corruption" to cases like this. It's also amusing that they can't seem to find any difference between FOIA requests for death-scene photos of a public official mixed up in a scandal and, as Kennedy suggests, FOIA requests by murderers of death-scene photos of their victims, private citizens. The Appeals court had ordered the release of four of the (11?) pictures. NARA v. Favish - 02-954 - 2004-03-30 http://www.supremecourtus.gov/opinions/03slipopinion.html -- "You took my gun. It's just your word against mine!" "Not necessarily." -Bernie vs Tom, Miller's Crossing From justin-cypherpunks at soze.net Sat Apr 3 16:35:23 2004 From: justin-cypherpunks at soze.net (Justin) Date: Sun, 4 Apr 2004 00:35:23 +0000 Subject: Powell admits "mobile weapons factory" scam In-Reply-To: <20040403162002.C88648@mx1.mfn.org> References: <20040403215846.GA27161@dreams.soze.net> <20040403162002.C88648@mx1.mfn.org> Message-ID: <20040404003523.GB31453@dreams.soze.net> J.A. Terranson (2004-04-03 22:22Z) wrote: > On Sat, 3 Apr 2004, Justin wrote: > > > The intelligence, even if it was originally true, may have been > > leaked and then the mobile (and other) weapons factories and storage > > destroyed. The intended result would have been the current > > situation, with the Bush administration and intel community looking > > like idiots and the "soft on terror" Democrats having a foreign > > policy advantage in Nov 2004. > > Has it not occurred to you that having Powell make the first statement > may be designed to avoid having Bush make the [obvious and needed] > statement? > [...CIA manufactured intel under Bush's orders...] Of course that's a possibility. I don't think the CIA is that corrupt. I think the failure to consider the three options I set out (and undoubtedly others I haven't) is a more likely reason for finding believable intel than orders from above to manufacture intel. Didn't they even name a source or two for their mobile weapons lab information? While that's no guarantee the claimed source(s) exist, it lends credibility to alternatives that don't require such a vast conspiracy, alternatives that wouldn't create such a political nightmare. I prefer to believe that the CIA is incompetent rather than dishonest. The fact that they're using Jennifer Garner to try to recruit people seems to bolster my theory. -- "You took my gun. It's just your word against mine!" "Not necessarily." -Bernie vs Tom, Miller's Crossing From bill.stewart at pobox.com Sun Apr 4 13:35:06 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Sun, 04 Apr 2004 12:35:06 -0800 Subject: Shock waves from Fallujah In-Reply-To: References: <406DDBC4.98EA6211@cdc.gov> Message-ID: <6.0.3.0.0.20040404123315.037dc670@pop.idiom.com> At 05:59 AM 4/3/2004, R. A. Hettinga wrote: >At 1:31 PM -0800 4/2/04, Major Variola (ret) wrote: > >A fence is being considered around the Capital in DC also. > >You need a bigger fence than that, at least out to places like the Beltway, >maybe out to Fort Meade, right? ;-). > >Of course, if they just got rid of the attractive nuisance, if all those >congresscritters weren't able to steal money to buy votes at election time, >maybe we wouldn't have to build such a big fence? Correct me if I'm wrong, but I assume the purpose of a fence around the Capitol would be to keep those pesky Congresscritters _in_, not to keep other people out? From hadmut at danisch.de Sun Apr 4 07:53:36 2004 From: hadmut at danisch.de (Hadmut Danisch) Date: Sun, 4 Apr 2004 16:53:36 +0200 Subject: Do Cryptographers burn? Message-ID: On Sat, Apr 03, 2004 at 11:49:15PM +0100, Dave Howe wrote: > > If you mean he gave a false assurance of the security of a product for a > friend - why would he do that? I can't think of any of my friends who would > want me to tell them sofware was secure if it wasn't. ... > I suppose that depends on his integrity and how much his reputation and > skill would be worth to his employers if it became known that he gave false > assurances - and it would only be a matter of time before some other > cryptoanalyst found the fault he found and ignored. Thanks for the opinions. Maybe I'll explain a little bit more about the background: As some already may have heard I'm in a legal dispute with a german University. I wrote a dissertation in 1998, and the supervisor announced to give a good rate. I then signed off from the job as an assistant effectively to the date of the examination. I didn't know that the supervisor and another professor had made a plan to implement a security infrastrukture for the faculty and to found a company, and that this plan included that I would do the work in the year after the examination. When I signed off, they couldn't fulfill the promises they gave to the faculty, and thus canceled the examination to extort me to stay at the university and do the implementation. I refused to pay that kind of "protection money" and thus they rejected my dissertation with false expertises. The advisor's expertise (who claims to be one of the world's top cryptographers) is just a concatenation of arbitrary nonsense, and wrong even in the basics of computer science. E.g. he claims that LZ and MTF would effectively compress just anything. As an example for the need to distinguish between payload and control information I said that when phoning, not only speech is to be transmitted, but also phone numbers and signals about termination of the connection. He rated this as completely wrong and giving wrong information, because phone numbers would be used with today's ISDN Telephones only. As the reason he gave an obituary in the London Times saying that Donald Davies had died. Or he blames me for not citing literature that hadn't been published when I submitted the dissertation. He claims that rate-distortion theory and shannon encoding allow to pack n+1 independant bits into a single message of n bits (even with small n or n=1. Just try to do it.). The second examiner said the dissertation would be completely wrong but denied to give any explanation. I filed a lawsuit. During the law suit, the university had informed me, that they would never accept me to succeed in the examination. They would abuse a gap in german examination law: courts are restricted to cancel bad or wrong examinations, but they cannot give a positive examination result. All they can do is to sentence the University to repeat the examination. The University informed me that they had decided that they do not wish me to work in science and thus I had to accept to fail in the examination. I would have to modify my dissertation and to include those mistakes the examiners had falsely claimed in order to confirm that their rejection was correct. If I do that I would be allowed to have a second try with a new dissertation and would receive a bad grade which would keep me out of science. If I do not agree, they announced to keep me in an endless loop of false expertises. Every single one will take me years to sue against. I refused that "deal". I won both at the administration court and the appelate administration court. The latter one found that the second examiner could never have read the largest chapter and didn't even open the pages of the dissertation. This was already sufficient to cancel the examination action. The University then retracted the action to avoid being sentenced. Obviously, this was an extreme disgrace for the University. The University had to give a new second expertise. If this expertise could not confirm what the first expertise said, that the dissertation was completely wrong, the advisor would face beeing fired, severe compensation claims, and the ultimate disgrace. Within less then two weeks the University managed to get a third rejecting expertise, this time from a professor outside Germany, who is indeed known as one of the top cryptographers and a member of the board of directors of the IACR. I filed a new lawsuit and could easily prove that this professor had intentionally given a wrong expertise (obviously to protect the supervisor from legal trouble): - He wrote the expertise in less than two days. - The expertise is less than a page. He does not give any reasons and claims that he cannot be expected to reason his expertise. Reasoning is a strong requirement under german law. - There is no "link" between the expertise and the dissertation. He obviously didn't read it. - He didn't find any single mistake. He just says that everything is already known and taken from literature. - He didn't bother to inform himself about the given problem, the legal requirements, and the available grades. That's a strong requirement in Germany. Obviously, if someone accepts to write an expertise and in advance knows that he won't need grades, then he knows that he will reject the dissertation before he has seen it. - And he erroneously assumed that the expertise would be kept secret. In Germany, the examinee has the right to get a copy of the expertise and raise objections. He was not aware of this and based his expertise on the assumption that nobody would see it. I then raised several technical and legal objections, and cited literature which explicetly stated that such subjects have not yet been published. - He then had to admit that he couldn't prove his statement that all this was known in literature, and that he raised this claim to reject the dissertation because he didn't like it. - He couldn't defend against any of my technical objections and citations. He is not even claiming that his expertise is correct, and obviously was completely surprised by the fact that I have access to his expertise (unlike the university where he is working, where they keep the expertises secret). - When I demanded to receive reasons, he denied that and stated that he would not agree with the requirent to reason an expertise. Instead, he had based his examination on an "international consensus" that would free him from the need to give reasons. He also stated that it would be illogical to require an examiner to give reasons for his expertise, because candidates could succeed with empty dissertations then. (???) So this expertise is just ridiculous and won't have any chance at a court, except that it will take me again years for the lawsuit. I then informed the IACR's board of directors and asked them whether an organization, where such a person can become a director can be trusted any longer in context of security and cryptography. Surprisingly, they were not even surprised. The fully tolerate this and even consider this as normal. It looks as if they consider this kind of expertise as kind of self-evident. To help a colleague and protect him from legal trouble seems to be much more important than giving correct and reasonable expertises. I discussed that with several friend and colleagues, all working in security and cryptography, and they were all shocked. Everyone would have bed that they would kick everyone out known to have given a false expertise. But they don't. Very similar with the supervisor and the former second examinor: It is more than obvious that both had given intentionally wrong expertises and were claiming technical nonsense. But everyone seems to silently accept this and to consider this as normal. When preparing for the lawsuit, I read several other dissertations in order to compare them. I found several of them to be really wrong or to contain nothing but citations from literature. One of these dissertations would never have been published if I hadn't asked for a copy. It was then published around two years after the examination and contained just citations from literature. So what I found is fraud, extortion, false expertises. But not a single one of those cryptographers burns. Maybe it's a minority writing false expertises. But it's a majority accepting that. So my doubt is not so much about that someone found the magic way to factorize. It's about someone intenionally selling snake-oil or backdoors and other's keeping their mouth shut and tolerate this as they do it here. I have three expertises proven to be intentionally wrong. One from someone who is known to have no clue about security. One from someone who is known as a cryptographer and once claimed to be one of the "top four". And one from someone who is a director of IACR. And no one cares about. Nobody told me I'd be wrong. Nobody doubted my claims, objections, and technical arguments. I could easily show that all of them have intentionally given wrong expertises. Some people even explicetely confirmed that my dissertation is correct and the expertises are wrong. This just doesn't matter in any way. Isn't that spooky? What kind of business is cryptography? regards Hadmut --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From mv at cdc.gov Sun Apr 4 17:54:10 2004 From: mv at cdc.gov (Major Variola (ret.)) Date: Sun, 04 Apr 2004 17:54:10 -0700 Subject: capitalized capitol Message-ID: <4070AE31.36DB2134@cdc.gov> 3 [2capital] a : a city serving as a seat of government b : a city preeminent in some special activity However it seems the "ol" version is correct when capitalized: Etymology: Latin Capitolium, temple of Jupiter at Rome on the Capitoline hill 1 a : a building in which a state legislative body meets b : a group of buildings in which the functions of state government are carried out 2 capitalized : the building in which the U.S. Congress meets at Washington From hseaver at cybershamanix.com Sun Apr 4 18:44:17 2004 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Sun, 4 Apr 2004 20:44:17 -0500 Subject: And who was it saying those terrible Sunnis would be isolated? Message-ID: <20040405014417.GB2069@cybershamanix.com> Shiites hit a home run! http://news.bbc.co.uk/2/hi/middle_east/3599381.stm -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From mv at cdc.gov Sun Apr 4 22:40:58 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 04 Apr 2004 22:40:58 -0700 Subject: priceless Message-ID: <4070F16A.5C30DAF1@cdc.gov> At 08:44 PM 4/4/04 -0500, Harmon Seaver wrote: > Shiites hit a home run! > >http://news.bbc.co.uk/2/hi/middle_east/3599381.stm Deposing a harmless tyrant: $87,000,000,000 Generating 2 Islamic republics plus an ethnic republic that destabilizes Turkey: priceless For colonialism, there's the military. For disinfo, there's the CIA's silence. For everything else, there's neo-conservatism. From eugen at leitl.org Sun Apr 4 14:26:37 2004 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 4 Apr 2004 23:26:37 +0200 Subject: Do Cryptographers burn? (fwd from hadmut@danisch.de) Message-ID: <20040404212636.GJ28136@leitl.org> ----- Forwarded message from Hadmut Danisch ----- From brian-slashdotnews at hyperreal.org Sun Apr 4 18:26:04 2004 From: brian-slashdotnews at hyperreal.org (brian-slashdotnews at hyperreal.org) Date: 5 Apr 2004 01:26:04 -0000 Subject: States Link Databases to Find Tax Cheats Message-ID: Link: http://slashdot.org/article.pl?sid=04/04/04/2021256 Posted by: michael, on 2004-04-05 01:01:00 Topic: us, 22 comments from the be-good-for-goodness'-sake dept. The IRS and state revenue agencies are increasingly [1]linking every database they can get to their tax records to find clues about your finances. [2]Click Here References 1. http://story.news.yahoo.com/news?tmpl=story&cid=562&ncid=738&e=3&u=/ap/200404 03/ap_on_hi_te/tax_data_mining 2. http://ads.osdn.com/?ad_id=2866&alloc_id=7029&site_id=1&request_id=1987911&op =click&page=%2farticle%2epl ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From rabbi at anonymizer.com Mon Apr 5 08:08:01 2004 From: rabbi at anonymizer.com (Len Sassaman) Date: Mon, 5 Apr 2004 08:08:01 -0700 Subject: Mixmaster RFC Message-ID: <08152566-8713-11D8-AD90-000A959E7C72@anonymizer.com> Hello, I'm preparing to submit draft -02 of the revised Mixmaster Protocol Specification. If you have any comments, or have previously contributed and have not been acknowledged, please let me know as soon as possible by sending mail to mixmaster-devel at lists.sourceforge.net. The last published version is here: http://www.ietf.org/internet-drafts/draft-sassaman-mixmaster-00.txt The current working version of the I-D is here: https://source.mixmaster.anonymizer.com/svn/mixmaster/trunk/Docs/draft- sassaman-mixmaster-XX.txt (Please comment on the latter). Thanks, Len --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From mv at cdc.gov Mon Apr 5 09:44:08 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 05 Apr 2004 09:44:08 -0700 Subject: Shock waves from Fallujah Message-ID: <40718CD8.240C8B1D@cdc.gov> At 12:35 PM 4/4/04 -0800, Bill Stewart wrote: >>At 1:31 PM -0800 4/2/04, Major Variola (ret) wrote: >> >A fence is being considered around the Capital in DC also. >> > >Correct me if I'm wrong, but I assume the purpose of a fence around the Capitol >would be to keep those pesky Congresscritters _in_, >not to keep other people out? No, it would be to protect the congressvermin from attacks. Just like the anti-aircraft batteries and snipers on the white house. The SS is also closing all but 1 tourist entrance to the Capitol. ... In other news today, the US is going to snatch a major Iraqi cleric. Flash to W. sticking his dick into a hornet's nest. Dancing in the streets indeed. From mv at cdc.gov Mon Apr 5 10:10:07 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 05 Apr 2004 10:10:07 -0700 Subject: Private U.S. Guards Take Big Risks for Right Price Message-ID: <407192EF.AB274666@cdc.gov> At 09:03 AM 4/3/04 -0500, R. A. Hettinga wrote: >At 1:26 PM -0800 4/2/04, Major Variola (ret) wrote: >>Physics, because large entities have different properties (eg >>surface-to-mass ratio; inertia) than small entities. > >Well, certainly, that's the current wisdom about such things. > >However, I'm talking about markets, and firms, which are all >creatures of information flow. As William Gibson put it once, a >corporation is a being which eats information and shits money. We are talking about mercs, not selling bits on MercNet. Mercs are physical. Thus their resources (satellites, rockets, tanks, etc) are *controlled* by Men With Guns. Who don't like to share the shiniest toys. >In those terms, then, since, Coase's theorem again, reduced >transaction cost (lowered by lower information gathering, and most >important to cypherpunks, lower transaction *security* costs lowering >transaction execution/settlement/clearing) how do we get the large >behavior current in modern markets without large firms? Cheaper info cuts out middlemen, sure; but it does nothing to permit mercs access to physical-technology that they need in the physical world. >Lots of little devices acting in common, in their own self interest, >using markets to price their services. Devices are physical. MwG control the physical. >Somewhere, on the Shipwright site, is a John Young - discovered DOD >paper from the mid-90's about "The Mesh and The Net", which looks >like a toe-hold on the idea of geodesic warfare. I used to joke about >keeping the landmines in your front yard paid or they wouldn't let >you out the door. :-). Sure, meshes mean you may not need satellites or fixed base stations for your comms. Big deal. The mesh-radios may be controlled, and regardless, you need more than radios to be a merc. Get that through your head. >So, I would bet that lower costs of market entry means that smaller >firms could compete in large, temporary groups, in the same way that >market sell-off stampedes happen, only with guns. You're too stuck on bits and forgetting about atoms. >The net allows more collaboration between the troops without central >control, Yawn. Disintermediation will happen, its just not enough. Atoms matter. From camera_lumina at hotmail.com Mon Apr 5 07:12:32 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 05 Apr 2004 10:12:32 -0400 Subject: And who was it saying those terrible Sunnis would be isolated? Message-ID: What I'm wondering is whether the Iraqis will end up giving US the bums-rush faster than the Soviets got it in Afghanistan. Guess the Bush-Cheney-Rumsfeld "dancing in the streets" scenario is correct, but it will have taken a slightly different route than they had planned. -TD >From: Harmon Seaver >To: cypherpunks at minder.net >Subject: And who was it saying those terrible Sunnis would be isolated? >Date: Sun, 4 Apr 2004 20:44:17 -0500 > > Shiites hit a home run! > >http://news.bbc.co.uk/2/hi/middle_east/3599381.stm > > >-- >Harmon Seaver >CyberShamanix >http://www.cybershamanix.com > _________________________________________________________________ Tax headache? MSN Money provides relief with tax tips, tools, IRS forms and more! http://moneycentral.msn.com/tax/workshop/welcome.asp From rah at shipwright.com Mon Apr 5 08:18:19 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 5 Apr 2004 10:18:19 -0500 Subject: Gutmann: operating under the radar Message-ID: Computerworld NZ Tuesday, 6 April, 2004 Gutmann: operating under the radar Paul Brislen, Auckland He describes himself as a "professional paranoid", but cryptography expert Peter Gutmann (pictured) is quite willing to buy products online using his credit card and advocates writing down passwords on a piece of paper. Gutmann, a developer, author, speaker and honorary researcher at Auckland University's computer science department, realises that the password advice might seem to fly in the face of reason. "Think about it. If you've written down your complicated password on a piece of paper someone would have to break into your house to get it to then break into your online account. That's not likely when the crooks are sitting in Eastern Europe." Conversely, he says having one user name and password for all accounts is perhaps the worst thing a user can do. "That way if one account is compromised then effectively all of them could be." Gutmann is world-renowned for his work on security architecture and is in demand on the IT security speaking circuit. His PhD thesis has been released as an academic text book (Cryptographic security architecture: design and verification) and he has at least two more in the pipeline. "That one's very much an academic book. The next one is more straightforward and is more about my take on different security issues." Gutmann's role at Auckland University doesn't pay anything but it allows him to do what he likes. His income is derived from one of those products nobody's ever heard of but which many of us use - Cryptlib. Cryptlib is in embedded products such as ATM machines and print servers, for authenticating user rights to a particular printer. "It's widely used but invisible. Basically it's a general purpose tool used inside applications so most people don't even know it's there." Gutmann says this is the best approach to issues like email encryption - make it happen automatically. "PGP has been around for over a decade and has a tiny market share still." Cryptlib, by comparison, is marketed by health software developer Orion Systems. "There are plenty of cool people using it but if I tell you who they are they'll kill me," says Gutmann, only half joking. Gutmann didn't set out to be a cryptographer. "I was working in data compression but you really can't make much of a difference there. I sort of drifted into cryptography." Gutmann says his approach isn't one of maths-intensive algorithms. "There's very little maths involved. Basically that part of it's secure these days. It costs too much in terms of time and effort to break the code to make it worthwhile. I work on the stuff around that to make sure that's defensible." Gutmann offers the example of public keys. "What's the point of securing your system with the most up-to-date encryption technology if you email someone your key in an insecure manner?" Gutmann likes to quote cryptographer Bruce Schneier on the subject. "Basically he says it's like putting a large iron stake in the ground in your front garden and hoping the burglar will run into it. It's the rest of the garden that matters as well." So Gutmann isn't worried that if he's too good at his job he'll do himself out of a career. "As long as there are computers we'll need security people." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Mon Apr 5 08:31:45 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 5 Apr 2004 10:31:45 -0500 Subject: Shock waves from Fallujah In-Reply-To: <6.0.3.0.0.20040404123315.037dc670@pop.idiom.com> References: <406DDBC4.98EA6211@cdc.gov> <6.0.3.0.0.20040404123315.037dc670@pop.idiom.com> Message-ID: At 12:35 PM -0800 4/4/04, Bill Stewart wrote: >Correct me if I'm wrong, but I assume the purpose of a fence around the >Capitol >would be to keep those pesky Congresscritters _in_, >not to keep other people out? Hmmm... Maybe something on the order of a lobster trap. Offer 'em a free lunch. They'll believe *that* one... Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Mon Apr 5 09:12:28 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 5 Apr 2004 11:12:28 -0500 Subject: Ban Is Eased on Editing Foreign Work Message-ID: The New York Times April 5, 2004 Ban Is Eased on Editing Foreign Work By THE NEW YORK TIMES ASHINGTON, April 4 - The federal government has eased a ban on editing manuscripts from nations that are under United States trade embargoes, a move that appears to leave publishers free once again to edit scholarly works from Iran and other such countries. The Treasury Department sent a letter on Friday to a lawyer for the Institute of Electronic and Electrical Engineers, an international group representing more than 360,000 engineers and scientists, saying the organization's peer review, editing and publishing was "not constrained" by regulations from the department's Office of Foreign Assets Control. The group says its members produce 30 percent of the world's literature in electrical and electronics engineering and computer science. The letter from the Treasury Department referred specifically to publishing by the institute, but Arthur Winston, the group's president, said he believed the ruling would be "a relief for nearly everyone" in the scholarly publishing community. "The ruling eliminates potentially disturbing U.S. government intrusions on our scholarly publishing process," Mr. Winston said. No one at the Treasury Department could be reached for comment Sunday night on the ruling. The department and publishers have long quarreled over the exemption of "information or informational materials" from the nation's trade embargoes. Congress has generally allowed such exemptions. Nonetheless, the Treasury Department sent out advisory letters over the past year telling publishers who were editing material from a country under a trade embargo that they were forbidden to reorder paragraphs or sentences, correct syntax or grammar, replace "inappropriate words" or add illustrations. The advisories concerned Iran, but experts said the ruling seemed to extend to Cuba, Libya, North Korea and other nations with which most trade is banned without a government license. In theory, even routine editing on manuscripts from those countries could have subjected publishers to fines of $500,000 and 10 years in jail. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Mon Apr 5 11:19:34 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 5 Apr 2004 13:19:34 -0500 Subject: Private U.S. Guards Take Big Risks for Right Price In-Reply-To: <407192EF.AB274666@cdc.gov> References: <407192EF.AB274666@cdc.gov> Message-ID: At 10:10 AM -0700 4/5/04, Major Variola (ret) wrote: > Atoms >matter. *Markets* matter, which *was* my point, originally in this thread. Not Mercs. Markets are how you convert bits to atoms. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Mon Apr 5 04:21:14 2004 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 5 Apr 2004 13:21:14 +0200 Subject: States Link Databases to Find Tax Cheats (fwd from brian-slashdotnews@hyperreal.org) Message-ID: <20040405112114.GF28136@leitl.org> ----- Forwarded message from brian-slashdotnews at hyperreal.org ----- From eugen at leitl.org Mon Apr 5 09:17:46 2004 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 5 Apr 2004 18:17:46 +0200 Subject: Wiretaps led to arrests of terror suspects Message-ID: <20040405161746.GZ28136@leitl.org> http://www.globeandmail.com/servlet/ArticleNews/TPStory/LAC/20040405/KHAWAJA0 5/National/Idx Wiretaps led to arrests of terror suspects By COLIN FREEZE AND ALAN FREEMAN Monday, April 5, 2004 - Page A8 OTTAWA and LONDON -- The tapping of e-mails and overseas phone calls by a host of Western spy agencies led to the arrests last week of terrorism suspects in Canada and Britain, including an Ottawa man who had been under scrutiny for at least four weeks. The RCMP and Scotland Yard launched separate operations after an alarming e-mail was picked up by a U.S. intelligence agency in February, sources said. The U.S. National Security Agency, which electronically monitors millions of conversations daily, reportedly picked through the chatter to find a message sent from Pakistan to England. According to the Sunday Times and The Guardian in Britain, several intercepted communications showed links between suspected senior al-Qaeda figures in Pakistan and an alleged bomb plot thwarted last week in Britain. Nine men of mostly Pakistani heritage were rounded up there along with a half-tonne of bomb-making chemicals, as hundreds of officers joined in simultaneous and urgent raids. The RCMP say the British raids are linked to the arrest of Mohammed Momin Khawaja in Ottawa 12 hours earlier. The 24-year-old software developer remains in prison, but is described locally as an exemplary young man -- a solitary figure from a good family, taking Arabic courses but keeping mostly to himself. He recently travelled to England and Pakistan. Family members say he went abroad to look for a wife. They further insist that global spy agencies somehow got their signals crossed. "How's it related to my brother, do you know what I mean? Somebody's making phone calls to maybe England or Pakistan or whatever, how is it related to my brother here in Canada?," said Qasim Khawaja, 26. After visiting him this weekend, he said his younger brother is "totally calm, smiling and just laughing" about the situation. "He thinks there's a misunderstanding and they are overblowing it." He said that during the raid, Mounties showed the family papers that said their e-mails and phone calls have been listened in on since Feb. 27, after his brother returned to Canada from his travels abroad. Qasim, also a computer programmer, questioned the value of such eavesdropping as an investigative technique. "Most of the people that are questioning us had a hard time using e-mails, you know what I mean? They are much older guys and they don't understand technology like we do. . . . nowadays viruses can even send e-mails, you know what I mean?" Investigators have continued to track down friends, family and nearly forgotten acquaintances across North America, he said. Mr. Khawaja said his father Mahboob, the 62-year-old head of the family, surfaced this weekend in Saudi Arabia, where he has been in police custody for several days. His family said police allowed him to call this week and confirm that he had been detained after the raid on his former home in Ottawa. He said he is being treated well, according to Qasim. Canadian agencies say they had no role to play in the arrest of the elder Mr. Khawaja, one of the founding members of Ottawa's 40,000-member Muslim community who left Pakistan 35 years ago and recently moved to Saudi Arabia to manage a polytechnic school. His Canadian family planned to visit next month, but the RCMP seized their passports and airline tickets in the raid. >From Saudi Arabia yesterday, a family friend said Mahboob Khawaja is "a normal guy." "I didn't see him as a fanatic or anything," said Mohamed Farhat Mehdi. He said that his friend often spoke of his family in Ottawa and "he talks with his Internet quite often." -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From eugen at leitl.org Mon Apr 5 09:36:51 2004 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 5 Apr 2004 18:36:51 +0200 Subject: how much anonymity an internet cafe provides Message-ID: <20040405163651.GB28136@leitl.org> http://www.linux.ie/pipermail/ilug/2004-April/013049.html [ILUG] [Fwd: I fought the scammer... and I won.] John Allman allmanj at houseofireland.com Mon Apr 5 09:33:39 IST 2004 * Previous message: [ILUG] bringing users to Linux (RFC) * Next message: [ILUG] [Fwd: I fought the scammer... and I won.] * Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] Some of you who were on #linux on friday will know part or most of this story already as i witnessed some of it (while drinking a truly delicious hot chocolate). For those of you who don't, the following is a report written up by a friend of mine on his succussful (or at least, it's looking good) attempt to stop and catch a 419 scammer. I feel it's worth the read John -------- Original Message -------- Subject: I fought the scammer... and I won. Date: Fri, 02 Apr 2004 21:54:30 +0100 From: Steffen Higel To: John Allman , paulinemccaffrey at eircom.net, stevecash at ireland.com, tony.odonnel at cs.tcd.ie, declan.dagger at cs.tcd.ie, edwin.higel at brookside.ie, marynstanley at eircom.net, richard.bannister at cs.tcd.ie, oconnoat at tcd.ie, jean.higgins3 at mail.dcu.ie [This is long, and is quite heavy on the technical discussion. Skip the bits you don't understand. It gets interesting.] I work for a busy Dublin Internet cafe, doing some sysadmining and general computer maintenance. On Sunday the 28th of March, I got a rather distressing email from a sysadmin in a large U.S. University. Spamcop had blacklisted our server's external IP address. Abuse mail for the server in question gets sent to my college account (bad practice, I know, but it's a part time job). My college uses Spamcop as a blacklist source. You can probably tell what happened... Anyway, said email included the full headers of an email which was natted by our server pretending to be from the widow of Mr. Jonas Savimbi, offering the recipient a share of an unspecified large sum of money. The usual panicked thoughts kick in... "Have I fiddled with something which has left us as an open relay?", "Has our server been cracked?", "Have I been sleep-spamming again?". A more reasoned examination of the headers showed that the mail had originated from one of the IP addresses that we assign dynamically to people who bring laptops into the cafe. This is something of a nightmare for cafe operators, we can hardly block outbound smtp but then again it isn't possible for us to manually check every single mail either. Maybe rate limiting is a valid technical solution. Or a contraption which hits the user on the head for every mail they send. So if they send 1 an hour, it's a mild nuisance. But if they send 100 a minute, it'll probably kill them. A peek through the logs revealed: Mar 26 15:04:16 server dhcpd-2.2.x: DHCPDISCOVER from 00:40:f4:5d:aa:f7 via eth1 Mar 26 15:04:17 server dhcpd-2.2.x: DHCPOFFER on 192.168.1.70 to 00:40:f4:5d:aa:f7 via eth1 Mar 26 15:04:17 server dhcpd-2.2.x: DHCPREQUEST for 192.168.1.70 from 00:40:f4:5d:aa:f7 via eth1 Mar 26 15:04:17 server dhcpd-2.2.x: DHCPACK on 192.168.1.70 to 00:40:f4:5d:aa:f7 via eth1 Mar 26 15:04:20 server dhcpd-2.2.x: DHCPREQUEST for 192.168.1.70 from 00:40:f4:5d:aa:f7 via eth1 Mar 26 15:04:20 server dhcpd-2.2.x: DHCPACK on 192.168.1.70 to 00:40:f4:5d:aa:f7 via eth1 Bingo. I had something to work with. The network card is one based on a Cameo 32bit chipset. Matches up quite nicely with these: From Poindexter at SAFe-mail.net Mon Apr 5 17:48:18 2004 From: Poindexter at SAFe-mail.net (Poindexter at SAFe-mail.net) Date: Mon, 5 Apr 2004 20:48:18 -0400 Subject: Choicepoint - collecting the data of our lives Message-ID: And you thought my Information Awareness program was a threat? "The Constitution guarantees some privacy, but not anonymity, Smith has said repeatedly. The courts concur. People have no right to lie about who they are, or to request credentials that convey rights and privileges - such as driver's licenses or permits - without proving their identities. The people who wish to remain anonymous trouble Smith the most. "It is the anonymous person," he writes, "or small group of people, who represent the greatest risks - economic, physical or emotional - facing us today." http://www.govexec.com/features/0304/0304s1.htm From rah at shipwright.com Tue Apr 6 17:19:46 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 6 Apr 2004 20:19:46 -0400 Subject: Firm invites experts to punch holes in ballot software Message-ID: Ah, the old hack-me "contest" arrives in the electronic voting business. I love the smell of burning snake-oil in the morning... Cheers, RAH ------- Firm invites experts to punch holes in ballot software By Robert Lemos CNET News.com April 6, 2004, 4:23 PM PT URL: http://zdnet.com.com/2100-1105-5186016.html VoteHere, a maker of security software for voting machines, published the source code for its product online in hopes of garnering additional analysis of its method for verifying the integrity of electronic votes. The company, which has patented its VHTi technology, wants comments, not competition, so it released the code and several documents to its Web site under a license that restricts use of the code to analysis for a period of 60 days. "We pride ourselves on being good students of cryptography," said Jim Adler, founder and CEO of the Bellevue, Wash., company. "We know there is no security through obscurity, so we want to be open." Revealing encryption algorithms for peer review is a standard practice in encryption circles and allows experts to poke holes in other people's technology. VoteHere hopes the additional scrutiny will prove that its technology is sound, Adler said. The company's software is designed to let voters verify that their ballots were properly handled. It assigns random identification numbers to ballots and candidates. After people vote, they get a receipt that shows which candidates they chose--listed as numbers, not names. Voters can then use the Internet and their ballot identification number to check that their votes were correctly counted. "It doesn't protect the system from compromise, but it detects when compromises happen," Adler said. "We are the barking dogs: If anything touches the ballots, it can be detected." The move comes as questions arise about the security of electronic and Internet voting. Though few problems with electronic voting machines arose on March 1, Super Tuesday, many problems have cropped up during other elections. Some states, Michigan among them, are going full bore to ballots cast on the Internet, despite some computer scientists' concerns that the Net is not secure enough to prevent election tampering. About 28 percent of Michigan voters cast their ballot online in February during that state's Democratic caucus. In the same month, the Department of Defense backed away from plans to conduct a trial that could have let the 6 million Americans abroad cast their vote online. VoteHere has had its own security issues to deal with as well. In December, the company called in the FBI to investigate a breach in the company's network. Adler said the investigation was ongoing and stressed that VoteHere's plans to release source code had been in the works since last summer. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From hseaver at cybershamanix.com Tue Apr 6 20:15:51 2004 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Tue, 6 Apr 2004 22:15:51 -0500 Subject: Muslim Rivals Unite In Baghdad Uprising Message-ID: <20040407031551.GA8146@cybershamanix.com> Bwaaaahhhahahahhahah --ROFL This thing is getting funnier by the minute. " On Monday, residents of Adhamiya, a largely Sunni section of northern Baghdad, marched with followers of Moqtada Sadr, the militant Shiite cleric whose call for armed resistance was answered by local Sunnis the same afternoon, residents said." http://www.washingtonpost.com/wp-dyn/articles/A56091-2004Apr6.html -- Harmon Seaver CyberShamanix http://www.cybershamanix.com Hokay hey! From mv at cdc.gov Wed Apr 7 08:49:41 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 07 Apr 2004 08:49:41 -0700 Subject: [Politech] Reason magazine cover story has unusual privacy theme Message-ID: <40742315.9C02C9B2@cdc.gov> _Reason_ pulls a cryptomesque BigEye op on subscribers: From mv at cdc.gov Wed Apr 7 08:56:16 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 07 Apr 2004 08:56:16 -0700 Subject: Firm invites experts to punch holes in ballot software Message-ID: <407424A0.67B5D899@cdc.gov> Peter, what would be wrong with having a machine in the booth that prints any valid receipt BUT is not connected to the voting system. "To vote use the red machine; if you're being coerced you can use the blue machine to print as many receipts as intimidators." A trade off between (mild) user complexity and the desire for receipts (without coercion). At 10:17 AM 4/7/04 -0400, Trei, Peter wrote: >This is kind of broken. Allowing the voter to get a receipt which >they take away with them for verification may allow the voter to verify >that their vote was recorded as cast, but also allows coercion and >vote buying. > >To their credit, the creators thought of this, and suggest a >partial procedural fix in the threat analysis document: > > P4. Let voters discard verification receipts in poll site trash > can and let any voter take them > Result: Buyer/coercer can't be sure voter generated verification >receipt > > P5. Have stacks of random printed codebooks freely available in poll >site > Result: Vote buyer/coercer can't be sure captured codebook was used > > P6. Have photos of on-screen codebooks freely available on-line > Result: Vote buyer/coercer can't be sure captured codebook was used > >The first problem, or course, is that a person under threat of >coercion will need to present the coercer with a receipt showing >exactly the mix of votes the coercer required. This is leads >to a combinatorial explosion of fake receipts that need to be available. > >Having only one vote on each receipt might mitigate this, but it still >gets really messy. > >Second, it's not clear how this protects against the coercer checking the >ballot online - will every fake also be recorded in the system, so >it passes the online check? Having both real and fake ballots in >the verification server makes me very nervous. > >Its possible I've missed something - this is based on a quick glance >through the online documents, but I don't see any advantage this >system has over the much more discussed one where the reciept is >printed in a human readable way, shown to the voter, but retained >inside the machine as a backup for recounts. > >Just my private, personal opinion. > >Peter Trei From mv at cdc.gov Wed Apr 7 09:49:20 2004 From: mv at cdc.gov (Major Variola (ret.)) Date: Wed, 07 Apr 2004 09:49:20 -0700 Subject: Utah vs. first amendment, global 'net, cookies Message-ID: <40743110.893B7B63@cdc.gov> (I'm not defending hostile spyware but there are problems with the law..) http://www.pcworld.com/news/article/0,aid,115527,00.asp Tom Spring, PC World Friday, April 02, 2004 Utah has become the first state to make spyware a crime, passing a law that makes it illegal to install such programs on a PC without approval. Starting in early May, violators face a fine of $10,000 per incident, under the new Spyware Control Act. The Utah law aims to regulate the use of spyware and other advertising software, which is infamous for annoying computer users by tracking and reporting their Web whereabouts and displaying ads. A software company that wants to load a surveillance program onto a Utah user's PC must make full disclosure, under the law. It must reveal what user behavior its software records, what information goes back to a central server, how often ads will appear, and how the ads look. Vendors must also clearly state the purpose of the downloaded software and any changes it makes to a PC's system. Opponents say the Spyware Control Act is a legal threat to a technology company's right to innovate. Hackett says the Utah law could be interpreted to ban free ad-sponsored software, and perhaps even threaten common e-mail programs that track when and which messages are delivered. State Rep. Urquhart says the law will let a Utah firm sue a spyware company that doesn't follow the Spyware Control Act, when its program displays ads on the Web site of a Utah-based business. He also says the act will help protect consumers by forcing spyware companies to be more upfront about their software. From ptrei at rsasecurity.com Wed Apr 7 07:17:53 2004 From: ptrei at rsasecurity.com (Trei, Peter) Date: Wed, 7 Apr 2004 10:17:53 -0400 Subject: Firm invites experts to punch holes in ballot software Message-ID: >Firm invites experts to punch holes in ballot software > The company's software is designed to let voters verify that their ballots >were properly handled. It assigns random identification numbers to ballots >and candidates. After people vote, they get a receipt that shows which >candidates they chose--listed as numbers, not names. Voters can then use >the Internet and their ballot identification number to check that their >votes were correctly counted. This is kind of broken. Allowing the voter to get a receipt which they take away with them for verification may allow the voter to verify that their vote was recorded as cast, but also allows coercion and vote buying. To their credit, the creators thought of this, and suggest a partial procedural fix in the threat analysis document: P4. Let voters discard verification receipts in poll site trash can and let any voter take them Result: Buyer/coercer can't be sure voter generated verification receipt P5. Have stacks of random printed codebooks freely available in poll site Result: Vote buyer/coercer can't be sure captured codebook was used P6. Have photos of on-screen codebooks freely available on-line Result: Vote buyer/coercer can't be sure captured codebook was used The first problem, or course, is that a person under threat of coercion will need to present the coercer with a receipt showing exactly the mix of votes the coercer required. This is leads to a combinatorial explosion of fake receipts that need to be available. Having only one vote on each receipt might mitigate this, but it still gets really messy. Second, it's not clear how this protects against the coercer checking the ballot online - will every fake also be recorded in the system, so it passes the online check? Having both real and fake ballots in the verification server makes me very nervous. Its possible I've missed something - this is based on a quick glance through the online documents, but I don't see any advantage this system has over the much more discussed one where the reciept is printed in a human readable way, shown to the voter, but retained inside the machine as a backup for recounts. Just my private, personal opinion. Peter Trei From camera_lumina at hotmail.com Wed Apr 7 07:45:09 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 07 Apr 2004 10:45:09 -0400 Subject: Muslim Rivals Unite In Baghdad Uprising Message-ID: I swear you can see flopsweat on Rumsfeld as he's trying to explain troop buildup as being more or less a deployment accident (though soon to be followed by non-accidental buildups). Even this arrogant little fuck now realizes he's stepped in deep doo-doo. As for the laughter, I'll be laughing too until the next round of planes perform a little touchdown downtown here. Ah well. I suckle from the breast of US big-business...those are the risks I take. -TD >From: Harmon Seaver >To: cypherpunks at minder.net >Subject: Muslim Rivals Unite In Baghdad Uprising >Date: Tue, 6 Apr 2004 22:15:51 -0500 > >Bwaaaahhhahahahhahah --ROFL This thing is getting funnier by the minute. > >" On Monday, residents of Adhamiya, a largely Sunni section of northern >Baghdad, >marched with followers of Moqtada Sadr, the militant Shiite cleric whose >call >for armed resistance was answered by local Sunnis the same afternoon, >residents >said." > >http://www.washingtonpost.com/wp-dyn/articles/A56091-2004Apr6.html > > >-- >Harmon Seaver >CyberShamanix >http://www.cybershamanix.com >Hokay hey! > _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar  get it now! http://toolbar.msn.com/go/onm00200415ave/direct/01/ From rah at shipwright.com Wed Apr 7 08:48:52 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 7 Apr 2004 11:48:52 -0400 Subject: VoteHere Release Audit Trail Code Message-ID: Internetnews.com VoteHere Release Audit Trail Code By Jim Wagner April 7, 2004 E-voting software developer VoteHere made its audit checking source code available for download Tuesday in a bid to prove its software does what it promises: provide a verifiable audit trail over every citizen's vote. Much of the debate surrounding the electronic tabulation of votes has centered on the machines' ability (or inability in this case) to record votes and then let voters and election officials verify the correct vote was entered and stored in the central repository. Jim Adler, VoteHere founder, said the source code makes good on its promise back in August 2003 when the company announced a partnership with e-voting machine manufacturer Sequoia, to release the code for all to see. "We're a bunch of cryptographers and as students of cryptography, we know there's no real security in obscurity and feel that openness and transparency are an important part of the process, especially with technology that is used to audit an e-voting machine," he told internetnews.com. To date, attempts by e-voting opponents to get software makers to release their code for public scrutiny have met with failure. The most notable case dealt with manufacturer Diebold Election Systems, which filed cease-and-desist orders against a group of college students who discovered vulnerabilities in its machines and posted their findings on the Internet, as well as anyone who put links to the vulnerabilities on their Web site and their Internet service providers (ISP). In December 2003, the company withdrew the orders after the college students, through the Electronic Frontier Foundation (EFF) filed suit against them. Eight days later, Diebold and five other manufacturers banded together under the Information Technology Association of America to "identify and address security concerns" and "raise the profile of electronic voting." VoteHere officials expect the open-sourcing of its audit trail will close the debate on its area of security, at least. Though it's software only runs on Sequoia's machines, Adler said the manufacturer makes up 20 to 30 percent of the industry's market share. The company paid Dr. Robert Baldwin, co-founder of California-based Plus Five Consulting and former technical director of RSA Security, to conduct an independent analysis of its code, who said he was in no way affiliated with VoteHere. "We actually found fewer types of problems than we normally find when we look at other people's code," he told internetnews.com. "I think they definitely had an eye towards producing higher-quality code because they knew somebody was going to go looking at it. The software could easily look at 100 million-person audit trail and verify it within an hour." Individuals who want to review the code can download it here: -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From ptrei at rsasecurity.com Wed Apr 7 10:16:46 2004 From: ptrei at rsasecurity.com (Trei, Peter) Date: Wed, 7 Apr 2004 13:16:46 -0400 Subject: Firm invites experts to punch holes in ballot software Message-ID: Major Variola (ret) wrote: >Peter, what would be wrong with having a machine in the booth that >prints >any valid receipt BUT is not connected to the voting system. "To vote >use the red machine; if you're being coerced you can use the blue >machine >to print as many receipts as intimidators." >A trade off between (mild) user complexity and the desire for receipts >(without coercion). The system described allows the user to take a reciept (which has only numbers on it) and use a website to determine that the vote was recorded correctly. A decoy receipt would also have to pass this test. Frankly, the whole online-verification step seems like an unneccesary complication. * Both real and decoy receipts would have to be in the database for verification - which bothers me a lot. * There seems to be no provision for recounts - what are they supposed to do - have everybody send in their receipts? How can you tell the decoys from the real? I give VoteHere kudos for releasing their source, but it doesnt solve the e-voting problem. Peter Trei From egerck at nma.com Wed Apr 7 13:40:29 2004 From: egerck at nma.com (Ed Gerck) Date: Wed, 07 Apr 2004 13:40:29 -0700 Subject: Firm invites experts to punch holes in ballot software References: <407459B7.2030609@systemics.com> Message-ID: <4074673D.1F58ABAC@nma.com> The principle here is that no one should be able to prove how the voter voted, not even the voter. Yes, votes need to be verified and voters are certainly one party that can do it. However, you never want to allow the voter to take any kind of "receipt" out of the voting station if that receipt can be used to determine how the voter voted, e.g. by matching a number or pattern on the ballot, even if to the voter. Otherwise, vote selling and coercion cannot be prevented. Cheers, Ed Gerck Ian Grigg wrote: > > Trei, Peter wrote: > > Frankly, the whole online-verification step seems like an > > unneccesary complication. > > It seems to me that the requirement for after-the-vote > verification ("to prove your vote was counted") clashes > rather directly with the requirement to protect voters > from coercion ("I can't prove I voted in a particular > way.") or other incentives-based attacks. > > You can have one, or the other, but not both, right? > > It would seem that the former must give way to the latter, > at least in political voting. I.e., no verification after > the vote. > > iang > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From rah at shipwright.com Wed Apr 7 11:19:50 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 7 Apr 2004 14:19:50 -0400 Subject: The wrong stuff: what it takes to be a TSA terror suspect Message-ID: The Register Biting the hand that feeds IT The Register ; Internet and Law ; Original URL: http://www.theregister.co.uk/2004/04/07/aclu-suit/ The wrong stuff: what it takes to be a TSA terror suspect By John Lettice (john.lettice at theregister.co.uk) Published Wednesday 7th April 2004 17:47 GMT The plaintiffs' statements in an American Civil Liberties Union lawsuit against the Department of Homeland Security and the Transport Security Administration provides some useful clues about what it takes to make the grade as a dangerous terror suspect. Career USAF Master Sergeant and mother of three? Retired Presbyterian Minister? ACLU special projects co-ordinator with Pakistani-type name? Well yes, that last one might not have come entirely as a surprise to you, but the ACLU has chosen its sample plaintiffs well. They are all American citizens who've experienced repeated delays and embarrassments because they are on the shady 'no fly' list distributed to US airlines by the TSA. No reason for their presence on this list is obtainable, and there would appear to be no easy mechanism for getting off it. According to the statement of Rev John F Shaw (71), when he complained to the TSA's Ombudsman's office a TSA agent explained "that the list is computer-generated and linked to another database known as CAPPS." The CAPPS link is a strong signal that the no fly list will in the future be substantially expanded as the TSA expands its use of airline passenger data. The statements also indicate that the TSA itself has no ready mechanism for getting people off the list. It seems to agree with some of the plaintiffs that they're false positives, but they keep getting the treatment on subsequent flights anyway. Two of the plaintiffs have actually been given letters from the TSA verifying their identity, but one of these still experiences problems. The second, student Alexandra Hay, was given a personal escort through Philadelphia Airport by the TSA along with the letter after the ACLU threatened to sue on her behalf. Attorney David Nelson meanwhile reports he has been stopped over 40 times, and that other people called David Nelson, including the one who's a sitcom star, have had similar problems. The ACLU is asking that the court declare that the no-fly list violates passengers' constitutional rights to freedom from unreasonable search and seizure and due process of law under the Fourth and Fifth Amendments. . Related link ACLU launches suit (http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=15430&c=272) -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From iang at systemics.com Wed Apr 7 12:42:47 2004 From: iang at systemics.com (Ian Grigg) Date: Wed, 07 Apr 2004 15:42:47 -0400 Subject: Firm invites experts to punch holes in ballot software In-Reply-To: References: Message-ID: <407459B7.2030609@systemics.com> Trei, Peter wrote: > Frankly, the whole online-verification step seems like an > unneccesary complication. It seems to me that the requirement for after-the-vote verification ("to prove your vote was counted") clashes rather directly with the requirement to protect voters from coercion ("I can't prove I voted in a particular way.") or other incentives-based attacks. You can have one, or the other, but not both, right? It would seem that the former must give way to the latter, at least in political voting. I.e., no verification after the vote. iang From s.schear at comcast.net Wed Apr 7 15:46:44 2004 From: s.schear at comcast.net (Steve Schear) Date: Wed, 07 Apr 2004 15:46:44 -0700 Subject: Some more anarchy and capitalism -- Fwd: [dgc.chat] Starving the Bastards in Bolivia Message-ID: <6.0.1.1.0.20040407154541.055637d0@mail.comcast.net> >Bolivia is a poor country. Nevertheless, no one, however poor, ever >starves in Bolivia: food is dirt cheap and readily available. > >In contrast, the government is starving to death. What joy! It is >desperate for increased revenue and is preoccupied with schemes for >new taxes etc. You may recall that last year the president, Gonzalo >Sanchez de Lozada, was driven out of the country because he tried to >impose an income tax. The new president, Carlos Mesa, has proposed >3 (three!) separate programs in the last few months for various new >kinds of taxes to raise revenue. And he has been forced to withdraw >all of them. > >The bureacrats' whining is getting deafening. > >http://www.el-deber.net/20040317/nacional_3.html > >Mesa negocia fondos externos para salarios >Mesa seeks external fund for salaries > >El Presidente insistis ayer en Cochabamba en la necesidad de mejorar >la situacisn financiera del Estado >Yesterday in Cochabamba, the president urged the necessity of >improving the >financial situation of the State. > >El gobierno teme un colapso fiscal. Ya no hay dinero para pagarles a los >funcionarios >pzblicos y por ello apela a un pacto para salir de la crisis. >The government is afraid of a fiscal collapse. There is now no money to >pay the public >servants and for that it appeals for an agreement for escaping the crisis. > >Tras alertar sobre la posibilidad de un colapso fiscal del pams, el >presidente Carlos Mesa >revels ayer que su gobierno negocia con la comunidad internacional fondos >para el pago >de salarios en el sector pzblico. >Announcing the possibility of a fiscal collapse of the country, the >president Carlos >Mesa revealed yesterday that his government is negotiating with the IMF in >order >to pay the salaries of the public sector. > >Note that he says there might be a fiscal collapse of the *country* when >it is not >the country but the government that might collapse. There is no chance of >the civil >society collapsing. We can only hope that the government does so the >society will >be freed from it. Also note what foreign aid is sought for: not to aid >the people of >Bolivia but to prop up the apparatus of the State. > > >Best, > >CCS > > >------------------------------------------------------ Anarchy may not be a better form of government, but it's better than no government at all. From ptrei at rsasecurity.com Wed Apr 7 13:10:34 2004 From: ptrei at rsasecurity.com (Trei, Peter) Date: Wed, 7 Apr 2004 16:10:34 -0400 Subject: Firm invites experts to punch holes in ballot software Message-ID: > Ian Grigg[SMTP:iang at systemics.com] wrote: > > Trei, Peter wrote: > > Frankly, the whole online-verification step seems like an > > unneccesary complication. > > It seems to me that the requirement for after-the-vote > verification ("to prove your vote was counted") clashes > rather directly with the requirement to protect voters > from coercion ("I can't prove I voted in a particular > way.") or other incentives-based attacks. > > You can have one, or the other, but not both, right? > > It would seem that the former must give way to the latter, > at least in political voting. I.e., no verification after > the vote. > > iang > Yes, that seems to be the case. Note that in the current (non computer) systems, we have no way to assure that our votes actually contributed to the total, but the procedural stuff of having mutually hostile observers to the counting process makes deliberate discarding of one side's votes less likely. (Non-deliberate losses - such as the recent failure to record cards marked with the wrong kind of pen - can still happen). VoteHere, while they seem to be well-meaning, have not solved the problem. Mercuri & Rivest have described how to do it right; we just need someone to buld or retrofit the machines appropriately. Peter Trei From Michael_Heyman at NAI.com Wed Apr 7 13:14:59 2004 From: Michael_Heyman at NAI.com (Michael_Heyman at NAI.com) Date: Wed, 7 Apr 2004 16:14:59 -0400 Subject: Firm invites experts to punch holes in ballot software Message-ID: <5856CEA9F0E6244CB2A8F77162041781082532@rocexmb1.corp.nai.org> > From: owner-cryptography at metzdowd.com > [mailto:owner-cryptography at metzdowd.com] On Behalf Of Trei, Peter > Sent: Wednesday, April 07, 2004 1:17 PM > [SNIP] > > Frankly, the whole online-verification step seems like an > unnecessary complication. > Except to those of us who don't trust the system. Implemented correctly it could be cheap and complications could be hidden from the voter. It could be cheaper - no need to pay people to do an audit when "the people" will do it for you. You only need a small fraction of "the people" to verify their votes to get a high level of confidence that the election is valid. You only need one failure to cast doubt on the election. This requires an un-forgeable receipt that cannot be used for coercion. Un-forgeable we have been doing for a while now with lots of different PK options. A receipt that cannot be used for coercion cannot give any indication to others of who you voted for. Right now this is a big complication (at least to me - I don't know how to create such a receipt that doesn't require mental gymnastics on the part of the voter). -Michael Heyman --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From rah at shipwright.com Wed Apr 7 13:19:12 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 7 Apr 2004 16:19:12 -0400 Subject: Firm invites experts to punch holes in ballot software In-Reply-To: References: Message-ID: At 1:16 PM -0400 4/7/04, Trei, Peter wrote: >I give VoteHere kudos for releasing their source, but it doesnt >solve the e-voting problem. As far as I can figure, the only way to solve the "voting problem" is to sell your votes. Frankly, I think the "voting problem" is a boundry problem between financial cryptography and political cryptography, the latter of which I could give a damn about, except for purposes of low comedy. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From paul.zuefeldt at ClearLogicSolutions.com Wed Apr 7 14:23:38 2004 From: paul.zuefeldt at ClearLogicSolutions.com (Paul Zuefeldt) Date: Wed, 7 Apr 2004 16:23:38 -0500 Subject: Firm invites experts to punch holes in ballot software References: <5856CEA9F0E6244CB2A8F77162041781082532@rocexmb1.corp.nai.org> Message-ID: <012a01c41ce6$9839d800$0500a8c0@dell166> Maybe the receipt should only allow the voter to check that his vote has been counted. To get the detail you could require him to appear in person with his receipt AND a photo ID or some such, then only allow him to view his detail -- not print it. Paul Zuefeldt ----- Original Message ----- From: To: ; Sent: Wednesday, April 07, 2004 3:14 PM Subject: RE: Firm invites experts to punch holes in ballot software > From: owner-cryptography at metzdowd.com > [mailto:owner-cryptography at metzdowd.com] On Behalf Of Trei, Peter > Sent: Wednesday, April 07, 2004 1:17 PM > [SNIP] > > Frankly, the whole online-verification step seems like an > unnecessary complication. > Except to those of us who don't trust the system. Implemented correctly it could be cheap and complications could be hidden from the voter. It could be cheaper - no need to pay people to do an audit when "the people" will do it for you. You only need a small fraction of "the people" to verify their votes to get a high level of confidence that the election is valid. You only need one failure to cast doubt on the election. This requires an un-forgeable receipt that cannot be used for coercion. Un-forgeable we have been doing for a while now with lots of different PK options. A receipt that cannot be used for coercion cannot give any indication to others of who you voted for. Right now this is a big complication (at least to me - I don't know how to create such a receipt that doesn't require mental gymnastics on the part of the voter). -Michael Heyman --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From gabe at seul.org Wed Apr 7 13:43:18 2004 From: gabe at seul.org (Gabriel Rocha) Date: Wed, 7 Apr 2004 16:43:18 -0400 Subject: Anarchy and Capitalism in Africa of all places... Message-ID: <20040407164317.A8646@seul.org> http://www.economist.com/World/africa/PrinterFriendly.cfm?Story_ID=2559183 (it requires a login... article pasted below) I specially like the part about taxation and the difficulties of implementing it... Somalia Coke and al-Qaeda Apr 1st 2004 | MOGADISHU >From The Economist print edition Reuters Africa's most chaotic country is a bit calmer, but probably still home to anti-western terrorists Get article background THERE are two ways to run a business in Somalia. You can pay off the local warlord, not always the most trustworthy of chaps, and hope he will stop his militiamen from murdering your staff. Or you can tell him to get stuffed and hire your own militia. After 13 years of civil war, businessmen are increasingly plumping for the latter option, and their defiance has been rewarded. A veneer of normality is returning to the world's most chaotic country. An economy, of sorts, is beginning to thrive. Somalia's first Coca-Cola bottling plant opened in the capital, Mogadishu, last month. That its carbon dioxide chambers are encased in mortar-proof reinforced concrete is almost beside the point. Somalis now have the opportunity to rot their teeth like anyone else, and that feels good. Countrywide distribution will be smoothed by the presence of hundreds of experienced security guards, who are also responsible for protecting the odd foreign expert who drops in. Newcomers are encouraged to calm their nerves by firing off a few rounds or lobbing a hand-grenade shortly after arrival. It really works, enthuses a visiting Kenyan engineer. Perversely, this renaissance has been made possible by Somalia's continuing fragmentation. There is still no proper central government but, where once there was only a handful of warlords, there are now at least 24, and that is only the serious ones. With smaller fiefs to pillage, few can now afford the $100,000 or more that it costs to wage a six-hour battle, so such battles are less common. This is what passes for peace in Somalia, and it is enough to tempt many homesick exiles to return. They bring money as well as skills and contacts. In the past few years, hospitals, schools, businesses and even a university have appeared. In some ways, anarchy makes doing business easier. There are no formal taxesgiven how heavily-armed the average Somali is, these would be hard to collectand no regulation whatsoever. But the costs of chaos outweigh the benefits. You can roar through a warlord's road block unmolested if you have ten gunmen in the back of your pickup, but you have to pay your gunmen. Nationlink, one of the country's three mobile-phone operators, employs 300 guards to protect 500 staff. Everyone yearns for a restoration of stability and a proper government. A dozen attempts at negotiating a formal peace have failed. But since September 11th 2001, western governments, anxious to prevent al-Qaeda from using Somalia as a base, have pressed the warlords to make peace. On January 29th, after talks in Kenya, they were rewarded with a power-sharing agreement providing for a 275-strong parliament that is meant to represent all the country's main clans and minorities. Somalis are sceptical, however. Under the accord, warlords will choose the MPs, whose appointment will be confirmed by traditional elders. Who will pick the elders? Many worry that the warlords will. Some even argue that western support for the peace process encourages violence, by rewarding thugs with a share of power. Businessmen and other non-violent types have been excluded from the talks. We have built schools, repaired hospitals and rebuilt roads. Yet no one is asking us what we think, says Nationlink's managing director, Ahmed Abdi Dini. Since the power-sharing agreement, the talks have stalled. Amid the acrimony, consensus was reached on one issue: the warlords, many of them barely literate, unanimously agreed to abolish a clause barring those without a secondary education from parliament. Meanwhile, a decade after its botched intervention to protect food-aid deliveries in Somalia, the United States is back; this time, hunting for terrorists. American intelligence officers are working with two warlords to gather information about suspected al-Qaeda people in Somalia. Last year, an American commando raid on a Mogadishu hospital netted a Yemeni terrorist suspect, now in Guantanamo Bay. Hussein Aideed, son of the warlord whom American troops tried but failed spectacularly to capture in 1993, was apparently paid $500,000 for 41 Strela missiles to ensure they did not fall into bin Ladenite hands. It is rumoured that other warlords have also been paid: enough, possibly, to restock dwindling weapons supplies. Your correspondent saw some impressive hardware, including four gleaming Howitzers, at the base of one of the warlords, Mohamed Qanyare Afrah. Short tempers, tall stories President George Bush's war on terror has won him few friends in Somalia. In 2001, America forced the closure of Somalia's biggest remittance bank, on the ground that it was used to launder terrorist funds, and froze the assets of al-Haramain, a Saudi charity with alleged terrorist links. This may have made life harder for al-Qaeda, but it also made it harder for expatriate Somalis to send money to their relatives back home, and led, among other things, to the recent closure of Somalia's biggest orphanage. Since America is offering Somalis nothing by way of compensation, they are furious. We must become terrorists, says Abdulkadir Ahmed, a militiaman who claims to be training to fight America. With typical Somali bravado, he adds that: Palestinians who do suicide bombings and just kill a few people are stupid. If I had to sacrifice my life, I would take between 1,000 and 7,000 Americans with me. Copyright ) 2004 The Economist Newspaper and The Economist Group. All rights reserved. From ptrei at rsasecurity.com Wed Apr 7 13:52:46 2004 From: ptrei at rsasecurity.com (Trei, Peter) Date: Wed, 7 Apr 2004 16:52:46 -0400 Subject: Firm invites experts to punch holes in ballot software Message-ID: > Michael_Heyman at NAI.com[SMTP:Michael_Heyman at NAI.com] wrote: > Peter Trei wrote: > > > > Frankly, the whole online-verification step seems like an > > unnecessary complication. > > > Except to those of us who don't trust the system. > > Implemented correctly it could be cheap and complications could be > hidden from the voter. It could be cheaper - no need to pay people to do > an audit when "the people" will do it for you. You only need a small > fraction of "the people" to verify their votes to get a high level of > confidence that the election is valid. You only need one failure to cast > doubt on the election. This requires an un-forgeable receipt that cannot > be used for coercion. Un-forgeable we have been doing for a while now > with lots of different PK options. A receipt that cannot be used for > coercion cannot give any indication to others of who you voted for. > Right now this is a big complication (at least to me - I don't know how > to create such a receipt that doesn't require mental gymnastics on the > part of the voter). > As Ian has noted, self-auditability and uncoercibility seem to be to be mutually exclusive requirements. If you're going to assume that the whole system is untrustworthy, you're still screwed despite the receipts - if the website says that yes, your vote counted in the final total, that still does not tell you that the right candidate was declared the winner. That would only happen if enough voters pooled their verifications to show that that had to be the case (this is equivalent to a recount). In a close-run two candidate race, if a number of voters equal to half the gap between the the candidate's totals failed to verify and report that their vote was recorded correctly, the result is still untrustworthy. ....and any system which relies on advanced mathematics will be unintelligible and mistrusted by the average voter. Peter From Poindexter at SAFe-mail.net Wed Apr 7 18:08:43 2004 From: Poindexter at SAFe-mail.net (Poindexter at SAFe-mail.net) Date: Wed, 7 Apr 2004 21:08:43 -0400 Subject: Passive E-Mail Monitoring Leads To Arrest Message-ID: www.2advanced.net writes "The world's first arrest resulting from passive monitoring of electronic communications is being reported by Globe Technology. In the article, sources reveal that 'an e-mail message intercepted by NSA spies precipitated a massive investigation by intelligence officials in several countries that culminated in the arrest of nine men in Britain and one in suburban Orleans, Ont. -- 24-year-old software developer Mohammed Momin Khawaja, who has since been charged with facilitating a terrorist act and being part of a terrorist group.'" http://slashdot.org/articles/04/04/07/1450230.shtml?tid=137&tid=158&tid=215&tid=99 JP From s.schear at comcast.net Wed Apr 7 21:14:17 2004 From: s.schear at comcast.net (Steve Schear) Date: Wed, 07 Apr 2004 21:14:17 -0700 Subject: Research Shows Explosives Remain Part Of Human Hair In-Reply-To: References: Message-ID: <6.0.1.1.0.20040407211250.0519e530@mail.comcast.net> At 07:03 PM 4/7/2004, R. A. Hettinga wrote: >Depilatory becomes a new standard accessory for the well-...um...-dressed >terrorist... Nah, just a plastic shower cap during explosive handling. steve > > > >Source: >University Of Rhode Island > >Date: >2004-04-06 > >URL: >http://www.sciencedaily.com/releases/2004/04/040406083933.htm > >Research Shows Explosives Remain Part Of Human Hair > >KINGSTON, R.I -- March 17, 2004 -- The comb, that simple device millions of >people pass through their hair every day, could become the latest tool in >the battle against terrorism. > >Thatms because a group of University of Rhode Island researchers has found >that chemicals used to make bombs remain in the hair of explosives handlers >long after repeated washings. From rah at shipwright.com Wed Apr 7 19:03:13 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 7 Apr 2004 22:03:13 -0400 Subject: Research Shows Explosives Remain Part Of Human Hair Message-ID: Depilatory becomes a new standard accessory for the well-...um...-dressed terrorist... Cheers, RAH ------- Source: University Of Rhode Island Date: 2004-04-06 URL: http://www.sciencedaily.com/releases/2004/04/040406083933.htm Research Shows Explosives Remain Part Of Human Hair KINGSTON, R.I -- March 17, 2004 -- The comb, that simple device millions of people pass through their hair every day, could become the latest tool in the battle against terrorism. Thatms because a group of University of Rhode Island researchers has found that chemicals used to make bombs remain in the hair of explosives handlers long after repeated washings. The lead researcher, Professor of Chemistry Jimmie Oxley, one of the co-directors of URI's Forensic Science Partnership, has also found that when the research team members attached ordinary gauze to combs, they had effective collection devices. "We are very excited about what we found, because I didnmt know what to expect to find in terms of persistence," Oxley said. "Wemre at the very early stages of developing a practical field technique to link the perpetrator to a crime," the chemist said. "(Oklahoma City bomber Timothy) McVeigh had (the explosive) PETN on his shirt. If someone like him changes his shirt, we could still test his hair." The team's early findings are the result of a two-year, $320,000 grant awarded by the National Memorial Institute for the Prevention of Terrorism. Located in Oklahoma City. The institute was incorporated Sept. 23, 1999, and grew out of the desire of the survivors and families to have a living memorial of the Murrah Federal Building bombing of April 19, 1995. Oxley, who titled the study "A New Source of Evidence: Explosive Traces in Hair," said she pursued the research because hair readily absorbs odors, such as those from cigarette smoke, it is being used for evidence of drug use and because it is washed less frequently than hands and clothes. She wanted to know if all explosives are absorbed equally well, if hair color and type affect adsorption, and whether the explosive, with time and washing, remains persistent. Ultimately, she hopes to establish a protocol that can be established for law enforcement use. Adsorption is the surface assimilation of a gas, vapor or dissolve matter. "We wanted to know if we could get the same chemicals out that we put in," said URI Chemistry Professor Louis Kirschenbuam. The research is being conducted in two phases at both URI and in the United Kingdom, where subjects have been preparing dog-training aids. In the first phase at URI, cut hair was exposed to explosive vapors to see which ones were adsorbed. The persistence of adsorption was studied for washed and unwashed hair. In the U.K, researchers combed subjectsm hair before and after explosive handling. Then, subjects' hair was re-sampled after a time interval and shampooing. Phase 2 of the work being done at URI will study the significance of hair pigment, sex, and race, while Phase 2 in Great Britain will develop law enforcement protocols for recovery of explosive residues in hair. Oxley's team has been examining absorption of common military explosives, such as TNT, PETN and RDX, as well TATP, the suicide bombers' explosive. RDX is the main component of C-4, while PETN is used in detonation cords, sheet explosives and plasticized explosives. In the TNT-tainted hair exposed to air at URI for six days, only small decreases in TNT levels were detected. Hair tainted with TNT and PETN that was washed three times and rinsed still retained small levels of the explosive. "Finding the chemicals after washing, thatms what might turn out to be important," Kirschenbaum said. "I think itms safe to say that volatile chemicals can migrate into the hair. Once itms on there, it's truly stuck." In addition to Oxley and Kirschenbaum, team members are URI Chemistry Professor James Smith and chemistry graduate students Kajal Shinde and Kishore Marimganti. Editor's Note: The original news release can be found here. This story has been adapted from a news release issued by University Of Rhode Island. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From elric at imrryr.org Wed Apr 7 21:01:10 2004 From: elric at imrryr.org (Roland C. Dowdeswell) Date: Thu, 08 Apr 2004 00:01:10 -0400 Subject: Firm invites experts to punch holes in ballot software In-Reply-To: Your message of "Wed, 07 Apr 2004 16:23:38 CDT." <012a01c41ce6$9839d800$0500a8c0@dell166> Message-ID: <20040408040110.781F7174D2@arioch.imrryr.org> On 1081373018 seconds since the Beginning of the UNIX epoch "Paul Zuefeldt" wrote: > >Maybe the receipt should only allow the voter to check that his vote has >been counted. To get the detail you could require him to appear in person >with his receipt AND a photo ID or some such, then only allow him to view >his detail -- not print it. I'd be slightly uncomfortable with this since the authorities should not have a mechanism by which they can discover for whom I voted. -- Roland Dowdeswell http://www.Imrryr.ORG/~elric/ From dave at farber.net Thu Apr 8 01:41:45 2004 From: dave at farber.net (Dave Farber) Date: Thu, 08 Apr 2004 04:41:45 -0400 Subject: [IP] Arrests key win for NSA hackers Message-ID: http://www.globeandmail.com/servlet/ArticleNews/freeheadlines/LAC/20040406/T ERROR06/international/International Arrests key win for NSA hackers By DAVID AKIN UPDATED AT 4:38 AM EDT Tuesday, Apr. 6, 2004 a530ea8.jpg A computer hacker who allowed himself to be publicly identified only as "Mudhen" once boasted at a Las Vegas conference that he could disable a Chinese satellite with nothing but his laptop computer and a cellphone. The others took him at his word, because Mudhen worked at the Puzzle Palace -- the nickname of the U.S. National Security Agency facility at Fort Meade, Md., which houses the world's most powerful and sophisticated electronic eavesdropping and anti-terrorism systems. It was these systems, plus an army of cryptographers, chaos theorists, mathematicians and computer scientists, that may have pulled in the first piece of evidence that led Canadian authorities to arrest an Ottawa man on terrorism charges last week. Citing anonymous sources in the British intelligence community, The Sunday Times reported that an e-mail message intercepted by NSA spies precipitated a massive investigation by intelligence officials in several countries that culminated in the arrest of nine men in Britain and one in suburban Orleans, Ont. -- 24-year-old software developer Mohammed Momin Khawaja, who has since been charged with facilitating a terrorist act and being part of a terrorist group. The Orleans arrest is considered an operational milestone for this vast electronic eavesdropping network and its operators. But Dave Farber, an Internet pioneer and computer-science professor at Carnegie-Mellon University in Pittsburgh, said the circumstances are also notable because it will be the first time that routine U.S. monitoring of e-mail traffic has led to an arrest. "That's the first admission I've actually seen that they actually monitor Internet traffic. I assumed they did, but no one ever admitted it," Mr. Farber said. Officials at the NSA could not be reached for comment. But U.S. authorities are uniquely positioned to monitor international Internet and telecommunications traffic because many of the world's international gateways are located in their country. And once that electronic traffic touches an American computer -- an e-mail message, a request for a website or an Internet-based phone call, for instance -- it is routinely monitored by NSA spies. "Foreign traffic that comes through the U.S. is subject to U.S. laws, and the NSA has a perfect right to monitor all Internet traffic," said Mr. Farber, who has also been a technical adviser to the U.S. Federal Communications Commission. That's what happened in February, when NSA officers at Fort Meade intercepted a message between correspondents in Britain and Pakistan, The Sunday Times reported. The contents of that message have not been revealed, but are significant enough that dozens of intelligence officials were mobilized in Britain, Canada and the United States. The intelligence officers at Fort Meade rely on a sophisticated suite of supercomputers and telecommunications equipment to analyze millions of messages and phone calls each day, looking for certain keywords or traffic patterns. Internet traffic is chopped up into small chunks called packets, and each individual package is then routed over the Internet, to be reassembled at the recipient's end. The packet is wrapped in what computer scientists sometimes refer to as the envelope. And just as the exterior of a regular piece of mail contains important addressing information, so does the envelope of a digitized packet. These bits of information are called headers, and they can be valuable to investigators as well. Headers typically contain generic descriptions of the packet's contents, in order to let computers make better decisions about how to route the packet through the Internet. E-mail traffic gets a lower priority than Internet video traffic, for instance. Headers also pick up the numeric or Internet Protocol (IP) address of all the computers a packet touches as it travels from its originating machine all the way to its destination. Every computerized device connected to the Internet has its own unique IP number. Investigators could program their supercomputers to flag packets of information that met certain criteria, such as a certain IP number, a certain traffic pattern or a certain kind of content. As soon as a packet is flagged, investigators would apply for warrants to assemble the packets and read the messages' contents. ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From anmetet at freedom.gmsociety.org Thu Apr 8 02:26:00 2004 From: anmetet at freedom.gmsociety.org (An Metet) Date: Thu, 8 Apr 2004 05:26:00 -0400 Subject: Gmail as Blacknet Message-ID: <1460e2ad7a8f65461c74e088b77ea1d9@anonymous> The privacy news has been full of fuss and bluster lately about Google's proposed Gmail service. The latest complaint comes at http://www.privacyrights.org/ar/GmailLetter.htm with an open letter from dozens of privacy groups to the Google founders asking them to revamp the service. Cypherpunks have two somewhat contradictory positions on the issue. First, as lovers of privacy, they will share the concerns in the letter and they would be reluctant to use Gmail as configured, at least with any pseudonym which hoped to retain privacy. But second, as lovers of freedom, they would encourage Google and every other company to experiment with new services and new technologies, allowing individuals to freely decide whether to use them or not. One of the oldest Cypherpunk philosophical thought experiments was BlackNet, a hypothetical offshore data haven whose main job, paradoxically, was to defeat privacy. BlackNet would serve as a market and a storage facility for information that might be of value, one example being credit rating information. BlackNet demonstrated that even when third parties sought to prevent the flow of information, for example by mandating that credit report data be deleted after so many years, Cypherpunk technologies could keep the information available and alive. Oddly, few Cypherpunks appeared to notice the inconsistency with a supposedly privacy-oriented group promoting a technology which would harm privacy. The actual resolution is that Cypherpunks see privacy as a means to an end. That end is freedom. Privacy will lead to freedom by allowing people to communicate and contract without interference and meddling by interlopers. BlackNet is an example of the kind of system which would appear if people were truly free. That it harms privacy is merely an incidental side effect. The lesson is that Cypherpunks value freedom over privacy. They will therefore welcome Gmail as an institutional experiment that demonstrates the value of freedom, even if they personally would rather not partake of its services. Ironically, some of the features of Gmail bear resemblance to BlackNet. In particular, its claimed policy of retaining email indefinitely, even after the recipient has stopped using the account, is reminiscent of BlackNet's function as a data haven, as well as other Cypherpunk projects like the Eternity Network. This retention is objectionable to conventional privacy groups, but Cypherpunks will recognize it as being deeply in accord with their values. And of course the real lesson of Gmail is that we have no way of knowing whether Hotmail and other web based email providers are doing the same thing, but more quietly. These companies may be retaining and archiving email to a far greater degree than most people imagine. Cypherpunks know that trusting third parties to protect their information is the height of foolishness. >From the Cypherpunk perspective, the criticism of Gmail misses the mark; rather, all web mail systems should be understood as fundamentally inconsistent with privacy. If you want privacy, you have to do it yourself. Writing an angry letter is at best going to make the privacy violations more covert. It accomplishes nothing in the end. From brian at mcgroarty.net Thu Apr 8 06:42:04 2004 From: brian at mcgroarty.net (Brian McGroarty) Date: Thu, 8 Apr 2004 08:42:04 -0500 Subject: Firm invites experts to punch holes in ballot software In-Reply-To: <407459B7.2030609@systemics.com> References: <407459B7.2030609@systemics.com> Message-ID: <20040408134203.GA6735@mcgroarty.net> On Wed, Apr 07, 2004 at 03:42:47PM -0400, Ian Grigg wrote: > Trei, Peter wrote: > >Frankly, the whole online-verification step seems like an > >unneccesary complication. > > It seems to me that the requirement for after-the-vote > verification ("to prove your vote was counted") clashes > rather directly with the requirement to protect voters > from coercion ("I can't prove I voted in a particular > way.") or other incentives-based attacks. > > You can have one, or the other, but not both, right? Suppose individual ballots weren't usable to verify a vote, but instead confirming data was distributed across 2-3 future ballot receipts such that all of them were needed to reconstruct another ballot's vote. It would then be possible to verify an election with reasonable confidence if a large number of ballot receipts were collected, but individual ballot receipts would be worthless. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From btefft at orionsci.com Thu Apr 8 05:45:11 2004 From: btefft at orionsci.com (Tefft, Bruce) Date: Thu, 8 Apr 2004 08:45:11 -0400 Subject: [osint] Gulf conference tackles terror financing Message-ID: Geostrategy-Direct Week of April 13, 2004 FOCUS ON TERRORISM Gulf conference tackles terror financing ABU DHABI - The United Arab Emirates hosted a conference to regulate hawala. Hawala, the use of moneychangers to transfer funds without leaving any official record, was believed to have been the chief method Islamic insurgency groups used to relay money to operatives. The conference was held in Abu Dhabi April 3-5. More than 400 delegates from 60 countries, including Gulf Cooperation Council and Western states, attended. Those attending came from law enforcement agencies, the International Monetary Fund, the World Bank and the Financial Action Task Force. Called the International Conference on Hawala, the gathering examined the institution of hawala and how to regulate it. UAE officials said the conference would usher in a new regulatory system on hawala. A government announcement did not elaborate. "A regulatory framework is expected to be in place by the end of the meeting," the Central Bank said in a statement on April 1. GCC states have dismissed demands to eliminate hawala, saying the institution was deeply rooted and more efficient than banks. In 2002, the UAE, regarded as a leading venue for hawala, asked hawala operators to register with the Central Bank in an effort to regulate the industry. The effort was unsuccessful. Meanwhile, Arab League states have been removed from a list of nations that fail to cooperate in the international effort to halt financing to Al Qaida and related groups. Egypt was the last Arab state to have been removed from the list of Non-Cooperative Countries and Territories. On Feb. 27, Egypt was removed from the list after Cairo launched a series of measures to combat money laundering that facilitated the funding to groups deemed as terrorists. Currently, there are no Arab League states on the NCCT list. Western diplomatic sources said Arab states responded to what they termed intense pressure from the United States and the international financial community. "There is no Arab country now on the list," said Ali Bolbol, a senior economist at the Economic Policy Institute of the Arab Monetary Fund. "Some Arab countries were on the list but now all of them were taken off. The international pressure is paying off. Arab countries have put in place procedures and laws to fight money laundering and terrorist financing." Bolbol was speaking at a recent seminar in Abu Dhabi by the Economic Policy Institute of the Arab Monetary Fund. The three-day course, designed to help governments battle money laundering and terrorist financing, was attended by representatives from 19 Arab countries. -------------------------- Want to discuss this topic? Head on over to our discussion list, discuss-osint at yahoogroups.com. -------------------------- Brooks Isoldi, editor bisoldi at intellnet.org http://www.intellnet.org Post message: osint at yahoogroups.com Subscribe: osint-subscribe at yahoogroups.com Unsubscribe: osint-unsubscribe at yahoogroups.com *** FAIR USE NOTICE. This message contains copyrighted material whose use has not been specifically authorized by the copyright owner. OSINT, as a part of The Intelligence Network, is making it available without profit to OSINT YahooGroups members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of intelligence and law enforcement organizations, their activities, methods, techniques, human rights, civil liberties, social justice and other intelligence related issues, for non-profit research and educational purposes only. We believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/osint/ <*> To unsubscribe from this group, send an email to: osint-unsubscribe at yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From Somebody Thu Apr 8 05:59:21 2004 From: Somebody (Somebody) Date: Thu, 8 Apr 2004 08:59:21 -0400 Subject: Fun with Lawyers Message-ID: So here's an interesting question. If 10,000 people on, say, April 15th did a Yahoo search on the word Mesothelioma then clicked on the top sponsored lawyer link, would said ambulance chaser have to fork half a million dollars over to Yahoo? Even more efficient - how hard would it be for some clever coder to write a few Perl scripts to do this? Just thinking out loud. ----------------------------------------------------- Lawyers Bid Up Value Of Web-Search Ads By CARL BIALIK THE WALL STREET JOURNAL ONLINE April 8, 2004; Page B1 "Mesothelioma" may be the most valuable word on the Internet. The rare, asbestos-related cancer is the king of search advertising, a Web phenomenon in which companies bid to get their ads placed high on the search-result pages of sites like Yahoo and Google and then pay when users click on them. While many search ads cost less than a dollar a click, personal-injury law firms looking to land new clients have bid up mesothelioma ads to $90 or more. "It can get to be a bidding war," says Tracy Helser, Web manager for Kazan, McClain, Abrams, Fernandez, Lyons & Farrise, an Oakland, Calif., firm specializing in asbestos cases that advertises on search engines. Paid searches have become a cash cow for search engines and their partners by creating a flexible market for business "leads," which allow an advertiser to reach a new customer. Though it can change daily, the amount advertisers will pay for such leads ranges from as much as $100 for mesothelioma information to $20 for conference-call services and 31 cents for paper clips. Mainly because of a surge in search advertising and its acquisition of search company Overture, Yahoo Inc. took in $635.5 million in advertising-related revenue in the latest quarter, more than triple its year-earlier result. (See related article.) Google Inc. doesn't release financial data publicly, but most of its revenue comes from search advertising. With mesothelioma, it's simple economics, says Chris Hahn, executive director of the not-for-profit Mesothelioma Applied Research Foundation in Santa Barbara, Calif. "Why is [mesothelioma] the highest paying keyword? Because there is nothing more valuable than one mesothelioma patient." Lawyers are so eager to attract mesothelioma cases because there is a clear link between it and asbestos exposure. Lawyers say a typical award in a mesothelioma settlement is $1 million, and attorneys get 40%. For cases that go to trial, the mean award in 2001 was $6 million, triple the amount two years earlier, according to a study by think tank Rand Corp. Over roughly two decades of asbestos litigation through 2002, Rand says, mesothelioma cases represented about 4% of asbestos-related cases but 20% of all cash paid out in asbestos-related claims. >From an attorney's point of view, mesothelioma cases, when pursued individually, "are the most valuable cases in the system," says Deborah Hensler, professor of law at Stanford and co-author of several Rand studies on asbestos litigation. MOUSE MONEY Advertisers bid more for top placements when a Web user searches for key words that carry big paybacks. Key word Top per-click bid* Mesothelioma attorney $70.24 Car accident lawyer 50 Investment fraud 30 Wisconsin mortgage 19 Conference calling 18.22 Casino 14.97 "You can overspend" for mesothelioma search ads, admits Philip Harley, a partner with Paul, Hanley & Harley LLP in Berkeley, Calif., which advertises online and gets about 20% to 25% of its mesothelioma clients from the Web. But, he adds, "if you spend carefully, you get a very nice return. It's a good way to build a client base." For people diagnosed with mesothelioma, the cancer's course is swift. Attacking the protective lining around the lungs, abdominal organs or heart, mesothelioma initially brings on chest pain, coughing and shortness of breath. There are treatments that can extend life, but many patients have less than a year to live once they are diagnosed. The cancer generally surfaces 30 years or more after exposure, and the number of annual diagnoses has been steady over the past decade, at roughly 3,000 cases. Settlements are frequently paid out of bankruptcy trusts established after asbestos manufacturers restructured under Chapter 11, but some healthy companies also face liability. (Far less is spent each year on mesothelioma research than on lawsuits. See related article.) For victims of the rare cancer, the Internet has become a main source of treatment information. Robert Taub, director of the Mesothelioma Center at Columbia University in New York, says that the patients he sees go on the Web within three or four days of diagnosis. David Sugarbaker, professor of surgery at Harvard's medical school in Cambridge, Mass., and chief of thoracic surgery at Brigham Women's Hospital, says that many of his patients watch a Webcast of his radical surgery (at www.chestsurg.org) before they have it. Robin Coffey, speaking just after her husband Mark, age 46, had the surgery successfully in February, said he insisted on watching the graphic video beforehand because "he felt more confident that [the doctor] was smart." Ms. Coffey, of Grand Island, N.Y., says her husband was resigned to die within a year before he found Dr. Sugarbaker online. "To go from having just a year to possibly having much more time is unbelievable," she says. The couple hasn't yet looked into litigation, she says. These Web searches by patients provide fertile advertising ground for lawyers. Paid-search ads typically run at the top or the side of main search results, so if people search for mesothelioma, they get nonpaid results framed by the ads. (In addition to paid-search ads on their own sites, Yahoo and Google provide such ads to third-party companies such as Time Warner Inc.'s America Online, Ask Jeeves Inc. and Microsoft Corp.'s MSN in revenue-sharing deals.) When viewers click on the ads, they are sent to lawyer sites with a mixture of information, links to other cancer sites -- and a phone number, online form or e-mail address to contact an attorney. While still a fraction of overall legal-services advertising, online spending rose more than fivefold to $8.7 million between January and November last year, compared with just $1.5 million a year earlier, according to market-researcher TNS Media Intelligence/CMR. Overall, legal-services ad spending was $434.8 million in the recent period. Lawyer Jonathan David, who says he tries many mesothelioma cases out of his law offices near Houston, was recently bidding about $92 a click on Yahoo's Overture ad system to direct those searching for "mesothelioma lawyer" to his ad offering legal services. Meanwhile, Paul Danziger, a Houston attorney, was bidding $45 per click on Overture for his ad, keyed off the search term "mesothelioma." James Sokolove, a lawyer and marketer for partner law firms in Newton, Mass., also spends "significantly" online. He says that in most instances, the client-acquisition cost is about 50% less for paid searching than for TV. This is true even for mesothelioma ads, he says, because their targeted nature makes up for the high price. (Besides mesothelioma, Mr. Sokolove also advertises for clients in drug-recall and stockbroker-malfeasance cases.) Some search-engine watchers are skeptical of the high costs of mesothelioma ads. Fredrick Marckini, chief executive of search-marketing firm iProspect in Watertown, Mass., says he doubts that bids as high as $50 are worthwhile. "The vast majority of people who are engaged in online marketing are not measuring their outcome and return," he says. Yahoo and Google decline to say what portion of their overall advertising revenue comes from high-value keywords like "mesothelioma." A Yahoo spokeswoman says, "Overture has millions of keyword marketplaces and more than 100,000 advertisers, so we are not reliant on any one keyword marketplace." The bidding systems on Yahoo and Overture are similar, but each has its wrinkles. Overture advertisers pay a penny more than the next-lowest bid, per click, and bidding is done publicly online. Under Google's system, bids are available only to advertisers, and Google bidding is capped at $50 a click. Google also takes into account other factors, such as popularity, when determining the order of ads on a search-result page. The high price of mesothelioma ads has had some unintended consequences as firms try other means to land mesothelioma patients. In particular, some firms are attempting to boost their Web sites' spot on search engines' so-called algorithmic, or nonpaid, listings by tweaking the content and links to get a higher ranking. These efforts can include using the desired keywords (like "mesothelioma") frequently near the top of their home page, and including them in the Web address. Due to these efforts, eight of the top 10 nonpaid listings in a recent Google search of "mesothelioma" were for sites sponsored by law firms, pushing down nonlawyer sites such as the National Cancer Institute. By comparison, a search for "cancer" -- a tamer ad category -- produces the American Cancer Society as the top nonpaid result. Lawyers say that they are providing valuable medical and legal information on the rare cancer for free. One recent entrant to asbestos law, Childress & Charpentier in Melbourne, Fla., took unusual steps to climb the free search rankings. The firm snapped up expired Web addresses -- including bmwexperience.com and biotechnology-investor.com -- and populated them with words related to mesothelioma. These sites then redirected to the firm's home page, mesothelioma-and-asbestos.com. The firm tried paid search ads, but found them to be too pricey -- as much as $7,000 to $8,000 per month, according to Carl Peterson, an associate with the firm. --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Thu Apr 8 06:50:25 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 08 Apr 2004 09:50:25 -0400 Subject: Gmail as Blacknet Message-ID: "Ironically, some of the features of Gmail bear resemblance to BlackNet. In particular, its claimed policy of retaining email indefinitely, even after the recipient has stopped using the account, is reminiscent of BlackNet's function as a data haven, as well as other Cypherpunk projects like the Eternity Network. This retention is objectionable to conventional privacy groups, but Cypherpunks will recognize it as being deeply in accord with their values." Poo poo. The difference between a potential blacknet and Gmail is that there's little doubt that google will cough up the true names of objectionable posters, if and when anyone looking even remotely authoritative/governmental comes pounding on their doors. In a worst-case Blacknet, my True Name will only be gettable by agents of the state via the expenditure of very large amounts of resources, if at all. -TD >From: An Metet >To: cypherpunks at al-qaeda.net >Subject: Gmail as Blacknet >Date: Thu, 8 Apr 2004 05:26:00 -0400 > >The privacy news has been full of fuss and bluster lately about >Google's proposed Gmail service. The latest complaint comes at >http://www.privacyrights.org/ar/GmailLetter.htm with an open letter from >dozens of privacy groups to the Google founders asking them to revamp >the service. > >Cypherpunks have two somewhat contradictory positions on the issue. >First, as lovers of privacy, they will share the concerns in the letter >and they would be reluctant to use Gmail as configured, at least with >any pseudonym which hoped to retain privacy. But second, as lovers of >freedom, they would encourage Google and every other company to experiment >with new services and new technologies, allowing individuals to freely >decide whether to use them or not. > >One of the oldest Cypherpunk philosophical thought experiments >was BlackNet, a hypothetical offshore data haven whose main job, >paradoxically, was to defeat privacy. BlackNet would serve as a market >and a storage facility for information that might be of value, one example >being credit rating information. BlackNet demonstrated that even when >third parties sought to prevent the flow of information, for example >by mandating that credit report data be deleted after so many years, >Cypherpunk technologies could keep the information available and alive. > >Oddly, few Cypherpunks appeared to notice the inconsistency with a >supposedly privacy-oriented group promoting a technology which would >harm privacy. The actual resolution is that Cypherpunks see privacy as >a means to an end. That end is freedom. Privacy will lead to freedom >by allowing people to communicate and contract without interference and >meddling by interlopers. BlackNet is an example of the kind of system >which would appear if people were truly free. That it harms privacy is >merely an incidental side effect. > >The lesson is that Cypherpunks value freedom over privacy. They will >therefore welcome Gmail as an institutional experiment that demonstrates >the value of freedom, even if they personally would rather not partake >of its services. > >Ironically, some of the features of Gmail bear resemblance to BlackNet. >In particular, its claimed policy of retaining email indefinitely, >even after the recipient has stopped using the account, is reminiscent >of BlackNet's function as a data haven, as well as other Cypherpunk >projects like the Eternity Network. This retention is objectionable to >conventional privacy groups, but Cypherpunks will recognize it as being >deeply in accord with their values. > >And of course the real lesson of Gmail is that we have no way of >knowing whether Hotmail and other web based email providers are doing >the same thing, but more quietly. These companies may be retaining >and archiving email to a far greater degree than most people imagine. >Cypherpunks know that trusting third parties to protect their information >is the height of foolishness. > > >From the Cypherpunk perspective, the criticism of Gmail misses the mark; >rather, all web mail systems should be understood as fundamentally >inconsistent with privacy. If you want privacy, you have to do it >yourself. Writing an angry letter is at best going to make the privacy >violations more covert. It accomplishes nothing in the end. > _________________________________________________________________ Get rid of annoying pop-up ads with the new MSN Toolbar  FREE! http://toolbar.msn.com/go/onm00200414ave/direct/01/ From iang at systemics.com Thu Apr 8 06:58:05 2004 From: iang at systemics.com (Ian Grigg) Date: Thu, 08 Apr 2004 09:58:05 -0400 Subject: Firm invites experts to punch holes in ballot software In-Reply-To: <20040408134203.GA6735@mcgroarty.net> References: <407459B7.2030609@systemics.com> <20040408134203.GA6735@mcgroarty.net> Message-ID: <40755A6D.5060302@systemics.com> Brian McGroarty wrote: > On Wed, Apr 07, 2004 at 03:42:47PM -0400, Ian Grigg wrote: >>It seems to me that the requirement for after-the-vote >>verification ("to prove your vote was counted") clashes >>rather directly with the requirement to protect voters >>from coercion ("I can't prove I voted in a particular >>way.") or other incentives-based attacks. >> >>You can have one, or the other, but not both, right? > > > Suppose individual ballots weren't usable to verify a vote, but > instead confirming data was distributed across 2-3 future ballot > receipts such that all of them were needed to reconstruct another > ballot's vote. > > It would then be possible to verify an election with reasonable > confidence if a large number of ballot receipts were collected, but > individual ballot receipts would be worthless. If I'm happy to pervert the electoral process, then I'm quite happy to do it in busloads. In fact, this is a common approach, busses are paid for by a party candidate, the 1st stop is the polling booth, the 2nd stop is the party booth. In the west, this is done with old people's homes, so I hear. Now, one could say that we'd distribute the verifiability over a random set of pollees, but that would make the verification impractically expensive. iang From mv at cdc.gov Thu Apr 8 10:08:33 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 08 Apr 2004 10:08:33 -0700 Subject: Research Shows Explosives Remain Part Of Human Hair Message-ID: <40758710.622AFCD2@cdc.gov> At 09:14 PM 4/7/04 -0700, Steve Schear wrote: >At 07:03 PM 4/7/2004, R. A. Hettinga wrote: >>Depilatory becomes a new standard accessory for the well-...um...-dressed >>terrorist... > >Nah, just a plastic shower cap during explosive handling. Yep. Everyone who's serious -from Dr. Kazcynzski to the ALF/Earth! folks- knows about keeping your DNA, prints, fibers, toolmarks off the product. You even wipe the stuff from the hardware store so that the *clerk's* prints are off, since that would tip location. And McVeigh used ammonium nitrate which wasn't tested, and as a highly soluable (in fact deliquescent) inorganic it probably won't persist like a nitrated organic. Also common as dirt in agville. Nothing like dropping a little Miracle Gro in the men's room at the airport to keep the mass spec goon awake :-) Note that if hair is collected they've got your DNA too. From paul.zuefeldt at ClearLogicSolutions.com Thu Apr 8 08:08:38 2004 From: paul.zuefeldt at ClearLogicSolutions.com (Paul Zuefeldt) Date: Thu, 8 Apr 2004 10:08:38 -0500 Subject: Firm invites experts to punch holes in ballot software References: <20040408040110.781F7174D2@arioch.imrryr.org> Message-ID: <015b01c41d7b$639e05e0$0500a8c0@dell166> I wasn't suggesting the authorities have access to your vote. The role of the authorities is to provide the polling/vote-verification facility and to enforce physical security. You would keep your receipt private, using it for two purposes: 1. To unlock a voter registration record to be used by the authorities to verify your physical credentials. 2. Having been verified as the true owner of the receipt, to allow you to view your vote detail in private. Paul Zuefeldt ----- Original Message ----- From: "Roland C. Dowdeswell" To: "Paul Zuefeldt" Cc: ; Sent: Wednesday, April 07, 2004 11:01 PM Subject: Re: Firm invites experts to punch holes in ballot software > On 1081373018 seconds since the Beginning of the UNIX epoch > "Paul Zuefeldt" wrote: > > > >Maybe the receipt should only allow the voter to check that his vote has > >been counted. To get the detail you could require him to appear in person > >with his receipt AND a photo ID or some such, then only allow him to view > >his detail -- not print it. > > I'd be slightly uncomfortable with this since the authorities should > not have a mechanism by which they can discover for whom I voted. > > -- > Roland Dowdeswell http://www.Imrryr.ORG/~elric/ > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From mv at cdc.gov Thu Apr 8 10:11:27 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 08 Apr 2004 10:11:27 -0700 Subject: Research Shows Explosives Remain Part Of Human Hair Message-ID: <407587BF.581B8645@cdc.gov> At 11:19 AM 4/8/04 +0200, Eugen Leitl wrote: >On Wed, Apr 07, 2004 at 10:03:13PM -0400, R. A. Hettinga wrote: >> Depilatory becomes a new standard accessory for the well-...um...-dressed >> terrorist... > >Ammonium nitrate is an ionic solid. Diesel fuel or equivalent heavy oil >fraction don't show up as something unusual. Ditto inorganic detonators. Amyl nitrate ("poppers" in head/sex shops) should have the opposite affect on TSA goons than normals, ie it should cause some sphincter puckering in them. Another thing to spill in the lav. From mv at cdc.gov Thu Apr 8 10:21:14 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 08 Apr 2004 10:21:14 -0700 Subject: Gmail as Blacknet Message-ID: <40758A0A.D4544225@cdc.gov> At 05:26 AM 4/8/04 -0400, An Metet wrote: >The privacy news has been full of fuss and bluster lately about >Google's proposed Gmail service. >Cypherpunks have two somewhat contradictory positions on the issue. >First, as lovers of privacy, they will share the concerns in the letter >and they would be reluctant to use Gmail as configured, at least with >any pseudonym which hoped to retain privacy. I disagree. A punk would assume any server not under their control archives everything, as do all routers between said punk and the server. But second, as lovers of >freedom, they would encourage Google and every other company to experiment >with new services and new technologies, allowing individuals to freely >decide whether to use them or not. We should use the service but only send encrypted mail :-) >One of the oldest Cypherpunk philosophical thought experiments >was BlackNet, a hypothetical offshore data haven whose main job, >paradoxically, was to defeat privacy. BlackNet would serve as a market >and a storage facility for information that might be of value, one example >being credit rating information. BlackNet demonstrated that even when >third parties sought to prevent the flow of information, for example >by mandating that credit report data be deleted after so many years, >Cypherpunk technologies could keep the information available and alive. The net never forgets. BlackNet would support that behavior even in the face of Men with Guns. >Oddly, few Cypherpunks appeared to notice the inconsistency with a >supposedly privacy-oriented group promoting a technology which would >harm privacy. The actual resolution is that Cypherpunks see privacy as >a means to an end. That end is freedom. Privacy will lead to freedom >by allowing people to communicate and contract without interference and >meddling by interlopers. BlackNet is an example of the kind of system >which would appear if people were truly free. That it harms privacy is >merely an incidental side effect. The LA riots were excellent reminders to the layfolk that guns are important. BlackNet's persistant-despite-your-guns behavior is an excellent reminder to curb your info-promiscuity. >>From the Cypherpunk perspective, the criticism of Gmail misses the mark; >rather, all web mail systems should be understood as fundamentally >inconsistent with privacy. If you want privacy, you have to do it >yourself. Writing an angry letter is at best going to make the privacy >violations more covert. It accomplishes nothing in the end. Yep. It could still be useful for things like distributed data storage, dead-man switches, etc. where content is encrypted. Much like any other free service, only nominally with more storage. ------- I think people have not quite gotten their hands around the speed at which information can be disseminated online. -Monica Lewinsky, LATimes 9 may 01 http://www.latimes.com/business/columns/celebsetup/lat_monica010510.htm From rah at shipwright.com Thu Apr 8 07:21:30 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 8 Apr 2004 10:21:30 -0400 Subject: Fun with Lawyers Message-ID: What's annoying is that, given the kind of specious settlements in this field and other cases, the ambulance chaser in question could probably afford it. :-). Cheers, RAH --- begin forwarded text From eugen at leitl.org Thu Apr 8 01:47:52 2004 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 8 Apr 2004 10:47:52 +0200 Subject: [IP] Arrests key win for NSA hackers (fwd from dave@farber.net) Message-ID: <20040408084751.GE28136@leitl.org> ----- Forwarded message from Dave Farber ----- From s.schear at comcast.net Thu Apr 8 11:15:11 2004 From: s.schear at comcast.net (Steve Schear) Date: Thu, 08 Apr 2004 11:15:11 -0700 Subject: Research Shows Explosives Remain Part Of Human Hair In-Reply-To: <40758710.622AFCD2@cdc.gov> References: <40758710.622AFCD2@cdc.gov> Message-ID: <6.0.1.1.0.20040408111156.045a6c10@mail.comcast.net> At 10:08 AM 4/8/2004, Major Variola (ret) wrote: >And McVeigh used ammonium nitrate which wasn't tested, and as a >highly soluable (in fact deliquescent) inorganic it probably won't >persist like a nitrated organic. Also common as dirt in agville. He also added nitromethane to the mix, obtained through the common auto racing channels. >Nothing like dropping a little Miracle Gro in the men's room at the >airport to >keep the mass spec goon awake :-) > >Note that if hair is collected they've got your DNA too. Wonder if screeners will insist on taking a sample of hair from other body areas if you are bald? steve From eugen at leitl.org Thu Apr 8 02:19:15 2004 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 8 Apr 2004 11:19:15 +0200 Subject: Research Shows Explosives Remain Part Of Human Hair In-Reply-To: References: Message-ID: <20040408091915.GJ28136@leitl.org> On Wed, Apr 07, 2004 at 10:03:13PM -0400, R. A. Hettinga wrote: > Depilatory becomes a new standard accessory for the well-...um...-dressed > terrorist... Ammonium nitrate is an ionic solid. Diesel fuel or equivalent heavy oil fraction don't show up as something unusual. Ditto inorganic detonators. Besides, the chemist is not the courier. This will only catch the amateurs. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From mv at cdc.gov Thu Apr 8 11:28:26 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 08 Apr 2004 11:28:26 -0700 Subject: Hierarchy, Force Monopoly, and Geodesic Societies Message-ID: <407599CA.29415398@cdc.gov> At 01:56 PM 4/8/04 -0400, R. A. Hettinga wrote: >[Nanotechology at least holds out the possibility of making Von >Neumann machines, that is, switches which make copies of themselves, You mean Johnny's *replicators*, a vN machine is just one with a changable program store. But you mentioned Jared Diamond (and used the phrase "proto-cat") so you are forgiven. When a bunch of >these networks are hooked together, you get a ubiquitous geodesic >internetwork, the internet, Geodesic means shortest path, and you'll note if you play with tracert that the shortest path (as seen on Earth's surface) is rarely taken. What you really mean is "highly & cheaply connected", although your investment in the word "geodesic" is probably too far gone for you to change. From measl at mfn.org Thu Apr 8 09:30:29 2004 From: measl at mfn.org (J.A. Terranson) Date: Thu, 8 Apr 2004 11:30:29 -0500 (CDT) Subject: Gmail as Blacknet In-Reply-To: References: Message-ID: <20040408112751.R17099@mx1.mfn.org> On Thu, 8 Apr 2004, Tyler Durden wrote: > Poo poo. The difference between a potential blacknet and Gmail is that > there's little doubt that google will cough up the true names of > objectionable posters, if and when anyone looking even remotely > authoritative/governmental comes pounding on their doors. In a worst-case > Blacknet, my True Name will only be gettable by agents of the state via the > expenditure of very large amounts of resources, if at all. > > -TD Careful use of Google (as you should carefully use any public network resource), which always uses multiple proxys, one-way addresses, etc, could make for a verry effective manipulator (as well as simple user) of such a system as Gmail. //Alif -- "One of the nice things about ignorance is that it is curable. Unlike Neo-Conservatism." Eric Michael Cordian From mv at cdc.gov Thu Apr 8 11:46:31 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 08 Apr 2004 11:46:31 -0700 Subject: Research Shows Explosives Remain Part Of Human Hair Message-ID: <40759E07.ED53E9B8@cdc.gov> At 02:06 PM 4/8/04 -0400, R. A. Hettinga wrote: >At 9:14 PM -0700 4/7/04, Steve Schear wrote: >>Nah, just a plastic shower cap during explosive handling. > >On your arms? Legs? Hands? > >Arabs in bunny-suits. Whadda concept. Disposable clothes don't have to be bunny suits. Latex dishwashing gloves and a rain poncho. Painter's masks, hats. Duct tape for sealing seams. Home Depot has plenty to offer. You can always go out to the desert or forest. Worths for meth labs and they're messier than nitration lab. Buying lots of ice to keep your newly synthesized product cool is not suspicious. And you keep your apartment clean, working outside. (Some freedom fighting chemists have been busted from nitric acid stains on the walls, for allah's sake!) Plus you can test your stuff on a small scale. Its a measurement arms race, and a false positive vs false negative detection game. If the shoebomber had had half a clue there'd be one less airplane. Lighting up on a non-smoking flight is a bit clueless... that's why they have bathrooms.. And PS: some plastic explosives do not have the volitile tracers added to them that make them so easy to detect. A little harder to get ahold of, but if you know the right people.. ----- Tempura hostages anyone? How's the Jap taste for video gore? Will they pixellate the good parts? From ipsec at ipsec.pl Thu Apr 8 04:15:44 2004 From: ipsec at ipsec.pl (=?UTF-8?B?IlBhd2XFgiBLcmF3Y3p5ayAoSVBTZWMuUEwpIg==?=) Date: Thu, 08 Apr 2004 13:15:44 +0200 Subject: Hard drives leak from Polish Ministry of Foreign Affairs Message-ID: <40753460.9020706@ipsec.pl> Polish journal "Nie" (means "No") specialising in scandals has revealed partial contents from 12 hard drives that have leaked from Polish Ministry of Foreign Affairs. These drives contain more than 4000 documents from years 1992-2004, some of them labelled "secret". After the Ministry and ABW (Agencja Bezpieczenstwa Wewnetrznego, our NSA) have confirmed this leak, minister Cimoszewicz has resigned from his position. The resignation was however not accepted by the president. The drives have leaked when the Ministry has upgraded their computers. Old drives taken by a technical worker of the Ministry and sold to a retailer for a price of the drive itself . The retailer, however, realized economical potential of the data stored on the drives and sold them to the journalists. This case should teaches us a lot, indeed... -- Pawel Krawczyk, Krakow, Poland http://echelon.pl/kravietz/ ABA: http://www.aba.krakow.pl/ horses: http://kabardians.com/ crypto: http://ipsec.pl/ From ptrei at rsasecurity.com Thu Apr 8 10:20:04 2004 From: ptrei at rsasecurity.com (Trei, Peter) Date: Thu, 8 Apr 2004 13:20:04 -0400 Subject: Research Shows Explosives Remain Part Of Human Hair Message-ID: > Major Variola (ret)[SMTP:mv at cdc.gov] > > > At 11:19 AM 4/8/04 +0200, Eugen Leitl wrote: > >On Wed, Apr 07, 2004 at 10:03:13PM -0400, R. A. Hettinga wrote: > >> Depilatory becomes a new standard accessory for the > well-...um...-dressed > >> terrorist... > > > >Ammonium nitrate is an ionic solid. Diesel fuel or equivalent heavy oil > > >fraction don't show up as something unusual. Ditto inorganic > detonators. > > Amyl nitrate ("poppers" in head/sex shops) should have the opposite > affect on TSA goons than normals, ie it should cause some sphincter > puckering > in them. Another thing to spill in the lav. > I'm not to sure on that. I've seen people who are active shooters get their range bags swabbed at airports, but never set off the detectors. You'd have thought that a bag which spent a lot of time containing ammo (smokeless powder is based on cellulose nitrate), uncleaned firearms after sessions, and which sits nearby while firing is undeway, would have all kinds of interesting traces on it. Peter From rah at shipwright.com Thu Apr 8 10:56:47 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 8 Apr 2004 13:56:47 -0400 Subject: Hierarchy, Force Monopoly, and Geodesic Societies (Re: [irtheory] Re: Anarchy and State Behaviors) In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 4:41 AM +0000 4/8/04, Daniel Pineu wrote: >I am very curious about what are your views about the twin concept >of hierarchy Hierarchy emerges as a result of the economics of information switching. When you have expensive nodes (brains) and inexpensive lines (behavior, talking, writing, whatever), you end up with hierarchical networks. When you have a small number of nodes in a network, hierarchical switching (i.e. chains of command, etc.) can't emerge because direct communication is possible. For instance, in neurobiology, emotion is a way of weighting memory. In human networks, we have the ability to have significant emotional relationships with about 12-16 people at a maximum, not coincidentally the size of a hunter-gatherer band, a social unit that stayed with humanity, from our virtual evolution as a separate species until sedentarianism, which preceded agriculture by several thousand years, roughly 12-24,000 years ago. See Jared Diamond's "Guns, Germs, and Steel" for a nice popular summary of this process. Food surplus creates an attractive nuisance, and causes large populations of even solitary, non-social animals to create dominance and social hierarchies, as a way of avoiding the wasteful expenditure of energy that constant battle would involve. Salmon streams attract Grizzly bears and Eagles, the town dumps at Churchill Manitoba attracts Polar bears, house-cats in a farm-yard, and the intersection of significant agricultural trading routes causes cities. Proto-humans have traded since they invented tools, including sites where hand-axes were literally manufactured at some negotiated rate of exchange for raw materials collected a tens or hundreds of miles away. Persistence of a food source over great lengths of time creates the evolution of social animals. Wasps evolve into ants, cockroaches evolve into termites, solitary proto-cats and -dogs become social lions and wolves, and so on. As a counterexample, Orang-otans are solitary because the distribution of food in jungles is uniform, sparsely distributed, and random in appearance over time. Notice that the speed of information processing is also a component. An Orang-Otan is a very sophisticated information processor, full of data about what plants bear fruit, when they do so, and where they are. And, contrary to popular belief, a beehive, or a termite or ant nest, is not all *that* hierarchical in its organization. Do not mistake functional specialization, like you find in ants and termites, as hierarchy. See Kevin Kelly's "Out of Control" for a nice survey of this idea. An ant "queen" is, in the final stage of her life, a breeding machine, she doesn't signal, even in a gross sense, what each worker does, in the same way that an army general does for privates, for instance. In mechanical information switching hierarchies, the fastest, most expensive switches are at the top, and there is a single route through the network. In the old phone network, you had a single operator for a small enough town, and central offices in large cities had rooms with hundreds of operators in them. The pre-microprocessor automation of telephony (pulse and then touchtone dialing) put expensive automation at the top of the hierarchy, and, as costs fell, moved down from there. This fall in switching prices, exponential after the invention of the microprocessor, is important, and I'll talk about it more in a bit. Human switching hierarchies aren't so efficient, :-), but certainly the most important information summaries are presented *near* the top of a human-switched information hierarchy, and the most "expensive" switches were certainly at the top, and economic rent being what it is, people literally killed each other to be at the top of those hierarchies. Which brings us to two principal features of international relations through the industrial era: force monopoly, by which you literally define a state whether it involves a single national cultural entity or not, and information/social hierarchies, by which that state is controlled . First of all there's the emergence of geographic force monopoly, which is, more or less, a function of sedentarianism, and later agriculture. Nomads may fight over the immediate use of local resources, a watering-hole, say, but they don't set up principalities (Mancur Olsen says in "Power and Prosperity" that a prince is a bandit who doesn't move :-)). So, when you mix geographic force monopoly with social hierarchy you get first cities, then city-states, then empires, and then nation-states. The progression of which is driven directly by speed of information processing, the span of communication, and the speed of that communication over a specific distance. Oddly enough, it is the ability of communication to transmit emotional information (first word of mouth, then words, then pictures, then moving images and sound, all with ever increasing instantaneity) that allows the mobilization of the most resources. Because of their emotional attachment, people will die for their modern nation-states much more readily than the normal merchant -- or obviously slave -- would die for the current tyrant of their ancient city-state, or feudal aristocrat. While it's safe to say that the British Empire started this, Napoleon was the first memorable modern exploiter of this phenomenon, if one remember that most of the salient features of warfare changed at this time. Prisoners weren't given parole anymore, for instance, but were kept throughout hostilities. Warfare was not a game of honor anymore, but an issue of one's individual and familial survival, the resources of all, not just a trained cadre, could be mobilized for war. Because of the emergence of mass media -- even Napoleon commissioned paintings and drawings throughout each campaign, for instance, which were re-printed in newspapers -- politics in France after the Revolution created a much stronger emotional bond with the state than existed under monarchy. The same thing happened in the United States, and it has extended throughout the west and west-influenced world, until nation-states are the dominant force structure in the world today. What's changing is that the price of information switching has, in fact, *fallen*, since, paradoxically, the first real attempt to create a "natural" monopoly out of the telephony market in the US. (I say "create", with natural in quotes, because modern economics shows us that only a force monopoly can create monopoly in another market.) The paradox comes from the negotiation of universal service in exchange for that monopoly, necessitating the automation of switching. Mechanical switching (pulse-dial) became electronic switching (touchtone), which, through the invention of the transistor - - -- by AT&T to solve this very problem -- became microprocessor switching. We now have an interesting problem, however, and a good explication of the physical effects of this process can be found in Peter Huber's "The Geodesic Network". Remember when I said above that network hierarchy evolves when nodes are dear and lines are cheap. However, we have moved into a world in which nodes can literally be printed, photolithographically. The result is Moore's "Law", the observation (thus not a physical law) that the number of transistors you can cram on a semiconductor continues to double every 18 months or so, affecting processor, and thus switching, prices, accordingly. [Nanotechology at least holds out the possibility of making Von Neumann machines, that is, switches which make copies of themselves, almost as if they were alive, dropping the cost even faster someday, but, for the time being, we'll leave that one out there in the weeds, where it belongs, but remember that progress can sneak up on you, if you're not careful.] When you exponentially drop the price of something, you get significant effects, some of which you can't predict. :-). In the case of physical network architectures, when nodes become cheaper in relation to lines, even large hierarchical networks collapse, or evolve, I suppose, into geodesic structures, like the kind of domes that Bucky Fuller used to build, or the structures you get in carbon when you burn it right and get so-called "buckyballs", which are spheres that look like the same thing. When a bunch of these networks are hooked together, you get a ubiquitous geodesic internetwork, the internet, which is what we have today. If you go look at graphs of the internet, you can tell that huge parts of it are physically geodesic, and certainly, in logical performance, the network is completely geodesic. The result is logical "communities", like this one, instead of geographic ones. Communities where people in different parts of the world can talk to each other on a single topic, or, even, act in consort to make something happen, like, say, develop some open-source code. Or conspire to fly an airliner into a building -- something that wasn't possible without the simulator technology enabled by Moore's Law, and which, as software which can be transmitted and eventually used *anywhere* someday, is an interesting feature of geodesic society that can be discussed some other time. The history of humanity, from the discovery of wild fields of edible grass seed in Mesopotamia until the early 20th century, has been the history of ever-increasing social hierarchy. Social hierarchy which has grown as our ability to store larger amounts of information and to transmit it faster and faster over greater distances, but, as hierarchy itself, has not changed in structure until recently, when the price of information switching has fallen dramatically in relation to the cost of transmitting it, which itself is also falling very fast. I would claim that this points to increasingly geodesic, instead of hierarchical, forms of social organization, and that politics, as an effect of physics, and not a cause of same, :-), will be changed as a result. I think that what we call "terrorism", is in fact, a form of geodesic warfare, for instance. I think that geodesic methods are the only way to protect ourselves from it. The use of GPS and JDAMs in Afghanistan by special forces to destroy whole armies is just the beginning of such kinds of defense, and, frankly, I think we're looking at a world of network-organized entities competing for resources using network-organized force. Personally, I think that results in auction-priced markets force and the end of the efficacy of geographic force monopoly as an effective way to control physical resources. Princes will go back to being bandits, in other words, which, like all progress, if it's cheap enough, is a *good* thing. :-). That, I believe, is the very definition of anarchy, at least in terms of political economics. And, since, like physics, politics is an *effect* of economics, not the other way around... Well, you get the idea. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQHWSRsPxH8jf3ohaEQLl4ACgivxynGisIYyigyJbRQySe1pcMmgAmwWe WtCP+c84v89nnhTfYIkp7sE0 =sPPT -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu Apr 8 11:06:29 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 8 Apr 2004 14:06:29 -0400 Subject: Research Shows Explosives Remain Part Of Human Hair In-Reply-To: <6.0.1.1.0.20040407211250.0519e530@mail.comcast.net> References: <6.0.1.1.0.20040407211250.0519e530@mail.comcast.net> Message-ID: At 9:14 PM -0700 4/7/04, Steve Schear wrote: >Nah, just a plastic shower cap during explosive handling. On your arms? Legs? Hands? Arabs in bunny-suits. Whadda concept. See Mr. Mathers, below... Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "...we ain't nothin' but mammals." --Eminem From rah at shipwright.com Thu Apr 8 12:29:58 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 8 Apr 2004 15:29:58 -0400 Subject: Hierarchy, Force Monopoly, and Geodesic Societies In-Reply-To: <407599CA.29415398@cdc.gov> References: <407599CA.29415398@cdc.gov> Message-ID: At 11:28 AM -0700 4/8/04, Major Variola (ret) wrote: >Geodesic means shortest path, and you'll note if you play with >tracert that the shortest path (as seen on Earth's surface) is rarely >taken. Measure the path in time? :-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu Apr 8 12:36:14 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 8 Apr 2004 15:36:14 -0400 Subject: Von Neumann machine - Wikipedia Message-ID: As someone who was a Gerard O'Neill fan long before he even knew who Turing/Von Neumann/etc., were, of course, I was talking about the latter. Cheers, RAH ------- Von Neumann machine >From Wikipedia, the free encyclopedia. A von Neumann machine is either of two different machines popularized by the famous mathematician John von Neumann. General-purpose computer A von Neumann machine is a model created by John von Neumann for a computing machine that uses a single storage structure to hold both the set of instructions on how to perform the computation and the data required or generated by the computation. Most modern computers use this von Neumann architecture. Universal constructor The term von Neumann machine also refers to the idea of a self-reproducing machine, which was first examined in a rigorous manner and popularized by John von Neumann who called it a "Universal Constructor." In principle, if a machine (for example an industrial robot) could be given enough capability, raw material and instructions then that robot could make an exact physical copy of itself. The copy would need to be programmed in order to do anything. If both robots were reprogrammable, then the original robot could be instructed to copy its program to the new robot. Both robots would now have the capability of building copies of themselves. These machines could be used to explore--or conquer--the universe. The fact that we haven't seen any from other civilizations is a contributing element of the Fermi paradox. One of the predictions of some proponents of nanotechnology is very small Von Neumann machines which, should they become out of control, would advance over the planet as a "grey goo". Since such a machine is capable of reproduction, it could arguably qualify as a life-form. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Thu Apr 8 16:15:28 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 08 Apr 2004 16:15:28 -0700 Subject: voting Message-ID: <4075DD10.2E74C5CA@cdc.gov> At 11:16 PM 4/8/04 +0200, privacy.at Anonymous Remailer wrote: >In the second place, it fails for elections with more than two parties >running. The casual reference above to representatives "on each >side" betrays this error. Poorly funded third parties cannot provide >representatives as easily as the Republicans and Democrats. We already >know that the major parties fight to keep third party candidates off >the ballots. Can we expect them to be vigilant in making sure that >Libertarian and Green votes are counted? Your points about the weaknesses of adversarial observers are stimulating, valid points, but the Reps and Dems *can* count on those votes *not* being moved into their de facto adversary's (Dems, Reps, respectively) bin. And in practice the fringe votes usually don't matter. (I vote Lib..) Its not uncommon for elections to be upheld *even when votes are known lost* if the margins are sufficient. (It happened in California last election, human error plus tech.) Ultimately the adversarial parties are the ones who have to check the whole process, including any tech that gets used. And that process is open to the Libs, etc. As to your other point, the clever protocols, Perry and other KISS advocates have a very strong (albeit social) point. Joe Sixpack can understand *and test* levers or Hollerith cards or their optical counterparts. Good luck getting him to understand number theory. It would be better in many estimations to have even coercible voting than to have "Trust Me" apply to electing a government. (Not that the govt will avoid using that phrase once elected :-) From mdpopescu at yahoo.com Thu Apr 8 06:20:07 2004 From: mdpopescu at yahoo.com (Marcel Popescu) Date: Thu, 8 Apr 2004 16:20:07 +0300 Subject: Hard drives leak from Polish Ministry of Foreign Affairs References: <40753460.9020706@ipsec.pl> Message-ID: <23f601c41d6c$3654ff30$726e9cd9@mark> From: "PaweE, Krawczyk (IPSec.PL)" > This case should teaches us a lot, indeed... First, subscribe to RISKS. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, send e-mail requests to with one-line body subscribe [OR unsubscribe] which requires your ANSWERing confirmation to majordomo at CSL.sri.com . If Majordomo balks when you send your accept, please forward to risks. [If E-mail address differs from FROM: subscribe "other-address " ; this requires PGN's intervention -- but hinders spamming subscriptions, etc.] Lower-case only in address may get around a confirmation match glitch. From mv at cdc.gov Thu Apr 8 16:36:47 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 08 Apr 2004 16:36:47 -0700 Subject: Von Neumann machine - Wikipedia Message-ID: <4075E20F.78917265@cdc.gov> At 03:36 PM 4/8/04 -0400, R. A. Hettinga wrote: >As someone who was a Gerard O'Neill fan long The L-5 dude? I never knew he dabbled in mental-nano-masturbation. I'm familiar with his macroscopic living-in-$pace speculations. >The term von Neumann machine also refers to the idea of a self-reproducing >machine, which was first examined in a rigorous manner and popularized by >John von Neumann who called it a "Universal Constructor." In principle, if >a machine (for example an industrial robot) could be given enough Just remember that Johnny was playing symbol-games, having a little cellular automata fun to prove it could be done. Not really surprising once you "get" the concept of a description-of-a-machine being processed by a machine. BTW, surely you can find a better ref than Wpedia? From mv at cdc.gov Thu Apr 8 16:43:07 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 08 Apr 2004 16:43:07 -0700 Subject: Hierarchy, Force Monopoly, and Geodesic Societies Message-ID: <4075E38B.C6C87612@cdc.gov> At 03:29 PM 4/8/04 -0400, R. A. Hettinga wrote: >At 11:28 AM -0700 4/8/04, Major Variola (ret) wrote: >>Geodesic means shortest path, and you'll note if you play with >>tracert that the shortest path (as seen on Earth's surface) is rarely >>taken. > >Measure the path in time? Yeah, some dead french dude IIRC pointed out that light takes the quickest route through a lens. Light and time being rather intimate if you believe your interferometer. OTOH a packet takes a route that depends on business practices, etc, and isn't generally optimal. In any case you're a lot more readable if one global replaces 'geodesic' with 'well-connected' or glibly 'wired'. Feel free to ignore any constructive hints of course :-) your prose is more identifying than your pk sig. From rah at shipwright.com Thu Apr 8 13:54:02 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 8 Apr 2004 16:54:02 -0400 Subject: Everything Illegal Everywhere... In-Reply-To: References: Message-ID: ...All the Time... Cheers, RAH -------- BNA's Internet Law News (ILN) - 4/8/04 At 10:01 AM -0400 4/8/04, BNA Highlights wrote: >COURT RULES SINGLE ORDER SUFFICIENT TO ASSERT JURISDICTION >Thanks to an ILN reader for reporting on Mattel v. Procount >Business Service, an ACPA case involving several domains. >The court engages in a jurisdictional analysis and >determines that it can assert jurisdiction over the >out-of-state defendants on the basis of a single sale into >the jurisdiction along with email and instant messenger >contact. Decision at >http://www.nysd.uscourts.gov/courtweb/pdf/D02NYSC/04-01982.PDF -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From die at dieconsulting.com Thu Apr 8 16:51:36 2004 From: die at dieconsulting.com (Dave Emery) Date: Thu, 8 Apr 2004 19:51:36 -0400 Subject: We want everything, all the time... Message-ID: <20040408235136.GB24910@pig.dieconsulting.com> LEAs Propose Sweeping Changes In CALEA Compliance Mar 31, 2004 Policy Specialists Warn Of Significant Implications The U.S. Department of Justice, Federal Bureau of Investigation and Drug Enforcement Administration -- referred to in telecom circles as LEAs' (an acronym for Law Enforcement Agencies) -- are pressing the FCC for sweeping changes in the commission's rules governing compliance with the 1994 Communications Assistance for Law Enforcement Act (CALEA). Specifically, the agencies are asking the commission to immediately undertake a rulemaking that would: Extend the LEAs' access for authorized wiretaps to a broad array of new, packet-based networks, push-to-talk "dispatch" systems, and other advanced communications technologies; Establish firm, short deadlines for compliance by communications services providers and networks that are deemed covered under CALEA; Restrict the FCC's culture of granting extensions for CALEA compliance by specifying the criteria for extensions of any benchmarks and deadlines; and Establish procedures for enforcement actions against entities that do not comply with their CALEA obligations. Impact Potentially Broad The LEAs' proposals, if fully adopted by federal regulators, could have a major impact on many sectors of the telecommunications and information technology services, as well as the manufacturing sectors, according to policy experts in the Global Telecommunications and Technology Group at the international law firm of Coudert Brothers LLP. In a March 22 advisory to Coudert's clients, the firm's policy analysts warned that hardware and software manufacturers could see a significant demand for affordable solutions to bring a variety of communications technologies into CALEA compliance. Special attention would be focused on Internet-related, Voice over Internet Protocol (VoIP), and some wireless technologies, if the LEA's primary objectives are achieved. Indeed, providers of broadband access, broadband telephony, and advanced communications technology could face relatively short deadlines to implement either standardized or individual solutions so that law enforcement can have ready access to their networks, if needed. Even those operators and manufacturers that are already working towards CALEA compliance could face more stringent deadlines for implementation of solutions, if the LEAs' requests are even partially adopted by the FCC, according to Coudert's experts. Broader Compliance Required In their joint petition to the FCC, the LEAs contend there is an urgent need for the FCC to act in light of the rapid movement of traffic from legacy switched-circuit systems to newer, packet-based systems. This technological revolution is accompanied by the emergence of new telecommunications service providers that may not fit neatly into the definitions for telecommunications operators in the Communications Act of 1934, as amended by the Telecommunications Act of 1996, they say. The LEAs also claim that previous decisions by the commission have led to continuing disputes between the law enforcement community and the telecommunications and information services industries over which services and providers are covered by CALEA. Thus, the LEAs advocate that the FCC formally: Identify the types of services and entities that are subject to CALEA; Identify the services that are considered packet-mode services; and Determine that broadband access services and broadband telephony services are subject to CALEA. Mobile Services The petition urges the FCC to reaffirm its earlier decision that push-to-talk "dispatch" services are subject to CALEA to the extent these services are interconnected. The LEAs claim that these new systems are being implemented without reference to CALEA obligations and therefore the new networks are not accessible to law enforcement wiretaps. Future Services The LEAs' petition advocates that the FCC establish rules that would facilitate the easy and rapid identification of future CALEA-covered services and entities. Such rules, they argue, would include any service that is in competition with a service already complying with CALEA, any entity offering electronic communications (including packet-switching and transmission) to the public for a fee, and any packet-based technology or service presently covered by CALEA, but offered over a new communications technology. Moreover, the LEAs propose that the FCC establish a procedure permitting any provider that is uncertain whether its new technology is subject to CALEA to seek clarification immediately from the FCC before implementing the service. Ending 'Automatic' Extensions The petition states that because industry standards-setting bodies have argued with the LEAs regarding the applicability of CALEA to packet-based technologies, few standards have been published and those that have are deficient. This lack of standards has provided an easy excuse for manufacturers to postpone the production of equipment and carriers to seek extensions of CALEA implementation deadlines, even though, the LEAs argue, carriers are obliged to meet the deadlines with either standardized or non-standardized solutions. The LEAs are asking the FCC to: Set implementation deadlines for CALEA compliance and require benchmark filings by operators to keep the FCC informed as to their progress; Require operators to state what type of interception technologies they intend to implement on their packet-based networks; Set short, closely monitored extensions of time; and Establish procedures for enforcement actions if operators fail to meet CALEA implementation deadlines. Customers To Bear The Costs The LEAs want the FCC to establish rules (1) confirming that carriers bear the sole financial responsibility for complying with CALEA and adapting post-1995 equipment, facilities and services; (2) permitting carriers to pass the costs of the capital improvements required to make networks CALEA-compliant onto their customers; and (3) requiring law enforcement organizations only to pay for the cost of implementing specific, duly authorized wiretaps, not the capital costs incurred to make such wiretaps possible. The FCC, which has been anticipating the LEAs' petition, has already put the matter on public notice. The commission is asking all interested parties to file comments by April 12and reply comments by April 27. Filing of the petition by the LEAs came close on the heels of a Notice of Proposed Rulemaking (NPRM) by the FCC regarding the proper regulatory treatment of VoIP and other packet-enabled communications systems. The NPRM referred to the importance of support for law enforcement agencies by the communications industry and the FCC's plan to open a separate rulemaking proceeding that would run in tandem with the NPRM. In placing the LEAs' petition on public notice, the FCC reiterated that it would work closely with the LEAs to make certain that their requirement for support of lawfully authorized wiretaps are met. Against the backdrop of the recent Madrid train bombings, coupled with the intense scrutiny that national security and terrorism-related issues are already receiving in the presidential election campaign, the FCC can be expected to respond to the LEAs' petition as quickly as possible, the Coudert experts say. However, the issues raised by the LEAs will be difficult to resolve both legally and in practical terms, given the architecture of modern telecommunications networks, they add. www.telecomweb.com -- Dave Emery N1PRE, die at dieconsulting.com DIE Consulting, Weston, Mass 02493 From rah at shipwright.com Thu Apr 8 16:57:10 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 8 Apr 2004 19:57:10 -0400 Subject: Hierarchy, Force Monopoly, and Geodesic Societies In-Reply-To: <4075E38B.C6C87612@cdc.gov> References: <4075E38B.C6C87612@cdc.gov> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 4:43 PM -0700 4/8/04, Major Variola (ret) wrote: >Feel free to ignore any constructive hints of course :-) your prose >is more >identifying than your pk sig. Apropros of actually something, that's how they used to go after Detweiller around here when he was spoof-a-licious mode. With a concordance program. Cheers, RAH "...and don't make me haul out the ~56k rant I wrote about reputation, behavioral persistence, and biometric holography, either, sunnyboy..." -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQHXmzMPxH8jf3ohaEQK7iwCgsXyzrppu1FvPoiC/dd//L73CwU8AnjDJ KTM462CvAUcvXPm8zOQLOrFN =/vC4 -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu Apr 8 16:59:52 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 8 Apr 2004 19:59:52 -0400 Subject: Von Neumann machine - Wikipedia In-Reply-To: <4075E20F.78917265@cdc.gov> References: <4075E20F.78917265@cdc.gov> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 4:36 PM -0700 4/8/04, Major Variola (ret) wrote: >The L-5 dude? I never knew he dabbled in mental-nano-masturbation. >I'm familiar with his macroscopic living-in-$pace speculations. No. He talked about Von Neumann machines. We don' need no steenkin' nano, gringo, especially circa 1983 or so. Conceivably you could build machines that replicate themselves without manipulating individual atoms, yes? >BTW, surely you can find a better ref than Wpedia? Why? It pops out of google just fine, it answers your point adequately, and it's what I remember from the Old Days, back when, as an infant, I played at the feet of the Old Ones. :-). Besides, my n-ty volume set of the 1911 Encyclopedia Britannica is in the master library -- or is it the smoking room -- of the country house, so I don't have it at hand at the moment... ;-). Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQHXnb8PxH8jf3ohaEQJxgQCg4czdmcdd3a3tdGxi6Rgxkw1pRW0An1SK QY+XU/r+wnvFHPb10wSV9GWf =+GM+ -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Thu Apr 8 17:46:04 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 08 Apr 2004 20:46:04 -0400 Subject: Hierarchy, Force Monopoly, and Geodesic Societies (Re: [irtheory] Re: Anarchy and State Behaviors) Message-ID: "The pre-microprocessor automation of telephony (pulse and then touchtone dialing) put expensive automation at the top of the hierarchy, and, as costs fell, moved down from there." Well, from the little I can understand of what you're saying, there seems to be some stuff worthy of at least cursory consideration there. However, the analogy to switching systems is a little off. For one, a telephony switch isn't really something that can be measured on one axis (ie, throughput). There are two (or perhaps 3) axes that really describe the family of telephony switches: throughput and granularity. Back in my telecom days I used to joke that "In my pocket I have a switch matrix capable of 100 Terabits of throughput"...whereupon I'd whip out a (fiber) jumper, and point out that this jumper could "switch" 100Tb "from this port to this port". (This is an exageration of claims made about the throughput of OXCs, or optical cross connects.) This is important because it is indicative of the fact that there is no hierarchy of switches as you describe in a telephony switch. A Broadband DCS doesn't somehow control the network. In fact, you could argue that the 'little' 5ESS switches out on the edge ultimately control the network, though even that would be inaccurate. No, the entire phone network is "governed" externally by an OSS. I don't really see how this is describable by a hierarchy per se, and certainly not a hierarchy that can somehow be traced to a linear measure of switching capability. As for the tem "geodesic", I have to admit it's cool sounding in this context. -TD >From: "R. A. Hettinga" >To: irtheory at yahoogroups.com >CC: cypherpunks at al-qaeda.net >Subject: Hierarchy, Force Monopoly, and Geodesic Societies (Re: [irtheory] >Re: Anarchy and State Behaviors) >Date: Thu, 8 Apr 2004 13:56:47 -0400 > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >At 4:41 AM +0000 4/8/04, Daniel Pineu wrote: > >I am very curious about what are your views about the twin concept > >of hierarchy > >Hierarchy emerges as a result of the economics of information >switching. > >When you have expensive nodes (brains) and inexpensive lines >(behavior, talking, writing, whatever), you end up with hierarchical >networks. > >When you have a small number of nodes in a network, hierarchical >switching (i.e. chains of command, etc.) can't emerge because direct >communication is possible. For instance, in neurobiology, emotion is >a way of weighting memory. In human networks, we have the ability to >have significant emotional relationships with about 12-16 people at a >maximum, not coincidentally the size of a hunter-gatherer band, a >social unit that stayed with humanity, from our virtual evolution as >a separate species until sedentarianism, which preceded agriculture >by several thousand years, roughly 12-24,000 years ago. See Jared >Diamond's "Guns, Germs, and Steel" for a nice popular summary of this >process. > > >Food surplus creates an attractive nuisance, and causes large >populations of even solitary, non-social animals to create dominance >and social hierarchies, as a way of avoiding the wasteful expenditure >of energy that constant battle would involve. Salmon streams attract >Grizzly bears and Eagles, the town dumps at Churchill Manitoba >attracts Polar bears, house-cats in a farm-yard, and the intersection >of significant agricultural trading routes causes cities. >Proto-humans have traded since they invented tools, including sites >where hand-axes were literally manufactured at some negotiated rate >of exchange for raw materials collected a tens or hundreds of miles >away. > >Persistence of a food source over great lengths of time creates the >evolution of social animals. Wasps evolve into ants, cockroaches >evolve into termites, solitary proto-cats and -dogs become social >lions and wolves, and so on. As a counterexample, Orang-otans are >solitary because the distribution of food in jungles is uniform, >sparsely distributed, and random in appearance over time. > >Notice that the speed of information processing is also a component. >An Orang-Otan is a very sophisticated information processor, full of >data about what plants bear fruit, when they do so, and where they >are. And, contrary to popular belief, a beehive, or a termite or ant >nest, is not all *that* hierarchical in its organization. Do not >mistake functional specialization, like you find in ants and >termites, as hierarchy. See Kevin Kelly's "Out of Control" for a nice >survey of this idea. An ant "queen" is, in the final stage of her >life, a breeding machine, she doesn't signal, even in a gross sense, >what each worker does, in the same way that an army general does for >privates, for instance. > > >In mechanical information switching hierarchies, the fastest, most >expensive switches are at the top, and there is a single route >through the network. In the old phone network, you had a single >operator for a small enough town, and central offices in large cities >had rooms with hundreds of operators in them. The pre-microprocessor >automation of telephony (pulse and then touchtone dialing) put >expensive automation at the top of the hierarchy, and, as costs fell, >moved down from there. This fall in switching prices, exponential >after the invention of the microprocessor, is important, and I'll >talk about it more in a bit. > >Human switching hierarchies aren't so efficient, :-), but certainly >the most important information summaries are presented *near* the top >of a human-switched information hierarchy, and the most "expensive" >switches were certainly at the top, and economic rent being what it >is, people literally killed each other to be at the top of those >hierarchies. > >Which brings us to two principal features of international relations >through the industrial era: force monopoly, by which you literally >define a state whether it involves a single national cultural entity >or not, and information/social hierarchies, by which that state is >controlled . > >First of all there's the emergence of geographic force monopoly, >which is, more or less, a function of sedentarianism, and later >agriculture. Nomads may fight over the immediate use of local >resources, a watering-hole, say, but they don't set up principalities >(Mancur Olsen says in "Power and Prosperity" that a prince is a >bandit who doesn't move :-)). > >So, when you mix geographic force monopoly with social hierarchy you >get first cities, then city-states, then empires, and then >nation-states. The progression of which is driven directly by speed >of information processing, the span of communication, and the speed >of that communication over a specific distance. > >Oddly enough, it is the ability of communication to transmit >emotional information (first word of mouth, then words, then >pictures, then moving images and sound, all with ever increasing >instantaneity) that allows the mobilization of the most resources. >Because of their emotional attachment, people will die for their >modern nation-states much more readily than the normal merchant -- or >obviously slave -- would die for the current tyrant of their ancient >city-state, or feudal aristocrat. While it's safe to say that the >British Empire started this, Napoleon was the first memorable modern >exploiter of this phenomenon, if one remember that most of the >salient features of warfare changed at this time. Prisoners weren't >given parole anymore, for instance, but were kept throughout >hostilities. Warfare was not a game of honor anymore, but an issue of >one's individual and familial survival, the resources of all, not >just a trained cadre, could be mobilized for war. Because of the >emergence of mass media -- even Napoleon commissioned paintings and >drawings throughout each campaign, for instance, which were >re-printed in newspapers -- politics in France after the Revolution >created a much stronger emotional bond with the state than existed >under monarchy. The same thing happened in the United States, and it >has extended throughout the west and west-influenced world, until >nation-states are the dominant force structure in the world today. > >What's changing is that the price of information switching has, in >fact, *fallen*, since, paradoxically, the first real attempt to >create a "natural" monopoly out of the telephony market in the US. (I >say "create", with natural in quotes, because modern economics shows >us that only a force monopoly can create monopoly in another market.) >The paradox comes from the negotiation of universal service in >exchange for that monopoly, necessitating the automation of >switching. Mechanical switching (pulse-dial) became electronic >switching (touchtone), which, through the invention of the transistor >- - -- by AT&T to solve this very problem -- became microprocessor >switching. > >We now have an interesting problem, however, and a good explication >of the physical effects of this process can be found in Peter Huber's >"The Geodesic Network". > >Remember when I said above that network hierarchy evolves when nodes >are dear and lines are cheap. However, we have moved into a world in >which nodes can literally be printed, photolithographically. The >result is Moore's "Law", the observation (thus not a physical law) >that the number of transistors you can cram on a semiconductor >continues to double every 18 months or so, affecting processor, and >thus switching, prices, accordingly. > >[Nanotechology at least holds out the possibility of making Von >Neumann machines, that is, switches which make copies of themselves, >almost as if they were alive, dropping the cost even faster someday, >but, for the time being, we'll leave that one out there in the weeds, >where it belongs, but remember that progress can sneak up on you, if >you're not careful.] > >When you exponentially drop the price of something, you get >significant effects, some of which you can't predict. :-). > >In the case of physical network architectures, when nodes become >cheaper in relation to lines, even large hierarchical networks >collapse, or evolve, I suppose, into geodesic structures, like the >kind of domes that Bucky Fuller used to build, or the structures you >get in carbon when you burn it right and get so-called "buckyballs", >which are spheres that look like the same thing. When a bunch of >these networks are hooked together, you get a ubiquitous geodesic >internetwork, the internet, which is what we have today. If you go >look at graphs of the internet, you can tell that huge parts of it >are physically geodesic, and certainly, in logical performance, the >network is completely geodesic. > >The result is logical "communities", like this one, instead of >geographic ones. Communities where people in different parts of the >world can talk to each other on a single topic, or, even, act in >consort to make something happen, like, say, develop some open-source >code. > >Or conspire to fly an airliner into a building -- something that >wasn't possible without the simulator technology enabled by Moore's >Law, and which, as software which can be transmitted and eventually >used *anywhere* someday, is an interesting feature of geodesic >society that can be discussed some other time. > > >The history of humanity, from the discovery of wild fields of edible >grass seed in Mesopotamia until the early 20th century, has been the >history of ever-increasing social hierarchy. Social hierarchy which >has grown as our ability to store larger amounts of information and >to transmit it faster and faster over greater distances, but, as >hierarchy itself, has not changed in structure until recently, when >the price of information switching has fallen dramatically in >relation to the cost of transmitting it, which itself is also falling >very fast. > >I would claim that this points to increasingly geodesic, instead of >hierarchical, forms of social organization, and that politics, as an >effect of physics, and not a cause of same, :-), will be changed as a >result. > >I think that what we call "terrorism", is in fact, a form of geodesic >warfare, for instance. I think that geodesic methods are the only way >to protect ourselves from it. The use of GPS and JDAMs in Afghanistan >by special forces to destroy whole armies is just the beginning of >such kinds of defense, and, frankly, I think we're looking at a world >of network-organized entities competing for resources using >network-organized force. > >Personally, I think that results in auction-priced markets force and >the end of the efficacy of geographic force monopoly as an effective >way to control physical resources. > >Princes will go back to being bandits, in other words, which, like >all progress, if it's cheap enough, is a *good* thing. :-). > >That, I believe, is the very definition of anarchy, at least in terms >of political economics. And, since, like physics, politics is an >*effect* of economics, not the other way around... Well, you get the >idea. > >Cheers, >RAH > >-----BEGIN PGP SIGNATURE----- >Version: PGP 8.0.3 > >iQA/AwUBQHWSRsPxH8jf3ohaEQLl4ACgivxynGisIYyigyJbRQySe1pcMmgAmwWe >WtCP+c84v89nnhTfYIkp7sE0 >=sPPT >-----END PGP SIGNATURE----- > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' > _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar  get it now! http://toolbar.msn.com/go/onm00200415ave/direct/01/ From rah at shipwright.com Thu Apr 8 18:45:23 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 8 Apr 2004 21:45:23 -0400 Subject: [osint] Gulf conference tackles terror financing Message-ID: --- begin forwarded text From mixmaster at remailer.privacy.at Thu Apr 8 14:16:13 2004 From: mixmaster at remailer.privacy.at (privacy.at Anonymous Remailer) Date: Thu, 8 Apr 2004 23:16:13 +0200 (CEST) Subject: voting Message-ID: Perry Metzger writes, on his cryptography list: > By the way, I should mention that an important part of such a system > is the principle that representatives from the candidates on each side > get to oversee the entire process, assuring that the ballot boxes > start empty and stay untampered with all day, and that no one tampers > with the ballots as they're read. The inspectors also serve to assure > that the clerks are properly checking who can and can't vote, and can > do things like hand-recording the final counts from the readers, > providing a check against the totals reported centrally. > > The adversarial method does wonders for assuring that tampering is > difficult at all stages of a voting system. On the contrary, the adversarial method is an extremely *weak* source of security in a voting system. In the first place, it fails for primary elections where there are multiple candidates, all of one party, running for a position. It's not unusual to have a dozen candidates or even more in some rare cases (the California gubernatorial election, while not a primary, had hundreds of candidates running for one seat). It is impractical for each candidate to supply an army of representatives to supervise the voting process, nor can each polling place accommodate the number of people required. In the second place, it fails for elections with more than two parties running. The casual reference above to representatives "on each side" betrays this error. Poorly funded third parties cannot provide representatives as easily as the Republicans and Democrats. We already know that the major parties fight to keep third party candidates off the ballots. Can we expect them to be vigilant in making sure that Libertarian and Green votes are counted? In the third place, tampering has to be protected against in each and every voting precinct. Any voting station where the voting observers for one party are lax or incompetent could be identified in advance and targeted for fraud. Given that these observers are often elderly and have limited faculties, such frauds are all too easy to accomplish. It's baffling that security experts today are clinging to the outmoded and insecure paper voting systems of the past, where evidence of fraud, error and incompetence is overwhelming. Cryptographic voting protocols have been in development for 20 years, and there are dozens of proposals in the literature with various characteristics in terms of scalability, security and privacy. The votehere.net scheme uses advanced cryptographic techniques including zero knowledge proofs and verifiable remixing, the same method that might be used in next generation anonymous remailers. Given that so many jurisdictions are moving towards electronic voting machines, this is a perfect opportunity to introduce mathematical protections instead of relying so heavily on human beings. I would encourage observers on these lists to familiarize themselves with the cryptographic literature and the heavily technical protocol details at http://www.votehere.com/documents.html before passing judgement on these technologies. From rah at shipwright.com Thu Apr 8 20:33:15 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 8 Apr 2004 23:33:15 -0400 Subject: For Guidance in Iraq, Marines Rediscover A 1940s Manual Message-ID: The Wall Street Journal April 8, 2004 PAGE ONE For Guidance in Iraq, Marines Rediscover A 1940s Manual Small-War Secrets Include: Tips on Nation-Building, The Care of Pack Mules By GREG JAFFE Staff Reporter of THE WALL STREET JOURNAL April 8, 2004; Page A1 When Maj. Matthew Chisholm shipped out to Iraq in February, he stuffed his dogeared copy of the "Marine Corps Small Wars Manual" -- a 64-year-old guide to battling guerrillas -- into his backpack. "I brought it as a checklist or mental nudge," says the civil-affairs officer. "[It] pretty much describes the intent of everything I do over here: rebuild schools, roads and police stations." It also describes a lot of things Maj. Chisholm isn't likely to see. Dozens of pages are dedicated to the care and feeding of pack mules. "Never feed fresh grass to an overheated animal," it warns. Some passages are, at the same time, naove and patronizing: "Inhabitants of countries with a high rate of illiteracy have many childlike characteristics ... eliciting the untarnished truth from them requires patience beyond words." Another section covers the "killing and dressing of game," warning that meat cooked after rigor mortis has set in will be tough unless it is first boiled in vinegar. In its three-week drive to Baghdad last year, the U.S. military relied heavily on satellite-guided bombs and supersonic jets. But now it is looking to this anachronistic book for some answers. The 446-page manual was born out of three decades of hard-won experience. From 1898 to 1934, the Marines fought a number of small wars, in the Philippines, Cuba, Honduras, China, Nicaragua and the Dominican Republic. They clashed with guerrillas, built constabularies and held elections. Then, in 1940, a group of Marines set out to capture in writing the lessons of those battles. One year after their book was finished, the U.S. found itself embroiled in World War II, and the manual was forgotten. The manual was classified until 1972. Thus, in Vietnam, where it might have been useful, it wasn't widely distributed and wasn't much read. Now, it is popping up everywhere. Last month, the Marine Corps passed out copies to all officers headed to Iraq. William Luti, an adviser to Secretary of Defense Donald Rumsfeld and one of the architects of the Iraq war, keeps a copy on a coffee table in his Pentagon office. He praises the book for its keen recognition that in small wars support of the locals is far more important than raw firepower. "One of the visionary aspects of this work is its focus on the social and psychological aspects of small wars," Mr. Luti says. 3 The Marine Corps Small Wars Manual, written in 1940. (Read the manual at www.smallwars.quantico.usmc.mil4) Democrats cite it, too. "We know how to fight wars like Iraq. We even have a how-to guide in the Marine Corps's Small War Manual," Rep. Ike Skelton of Missouri, the senior Democrat on the House Armed Services Committee insisted last October at a hearing on Iraq reconstruction. Some soldiers and Marines say the fat book has been mythologized by a military that is struggling with change. "It's cited more often than it is actually read," says Lt. Col. Richard Lacquement, who served with the 101st Airborne Division in Iraq. Col. Lacquement suggests that at a time when the U.S. military has been pulled into an unfamiliar and complex guerrilla war, the book harks back to the Banana Wars in Latin America and the Caribbean in the 1920s and 1930s. "The idea that we have a history of doing these sorts of missions well is comforting for a tradition-minded organization like the military," he says. Others say the book has caught on because there are so few alternatives. "The Small Wars Manual is so popular today not because of its excellence -- although much of it is very good -- but because it has little serious competition," says Army Maj. John Nagl, who is deployed near Ramadi, the site of some of the fiercest fighting since the end of the war, and is the author of a history of modern counterinsurgency. In the absence of anything better, the book has become must reading for muddy-boot troops. Before he embarked last week on a four-day mission to track down enemy fighters raining mortars down on a U.S. base near Fallujah, Marine Corps Capt. Adam Strickland reread the sections of the manual that discuss how to cordon off an area infested with enemies. Even the much-derided mule sections are proving useful in Iraq, he says. Marines still keep a handful of mules in California to practice using the animals to carry gear into war. "Unfortunately Marines get hung up on the pictures of the donkeys with rockets on their backs, but what is ironic is that we search every donkey we see here for that exact reason," he writes from Iraq. And well they might. Last November, insurgents packed rockets into a donkey cart and fired them at the Iraq Oil ministry. In Afghanistan, Army Lt. Col. Raymond Millen, who helped write training guidelines for U.S. troops working with the new Afghan National Army, spotted the manual on a colleague's bookshelf. For him the sections on building local constabularies proved prescient. In both Iraq and Afghanistan, U.S. efforts to build native armies were plagued by desertions. Recruits complained of poor pay and lousy equipment. At first, U.S. officers worried about the message they'd be sending if they paid young soldiers more than most Iraqis and Afghanis earn. Eventually, the U.S. raised salaries. But had U.S. officers studied the "Small Wars Manual" earlier, some missteps might have been avoided. "In establishing an organization of native troops, attempts should be made to provide better clothing and shelter and food than native civilians of the same social class. This is ... an important morale factor," the book notes. The Marine Corps earlier this year completed a draft update to the original "Small Wars Manual" -- a project that had progressed in fits and starts for almost a decade. One of the manual's principal authors, retired Lt. Col. Noel Williams, was working on the document in the Pentagon on Sept. 11 when a jet struck close to his office. Smoke and fire damage forced him to move out of the building and finish his draft at a nearby annex. One addition is a section that focuses on how the enemy has changed. When the original manual was written, insurgents were motivated primarily by nationalism and confined attacks to a single country. Today's enemies are often driven by religious fervor and a desire to wreak havoc world-wide, the update notes. Also, weaponry is potentially far more powerful. And information technology has increased enemies' reach "to a global scale." In addition to the printed manual, Col. Williams created a "Small Wars" Web site where soldiers and Marines can post hints on everything from avoiding roadside bombs in Iraq to surviving at high altitudes in Afghanistan. "I wanted to give Marines the ability to print off the most current and relevant postings and then stuff them in the pockets of their cargo pants," he says. In February the Marines gave 100 copies of the draft update to officers heading for Iraq and asked them to make suggestions for improving it based on their real-world experience. But, Col. Williams says, "The original will still be on the shelf. We'll still use it." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From anmetet at freedom.gmsociety.org Thu Apr 8 23:08:39 2004 From: anmetet at freedom.gmsociety.org (An Metet) Date: Fri, 9 Apr 2004 02:08:39 -0400 Subject: Gmail as Blacknet Message-ID: <4e35cfec9650eee1e233e0b4b98fd408@anonymous> Tyler Durden writes: > "Ironically, some of the features of Gmail bear resemblance to BlackNet. > In particular, its claimed policy of retaining email indefinitely, > even after the recipient has stopped using the account, is reminiscent > of BlackNet's function as a data haven, as well as other Cypherpunk > projects like the Eternity Network. This retention is objectionable to > conventional privacy groups, but Cypherpunks will recognize it as being > deeply in accord with their values." > > Poo poo. The difference between a potential blacknet and Gmail is that > there's little doubt that google will cough up the true names of > objectionable posters, if and when anyone looking even remotely > authoritative/governmental comes pounding on their doors. In a worst-case > Blacknet, my True Name will only be gettable by agents of the state via the > expenditure of very large amounts of resources, if at all. You have missed the point of the analogy entirely. BlackNet makes information available even when the subjects of the information (or any other parties) want it suppressed. It is a censorship-proof store of data. If information about you is stored in BlackNet, anyone can get access to it (for a price, perhaps), and you can't do anything about it. To make Gmail more like BlackNet, you should first do as others have suggested and access it via cryptographic anonymity techniques (see the recent announcements for the onion routing network now being developed, http://www.freehaven.net/tor. Now you can use it as a store of data for your pseudonym without linking to your true identity. A second step is to then PGP-encrypt all email going to your Gmail address. This could be done easily by someone writing a mail forwarder which accepted email for any username, looked up a PGP key for that name and encrypted the email, then forwarded it along to the corresponding username at Gmail. This would be less than one page of Perl. You would give out the name of a system running such a script as your email address, but your encrypted mail would then be stored and accessed at Gmail. You'd gain the advantage of their multi gigabyte storage facility while protecting the privacy of your own email. And I'd like to see their adwords facility struggling to come up with something appropriate when the only legible text is "BEGIN PGP ENCRYPTED MESSAGE". A third step is to get a browser plugin which would transparently decrypt PGP encrypted email stored at web mail services like Gmail, Yahoo mail, etc. At one time this would have been an overwhelmingly difficult task due to the multiplicity of browsers; at a later time, it would have been impractical due to the dominance of IE; but today, with Mozilla becoming a widely used, standardized, open source alternative to IE, it is finally possible for such browser customizations to become generally available and useful. So there you have it, a simple three step program to turn your Gmail account into a privacy-protected, virtually unlimited-size data store. From ray at unipay.nl Thu Apr 8 17:38:21 2004 From: ray at unipay.nl (R. Hirschfeld) Date: Fri, 9 Apr 2004 02:38:21 +0200 Subject: Firm invites experts to punch holes in ballot software In-Reply-To: <407459B7.2030609@systemics.com> (message from Ian Grigg on Wed, 07 Apr 2004 15:42:47 -0400) References: <407459B7.2030609@systemics.com> Message-ID: <200404090038.i390cLwG010738@home.unipay.nl> > Date: Wed, 07 Apr 2004 15:42:47 -0400 > From: Ian Grigg > > It seems to me that the requirement for after-the-vote > verification ("to prove your vote was counted") clashes > rather directly with the requirement to protect voters > from coercion ("I can't prove I voted in a particular > way.") or other incentives-based attacks. > > You can have one, or the other, but not both, right? What you can have is for the voter to be able to verify that his/her vote was properly counted without being able to prove it to anybody else. In that case, an individual claim that a vote was improperly counted wouldn't be convincing, but a wide enough outcry might trigger a recount. I think this would add unnecessary and undesired complexity to a political election voting system, though. Ray From article at mises.org Fri Apr 9 06:15:18 2004 From: article at mises.org (Mises Daily Article) Date: Fri, 9 Apr 2004 09:15:18 -0400 Subject: What Brought on the French Revolution? Message-ID: http://www.mises.org/fullstory.asp?control=1489 What Brought on the French Revolution? By H.A. Scott Trask [Posted April 9, 2004] No matter how much the American economy grows during the next decade, the government will have serious trouble funding expanding entitlements, increased education spending, and ongoing wars in the Middle East, while maintaining a global military constabulary and presence everywhere. Something has to give. No matter how one crunches the numbers, a crisis is looming, and Americans are bound to see their standard of living fall and their global empire collapse. It has happened before. Consider that seminal and catastrophic event that inaugurated the era of mass politics, bureaucratic centralism, and the ideological statethe French Revolution. It is a large and complex event worthy of a Gibbon, but it may not have happened at all if the French monarchy had balanced its budget. While the causes of the Revolution are many, the cause of the crisis that brought on the Revolution is not. It was a fiscal and credit crisis that weakened the authority and confidence of the monarchy so much that it thought it had to convene a defunct political assembly before it had safely carried out a successful program of liberal constitutional and free market reform. It would be as if the American federal government called a constitutional convention with an open agenda and hoped that all would go smoothly. The Estates General lasted only a little over a month before the leaders of the Third Estate (the bourgeoisie, artisans, and peasantry) transformed it into a National Assembly and took political power from the monarchy. The Revolution was on. Revisionist historians have challenged the standard interpretation of pre-revolutionary France as a country with a stagnant economy, an oppressed peasantry, a shackled bourgeoisie, and an archaic political structure. In Citizens (1989), Simon Schama describes France under Louis XVI as a rapidly modernizing nation with entrepreneurial nobles, a reform-minded monarchy, nascent industrialization, growing commerce, scientific progress, and energetic intendants (royal administrators in the provinces). Moreover, Montesquieu was in vogue; the English mixed constitution was the cynosure of political reform, and the economic philosophy of physiocracy, with its belief in economic law and advocacy of laissez faire, had discredited the dogmas of state mercantilism. Turgot argued perceptively that another war with England would derail his reform program, bankrupt the state, and, even if successful, do little to weaken British power. In 1774, Louis XVI appointed Jacques Turgot, a Physiocrat, to be Controller-General of Finances. Turgot believed that subsidies, regulations, and tariffs were crippling productivity and enterprise in France. End them, he advised the king, and business would thrive and state revenues increase. He proposed an ambitious reform program that included taking down internal custom barriers, lifting price controls on grain, abolishing the guilds and the corvee (forced labor service), and devolving political power to newly created provincial assemblies (two of which he established). Turgot envisioned a federated France, with a chain of elected bodies extending from the village through the provinces to some form of national assembly. Not surprisingly, there was both aristocratic and popular opposition to these reforms, but what really doomed them was Turgot's inveterate opposition to French intervention in the American War of Independence. Many were still stewing over the humiliating and catastrophic defeat suffered by France in the Seven Years' War (17561763). The country had lost her North American possessions (Quebec, Louisiana) and all of French India, except two trading stations. The foreign minister (Vergennes) calculated that by helping the Americans gain their independence they could weaken the British Empire, gain revenge, and restore France's previous position as one of the world's two superpowers. Turgot argued perceptively that another war with England would derail his reform program, bankrupt the state, and, even if successful, do little to weaken British power. "The first gunshot will drive the state to bankruptcy," he warned the king. It was to no avail. International power politics and considerations of national prestige took precedence over domestic reform, and the king dismissed him in May 1776. He would be proved right on all three points. The French began covertly supplying war material to the rebellious colonists in 1777, and in 1778 they signed a treaty of alliance with the Americans. Throughout the war, they supplied hard money loans, and underwrote others for the purchase of war supplies in Europe. In 1780, they landed a 5,000-man army in Rhode Island. In 1781, the French navy blockaded Lord Cornwallis's army at Yorktown. Turgot's successor Jacques Necker, a Swiss banker, financed these expenditures almost entirely through loans. Although successful, France's intervention cost 1.3 billion livres and almost doubled her national debt. Schama writes, "No state with imperial pretensions has, in fact, ever subordinated what it takes to be irreducible military interests to the considerations of a balanced budget. And like apologists for military force in twentieth-century America," imperialists "in eighteenth century France pointed to the country's vast demographic and economic reserves and a flourishing economy to sustain the burden." Even more, they claimed that prosperity was "contingent on such military expenditures, both directly in naval bases like Brest and Toulon, and indirectly in the protection it gave to the most rapidly expanding sector of the economy." Plus ca change, plus c'est la meme chose. The new Controller General made no effort to restrain domestic or court spending. The result was a peacetime spending spree and chronic budget deficits. Necker was neither a financial profligate nor an ultra royalist. He was simply financing a war that the government deemed to be in the national interest. During the conflict, he held down royal expenditures at home, eliminated many sinecures, published a national budget in 1781, and proposed the formation of a third provincial assembly. However, when his request to join the royal council (as a Protestant, he was barred) was rejected, he resigned. His immediate successor, Joly de Fleury, restored many of the offices he had eliminated. Upon the return of peace with the signing of the Treaty of Paris (1783), the monarchy had another opportunity to institute economic, financial, and political reforms, but it squandered it. Just as with the first Bush administration after the Cold War, there would be no peace dividend. The government was determined to exploit the vacuum created by British defeat to restore French imperial power. Their global strategy was to maintain a standing army of 150,000 men to defend the borders and preserve the balance of power on the Continent while building up a transoceanic navy capable of challenging the British in all the world's oceans. What is more, the new Controller General, Calonne, made no effort to restrain domestic or court spending. The result was a peacetime spending spree, chronic budget deficits, and the addition of 700 million livres to the national debt. By 1788, debt service alone would absorb fifty percent of annual revenue. It was guns and butter, French style. Today we are savoring it, Texas style. In a few years, Calonne was faced with an imminent fiscal catastrophe. The annual deficit in 1786 was projected to be 112 million livres, and the American war loans would begin falling due the next year. Action was imperative. Such was the power of liberal and federalist ideas in France that Calonne summoned the Physiocrat Dupont de Nemours, a former Turgot associate, to advise him. Meanwhile, with their blessing, the foreign minister, Vergennes, signed a free trade agreement with Great Britain (1786). With the help of Nemours, Calonne proposed the following measures to open up the French economy: the deregulation of the domestic grain trade, the dismantling of internal custom barriers, and commuting the corvee into a public works tax. To raise a regular and equitable revenue, he suggested a "territorial subvention," (i.e. a direct tax levied on all landowners, without exception, to be assessed and levied by representative provincial assemblies). Calonne remembered the mistake Turgot had made ten years before. He had relied exclusively on royal authority to enact his program and in so doing had antagonized the nobility who did not like being presented with a fait accompli. To avoid a similar fate, Calonne suggested the summoning of an Assembly of Notables for early 1787 to consider, modify, and sanction the reforms before they were sent to the Parlement of Paris for registration (making them law). The king approved Calonne's whole program in December 1786. Here was the last chance for the monarchy to institute a program of decentralist constitutional and liberal economic reform that would free the economy, solve the fiscal crisis, transmute absolutism into constitutionalism, and avert an impending political cataclysm. Alas, as excellent and necessary as were Calonne's reforms, he was not the right man to see them through. He was deeply unpopular for his lavish court spending and for using his office to cultivate various corrupt stock schemes. The nobility did not trust him, and the people despised him. Recognizing he was a liability, the king dismissed him and appointed Lomenie de Brienne in his stead. Brienne was a high noble, a Notable, and a reformer. The Assembly was supportive of all the reforms, except the taxes. Here they balked. Before they would give their sanction to new taxes, they wanted the king to publish an annual budget and to agree to a permanent commission of auditors. Their concern was obvious. Why should they agree to changes that would increase royal revenue if they had no way of monitoring royal expenses to see if those funds were being prudently spent? Now the king balked. He thought the proposals an infringement on his prerogatives over the finances and the budget. He vetoed them. It was a grievous error, but typical of the vacillating mind of the king and the intellectual fetters of an absolutist political tradition. The Parlement of Paris duly registered the decrees freeing the grain trade, commuting the corvee, and setting up the provincial assemblies, but they would not register the stamp duty or the land tax. They claimed that only the Estates General, the medieval representative assembly of the three estates of the kingdom (clergy, nobility, and commons) that had last met in 1614, could approve the taxes. The nobles were gambling that Louis would never dare call for an assembly of the Estates. It was a clever stratagem for defeating the tax proposals without incurring the popular odium for doing so. The nobility and clergy would not give up their tax exemptions nor grant the monarchy a potentially inexhaustible new source of revenue without a share of political power. An unforeseen consequence was to create a popular expectation for the reconvening of the Estates. This time the nobility erred. If the monarchy had not been so pressed for funds to stave off bankruptcy, they could have declared the registered edicts a victory for reform and waited for another day to deal with taxes. Not having that luxury, Brienne and the king panicked. They decided to resort to the weapons of royal absolutism to force through the tax reforms. They issued lits de justice declaring the new taxes to be law by royal will. Second, they exiled the recalcitrant Parlement to Troyes. The public outcry and institutional resistance to these tyrannical measures was such that the monarchy had to back down. The king recalled the Parlement and withdrew the lits de justice. Brienne now requested that the Parlement register new royal loans to stave off bankruptcy. It did so, but it again called for the re-convening of the Estates General. It also attempted to establish its new position as a de facto parliament. It declared that royal decrees were not law unless duly registered by the parlements and denied the constitutionality of both lits de justice and lettres de cachet (royal arrest warrants). The king and Brienne believed that the future of royal absolutism was at stake, so they responded with force. They surrounded the Parlement with troops. The king stripped it of its powers of remonstrance and registry, and he invested those powers in a new Plenary Court to be appointed by him. The May coup turned both the nobility and the clergy against the Crown, excited civil protest and unrest, and created a political crisis to match the seriousness of the fiscal crisis. Once again, a foolish attempt to preserve inviolate the senescent institutions of absolutism had failed. By August 1788, the monarchy was bankrupt and without credit. It could borrow new funds neither in Paris nor Amsterdam. Brienne had no choice but to resign. The king recalled Necker, who was the one man who had the confidence of investors, was trusted by the nobility, and popular among the masses. The king also summoned the Estates General to meet in May 1789. The people would assemble by order in local assemblies and elect delegates. The electorate would comprise over six million Frenchmen. Schama calls it "the most numerous experiment in political representation attempted anywhere in the world." By tradition, the assemblies could draw up a list of grievances and requests which their representatives would take with them to Versailles. They would carry 25,000 of them. Students are taught that the nobility and clergy were determined to preserve the old order, the ancien regime, with most of their privileges intact, and admit only a modicum of change, while the Third Estate demanded a transformed France in which the watchwords would be liberty, progress, and modernity. The truth is almost precisely the opposite. The majority of the nobility envisioned a France that was rational, liberal, and constitutional. They were willing to surrender their tax exemptions and seigniorial dues. They called for the abolition of lettres de cachet and all forms of censorship; they wanted an Anglo-Saxon style bill of rights with constitutional protection for civil liberties. They recommended financial reforms: a published national budget, the abolition of the sale of government offices, and an end to tax farming. They also urged the abolition of the trade guilds and the suppression of internal custom barriers. While many of these recommendations are found in the cahiers of the Third Estate, they are eclipsed by material concernsunderstandable complaints about the high price of bread, the game laws, the gabelle (the salt tax), and the depredations of the tax collectors. There are also numerous criticisms of recent reforms, such as the free trade agreement with England, the lifting of price controls on grain, agricultural enclosures, and the granting of civil rights to Protestants. In short, the voice of the Third Estate was largely one of reaction, and while they wanted fewer taxes they wanted more government. According to Schama, "much of the anger firing revolutionary violence arose from hostility towards that modernization, rather than from impatience with the speed of its progress." If only the French elites had reformed. There would have been no Terror, no Napoleon, no centralizing, statist revolution. The Third Estate had some liberal merchants and innovative industrialists, but it had many more urban artisans and peasants. The latter believed they were getting the shaft and that the nobility and clergy, as well as the wealthy members of their own estate, were to blame. They wanted price controls reimposed on grain, restrictions put on its exportation, the prohibition of foreign manufactures, and the punishment of "speculators" and "hoarders." They found leaders among lawyer intellectuals of their own estate, and some visionary members of the others, who spoke in a charged language of grievance, polarity, and combat. Knowing little and caring less about economic liberty or federal constitutionalism, they spoke of patriots versus traitors, citizens versus aristocrats, virtue versus vice, the nation assailed by its enemies. They offered the masses panaceas for their plight, villains to blame, and promises that the possession of political power would heave in the dikes of privilege and unleash the fountains of wealth. Schama correctly deduces that it was the politicization of the masses that "turned a political crisis into a full-blooded revolution." Once the vast Third Estate was told that they were the nation and that a "true national assembly would, by virtue of its higher moral qualityits common patriotismprovide satisfaction, they were given a direct stake in sweeping institutional change." The abbe Sieyes' pamphlet What is the Third Estate? appeared in January 1789 and would be to the French Revolution what Thomas Paine's Common Sense (1776) had been to the American. By the time the Estates General convened in May, the masses and leading intellectuals regarded the continued existence of separate social orders with their own institutional representation not only as an obstacle to reform, but as unpatriotic, even treasonous. When the Estates General metastasized into the National Assembly in June 1789, it was the onset of a radical revolution. Liberty would not fare well on the guillotine. Through 1788 and into 1789 the gods seemed to be conspiring to bring on a popular revolution. A spring drought was followed by a devastating hail storm in July. Crops were ruined. There followed one of the coldest winters in French history. Grain prices skyrocketed. Even in the best of times, an artisan or factor might spend 40 percent of his income on bread. By the end of the year, 80 percent was not unusual. "It was the connection of anger with hunger that made the Revolution possible," observed Schama. It was also envy that drove the Revolution to its violent excesses and destructive reform. Take the Reveillon riots of April 1789. Reveillon was a successful Parisian wall-paper manufacturer. He was not a noble but a self-made man who had begun as an apprentice paper worker but now owned a factory that employed 400 well-paid operatives. He exported his finished products to England (no mean feat). The key to his success was technical innovation, machinery, the concentration of labor, and the integration of industrial processes, but for all these the artisans of his district saw him as a threat to their jobs. When he spoke out in favor of the deregulation of bread distribution at an electoral meeting, an angry crowded marched on his factory, wrecked it, and ransacked his home. >From thenceforth, the Paris mob would be the power behind the Revolution. Economic science would not fare well. According to Jean Baptiste Say, "The moment there was any question in the National Assembly of commerce or finances, violent invectives could be heard against the economists." That is what happens when political power is handed over to pseudo-intellectuals, lawyers, and the mob. The exponents of the rationalistic Enlightenment had stood for a constitutional monarchy, a liberal economic and legal order, scientific progress, and a competent administration. According to Schama, "They were heirs to the reforming ethos of Louis XVI's reign, and authentic predictors of the 'new notability' to emerge after the Revolution had run its course. Their language was reasonable and their tempers cool. What they had in mind was a nation vested, through its representatives, with the power to strip away the obstructions to modernity. Such a state . . . would not wage war on the France of the 1780s but consummate its promise." If only the French elites could have agreed on a course of reform along these lines, there would have been no Terror, no Napoleon, no centralizing, statist revolution. And it was the pressing financial crisis, brought on by deficit spending to fund a global empire that in the end frustrated the kind of evolutionary political and economic liberalization that is the true road of civilized progress. __________________________ Historian Scott Trask is an adjunct scholar of the Mises Institute. hstrask at highstream.net. See his article archive. Discuss this article on the blog. In response to many requests, it is now possible to set your credit-card contribution to the Mises Institute to be recurring. You can easily set this up on-line with a donation starting at $10 per month. See the Membership Page. This is one way to ensure that your support for the Mises Institute is ongoing. [Print Friendly Page] Mises Email List Services Join the Mises Institute Mises.org Store Home | About | Email List | Search | Contact Us | Periodicals | Articles | Games & Fun News | Resources | Catalog | Contributions | Freedom Calendar You are subscribed as: rah at shipwright.com Manage your account. Unsubscribe here or send email to this address. --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From shaddack at ns.arachne.cz Fri Apr 9 00:19:39 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 9 Apr 2004 09:19:39 +0200 (CEST) Subject: Steve Brinich: The Criminal Message-ID: <0404090916230.-1256151644@somehost.domainz.com> Dug this from my old archives, after finding out it vanished from the Net. Decade-old, but more truthful than before. May it provide some inspiration. -------------------------------------------------- Title: The Criminal Lyrics by: Steve Brinich Tune: The Idiot (Stan Rogers) Date: 1994 Found online at: http://www.access.digex.net/~steve-b/myfilks.htm Recorded on: Subject: Government [This is one of my reactions to the US government's attacks on freedom of electronic speech (I was thinking specifically about the government's Big Brother wiretap/encryption policies, but it applies equally well to the CDA and other such offenses. As for the politicians who vote for these abuses -- alas, cutting out the tongues of oathbreakers has gone out of fashion, so we will have to settle for turning them out to find honest work. They're sneaky characters, but groups such as the Voters' Telecom Watch, Electronic Frontier Foundation, etc. do a fairly good job of monitoring the hired help in Washington and sounding the alarm when they start getting out of line again.] I log onto this homebrew Net where the Feds are not around I've turned my back on Big Brother's track and made this open ground I slip past the surveillance taps; the alarms will make no sound I set up the link and I always think back to my old account I remember back six years ago, this outlaw life I chose When every day the news would say there's another rule to impose Well, I could have stayed and just obeyed, but I'm not one of those I'm remaining free, and that makes me a criminal, I suppose. So I bid farewell to the tamed old Net I never more will see But write I must, and I put my trust in human liberty Oh, I miss support, and the GUI ports, and the realtime videos But I like being free, and that makes me a criminal, I suppose. So, come you fine young hackers all, to the cyber underground This outlaw life's no paradise, but it's better than lying down Oh, the interface isn't cut-and-paste, and the system's often down But the government spies will set their eyes on a licensed Net account So bid farewell to the tamed old Net you never more will see Here your words will ship without censorship; there's real liberty You'll miss the bells and the fancy shells; here we just have plain old prose But you'll be free, and just like me, a criminal, I suppose. From camera_lumina at hotmail.com Fri Apr 9 06:58:00 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 09 Apr 2004 09:58:00 -0400 Subject: Gmail as Blacknet Message-ID: Well, I never claimed to be Einstein, but your "3 simple steps" sound a hell of a lot like my recipe for making a ham sandwich: First, order a steak in a restaurant. Second, tell them to add two slices of bread. Third, tell them you don't want beef as the primary meat of your steak, you want pork. Tell them, "Uh, change that pork to ham, and put it between the two slices of bread". Oi La! Instant Ham sandwich! -TD >From: An Metet >To: cypherpunks at al-qaeda.net >Subject: RE: Gmail as Blacknet >Date: Fri, 9 Apr 2004 02:08:39 -0400 > >Tyler Durden writes: > > "Ironically, some of the features of Gmail bear resemblance to BlackNet. > > In particular, its claimed policy of retaining email indefinitely, > > even after the recipient has stopped using the account, is reminiscent > > of BlackNet's function as a data haven, as well as other Cypherpunk > > projects like the Eternity Network. This retention is objectionable to > > conventional privacy groups, but Cypherpunks will recognize it as being > > deeply in accord with their values." > > > > Poo poo. The difference between a potential blacknet and Gmail is that > > there's little doubt that google will cough up the true names of > > objectionable posters, if and when anyone looking even remotely > > authoritative/governmental comes pounding on their doors. In a >worst-case > > Blacknet, my True Name will only be gettable by agents of the state via >the > > expenditure of very large amounts of resources, if at all. > >You have missed the point of the analogy entirely. BlackNet makes >information available even when the subjects of the information (or >any other parties) want it suppressed. It is a censorship-proof store >of data. If information about you is stored in BlackNet, anyone can get >access to it (for a price, perhaps), and you can't do anything about it. > >To make Gmail more like BlackNet, you should first do as others have >suggested and access it via cryptographic anonymity techniques (see the >recent announcements for the onion routing network now being developed, >http://www.freehaven.net/tor. Now you can use it as a store of data >for your pseudonym without linking to your true identity. > >A second step is to then PGP-encrypt all email going to your Gmail >address. This could be done easily by someone writing a mail forwarder >which accepted email for any username, looked up a PGP key for that name >and encrypted the email, then forwarded it along to the corresponding >username at Gmail. This would be less than one page of Perl. You would >give out the name of a system running such a script as your email address, >but your encrypted mail would then be stored and accessed at Gmail. >You'd gain the advantage of their multi gigabyte storage facility while >protecting the privacy of your own email. And I'd like to see their >adwords facility struggling to come up with something appropriate when >the only legible text is "BEGIN PGP ENCRYPTED MESSAGE". > >A third step is to get a browser plugin which would transparently >decrypt PGP encrypted email stored at web mail services like Gmail, >Yahoo mail, etc. At one time this would have been an overwhelmingly >difficult task due to the multiplicity of browsers; at a later time, >it would have been impractical due to the dominance of IE; but today, >with Mozilla becoming a widely used, standardized, open source alternative >to IE, it is finally possible for such browser customizations to become >generally available and useful. > >So there you have it, a simple three step program to turn your Gmail >account into a privacy-protected, virtually unlimited-size data store. > _________________________________________________________________ Get rid of annoying pop-up ads with the new MSN Toolbar  FREE! http://toolbar.msn.com/go/onm00200414ave/direct/01/ From rah at shipwright.com Fri Apr 9 07:21:44 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 9 Apr 2004 10:21:44 -0400 Subject: What Brought on the French Revolution? Message-ID: --- begin forwarded text From mv at cdc.gov Fri Apr 9 10:31:50 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 09 Apr 2004 10:31:50 -0700 Subject: voting, KISS, etc. (& social bias) Message-ID: <4076DE05.92A26261@cdc.gov> Perry I agree with you on all *except* that you are prejudiced against folks who are not mobile, have immobile dependants, are busy or agoraphobes. In-person voting doesn't resist graveyard voting much better than lining up the meat. One could say that in-person voting rewards those too lazy or careless with their time to request absentee status. Home voting is important to keep participation high. I believe 25% of the Calif governor votes were absentee. Participation is nominally a figure of merit for elections. And the voter authentication is the weakest I know of: to register you submit a name, signature, and address. To vote, you submit same. Nothing prevents graveyard registration except the law. Why is this relevent? Because you have to consider threat models. Spousal coercion & vote buying is one, well-addressed in this thread. So are tech-implementation and social-trust issues. Snipers or bombers at polling places is another, ignored because we're all modern westerners. Rain and immobility have only been touched on because most of us can drive and walk. Voting from home should be *encouraged* and it should use paper as the transport, not computers. (The paper being kept by the counters not the voters.) Which is how it should be at the in-person polls. Again, keeping tech away is good, fighting coercion is good, but don't argue against absentee voting. In fact, absentee voting (vs. tech in the polling booth) is a good *example* of how to keep things simple and resistant to many (eg tech-enabled) attacks. At 12:46 PM 4/9/04 -0400, Perry E. Metzger wrote: > >I'm especially scared about mechanisms that let people "vote at home" >and such. Lots of people seem to think that the five minute trip to >the polling place is what is preventing people from voting, and they >want to let people vote from their computers. Lets ignore the question >of whether it is important that the people who can't be bothered to >spend ten minutes going to the polling place care enough about the >election to be voting anyway. Lets also ignore the totally unimportant >question of vote buying -- vote buying has happened plenty of times >over the centuries without any need for the purchaser to verify that >the vote was cast as promised. Tammany Hall did not need to watch >people's votes to run a political machine. > >I'm much more concerned that we may be automating the "graveyard" >vote, which is currently kept in check by the need to personally >appear at polling places. I'm also concerned about the forms of fraud >I haven't even considered yet because no one has invented them yet. >Election security isn't just about assuring that votes are correctly >counted. From mv at cdc.gov Fri Apr 9 10:36:30 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 09 Apr 2004 10:36:30 -0700 Subject: Gmail as Blacknet Message-ID: <4076DF1E.5A517659@cdc.gov> > And I'd like to see their >adwords facility struggling to come up with something appropriate when >the only legible text is "BEGIN PGP ENCRYPTED MESSAGE". Wow are you non-commercial :-) All the spy stores, sec phone makers, disk encryptors, VPN vendors, etc will be paying top dollar to get seen by privacy fans. Perhaps PGP etc will take out ads for those who *don't* have this header :-) From mv at cdc.gov Fri Apr 9 10:43:12 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 09 Apr 2004 10:43:12 -0700 Subject: Meshing costs (Re: Hierarchy, Force Monopoly, and Geodesic Societies) Message-ID: <4076E0B0.E7DE4257@cdc.gov> Meshnets (everyone's a router) is cool, admittedly. But are you going to spend *your* battery life routing someone else's message? Fixed P2P energy costs are trivial. Not so for mobile P2P. And if your meshnodes are mains-powered, you have wires going there, so wireless is less useful. Solar nodes might be useful. At 03:19 PM 4/9/04 +0200, Eugen Leitl wrote: >A pretty densely distributed radio mesh with good (geographic routing) >algorithms would tend to use the shortest path. Very small cells based on >current WiFi or ultrawideband/digital pulse radio might have to route around >obstacles (large high buildings, flow along the nodes with aerials dangling >into the streets). MobileMesh doesn't seen to be the single solution, at >least one contender exists. Both are being used in practice, alas not yet in >your $100 garden-variety WiFi routers (these do bridging already, though). From mv at cdc.gov Fri Apr 9 10:48:02 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 09 Apr 2004 10:48:02 -0700 Subject: Gmail as Blacknet Message-ID: <4076E1D2.1EF82546@cdc.gov> At 09:58 AM 4/9/04 -0400, Tyler Durden wrote: >Well, I never claimed to be Einstein, but your "3 simple steps" sound a hell >of a lot like my recipe for making a ham sandwich: Hardly. One could put together a very slick "drop file here for encrypted net storage" script in a day. One could even prototype this using any net mail system like Yahoo, albeit with a rather piddling storage capacity. By including plaintext search tokens (meaning known only to you, perhaps derived from hashing keywords) you could use Gmail's search feature to find stored data. This uses local encryption and net-based storage & backup. Sounds good to me. It would be rather telling if Google said "no encrypted email" wouldn't it? :-) From ptrei at rsasecurity.com Fri Apr 9 08:05:40 2004 From: ptrei at rsasecurity.com (Trei, Peter) Date: Fri, 9 Apr 2004 11:05:40 -0400 Subject: voting Message-ID: "privacy" wrote: [good points about weaknesses in adversarial system deleted] > It's baffling that security experts today are clinging to the outmoded > and insecure paper voting systems of the past, where evidence of fraud, > error and incompetence is overwhelming. Cryptographic voting protocols > have been in development for 20 years, and there are dozens of proposals > in the literature with various characteristics in terms of scalability, > security and privacy. The votehere.net scheme uses advanced cryptographic > techniques including zero knowledge proofs and verifiable remixing, > the same method that might be used in next generation anonymous remailers. > Our anonymous corrospondent has not addressed the issues I raised in my initial post on the 7th: 1. The use of receipts which a voter takes from the voting place to 'verify' that their vote was correctly included in the total opens the way for voter coercion. 2. The proposed fix - a blizzard of decoy receipts - makes recounts based on the receipts impossible. > Given that so many jurisdictions are moving towards electronic voting > machines, this is a perfect opportunity to introduce mathematical > protections instead of relying so heavily on human beings. I would > encourage observers on these lists to familiarize themselves with the > cryptographic literature and the heavily technical protocol details > at http://www.votehere.com/documents.html before passing judgement on > these technologies. > Asking the readers of this list to 'familiarize themselves with the cryptographic literature', is, in many cases, a little like telling Tiger Woods that he needs to familiarize himself with the rules of golf. We know the 'advanced cryptographic techniques' you refer to. We also know what their limitations - what they can and cannot do. This is not the appropriate forum to try to say "trust me". Answer this: 1. How does this system prevent voter coercion, while still allowing receipt based recounts? Or do you have some mechanism by which I can personally verify every vote which went into the total, to make sure they are correct? 2. On what basis do you think the average voter should trust this system, seeing as it's based on mechanisms he or she cant personally verify? 3. What chain of events do I have to beleive to trust that the code which is running in the machine is actually and correctly derived from the source code I've audited? I refer you to Ken Thompsons classic paper "Reflections on trusting trust", as well as the recent Diebold debacle with uncertified patches being loaded into the machine at the last moment. This last is an important point - there is no way you can eliminate the requirement of election officials to behave legitimately. Since that requirement can't be done away with by technology, adding technology only adds more places the system can be compromised. Based on the tone of this letter, I'd hazard a guess that 'privacy' has a vested interest in VoteHere. If this true, it's a little odd that they are willing to expose their source code, but not their name. We don't bite, unless the victim deserves it :-) Opening your source is an admirable first step - why not step out of the shadows so we can help you make your system better? I fear a system which does not have a backup mechanism that the average voter can understand. While it's true that non-electronic systems are subject to compromise, so are electronic ones, regardless of their use of ZK proofs, or 'advanced cryptographic techniques". I do think electronic voting machines are coming, and a good thing. But they should be promoted on the basis that they are easier to use, and fairer in presentation, then are manual methods. Promoting them on the basis that they are more secure, and less subject to vote tampering is simply false. Peter Trei Cryptoengineer RSA Security Disclaimer: The above represents my personal opinions only. From perry at piermont.com Fri Apr 9 09:46:47 2004 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 09 Apr 2004 12:46:47 -0400 Subject: voting, KISS, etc. Message-ID: I think that those that advocate cryptographic protocols to ensure voting security miss the point entirely. They start with the assumption that something is "broken" about the current voting system. I contend it is just fine. For example, it takes a long time to count pieces of papers compared with bits. However, there is no actual need for speed in reporting election results. This is not a stock exchange -- another election will not be held the next day, and the number of elections being held will not rise 8% per quarter. If it takes a day or even several days to get an accurate count, no one will be hurt. The desires of television networks to report the results in ten minutes is not connected to the need for a democracy to have widespread confidence in the election results. Speed is not a requirement. As it is, however, automated counts of paper ballots are plenty fast enough already. It also is seemingly "behind the times" to use paper and such to hold an election when computers are available -- but the goal is not to seem "modern" -- it is to hold a fair election with accurately reported results that can be easily audited both before, during and after the fact. It seems to some to be "easier" to vote using an electronic screen. Perhaps, perhaps not. My mother would not find an electronic screen "easier" at all, but lets ignore that issue. Whether or not the vote is entered on a screen, the fact that paper ballots can be counted both mechanically (for speed) and by hand (as an audit measure), where purely electronic systems lack any mechanism for after-the-fact audit or recount, leads one to conclude that old fashioned paper seems like a good idea, and if it is not to be marked by hand, then at least let it be marked by the computer entry device. It is also seemingly "better" to have a system where a complex cryptographic protocol "secures" the results -- but the truth is that it is more important that a system be obvious, simple and secure even to relatively uneducated members of society, and the marginal security produced by such systems over one in which physical paper ballots are generated is not obvious or significant. (The marginal security issue is significant. Consider that simple mechanisms can render the amount of fraud possible in the "old fashioned" system significantly smaller than the number of miscast votes caused by voter mistakes, but that no technology can eliminate voter mistakes. Then ask why a fully electronic "fraudless" system understandable to a miniscule fraction of the population but where miscast votes continue to occur -- and possibly to be inaccurately perceived as evidence of fraud -- would be superior.) To those that don't understand the "understandable to even those who are not especially educated" problem, consider for moment that many people will not care what your claims are about the safety of the system if they think fraud occurred, even if you hand them a mathematical proof of the system. I suspect, by the way, that they'll be right, because the proofs don't cover all the mechanisms by which fraud can occur, including "graveyard" voting. We tamper with the current system at our peril. Most security mechanisms evolve over time to adjust to the threats that happen in the real world. The "protocols" embedded in modern election laws, like having poll watchers from opposing sides, etc., come from hundreds of years of experience with voting fraud. Over centuries, lots of tricks were tried, and the system evolved to cope with them. Simple measures like counting the number of people voting and making sure the number of ballots cast essentially corresponds, physically guarding ballot boxes and having members of opposing parties watch them, etc., serve very well and work just fine. Someone mentioned that in some elections it is impractical for the people running to have representatives at all polling places. It is, in fact, not necessary for them to -- the threat of their doing so and having enough poll watchers from enough organizations in a reasonably random assortment of polling places is enough to prevent significant fraud. I'm especially scared about mechanisms that let people "vote at home" and such. Lots of people seem to think that the five minute trip to the polling place is what is preventing people from voting, and they want to let people vote from their computers. Lets ignore the question of whether it is important that the people who can't be bothered to spend ten minutes going to the polling place care enough about the election to be voting anyway. Lets also ignore the totally unimportant question of vote buying -- vote buying has happened plenty of times over the centuries without any need for the purchaser to verify that the vote was cast as promised. Tammany Hall did not need to watch people's votes to run a political machine. I'm much more concerned that we may be automating the "graveyard" vote, which is currently kept in check by the need to personally appear at polling places. I'm also concerned about the forms of fraud I haven't even considered yet because no one has invented them yet. Election security isn't just about assuring that votes are correctly counted. I'm a technophile. I've loved technology all my life. I'm also a security professional, and I love a good cryptographic algorithm. Please keep technology as far away as possible from the voting booth -- it will make everyone a lot safer. -- Perry E. Metzger perry at piermont.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Fri Apr 9 13:30:26 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 09 Apr 2004 13:30:26 -0700 Subject: Communication in (Neuronal) Networks Message-ID: <407707E2.BA3385EC@cdc.gov> At 08:21 PM 4/9/04 +0200, Eugen Leitl wrote: >It should look a lot like a Golgi stain of your neocortex, though, the Sorry the below is long, but its subscription only, and the comparisons to man-made networks are worth reading. Science, Vol 301, Issue 5641, 1870-1874 , 26 September 2003 Communication in Neuronal Networks Simon B. Laughlin1 and Terrence J. Sejnowski2,3* Brains perform with remarkable efficiency, are capable of prodigious computation, and are marvels of communication. We are beginning to understand some of the geometric, biophysical, and energy constraints that have governed the evolution of cortical networks. To operate efficiently within these constraints, nature has optimized the structure and function of cortical networks with design principles similar to those used in electronic networks. The brain also exploits the adaptability of biological systems to reconfigure in response to changing needs. 1 Department of Zoology, University of Cambridge, Downing Street, Cambridge CB2 3EJ, UK. 2 Howard Hughes Medical Institute, Salk Institute for Biological Studies, La Jolla, CA 92037, USA. 3 Division of Biological Sciences, University of California, San Diego, La Jolla, CA 92093, USA. Science, Vol 301, Issue 5641, 1870-1874 , 26 September 2003 [DOI: 10.1126/science.1089662] Previous Article Table of Contents Next Article Communication in Neuronal Networks Simon B. Laughlin1 and Terrence J. Sejnowski2,3* Brains perform with remarkable efficiency, are capable of prodigious computation, and are marvels of communication. We are beginning to understand some of the geometric, biophysical, and energy constraints that have governed the evolution of cortical networks. To operate efficiently within these constraints, nature has optimized the structure and function of cortical networks with design principles similar to those used in electronic networks. The brain also exploits the adaptability of biological systems to reconfigure in response to changing needs. 1 Department of Zoology, University of Cambridge, Downing Street, Cambridge CB2 3EJ, UK. 2 Howard Hughes Medical Institute, Salk Institute for Biological Studies, La Jolla, CA 92037, USA. 3 Division of Biological Sciences, University of California, San Diego, La Jolla, CA 92093, USA. * To whom correspondence should be addressed. E-mail: terry at salk.edu Neuronal networks have been extensively studied as computational systems, but they also serve as communications networks in transferring large amounts of information between brain areas. Recent work suggests that their structure and function are governed by basic principles of resource allocation and constraint minimization, and that some of these principles are shared with human-made electronic devices and communications networks. The discovery that neuronal networks follow simple design rules resembling those found in other networks is striking because nervous systems have many unique properties. To generate complicated patterns of behavior, nervous systems have evolved prodigious abilities to process information. Evolution has made use of the rich molecular repertoire, versatility, and adaptability of cells. Neurons can receive and deliver signals at up to 105 synapses and can combine and process synaptic inputs, both linearly and nonlinearly, to implement a rich repertoire of operations that process information (1). Neurons can also establish and change their connections and vary their signaling properties according to a variety of rules. Because many of these changes are driven by spatial and temporal patterns of neural signals, neuronal networks can adapt to circumstances, self-assemble, autocalibrate, and store information by changing their properties according to experience. The simple design rules improve efficiency by reducing (and in some cases minimizing) the resources required to implement a given task. It should come as no surprise that brains have evolved to operate efficiently. Economy and efficiency are guiding principles in physiology that explain, for example, the way in which the lungs, the circulation, and the mitochondria are matched and coregulated to supply energy to muscles (2). To identify and explain efficient design, it is necessary to derive and apply the structural and physicochemical relationships that connect resource use to performance. We consider first a number of studies of the geometrical constraints on packing and wiring that show that the brain is organized to reduce wiring costs. We then examine a constraint that impinges on all aspects of neural function but has only recently become apparentenergy consumption. Next we look at energy-efficient neural codes that reduce signal traffic by exploiting the relationships that govern the representational capacity of neurons. We end with a brief discussion on how synaptic plasticity may reconfigure the cortical network on a wide range of time scales. Geometrical and Biophysical Constraints on Wiring Reducing the size of an organ, such as the brain, while maintaining adequate function is usually beneficial. A smaller brain requires fewer materials and less energy for construction and maintenance, lighter skeletal elements and muscles for support, and less energy for carriage. The size of a nervous system can be reduced by reducing the number of neurons required for adequate function, by reducing the average size of neurons, or by laying out neurons so as to reduce the lengths of their connections. The design principles governing economical layout have received the most attention. Just like the wires connecting components in electronic chips, the connections between neurons occupy a substantial fraction of the total volume, and the wires (axons and dendrites) are expensive to operate because they dissipate energy during signaling. Nature has an important advantage over electronic circuits because components are connected by wires in three-dimensional (3D) space, whereas even the most advanced VLSI (very large scale integration) microprocessor chips use a small number of layers of planar wiring. [A recently produced chip with 174 million transistors has seven layers (3).] Does 3D wiring explain why the volume fraction of wiring in the brain (40 to 60%; see below) is lower than in chips (up to 90%)? In chips, the components are arranged to reduce the total length of wiring. This same design principle has been established in the nematode worm Caenorhabditis elegans, which has 302 neurons arranged in 11 clusters called ganglia. An exhaustive search of alternative ganglion placements shows that the layout of ganglia minimizes wire length (4). Cortical projections in the early sensory processing areas are topographically organized. This is a hallmark of the six-layer neocortex, in contrast to the more diffuse projections in older three-layer structures such as the olfactory cortex and the hippocampus. In the primary visual cortex, for example, neighboring regions of the visual field are represented by neighboring neurons in the cortex. Connectivity is much higher between neurons separated by less than 1 mm than between neurons farther apart (see below), reflecting the need for rapid, local processing within a cortical columnan arrangement that minimizes wire length. Because cortical neurons have elaborately branched dendritic trees (which serve as input regions) and axonal trees (which project the output to other neurons), it is also possible to predict the optimal geometric patterns of connectivity (57), including the optimal ratios of axonal to dendritic arbor volumes (8). These conclusions were anticipated nearly 100 years ago by the great neuroanatomist Ramon y Cajal: "After the many shapes assumed by neurons, we are now in a position to ask whether this diversity... has been left to chance and is insignificant, or whether it is tightly regulated and provides an advantage to the organism.... We realized that all of the various conformations of the neuron and its various components are simply morphological adaptations governed by laws of conservation for time, space, and material" [(9), p. 116]. The conservation of time is nicely illustrated in the gray matter of the cerebral cortex. Gray matter contains the synapses, dendrites, cell bodies, and local axons of neurons, and these structures form the neural circuits that process information. About 60% of the gray matter is composed of axons and dendrites, reflecting a high degree of local connectivity analogous to a local area network. An ingenious analysis of resource allocation suggests that this wiring fraction of 60% minimizes local delays (10). This fraction strikes the optimum balance between two opposing tendencies: transmission speed and component density. Unlike the wires in chips, reducing the diameter of neural wires reduces the speed at which signals travel, prolonging delays. But it also reduces axon volume, and this allows neurons to be packed closer together, thus shortening delays. Global Organization of the Communication Network Long-range connections between cortical areas constitute the white matter and occupy 44% of the cortical volume in humans. The thickness of gray matter, just a few millimeters, is nearly constant in species that range in brain volume over five orders of magnitude. The volume of the white matter scales approximately as the 4/3 power of the volume of the gray matter, which can be explained by the need to maintain a fixed bandwidth of long-distance communication capacity per unit area of the cortex (11) (Fig. 1). The layout of cortical areas minimizes the total lengths of the axons needed to join them (12). The prominent folds of the human cortex allow the large cortical area to be packed in the skull but also allow cortical areas around the convolutions to minimize wire length; the location of the folds may even arise from elastic forces in the white matter during development (13). Fig. 1. Cortical white and gray matter volumes of 59 mammalian species are related by a power law that spans five to six orders of magnitude. The line is the least squares fit, with a slope around 1.23 1 0.01 (mean 1 SD) and correlation of 0.998. The number of white matter fibers is proportional to the gray matter volume; their average length is the cubic root of that volume. If the fiber cross section is constant, then the white matter volume should scale approximately as the 4/3 power of the gray matter volume. An additional factor arises from the cortical thickness, which scales as the 0.10 power of the gray matter volume. [Adapted from (11)] [View Larger Version of this Image (44K GIF file)] The global connectivity in the cortex is very sparse, and this too reduces the volume occupied by long-range connections: The probability of any two cortical neurons having a direct connection is around one in a hundred for neurons in a vertical column 1 mm in diameter, but only one in a million for distant neurons. The distribution of wire lengths on chips follows an inverse power law, so that shorter wires also dominate (14). If we created a matrix with 1010 rows and columns to represent the connections between every pair of cortical neurons, it would have a relatively dense set of entries around the diagonal but would have only sparse entries outside the diagonal, connecting blocks of neurons corresponding to cortical areas. The sparse long-range connectivity of the cortex may offer some of the advantages of small-world connectivity (15). Thus, only a small fraction of the computation that occurs locally can be reported to other areas, through a small fraction of the cells that connect distant cortical areas; but this may be enough to achieve activity that is coordinated in distant parts the brain, as reflected in the synchronous firing of action potentials in these areas, supported by massive feedback projections between cortical areas and reciprocal interactions with the thalamus (16, 17). Despite the sparseness of the cortical connection matrix, the potential bandwidth of all of the neurons in the human cortex is around a terabit per second (assuming a maximum rate of 100 bits/s over each axon in the white matter), comparable to the total world backbone capacity of the Internet in 2002 (18). However, this capacity is never achieved in practice because only a fraction of cortical neurons have a high rate of firing at any given time (see below). Recent work suggests that another physical constraintthe provision of energylimits the brain's ability to harness its potential bandwidth. Energy Usage Constrains Neural Communication As the processor speeds of computers increase, the energy dissipation increases, so that cooling technology becomes critically important. Energy consumption also constrains neural processing. Nervous systems consume metabolic energy continuously at relatively high rates per gram, comparable to those of heart muscle (19). Consequently, powering a brain is a major drain on an animal's energy budget, typically 2 to 10% of resting energy consumption. In humans this proportion is 20% for adults and 60% for infants (20), which suggests that the brain's energy demands limit its size (21). Energy supply limits signal traffic in the brain (Fig. 2). Deep anesthesia blocks neural signaling and halves the brain's energy consumption, which suggests that about 50% of the brain's energy is used to drive signals along axons and across synapses. The remainder supports the maintenance of resting potentials and the vegetative function of neurons and glia. Cortical gray matter uses a higher proportion of total energy consumption for signaling, more than 75% (Fig. 2), because it is so richly interconnected with axons and synapses (21). From the amounts of energy used when neurons signal, one can calculate the volume of signal traffic that can be supported by the brain's metabolic rate. For cerebral cortex, the permissible traffic is 5 action potentials per neuron per second in rat (Fig. 2) (22) and <1 per second in human (23). Given that the brain responds quickly, the permissible level of traffic is remarkably low, and this metabolic limit must influence the way in which information is processed. Recent work suggests that brains have countered this severe metabolic constraint by adopting energy-efficient designs. These designs involve the miniaturization of components, the elimination of superfluous signals, and the representation of information with energy-efficient codes. Fig. 2. Power consumption limits neural signaling rate in the gray matter of rat cerebral cortex. Baseline consumption is set by the energy required to maintain the resting potentials of neurons and associated supportive tissue (r.p.) and to satisfy their vegetative needs (nonsignaling). Signaling consumption rises linearly with the average signaling rate (the rate at which neurons transmit action potentials). The measured rates of power consumption in rat gray matter vary across cortical areas and limit average signaling rates to 3 to 5.5 Hz. Values are from (19), converted from rates of hydrolysis of adenosine triphosphate (ATP) to W/kg using a free energy of hydrolysis for a molecule of ATP under cellular conditions of 1019 J. [View Larger Version of this Image (20K GIF file)] Miniaturization, Energy, and Noise The observation that 1 mm3 of mouse cortex contains 105 neurons, 108 synapses, and 4 km of axon (24) suggests that, as in chip design, the brain reduces energy consumption by reducing the size and active area of components. Even though axon diameter is only 0.3 5m (on average), sending action potentials along these "wires" consumes more than one-third of the energy supplied to cortical gray matter (22). Thus, as with computer chips, an efficient layout (discussed above) and a high component density are essential for energy efficiency but, as is also true for chips, miniaturization raises problems about noise. When a neuron's membrane area is reduced, the number of molecular pores (ion channels) carrying electrical current falls, leading to a decline in the signal-to-noise ratio (SNR) (2527). The noise produced by ion channels, and by other molecular signaling mechanisms such as synaptic vesicles, is potentially damaging to performance. However, the effects of noise are often difficult to determine because they depend on interactions between signaling molecules in signaling systems. These interactions can be highly nonlinear (e.g., the voltage-dependent interactions between sodium and potassium ion channels that produce action potentials) and can involve complicated spatial effects (e.g., the diffusion of chemical messengers between neurons and the transmission of electrical signals within neurons). A new generation of stochastic simulators is being developed to handle these complexities and determine the role played by molecular noise and diffusion in neural signaling (26, 28, 29). With respect to miniaturization, stochastic simulations (25) show that channel noise places a realistic ceiling on the wiring density of the brain by setting a lower limit of about 0.1 5m on axon diameter. The buildup of noise from stage to stage may be a fundamental limitation on the logical depth to which brains can compute (30). The analysis of the relationships among signal, noise, and bandwidth and their dependence on energy consumption will play a central role in understanding the design of neural circuits. The cortex has many of the hallmarks of an energy-efficient hybrid device (28). In hybrid electronic devices, compact analog modules operate on signals to process information, and the results are converted to digital data for transmission through the network and then reconverted to analog data for further processing. These hybrids offer the ability of analog devices to perform basic arithmetic functions such as division directly and economically, combined with the ability of digital devices to resist noise. In the energy-efficient silicon cochlea, for example, the optimal mix of analog and digital data (that is, the size and number of operations performed in analog modules) is determined by a resource analysis that quantifies trade-offs among energy consumption, bandwidth for information transmission, and precision in analog and digital components. The obvious similarities between hybrid devices and neurons strongly suggest that hybrid processing makes a substantial contribution to the energy efficiency of the brain (31). However, the extent to which the brain is configured as an energy-efficient hybrid device must be established by a detailed resource analysis that is based on biophysical relationships among energy consumption, precision, and bandwidth in neurons. Some research strongly suggests that noise makes it uneconomical to transfer information down single neurons at high rates (29, 31). Given that a neuron is a noise-limited device of restricted bandwidth, the information rate is improved with the SNR, which increases as the square root of the number of ion channels, making improvements expensive (25). Thus, doubling the SNR means quadrupling the number of channels, the current flow, and hence the energy cost. Given this relationship between noise and energy cost, an energy-efficient nervous system will divide information among a larger number of relatively noisy neurons of lower information capacity, as observed in the splitting of retinal signals into ON and OFF pathways (32). Perhaps the unreliability of individual neurons is telling us that the brain has evolved to be energy efficient (31). Saving on Traffic Energy efficiency is improved when one reduces the number of signals in the network without losing information. In the nervous system, this amounts to an economy of impulses (33) that has the additional advantage of increasing salience by laying out information concisely. Economy is achieved by eliminating redundancy. This important design principle is well established in sensory processing (34). Redundancy reduction is a goal of algorithms that compress files to reduce network traffic. In the brain, efficiency is improved by distributing signals appropriately in time and space. Individual neurons adopt distributions of firing rate (35, 36) that maximize the ratio between information coded and energy expended. Networks of neurons achieve efficiency by distributing signals sparsely in space and time. Although it was already recognized that sparse coding improves energy efficiency (37), it was Levy and Baxter's detailed analysis of this problem (38) that initiated theoretical studies of energy-efficient coding in nervous systems. They compared the representational capacity of signals distributed across a population of neurons with the costs involved. Sparse coding schemes, in which a small proportion of cells signal at any one time, use little energy for signaling but have a high representational capacity, because there are many different ways in which a small number of signals can be distributed among a large number of neurons. However, a large population of neurons could be expensive to maintain, and if these neurons rarely signal, they are redundant. The optimum proportion of active cells depends on the ratio between the cost of maintaining a neuron at rest and the extra cost of sending a signal. When signals are relatively expensive, it is best to distribute a few of them among a large number of cells. When cells are expensive, it is more efficient to use few of them and to get all of them signaling. Estimates of the ratio between the energy demands of signaling and maintenance suggest that, for maximum efficiency, between 1% and 16% of neurons should be active at any one time (22, 23, 38). However, it is difficult to compare these predictions with experimental data; a major problem confronting systems neuroscience is the development of techniques for deciphering sparse codes. There is an intriguing possibility that the energy efficiency of the brain is improved by regulating signal traffic at the level of the individual synaptic connections between neurons. A typical cortical neuron receives on the order of 10,000 synapses, but the probability that a synapse fails to release neurotransmitter in response to an incoming signal is remarkably high, between 0.5 and 0.9. Synaptic failures halve the energy consumption of gray matter (22), but because there are so many synapses, the failures do not necessarily lose information (39, 40). The minimum number of synapses required for adequate function is not known. Does the energy-efficient cortical neuron, like the wise Internet user, select signals from sites that are most informative? This question draws energy efficiency into one of the most active and important areas of neuroscience: synaptic plasticity. Reconfiguring the Network Long-distance communication in the brain occurs through all-or-none action potentials, which are transmitted down axons and converted to analog chemical and electrical signals at synapses. The initiation of action potentials in the cortex can occur with millisecond precision (41) but, as we have just discussed, the communication at cortical synapses is probabilistic. On a short time scale of milliseconds to seconds, presynaptic mechanisms briefly increase or decrease the probability of transmission at cortical synapses over a wide range, depending on the previous patterns of activity (42). On longer time scales, persistent correlated firing between the presynaptic and postsynaptic neurons can produce long-term depression or potentiation of the synaptic efficacy, depending on the relative timing of the spikes in the two neurons (43). A new view of the cortical network is emerging from these discoveries. Rather than being a vast, fixed network whose connection strengths change slowly, the effective cortical connectivity is highly dynamic, changing on fast as well as slow time scales. This allows the cortex to be rapidly reconfigured to meet changing computational and communications needs (44). Unfortunately, we do not yet have techniques for eavesdropping on a large enough number of neurons to determine how global reconfiguration is achieved. Local field potentials (LFPs), extracellular electric fields that reflect the summed activity from local synaptic currents and other ion channels on neurons and glial cells, may provide hints of how the flow of information in cortical circuits is regulated (16). Oscillations in the 20- to 80-Hz range occur in the LFPs, and the coherence between spikes and these oscillations has been found to be influenced by attention and working memory (45, 46). Conclusions The more we learn about the structure and function of brains, the more we come to appreciate the great precision of their construction and the high efficiency of their operations. Neurons, circuits, and neural codes are designed to conserve space, materials, time, and energy. These designs are exhibited in the geometry of the branches of dendritic trees, in the precise determination of wiring fractions, in the laying out of maps in the brain, in the processing of signals, and in neural codes. It is less obvious, but highly likely, that the unreliability of single neurons is also a mark of efficiency, because noise in molecular signaling mechanisms places a high price on precision. To an extent yet to be determined, the noise and variability observed among neurons is compensated by plasticitythe ability of neurons to modify their signaling properties. Neural plasticity also has the potential to direct the brain's scarce resources to where they will be of greatest benefit. From eugen at leitl.org Fri Apr 9 05:04:00 2004 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 9 Apr 2004 14:04:00 +0200 Subject: VPN VoIP Message-ID: <20040409120359.GY28136@leitl.org> I've been installing a Draytek Vigor 2900 router at work lately, and found a line of models which do VoIP (router with analog phone jacks on them). They also support VPN router-router, and come with DynDNS clients. I thought I've seen VoIP over VPN being mentioned, but I can't find it right now. They're reasonably priced, and have pretty good online support: http://www.draytek.co.uk/support/ I've also been looking at them from vulnerabilities angle, but couldn't find much. Not even which embedded OS they run on. No glaring remote exploit holes yet reported. Everyone has seen http://www.skype.com/download_pda.html right? -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From eugen at leitl.org Fri Apr 9 06:19:41 2004 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 9 Apr 2004 15:19:41 +0200 Subject: Hierarchy, Force Monopoly, and Geodesic Societies In-Reply-To: References: <407599CA.29415398@cdc.gov> Message-ID: <20040409131941.GK28136@leitl.org> On Thu, Apr 08, 2004 at 03:29:58PM -0400, R. A. Hettinga wrote: > At 11:28 AM -0700 4/8/04, Major Variola (ret) wrote: > >Geodesic means shortest path, and you'll note if you play with > >tracert that the shortest path (as seen on Earth's surface) is rarely > >taken. A pretty densely distributed radio mesh with good (geographic routing) algorithms would tend to use the shortest path. Very small cells based on current WiFi or ultrawideband/digital pulse radio might have to route around obstacles (large high buildings, flow along the nodes with aerials dangling into the streets). MobileMesh doesn't seen to be the single solution, at least one contender exists. Both are being used in practice, alas not yet in your $100 garden-variety WiFi routers (these do bridging already, though). Internet is mostly a tree (if you look at the connectivity maps). Wires over long distances will tend to follow geodesics (because cables are expensive, and an enterprise will try to minimize the costs). Current flow is mostly dictated by frozen chance, politics (peering arrangements). Automating peering arrangments and using agoric load levelling in the infrastructure will tend to erode that over time. Over time, physical lines will tend to be densest along densest traffic flow. American cities are orthogonal, European usually radial. The cities are connected with traffic ducts (rail, highway) which is typically loosely geodesic (but for obstacles in the landscape). Fiber typically follows railway or highway. Easiest is a cloud of satellites with mutual time of flight triangulation, and line of sight laser signalling. > > Measure the path in time? UWB gives you realtime location in each node down to cm scale. No idea how difficult to ToF triangulate with multipath. The higher device density, the less confusion. Intel's pushing UWB as wireless USB substitute. No reason why it couldn't cover 10 miles of open terrain with enough power and proper aerials. Anyone knows how UWB handles directional aeriales? Does it prefer fractal emitters, or are there specific optimal radiator geometries? -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From rah at shipwright.com Fri Apr 9 13:04:26 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 9 Apr 2004 16:04:26 -0400 Subject: voting, KISS, etc. Message-ID: --- begin forwarded text From rah at shipwright.com Fri Apr 9 13:11:05 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 9 Apr 2004 16:11:05 -0400 Subject: Hierarchy, Force Monopoly, and Geodesic Societies In-Reply-To: <20040409192742.R96639-100000@localhost> References: <20040409192742.R96639-100000@localhost> Message-ID: At 8:29 PM +0100 4/9/04, Jim Dixon wrote: >Traffic was following a geodesic -- >but not a geographic geodesic. Right. Geodesic is a topologic content. In three (two?) dimensions, a geodesic is a great circle route across a sphere. In higher dimensions, it's something else. No. I don't know the math. :-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri Apr 9 13:13:20 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 9 Apr 2004 16:13:20 -0400 Subject: Meshing costs (Re: Hierarchy, Force Monopoly, and Geodesic Societies) In-Reply-To: <4076E0B0.E7DE4257@cdc.gov> References: <4076E0B0.E7DE4257@cdc.gov> Message-ID: At 10:43 AM -0700 4/9/04, Major Variola (ret) wrote: >Meshnets (everyone's a router) is cool, admittedly. But are you going >to spend *your* battery life routing someone else's message? Only if they pay me cash. :-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jerrold.leichter at smarts.com Fri Apr 9 13:30:27 2004 From: jerrold.leichter at smarts.com (Jerrold Leichter) Date: Fri, 9 Apr 2004 16:30:27 -0400 (EDT) Subject: voting In-Reply-To: References: Message-ID: | "privacy" wrote: | [good points about weaknesses in adversarial system deleted] | | > It's baffling that security experts today are clinging to the outmoded | > and insecure paper voting systems of the past, where evidence of fraud, | > error and incompetence is overwhelming. Cryptographic voting protocols | > have been in development for 20 years, and there are dozens of proposals | > in the literature with various characteristics in terms of scalability, | > security and privacy. The votehere.net scheme uses advanced cryptographic | > techniques including zero knowledge proofs and verifiable remixing, | > the same method that might be used in next generation anonymous remailers. | > | Our anonymous corrospondent has not addressed the issues I raised in my | initial post on the 7th: | | 1. The use of receipts which a voter takes from the voting place to 'verify' | that their vote was correctly included in the total opens the way for voter | coercion. | | 2. The proposed fix - a blizzard of decoy receipts - makes recounts based | on the receipts impossible. The VoteHere system is really quite clever, and you're attacking it for not being the same as everything that went before. Current systems - whether paper, machine, or whatever - provide no inherent assurance that the vote you cast is the one that got counted. Ballot boxes can be lost, their contents can be replaced; machines can be rigged. We use procedural mechanisms to try to prevent such attacks. It's impossible to know how effective they are: We have no real way to measure the effectiveness, since there is no independent check on what they are controlling. There are regular allegations of all kinds of abuses, poll watchers or no. And there are plenty of suspect results. | Answer this: | | 1. How does this system prevent voter coercion, while still allowing receipt | based recounts? a) Receipts in the VoteHere system are *not* used for recounts. No receipt that a user takes away can possibly be used for that - the chances of you being able to recover even half the receipts a day after the election are probably about nil. Receipts play exactly one role: They allow a voter who wishes to to confirm that his vote actually was tallied. b) We've raised "prevention of voter coercion" on some kind of pedestal. The fact is, I doubt it plays much of a real role. If someone wants to coerce voters, they'll use the kind of goons who collect on gambling debts to do it. The vast majority of people who they try to coerce will be too frightened to even think about trying to fool them - and if they do try, will lie so unconvincingly that they'll get beaten up anyway. Political parties that want to play games regularly bring busloads of people to polling places. They don't check how the people they bus in vote - they don't need to. They know who to pick. However, if this really bothers you, a system like this lets you trade off non-coercion and checkability: When you enter the polling place, you draw a random ball - say, using one of those machines they use for lotteries. If the ball is red, you get a receipt; if it's blue, the receipt is retained in a sealed box (where it's useless to anyone except as some kind of cross-check of number of votes cast, etc.) No one but you gets to see the color of the ball. Now, even if you are being coerced and get a red ball, you can simply discard the receipt - the polling place should have a secure, private receptacle; or maybe you can even push a button on the machine that says "Pretend I got a blue ball" - and claim you got a blue ball. The fraction of red and blue balls is adjustable, depending on how you choose to value checkability vs. non-coercion. | Or do you have some mechanism by which I can | personally verify every vote which went into the total, to make sure they | are correct? In VoteHere's system, you can't possibly verify that every vote that went into the total was correctly handled. You can verify that the votes *that the system claims were recorded* are actually counted correctly. And you can verify that *your* vote was actually recorded as you cast it - something you can't do today. The point of the system is that any manipulation is likely to hit someone who chooses to verify their vote, sooner or later - and it only takes one such detected manipulation to start an inquiry. Whether in practice people want this enough to take the trouble ... we'll have to wait and see. | 2. On what basis do you think the average voter should trust this system, | seeing as it's based on mechanisms he or she cant personally verify? On what basis should an average voter trust today's systems? How many people have any idea what safeguards are currently used? How many have any personal contact with the poll watchers on whom the system relies? Could *you* verify, in any meaningful sense, the proper handling of a vote you cast? Could you watch the machines/boxes/whatever being handled? Unless you're in with the local politicians, don't bet on it. | 3. What chain of events do I have to beleive to trust that the code which | is running in the machine is actually and correctly derived from the | source code I've audited? I refer you to Ken Thompsons classic paper | "Reflections on trusting trust", as well as the recent Diebold debacle | with uncertified patches being loaded into the machine at the | last moment. Actually, it makes no difference at all. The algorithms are public, and all the data that goes into the calculations are published after the election. Anyone can implement the algorithms themselves and re-run all the calculations. There are conceivable attacks on the various random number generators, which could be used to reveal information that the system is supposed to keep secret - but I don't think they can be used to change the election results. This is one place where the system could use some kind of "hardening", but it seems very amenable to procedural fixes - e.g., each major party contributes a "randomization module" that it trusts, and the results are combined. Each randomization module is also allowed to say "I want this result checked", at random every k votes or so, *after* the combiner has produced its value. When any randomization module says that, all the inputs and the combiners output are printed, then not used. These values are published after the election, and a bad combiner will quickly reveal itself. -- Jerry From camera_lumina at hotmail.com Fri Apr 9 14:16:23 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 09 Apr 2004 17:16:23 -0400 Subject: Gmail as Blacknet Message-ID: Actually, to some extent I did realize this, though I couldn't resist the droll troll urge. And of course, perpetual storage isn't really any kind of end-goal itself...the 'goal' of course is to be able to securely store and move information without fear (or the possibility due to anonymity) of reprisal, if that is so desired. (As an aside, although debt has to be -forgiven- after 7 years, contrary to popular belief it is not true that a debt has to be -forgotten-...I know of one credit major card company that will not accept 'new' cardmembers that didn't pay back what they owed, even if that's 15 years ago. That's actually perfectly legal.) That said, I guess the dude does have an interesting point under all that stuff, after all. That point being that (most likely) free email capabilities may in some cases become like the now-defunct lockers in Grand Central Station...a place where "stuff" can be stored securely, and access granted at will. The key feature (as you point out) isn't so much the storage capacity (although the increasing size of such capacity makes this a more and more attractive option), but the google search feature. OK, point conceded (once I tore off the wrapper). -TD >From: "Major Variola (ret)" >To: "cypherpunks at al-qaeda.net" >Subject: RE: Gmail as Blacknet >Date: Fri, 09 Apr 2004 10:48:02 -0700 > >At 09:58 AM 4/9/04 -0400, Tyler Durden wrote: > >Well, I never claimed to be Einstein, but your "3 simple steps" sound a >hell > >of a lot like my recipe for making a ham sandwich: > >Hardly. One could put together a very slick "drop file here for >encrypted net storage" >script in a day. One could even prototype this using any net mail >system like >Yahoo, albeit with a rather piddling storage capacity. > >By including plaintext search tokens (meaning known only to you, perhaps >derived >from hashing keywords) you could use Gmail's search feature to find >stored data. > >This uses local encryption and net-based storage & backup. Sounds good >to me. > >It would be rather telling if Google said "no encrypted email" wouldn't >it? :-) > > > > > _________________________________________________________________ Get rid of annoying pop-up ads with the new MSN Toolbar  FREE! http://toolbar.msn.com/go/onm00200414ave/direct/01/ From sunder at sunder.net Fri Apr 9 14:56:18 2004 From: sunder at sunder.net (sunder) Date: Fri, 09 Apr 2004 17:56:18 -0400 Subject: VPN VoIP In-Reply-To: <20040409120359.GY28136@leitl.org> References: <20040409120359.GY28136@leitl.org> Message-ID: <40771C02.4050805@sunder.net> Eugen Leitl wrote: > I've been installing a Draytek Vigor 2900 router at work lately, and found a > line of models which do VoIP (router with analog phone jacks on them). They > also support VPN router-router, and come with DynDNS clients. I thought I've > seen VoIP over VPN being mentioned, but I can't find it right now. I've not seen, nor played with any of these, *BUT*, heed this warning which applies to all devices (and software?) that are 1) closed source and 2) offer some useful service which you'd be tempted to place inside your network, 3) are allowed to communicate with the outside world. I would highly suggest that if you chose to use one of these that you do so from a DMZ in your firewall to be safe. You don't know what OS/firmware lives there and whether it can be used via the VOIP network to spy on your internal network. You might need to add another NIC to your firewall, and depending on what else this needs, you might also need to provide a DHCP server for it. Set the firewall rules to make sure no packets from this device can go into your internal network. EVER. Don't just say, "Well this thing is its own router, it does VPN, it has a firewall (does it?) I can trust it." There will likely be features which it provides (perhaps a voice mail->email gateway?) which will tempt you to place it on the inside network instead of a DMZ. Don't! Find a way to secure your network and still provide for such features. [Or, if you use these boxes inside a corporate environment and actually care about this level of security and want several of these to talk to each other, build another network just for them. Depending on your needs, I'd also say, don't let them talk to the outside world, but if you do that, only nodes inside your VPN's will be able to communicate over VOIP.] If you trust this thing to do VOIP, enjoy, (Accepting possible spying on your phone calls by LEO/intel agencies, etc.) but don't trust it enough to put the ethernet end of it on your internal network. You never know when some bright kid takes one of these apart, disassembles the firmware and finds a backdoor to use against you. Why the tin-foil sounding rant? See yesterday's slashdot regarding the recent "hardwired" backdoor account in a Cisco Wifi router which has been exposed resulting in a call for a firmware update. You can bet that Cisco simply changed the backdoor password/hash instead of eliminating it. If they're not too scummy, they only made it harder to find: http://yro.slashdot.org/article.pl?sid=04/04/08/1920228&mode=thread&tid=126&tid=158&tid=172&tid=99 From jdd at dixons.org Fri Apr 9 10:22:06 2004 From: jdd at dixons.org (Jim Dixon) Date: Fri, 9 Apr 2004 18:22:06 +0100 (BST) Subject: Hierarchy, Force Monopoly, and Geodesic Societies In-Reply-To: <20040409131941.GK28136@leitl.org> Message-ID: <20040409180233.A96639-100000@localhost> On Fri, 9 Apr 2004, Eugen Leitl wrote: > Internet is mostly a tree (if you look at the connectivity maps). Not at all. A tree has a root; the Internet doesn't have one. Instead you have several thousand autonomous systems interconnecting at a large number of peering points. > Wires over > long distances will tend to follow geodesics (because cables are expensive, > and an enterprise will try to minimize the costs). For a long time, most traffic between European countries was routed through Virginia. This has improved only in the last few years. In the same way a lot of Pacific traffic still runs through California. In each case what matters is not geography but politics and quixotic regulations. Within most countries the same sort of illogic applies. In the UK, for example, most IP traffic flows through London, and within London most IP traffic flows through the Docklands area, a geographically small region of East London. It's fractal: even within Docklands, almost all traffic flows through a handful of buildings, and there is a strong tendency for most of that inter-building traffic to pass through a very small number of ducts. > Current flow is mostly > dictated by frozen chance, politics (peering arrangements). Automating > peering arrangments and using agoric load levelling in the infrastructure > will tend to erode that over time. Over time, physical lines will tend to be > densest along densest traffic flow. Very true -- but this has nothing to do with geodesics. > American cities are orthogonal, European usually radial. The cities are ? City layouts that I am familiar with are either haphazard or built around rings or some mixture of the two. MFS built a US national ring, a ring in New York City, a ring in London, and rings elsewhere in Europe. Other carriers tended to follow the same pattern. > connected with traffic ducts (rail, highway) which is typically loosely > geodesic (but for obstacles in the landscape). Fiber typically follows > railway or highway. That's certainly true, but now you are talking about political decisions made ages ago. Many roads in England were built by the Romans. These roads lead to London. You see the same pattern on the Continent, of course, with the roads leading to the local capital (Paris, say) and then on to Rome. That is, fiber optic paths today reflect the strategic requirements of the Roman Empire, not geometry. -- Jim Dixon jdd at dixons.org tel +44 117 982 0786 mobile +44 797 373 7881 http://jxcl.sourceforge.net Java unit test coverage http://xlattice.sourceforge.net p2p communications infrastructure From camera_lumina at hotmail.com Fri Apr 9 16:06:46 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 09 Apr 2004 19:06:46 -0400 Subject: Meshing costs (Re: Hierarchy, Force Monopoly, and Geodesic Societies) Message-ID: RAH wrote... >At 10:43 AM -0700 4/9/04, Major Variola (ret) wrote: > >Meshnets (everyone's a router) is cool, admittedly. But are you going > >to spend *your* battery life routing someone else's message? > >Only if they pay me cash Someone enlighten me here...I don't see this as obvious. I might certainly be willing to pay to route someone else's message if I understand that to be the real cost of mesh connectivity. In other words, say I'm driving down the FDR receiving telemetry about the road conditions downtown of me by a few miles. If I'm a router, I'm also sending that info behind me (which is routing I'm paying for basically), but I will understand that the reason I am getting my telemetry is precisely because there's a string of "me's" in the cars in front of me, routing info down to me. If I insist on getting paid, so will they, and the whole thing breaks down. Actually, this reminds me of the prisoner's dilemma. I remember (I think) Hofstaedter doing an interesting analysis that showed that smart 'criminals' will eventually realize that it pays to cooperate, even if that doesn't optimise one's chances in this particular instance. Of course, the battery lifetime acts as the "weighting" factor here...if only a small % of the traffic I'm routing belongs to me, then I may not be so willing to route it if my battery lifetime is short. As battery time lifetime increases however (though this sorely lags behind Moore's law) then more and more people will be willing to route. -TD _________________________________________________________________ Tax headache? MSN Money provides relief with tax tips, tools, IRS forms and more! http://moneycentral.msn.com/tax/workshop/welcome.asp From eugen at leitl.org Fri Apr 9 11:21:53 2004 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 9 Apr 2004 20:21:53 +0200 Subject: Hierarchy, Force Monopoly, and Geodesic Societies In-Reply-To: <20040409180233.A96639-100000@localhost> References: <20040409131941.GK28136@leitl.org> <20040409180233.A96639-100000@localhost> Message-ID: <20040409182153.GA28136@leitl.org> On Fri, Apr 09, 2004 at 06:22:06PM +0100, Jim Dixon wrote: > On Fri, 9 Apr 2004, Eugen Leitl wrote: > > > Internet is mostly a tree (if you look at the connectivity maps). > > Not at all. A tree has a root; the Internet doesn't have one. Instead > you have several thousand autonomous systems interconnecting at a large > number of peering points. A modestly high dimensional grid of some billion nodes doesn't look like this: http://members.easynews.com/L4/opte/www.opte.org/maps/static/1069646562.LGL.2 D.700x700.png This is clearer: http://research.lumeta.com/ches/map/gallery/wired.gif It should look a lot like a Golgi stain of your neocortex, though, the horizontal component being dominating (until we've get several million birds zooming over our heads in the starry sky). The neocortex and the human CNS in general is also laid out in a specific way, because it's also been/is subject to massive optimisation, both evolutionary and in course of operation. > For a long time, most traffic between European countries was routed > through Virginia. This has improved only in the last few years. In > the same way a lot of Pacific traffic still runs through California. > In each case what matters is not geography but politics and quixotic > regulations. You're proving my point. The network started as a bureacratic, static, tiny, suboptimal configuration. As it grew bigger, and started participating in economy it started minimizing itself. This isn't just connectivity, but goes down to the protocol level. We know IPv6 isn't the answer, mostly because it is largely geography agnostic, can't handle nodes moving with orbital speeds (or even a speeding car), doesn't handle interplanetary latencies and isn't local-knowledge routed/switched in general. It also can't handle relativistic speed cut-through, which is the killer requirement. > Within most countries the same sort of illogic applies. In the UK, for > example, most IP traffic flows through London, and within London most IP > traffic flows through the Docklands area, a geographically small region of > East London. It's fractal: even within Docklands, almost all traffic > flows through a handful of buildings, and there is a strong tendency for > most of that inter-building traffic to pass through a very small number of > ducts. You're correct, currently. Things will become better as network ages, and especially if we get cellular radio architectures in densely populated areas (there's about a GBit/s worth of wireless bandwidth within a small cell, when we ignore THz and optical wavelengths). > > Current flow is mostly > > dictated by frozen chance, politics (peering arrangements). Automating > > peering arrangments and using agoric load levelling in the infrastructure > > will tend to erode that over time. Over time, physical lines will tend to be > > densest along densest traffic flow. > > Very true -- but this has nothing to do with geodesics. Human societies optimize. Geodesic is a shortest path on Earth surface. Look at Christaller and followup (Christaller and geodesics is good first start). > ? City layouts that I am familiar with are either haphazard or built > around rings or some mixture of the two. MFS built a US national ring, > a ring in New York City, a ring in London, and rings elsewhere in Europe. > Other carriers tended to follow the same pattern. I'm not going to dive into city architecture, but compare these two adjacent cities: http://www.redtailcanyon.com/items/18393.aspx > > connected with traffic ducts (rail, highway) which is typically loosely > > geodesic (but for obstacles in the landscape). Fiber typically follows > > railway or highway. > > That's certainly true, but now you are talking about political decisions > made ages ago. Many roads in England were built by the Romans. These A road is a place channeling traffic from A to B. Roman roads which are still used (I use one quite frequently) were created between areas of major human activity, requiring traffic frequent enough to warrant an expediture (in terms of wealth fraction, roman roads were just as expensive as autobahns). > roads lead to London. You see the same pattern on the Continent, of > course, with the roads leading to the local capital (Paris, say) and then > on to Rome. That is, fiber optic paths today reflect the strategic > requirements of the Roman Empire, not geometry. 1) today, EU today, elsewhere, looks different. future, everywhere, looks even more different. We're at the beginning of the optimization process. You can't cheat physics in a relativistic universe, in an economic/evolutionary context. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From jdd at dixons.org Fri Apr 9 12:29:27 2004 From: jdd at dixons.org (Jim Dixon) Date: Fri, 9 Apr 2004 20:29:27 +0100 (BST) Subject: Hierarchy, Force Monopoly, and Geodesic Societies In-Reply-To: <20040409182153.GA28136@leitl.org> Message-ID: <20040409192742.R96639-100000@localhost> On Fri, 9 Apr 2004, Eugen Leitl wrote: > > > Internet is mostly a tree (if you look at the connectivity maps). > > > > Not at all. A tree has a root; the Internet doesn't have one. Instead > > you have several thousand autonomous systems interconnecting at a large > > number of peering points. > > A modestly high dimensional grid of some billion nodes doesn't look like > this: > http://members.easynews.com/L4/opte/www.opte.org/maps/static/1069646562.LGL.2D.700x700.png > This is clearer: http://research.lumeta.com/ches/map/gallery/wired.gif Yes. I know what a tree is, and I am quite familiar with structure of the Internet. These very pretty pictures certainly look like the Internet I am familiar with, but don't resemble trees. > > For a long time, most traffic between European countries was routed > > through Virginia. This has improved only in the last few years. In > > the same way a lot of Pacific traffic still runs through California. > > In each case what matters is not geography but politics and quixotic > > regulations. > > You're proving my point. The network started as a bureacratic, static, > tiny, suboptimal configuration. As it grew bigger, and started participating > in economy it started minimizing itself. This isn't just connectivity, but > goes down to the protocol level. We know IPv6 isn't the answer, mostly > because it is largely geography agnostic, can't handle nodes moving with > orbital speeds (or even a speeding car), doesn't handle interplanetary latencies and isn't > local-knowledge routed/switched in general. It also can't handle relativistic > speed cut-through, which is the killer requirement. Over the last 30 years or so, various people have hypothesized about what the "killer requirement" might be. To the best of my knowledge, all have been wrong. The Internet is quite obviously optimizing along certain lines. However, these lines don't follow any geographical geodesic, which was my point. And it is only obvious what the lines of optimization are in hindsight ;-) > > Within most countries the same sort of illogic applies. In the UK, for > > example, most IP traffic flows through London, and within London most IP > > traffic flows through the Docklands area, a geographically small region of > > East London. It's fractal: even within Docklands, almost all traffic > > flows through a handful of buildings, and there is a strong tendency for > > most of that inter-building traffic to pass through a very small number of > > ducts. > > You're correct, currently. If you try to replace observations with theories, the most important thing is to verify that your theory corresponds with reality right now. If your theories aren't correct "currently", it is very unlikely that they will be a better fit tomorrow. It isn't a minor point that the Internet is fractal. This is in fact what is consistent everywhere and has been, to the best of my knowledge, throughout the history of the Internet. If you go back to your pretty pictures and look, you will see fractal structures. > Things will become better as network ages, and especially if we get cellular > radio architectures in densely populated areas (there's about a GBit/s worth > of wireless bandwidth within a small cell, when we ignore THz and optical > wavelengths). > > > dictated by frozen chance, politics (peering arrangements). Automating > > > peering arrangments and using agoric load levelling in the infrastructure > > > will tend to erode that over time. Over time, physical lines will tend to be > > > densest along densest traffic flow. > > > > Very true -- but this has nothing to do with geodesics. > > Human societies optimize. Geodesic is a shortest path on Earth surface. > Look at Christaller and followup (Christaller and geodesics is good first > start). A geodesic is a minimal path in whatever geometry you are talking about. If you looked carefully at traffic between European countries around 1999, it turned out that the minimal cost path between say German and France was in fact through Virginia. Traffic was following a geodesic -- but not a geographic geodesic. As I recall, a 2 Mbps E1 between most major European cities and Virginia was about $30,000 a month, but an E1 across the English Channel was around $45,000 a month - 50% more to go 30 miles than to go 6,000. We had customers in Northern Ireland whose traffic to Dublin went first to London, then to our PoP in California, then to Virginia, and from there back to Ireland. This was our financial geodesic. > > ? City layouts that I am familiar with are either haphazard or built > > around rings or some mixture of the two. MFS built a US national ring, > > a ring in New York City, a ring in London, and rings elsewhere in Europe. > > Other carriers tended to follow the same pattern. > > I'm not going to dive into city architecture, but compare these two adjacent > cities: http://www.redtailcanyon.com/items/18393.aspx I have spent time in both cities and am familiar with their layouts, but really can't see how this relates to how fiber is laid out in Europe and America. > > > connected with traffic ducts (rail, highway) which is typically loosely > > > geodesic (but for obstacles in the landscape). Fiber typically follows > > > railway or highway. > > > > That's certainly true, but now you are talking about political decisions > > made ages ago. Many roads in England were built by the Romans. These > > A road is a place channeling traffic from A to B. Roman roads which are still > used (I use one quite frequently) were created between areas of major human > activity, requiring traffic frequent enough to warrant an expediture (in > terms of wealth fraction, roman roads were just as expensive as autobahns). Indeed. But the point is that things tend _not_ to be optimized at the macro level; what happens is the opposite, micro-optimization around the results of previous decisions (some of which will have been just plain wrong). Roman engineers built roads a couple of thousand years ago, optimizing things according to then-current theories and strategies. We lay down rivers of fiber along those roads, reenforcing those ancient decisions, because the cost of reversing those ancient decisions, and all of the incalculable number of micro-decisions that followed, would be truly enormous. You can see the same pattern working itself out now. A group of Japanese banks invested in a building in Docklands, Telehouse, to act as a backup facility in case of a disaster in the City of London. This turned out to be a loser, in financial terms. The Japanese had misjudged the market demand for this kind of facility. Some telcos had put a few racks in the building. The first UK ISPs followed them there, because the facility was cheap. More ISPs followed. Some decided to build an exchange point there, the LINX, following somewhat misunderstood US models. Things mushroomed; the building, which had been quiet and empty, rapidly filled up with racks. The owners built another building across the street; investors built competing facilities a short distance away, to be close to the action. All of these were interconnected with more and more fiber. The end result is that most UK Internet traffic, and a large part of European traffic, passes through what used to be a more or less derelict area of East London, all because of a planning error on the part of some Tokyo-based banks. > > roads lead to London. You see the same pattern on the Continent, of > > course, with the roads leading to the local capital (Paris, say) and then > > on to Rome. That is, fiber optic paths today reflect the strategic > > requirements of the Roman Empire, not geometry. > > 1) today, EU > > today, elsewhere, looks different. Not at all. Everywhere we see the same pattern of pearl-like growth: someone makes a decision, and those that follow build around the first decision, micro-optimizing as they go along, creating the odd fractal shapes that are all around us. > future, everywhere, looks even more different. > We're at the beginning of the optimization process. You can't cheat physics > in a relativistic universe, in an economic/evolutionary context. This isn't physics. It's much more like biology. -- Jim Dixon jdd at dixons.org tel +44 117 982 0786 mobile +44 797 373 7881 http://jxcl.sourceforge.net Java unit test coverage http://xlattice.sourceforge.net p2p communications infrastructure From mv at cdc.gov Fri Apr 9 20:35:47 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 09 Apr 2004 20:35:47 -0700 Subject: Gmail as Blacknet (legally required forgetting) Message-ID: <40776B93.460CDDC4@cdc.gov> At 05:16 PM 4/9/04 -0400, Tyler Durden wrote: >(As an aside, although debt has to be -forgiven- after 7 years, contrary to >popular belief it is not true that a debt has to be -forgotten-...I know of >one credit major card company that will not accept 'new' cardmembers that >didn't pay back what they owed, even if that's 15 years ago. That's actually >perfectly legal.) I don't know about your anecdote, but Mr. May's original point was that the law *requires* companies to forget. Which is of course an illegitimate intrusion of the state into private affairs. And the responsibles need killing. Ahhh, that feels better. ----- "When I was your age we didn't have Tim May! We had to be paranoid on our own! And we were grateful!" --Alan Olsen From mv at cdc.gov Fri Apr 9 21:03:35 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 09 Apr 2004 21:03:35 -0700 Subject: Meshing costs, the price of RAH's battery Message-ID: <40777217.EBCA44D7@cdc.gov> At 07:06 PM 4/9/04 -0400, Tyler Durden wrote: >RAH wrote... > >>At 10:43 AM -0700 4/9/04, Major Variola (ret) wrote: >> >Meshnets (everyone's a router) is cool, admittedly. But are you going >> >to spend *your* battery life routing someone else's message? >> >>Only if they pay me cash > >Someone enlighten me here...I don't see this as obvious. I might certainly >be willing to pay to route someone else's message if I understand that to be >the real cost of mesh connectivity. One can run a P2P app from mains-powered home machine and incur only a minor bandwidth penalty, which you can possibly throttle when you're busy. But my understanding of *mobile* devices (where meshing matters) is that they are severely power constrained. To the extent that boozohol power cells and various semiconductor/logic tricks are being used, despite the difficulties they require. So, get a clue. When your battery runs out, you get *zero* benefit from the mesh. Or even your local device *sans network*. >Of course, the battery lifetime acts as the "weighting" factor here...if >only a small % of the traffic I'm routing belongs to me, then I may not be >so willing to route it if my battery lifetime is short. As battery time >lifetime increases however (though this sorely lags behind Moore's law) then >more and more people will be willing to route. The traffic-fraction and the extrapolation of Moore's 'law' are largely irrelevant for the next decade. In fact, given that standby usage will *decrease* relative to transmit usage only makes the relative proportions worse. I don't care if you use a picoamp on standby/listen, you'll still need a few milliwatts to forward a packet. Or more, if there are no nearby cooperative nodes. Sure, in the distant future, mobile power may so vastly dominate power usage that meshes become practical. (There's even positive feedback, the more meshnodes the less transmit power.) Meantime, uncompensated altruism is maladaptive. With something like soldier-radios, or smart dusts, meshes will happen sooner, since the Many eat the Few. For *your* cellphone, you have a *long* time to wait for it to be Rational to share your battery with randoms. In RAH's defense, mesh-everything is not necessary for the disintermediation, which he idiosyncratically calles 'geodesic' info flow, to have big effects. Neither is a geodesic (in any physical or otherwise meaningful sense) net important. Just cheaper info to more people. And that's been happening since before ponies carried dead trees with stamps. Re-reading RAH's "if they pay me enough" reply, it is also right that a price can be set on the wattage you've sherpa'ed, perhaps so that you can pay off your usage of said mesh by letting others use your batteries. And the micropayments will be feasible thanks to real cheap info + crypto, what RAH's undiagnosed brain tumor labels geodesic info flow. Perhaps the price of being a meshrouter to others will even depend on the wattage you have left. Your phone will negotiate with Fred's phone (has 10 Joules left but is 1000 m away) and Joe's (has 5 Joules but is 100 m away). But that's economics/physics applied to resource usage, nothing new, despite the neologisms and extrapolation. From mv at cdc.gov Fri Apr 9 21:07:32 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 09 Apr 2004 21:07:32 -0700 Subject: cryptography@metzdowd.com Message-ID: <40777304.2B68D1B@cdc.gov> At 01:47 PM 4/9/04 -0400, Adam Fields wrote: >On Fri, Apr 09, 2004 at 12:46:47PM -0400, Perry E. Metzger wrote: >> I'm a technophile. I've loved technology all my life. I'm also a >As the supposed experts, how do we get the idea out of people's heads >that making everything electronic and automated is somehow >intrinsically better, regardless of the actual risks and benefits of >doing so? Wait until the first fly-by-wire Airbus goes down because some doofus turned on his cell phone. (More a comp.risks answer, but I think it makes the point.) From sunder at sunder.net Fri Apr 9 20:21:35 2004 From: sunder at sunder.net (sunder) Date: Fri, 09 Apr 2004 23:21:35 -0400 Subject: Meshing costs (Re: Hierarchy, Force Monopoly, and Geodesic Societies) In-Reply-To: References: Message-ID: <4077683F.8030409@sunder.net> Tyler Durden wrote: > Someone enlighten me here...I don't see this as obvious. I might > certainly be willing to pay to route someone else's message if I > understand that to be the real cost of mesh connectivity. In other > words, say I'm driving down the FDR receiving telemetry about the road > conditions downtown of me by a few miles. Um, just to point out the absolute obvious, if you're >DRIVING< you already have a power source, even if you have to use an inverter to power your notebook. At that point you're not worried about worrying about spending a few miliamps on transmission here and there. It doesn't matter at all whether or not there's a string of other "you's" ahead of you. Having already paid for the tank of gas, the juice is free, and so should transmission - even routing of other users' data. If you're in the woods, or at the beach, that's a different story. :) Ok, well, if you're at the beach, you could get a solar cell and geek away. > If I'm a router, I'm also > sending that info behind me (which is routing I'm paying for basically), > but I will understand that the reason I am getting my telemetry is > precisely because there's a string of "me's" in the cars in front of me, > routing info down to me. If I insist on getting paid, so will they, and > the whole thing breaks down. > Actually, this reminds me of the prisoner's dilemma. I remember (I > think) Hofstaedter doing an interesting analysis that showed that smart > 'criminals' will eventually realize that it pays to cooperate, even if > that doesn't optimise one's chances in this particular instance. Yup, can't have a network without nodes. > Of course, the battery lifetime acts as the "weighting" factor here...if > only a small % of the traffic I'm routing belongs to me, then I may not > be so willing to route it if my battery lifetime is short. As battery > time lifetime increases however (though this sorely lags behind Moore's > law) then more and more people will be willing to route. In which case, you won't be to willing to transmit either since receiving costs you far less battery than transmitting. In this case you're far more likely to store whatever you want to transmit for later - same as working "offline" with a mail user agent. From s.schear at comcast.net Sat Apr 10 08:54:50 2004 From: s.schear at comcast.net (Steve Schear) Date: Sat, 10 Apr 2004 08:54:50 -0700 Subject: Fortress America mans the ramparts In-Reply-To: References: Message-ID: <6.0.1.1.0.20040410085103.052f2b20@mail.comcast.net> > > >New Zealand Herald Online - Newspaper > >Sunday April 11, 2004 > > > > >[An American flight crew member (left) is photographed and fingerprinted >with by an immigration official. Picture / Reuters] > > Fortress America mans the ramparts > > 10.04.2004 - Travellers to the US face fingerprinting and being >photographed. CHRIS BARTON investigates if terrorism is reducing us all to >numbers > > I am not a number, I am a free man!" > > So cried "Number 6" (Patrick McGoohan) in the 1967 cult TV classic The >Prisoner as he fled Rover, the sinister white balloon that patrolled The >Village - sort of Shangri-La meets the Gulag - in which he was contained. > Otago University computer security and forensics professor and >cryptography expert Hank Wolfe, who is also an American citizen, sees >liberty under threat. "If you look at America I don't think it's the land >of the free, home of the brave any more. It's more appropriately called >Fortress America." > > Wolfe is also scathing of steps taken post September 11 to protect >airports. "It's not real security. This is eyewash security. This is for >public consumption so that people think that they are doing something." Several years ago, on this list I belive, I coined a word to describe such foolery - securisimilitude. steve From rah at shipwright.com Sat Apr 10 06:59:59 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 10 Apr 2004 09:59:59 -0400 Subject: Fortress America mans the ramparts Message-ID: New Zealand Herald Online - Newspaper Sunday April 11, 2004 [An American flight crew member (left) is photographed and fingerprinted with by an immigration official. Picture / Reuters] Fortress America mans the ramparts 10.04.2004 - Travellers to the US face fingerprinting and being photographed. CHRIS BARTON investigates if terrorism is reducing us all to numbers I am not a number, I am a free man!" So cried "Number 6" (Patrick McGoohan) in the 1967 cult TV classic The Prisoner as he fled Rover, the sinister white balloon that patrolled The Village - sort of Shangri-La meets the Gulag - in which he was contained. Fast forward to 2004. A husband, wife and their young daughter - numbers 19841016400042911666 ... 7 and ... 8 respectively - are arriving at LA airport en route to Disneyland. At immigration the family hand over their New Zealand passports. Each is photographed and then fingerprinted. The 8-year-old begins to cry. "Mummy, are we going to prison?" "Don't worry, darling," comforts the mother. "This is how Americans welcome visitors." This is not some TV programme, but a reality facing all travellers to the United States. From September 30, tourists from 27 countries, including New Zealand, who have long travelled to the United States relatively hassle-free and without a visa will be digitally fingerprinted and photographed every time they enter the country. The move has drawn criticism and some retaliation. The Travel Industry Association (TIA) of America is concerned "negative reactions" may mean already declining tourist numbers may fall further. "Visitors," says Swiss centre-right Christian Democrat parliamentarian Eugen David, "will be treated like criminals." As for retaliation, China, whose citizens are required to have visas to travel to the United States, is barring Americans from applying for emergency visas at Chinese airports and requiring some to be interviewed before receiving tourist visas. Similarly, Brazil announced in January it would fingerprint and photograph American visitors. New Zealand reaction has been muted - except for Green Party MP Keith Locke: "Fingerprinting is for people accused of a crime, not law-abiding citizens." The Americans are unmoved - responding with a reverse spin: "Every country has to take the steps necessary to ensure the security of their borders - so if Brazilians and Chinese feel safer having fingerprinted Americans we can hardly object to that," says consular chief Richard H. Adams at the US Consulate in Auckland. "Yes," he concedes. "In a way the fingerprint is connected to the whole criminal justice process in peoples' minds and if it was something else maybe they wouldn't feel that way." Alternatives to fingerprinting include retina scanning or facial-recognition technology, but Adams maintains they're not as quick or reliable. But as he later acknowledges, the real reason for fingerprint scans is to check against police databases for prior criminal convictions in the United States. The fact is they want to know you're not a criminal. The fingerprinting regime began in January for visitors from nations other than the visa-waiver countries. According to the Department of Homeland Security about 2.6 million people have been processed so far and 200 with prior or suspected criminal or immigration violations have been stopped. The visa-waiver countries will add an estimated 13 million visitors a year to the processing queue. Like Number 6 in The Village, all visitors ashore in the United States will now be a specific number in Homeland Security's database. This is the price travellers have to pay for September 11. Or are border control and security agencies around the world using the spectre of that event to curb and control individual freedoms? Otago University computer security and forensics professor and cryptography expert Hank Wolfe, who is also an American citizen, sees liberty under threat. "If you look at America I don't think it's the land of the free, home of the brave any more. It's more appropriately called Fortress America." Wolfe is also scathing of steps taken post September 11 to protect airports. "It's not real security. This is eyewash security. This is for public consumption so that people think that they are doing something." His point is underlined by the fact that travelling American citizens will not be subject to fingerprinting or photography processing when returning home. Neither will Canadians or Mexicans carrying border cards. Adams recognises the exemptions are a double standard - enabling terrorists either to get Americans to do their bidding or to use fake American passports themselves. "As far as passing for Americans, we are somewhat better at telling real Americans from fake ones than we are dealing with other nationalities as a rule." But as Wolfe points out, America's vast coastline means border security is always going to be problematic and the new measures mean terrorists will find other entry points. "The fact is any reasonably intelligent terrorist who wanted to do something bad on an aeroplane could do it - none of the measures they have in place are going to stop them." The United States also requires all countries that wish to remain in the visa waiver programme to start issuing "biometric passports" containing information encoded on a computer chip by October 26. Homeland Security has recognised the deadline is impossible for most and is asking Congress for a two-year extension. Interestingly, the United States won't begin issuing biometric passports until the end of 2005. Meanwhile New Zealand is in a position to meet the current deadline. "The Government took the decision so as not to inconvenience New Zealanders that it would be better to stay in the visa waiver programme," says Internal Affairs passport office manager David Philp. In light of the extension the department may review the start date, but is also likely to award the first biometric passport contract later this month. Philp declines to say how much the new passports will cost, but says New Zealanders will only need to get them when their current passports expire. "I think that when you improve the security of a document, people need to understand there will be an additional cost." A similar scheme in Britain indicates travellers could pay almost twice the price of a traditional passport. Philp says the New Zealand passport will employ the minimum standard set down by the International Civil Aviation Organisation, or ICAO - namely a 32 kilobyte microchip embedded in a "polycarbonate" (plastic) page inserted in the book. The chip will contain the same information on the passport. Except that the photograph will be a digital image and, along with the biographical and issuing data, will be encrypted (scrambled) - requiring a special "key" to unlock and read the information. The "biometric" bit occurs at the border where the scrambled digital photo is sucked out of the chip via radio waves into a special reader. It's then computer processed to give a code or number representing the uniqueness of the visitor's face and compared with the biometric derived from another photo taken on the spot. If the two biometrics match, then you are who you say you are on your passport. Free to go, Number 19841016400042911666. Philp says while other countries may implement larger chips that can contain more information, New Zealand doesn't see the need. "We don't see any significant reason to put other data in there. We don't have any intention of collecting people's fingerprints or any other biometric for that matter." But biometric passports are just one aspect of the hi-tech arsenal now being levelled against the travelling public to combat the terrorist threat. Some of the most effective happen without their knowledge. New Zealand Customs chief financial officer John Kyne says while the department is looking at all the technology - facial recognition, iris and fingerprint scanning - no decisions have been made. He says Custom's main focus is on understanding people's travel intentions as early as possible - "so we can develop a picture of the travelling public - particularly those people who might pose a risk". How? By linking into airline booking systems and other border organisation databases and cross checking and matching that information. "We're applying some rules across certain pieces of information to try and extract the people whom we want to interact with." In other words "mining" data for irregularities and profiling the individuals that show up. New Zealand's part in what some privacy advocates are calling "the emergence of a global system of travel surveillance" begins with Immigration's advanced passenger screening solution. The $3 million system which costs about $2 million a year to run has been operational with five New Zealand carriers since August. It provides automatic verification at check-in that the traveller has all the necessary New Zealand visas. It can also give back the message "Do not board", stopping undesirables before they get on the plane. Or when they land. "Advanced information gets sent, advising us who is on the plane so we can do further profiling of those people while in flight," says Immigration chief information officer Rob Bolton. The system will be mandatory for all New Zealand carriers when the Border Security Bill, currently before parliament, is passed. But the swapping of information about passengers and the vast databases of information being built up - largely without people's knowledge or permission - are causing concern. Pressure group Privacy International, along with other privacy groups, has written to the UN-based ICAO calling on it to stop development work on biometric passports, which it says "will have disproportionate effects on privacy and civil liberties". The effects stem from abuse of the information held - by accidents or mistakes that become difficult to correct, or by corrupt officials in charge of the information. Or by governments using the information for other purposes - perhaps initially to control the travel arrangements of dissenters and protesters, and potentially those of entire populations. To which the most common reply is that law-abiding citizens have nothing to fear. But when law-abiding citizens need to be fingerprinted on their way to Disneyland, one can't help wondering whether the terrorists' greatest victory is not the destruction of the Twin Towers, but what we have now become. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Sat Apr 10 10:13:09 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 10 Apr 2004 10:13:09 -0700 Subject: Fortress America mans the ramparts Message-ID: <40782B25.33655F57@cdc.gov> At 08:54 AM 4/10/04 -0700, Steve Schear wrote: >> Wolfe is also scathing of steps taken post September 11 to protect >>airports. "It's not real security. This is eyewash security. This is for >>public consumption so that people think that they are doing something." > >Several years ago, on this list I belive, I coined a word to describe such >foolery - securisimilitude. "Security theatre" is perhaps as good, and fewer syllables besides. "Fortress America" might be "Maginot-Asylum America" more precisely. PS: what happens if your passport's chip doesn't work? Do you get sent back and the airline fined $10K? Do you wait extra time while the still-readable passport number indexes your record online? How much extra time? (Anyone have experience with domestic eg traffic pigs discovering that your magstrip is corrupted?) Are all chip biometrics encrypted with the same key? How much does that cost on BlackNet these days? How much extra should our Seals Flaps and Documents dept charge? ---- Do you need an air quality management district permit to burn hostages? From cripto at ecn.org Sat Apr 10 01:16:55 2004 From: cripto at ecn.org (Anonymous) Date: Sat, 10 Apr 2004 10:16:55 +0200 (CEST) Subject: Meshing costs (Re: Hierarchy, Force Monopoly, and Geodesic Societies) In-Reply-To: Message-ID: <4c84ca6dbf28b4687faa170b2ad10333@ecn.org> Tyler Durden wrote: > RAH wrote... > >Only if they pay me cash > > few miles. If I'm a router, I'm also sending that info behind me (which is > routing I'm paying for basically), but I will understand that the reason I > am getting my telemetry is precisely because there's a string of "me's" in > the cars in front of me, routing info down to me. If I insist on getting > paid, so will they, and the whole thing breaks down. > > Actually, this reminds me of the prisoner's dilemma. I remember (I think) > Hofstaedter doing an interesting analysis that showed that smart > 'criminals' will eventually realize that it pays to cooperate, even if that > doesn't optimise one's chances in this particular instance. Myerson, 0674341163 (not to bash Osborne/Rubinstein which I'm sure is good) Fagin/Halpern, 0262562006 (I know of no book like it) Olson, 0674537513 (that's Mancur Olson) From mv at cdc.gov Sat Apr 10 10:33:39 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 10 Apr 2004 10:33:39 -0700 Subject: legally required forgetting Message-ID: <40782FF3.A76930DE@cdc.gov> At 11:18 AM 4/10/04 -0400, Tyler Durden wrote: >What the law actually states is (basically) a defaulted loan must be >forgiven after seven years. In other words, it is illegal to continue to >attempt to collect on a loan, 7 years after the default. > >However, it is perfectly legal to remember that an individual failed to pay >back a loan. In practice, this means that a large brand-name Credit Card >company can choose not to send an offer to someone that defaulted 10 years >ago. Thanks for the distinction, however it still makes CC folks slaves of the State. Suppose Joe Badcredit finds a blank application and applies? The State then uses violence to coerce the CC into non-consensual transactions. >>And the responsibles need killing. > >Well, in a lot of cases I agreed with May's sentiment, even if I'm not >entirely sure this would do much. However, as for putting the Jews and >blacks up chimneys, well add to that what appears to be an almost State >Corporatism stance, First, no one (but you) mentioned subcultures, which is what TM typically referred to (not subraces). Second, corporations generally welcome anyone with money to buy their stuff, even if the corp folks don't condone the culture of the buyers. Not sure what you mean by 'state corporatism', which sounds like euphemized state collectivism. >But those are side issues. At least, aside from the technical content, I >still view May's harshest rantings as a sort of Fredom of Speech acid >test...if one would try to forcibly or legally shut him down, then one >probably "needs killing". Freedom is only tested when you find it objectionable. (And BTW you're the one injecting some of Tim's other rants; why?) Those who use violence against others (deprivation of freedom) have earned the same. Especially if its state violence. Dig? PS: I saw a bit of news on pills to help people forget. Eg to help avoid post traumatic stress. One of the more objectionable objections to this was that witnesses might become unreliable. As if the state had some right to force you to remember something. (And tequila works pretty well although you need to get inside the consolidation window.) From mv at cdc.gov Sat Apr 10 10:36:28 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 10 Apr 2004 10:36:28 -0700 Subject: Meshing costs, the price of RAH's battery Message-ID: <4078309C.A6D295D3@cdc.gov> At 11:32 AM 4/10/04 -0400, Tyler Durden wrote: >"So, get a clue. When your battery runs out, you >get *zero* benefit from the mesh. Or even your local >device *sans network*." > >Well, as usual I don't think I'm understanding you here. In my example I'm >imagining I'm a livery cab driver or something. In that case, instantaneous >micro-traffic-conditions can be very valuable in NYC. A car represents abundant power. RF issues aside, may as well be fixed & mains powered. A car is not what's meant by "mobile". Think handsets, laptops, PDAs with self-contained power. From camera_lumina at hotmail.com Sat Apr 10 08:18:31 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sat, 10 Apr 2004 11:18:31 -0400 Subject: Gmail as Blacknet (legally required forgetting) Message-ID: >I don't know about your anecdote, but Mr. May's original point >was that the law *requires* companies to forget. Which is >of course an illegitimate intrusion of the state into private affairs. Well, this is not well understood by those outside the credit world. What the law actually states is (basically) a defaulted loan must be forgiven after seven years. In other words, it is illegal to continue to attempt to collect on a loan, 7 years after the default. However, it is perfectly legal to remember that an individual failed to pay back a loan. In practice, this means that a large brand-name Credit Card company can choose not to send an offer to someone that defaulted 10 years ago. Of course, they can't dunn that person anymore, but they don't have to offer a card. I know without any doubt that there is at least one that does this, and it's not like the Feds wouldn't notice! >And the responsibles need killing. Well, in a lot of cases I agreed with May's sentiment, even if I'm not entirely sure this would do much. However, as for putting the Jews and blacks up chimneys, well add to that what appears to be an almost State Corporatism stance, and there's a discernable vector there...look up "Boehrman Flight Capital Organization" and I'm still not convinced the resemblance is coincidental. But those are side issues. At least, aside from the technical content, I still view May's harshest rantings as a sort of Fredom of Speech acid test...if one would try to forcibly or legally shut him down, then one probably "needs killing". -TD >From: "Major Variola (ret)" >To: "cypherpunks at al-qaeda.net" >Subject: RE: Gmail as Blacknet (legally required forgetting) >Date: Fri, 09 Apr 2004 20:35:47 -0700 > >At 05:16 PM 4/9/04 -0400, Tyler Durden wrote: > >(As an aside, although debt has to be -forgiven- after 7 years, >contrary to > >popular belief it is not true that a debt has to be -forgotten-...I >know of > >one credit major card company that will not accept 'new' cardmembers >that > >didn't pay back what they owed, even if that's 15 years ago. That's >actually > >perfectly legal.) > >I don't know about your anecdote, but Mr. May's original point >was that the law *requires* companies to forget. Which is >of course an illegitimate intrusion of the state into private affairs. > >And the responsibles need killing. > >Ahhh, that feels better. > >----- >"When I was your age we didn't have Tim May! We had to be paranoid >on our own! And we were grateful!" --Alan Olsen > > _________________________________________________________________ Get rid of annoying pop-up ads with the new MSN Toolbar  FREE! http://toolbar.msn.com/go/onm00200414ave/direct/01/ From camera_lumina at hotmail.com Sat Apr 10 08:32:29 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sat, 10 Apr 2004 11:32:29 -0400 Subject: Meshing costs, the price of RAH's battery Message-ID: "So, get a clue. When your battery runs out, you get *zero* benefit from the mesh. Or even your local device *sans network*." Well, as usual I don't think I'm understanding you here. In my example I'm imagining I'm a livery cab driver or something. In that case, instantaneous micro-traffic-conditions can be very valuable in NYC. In that environment, a cabbie will quickly understand that the network will collapse if all of the wireless nodes act to conserve power by not re-transmitting information. So even though it costs you something to route a packet you yourself will not use, if you're even reasonably smart you'll pass some on until you're nearing your batteries exhaustion, then perhaps go into a listening mode. (And of course, it may easily be possible to form spontaneous VLANs that deal only with traffic, and then only route those packets...but that doesn't change my argument any.) -TD >From: "Major Variola (ret)" >To: "cypherpunks at al-qaeda.net" >Subject: Re: Meshing costs, the price of RAH's battery >Date: Fri, 09 Apr 2004 21:03:35 -0700 > >At 07:06 PM 4/9/04 -0400, Tyler Durden wrote: > >RAH wrote... > > > >>At 10:43 AM -0700 4/9/04, Major Variola (ret) wrote: > >> >Meshnets (everyone's a router) is cool, admittedly. But are you >going > >> >to spend *your* battery life routing someone else's message? > >> > >>Only if they pay me cash > > > >Someone enlighten me here...I don't see this as obvious. I might >certainly > >be willing to pay to route someone else's message if I understand that >to be > >the real cost of mesh connectivity. > >One can run a P2P app from mains-powered home machine >and incur only a minor bandwidth penalty, which you can >possibly throttle when you're busy. But my >understanding of *mobile* devices (where meshing matters) is that they >are >severely power constrained. To the extent that >boozohol power cells and various semiconductor/logic >tricks are being used, despite the difficulties they require. > >So, get a clue. When your battery runs out, you >get *zero* benefit from the mesh. Or even your local >device *sans network*. > > >Of course, the battery lifetime acts as the "weighting" factor >here...if > >only a small % of the traffic I'm routing belongs to me, then I may not >be > >so willing to route it if my battery lifetime is short. As battery time > > >lifetime increases however (though this sorely lags behind Moore's law) >then > >more and more people will be willing to route. > >The traffic-fraction and the extrapolation of Moore's 'law' are largely >irrelevant >for the next decade. In fact, given that standby usage will *decrease* >relative >to transmit usage only makes the relative proportions worse. I don't >care if you use a picoamp on standby/listen, you'll still need a few >milliwatts to forward a packet. Or more, if there are no nearby >cooperative nodes. > >Sure, in the distant future, mobile power may so vastly dominate >power usage that meshes become practical. (There's even >positive feedback, the more meshnodes the less transmit power.) >Meantime, uncompensated altruism is maladaptive. > >With something like soldier-radios, or smart dusts, meshes will happen >sooner, since the >Many eat the Few. For *your* cellphone, you have a *long* time to wait >for it to be Rational to share your battery with randoms. > >In RAH's defense, mesh-everything is not necessary for the >disintermediation, >which he idiosyncratically calles 'geodesic' info flow, to have big >effects. >Neither is a geodesic (in any physical or otherwise meaningful sense) >net important. >Just cheaper info to more people. And that's been happening since >before >ponies carried dead trees with stamps. > >Re-reading RAH's "if they pay me enough" reply, it is also right that a >price can be set on the wattage you've sherpa'ed, perhaps so that you >can pay off your usage of said mesh >by letting others use your batteries. And the micropayments will be >feasible thanks to >real cheap info + crypto, what RAH's undiagnosed brain tumor labels >geodesic info flow. Perhaps the price of being a meshrouter to others >will >even depend on the wattage you have left. Your phone will negotiate >with Fred's phone (has 10 Joules left but is 1000 m away) and Joe's >(has 5 Joules but is 100 m away). > >But that's economics/physics applied to resource usage, nothing new, >despite the neologisms and extrapolation. > > > > > _________________________________________________________________ Watch LIVE baseball games on your computer with MLB.TV, included with MSN Premium! http://join.msn.com/?page=features/mlb&pgmarket=en-us/go/onm00200439ave/direct/01/ From emc at artifact.psychedelic.net Sat Apr 10 14:33:39 2004 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Sat, 10 Apr 2004 14:33:39 -0700 (PDT) Subject: Gmail as Blacknet (legally required forgetting) In-Reply-To: Message-ID: <200404102133.i3ALXeqX011208@artifact.psychedelic.net> Tyler Durden writes: > What the law actually states is (basically) a defaulted loan must be > forgiven after seven years. In other words, it is illegal to continue to > attempt to collect on a loan, 7 years after the default. There are different levels of illegal. The most important one is the statute of limitations on suing the individual, and converting the delinquent debt into a judgment, with which assets can be forcibly seized. This varies by state, and also varies by whether there is a contracted for amount in writing, such as a loan or mortgage, or whether the debt is an "open account", which would cover revolving charge accounts with retail establishments, and also in most states, credit cards. A typical statute of limitations for open accounts is 3 years. Contracts can go up to 10 years, depending on where you reside. You can still be sued over any debt, but you can move to dismiss if the statute of limitations has expired. The other axis of debt is "reporting", which is how long the credit bureaus and other organizations which keep files on you can tell other people about the debt. This is typically 7 years for delinquencies, and 10 years for bankruptcies and judgments. This only applies to reporting for credit purposes. Nothing is ever expunged from your credit file. The file is simply redacted according to who is requesting it. LEAs, and also in certain cases employers, can see your entire credit file from day one, with information you have contested, and an audit trail of possibly successful attempts to have it "removed." Now, as far as collection practices go, there is absolutely nothing to prevent your basic brand name credit card company with which you have a 20 year old delinquency, from offering you a financial product which includes re-affirming all or part of an old debt, even one which has been discharged through bankruptcy. For instance, they can offer you a new gold card with your charged off balance on it, forgive all the interest and fees since charge off, charge no interest, and give you 50 cents on every dollar paid off added to your credit line, and free tickets to the Super Bowl, all "PRE_APPROVED." This can do this with money you owe them, or with a delinquent account they have purchased from someone else in the marketplace. THe only restriction is that they cannot report you paid off the old debt to the credit bureaus, if it is over 7 years delinquent. In almost all cases, you're an idiot to accept such an offer, of course. So, as you see, all of this is a bit more complex than it being "illegal" to collect on anything over 7 years. They can't win a lawsuit. They can't call you at 2 AM in the morning to bitch if you send them a "cease and desist" notice. But they can certainly trade your antique debt in the debt marketplace, and anyone who buys it is free to think up all the clever ways they can invent in order to seduce you to pay it off, before selling it at an even greater discount to the next lowest level of the delinquent debt food chain. Now, occasionally, states Attorneys General get after companies who try and collect on old debts. I remember a few years ago, American Express got some flack over its practice of letting people who went through bankruptcy keep their American Express Cards if they re-affirmed the balance. It is, however, a largely unregulated industry, aside from an occasional wrist-slapping. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From rah at shipwright.com Sat Apr 10 11:34:50 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 10 Apr 2004 14:34:50 -0400 Subject: Meshing costs, the price of RAH's battery In-Reply-To: <40777217.EBCA44D7@cdc.gov> References: <40777217.EBCA44D7@cdc.gov> Message-ID: At 9:03 PM -0700 4/9/04, Major Variola (ret) wrote: >he idiosyncratically calles 'geodesic' info flow Hey, I use it, and it's right, but it's not mine. It comes from Peter Huber's "The Geodesic Network", circa 1986, and he's right, too. I'd say check the archives, but that would be -- rather ironically, in your case -- rude. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat Apr 10 11:36:02 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 10 Apr 2004 14:36:02 -0400 Subject: Meshing costs, the price of RAH's battery In-Reply-To: <40777217.EBCA44D7@cdc.gov> References: <40777217.EBCA44D7@cdc.gov> Message-ID: At 9:03 PM -0700 4/9/04, Major Variola (ret) wrote: >So, get a clue. When your battery runs out, you >get *zero* benefit from the mesh. Or even your local >device *sans network*. Yes, and as your battery starts to run out, you raise the price on switching. Your point is? The cost of anything is the foregone alternative, and all that. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From up at treerunner.com Sat Apr 10 11:51:11 2004 From: up at treerunner.com (kevin lahoda) Date: Sat, 10 Apr 2004 14:51:11 -0400 Subject: PlayFair > Sarovar Message-ID: Sarovar.org is India's first portal to host projects under Free/Open source licenses. It is located in Trivandrum, India and hosted at Asianet data center. Sarovar.org is customised, installed and maintained by Linuxense as part of their community services and sponsored by River Valley Technologies. From Sarovar's < http://sarovar.org/ > Latest News: "After a short "vacation" thanks to a Cease and Desist letter from Apple, we're back online. Many thanks to Sarovar for hosting us.. -PlayFair " Sarovar now hosts The PlayFair project < http://playfair.sarovar.org/ > which SourceForge has declined in order to avoid tangling with Apple's decision to go DMCA on their ass < http://slashdot.org/article.pl?sid=04/04/09/1554203 >. Like something from a Gibson novel, I wouldn't doubt if Sarovar rises to meet more than another of these occasions in the near future. And so, we have more contentious open source code hosted outside of the US in order to circumvent unfavorable legal processes. Offtshoring in itself is not all that new (another example: < http://www.citi.umich.edu/u/provos/honeyd/ >). Here is how this one gets interesting: A big guy - Apple, goes a little sour, another (kind of) big guy - SourceForge, takes the easy route, and then an offshore repository stands in. With all of this, one thing that should not be ignored is that SourceForge should be shamed for not holding itself stronger. In a way SourceForge's decline of PlayFair and non-usage of the Safe Harbor Provision Act < http://www.chillingeffects.org/dmca512/ > is an admit of defeat and a failure to stand up for one's (community's) rights. What comes out of this? Well, maybe Apple wins because they avoid a chance of being tarnished. Imagine what consumer level acknowledgment of the reality of Apple marketing a clean yet gritty 'Garage Band' motif (with all that punk rock implies) while at the same time sleeping with DRM, recently RIAA, and now DMCA, could entail... One can easily see that Apple is dancing itself into a bit of a gamble. But then again, what does an Ipod zombie care about these acronyms anyway? What does SourceForge get? Not much. This only makes it easier for them to weasle out of the next situation that comes up. Not to mention they also missed a good chance to join PlayFair in telling Apple what's what. k http://sarovar.org/ http://sarovar.org/projects/playfair/ http://slashdot.org/article.pl?sid=04/04/09/1554203 http://www.chillingeffects.org/dmca512/ http://www.citi.umich.edu/u/provos/honeyd/ http://www.theregister.co.uk/2004/04/09/playfair_dmca_takedown/ # distributed via : no commercial use without permission # is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: majordomo at bbs.thing.net and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: nettime at bbs.thing.net --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Sat Apr 10 15:07:00 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 10 Apr 2004 15:07:00 -0700 Subject: Meshing costs, the price of RAH's battery Message-ID: <40787004.B02B3DA7@cdc.gov> At 05:34 PM 4/10/04 +0200, Eugen Leitl wrote: >On Fri, Apr 09, 2004 at 09:03:35PM -0700, Major Variola (ret) wrote: > >> One can run a P2P app from mains-powered home machine >> and incur only a minor bandwidth penalty, which you can >> possibly throttle when you're busy. But my > >Most P2P clients don't support this, Morpheus, KaZaa etc. supports this, although you have to use the GUI manually to change this. Perhaps you meant other apps, or you meant automatic QoS of the voice-before-email type. >> understanding of *mobile* devices (where meshing matters) is that they >> are severely power constrained. To the extent that >> boozohol power cells and various semiconductor/logic >> tricks are being used, despite the difficulties they require. >Some nodes are power constrained (mobile phones), some are not (cars, >planes). Yes. I just posted a message clarifying this. >All power management issues are irrelevant for immobile nodes and for >energy-glut nodes. Yes >> Meantime, uncompensated altruism is maladaptive. >> >> But that's economics/physics applied to resource usage, nothing new, >> despite the neologisms and extrapolation. > >I stopped using geodesic routing a while ago, because I found out the proper >term is geographic routing. Yep, and its obviously important for 1/R^2 "last mile" techs using RF, but otherwise a metric that accounts for how bits actually get around is what matters. A postcard or a phone call to my neighbor still go far away, then back. A globally optimized market (aka RAH's geodesics) might require checking an authoritative (but voluntary) clearinghouse on the other side of the planet. PS look up "caida" they do IP & geography for fixed nodes. From mv at cdc.gov Sat Apr 10 15:09:45 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 10 Apr 2004 15:09:45 -0700 Subject: Meshing costs, the price of RAH's battery Message-ID: <407870A9.B6B24DEC@cdc.gov> At 02:36 PM 4/10/04 -0400, R. A. Hettinga wrote: >At 9:03 PM -0700 4/9/04, Major Variola (ret) wrote: >>So, get a clue. When your battery runs out, you >>get *zero* benefit from the mesh. Or even your local >>device *sans network*. > >Yes, and as your battery starts to run out, you raise the price on switching. Yes, as I speculated. >Your point is? Meshing may not be free. I think we agree. From mv at cdc.gov Sat Apr 10 15:52:38 2004 From: mv at cdc.gov (Major Variola (ret.)) Date: Sat, 10 Apr 2004 15:52:38 -0700 Subject: Hollywood balks at controlling your own inputs Message-ID: <40787AB5.5AEDAC8@cdc.gov> New DVD player cuts out the smut By David Usborne in New York 11 April 2004 Like some kind of electronic air freshener, a new generation of DVD players is poised to clear the smut, violence and bad language out of living rooms all across America. Thomson Inc is preparing to ship the revolutionary machines to both Wal-Mart and Kmart in the United States in the next few weeks. The family-values brigade is already applauding, while the Hollywood community is pursuing a lawsuit to have them banned. The players, which will sell for $79 (#45), are equipped with technology by a Salt Lake City-based company called ClearPlay. They will be pre-programmed to spare viewers segments of films that feature offensive language, excessive violence or sexual content, by muting the sound or skipping ahead. Several leading Hollywood figures, however, including Steven Spielberg and Steven Soderbergh, are backing a lawsuit, arguing that the technology will violate the rights of directors who expect their works to be viewed in their entirety, without censorship. http://news.independent.co.uk/world/americas/story.jsp?story=510427 ........ Someone needs to explain to the Hollywood types that folks can do whatever they want with their media copies, short of reselling an edited version claimed as the original. You could with tape, a random access device is no different. The copy rights of the directors do not include prescriptions for viewers. From eugen at leitl.org Sat Apr 10 08:34:50 2004 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 10 Apr 2004 17:34:50 +0200 Subject: Meshing costs, the price of RAH's battery In-Reply-To: <40777217.EBCA44D7@cdc.gov> References: <40777217.EBCA44D7@cdc.gov> Message-ID: <20040410153450.GL28136@leitl.org> On Fri, Apr 09, 2004 at 09:03:35PM -0700, Major Variola (ret) wrote: > One can run a P2P app from mains-powered home machine > and incur only a minor bandwidth penalty, which you can > possibly throttle when you're busy. But my Most P2P clients don't support this, so one better does QoS tweaks at the firewall. The Draytek Vigor line of routers allows you to define VLANs, and assign those to switch ports, and throttle these in small increments. DSL lines are deeply buffered, so pushing out traffic as fast as you can plugs up the FIFO, soon resulting in killer lag. Unfortunately, few PCs cruise the Net without NAT firewalls, and these are typically braindead, and have no hooks for P2P apps other than UPnP. > understanding of *mobile* devices (where meshing matters) is that they > are severely power constrained. To the extent that > boozohol power cells and various semiconductor/logic > tricks are being used, despite the difficulties they require. Some nodes are power constrained (mobile phones), some are not (cars, planes). Ultrawideband is intrinsically low-power (integrated, the pulses are 200 W or above). Positioning include pingpong, so you could easily use that payload for SMS relaying. Furthermore, ad hoc mesh is a mode. You can go into ad hoc when outside of more immobile infrastructure. If you don't have to compress voice, drive the display and transducers, etc, pure relay for precompressed voice packets is tolerable. You don't have to do it all the time, so you can specify the degree of whether you're a defector, or a good guy. All power management issues are irrelevant for immobile nodes and for energy-glut nodes. Solar-powered immobile nodes is a good idea (I've looking at cheapest ways to build them), but they have power management issues during nighttime. Also, there's snow on the panels and thermostating problems in harsher climes. > So, get a clue. When your battery runs out, you > get *zero* benefit from the mesh. Or even your local > device *sans network*. If the network is agoric, you're getting good mana in exchange for your juice. The amount of your mana varies, depending on local market prices. > Sure, in the distant future, mobile power may so vastly dominate > power usage that meshes become practical. (There's even > positive feedback, the more meshnodes the less transmit power.) Yes. > Meantime, uncompensated altruism is maladaptive. > > But that's economics/physics applied to resource usage, nothing new, > despite the neologisms and extrapolation. I stopped using geodesic routing a while ago, because I found out the proper term is geographic routing. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From rah at shipwright.com Sat Apr 10 14:41:57 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 10 Apr 2004 17:41:57 -0400 Subject: "Shirley and Saddam" In-Reply-To: <20040408072438.3359.qmail@mail.popbitch.com> References: <20040408072438.3359.qmail@mail.popbitch.com> Message-ID: At 7:24 AM +0000 4/8/04, Popbitch wrote: > >> Shirley and Saddam << > The spy who loved me > > From the world of espionage we hear a fantastic > story that Shirley Bassey has been a spy for > Interpol since the early 1980s. > > Shirley, apparently, has great contacts with > Arab Royalty - great fans of her rendition of > Hey Big Spender, so consequently gets some > insider information. She's even said to have > helped pinpoint Saddam Hussein's palaces in Iraq. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Sat Apr 10 10:12:25 2004 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 10 Apr 2004 19:12:25 +0200 Subject: VPN VoIP In-Reply-To: <40771C02.4050805@sunder.net> References: <20040409120359.GY28136@leitl.org> <40771C02.4050805@sunder.net> Message-ID: <20040410171225.GS28136@leitl.org> On Fri, Apr 09, 2004 at 05:56:18PM -0400, sunder wrote: > I've not seen, nor played with any of these, *BUT*, heed this warning > which applies to all devices (and software?) that are 1) closed source and > 2) offer some useful service which you'd be tempted to place inside your > network, 3) are allowed to communicate with the outside world. I cited those routers as instances of consumer-type cheap VoIP with encryption, which thwarts goverment-mandated tapping by ISPs. Exploiting built-in backdoors or remotely exploitable vulnerabilities is a different threat model. I definitely hope routers with DynDNS/VPN/VoIP and POTS jacks will become more widespread, and use opportunistic encryption as default. I personally am not going to buy the router, as it is lacking functionality and flexibility of a Linux-based firewall. I'm waiting for a passively cooled ~GHz VIA C3 motherboard with two NICs and external fanless power supply to ditch my current proprietary, rather braindead firewall. I've already verified IDE-cf adapters do very nicely, and there are dedicated distros like http://www.nycwireless.net/pebble/ which don't wear down the flash with r/w on /tmp and similiar. Should I stick with Linux (there's /dev/random and VPN support in current kernels for the C3 Padlock engine, right?) with SELinux or try OpenBSD for a firewall type machine with hardware crypto support? -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From anmetet at freedom.gmsociety.org Sat Apr 10 16:20:57 2004 From: anmetet at freedom.gmsociety.org (An Metet) Date: Sat, 10 Apr 2004 19:20:57 -0400 Subject: legally required forgetting Message-ID: Regarding the question of whether debt must be merely 'forgiven' or actually 'forgotten', see http://www.epic.org/privacy/fcra for information on the Fair Credit Reporting Act of 1970: "The FCRA limits the length of time some information can appear in a consumer report. For instance, bankruptcies must be removed from the report after 10 years. Civil suits, civil judgments, paid tax liens, accounts placed for collection, and records of arrest can only appear for 7 years." BlackNet thwarts such limitations on the reporting of consumer credit. Clearly, providing access to this data harms individual privacy. Yet Cypherpunks traditionally have supported this concept. A privacy advocacy group promotes technology which would aid the compilation of individual dossiers and allow access to personally identifying data about past financial transactions. Of course, these were "classical" Cypherpunks, from the days when "men were men and giants walked the earth". They understood that the way to keep data private was not to let it out in the first place. They believed in freedom: freedom of association, freedom of contract. They saw privacy as a means to achieve that freedom, not as an end in itself. Today, the Cypherpunks list is but a shadow of its former glory, with anarcho-capitalism all but forgotten in favor of fashionable nihilism, libertarians replaced by liberals. Perhaps it is not too late to resurrect the ideals of the past, but it will require hard work and open mindedness on the part of all. From camera_lumina at hotmail.com Sat Apr 10 16:27:57 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sat, 10 Apr 2004 19:27:57 -0400 Subject: Meshing costs, the price of RAH's battery Message-ID: "A car is not what's meant by "mobile". Think handsets, laptops, PDAs with self-contained power." Yes, of course. I assumed that was obvious. And of course, with a car the PDA could be powered off of the cigarette lighter. Those weren't really germane to my point. -TD >From: "Major Variola (ret)" >To: "cypherpunks at al-qaeda.net" >Subject: Re: Meshing costs, the price of RAH's battery >Date: Sat, 10 Apr 2004 10:36:28 -0700 > >At 11:32 AM 4/10/04 -0400, Tyler Durden wrote: > >"So, get a clue. When your battery runs out, you > >get *zero* benefit from the mesh. Or even your local > >device *sans network*." > > > >Well, as usual I don't think I'm understanding you here. In my example >I'm > >imagining I'm a livery cab driver or something. In that case, >instantaneous > >micro-traffic-conditions can be very valuable in NYC. > >A car represents abundant power. RF issues aside, may as >well be fixed & mains powered. > >A car is not what's meant by "mobile". Think handsets, laptops, PDAs >with self-contained power. > > > _________________________________________________________________ MSN Toolbar provides one-click access to Hotmail from any Web page  FREE download! http://toolbar.msn.com/go/onm00200413ave/direct/01/ From sunder at sunder.net Sat Apr 10 16:53:49 2004 From: sunder at sunder.net (sunder) Date: Sat, 10 Apr 2004 19:53:49 -0400 Subject: Hierarchy, Force Monopoly, and Geodesic Societies - the internet is a tree. In-Reply-To: <20040409192742.R96639-100000@localhost> References: <20040409192742.R96639-100000@localhost> Message-ID: <4078890D.1030503@sunder.net> Jim Dixon wrote: > Yes. I know what a tree is, and I am quite familiar with structure of > the Internet. These very pretty pictures certainly look like the Internet > I am familiar with, but don't resemble trees. It is a tree. I'll give you a hint. Think of this: "God is like an infinite sphere, whose center is everywhere and circumference nowhere." Nicholas of Cusa. It is a tree, but to see it, you'll need to find the root. The quote above is a hint to where the root is. Replace god with internet, sphere with tree, infinite with 2**32 (at least until it goes to ip6.) So where's the root? Scroll down for the answer. | | | \ / V Did you see it? No??? It's actually right infront of you. Still don't know? Ok then, keep scrolling down. The root of the internet is your own internet connection. Proof: If you were to iterate traceroutes over the entire ip4 space (good luck doing that by the way), and graph the results, you'd get a tree. It's root is your default gateway. :) From sunder at sunder.net Sat Apr 10 17:01:12 2004 From: sunder at sunder.net (sunder) Date: Sat, 10 Apr 2004 20:01:12 -0400 Subject: VPN VoIP In-Reply-To: <20040410171225.GS28136@leitl.org> References: <20040409120359.GY28136@leitl.org> <40771C02.4050805@sunder.net> <20040410171225.GS28136@leitl.org> Message-ID: <40788AC8.5010002@sunder.net> Eugen Leitl wrote: > I cited those routers as instances of consumer-type cheap VoIP with > encryption, which thwarts goverment-mandated tapping by ISPs. Exploiting > built-in backdoors or remotely exploitable vulnerabilities is a different > threat model. I definitely hope routers with DynDNS/VPN/VoIP and POTS jacks > will become more widespread, and use opportunistic encryption as default. Cool. > I personally am not going to buy the router, as it is lacking functionality > and flexibility of a Linux-based firewall. Hmm, I wonder if the VoIP standard is open enough that fully compatible linux implementations could be made and integrated with ALSA... I'm sure a simple analog circuit could be used to get an rj11 phone jack attached to audio in/out once this is done... > I'm waiting for a passively cooled ~GHz VIA C3 motherboard with two NICs and > external fanless power supply to ditch my current proprietary, rather > braindead firewall. I've already verified IDE-cf adapters do very nicely, and > there are dedicated distros like http://www.nycwireless.net/pebble/ which > don't wear down the flash with r/w on /tmp and similiar. Shouldn't be a problem if you go the Solaris route and use tmpfs/swapfs with no real swap. (For those that don't know, Solaris mounts /tmp into virtual memor space, so if you've got tons of RAM, data written in /tmp is actually written in RAM.) > Should I stick with Linux (there's /dev/random and VPN support in current > kernels for the C3 Padlock engine, right?) with SELinux or try OpenBSD for a > firewall type machine with hardware crypto support? I've had very good luck with OBSD so far (knock on fake wood?)... I'm very happy with pf... much nicer than iptables... I haven't used SELinux as a firewall, but have experimented with it. It's excellent in terms of security (if you don't mind the huge failure logs), but, it's a bitch to configure properly... I'd go for something between UML (User Mode Linux) and SELinux. Use SELINUX as the main host and UML to partition off untrusted applications in sandboxes (i.e. to run apache, etc.) From camera_lumina at hotmail.com Sat Apr 10 19:00:11 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sat, 10 Apr 2004 22:00:11 -0400 Subject: Meshing costs, the price of RAH's battery Message-ID: "Meshing may not be free. I think we agree." Well, parts of it will not be free. However, I still think that even though routing someone else's packets does not benefit me directly, it is this activity which gives rise to the mesh. I guess, "do unto others..." P2P is basically the same...remember, in the simplest versions there was never any need to make content available. However, P2P-ers seemed to innately understand that P2P won't really be possible unless one is a source as well as a sink. In the WiFi version it'll be easy to start to "triage" certain kinds of activity as battery power runs thin...first, a throttle down to only routing packets of a certain application (or VLAN or whatever). (This actually does make sense because it eats a hell of a lot more battery power transmitting a packet than receiving it.) Second, when the battery is within X minutes of dying then only listening and not transmitting. But I think my main point holds: even 'reglar' folks will realize that there's a "gobal" benefit to routing someone else's packets, even if that does eat into remaining battery time. -TD >From: "Major Variola (ret)" >To: "cypherpunks at al-qaeda.net" >Subject: Re: Meshing costs, the price of RAH's battery >Date: Sat, 10 Apr 2004 15:09:45 -0700 > >At 02:36 PM 4/10/04 -0400, R. A. Hettinga wrote: > >At 9:03 PM -0700 4/9/04, Major Variola (ret) wrote: > >>So, get a clue. When your battery runs out, you > >>get *zero* benefit from the mesh. Or even your local > >>device *sans network*. > > > >Yes, and as your battery starts to run out, you raise the price on >switching. > >Yes, as I speculated. > > >Your point is? > >Meshing may not be free. I think we agree. > > > > _________________________________________________________________ MSN Toolbar provides one-click access to Hotmail from any Web page  FREE download! http://toolbar.msn.com/go/onm00200413ave/direct/01/ From measl at mfn.org Sat Apr 10 20:49:45 2004 From: measl at mfn.org (J.A. Terranson) Date: Sat, 10 Apr 2004 22:49:45 -0500 (CDT) Subject: Lazy network operators (fwd) Message-ID: <20040410224856.W70629@mx1.mfn.org> The source is almost as interesting as the quote. ---------- Forwarded message ---------- Date: 11 Apr 2004 03:41:48 +0000 From: Paul Vixie To: nanog at merit.edu Subject: Re: Lazy network operators sean at donelan.com (Sean Donelan) writes: > Should anonymous use of the Internet be eliminated so all forms > of abuse can be tracked and dealt with? of course not. however, anonymity should be brokered by trusted doubleblinds; nonbrokered/nontrusted anonymity without recourse by recipients is right out. -- Paul Vixie From eugen at leitl.org Sat Apr 10 13:55:26 2004 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 10 Apr 2004 22:55:26 +0200 Subject: Hierarchy, Force Monopoly, and Geodesic Societies In-Reply-To: <20040409192742.R96639-100000@localhost> References: <20040409182153.GA28136@leitl.org> <20040409192742.R96639-100000@localhost> Message-ID: <20040410205526.GL28136@leitl.org> On Fri, Apr 09, 2004 at 08:29:27PM +0100, Jim Dixon wrote: > Yes. I know what a tree is, and I am quite familiar with structure of > the Internet. These very pretty pictures certainly look like the Internet > I am familiar with, but don't resemble trees. There's a continuum between a tree and a high-dimensional grid/mesh/lattice. A high dimensional grid pressed upon a flat surface looks like a bush at each node, with decaying connectivity density with the density. I don't have a sketch at hand, unfortunately, so I can't put both extreme cases next to each other. The Internet is a tree, not a mesh. > Over the last 30 years or so, various people have hypothesized about what > the "killer requirement" might be. To the best of my knowledge, all have > been wrong. Computational physics in a relativistic universe imposes very clear constraints. There's nothing whatsoever hypothetical about these constraints. There's nothing whatsoever hypothetical that if you want to do relativistic cut-through switching of serial signals (10 GBit Cu, TBit fiber, LoS laser) you have to make a routing decision very, very early. Before the packet header has left the delay line (and the rest of the packet is streaming at you through the medium, whether vacuum or glass, or solid-state optical delay line). Medium is a natural FIFO, which of course only becomes apparent beyond GBit/s data rates. A photonically switched crossbar making use of it gets rid of expensive (time, energy) photon-electron-photon conversion, and scarce resource memory real estate, and memory bandwidth. It doesn't matter that in the current postdotbomb dark fiber is plentiful, and photonics is notoriously cash-drained. Traffic is growing, and will absorb those overcapacities eventually. Intermachine traffic, people will have become irrelevant pretty soon, if they haven't already (but for multimedia streams, which will saturate as well, because population grows way too slow to become visible, only technology deployment rate is visible). This is the reason why the future asks for specific frame/packet header layout, specific wiring of connections, and purely local-knowledge routing (extreme localization or elimination of admin traffic), with a routing decision done in ~ns domain (and below). > The Internet is quite obviously optimizing along certain lines. However, > these lines don't follow any geographical geodesic, which was my point. I'm not going to argue with you. Look up physical plots of connectivity over Earth surface. Start with GEO/LEO satellite, sea cable, then progress to large scale cable layouts, then to grassroot scale (city and neighbourhood and house level). > If you try to replace observations with theories, the most important thing > is to verify that your theory corresponds with reality right now. If your > theories aren't correct "currently", it is very unlikely that they will be > a better fit tomorrow. Non sequitur. > It isn't a minor point that the Internet is fractal. This is in fact > what is consistent everywhere and has been, to the best of my knowledge, > throughout the history of the Internet. If you go back to your pretty > pictures and look, you will see fractal structures. Dude, hypergrids *are* fractal. Not that it has to do anything with the current topology. > A geodesic is a minimal path in whatever geometry you are talking about. The geometry on Earth surface is anything but whatever. Way above, with nodes in mutual plain view, it's plain old Einstein-Minkowski (basically Euclidian, with relativistic corrections). > If you looked carefully at traffic between European countries around > 1999, it turned out that the minimal cost path between say German and > France was in fact through Virginia. Traffic was following a geodesic -- > but not a geographic geodesic. Again, how about traffic in US? EU is weird, Asia is yet too new (but adapting very rapidly). Again, how about traffic in your above constellation in 2004? Again, how about physical cable connecting the nodes? I'm claiming peering arrangement evolve to make optimal use of given physical cabling. This is quick. On the longer term, physical and virtual (radio, laser) cabling evolves to minimize the load on existing links. This is slower, peering arrangements change in realtime in comparison, very like Franck-Condon principle. > As I recall, a 2 Mbps E1 between most major European cities and Virginia > was about $30,000 a month, but an E1 across the English Channel was around > $45,000 a month - 50% more to go 30 miles than to go 6,000. We had > customers in Northern Ireland whose traffic to Dublin went first to > London, then to our PoP in California, then to Virginia, and from there > back to Ireland. This was our financial geodesic. Why do people lay fiber in a specific place? How do peering arrangements evolve over time? How is the rate of optimization going to change if agoric load levelling is implemented at protocol level? > Indeed. But the point is that things tend _not_ to be optimized at the > macro level; what happens is the opposite, micro-optimization around the > results of previous decisions (some of which will have been just plain > wrong). Roman engineers built roads a couple of thousand years ago, > optimizing things according to then-current theories and strategies. We > lay down rivers of fiber along those roads, reenforcing those ancient > decisions, because the cost of reversing those ancient decisions, and all > of the incalculable number of micro-decisions that followed, would be > truly enormous. > > You can see the same pattern working itself out now. A group of Japanese > banks invested in a building in Docklands, Telehouse, to act as a backup > facility in case of a disaster in the City of London. This turned out to > be a loser, in financial terms. The Japanese had misjudged the market > demand for this kind of facility. > > Some telcos had put a few racks in the building. The first UK ISPs > followed them there, because the facility was cheap. More ISPs followed. > Some decided to build an exchange point there, the LINX, following > somewhat misunderstood US models. Things mushroomed; the building, which > had been quiet and empty, rapidly filled up with racks. The owners built > another building across the street; investors built competing facilities a > short distance away, to be close to the action. All of these were > interconnected with more and more fiber. Very interesting. Thanks for this story from the trenches. > The end result is that most UK Internet traffic, and a large part of > European traffic, passes through what used to be a more or less derelict > area of East London, all because of a planning error on the part of some > Tokyo-based banks. A nexus is a classical tree artifact. Once the network progresses along a meshed grid hugging Earth surface, we're going to see an increase in crosslinks and exchange points, crosslinking the branches. > Not at all. Everywhere we see the same pattern of pearl-like growth: > someone makes a decision, and those that follow build around the first > decision, micro-optimizing as they go along, creating the odd fractal > shapes that are all around us. I'm stuck with a notbook display and keyboard right now, but it would be fun to pull up graphs linking topology to geography, and change in such graphs over time. Informally, I hear topology converging to geography, but it would be nice to see actual animations showing it happen. > > future, everywhere, looks even more different. > > We're at the beginning of the optimization process. You can't cheat physics > > in a relativistic universe, in an economic/evolutionary context. > > This isn't physics. It's much more like biology. Biology is subject to physics. At all scales. When it comes to communication, constraints on energy and signalling and shape become especially obvious. Computational physics is just such a source of constraints. Except, here energy is not (yet) a constraint (dissipation rate is already), relativistic singnalling is (in comparison to biology, which is energy constrained, aand is waaay to slow to be relativistically constrained, only saltatoric spike propagation, which is arond 100 m/s, so it has to deal with latency as well when laying out the computational circuits). -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From non_secure at yahoo.com Sat Apr 10 23:08:45 2004 From: non_secure at yahoo.com (Joe Schmoe) Date: Sat, 10 Apr 2004 23:08:45 -0700 (PDT) Subject: current status of cypherpunks, tim may, etc. ?? Message-ID: <20040411060845.64122.qmail@web21501.mail.yahoo.com> I wasn't paying attention when the lne node went away, and was a bit lost in my CP mailing list subscription for a few months... I subscribed to minder, but it was a _joke_ in terms of spam and bounces and all sorts of lameness in my cypherpunks folder _and_ my inbox. Further, I noticed I was no longer seeing any posts by Tim May - I might have been missing others as well, but he was conspicuously absent. So, I have unsubbed from minder and subbed to al-qeada.net - hopefully they will be closer to LNEs level of anti-spam excellence ... questions: 1. any comments on this level of spam and bounces, etc., I saw from minder - does al-qeada use a more LNE-like processor ? 2. Was tim may being filtered from minder, or is he just gone now ? thanks. __________________________________ Do you Yahoo!? Yahoo! Tax Center - File online by April 15th http://taxes.yahoo.com/filing.html From rah at shipwright.com Sat Apr 10 20:52:59 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 10 Apr 2004 23:52:59 -0400 Subject: Spy agency launches recruiting campaign Message-ID: Posted on Sat, Apr. 10, 2004 Spy agency launches recruiting campaign Associated Press WASHINGTON - The highly secretive National Security Agency is looking to hire 7,500 workers over the next five years in the spy agency's largest recruiting campaign since the 1980s. A release posted on the agency's Web site said NSA plans to hire 1,500 workers by September, and another 1,500 in each of the next four years. Those with specialties in foreign languages, especially Arabic and Chinese, were encouraged to apply. NSA said it was boosting its staff "to meet the increasing needs of the ever-changing intelligence community." The agency, an element of the Defense Department based at Fort Meade in Maryland, conducts electronic wiretapping and signals gathering for foreign intelligence purposes. NSA and other intelligence agencies came under scrutiny after the Sept. 11 terror attacks for apparent failures and missteps that critics say might have prevented officials from unraveling the hijacking plot. A joint congressional inquiry report released last summer faulted the intelligence agencies for being unprepared to handle the challenge it faced in translating the volumes of foreign language counterterror intelligence it collected. Law enforcement officials have said that among the millions of intercepts the NSA gathered on Sept. 10, 2001, were two Arabic-language messages that warned of a major event the next day. The Arabic messages were not translated until Sept. 12. ON THE NET National Security Agency: http://www.nsa.gov ) 2004 AP Wire and wire service sources. All Rights Reserved. http://www.mercurynews.com -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jdd at dixons.org Sat Apr 10 16:29:11 2004 From: jdd at dixons.org (Jim Dixon) Date: Sun, 11 Apr 2004 00:29:11 +0100 (BST) Subject: Hierarchy, Force Monopoly, and Geodesic Societies In-Reply-To: <20040410205526.GL28136@leitl.org> Message-ID: <20040410234555.Q96639-100000@localhost> On Sat, 10 Apr 2004, Eugen Leitl wrote: > > Yes. I know what a tree is, and I am quite familiar with structure of > > the Internet. These very pretty pictures certainly look like the Internet > > I am familiar with, but don't resemble trees. > > There's a continuum between a tree and a high-dimensional grid/mesh/lattice. A "tree" as the term is used in mathematics and computer science has a single root. A continuum has an infinite number of points in it. A grid ... none of these terms has anything much to do with one another. > > It isn't a minor point that the Internet is fractal. This is in fact > > what is consistent everywhere and has been, to the best of my knowledge, > > throughout the history of the Internet. If you go back to your pretty > > pictures and look, you will see fractal structures. > > Dude, hypergrids *are* fractal. Not that it has to do anything with the > current topology. I don't know why you introduce hypergrids. But you might consult a mathematical dictionary - the term seems irrelevant to the current discussion. > > A geodesic is a minimal path in whatever geometry you are talking about. > > The geometry on Earth surface is anything but whatever. Way above, with nodes > in mutual plain view, it's plain old Einstein-Minkowski (basically Euclidian, > with relativistic corrections). "The geometry on Earth surface is anything but whatever"? Sorry, this makes no sense. However, a geodesic remains a path of minimal length in the geometry under consideration. Or so it was when I last did some reading in finite dimensional metric spaces. > I'm claiming peering arrangement evolve to make optimal use of given physical > cabling. This is quick. As the term is normally used, "peering" is the settlement-free exchange of trafic between autonomous systems (ASNs). "Settlement-free" means that no consideration ($$$) is paid. This has bugger all to do with cabling. > On the longer term, physical and virtual (radio, laser) cabling evolves to > minimize the load on existing links. This is slower, peering arrangements > change in realtime in comparison, very like Franck-Condon principle. Peering arrangements generally involve legal departments, and rarely change once inked. In the real world, peering policies normally reflect a mixture of common sense and total misunderstanding of what the Internet is about. Some networks just peer with anyone; some have incredibly detailed contracts and involve months of negotiation. When senior management is involved, they quite often have a telco background, and think that peering has something to do with SS7. That is, they try to insist that the Internet is really just the same as the voice telephone network, and BGP4 is SS7. The results are often comic. > > The end result is that most UK Internet traffic, and a large part of > > European traffic, passes through what used to be a more or less derelict > > area of East London, all because of a planning error on the part of some > > Tokyo-based banks. > > A nexus is a classical tree artifact. Once the network progresses along a > meshed grid hugging Earth surface, we're going to see an increase in > crosslinks and exchange points, crosslinking the branches. What do you think "nexus" means?? Conventional definition: ---------------------------------------------------------------------- n. pl. nexus or nexuses 1. A means of connection; a link or tie: this nexus between New York's... real-estate investors and its... politicians (Wall Street Journal). 2. A connected series or group. 3. The core or center: The real nexus of the money culture [was] Wall Street (Bill Barol). ---------------------------------------------------------------------- As Lewis Carroll tried to make clear a long long time ago, it isn't very useful to conduct arguments by redefining words as you go along. -- Jim Dixon jdd at dixons.org tel +44 117 982 0786 mobile +44 797 373 7881 http://jxcl.sourceforge.net Java unit test coverage http://xlattice.sourceforge.net p2p communications infrastructure From rsw at jfet.org Sat Apr 10 22:57:28 2004 From: rsw at jfet.org (Riad S. Wahby) Date: Sun, 11 Apr 2004 01:57:28 -0400 Subject: NYTimes Message-ID: <20040411055728.GA7536@positron.mit.edu> Apparently someone signed up cypherpunks at al-qaeda.net for a NYTimes ID. Member ID and password are both joecypher. Have fun. -- Riad Wahby rsw at jfet.org MIT VI-2 M.Eng From measl at mfn.org Sun Apr 11 00:49:02 2004 From: measl at mfn.org (J.A. Terranson) Date: Sun, 11 Apr 2004 02:49:02 -0500 (CDT) Subject: current status of cypherpunks, tim may, etc. ?? In-Reply-To: <20040411073714.GA8577@positron.mit.edu> References: <20040411060845.64122.qmail@web21501.mail.yahoo.com> <20040411073714.GA8577@positron.mit.edu> Message-ID: <20040411024705.T70629@mx1.mfn.org> On Sun, 11 Apr 2004, Riad S. Wahby wrote: > > 2. Was tim may being filtered from minder, or is he > > just gone now ? > > I talked to him a little bit after lne went down; he said he wasn't > interested in posting to the list any more. Quite unfortunate, in my > view. Apparently he's still to be found posting on various Usenet > groups. Unfortunate? I don't know. Tim's gone a little whacko over the last few years, and it doesn't look like his meds are doing crap for him: NNTP-Posting-Date: Sat, 10 Apr 2004 01:59:43 -0500 Subject: Re: Details Magazine publishes outrageous anti-Asian, anti-gay feature Date: Fri, 09 Apr 2004 23:59:43 -0700 From: Tim May Newsgroups: ba.general,la.general,nyc.general,soc.culture.asian.american,scruz.general,misc.survivalism Message-ID: <090420042359439829%timcmay at removethis.got.net> In article <104f1ca7.0404092233.1321eae4 at posting.google.com>, Whitney McNally wrote: > I decided to do something funny and hopefully constructive about the > details magazine controversy. > > www.whitneymcnally.com "Nigger, or Thief?" Is there really a difference? Thirty years ago, even more, I was prepared to give the negro a chance. Now, so many years later, so many excuses later, so many crimes later, I say we ought to either give passage back to Biafra and Ruwanda and other hellholes for those negroes who request it, or charge those who remain for the benefits of white civilization we gave them over the past few hundred years. And for those who have been on welfare, or AFDC, or WICC, or any of the giveaway subsidies to the negro, they must pay back what they took from working people, with interest, or be sent up the chimneys. Their choice. The negro has stolen from the European for way too long. --Tim May From bill.stewart at pobox.com Sun Apr 11 03:32:02 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Sun, 11 Apr 2004 03:32:02 -0700 Subject: Spy agency launches recruiting campaign In-Reply-To: References: Message-ID: <6.0.3.0.0.20040411033027.05366270@pop.idiom.com> At 08:52 PM 4/10/2004, R. A. Hettinga wrote: > > >Posted on Sat, Apr. 10, 2004 > >Spy agency launches recruiting campaign > > >Associated Press > >WASHINGTON - The highly secretive National Security Agency is looking to >hire 7,500 workers over the next five years in the spy agency's largest >recruiting campaign since the 1980s. When I was in college, the NSA recruiting posted had a note somebody'd added to the bottom saying "If you're interested, don't call us - we already know about you" and somebody else's version of that was "If you're interested, just phone your mom, and we'll get back to you". From rsw at jfet.org Sun Apr 11 00:37:14 2004 From: rsw at jfet.org (Riad S. Wahby) Date: Sun, 11 Apr 2004 03:37:14 -0400 Subject: current status of cypherpunks, tim may, etc. ?? In-Reply-To: <20040411060845.64122.qmail@web21501.mail.yahoo.com> References: <20040411060845.64122.qmail@web21501.mail.yahoo.com> Message-ID: <20040411073714.GA8577@positron.mit.edu> Joe Schmoe wrote: > 1. any comments on this level of spam and bounces, > etc., I saw from minder - does al-qeada use a more > LNE-like processor ? Well, as the list maintainer I see a lot of bounces &c, but (unless something is seriously wrong with my setup) no one else does. > 2. Was tim may being filtered from minder, or is he > just gone now ? I talked to him a little bit after lne went down; he said he wasn't interested in posting to the list any more. Quite unfortunate, in my view. Apparently he's still to be found posting on various Usenet groups. RAH knows more about this than I do. -- Riad Wahby rsw at jfet.org MIT VI-2 M.Eng From bill.stewart at pobox.com Sun Apr 11 03:55:10 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Sun, 11 Apr 2004 03:55:10 -0700 Subject: Hierarchy, Force Monopoly, and Geodesic Societies - the internet is a tree. In-Reply-To: <20040411094230.A96639-100000@localhost> References: <4078890D.1030503@sunder.net> <20040411094230.A96639-100000@localhost> Message-ID: <6.0.3.0.0.20040411034021.05404c90@pop.idiom.com> > >>>>> It's a tree >>>> No, it's not a tree >>> I thought we were sort of an autonomous collective! >> Watery marketers lobbing Powerpoints is no basis for a form of architecture > Network engineers spend a lot of time making sure that their networks, and > the Internet, are not trees. Multiple peering and transit relationships > make the network robust - and cyclic. The core of the current Internet routing architecture in the US is a couple of dozen "Tier 1" providers who almost all interconnect with each other, with each pair almost always connected in more than two places (usually an East Coast and a West Coast location plus others.) - Most of the Tier 2 providers are connected to at least two upstreams, either both Tier 1 or a Tier 1 and a Tier 2. - There's no well-defined boundary between Tier 2 and Tier 3, but the Tier 3 types of folks may not be as diverse. - Some big hosting companies are owned by Tier 1 carriers, and may just get connectivity from their parent company, but it usually still has physically diverse connections to diverse switches. - Many other hosting companies are independent of the carriers, and tend to have feeds from multiple carriers (usually multiple Tier 1 for the big players). - Many big end-user companies have multiple large internet feeds from multiple carriers; even small companies with a couple of T1s often try to get some diversity (in which case the ISP run by the local telco is often one of their providers.) - If you want physically diverse access to your building, you usually need to buy at least a couple of T3s - some local telcos will still do diverse T1 access, but most don't, or else they have it in their tariff rate but *your* street doesn't have it. As Jim and others have said, it's extremely not tree-like - we want to maximize the number of careless drunken backhoe drivers it takes to take down our circuits, as well as maximizing the number of equipment failures and operator mistakes it takes, and trying to minimize the damage any problem causes. DNS's namespace is tree-like, but the actual implementation of the DNS name server networks is very forested and meshy. The biggest problems are all at layer 9. From rsw at jfet.org Sun Apr 11 01:04:38 2004 From: rsw at jfet.org (Riad S. Wahby) Date: Sun, 11 Apr 2004 04:04:38 -0400 Subject: current status of cypherpunks, tim may, etc. ?? In-Reply-To: <20040411024705.T70629@mx1.mfn.org> References: <20040411060845.64122.qmail@web21501.mail.yahoo.com> <20040411073714.GA8577@positron.mit.edu> <20040411024705.T70629@mx1.mfn.org> Message-ID: <20040411080438.GA9060@positron.mit.edu> "J.A. Terranson" wrote: > Unfortunate? I don't know. Tim's gone a little whacko over the last few > years, and it doesn't look like his meds are doing crap for him: > [snip] It's true, Tim does seem to harbor an awful lot of anger towards certain groups, but while I don't agree with it, he's entitled to his opinion. The part I find unfortunate is that, along with his less tactful points, gone are his insightful ones. -- Riad Wahby rsw at jfet.org MIT VI-2 M.Eng From petard at freeshell.org Sat Apr 10 21:59:06 2004 From: petard at freeshell.org (petard) Date: Sun, 11 Apr 2004 04:59:06 +0000 Subject: legally required forgetting In-Reply-To: <40782FF3.A76930DE@cdc.gov> References: <40782FF3.A76930DE@cdc.gov> Message-ID: <20040411045906.GB2515@SDF.LONESTAR.ORG> On Sat, Apr 10, 2004 at 10:33:39AM -0700, Major Variola (ret) wrote: > Thanks for the distinction, however it still makes CC folks slaves of > the > State. Suppose Joe Badcredit finds a blank application and applies? > The State then uses violence to coerce the CC into non-consensual > transactions. > No. AIUI the CC company is not obligated by the state to offer joe any credit at all in response to his application. They may reject him based on his nonpayment twenty years later. They simply may not attempt to collect the old debt. Also, in practice, the people who aggregate such information from other creditors will have a hard time reporting on the old default. But you are not obligated to extend any credit that you do not wish to extend. From anmetet at freedom.gmsociety.org Sun Apr 11 02:38:59 2004 From: anmetet at freedom.gmsociety.org (An Metet) Date: Sun, 11 Apr 2004 05:38:59 -0400 Subject: On Needing Killing Message-ID: <30ffd0d6c5b074907d0b8127d1c3bbc6@anonymous> Major Variola writes: > I don't know about your anecdote, but Mr. May's original point > was that the law *requires* companies to forget. Which is > of course an illegitimate intrusion of the state into private affairs. > > And the responsibles need killing. No, they don't. There are two alternative solutions to the problem of restrictions on information flow, or more generally restrictions on any sort of voluntary and cooperative activity. One is to use force to fight back, even to the point of killing the perpetrators. This is what you are advocating when you say they "need killing". The other is to evade the restrictions. This does not involve killing, force, or violence of any sort. Cryptography is an ideal tool for this purpose. It allows people to communicate and exchange data even when outsiders want them to stop. Via digital cash they can even contract together, and buy and sell information and services. BlackNet is intended to be an example of how this could work. The point is that BlackNet and other early Cypherpunk concepts were intended to be based on the second approach, that of avoiding restrictions via cryptographic protections. BlackNet does not seek out and kill people who try to shut it down. It simply continues to exist and operate, very profitably, despite the efforts of its opponents. In a world where things like BlackNet can exist, the people who want to stop it don't need to be killed, because their actions are ineffective. We don't kill the crazy men who rant and rave in parks and on sidewalks. We may pity them, we may even try to help them, but we don't kill them. Similarly, if Cypherpunk technology succeeds, those who try to stop communication from occuring will be no more important or effective in achieving their goals. This stuff should be Cypherpunks 101. Not even that; it should be Kindergarten for Cypherpunks. Re-read (or read for the first time!) the Cryptoanarchist Manifesto. There's nothing in there about killing those responsible for restricting freedom. Rather, the entire essay is about how the new technologies will allow people to communicate and interact with privacy and security. The same is true of the Cypherpunk's Manifesto; again, it is about using software to defend privacy with cryptographic anonymity. There's no bloodlust in either of these essays. These were the founding documents of the Cypherpunk movement. It was only after many years that some Cypherpunks took a detour into advocacy of violence. In large part this was due to the influence of Tim May, who as time went by became increasingly bitter and hateful. Perhaps he had personal disappointments; in particular it seemed that the failure of his more apocalyptic Y2K predictions was an embarrassment which he took to covering with bluster and rage. May became a loud, authoritative and dominating voice calling for violent retribution against government agents or anyone whom he saw as a threat or enemy. Inevitably, he brought into the list people who felt the same way, and drove away many who could not stand the anger and hatred which were being expressed so openly. His increasingly common racist rhetoric, whether sincere or merely provocative, played a further role in sending away some and, sadly, drawing in others. The community changed, until today Cypherpunks are known as a community which sees that its enemies "need killing". It's almost a defining characteristic. The original goals of cryptoanarchy, privacy, anonymity, reputation systems, and efforts to explore the underlying technology, are largely forgotten. But now it seems that there might be an opportunity for change. With the departure of Tim May, a cloud seems to have lifted. Perhaps it will be possible to reinvigorate the community, to give it new purpose and new goals. At a minimum, can we try to move beyond defining ourselves by how many enemies we think "need killing"? That was never what Cypherpunks were supposed to be about. From skquinn at xevious.kicks-ass.net Sun Apr 11 04:55:06 2004 From: skquinn at xevious.kicks-ass.net (Shawn K. Quinn) Date: Sun, 11 Apr 2004 06:55:06 -0500 Subject: VPN VoIP In-Reply-To: <20040410171225.GS28136@leitl.org> References: <20040409120359.GY28136@leitl.org> <40771C02.4050805@sunder.net> <20040410171225.GS28136@leitl.org> Message-ID: <200404110655.06440.skquinn@xevious.kicks-ass.net> On Saturday 2004 April 10 12:12, Eugen Leitl wrote: > Should I stick with Linux (there's /dev/random and VPN support in > current kernels for the C3 Padlock engine, right?) with SELinux or > try OpenBSD for a firewall type machine with hardware crypto support? For a firewall, I'd recommend OpenBSD over just about anything else. Unless of course, there is hardware you need to use that isn't supported under OpenBSD. -- Shawn K. Quinn From rah at shipwright.com Sun Apr 11 05:31:50 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 11 Apr 2004 08:31:50 -0400 Subject: Hierarchy, Force Monopoly, and Geodesic Societies - the internet is a tree. In-Reply-To: <6.0.3.0.0.20040411034021.05404c90@pop.idiom.com> References: <4078890D.1030503@sunder.net> <20040411094230.A96639-100000@localhost> <6.0.3.0.0.20040411034021.05404c90@pop.idiom.com> Message-ID: At 3:55 AM -0700 4/11/04, Bill Stewart wrote: >The biggest problems are all at layer 9. Exactly. And, I would claim, that because of book-entry settlement, the latency thereof, the need to send someone to jail if they lie about a book entry, and the unavailability of bearer transaction settlement, we need lawyers and politicians to effect our network transactions, and the more bandwidth involved, like those between tier 1 interconnections, the more politicians and lawyers you need. At the top of the network lurk the most expensive "switches", again. As I've said before, geodesic networks need geodesic transactions. Book-entry transactions, are, by definition (look at a chart of accounts in a company's books...) tree-like. Cash and bearer transactions are, inherently, geodesic. There are only three parties to a bearer transaction, the underwriter, the buyer and the seller. A book entry transaction requires up to seven participants, in, guess what, a hierarchy, with a single route through the network. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Sun Apr 11 09:42:58 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 11 Apr 2004 09:42:58 -0700 Subject: On Needing Killing Message-ID: <40797591.759C0BF@cdc.gov> At 05:38 AM 4/11/04 -0400, An Metet wrote: >> And the responsibles need killing. > >No, they don't. > >There are two alternative solutions to the problem of restrictions on >information flow, or more generally restrictions on any sort of voluntary >and cooperative activity. One is to use force to fight back, even to >the point of killing the perpetrators. This is what you are advocating >when you say they "need killing". When faced with force, you reply with force when you can. >The other is to evade the restrictions. This does not involve killing, >force, or violence of any sort. Cryptography is an ideal tool for this >purpose. It allows people to communicate and exchange data even when >outsiders want them to stop. Via digital cash they can even contract >together, and buy and sell information and services. BlackNet is intended >to be an example of how this could work. Correct. But the existence of technical means for playing with bits and hiding from oppression does not change the ethics of the material world. When the State's otherwise legitimate monopoly on force is abused the appropriate response is not to hope the oppressors go away. When the Jews were put in the ghettos, an abuse of State force, the appropriate response was more than merely publishing anonymous flyers or mumbling in secret languages. There are times when agents have earned killing. Blacknet is a robust archive for words, immune to force (by State or private actors), but merely words. ----- "How we burned in the prison camps later thinking: What would things have been like if every security operative, when he went out at night to make an arrest, had been uncertain whether he would return alive?" --Alexander Solzhenitzyn, Gulag Archipelago From jdd at dixons.org Sun Apr 11 01:49:55 2004 From: jdd at dixons.org (Jim Dixon) Date: Sun, 11 Apr 2004 09:49:55 +0100 (BST) Subject: Hierarchy, Force Monopoly, and Geodesic Societies - the internet is a tree. In-Reply-To: <4078890D.1030503@sunder.net> Message-ID: <20040411094230.A96639-100000@localhost> On Sat, 10 Apr 2004, sunder wrote: > > Yes. I know what a tree is, and I am quite familiar with structure of > > the Internet. These very pretty pictures certainly look like the Internet > > I am familiar with, but don't resemble trees. > > It is a tree. I'll give you a hint. Think of this: > > "God is like an infinite sphere, whose center is everywhere and > circumference nowhere." Nicholas of Cusa. Let me give you a hint: a tree is an acyclic graph. The Internet shown in Eugen's pretty pictures is defined by BGP4 peerings between autonomous systems. It is highly cyclic, because everyone wants it that way. As a network, a tree is a delicate structure: any break in links fragments the network. Network engineers spend a lot of time making sure that their networks, and the Internet, are not trees. Multiple peering and transit relationships make the network robust - and cyclic. -- Jim Dixon jdd at dixons.org tel +44 117 982 0786 mobile +44 797 373 7881 http://jxcl.sourceforge.net Java unit test coverage http://xlattice.sourceforge.net p2p communications infrastructure From measl at mfn.org Sun Apr 11 09:43:58 2004 From: measl at mfn.org (J.A. Terranson) Date: Sun, 11 Apr 2004 11:43:58 -0500 (CDT) Subject: current status of cypherpunks, tim may, etc. ?? In-Reply-To: <20040411080438.GA9060@positron.mit.edu> References: <20040411060845.64122.qmail@web21501.mail.yahoo.com> <20040411073714.GA8577@positron.mit.edu> <20040411024705.T70629@mx1.mfn.org> <20040411080438.GA9060@positron.mit.edu> Message-ID: <20040411114106.S70629@mx1.mfn.org> On Sun, 11 Apr 2004, Riad S. Wahby wrote: > The part I find unfortunate is that, along with his less tactful > points, gone are his insightful ones. This is the point I was trying to make (by reposting his latest "insight"). We all have those ghosts we'd like to see dead. Hell, I've got more than most, and maybe even as many as Tim, but if there isn't - even occasionally - another thought being expressed that "Up the chimneys with X", what's the point of listening? CP is certianly less for the missing May. But the currently posting May isn't worth listening to. -- "How do you change anything, except stand in one place and scream and scream and scream and then make more people come and stand in that place and scream and scream and scream?" Sally Fields From rsw at jfet.org Sun Apr 11 09:29:55 2004 From: rsw at jfet.org (Riad S. Wahby) Date: Sun, 11 Apr 2004 12:29:55 -0400 Subject: On Needing Killing In-Reply-To: References: Message-ID: <20040411162955.GA19269@positron.mit.edu> An Metet wrote: > This stuff should be Cypherpunks 101. ...along with Assassination Politics. I've always taken "X needs killing" to be a statement to the effect that same had earned himself an AP-style contract, if only such a thing existed. While your point is good, inasmuch as it's important to realize that many illegitimate restrictions on liberty can be circumvented with cpunk technologies, there are other ramifications that are just as meaningful. With widespread adoption of cpunk technologies comes the demonopolization of force, the anonymity necessary for AP-style contract markets, &c. It's inevitable---even if {you, the government, whomever} doesn't like the idea of such uses of cpunk technologies--- that these things will spring up. After all, there will likely be great demand for them, and cpunk tech will have enabled them in just the same way it's enabled circumvention of other restrictions on liberty. It's useful to be reminded what the cpunks will have wrought. Like it or not, "needs killing" is likely to remain a fixture around here. -- Riad Wahby rsw at jfet.org MIT VI-2 M.Eng From emc at artifact.psychedelic.net Sun Apr 11 12:41:03 2004 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Sun, 11 Apr 2004 12:41:03 -0700 (PDT) Subject: BBC: File-sharing to bypass censorship In-Reply-To: <20040411164827.GX28136@leitl.org> Message-ID: <200404111941.i3BJf4VK006778@artifact.psychedelic.net> Eugen Leitl pastes: > File-sharing to bypass censorship > By Tracey Logan > BBC Go Digital presenter > If there's material that everyone agrees is wicked, like child pornography, > then it's possible to track it down and close it down > Ross Anderson, Cambridge University I think the problem here is that material which John Ashcroft, Jerry Falwell, and Pat Robertson think is wicked, may not be what Ross Anderson or I think is wicked. After all, to some people Howard Stern is disgusting and obscene. To others, he is merely witty and slightly burlesque. > Prof Anderson believes those fears are overstated. He argued that web > watchdogs like the Internet Watch Foundation, which monitors internet-based > child abuse, would provide the necessary policing functions. Well, it's good to know Professor Anderson values the opinion of an organization that won't even use the term "child pornography" to refer to the things that offend Ashcroft, Falwell, and Robertson, but demands everyone use terms like "pictures of children being abused" and "child abuse pictures." As those who flog the Sex Abuse Agenda are well aware, 90% of successful propaganda is owning the vocabulary. I am reminded of the changing of the term "statutory rape" to "child rape" a few years ago, which I am sure we will all agree is a less than accurate description of a 20 year old who has consensual sex with a streetwise 17 year old crack whore. I think Hakin Bey's suggestion that plastering pictures of naked children everywhere is a great form of political theatre has merit. All the right wing crackpots will have to hide in their homes to avoid having strokes, and the well-balanced representatives of the Forces of Reason can finally live their lives in peace and quiet. Perhaps we can have Public Service Announcements by the Coalition for a Prude-Free AmeriKKKa. "This is Timmy. This is TImmy's cock. This is Timmy's cock in Billy's mouth. Any questions?" -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From emc at artifact.psychedelic.net Sun Apr 11 12:58:50 2004 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Sun, 11 Apr 2004 12:58:50 -0700 (PDT) Subject: On Needing Killing In-Reply-To: <20040411192020.GA3814@dreams.soze.net> Message-ID: <200404111958.i3BJworf007099@artifact.psychedelic.net> Justin writes: > With all due respect to the principle of freedom of speech and all that, > I think that cypherpunks, and people in general, give far too little > respect to words, as if words are a vague, unimportant, and remote link > in the chain of causation of acts or failure-to-acts. I don't see > anything wrong with Orwell's view that words control the future's view > of history. His certainly have. Words depend greatly on context. The meaning of words here on the Cypherpunks list, is different than their meaning in the New York Times. If someone said "up the chimneys with the inner-city welfare mutants" in the New York Times, there would be mass rioting in the streets. I find this with a lot of my stuff that gets taken from this list and posted in places that I would have written it much differently for, had those places been its original destination. So - what happened to Tim? Can I be the list's new Crusty Retired Engineer now? -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From hseaver at cybershamanix.com Sun Apr 11 13:05:53 2004 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Sun, 11 Apr 2004 15:05:53 -0500 Subject: BBC: File-sharing to bypass censorship In-Reply-To: <200404111941.i3BJf4VK006778@artifact.psychedelic.net> References: <20040411164827.GX28136@leitl.org> <200404111941.i3BJf4VK006778@artifact.psychedelic.net> Message-ID: <20040411200553.GA29200@cybershamanix.com> On Sun, Apr 11, 2004 at 12:41:03PM -0700, Eric Cordian wrote: > > As those who flog the Sex Abuse Agenda are well aware, 90% of successful > propaganda is owning the vocabulary. I am reminded of the changing of the > term "statutory rape" to "child rape" a few years ago, which I am sure we > will all agree is a less than accurate description of a 20 year old who > has consensual sex with a streetwise 17 year old crack whore. Or even his 17 year old virgin girlfriend. I really have a hard time understanding how we reached this point -- it wasn't even 100 years ago when girls of 17 were considered in danger of becoming old maids if they weren't married already. In fact, when I was growing up, the legal age for marriage in Mississippi was 12 for girls and 14 for boys, with parents permission. Without, it was 14 and 16. Many, many states had similar laws. And, in fact, back then at least one state, Maryland IIRC, had a "statutory rape" age of 8. So, while on the one hand, more young teens are having sex fairly openly, and at younger and younger ages, even in preteen, some as young as 10 from what I read in the press; the laws are becoming more and more repressive. And not just the law, also the prosecutors -- in Racine, WI a month or so ago it was announced that prosecutors had charged a girl and boy, both 15, with having sex with a child -- each other. WTF is going on? What else is this but religious oppression? Look, I can marry a girl (with parents okay) on her 16th birthday here in WI, but if I just have her come live with me, I could spend probably most of the rest of my life in prison. This is insane -- on what basis, under what Constitutional authority, does the state get to decide that the christer "marriage" vows are sacred and legal, and a pagan or indig "taking to wife" isn't? -- Harmon Seaver CyberShamanix http://www.cybershamanix.com Hoka hey! From bill.stewart at pobox.com Sun Apr 11 15:36:47 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Sun, 11 Apr 2004 15:36:47 -0700 Subject: Keyring Camcorder to replace your Minox Message-ID: <6.0.3.0.0.20040411152304.053834e0@pop.idiom.com> http://tech.tnir.org/archives/000540.html http://www.pcmag.com/article2/0,1759,1559884,00.asp Tired of that old klunky Minox B Spy Camera? Want something newer, smaller, and more versatile? Need a speaking-engagement bribe for David Brin? Looks like there's finally something to do the job (or will be once they actually ship the things in commercial volume around May and not just review copies for magazines...) The Philips Key109 Key Ring Camcorder is a USB frob with 128MB of RAM, 2 megapixel camera for videos or stills, MP3 player, headphone jack, and remote control. I'm surprised they didn't give it more RAM, but perhaps they got into price problems. The user interface is apparently all in the remote control part, which is a bit odd but may be useful for some things. ---- Bill Stewart bill.stewart at pobox.com From rah at shipwright.com Sun Apr 11 12:40:50 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 11 Apr 2004 15:40:50 -0400 Subject: current status of cypherpunks, tim may, etc. ?? In-Reply-To: <20040411073714.GA8577@positron.mit.edu> References: <20040411060845.64122.qmail@web21501.mail.yahoo.com> <20040411073714.GA8577@positron.mit.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 3:37 AM -0400 4/11/04, Riad S. Wahby wrote: >Apparently he's still to be found posting on various Usenet groups. >RAH knows more about this than I do. Obviously, Tim was on usenet long before he, Eric Hughes and John Gilmore started this list on toad.com after the first physical cypherpunks meeting 11 years ago last fall. Because some spam-defense techniques require the absence of usable email addresses, and because Tim has changed his addresses more than once over the last few years, you can go on groups.google.com and just search for "Tim May" in the author field -- don't forget the quote marks -- and see everything he's posting now. He's usually in the local Bay Area groups, and on Misc.Survivalism, though I haven't looked in about a month or so. As we just saw in a previous forward from usenet, most of the stuff he posts there makes me cringe, like his later stuff here, but, obviously, Tim's as smart and as creative as he's ever been. Even though when I showed up here, 10 years ago sometime in May to learn how to do cash transactions on the internet, Tim regularly and thoroughly jumped up my ass about my various ideological impurities and deep flaws in my character :-) (it was ever thus, I got used to it, and I hopefully learned to give back as good as I got), there was, invariably, something useful in almost all of his posts here. This, in spite of, to me at least, the increasing preponderance of deliberately provocative cruft he trolled around here, presumably in boredom, just to piss people off. Obviously, though more civil, and, frankly, productive, this list isn't the same since Tim left, not the least because this list was, for all intents and purposes, his creation, by dint of the sheer amount of time he put into it, if nothing else. As most people here know, I've long been interested in influence and reputation, and I once introduced Tim at a Mac_Crypto conference in terms of the magnitude of his influence, which is, frankly, much more considerable than people really understand. Tim thanked me for a "nice introduction", and, while I was being quite cordial, this being one of the few times we got along, "nice" was pretty orthogonal to my point. Tim May, whether he likes it or not -- understands it completely or not -- has literally invented, discovered, a new form of emergent social order. More properly, in learning that property can be controlled by cryptography in a manner *independent* of biometric identity, he was the first person to understand that the control and market-auctioned transfer of property could be achieved without the need of the force-monopoly of the state. The result is something which is, by definition, anarchy. Tim called it crypto-anarchy, since it required the use of strong cryptography on public networks to happen, but I don't think even he understood just how far the idea could go. His concern was more immediate. Like freedom, privacy is an inherent good, and anything that maximizes both privacy and freedom maximizes the good in the world. All the structural possibilities that resulted were just gravy. It's probable that his hatred of the state came first, long before his discovery of cryptography as a means to that end, but the effect is the same whether, like me, the crypto changed his opinion of the state, or, as was probably Tim's case, his opinion of the state led to his discovery of crypto as a means to get what he wanted. One way or the other, Tim and other early cypherpunks really did discover a way to make physically real the yearnings of libertarians, anarcho-capitalists, and other free people throughout the ages, by using, for the first time in more than a thousand years, technology and markets instead of manifestos, politics, philosophy, or, in the case of libertarians, somehow-constrained government and monopolistic force. I think that this didn't happen fast enough for Tim, and he devolved to hoping for some disaster to force his new world into being, and failing even that, he began to advocate more, I suppose, "traditional", methods of getting what he wanted: those involving force, without regard, unfortunately, to reason, much less economics. It was upsetting, infuriating, to watch, but, after a while, we realized that Tim was, after all, a free man. He could do what he wanted with his time and resources, and it wasn't our right to tell him to do otherwise, no matter how negative our opinions were of his behavior. As for the more personally repellant of his beliefs, we have to remember that he advocated something that most of us have come around to over time, something that many anarchocapitalists have talked about before Tim May did, that discrimination in transactions and hiring of *any* kind is a *right* of free people in markets, foolish consequences or not, and that it's only wrong when governments force that discrimination onto everyone, like they do in Jim Crow, Nazi Anti-Jewry, or Apartheid laws. Tim's collapse from that rationally-derived belief in the economic necessity for freedom, including individual discrimination, into the language of "Aryanism", and the advocacy of mob-violence, (something that is guaranteed, paradoxically, to degenerate into state-controlled force in in almost all historical cases, speaking of chimneys), again paradoxically, only puts his original point into even starker relief. Personally, like his coming to cryptography because of his hate of the state, I think his now-overt racism emerges from his (*claimed*, remember; he's said that "Tim May" is a pseudonym more than once here ;-)) Virginia upbringing, and that his adoption of anarcho-capitalism as a political philosophy might have been the result of some inherent racism, but that's just armchair psycho-babble voodoo on my part. The point is, his opinions in that regard are now morally repellant, and that's a shame, because before he got to this point where his anger overtook his capacity to reason, he was, in fact, making sense. So, to me, at least, whatever Tim and company did before or after doesn't matter so much as what they did here on cypherpunks in the early days. Lots of people's lives (mine, for instance... :-)) auger-in after what others consider to be their most memorable and productive accomplishments. Even a man's *own* opinions of the events of his life change over time, so who knows what Tim thinks about his time here, and whether it was worth it or not. Nonetheless, as Phillip K. Dick said once, reality doesn't change when you change your mind. If it all works, if it has a basis in economic fact, that people in general get more stuff cheaper and live longer and happier by being completely free of *any* government in their lives, and they get to that point by using strong cryptography on public internetworks, Tim May may well be remembered for the rest of history as having discovered the substrate of a new society. Something, I believe, on the order of the advent of agriculture and cities, and lots of us here were around to watch the initial promulgation of those ideas, even if we were not around (in my case, at least) to witness their actual discovery. And, maybe, some of us will be around not just to *watch* it happen, but to *make* it happen as well. Without sending a "bunch of useless eaters" "up the chimneys", as Mr. May seems to fondly hope for, these days. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQHmfPsPxH8jf3ohaEQJ78gCfeKTbsWbqcWS+ENaxpJx8HrJPduIAoOm7 vN3XsdF+59pwEA1z6EOyzC/3 =wVkf -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Sun Apr 11 13:26:16 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 11 Apr 2004 16:26:16 -0400 Subject: On Killing Blaster Message-ID: "When faced with force, you reply with force when you can." Nah. This isn't even true in a fistfight, except when the guy you're fighting is a) significantly smaller than you, and b) less trained. More often than not, if someone attacks you, it's because they either have or perceive themselves to have an overwhelmingly superior force. In such a situation it's often best to run. Barring that, then "soft" methods are by far the best alternative, but soft methods normally require intelligence, or at least the ability to utilize an opponent's force against him (I think I can unequivocally state that I have had the opportunity to test such a principal here on the streets of NYC). And of course, if it's possible to diarm your opponent without actually killing or maiming him, that's sometimes far more appropriate...reference 'Aikido' and remember the unmasked "MasterBlaster". Every once in a while, somebody makes a mistake they eventually regret. As someone said better than myself, Crypto is one little tool in an aresenal against "Men with Guns"...in the end Men With Guns will probably try to shoot away bits, but it's not going to work too well. Meanwhile, P2P, WiFi, Crypto,and lots of other stuff will slowly start to chip away at things on the edges, until the core is exposed. -TD >From: "Major Variola (ret)" >To: "cypherpunks at al-qaeda.net" >Subject: Re: On Needing Killing >Date: Sun, 11 Apr 2004 09:42:58 -0700 > >At 05:38 AM 4/11/04 -0400, An Metet wrote: > >> And the responsibles need killing. > > > >No, they don't. > > > >There are two alternative solutions to the problem of restrictions on > >information flow, or more generally restrictions on any sort of >voluntary > >and cooperative activity. One is to use force to fight back, even to > >the point of killing the perpetrators. This is what you are advocating > > >when you say they "need killing". > >When faced with force, you reply with force when you can. > > >The other is to evade the restrictions. This does not involve killing, > > >force, or violence of any sort. Cryptography is an ideal tool for this > > >purpose. It allows people to communicate and exchange data even when > >outsiders want them to stop. Via digital cash they can even contract > >together, and buy and sell information and services. BlackNet is >intended > >to be an example of how this could work. > >Correct. But the existence of technical means for playing with bits and > >hiding from oppression does not change the ethics of the material world. > >When the State's otherwise legitimate monopoly on force is abused >the appropriate response is not to hope the oppressors go away. > >When the Jews were put in the ghettos, an abuse of State force, >the appropriate response was more than merely publishing anonymous >flyers >or mumbling in secret languages. There are times when agents have >earned killing. > >Blacknet is a robust archive for words, immune to force >(by State or private actors), but merely words. > >----- >"How we burned in the prison camps later thinking: What would things >have been like if every security operative, when he went out at night to >make an arrest, had been uncertain whether he would return alive?" >--Alexander Solzhenitzyn, Gulag Archipelago > > _________________________________________________________________ Persistent heartburn? Check out Digestive Health & Wellness for information and advice. http://gerd.msn.com/default.asp From camera_lumina at hotmail.com Sun Apr 11 13:27:52 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 11 Apr 2004 16:27:52 -0400 Subject: On Needing Killing Message-ID: Eric Cordian wrote... "Can I be the list's new Crusty Retired Engineer now?" Why, did you retire recently? -TD >From: Eric Cordian >To: cypherpunks at minder.net >Subject: Re: On Needing Killing >Date: Sun, 11 Apr 2004 12:58:50 -0700 (PDT) > >Justin writes: > > > With all due respect to the principle of freedom of speech and all that, > > I think that cypherpunks, and people in general, give far too little > > respect to words, as if words are a vague, unimportant, and remote link > > in the chain of causation of acts or failure-to-acts. I don't see > > anything wrong with Orwell's view that words control the future's view > > of history. His certainly have. > >Words depend greatly on context. The meaning of words here on the >Cypherpunks list, is different than their meaning in the New York Times. > >If someone said "up the chimneys with the inner-city welfare mutants" in >the New York Times, there would be mass rioting in the streets. > >I find this with a lot of my stuff that gets taken from this list and >posted in places that I would have written it much differently for, had >those places been its original destination. > >So - what happened to Tim? Can I be the list's new Crusty Retired >Engineer now? > >-- >Eric Michael Cordian 0+ >O:.T:.O:. Mathematical Munitions Division >"Do What Thou Wilt Shall Be The Whole Of The Law" > _________________________________________________________________ Get rid of annoying pop-up ads with the new MSN Toolbar  FREE! http://toolbar.msn.com/go/onm00200414ave/direct/01/ From rah at shipwright.com Sun Apr 11 13:32:38 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 11 Apr 2004 16:32:38 -0400 Subject: On Needing Killing In-Reply-To: <200404111958.i3BJworf007099@artifact.psychedelic.net> References: <200404111958.i3BJworf007099@artifact.psychedelic.net> Message-ID: At 12:58 PM -0700 4/11/04, Eric Cordian wrote: >So - what happened to Tim? Can I be the list's new Crusty Retired >Engineer now? Crusty retired pervert is more like it. ...and, no, I don't want to know what the crust is made of... :-/ Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From hseaver at cybershamanix.com Sun Apr 11 15:16:54 2004 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Sun, 11 Apr 2004 17:16:54 -0500 Subject: Altered phone cards? Message-ID: <20040411221654.GA29394@cybershamanix.com> Anybody heard of this before, or know how it's done? "And "Mr Tanaka" has good reason to be wary. He and his three friends are illegally selling phone cards that have been altered so they can be re-used." http://english.aljazeera.net/NR/exeres/671844D1-95C9-4BEF-903C-155B2E948C59.htm -- Harmon Seaver CyberShamanix http://www.cybershamanix.com Hoka hey! From sunder at sunder.net Sun Apr 11 14:43:15 2004 From: sunder at sunder.net (sunder) Date: Sun, 11 Apr 2004 17:43:15 -0400 Subject: Hierarchy, Force Monopoly, and Geodesic Societies In-Reply-To: <20040411192616.D96639-100000@localhost> References: <20040411192616.D96639-100000@localhost> Message-ID: <4079BBF3.4030501@sunder.net> Jim Dixon wrote: > The term is used because most or all trees in the region where the English > language originated are shaped just like that: they have a single trunk > which forks into branches which may themselves fork and so on. These > branches do not connect back to one another. I believe the real issue here is one of being able to stretch your mind into seeing things from different points of view. This is the reason I brought in the quasi-mystical quote about the sphere whose center is everywhere. To see if you'd be able to go beyond your already rich knowledge and gain new benefit from another way of looking at it. (IMHO, it's important to be able to change POV's at will, it keeps you flexible and able to learn new ways of dealing with data by conversion.) In real life, the roots of a tree resemble it's branches buried underground, in an almost mirror image. A tree that terminates where the trunk meets the ground would fall. The only real tree resembling this, is one where logger's saw was applied. :) So we're already not discussing a real tree. The idealized mathematical definition of a tree doesn't quite a real tree any more than do B-Trees, B+/-Trees, nor red/black trees, or our debated friend, the internet. > The Internet doesn't resemble a tree at all. It is characterized by many > cross-connections, which form cycles. These are introduced deliberately > by network engineers, because tree-like networks are unreliable. Of course. It's called redundancy and its goal is to eliminate as many single points of failure as possible. But from the point of view of one node talking to another, these aren't considered, I'll explain why. Firstly, don't confuse cycles with redundancy for high availability. These are two different things. Let's explain why we have multiple connections and what types of these you can expect. There are two common types of multiple connections: A) Two links to the same ISP: In terms of redundancy for the purposes of being fault tolerant, only one of the multiple links is ever used. With most ISP's, when you negotiate a contract for a backup connection, it's with the understanding that you'll only use it when the main one goes down. B) You have multiple connections to different ISP's (possibly with peering contracts, etc.) In this case when a node at your location tries to contact some other node on the internet, it's traffic doesn't go over ALL of your connections - it takes only a single path. [Ok, if your routers are correcting for an outage, then perhaps you'll see different paths being taken, but this is just the routing tables/routers settling or converging.] If both case A and case B, a single node in your location will see the entire internet as a tree with the root of that tree being the default gateway. (i.e. go back to doing traceroutes.) In the case of a multi-homed machine, or machine that participates in routing, it itself becomes the root of the tree. There are other cases but those are rare, and likely flawed. Now on to cycles and the whole reason for this debate: The whole point of many/most routing algorithms is to GET RID OF cycles. After you've done this, you're left with a tree. Loops/cycles are so anathema to the workings of tcp/ip, that one of the fields in IP packets has been added to help eliminate: the TTL. The only reason for a TTL value is to prevent packets that are going around in circles from congesting all the routers involved in the loop. (Only later did traceroute exploit this into helping provide you with a map of where your packets went.) This is why EIGRP, RIP, etc. use various mechanisms to explicitly prevent routing loops (and BGP to aggregate routes.) Routing loops are damage, they are by definition not desirable. At the data link layer (switches/hubs), this is why you want to use the Spanning Tree Protocol. Notice that name: Spanning *TREE* Protocol. After STP is done, you're left with a data link layer ->TREE< - not a cyclical graf. STP is even more important for LAN's than on the internet since there's no TTL on ethernet frames: a single broadcast, were it to be allowed to loop, could saturate your switches to the point of killing your LAN! What all this says to me is that a cycle is a circle, and that failover/ parallel links should be collapsed (and are by routing protocols) to a single link. Once you eliminate cycles, and you do so in real life, you go back to a tree. You only see the alternate paths used when failover or routing errors occur. Yes, I agree with you, if your POV is "The Big Picture" above from space, which includes all links, even the unused redundant ones, it's certainly not a tree. At the same time, I also disagree with you. If your POV is a single host, it sees the internet as a tree. In fact, one of the properties of trees is that you "pick up" any leaf node and designate it as the root. (Doesn't work too well on a B+Tree when you're trying to do searches, but, the result is still a tree - not balanced any longer, but a tree.) :) From sunder at sunder.net Sun Apr 11 15:15:00 2004 From: sunder at sunder.net (sunder) Date: Sun, 11 Apr 2004 18:15:00 -0400 Subject: BBC: File-sharing to bypass censorship In-Reply-To: <20040411203655.GC3814@dreams.soze.net> References: <20040411164827.GX28136@leitl.org> <200404111941.i3BJf4VK006778@artifact.psychedelic.net> <20040411200553.GA29200@cybershamanix.com> <20040411203655.GC3814@dreams.soze.net> Message-ID: <4079C364.7050208@sunder.net> Justin wrote: > This is one nation under God (the Christian God), or haven't you > noticed? If the Christian Right thinks God doesn't like something, it's > not Constitutionally protected. Even worse, I've once heard a coworker explain to me why Bush doesn't give a rats ass about the environment: just like the impromptu "pilots" who learned how to fly, but not land, Bush and Crew believe that this world is theirs to do with as they wish, and that pollution isn't important - so what if thousands die of cancer, so long as they earn a place in their idea paradise. Yes, between the flat-earther's, witch burners, jihadists, and other nuts, religion certain has had a wonderful influence on humanity. From eugen at leitl.org Sun Apr 11 09:48:28 2004 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 11 Apr 2004 18:48:28 +0200 Subject: BBC: File-sharing to bypass censorship Message-ID: <20040411164827.GX28136@leitl.org> http://news.bbc.co.uk/2/hi/technology/3611227.stm File-sharing to bypass censorship By Tracey Logan BBC Go Digital presenter The net could be humming with news, rather pop, swappers By the year 2010, file-sharers could be swapping news rather than music, eliminating censorship of any kind. This is the view of the man who helped kickstart the concept of peer-to-peer (P2P) file-sharing, Cambridge University's Professor Ross Anderson. In his vision, people around the world would post stories via anonymous P2P services like those used to swap songs. They would cover issues currently ignored by the major news services, said Prof Anderson. "Currently, only news that's reckoned to be of interest to Americans and Western Europeans will be syndicated because that's where the money is," he told the BBC World Service programme, Go Digital. "But if something happens in Peru that's of interest to viewers in China and Japan, it won't get anything like the priority for syndication. "If you can break the grip of the news syndication services and allow the news collector to talk to the radio station or local newspaper then you can have much more efficient communications." 'Impossible to censor' To enable this, Prof Anderson proposes a new and improved version of Usenet, the internet news service. If there's material that everyone agrees is wicked, like child pornography, then it's possible to track it down and close it down Ross Anderson, Cambridge University But what of fears that the infrastructure that allows such ad hoc news networks to grow might also be abused by criminals and terrorists? Prof Anderson believes those fears are overstated. He argued that web watchdogs like the Internet Watch Foundation, which monitors internet-based child abuse, would provide the necessary policing functions. This would require a high level of international agreement to be effective. "The effect of peer-to-peer networks will be to make censorship difficult, if not impossible," said Prof Anderson. "If there's material that everyone agrees is wicked, like child pornography, then it's possible to track it down and close it down. But if there's material that only one government says is wicked then, I'm sorry, but that's their tough luck". Political obstacles Commenting on Prof Anderson's ideas, technology analyst Bill Thompson welcomed the idea of new publishing tools that will weaken the grip on news of major news organisations. Such P2P systems, he said, would give everybody a voice and allow personal testimonies to come out. But the technology that makes those publishing tools accessible to everyone and sufficiently user-friendly will take longer to develop than Prof Anderson thinks, added Mr Thompson. Prof Anderson's vision underestimates the political obstacles in the way of such developments, he said, and the question of censorship had not been clearly thought through. "Once you build the technology to break censorship, you've broken censorship - even of the things you want censored," said Mr Thompson. "Saying you can then control some parts of it, like images of child abuse, is being wilfully optimistic. And that's something that peer to peer advocates have to face." -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From camera_lumina at hotmail.com Sun Apr 11 16:10:02 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 11 Apr 2004 19:10:02 -0400 Subject: current status of cypherpunks, tim may, etc. ?? Message-ID: "Tim regularly and thoroughly jumped up my ass about my various ideological impurities" Well, this was fairly annoying and I think made it harder to dig out the gold from Tim May's poop. And in a way, this was self-defeating from a topple-the-state point of view. My point was (and sometimes is) that our beliefs about Economics, capitalism, and politics are to some extent irrelevant in the light of a techno-determinist point of view (Riad Wahbi pointed this out a few posts ago). In that context, raising some questions about some of the accepted notions about capitalism wasn't (for me at least) necessarily an attempt to "fight" the crypto-anarchic view/goal/partyline May seemed bent on establishing, but rather to suggest that even groups or individuals with ostenibly very different goals might be able to embrace a crypto-approach towards achieving their aims. In other words, it should be considered a good thing if leftists or liberals or Jihadists utilize well-formed crypto...that can actually only accelerate whatever's down the pike. And opening the discussions up a bit for such not only keeps away the philosophical inbreeding of some lists, it might actually start something amongst adherents of that point of view. And hell, if there's a way to maintain a left-wing stance without that eventually resulting in me having to put in 14 hour days in People's Shoe Factory Number 14, then more power to 'em....I think it's probably too late even for some 21st Century hyper-Stalin to sieze control of both wireline and wireless internet now... but again, who gives a crap. Crypto's probably already passed the point of no return, no matter what kind of State George Dubya continues to unleash on us. -TD So...how many years before it's possible for an online group to anonymously fun, order up and drop-ship weapons on a besieged people trying to maintain their national sovereignty? >From: "R. A. Hettinga" >To: cypherpunks at al-qaeda.net >Subject: Re: current status of cypherpunks, tim may, etc. ?? >Date: Sun, 11 Apr 2004 15:40:50 -0400 > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >At 3:37 AM -0400 4/11/04, Riad S. Wahby wrote: > >Apparently he's still to be found posting on various Usenet groups. > >RAH knows more about this than I do. > >Obviously, Tim was on usenet long before he, Eric Hughes and John >Gilmore started this list on toad.com after the first physical >cypherpunks meeting 11 years ago last fall. > >Because some spam-defense techniques require the absence of usable >email addresses, and because Tim has changed his addresses more than >once over the last few years, you can go on groups.google.com and >just search for "Tim May" in the author field -- don't forget the >quote marks -- and see everything he's posting now. He's usually in >the local Bay Area groups, and on Misc.Survivalism, though I haven't >looked in about a month or so. As we just saw in a previous forward >from usenet, most of the stuff he posts there makes me cringe, like >his later stuff here, but, obviously, Tim's as smart and as creative >as he's ever been. > > >Even though when I showed up here, 10 years ago sometime in May to >learn how to do cash transactions on the internet, Tim regularly and >thoroughly jumped up my ass about my various ideological impurities >and deep flaws in my character :-) (it was ever thus, I got used to >it, and I hopefully learned to give back as good as I got), there >was, invariably, something useful in almost all of his posts here. > >This, in spite of, to me at least, the increasing preponderance of >deliberately provocative cruft he trolled around here, presumably in >boredom, just to piss people off. > >Obviously, though more civil, and, frankly, productive, this list >isn't the same since Tim left, not the least because this list was, >for all intents and purposes, his creation, by dint of the sheer >amount of time he put into it, if nothing else. > > >As most people here know, I've long been interested in influence and >reputation, and I once introduced Tim at a Mac_Crypto conference in >terms of the magnitude of his influence, which is, frankly, much more >considerable than people really understand. Tim thanked me for a >"nice introduction", and, while I was being quite cordial, this being >one of the few times we got along, "nice" was pretty orthogonal to my >point. > >Tim May, whether he likes it or not -- understands it completely or >not -- has literally invented, discovered, a new form of emergent >social order. More properly, in learning that property can be >controlled by cryptography in a manner *independent* of biometric >identity, he was the first person to understand that the control and >market-auctioned transfer of property could be achieved without the >need of the force-monopoly of the state. The result is something >which is, by definition, anarchy. > >Tim called it crypto-anarchy, since it required the use of strong >cryptography on public networks to happen, but I don't think even he >understood just how far the idea could go. His concern was more >immediate. Like freedom, privacy is an inherent good, and anything >that maximizes both privacy and freedom maximizes the good in the >world. All the structural possibilities that resulted were just >gravy. It's probable that his hatred of the state came first, long >before his discovery of cryptography as a means to that end, but the >effect is the same whether, like me, the crypto changed his opinion >of the state, or, as was probably Tim's case, his opinion of the >state led to his discovery of crypto as a means to get what he >wanted. > > >One way or the other, Tim and other early cypherpunks really did >discover a way to make physically real the yearnings of libertarians, >anarcho-capitalists, and other free people throughout the ages, by >using, for the first time in more than a thousand years, technology >and markets instead of manifestos, politics, philosophy, or, in the >case of libertarians, somehow-constrained government and monopolistic >force. > >I think that this didn't happen fast enough for Tim, and he devolved >to hoping for some disaster to force his new world into being, and >failing even that, he began to advocate more, I suppose, >"traditional", methods of getting what he wanted: those involving >force, without regard, unfortunately, to reason, much less economics. > >It was upsetting, infuriating, to watch, but, after a while, we >realized that Tim was, after all, a free man. He could do what he >wanted with his time and resources, and it wasn't our right to tell >him to do otherwise, no matter how negative our opinions were of his >behavior. > >As for the more personally repellant of his beliefs, we have to >remember that he advocated something that most of us have come around >to over time, something that many anarchocapitalists have talked >about before Tim May did, that discrimination in transactions and >hiring of *any* kind is a *right* of free people in markets, foolish >consequences or not, and that it's only wrong when governments force >that discrimination onto everyone, like they do in Jim Crow, Nazi >Anti-Jewry, or Apartheid laws. > > >Tim's collapse from that rationally-derived belief in the economic >necessity for freedom, including individual discrimination, into the >language of "Aryanism", and the advocacy of mob-violence, (something >that is guaranteed, paradoxically, to degenerate into >state-controlled force in in almost all historical cases, speaking of >chimneys), again paradoxically, only puts his original point into >even starker relief. > >Personally, like his coming to cryptography because of his hate of >the state, I think his now-overt racism emerges from his (*claimed*, >remember; he's said that "Tim May" is a pseudonym more than once here >;-)) Virginia upbringing, and that his adoption of anarcho-capitalism >as a political philosophy might have been the result of some inherent >racism, but that's just armchair psycho-babble voodoo on my part. The >point is, his opinions in that regard are now morally repellant, and >that's a shame, because before he got to this point where his anger >overtook his capacity to reason, he was, in fact, making sense. > > >So, to me, at least, whatever Tim and company did before or after >doesn't matter so much as what they did here on cypherpunks in the >early days. Lots of people's lives (mine, for instance... :-)) >auger-in after what others consider to be their most memorable and >productive accomplishments. Even a man's *own* opinions of the events >of his life change over time, so who knows what Tim thinks about his >time here, and whether it was worth it or not. > > >Nonetheless, as Phillip K. Dick said once, reality doesn't change >when you change your mind. > >If it all works, if it has a basis in economic fact, that people in >general get more stuff cheaper and live longer and happier by being >completely free of *any* government in their lives, and they get to >that point by using strong cryptography on public internetworks, Tim >May may well be remembered for the rest of history as having >discovered the substrate of a new society. Something, I believe, on >the order of the advent of agriculture and cities, and lots of us >here were around to watch the initial promulgation of those ideas, >even if we were not around (in my case, at least) to witness their >actual discovery. > >And, maybe, some of us will be around not just to *watch* it happen, >but to *make* it happen as well. > >Without sending a "bunch of useless eaters" "up the chimneys", as Mr. >May seems to fondly hope for, these days. > >Cheers, >RAH > >-----BEGIN PGP SIGNATURE----- >Version: PGP 8.0.3 > >iQA/AwUBQHmfPsPxH8jf3ohaEQJ78gCfeKTbsWbqcWS+ENaxpJx8HrJPduIAoOm7 >vN3XsdF+59pwEA1z6EOyzC/3 >=wVkf >-----END PGP SIGNATURE----- > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' > _________________________________________________________________ Watch LIVE baseball games on your computer with MLB.TV, included with MSN Premium! http://join.msn.com/?page=features/mlb&pgmarket=en-us/go/onm00200439ave/direct/01/ From justin-cypherpunks at soze.net Sun Apr 11 12:20:20 2004 From: justin-cypherpunks at soze.net (Justin) Date: Sun, 11 Apr 2004 19:20:20 +0000 Subject: On Needing Killing In-Reply-To: <40797591.759C0BF@cdc.gov> References: <40797591.759C0BF@cdc.gov> Message-ID: <20040411192020.GA3814@dreams.soze.net> Major Variola (ret) (2004-04-11 16:42Z) wrote: > Blacknet is a robust archive for words, immune to force > (by State or private actors), but merely words. With all due respect to the principle of freedom of speech and all that, I think that cypherpunks, and people in general, give far too little respect to words, as if words are a vague, unimportant, and remote link in the chain of causation of acts or failure-to-acts. I don't see anything wrong with Orwell's view that words control the future's view of history. His certainly have. I think mass anonymity and cypherpunk-ish society aren't themselves motive forces on the level of the _contents_ of some anonymous speech that would be facilitated by those institutions. That's the whole point, right? What would be the use of cypherpunk society if the speech and data havens it allowed were "merely words"? I'm unconvinced that there isn't a deterministic component to the speech->action transition. Even though the results of some speech may be extraordinarily terrible, restrictions on free speech are artifacts of previous, equally terrible free speech that has achieved a foothold in government. -- "You took my gun. It's just your word against mine!" "Not necessarily." -Bernie vs Tom, Miller's Crossing From eugen at leitl.org Sun Apr 11 10:59:43 2004 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 11 Apr 2004 19:59:43 +0200 Subject: Hierarchy, Force Monopoly, and Geodesic Societies In-Reply-To: <20040410234555.Q96639-100000@localhost> References: <20040410205526.GL28136@leitl.org> <20040410234555.Q96639-100000@localhost> Message-ID: <20040411175943.GD28136@leitl.org> On Sun, Apr 11, 2004 at 12:29:11AM +0100, Jim Dixon wrote: > A "tree" as the term is used in mathematics and computer science has a A tree as the term is used in a human language refers to a shape. Ditto mesh. Have you seen a fisherman's net? Do you think a fisherman or a weaver uses a mathematical formalism when referring to a specific, familiar shape? The graph (not a mathematical term, that) I pointed you to did remind you of...? http://research.lumeta.com/ches/map/gallery/wired.gif > single root. A continuum has an infinite number of points in it. A grid Use your imagination. Crosslinking a tree results in a mesh. Are you familiar with polymer crosslinking? Can you imagine a crosslinked tree, that is halfway between a tree, and a mesh? I knew you could. > ... none of these terms has anything much to do with one another. I'm sorry I'm confusing you with interdisciplinary language. Unfortunately, I'm not going to lapse into formal definitions of new terms, if these can be informally explained in downstream text. > I don't know why you introduce hypergrids. But you might consult a You're using "don't know" a lot. I recognize the symptoms by now. Occasionally, I run into people who're into heavy formalism & domination. I've almost never been able to communicate effectively with such people, but I'm going to try anyway. I use the term hypergrid/hyperlattice/hypermesh as a generic term for higher dimensional networks which have a specific connection locality pattern, if mapped to 2d and 3d space. Namely, that the connection density decays with distance (in terms of distance to the current reference node). The higher the dimensionality, the larger the total number of links. The more random defects (missing edges) in the network, the less orthogonal it looks. A hypercube is an instance of a pretty orthogonal high-dimensional network. Its makeup is fractal, which is visible in the connectivity matrix. A hypergrid is an orthogonalized hypercube. You can plot (project) hypercube and hypergrid connectivities on 2d and 3d arrays of nodes. If the length of the array edges is a power of 2 you'll get a specific connectivity distribution pattern, reaching outwards orthogonally in distances which are doubling in each step. I generalize this by relaxing the 2^n distance constrant and by allowing connectivity other than orthogonal, including defectivity. The connection density still decays exponentially with distance. Less fuzzy now? > mathematical dictionary - the term seems irrelevant to the current > discussion. Trust me, it's not. > > > A geodesic is a minimal path in whatever geometry you are talking about. > > > > The geometry on Earth surface is anything but whatever. Way above, with nodes > > in mutual plain view, it's plain old Einstein-Minkowski (basically Euclidian, > > with relativistic corrections). > > "The geometry on Earth surface is anything but whatever"? Sorry, Now you're refusing to parse English, too. I'm not going to diagram it for you, look at above cited passage. > this makes no sense. However, a geodesic remains a path of minimal > length in the geometry under consideration. Or so it was when I last > did some reading in finite dimensional metric spaces. Look outside the window. Does this look like a finite dimensional metric space to you? Are you familiar with geodesy? Are you familiar with the term geodesic as used by ship captains and pilots? It has nothing whatsoever to do with spacetime curvature. You can't travel nor signal through Earth bulk, so you have to route your signals around the spherical obstacle. One you're sufficiently far removed, it's line of sight in a device cloud (a satellite constellation). > > I'm claiming peering arrangement evolve to make optimal use of given physical > > cabling. This is quick. > > As the term is normally used, "peering" is the settlement-free exchange of > trafic between autonomous systems (ASNs). "Settlement-free" means that no > consideration ($$$) is paid. This has bugger all to do with cabling. Peered traffic is exchanged over a point. It is frequently called a nexus. The traffic needs a physical connection to pass through the nexus. Traffic requires infrastructure, which costs money to buy and to run. Unnecessary traffic and suboptimal topology incurs unnecessary costs. Current layout is done by people, and is a political process. Traffic laid out by agorics within a protocol adjusts in realtime. Because this is not being done now, this means such protocols will be invented and deployed. They will outcompete the legacy approach. It doesn't take a genius to make that trivial forecast. > Peering arrangements generally involve legal departments, and rarely > change once inked. The worse for them. Computers can negotiate, too, and a lot quicker than people. > In the real world, peering policies normally reflect a mixture of common > sense and total misunderstanding of what the Internet is about. Some > networks just peer with anyone; some have incredibly detailed contracts > and involve months of negotiation. > > When senior management is involved, they quite often have a telco > background, and think that peering has something to do with SS7. That is, > they try to insist that the Internet is really just the same as the voice > telephone network, and BGP4 is SS7. The results are often comic. Immature systems can tolerate inefficiency. Iterated competition results in progressive loss of leeway. Use of IT in economic areas of human enterprise is just the beginning of this process. > What do you think "nexus" means?? > > Conventional definition: > ---------------------------------------------------------------------- > n. pl. nexus or nexuses > > 1. A means of connection; a link or tie: this nexus between New > York's... real-estate investors and its... politicians (Wall Street > Journal). > 2. A connected series or group. > 3. The core or center: The real nexus of the money culture [was] Wall > Street (Bill Barol). > ---------------------------------------------------------------------- > > As Lewis Carroll tried to make clear a long long time ago, it isn't > very useful to conduct arguments by redefining words as you go along. http://computerworld.com.sg/pcwsg.nsf/0/BFED6DE56B76EA4948256CDE00139250?Open Document Regional nexus for GPRS Singapore will be Asia's first neutral Peering Point for GRX (GPRS Roaming Exchange) providers. http://www.pch.net/resources/reference/peering/ipv4_with_pch_rs.html A nexus of fiber, copper, or rights-of-way must exist within or proximal to the user community, and it must be open and accessible to those companies which wish to add to or improve upon those facilities. I conced you the point that nexus might be not a common term of the trade. But it's certainly not my invention, see Google. As such, you could go lighter on sarcasm. It can backfire. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From justin-cypherpunks at soze.net Sun Apr 11 13:36:55 2004 From: justin-cypherpunks at soze.net (Justin) Date: Sun, 11 Apr 2004 20:36:55 +0000 Subject: BBC: File-sharing to bypass censorship In-Reply-To: <20040411200553.GA29200@cybershamanix.com> References: <20040411164827.GX28136@leitl.org> <200404111941.i3BJf4VK006778@artifact.psychedelic.net> <20040411200553.GA29200@cybershamanix.com> Message-ID: <20040411203655.GC3814@dreams.soze.net> Harmon Seaver (2004-04-11 20:05Z) wrote: > This is insane -- on what basis, under what Constitutional authority, > does the state get to decide that the christer "marriage" vows are > sacred and legal, and a pagan or indig "taking to wife" isn't? This is one nation under God (the Christian God), or haven't you noticed? If the Christian Right thinks God doesn't like something, it's not Constitutionally protected. -- "You took my gun. It's just your word against mine!" "Not necessarily." -Bernie vs Tom, Miller's Crossing From jdd at dixons.org Sun Apr 11 12:51:40 2004 From: jdd at dixons.org (Jim Dixon) Date: Sun, 11 Apr 2004 20:51:40 +0100 (BST) Subject: Hierarchy, Force Monopoly, and Geodesic Societies In-Reply-To: <20040411175943.GD28136@leitl.org> Message-ID: <20040411192616.D96639-100000@localhost> On Sun, 11 Apr 2004, Eugen Leitl wrote: > > A "tree" as the term is used in mathematics and computer science has a > > A tree as the term is used in a human language refers to a shape. Ditto If you want to participate in technical discussions, discipline yourself to use the relevant language correctly. The word "tree" is commonly used in this business. It has a precise meaning. It refers to an acyclic graph with a single root. ------------------------------------------------------------------- "Tree data structure "From Wikipedia, the free encyclopedia. "In computer science, a tree is a widely-used computer data structure that emulates a tree structure with a set of linked nodes. Each node has zero or more child nodes, which are below it in the tree (in computer science, unlike in nature, trees grow down, not up). The node of which a node is a child is called its parent node. A child has at most one parent; a node without a parent is called the root node (or root). Nodes with no children are called leaf nodes. "In graph theory, a tree is a connected acyclic graph. A rooted tree is such a graph with a vertex singled out as the root. In this case, any two vertices connected by an edge inherit a parent-child relationship. An acyclic graph with multiple connected components or a set of rooted trees is sometimes called a forest." ------------------------------------------------------------------- The term is used because most or all trees in the region where the English language originated are shaped just like that: they have a single trunk which forks into branches which may themselves fork and so on. These branches do not connect back to one another. The Internet doesn't resemble a tree at all. It is characterized by many cross-connections, which form cycles. These are introduced deliberately by network engineers, because tree-like networks are unreliable. That is, when a network engineer sees a tree, his immediate response tends to be to fix the tree by adding cross-connections. If you don't have any cross- connects, then any network failure causes loss of connectivity, a very Bad Thing. > > "The geometry on Earth surface is anything but whatever"? Sorry, > > Now you're refusing to parse English, too. I'm not going to diagram it for > you, look at above cited passage. I learned how to parse English a long time ago. That is not a sentence in English. I have no idea of what you meant to say. > Look outside the window. Does this look like a finite dimensional metric > space to you? Yep. Most would describe the view as three dimensional. 3 is a finite number. Is there a metric? Certainly. The one worked out by Descartes a long time ago will do, the distance between two points in Cartesian coordinates. When I did a course in finite dimensional metric spaces, most of the initial examples were in three dimensional geometries, like what you see when you look out the window. After a while we progressed to things like distortions in space-time AKA gravity. > Are you familiar with geodesy? Are you familiar with the term > geodesic as used by ship captains and pilots? It has nothing whatsoever to do > with spacetime curvature. You can't travel nor signal through Earth bulk, so > you have to route your signals around the spherical obstacle. One you're > sufficiently far removed, it's line of sight in a device cloud (a satellite > constellation). I don't believe that I have ever met a ship captain or pilot who knew what the term "geodesic" meant. (Mind you, I never asked.) It's a term used in mathematics and physics. Given a metric on a space, if the length of a path between two points is minimal, that path is a geodesic. In Euclidean geometry, it's a straight line. On the surface of a sphere, it's a segment of a great circle. > > > I'm claiming peering arrangement evolve to make optimal use of given > physical > > > cabling. This is quick. > > > > As the term is normally used, "peering" is the settlement-free exchange of > > trafic between autonomous systems (ASNs). "Settlement-free" means that no > > consideration ($$$) is paid. This has bugger all to do with cabling. > > Peered traffic is exchanged over a point. It is frequently called a nexus. I spent more than seven years running an ISP and in that time set up over 100 peering relationships. Throughout that time I never heard anyone refer to anything as a "nexus". The term _is_ used by marketing types when they are getting rhapsodic. And I have heard it used in political discussions. And in poetry. On the other hand, peered traffic is often exchanged between networks (ASNs) at several different points; these might be thousands of miles apart. Google on BGP and MED. > > Peering arrangements generally involve legal departments, and rarely > > change once inked. > > The worse for them. Computers can negotiate, too, and a lot quicker than > people. You may not like legal departments, but this is irrelevant to common practice on the Internet. Peering agreements are legal documents. Most companies have them drawn up by lawyers and they are very rarely changed. (Exceptions? People in the business might remember Agis and Exodus.) Computers are pretty useless in negotiating peering. It usually involves friendly chats over the telephone, sometimes a beer down at the pub. > I conced you the point that nexus might be not a common term of the trade. > But it's certainly not my invention, see Google. As such, you could go > lighter on sarcasm. It can backfire. Introducing standard term that you insist be misinterpreted according to your peculiar practice can also waste a great deal of time. It makes more sense to use terms in the normal way and spend your time and energy arguing real issues. I think that your argument was that telecommunications is moving towards a future in which traffic will be evenly distributed over the earth's surface because this is optimal, because a uniform distribution is dictated by physics. I think that you are quite wrong in this, but the argument regarding substance got lost in your insistence that words be used oddly. -- Jim Dixon jdd at dixons.org tel +44 117 982 0786 mobile +44 797 373 7881 http://jxcl.sourceforge.net Java unit test coverage http://xlattice.sourceforge.net p2p communications infrastructure From non_secure at yahoo.com Sun Apr 11 22:42:15 2004 From: non_secure at yahoo.com (Joe Schmoe) Date: Sun, 11 Apr 2004 22:42:15 -0700 (PDT) Subject: current status of cypherpunks, tim may, etc. ?? In-Reply-To: <20040411073714.GA8577@positron.mit.edu> Message-ID: <20040412054215.39620.qmail@web21507.mail.yahoo.com> --- "Riad S. Wahby" wrote: > view. Apparently he's still to be found posting on > various Usenet > groups. RAH knows more about this than I do. That's the other question I had ... I keep hearing about alt.cypherpunks, but there is nothing there - regardless of whether I look through google groups or other news2web or news2mail translations, alt.cypherpunks is totally dead - maybe 1-2 posts per month, and most of them test posts or garbage, and this goes back at least for the last year... Is there some secret or alternate news feed that has the real list, or is alt.cyperpunks just dead ? __________________________________ Do you Yahoo!? Yahoo! Tax Center - File online by April 15th http://taxes.yahoo.com/filing.html From bill.stewart at pobox.com Mon Apr 12 01:15:28 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 12 Apr 2004 01:15:28 -0700 Subject: Geodesic markets for nuclear secrets Message-ID: <6.0.3.0.0.20040412011314.053f9a50@pop.idiom.com> The price of nuclear secrets has been dropping rapidly: http://theonion.com/news/index.php?issue=4014 WASHINGTON, DC- Top-secret information about the design, construction, and delivery of nuclear weapons has never been more affordable than it is today, CIA Director George Tenet announced Monday. (ok, ok, so it's the Onion... It's still geodesic markets at work, even if it's all made up :-) --- Bill Stewart bill.stewart at pobox.com From mv at cdc.gov Mon Apr 12 10:54:15 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 12 Apr 2004 10:54:15 -0700 Subject: BBC: File-sharing to bypass censorship Message-ID: <407AD7C6.1D5C4E0F@cdc.gov> At 06:48 PM 4/11/04 +0200, Eugen Leitl wrote: >http://news.bbc.co.uk/2/hi/technology/3611227.stm >By the year 2010, file-sharers could be swapping news rather than music, >eliminating censorship of any kind. > >This is the view of the man who helped kickstart the concept of peer-to-peer >(P2P) file-sharing, Cambridge University's Professor Ross Anderson. Well duh. KaZaa carries news film clips that the media don't transmit. So does ogrish.com, but ogrish is not distributed and its name servers are run by the State of course. And then there's the indymedia (again, single point of failure) sites. There are censorship and authentication issues, of course, its hardly novel. >'Impossible to censor' > >To enable this, Prof Anderson proposes a new and improved version of Usenet, >the internet news service. > > If there's material that everyone agrees is wicked, like child pornography, >then it's possible to track it down and close it down First, that flavor of erotica is not well defined. E.g., A picture of one of your 15 year old wives? Your legally emancipated 16 year old lover? Second, Anderson, who should know better, forgets about stego. From mv at cdc.gov Mon Apr 12 10:54:26 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 12 Apr 2004 10:54:26 -0700 Subject: On Needing Killing (Orwell was an optimist) Message-ID: <407AD7D2.86F2808A@cdc.gov> At 07:20 PM 4/11/04 +0000, Justin wrote: >Major Variola (ret) (2004-04-11 16:42Z) wrote: > >> Blacknet is a robust archive for words, immune to force >> (by State or private actors), but merely words. > >With all due respect to the principle of freedom of speech and all that, >I think that cypherpunks, and people in general, give far too little >respect to words, as if words are a vague, unimportant, and remote link >in the chain of causation of acts or failure-to-acts. I don't see >anything wrong with Orwell's view that words control the future's view >of history. His certainly have. Language is how you manipulate people from a distance. Much more convenient than hitting them. Crypto *can* keep bits free. And so maybe language. But Men with Guns control physical reality, which limits what those bits can do. Read the archives on the problems with linking "credits" to dollars or physical merchandise. Note that the Saudis are organizing conferences on registering and recording hawala. Note that the US will kidnap (mexican MD for instance) if they can't extradite. And how many will run a prohibited node when the penalty is watching your family assets seized, family members raped, before your eyes are gouged out? --- "It can't happen here" -Suzy Creamcheese From Poindexter at SAFe-mail.net Mon Apr 12 09:13:20 2004 From: Poindexter at SAFe-mail.net (Poindexter at SAFe-mail.net) Date: Mon, 12 Apr 2004 12:13:20 -0400 Subject: current status of cypherpunks, tim may, etc. ?? Message-ID: At 04:10 PM 4/11/2004, Tyler Durden wrote: >So...how many years before it's possible for an online group to anonymously fun, order up and drop-ship weapons on a besieged people trying to maintain their national sovereignty? Why not join http://www.ideosphere.com and wager some play money (a real money version is underway). JP From rah at shipwright.com Mon Apr 12 10:18:05 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 12 Apr 2004 13:18:05 -0400 Subject: Afghan duty offers ultimate in unconventional warfare Message-ID: USA Today Afghan duty offers ultimate in unconventional warfare By Gregg Zoroya, USA TODAY ORUZGAN, Afghanistan - Afghan fighters bristling with rocket launchers and machine guns pour into a government compound here to try to intimidate a small team of U.S. Special Forces soldiers in their midst. (Related graphic: A-Team in Afghanistan) Capt. Paul Toolan and District Chief Ubai Dullah walk off together after averting a showdown in Oruzgan. By Jack Gruber, USA TODAY The Green Berets, a long way from home and two days from their base, want to destroy 10 tons of weapons found in bunkers under the hilltop headquarters of the fighters' leader, a district chief here. The atmosphere is suddenly hostile. "If things go sour," Special Forces Capt. Paul Toolan tells a two-man sniper crew he quickly orders into position on a rooftop, "go for the head of the food chain." He nods at the white-turbaned district chief standing nervously a few feet away. In a nation raw from two decades of fighting, with remnants of the al-Qaeda terrorist network still a menace and with Osama bin Laden having eluded capture for 2 1/2 years, the front lines of war emerge and vanish like storm clouds. Elite teams of Special Forces soldiers see the counterinsurgency in Afghanistan as their classic fight. Many concede that they relish serving here. For a few recent weeks, Toolan and his 10-member team allowed rare and intimate access into their operations in the southern Afghan province of Oruzgan. They momentarily let slip the Special Forces mystique of super-soldiers in beards and baseball caps who conduct secret missions and are known only by their first names. They emerge as soldiers who carry their own set of contradictions and complexities: proud and embarrassed by the public perception of them as elite soldiers; both sympathetic toward and contemptuous of the Afghans; confident that this war is theirs to win, even if victory is years away. Finding bin Laden is unlikely here because the terrorist leader is believed to be hiding along Afghanistan's eastern border with Pakistan. Their job is to destroy Taliban and al-Qaeda forces, capture or kill fugitives such as Taliban leader Mullah Mohammed Omar, and bring security to the still-untamed Afghan countryside. In March, two GIs with the 10th Mountain Division were killed during a U.S. raid in Miam Do, a village in Oruzgan province. To operate in this region, Toolan and his men must coordinate with local leaders and militia, whose loyalties are sometimes unclear. The Green Berets exercise a certain independence in their actions. Many say this is the best time to serve in the Special Forces since Vietnam. They are the only American faces anybody ever sees in the vast, rugged stretches of formidable terrain about 200 miles from Kabul, the Afghan capital. Unshaven in their Oakley sunglasses, with 15-shot Beretta pistols strapped to their hips, they stalk a province the size of Indiana, gunslingers in an Asian frontier. But they also are health care providers, diplomats, combat instructors, roadside mechanics and crisis managers. In the course of one afternoon, Toolan will take steps aimed at killing District Chief Ubai Dullah and his armed minions for their belligerence. Then, after feverish talks, he and Dullah will walk arm-in-arm across the chief's compound in the local custom of male bonding, as tears well up in Dullah's eyes. "Let's discount for a moment my 5 1/2-month-old son, my wife, paved roads and a soft bed," says Toolan, a Rhode Islander with a razor-sharp wit. "Without all that, you can never beat this. It's got everything. It's got every single aspect of unconventional warfare you could ever possibly imagine." Muck and grease Like everyone else in this arid wasteland, the Special Forces troops find day-to-day conditions harsh. They suffer diarrhea from the local cuisine. Their faces cake with muck from hours bouncing atop a Humvee. Their hands blacken with grease as they repair broken-down U.S. vehicles. There's nothing elite about events that go wrong. For 45 minutes in a narrow mountain pass, Green Berets hold up frustrated local drivers because a four-wheeled Army ATV gets a clogged fuel pipe. A water tank on an Afghan National Army truck breaks loose in the middle of a Green Beret convoy. And when American and Afghan troops set up a human chain to load captured ammunition, they wind up standing in a field of human excrement that had been used as an open privy by the local militia. "Yeah, that was really glamorous," Toolan says later. Nor are they immune from troubles at home. The team sergeant, Kevin Patrick, frets over a 6-month-old daughter in the USA who is without her parents. He is in Afghanistan, and his wife, a civilian defense analyst, has been assigned to duty in Iraq. A woman caring for the infant e-mails photos. "She's starting to crawl," Patrick, 38, reports with a mixture of joy and regret. Staff Sgt. Jaison Eggleston, 29, a barrel-chested soldier who can bench-press 400 pounds and has a fondness for SpongeBob SquarePants T-shirts, is a victim of credit fraud at home. His wife, Sonya, seven months' pregnant, scrambles to salvage their family finances. But bureaucrats demand to speak with a husband who is away at war. "I am helpless," says her husband. "What I need is a lawyer." A team medic, Sgt. 1st Class Don Grambusch, 27, is a single parent who uses a satellite connection and a speakerphone to bond with his 5-year-old son. The boy is being cared for by the soldier's sister. "Basically, my private life back there is a mess," Grambusch says. "But work (here) seems to be excellent." Because they work roughly five months on and five months off overseas, these Green Berets spend as much time with each other as they do with wives or girlfriends. They heckle one other relentlessly but take pride in their close association. "They're not supermen," says Sgt. 1st Class Larry Hawks, a senior team member. "They're just guys who won't quit." Even though he's the commander, Toolan is just "Paul" to the men. He likes to fire war-movie lines at each of them for a rote reply. From Apocalypse Now: "Who's the commanding officer here?" Response: "Ain't you?" From Platoon: "Don't drink that ... you're gonna get malaria." Response: "I hope so." There is an insularity created by their isolation. "We are, in every sense of the word, on our own out here," Toolan says. Building an Afghan force Their mission to this town is an important first for Oruzgan province, home to nearly a million Afghans and the area where Omar, the Taliban leader, was raised. They are introducing Afghan soldiers to this backwater region. For the past two years, coalition forces in Afghanistan have fashioned from ragtag fighters a multiethnic Afghan force of 9,000. The hope is that one day a 70,000-man Afghan National Army (ANA) will be able to tame a nation steeped in conflict. Some of the veteran Green Berets on Toolan's team helped train the new soldiers. Grambusch personally designed an Afghan National Army marksmanship badge. "You kind of feel proud - like, 'Hey, I helped build this,' " he says. The mission begins with a platoon of Afghan soldiers. They are taken across rollicking mountain roads from the Special Forces base near the village of Deh Rawood to the provincial capital in Tarin Kowt to meet Gov. Jan Mohammad, an appointee of President Hamid Karzai. In the convoy are Toolan and eight other team members, two dozen ANA troops, a U.S. Marine advising the Afghans, an Air Force combat air controller, two journalists and three other U.S. soldiers supporting the operation. A tenth member of Toolan's team, Chief Warrant Officer Bruce Defeyter, is back at a U.S. military installation in Kandahar providing logistical support. So arduous is the Afghan landscape that it takes another full day from Tarin Kowt to reach Oruzgan. Everywhere they go, the reception is positive. The ANA soldiers, in their green military fatigues and Russian-style helmets, are received with enthusiasm. "It's the first evidence of the central government that we have seen," says Majeed Akhand, a money changer in Deh Rawood. Children ogle the Afghan soldiers and tug at their uniforms. Adults crowd around in curiosity and shake hands with the officers. For Toolan, the Afghan troops are much more than a symbolic gesture. A seasoned Afghan fighting force could help U.S. forces navigate the crosscurrents of tribal rivalry, opium drug dealing and the still-lethal threat of Taliban and al-Qaeda fighters. "They'll be able to open up doors that we couldn't," Toolan says. That's exactly what happens here. An Afghan lieutenant, Mohammed Taher, finds the cache of weapons under the district headquarters by poking around and asking questions. The haul includes heavy machine gun ammo, land mines, hundreds of rockets and a thousand mortar shells. There are even 6-foot-long missiles. Special Forces teams had visited the compound before but were unaware of what was below. "I asked the district chief," Taher says of how he found the weapons. "He told me they were from Taliban time." The Taliban regime controlled much of Afghanistan from 1996 until it was driven out of Kabul by U.S.-led forces, including northern rebels, in December 2001. Confrontation Toolan and Taher have no reason to believe that Dullah, the district chief, has Taliban sympathies. He has close ties to the Karzai-appointed governor. But a tradition of harboring heavy weapons, emblematic here of power and survival, is a tough habit to break. But if security is ever to come to Afghanistan, Toolan says, weapons such as these can only be in the hands of the central government. He decides that the stuff has to be collected and destroyed. Dullah balks and trots out armed fighters to intimidate the GIs. Toolan sends the sniper team to the district headquarters roof. Dullah calls the governor on a satellite phone. Both leaders threaten to quit their posts if weapons are taken. Toolan, wearing no helmet or body armor as a measured counter-response to the growing tension, calls their bluff. Through an interpreter, he tells them: OK, go. He directs the Air Force combat controller to summon air support by radio. In 20 minutes, a B-1 bomber that was on close standby is crisscrossing the valley. "Nothing like flexing a couple billions dollars' worth of technology," Eggleston says with a grin as the supersonic jet roars overhead. Hawks chimes in: "That's going to change their politics." By phone, the governor relents: It's all a misunderstanding. Dullah and his men turn docile. The Green Berets agree to leave a few boxes of machine gun ammo and mortar rounds for the local police. The rest goes. Locals look on gravely as the weapons disappear into rented trucks, to be carted away and blown up. But by the end of the day, Dullah, seemingly relieved to have the burden of this confrontation lifted, is embracing Toolan and holding his hand. When they say their farewells, Dullah has tears in his eyes. The episode highlights an American frustration with Afghanistan's culture of violence that has, in the view of many Special Forces soldiers, left the country chaotic and backward. The night before the standoff, Americans and Afghans shared dinner on the floor of the district chief's meeting room. Shoes and sandals were left outside by custom. A wood-fired tin furnace warded off the mountain chill. Platters of rice, flatbread and bowls filled with freshly slaughtered lamb - the hunks of roasted mutton floating in grease - were devoured off mats on the floor. At one point, a young Afghan man, carrying apples into the room in his shirt, stumbles and spills them on the floor. Toolan can't resist. "First day?" he wisecracks. The ensuing laughter causes Dullah to ask for a translation. When he hears Toolan's joke in Pashto, he bursts out laughing, all the more pleased because the man who spilled the apples is one of his in-laws. It is a moment that cuts through two cultures. Later, Dullah goes to bed, and Toolan reflects on his conflicted feelings. "The Special Forces experience in Afghanistan is the ultimate emotional dichotomy," he says. "On the one hand, in your mind, you hold these people in contempt for the situation they have created for their country and themselves. And on the other hand, in your heart, you have sympathy for them, because you know that it's not their fault." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Mon Apr 12 10:42:39 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 12 Apr 2004 13:42:39 -0400 Subject: PlayFair > Sarovar Message-ID: --- begin forwarded text From proclus at gnu-darwin.org Mon Apr 12 11:13:54 2004 From: proclus at gnu-darwin.org (proclus at gnu-darwin.org) Date: Mon, 12 Apr 2004 14:13:54 -0400 (EDT) Subject: PlayFair > Sarovar In-Reply-To: Message-ID: <200404121815.i3CIF27n049131@gnu-darwin.org> The GNU-Darwin Distribution is taking a stand against what Apple has done, and we have blackened our website so that people will take notice. http://www.gnu-darwin.org/ MacNN is also running a story about it, and it is interesting that Apple has sometimes used the DMCA to threaten them as well. http://www.macnn.com/news/24175 There are some discussion threads about it, although most messages are still in the queue and not yet visible. http://sourceforge.net/mailarchive/forum.php?forum_id=6042 Here is a link to the original post. http://sourceforge.net/forum/forum.php?forum_id=367147 Regards, proclus http://www.gnu-darwin.org/ On 12 Apr, R. A. Hettinga wrote: > > > --- begin forwarded text > > > To: nettime > From: kevin lahoda > Subject: PlayFair > Sarovar > Date: Sat, 10 Apr 2004 14:51:11 -0400 > Sender: nettime-l-request at bbs.thing.net > Reply-To: kevin lahoda > > Sarovar.org is India's first portal to host projects under Free/Open > source licenses. It is located in Trivandrum, India and hosted at Asianet > data center. Sarovar.org is customised, installed and maintained by > Linuxense as part of their community services and sponsored by River > Valley Technologies. > > From Sarovar's < http://sarovar.org/ > Latest News: "After a short > "vacation" thanks to a Cease and Desist letter from Apple, we're back > online. Many thanks to Sarovar for hosting us.. -PlayFair " > > Sarovar now hosts The PlayFair project < http://playfair.sarovar.org/ > > which SourceForge has declined in order to avoid tangling with Apple's > decision to go DMCA on their ass < > http://slashdot.org/article.pl?sid=04/04/09/1554203 >. Like something from > a Gibson novel, I wouldn't doubt if Sarovar rises to meet more than > another of these occasions in the near future. > > And so, we have more contentious open source code hosted outside of the US > in order to circumvent unfavorable legal processes. > > Offtshoring in itself is not all that new (another example: < > http://www.citi.umich.edu/u/provos/honeyd/ >). Here is how this one gets > interesting: A big guy - Apple, goes a little sour, another (kind of) big > guy - SourceForge, takes the easy route, and then an offshore repository > stands in. > > With all of this, one thing that should not be ignored is that SourceForge > should be shamed for not holding itself stronger. In a way SourceForge's > decline of PlayFair and non-usage of the Safe Harbor Provision Act < > http://www.chillingeffects.org/dmca512/ > is an admit of defeat and a > failure to stand up for one's (community's) rights. > > What comes out of this? > > Well, maybe Apple wins because they avoid a chance of being tarnished. > Imagine what consumer level acknowledgment of the reality of Apple > marketing a clean yet gritty 'Garage Band' motif (with all that punk rock > implies) while at the same time sleeping with DRM, recently RIAA, and now > DMCA, could entail... One can easily see that Apple is dancing itself into > a bit of a gamble. But then again, what does an Ipod zombie care about > these acronyms anyway? > > What does SourceForge get? Not much. This only makes it easier for them to > weasle out of the next situation that comes up. Not to mention they also > missed a good chance to join PlayFair in telling Apple what's what. > > k > > http://sarovar.org/ http://sarovar.org/projects/playfair/ > http://slashdot.org/article.pl?sid=04/04/09/1554203 > http://www.chillingeffects.org/dmca512/ > http://www.citi.umich.edu/u/provos/honeyd/ > > http://www.theregister.co.uk/2004/04/09/playfair_dmca_takedown/ > > > > > # distributed via : no commercial use without permission > # is a moderated mailing list for net criticism, > # collaborative text filtering and cultural politics of the nets > # more info: majordomo at bbs.thing.net and "info nettime-l" in the msg body > # archive: http://www.nettime.org contact: nettime at bbs.thing.net > > --- end forwarded text > > -- Visit proclus realm! http://proclus.tripod.com/ -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GMU/S d+@ s: a+ C++++ UBULI++++$ P+ L+++(++++) E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e++++ h--- r+++ y++++ ------END GEEK CODE BLOCK------ [demime 1.01d removed an attachment of type APPLICATION/pgp-signature] From proclus at gnu-darwin.org Mon Apr 12 12:35:49 2004 From: proclus at gnu-darwin.org (proclus at gnu-darwin.org) Date: Mon, 12 Apr 2004 15:35:49 -0400 (EDT) Subject: PlayFair > Sarovar Message-ID: <200404121937.i3CJb27n052337@gnu-darwin.org> On 12 Apr, To: R. A. Hettinga wrote: > http://sourceforge.net/mailarchive/forum.php?forum_id=6042 Ahh, that link just dropped ;-}. Here is another. http://www.advogato.org/article/764.html Regards, proclus http://www.gnu-darwin.org/ -- Visit proclus realm! http://proclus.tripod.com/ -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GMU/S d+@ s: a+ C++++ UBULI++++$ P+ L+++(++++) E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e++++ h--- r+++ y++++ ------END GEEK CODE BLOCK------ [demime 1.01d removed an attachment of type APPLICATION/pgp-signature] From perry at piermont.com Mon Apr 12 12:37:33 2004 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 12 Apr 2004 15:37:33 -0400 Subject: my periodic rant on quantum crypto Message-ID: /. is running yet another story on quantum cryptography today, with the usual breathless hype: http://science.slashdot.org/article.pl?sid=04/04/12/133623 I'm especially unimpressed with the "Does this spell the end of the field of cryptography?" comment. For those who don't know much about what it is, "Quantum Cryptography" is a very expensive way of producing an unauthenticated link encryption device. It is useless for any application other than link encryption over a short distance and requires a dedicated optical fiber to work. QC has no properties that render it especially better for link encryption than, say, a box from one of several vendors running AES on the link instead. It is perhaps theoretically safer, but in practice no one is going to break AES either -- they're going to bribe the minimum wage guard at your colo to have 20 minutes alone with your box while they install a tap on the clear side of it (or worse, they'll slip in while the guard is asleep at his desk.) QC still requires link authentication (lest someone else other than the people you think you're talking to terminate your fiber instead). As a result of this, you can't really get rid of key management, so QC isn't going to buy you freedom from that. QC can only run over a dedicated fiber over a short run, where more normal mechanisms can work fine over any sort of medium -- copper, the PSTN, the internet, etc, and can operate without distance limitation. QC is fiendishly costly -- orders of magnitude more expensive than an AES based link encryption box. QC is extremely hard to test to assure there are no hardware or other failures -- given the key in use, I can use intercepted traffic to assure my AES link encryption box is working correctly, but I have no such mechanism for a QC box. On top of all of this, the real problems in computer security these days have nothing to do with stuff like how your link encryption box works and everything to do with stuff like buffer overflows, bad network architecture, etc. Given that what we're dealing with is a very limited technology that for a very high price will render you security that is at best not particularly better than what much more economical solutions will yield, why do people keep hyping this? Indeed, why do people buy these boxes, if indeed anyone is buying them? It is stunning that a lab curiosity continues to be mentioned over and over again, not to mention to see venture capitalists dump money after it. BTW, none of this has anything to do with "Quantum Computing", which may indeed yield breakthroughs someday in areas such as factoring but which is totally unrelated... Perry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Mon Apr 12 13:25:57 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 12 Apr 2004 16:25:57 -0400 Subject: my periodic rant on quantum crypto Message-ID: --- begin forwarded text From camera_lumina at hotmail.com Mon Apr 12 13:37:37 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 12 Apr 2004 16:37:37 -0400 Subject: Hierarchy, Force Monopoly, and Geodesic Societies Message-ID: Jim Dixon wrote... >>A) Two links to the same ISP: In terms of redundancy for the purposes of >>being fault tolerant, only one of the multiple links is ever used. With >You don't understand and you are quite wrong. >If one AS has more than one link to another AS, there are often very good >reasons for it, and both links are used. If network A peers with network >B in both Paris and New York, both will generally dump traffic for the >other network at the nearest connection. He's not wrong, he's merely kinda confused on this issue. Any big link (T1/DS1/DS3/STS-3c...) into an ISP provided by the telecom service provider is almost certainly protected via SONET. SONET architectures can provide various forms of protection (not all utilize redudant compies of the data...UPSR and Linear 1+1 do, BLSR is different). Of course, the router does not see that redundancy and can not make use of it. The multiple links that do exist (each of which protected behind the scenes by the telecom service provider) can be utilized by the router. If one of those links goes down (perhaps it was unprotected "extra traffic" in a BLSR and there was a fiber cut), the router will just send the stuff through the other link. -TD >From: Jim Dixon >To: sunder >CC: >Subject: Re: Hierarchy, Force Monopoly, and Geodesic Societies >Date: Mon, 12 Apr 2004 18:41:14 +0100 (BST) > >On Sun, 11 Apr 2004, sunder wrote: > > > > The term is used because most or all trees in the region where the >English > > > language originated are shaped just like that: they have a single >trunk > > > which forks into branches which may themselves fork and so on. These > > > branches do not connect back to one another. > > > > I believe the real issue here is one of being able to stretch your mind > > into seeing things from different points of view. This is the reason I > > brought in the quasi-mystical quote about the sphere whose center is > > everywhere. > >Someone comes to me and says: "the Internet is a tree". Then he points me >at a graph of inter-AS (Autonomous System) connections to illustrate his >point. That graph includes all of those seemingly redundant connections >that make it _not_ a tree. These seemingly redundant connections are in >fact a high proportion of all connections. That is to say, the graph is >accurate and his statement wasn't. > >You can see the Internet in many ways. You can run a single traceroute >and see it as a line. You can ping broadcast on your LAN and see it as a >chorus line. > >If you understand what you are looking at, you can run traceroutes and see >stable rings: hot potato routing at work, where the packets go out one way >and come back another. > >Then again, I have spoken to hundreds? thousands? of people who think that >the Internet _is_ the World Wide Web. > > > Let's explain why we have multiple connections and what types of these >you > > can expect. There are two common types of multiple connections: > > > > A) Two links to the same ISP: In terms of redundancy for the purposes >of > > being fault tolerant, only one of the multiple links is ever used. With > >You don't understand and you are quite wrong. > >If one AS has more than one link to another AS, there are often very good >reasons for it, and both links are used. If network A peers with network >B in both Paris and New York, both will generally dump traffic for the >other network at the nearest connection. Why? Well, on the one hand, >there is no reason to carry packets originating in Paris and destined for >a host in Paris all the way to New York. On the other hand, many or most >networks employ hot potato routing, meaning that if network A picks up a >packet for network B in Paris, it dumps it on network B as soon as it can, >to minimize costs, wherever the destination might be. Some networks, >concerned with quality of service, adopt the opposite strategy, and carry >packets as far as possible within their own network. > > > most ISP's, when you negotiate a contract for a backup connection, it's > > with the understanding that you'll only use it when the main one goes >down. > >I don't think that you have any evidence for this assertion about what >characterizes 'most' backup agreements. I do know that most networks >regard this sort of statistical information as highly confidential. > > > B) You have multiple connections to different ISP's (possibly with >peering > > contracts, etc.) In this case when a node at your location tries to > > contact some other node on the internet, it's traffic doesn't go over >ALL > > of your connections - it takes only a single path. [Ok, if your routers > > are correcting for an outage, then perhaps you'll see different paths >being > > taken, but this is just the routing tables/routers settling or >converging.] > >The world is more complicated than this. Much more. > > > If both case A and case B, a single node in your location will see the > > entire internet as a tree with the root of that tree being the default > > gateway. (i.e. go back to doing traceroutes.) In the case of a > > multi-homed machine, or machine that participates in routing, it itself > > becomes the root of the tree. > >There are tens of thousands of machines on the Internet that don't have >a default gateway. > >Machines that participate in backbone routing have multiple connections >and aren't the root of a tree in any normal sense of the word. There is >no parent-child relationship between such routers: they are peers. >These peers participate in a highly complex graph which dances >continuously. The result is that routing has a large stochastic >component: if you can understand what you are looking at, you often see >traceroutes involving packets jumping sometimes one way, sometimes >another. > >To make things even more difficult to understand, an increasing amount of >traffic flows through MPLS tunnels, which are invisible to traceroutes. > > > Once you eliminate cycles, and you do so in real life, you go back to a > > tree. You only see the alternate paths used when failover or routing > > errors occur. > >This just isn't true. Hot potato routing is the most easily understood >example: traffic goes out one way and back another. It does this because >the ASs involved have set their policy that way. > >Backbone routers have lots of knobs to configure traffic flow. Some of >these allow you to throttle it, some allow you to split flows according to >traffic type, some allow to to split flows statistically, some allow you >to drop packets statistically. And some allow you to ignore pings and >traceroutes ;-) > > > At the same time, I also disagree with you. If your POV is a single >host, > > it sees the internet as a tree. > >Sorry. I have spent too many long hours probing the Internet from >single hosts to accept this. If you understand what you are looking >at, you see something much more complicated than a tree. > > > In fact, one of the properties of trees is > > that you "pick up" any leaf node and designate it as the root. > >There are different types of trees. Most discussions of 'trees' are >about rooted trees, which are directed acyclic graphs with one and only >one root. However, all trees are acyclic. The Internet isn't. > >Of course, most of this discussion revolves around one word: "is". If you >said "the Internet _can be seen_ as a tree", few would disagree with you, >especially if you allowed for the fact that that tree is continuously >changing its shape. But "the Internet _is_ a tree"? That's simply an >error. > >-- >Jim Dixon jdd at dixons.org tel +44 117 982 0786 mobile +44 797 373 7881 >http://jxcl.sourceforge.net Java unit test coverage >http://xlattice.sourceforge.net p2p communications infrastructure > _________________________________________________________________ MSN Toolbar provides one-click access to Hotmail from any Web page  FREE download! http://toolbar.msn.com/go/onm00200413ave/direct/01/ From jdd at dixons.org Mon Apr 12 10:41:14 2004 From: jdd at dixons.org (Jim Dixon) Date: Mon, 12 Apr 2004 18:41:14 +0100 (BST) Subject: Hierarchy, Force Monopoly, and Geodesic Societies In-Reply-To: <4079BBF3.4030501@sunder.net> Message-ID: <20040412174102.S96639-100000@localhost> On Sun, 11 Apr 2004, sunder wrote: > > The term is used because most or all trees in the region where the English > > language originated are shaped just like that: they have a single trunk > > which forks into branches which may themselves fork and so on. These > > branches do not connect back to one another. > > I believe the real issue here is one of being able to stretch your mind > into seeing things from different points of view. This is the reason I > brought in the quasi-mystical quote about the sphere whose center is > everywhere. Someone comes to me and says: "the Internet is a tree". Then he points me at a graph of inter-AS (Autonomous System) connections to illustrate his point. That graph includes all of those seemingly redundant connections that make it _not_ a tree. These seemingly redundant connections are in fact a high proportion of all connections. That is to say, the graph is accurate and his statement wasn't. You can see the Internet in many ways. You can run a single traceroute and see it as a line. You can ping broadcast on your LAN and see it as a chorus line. If you understand what you are looking at, you can run traceroutes and see stable rings: hot potato routing at work, where the packets go out one way and come back another. Then again, I have spoken to hundreds? thousands? of people who think that the Internet _is_ the World Wide Web. > Let's explain why we have multiple connections and what types of these you > can expect. There are two common types of multiple connections: > > A) Two links to the same ISP: In terms of redundancy for the purposes of > being fault tolerant, only one of the multiple links is ever used. With You don't understand and you are quite wrong. If one AS has more than one link to another AS, there are often very good reasons for it, and both links are used. If network A peers with network B in both Paris and New York, both will generally dump traffic for the other network at the nearest connection. Why? Well, on the one hand, there is no reason to carry packets originating in Paris and destined for a host in Paris all the way to New York. On the other hand, many or most networks employ hot potato routing, meaning that if network A picks up a packet for network B in Paris, it dumps it on network B as soon as it can, to minimize costs, wherever the destination might be. Some networks, concerned with quality of service, adopt the opposite strategy, and carry packets as far as possible within their own network. > most ISP's, when you negotiate a contract for a backup connection, it's > with the understanding that you'll only use it when the main one goes down. I don't think that you have any evidence for this assertion about what characterizes 'most' backup agreements. I do know that most networks regard this sort of statistical information as highly confidential. > B) You have multiple connections to different ISP's (possibly with peering > contracts, etc.) In this case when a node at your location tries to > contact some other node on the internet, it's traffic doesn't go over ALL > of your connections - it takes only a single path. [Ok, if your routers > are correcting for an outage, then perhaps you'll see different paths being > taken, but this is just the routing tables/routers settling or converging.] The world is more complicated than this. Much more. > If both case A and case B, a single node in your location will see the > entire internet as a tree with the root of that tree being the default > gateway. (i.e. go back to doing traceroutes.) In the case of a > multi-homed machine, or machine that participates in routing, it itself > becomes the root of the tree. There are tens of thousands of machines on the Internet that don't have a default gateway. Machines that participate in backbone routing have multiple connections and aren't the root of a tree in any normal sense of the word. There is no parent-child relationship between such routers: they are peers. These peers participate in a highly complex graph which dances continuously. The result is that routing has a large stochastic component: if you can understand what you are looking at, you often see traceroutes involving packets jumping sometimes one way, sometimes another. To make things even more difficult to understand, an increasing amount of traffic flows through MPLS tunnels, which are invisible to traceroutes. > Once you eliminate cycles, and you do so in real life, you go back to a > tree. You only see the alternate paths used when failover or routing > errors occur. This just isn't true. Hot potato routing is the most easily understood example: traffic goes out one way and back another. It does this because the ASs involved have set their policy that way. Backbone routers have lots of knobs to configure traffic flow. Some of these allow you to throttle it, some allow you to split flows according to traffic type, some allow to to split flows statistically, some allow you to drop packets statistically. And some allow you to ignore pings and traceroutes ;-) > At the same time, I also disagree with you. If your POV is a single host, > it sees the internet as a tree. Sorry. I have spent too many long hours probing the Internet from single hosts to accept this. If you understand what you are looking at, you see something much more complicated than a tree. > In fact, one of the properties of trees is > that you "pick up" any leaf node and designate it as the root. There are different types of trees. Most discussions of 'trees' are about rooted trees, which are directed acyclic graphs with one and only one root. However, all trees are acyclic. The Internet isn't. Of course, most of this discussion revolves around one word: "is". If you said "the Internet _can be seen_ as a tree", few would disagree with you, especially if you allowed for the fact that that tree is continuously changing its shape. But "the Internet _is_ a tree"? That's simply an error. -- Jim Dixon jdd at dixons.org tel +44 117 982 0786 mobile +44 797 373 7881 http://jxcl.sourceforge.net Java unit test coverage http://xlattice.sourceforge.net p2p communications infrastructure From mv at cdc.gov Mon Apr 12 20:03:30 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 12 Apr 2004 20:03:30 -0700 Subject: On Killing Blaster Message-ID: <407B5882.26CCAD7@cdc.gov> At 04:26 PM 4/11/04 -0400, Tyler Durden wrote: >"When faced with force, you reply with force when you can." > >Nah. This isn't even true in a fistfight, except when the guy you're >fighting is a) significantly smaller than you, and b) less trained. More >often than not, if someone attacks you, it's because they either have or >perceive themselves to have an overwhelmingly superior force. See "asymetric warfare" Sometimes a stronger adversary decides its not worth it. See Lebanon and a few hundred dead Marines. See Vietnam. (Speaking of which, I heard McCain arguing that if we leave .iq the place becomes a hotbed of 'terrorism'. Anyone remember the Domino theory?) And of course, if it's possible to >diarm your opponent without actually killing or maiming him, that's >sometimes far more appropriate... No, then he'll sue you. >As someone said better than myself, Crypto is one little tool in an aresenal >against "Men with Guns"...in the end Men With Guns will probably try to >shoot away bits, but it's not going to work too well. You forget that there are no bits which are not physical. Physical things reside on land leased from the State (try not paying your real estate taxes). All cables make a landing somewhere. Meanwhile, P2P, WiFi, >Crypto,and lots of other stuff will slowly start to chip away at things on >the edges, until the core is exposed. Where are you going to buy your hardware from, that it can't be shut down? How are you going to hide your TX from the DXing white vans? From mv at cdc.gov Mon Apr 12 20:06:17 2004 From: mv at cdc.gov (Major Variola (ret.)) Date: Mon, 12 Apr 2004 20:06:17 -0700 Subject: American Airlines is an info whore too Message-ID: <407B5928.C135986B@cdc.gov> American Airlines admits disclosing passenger data WASHINGTON (AFP) - A contractor for American Airlines has admitted to sharing personal passenger information with the US government and other companies, thrusting the world's largest carrier into a bitter controversy over rights to privacy in the post-September 11 world. The disclosure, certain to alarm civil libertarians, made American the third leading US airline caught disseminating private data behind the back of its customers in the name of fighting terrorism. http://news.yahoo.com/news?tmpl=story&cid=1521&u=/afp/20040411/pl_afp/us_attacks_air_040411224313&printer=1 From rsw at jfet.org Mon Apr 12 18:49:42 2004 From: rsw at jfet.org (Riad S. Wahby) Date: Mon, 12 Apr 2004 21:49:42 -0400 Subject: Fornicalia Lawmaker Moves to Block Gmail Message-ID: <20040413014942.GA10968@positron.mit.edu> SAN FRANCISCO (Reuters) - A California state senator on Monday said she was drafting legislation to block Google Inc.'s free e-mail service "Gmail" because it would place advertising in personal messages after searching them for key words. http://news.yahoo.com/news?tmpl=story&u=/nm/20040412/wr_nm/tech_google_dc_1 A private interaction between two consenting parties has absolutely nothing to do with the state, period. The bitch supporting this shit should be removed from office forthwith. -- Riad Wahby rsw at jfet.org MIT VI-2 M.Eng From measl at mfn.org Tue Apr 13 00:25:46 2004 From: measl at mfn.org (J.A. Terranson) Date: Tue, 13 Apr 2004 02:25:46 -0500 (CDT) Subject: Fornicalia Lawmaker Moves to Block Gmail In-Reply-To: <20040413014942.GA10968@positron.mit.edu> References: <20040413014942.GA10968@positron.mit.edu> Message-ID: <20040413022403.U38635@mx1.mfn.org> On Mon, 12 Apr 2004, Riad S. Wahby wrote: > A private interaction between two consenting parties has absolutely > nothing to do with the state, period. The bitch supporting this shit > should be removed from office forthwith. And based on this [quite valid] criteria, we should remove 90+ percent of all the little vermin running around in various gubmints "protecting us". Instead of removing her, they'll likely reelect her for "watching out for their interests". :-(( -- "How do you change anything, except stand in one place and scream and scream and scream and then make more people come and stand in that place and scream and scream and scream?" Sally Fields From DaveHowe at gmx.co.uk Mon Apr 12 18:55:47 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Tue, 13 Apr 2004 02:55:47 +0100 Subject: Fornicalia Lawmaker Moves to Block Gmail References: <20040413014942.GA10968@positron.mit.edu> Message-ID: <017f01c420fa$7196d640$01c8a8c0@broadbander> Riad S. Wahby wrote: > SAN FRANCISCO (Reuters) - A California state senator on Monday said > she was drafting legislation to block Google Inc.'s free e-mail > service "Gmail" because it would place advertising in personal > messages after searching them for key words. Is she planning to block all the advertising supported email services, just those associated with search engines, or just those who actually try to make the ads relevent? From pcapelli at ieee.org Tue Apr 13 06:50:20 2004 From: pcapelli at ieee.org (Pete Capelli) Date: Tue, 13 Apr 2004 09:50:20 -0400 Subject: Fornicalia Lawmaker Moves to Block Gmail References: <20040413014942.GA10968@positron.mit.edu> <20040413095302.GA20870@dreams.soze.net> Message-ID: <004101c4215e$44c155a0$110f4b18@firedancer> > It's not just a private interaction between two consenting parties. > It's a contract that grants power to a third party eliminating > traditional legal guarantees of quasi-privacy in communication from > sender to recipient, one of which is not a party to the contract. > There's no guarantee the average sender would know that mail to gmail is > intercepted and parsed. Since when is there a guarantee of privacy in email?? From justin-cypherpunks at soze.net Tue Apr 13 02:53:02 2004 From: justin-cypherpunks at soze.net (Justin) Date: Tue, 13 Apr 2004 09:53:02 +0000 Subject: Fornicalia Lawmaker Moves to Block Gmail In-Reply-To: <20040413014942.GA10968@positron.mit.edu> References: <20040413014942.GA10968@positron.mit.edu> Message-ID: <20040413095302.GA20870@dreams.soze.net> Riad S. Wahby (2004-04-13 01:49Z) wrote: > http://news.yahoo.com/news?tmpl=story&u=/nm/20040412/wr_nm/tech_google_dc_1 > > A private interaction between two consenting parties has absolutely > nothing to do with the state, period. The bitch supporting this shit > should be removed from office forthwith. It's not just a private interaction between two consenting parties. It's a contract that grants power to a third party eliminating traditional legal guarantees of quasi-privacy in communication from sender to recipient, one of which is not a party to the contract. There's no guarantee the average sender would know that mail to gmail is intercepted and parsed. -- "You took my gun. It's just your word against mine!" "Not necessarily." -Bernie vs Tom, Miller's Crossing From shaddack at ns.arachne.cz Tue Apr 13 05:18:13 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Tue, 13 Apr 2004 14:18:13 +0200 (CEST) Subject: On Killing Blaster In-Reply-To: <407B5882.26CCAD7@cdc.gov> References: <407B5882.26CCAD7@cdc.gov> Message-ID: <0404131354590.-1256167200@somehost.domainz.com> On Mon, 12 Apr 2004, Major Variola (ret) wrote: > >against "Men with Guns"...in the end Men With Guns will probably try to > >shoot away bits, but it's not going to work too well. > > You forget that there are no bits which are not physical. Physical > things reside on land leased from the State (try not paying your > real estate taxes). All cables make a landing somewhere. Then the magic has to be in making the "bad" bits indistinguishable from the "good" bits. Any crackdown that would have to net more than a minuscule fraction of the "bad" ones would then take disproportionate amount of false positives. In effect, using the luser population of the Net as a human shield. At least they will be finally good for something. > >the edges, until the core is exposed. > > Where are you going to buy your hardware from, that it can't be > shut down? Dual-use technologies. Repurpose of "consumer-grade" off-the-shelf devices. Shutting down all the PC hardware vendors would be too unpopular move to pass. Microcontroller and FPGA suppliers are a bit different, as there is less demand for them between the plebs, but both the vendors and the customers would get pretty annoyed if somebody would try to pass such measure. Not mentioning the adverse impact on "legitimate" innovation, the suboptimal efficiency of such measure, and the vibrant black market segment that would get created. Smuggled shipments of chips, black market with software - but all this was already described in better or worse way in many cyberpunk fiction books. > How are you going to hide your TX from the DXing white vans? Use directional optical links? See eg. http://ronja.twibright.com/ for an open-source one. Still possible to find and eavesdrop on, but much more difficult than radio link, and outside of the jurisdiction of FCC. Optionally, use technology that's so common it doesn't raise eyebrows; Fry's is full of toys. Recent developments in consumer wireless tech also allow some toys in the area of "proximity computing" (as I call it). Just carry a PDA in your pocket, sit for a while next to the right person, and then find the required files in the PDA later. Nothing more than passing presence in the same space without any visible interaction between the two people is recorded in the security cams (and in eg. a subway it has not much meaning anyway), no call records in the phone switchboards. Again, nothing that a prepared adversary can't defeat, but as long as you're still under the radar, you are likely to be missed by fishing expeditions. We will need four things in the future: creative use (or non-use) of available technology, knowledge of the Adversary, improvisation skills, and - most important - luck. From DaveHowe at gmx.co.uk Tue Apr 13 07:11:21 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Tue, 13 Apr 2004 15:11:21 +0100 Subject: Fornicalia Lawmaker Moves to Block Gmail References: <20040413014942.GA10968@positron.mit.edu> <20040413095302.GA20870@dreams.soze.net> Message-ID: <029201c42161$3615a8f0$c71121c2@exchange.sharpuk.co.uk> Justin wrote: > It's not just a private interaction between two consenting parties. > It's a contract that grants power to a third party eliminating > traditional legal guarantees of quasi-privacy in communication from > sender to recipient, one of which is not a party to the contract. > There's no guarantee the average sender would know that mail to gmail > is intercepted and parsed. And this differs from normal mail how? most free email services add advert footers, and many email servers offer virus and spam filtering via just such a parsing method. the Google advertising system has for a fair while now offered a number of "targetted" services, ranging from bought links displayed (differentiated) on search results keyed on certain words, to targetted links for "advertisting supported" browsing packages that are appropriate to the websites visited using that package. Google are careful to point out that the actual user is in no way identified before or after the parsing - the parsing engine merely identifies the appropriate advert, then drops the data and moves on to the next job.... besides, if you want privacy in email, you encrypt - although the mind boggles as to what googleads you would get for cryptotext. From gil_hamilton at hotmail.com Tue Apr 13 08:57:45 2004 From: gil_hamilton at hotmail.com (Gil Hamilton) Date: Tue, 13 Apr 2004 15:57:45 +0000 Subject: Fornicalia Lawmaker Moves to Block Gmail Message-ID: Justin writes: >Riad S. Wahby (2004-04-13 01:49Z) wrote: > > > >http://news.yahoo.com/news?tmpl=story&u=/nm/20040412/wr_nm/tech_google_dc_1 > > > A private interaction between two consenting parties has absolutely > > nothing to do with the state, period. The bitch supporting this shit > > should be removed from office forthwith. > >It's not just a private interaction between two consenting parties. >It's a contract that grants power to a third party eliminating >traditional legal guarantees of quasi-privacy in communication from >sender to recipient, one of which is not a party to the contract. No privacy is lost in the gmail system; no information about either party is disclosed to any third party. The information contained in the message still remains private to the sender and recipient (well, to the extent that any web-based mail can be considered "private"). Exactly what "traditional legal guarantees" do you think would be lost in the gmail system? >There's no guarantee the average sender would know that mail to gmail is >intercepted and parsed. So what? The average sender doesn't understand that mail is "intercepted and parsed" by each SMTP or POP server encountered in the path from sender to recipient. Or that their message is written to the hard disk of each of those systems as well. What the average sender understands is irrelevant unless there is some bearing on his expectation of privacy in the message contents. Really, what's the difference between scanning the message in order to, say, render HTML tags it may contain, and scanning it in order to generate targetted advertising based on keywords it contains? The latter could also be considered as merely part of the rendering process. - GH _________________________________________________________________ Persistent heartburn? Check out Digestive Health & Wellness for information and advice. http://gerd.msn.com/default.asp From anmetet at freedom.gmsociety.org Tue Apr 13 14:28:51 2004 From: anmetet at freedom.gmsociety.org (An Metet) Date: Tue, 13 Apr 2004 17:28:51 -0400 Subject: Fornicalia Lawmaker Moves to Block Gmail Message-ID: <356bd7a4b570449a9ce5ff990eb66681@anonymous> > Really, what's the difference between scanning the message in order to, > say, render HTML tags it may contain, and scanning it in order to > generate targetted advertising based on keywords it contains? That's irrelevant. These arguments that Gmail is just like other services are nothing but red herrings. Surely cypherpunks should understand that the recipient of a message can do whatever he wants with it. He can save it to disk, he can share it with his friends, or he can contract with Gmail to add targeted advertising. It's contrary to everything cypherpunks stand for to suggest that the sender of a message should have some power or authority over what happens to it once it is in the receiver's hands. Even if Gmail were completely new and nothing like it had ever existed in the world before, it would be perfectly acceptable for mail recipients to use the service. That follows from their inherent freedom to use the information under their control. Please save these tired arguments by analogy for another forum. Cypherpunks agree on the basic desirability of individual freedom, and that is enough to settle the question. From anmetet at freedom.gmsociety.org Tue Apr 13 14:29:06 2004 From: anmetet at freedom.gmsociety.org (An Metet) Date: Tue, 13 Apr 2004 17:29:06 -0400 Subject: On Killing Blaster Message-ID: <76e2000dcd18e3c820b902f2b6ace85f@anonymous> Major Variola writes: > Language is how you manipulate people from a distance. Much > more convenient than hitting them. > > Crypto *can* keep bits free. And so maybe language. > > But Men with Guns control physical reality, which limits what > those bits can do. Read the archives on the problems with > linking "credits" to dollars or physical merchandise. Fine; you are questioning the feasibility of the cypherpunk model for achieving freedom through cryptographic anonymity. It is true that power in the physical world can, in principle, prevent the operation of the information infrastructure necessary for the cypherpunk dream to be realized. Whether it can do so without also impairing "good" information transfers to an unacceptable level remains to be seen. But suppose you're right; suppose men with guns keep crypto anarchy from working, and the only recourse is to use force of your own. Then what are you doing here? This list is for discussing and implementing cypherpunk concepts. If you deny them, you should go elsewhere to pursue your goals. The practical problem with using force is that people will fight back. And there are far more of them than you. In a democratic system, government policies have widespread support. If you start knocking off California legislators you will soon find the massive might of the State directed against your health and well being. Your goals of anarchy and freedom are never going to be popular enough to let you win by using force in this way. Some have said they want to use cypherpunk technology to facilitate their plans for using force to fight the oppressors. They can set up assassination markets; or more simply, hire hitmen anonymously using ecash. In this way they can bring force to bear without risk. But this reasoning is self-contradictory. If force is necessary, it is because cypherpunk technology has failed. As you predict, "Men with Guns" will be controlling the bits via their control of physical reality. There will be no anonymous assassination markets to help you pursue your violent goals. But the reverse is true as well: if and when such markets come to exist, it can only be because the cypherpunk dream has succeeded beyond our wildest hopes. A world in which such applications exist despite the most stringent efforts on the part of the State to eradicate them is one in which cypherpunks have truly succeeded in burrowing so deep into the information infrastructure that they can never be stopped. It is a world in which anonymity is preserved, one where contracts and payment systems have been developed for even the most risky and uncertain enterprises. If cypherpunk technology works to this degree, then it will open up tremendous new opportunities for people to evade the power of government. The one overwhelming trend as we move into the 21st century is the power of information. This is why governments more and more are trying to crack down and limit its propagation. If cypherpunk technologies are able to transcend these restrictions, as is implied by the potential existence of assassination markets, there is essentially no limit to what they can do. The physical world is going to be increasingly less important as we go forward. What counts is the flow of information. That is what needs to be protected and made free from interference. If we can achieve that, the physical world won't much matter. You won't need your guns, and assassination markets, if they exist, won't be a force for freedom, but merely another hazard of the physical world, that most people avoid as much as possible. From sunder at sunder.net Tue Apr 13 15:26:56 2004 From: sunder at sunder.net (sunder) Date: Tue, 13 Apr 2004 18:26:56 -0400 Subject: Fornicalia Lawmaker Moves to Block Gmail In-Reply-To: <004101c4215e$44c155a0$110f4b18@firedancer> References: <20040413014942.GA10968@positron.mit.edu> <20040413095302.GA20870@dreams.soze.net> <004101c4215e$44c155a0$110f4b18@firedancer> Message-ID: <407C6930.4050608@sunder.net> Pete Capelli wrote: > Since when is there a guarantee of privacy in email?? Since PhilZ wrote PGP? From skquinn at xevious.kicks-ass.net Tue Apr 13 19:47:21 2004 From: skquinn at xevious.kicks-ass.net (Shawn K. Quinn) Date: Tue, 13 Apr 2004 21:47:21 -0500 Subject: Fornicalia Lawmaker Moves to Block Gmail In-Reply-To: <407C6930.4050608@sunder.net> References: <20040413014942.GA10968@positron.mit.edu> <004101c4215e$44c155a0$110f4b18@firedancer> <407C6930.4050608@sunder.net> Message-ID: <200404132147.21639.skquinn@xevious.kicks-ass.net> On Tuesday 2004 April 13 17:26, sunder wrote: > Pete Capelli wrote: > > Since when is there a guarantee of privacy in email?? > > Since PhilZ wrote PGP? But then, only if you use PGP (or GnuPG or what have you). -- Shawn K. Quinn From kelsey.j at ix.netcom.com Tue Apr 13 19:47:01 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Tue, 13 Apr 2004 22:47:01 -0400 Subject: legally required forgetting In-Reply-To: Message-ID: <5.2.0.9.0.20040413213550.0483ccd0@pop.ix.netcom.com> At 07:20 PM 4/10/04 -0400, An Metet wrote: ... >BlackNet thwarts such limitations on the reporting of consumer credit. >Clearly, providing access to this data harms individual privacy. >Yet Cypherpunks traditionally have supported this concept. A privacy >advocacy group promotes technology which would aid the compilation of >individual dossiers and allow access to personally identifying data >about past financial transactions. All that's needed is for a creditor to publish the names and addresses of his 180-day overdue accounts in some public forum, or to file lawsuits that become public record. Web-accessible archives will do the rest. It's not like the credit reporting rules would necessarily keep a private investigator now from finding out that you declared bankruptcy twenty years ago. ... >Today, the Cypherpunks list is but a shadow of its former glory, with >anarcho-capitalism all but forgotten in favor of fashionable nihilism, >libertarians replaced by liberals. Perhaps it is not too late to >resurrect the ideals of the past, but it will require hard work and open >mindedness on the part of all. Well, some of the ideals, or at least assumptions, haven't survived encounters with the facts too well. Moore's law has continued apace, strong crypto is widely available, but would anyone claim we have more privacy now than in 1990? Nor is this only because of 9/11 (asymmetric warfare apparently *does* work pretty well, though it's hard to see how that's done anything for the cause of freedom in the US); surveilance cameras, OCR, biometric readers and data mining techniques are all getting cheaper. The split seems to be that most people lose privacy, while those who really care a lot gain a little privacy, albeit by standing out as obvious people-with-something-to-hide, activists, or cryptographers. The math behind anonymous payment schemes is well-understood, and processors are fast enough to do signatures and blinding and all the rest pretty painlessly, now. But e-commerce is still all about credit cards over SSL (on a browser that is manifestly *not* a piece of security software!), if that. It's ironic. All the things that seemed like barriers to serious privacy for the masses--Clipper, export controls, the RSA patent, processors barely powerful enough to do serious public key operation before the user lost patience--are either gone or much-diminished. But we still don't have serious privacy for the masses, or even widespread use of crypto in a way that protects communications privacy. It's not like I expected my mom to be making her money trading gold-denominated Burmese opium futures[1] by now. But I at least expected my phone calls and e-mails to her not to be trivially tapable! [1] Classical reference --John Kelsey, kelsey.j at ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 From camera_lumina at hotmail.com Wed Apr 14 06:51:25 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 14 Apr 2004 09:51:25 -0400 Subject: On Killing Blaster Message-ID: "Where are you going to buy your hardware from, that it can't be shut down? How are you going to hide your TX from the DXing white vans?" Well, you made some interesting points. Actually, it would seem that some of the Islamic regimes as well as mainland China have been at least partially successful in blocking 'objectionable' content. So in a state where the forces that be have made a fairly complete victory, it just might be possible I guess to close down objectionable physical bits. So I guess that still has to be weighed against the value of human life. My point was that "Needs Killing" is something that should be considered fairly carefully...acted upon only when there's really no alternative. (But then again, you may have only been talking. You ever kill anyone Variola?) -TD >From: "Major Variola (ret)" >To: "cypherpunks at al-qaeda.net" >Subject: Re: On Killing Blaster >Date: Mon, 12 Apr 2004 20:03:30 -0700 > >At 04:26 PM 4/11/04 -0400, Tyler Durden wrote: > >"When faced with force, you reply with force when you can." > > > >Nah. This isn't even true in a fistfight, except when the guy you're > >fighting is a) significantly smaller than you, and b) less trained. >More > >often than not, if someone attacks you, it's because they either have >or > >perceive themselves to have an overwhelmingly superior force. > >See "asymetric warfare" > >Sometimes a stronger adversary decides its not worth it. See Lebanon >and a few hundred dead Marines. See Vietnam. > >(Speaking of which, I heard McCain arguing that if we leave .iq >the place becomes a hotbed of 'terrorism'. Anyone remember the >Domino theory?) > >And of course, if it's possible to > >diarm your opponent without actually killing or maiming him, that's > >sometimes far more appropriate... > >No, then he'll sue you. > > >As someone said better than myself, Crypto is one little tool in an >aresenal > >against "Men with Guns"...in the end Men With Guns will probably try to > > >shoot away bits, but it's not going to work too well. > >You forget that there are no bits which are not physical. Physical >things reside on land leased from the State (try not paying your >real estate taxes). All cables make a landing somewhere. > >Meanwhile, P2P, WiFi, > >Crypto,and lots of other stuff will slowly start to chip away at things >on > >the edges, until the core is exposed. > >Where are you going to buy your hardware from, that it can't be >shut down? How are you going to hide your TX from the DXing >white vans? > > > > > > _________________________________________________________________ Watch LIVE baseball games on your computer with MLB.TV, included with MSN Premium! http://join.msn.com/?page=features/mlb&pgmarket=en-us/go/onm00200439ave/direct/01/ From camera_lumina at hotmail.com Wed Apr 14 06:57:46 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 14 Apr 2004 09:57:46 -0400 Subject: On Killing Blaster Message-ID: "Then what are you doing here? This list is for discussing and implementing cypherpunk concepts. If you deny them, you should go elsewhere to pursue your goals." Tsk tsk...this sounds like Orthodoxy to me. Part of the benefit of an anarchy is to support otherwise-suppressed forms of existence and states of mind. If Variola can't at least suggest these ideas here, then Cypherpunks has become Cypherfacist. While I personally still believe that Crypto and other technologies will be enough ("The meek shall inherit the earth"), that's by no means obvious yet. Variola and May and others are the little nagging voices that force one to consider whether physical measures will be necessary and/or called for. -TD >From: An Metet >To: cypherpunks at al-qaeda.net >Subject: Re: On Killing Blaster >Date: Tue, 13 Apr 2004 17:29:06 -0400 > >Major Variola writes: > > > Language is how you manipulate people from a distance. Much > > more convenient than hitting them. > > > > Crypto *can* keep bits free. And so maybe language. > > > > But Men with Guns control physical reality, which limits what > > those bits can do. Read the archives on the problems with > > linking "credits" to dollars or physical merchandise. > >Fine; you are questioning the feasibility of the cypherpunk model for >achieving freedom through cryptographic anonymity. It is true that >power in the physical world can, in principle, prevent the operation >of the information infrastructure necessary for the cypherpunk dream >to be realized. Whether it can do so without also impairing "good" >information transfers to an unacceptable level remains to be seen. > >But suppose you're right; suppose men with guns keep crypto anarchy from >working, and the only recourse is to use force of your own. Then what are >you doing here? This list is for discussing and implementing cypherpunk >concepts. If you deny them, you should go elsewhere to pursue your goals. > >The practical problem with using force is that people will fight back. >And there are far more of them than you. In a democratic system, >government policies have widespread support. If you start knocking off >California legislators you will soon find the massive might of the State >directed against your health and well being. Your goals of anarchy and >freedom are never going to be popular enough to let you win by using >force in this way. > >Some have said they want to use cypherpunk technology to facilitate >their plans for using force to fight the oppressors. They can set up >assassination markets; or more simply, hire hitmen anonymously using >ecash. In this way they can bring force to bear without risk. > >But this reasoning is self-contradictory. If force is necessary, it >is because cypherpunk technology has failed. As you predict, "Men with >Guns" will be controlling the bits via their control of physical reality. >There will be no anonymous assassination markets to help you pursue your >violent goals. > >But the reverse is true as well: if and when such markets come to exist, >it can only be because the cypherpunk dream has succeeded beyond our >wildest hopes. A world in which such applications exist despite the >most stringent efforts on the part of the State to eradicate them is one >in which cypherpunks have truly succeeded in burrowing so deep into the >information infrastructure that they can never be stopped. It is a world >in which anonymity is preserved, one where contracts and payment systems >have been developed for even the most risky and uncertain enterprises. > >If cypherpunk technology works to this degree, then it will open up >tremendous new opportunities for people to evade the power of government. >The one overwhelming trend as we move into the 21st century is the power >of information. This is why governments more and more are trying to crack >down and limit its propagation. If cypherpunk technologies are able to >transcend these restrictions, as is implied by the potential existence of >assassination markets, there is essentially no limit to what they can do. > >The physical world is going to be increasingly less important as we go >forward. What counts is the flow of information. That is what needs >to be protected and made free from interference. If we can achieve >that, the physical world won't much matter. You won't need your guns, >and assassination markets, if they exist, won't be a force for freedom, >but merely another hazard of the physical world, that most people avoid >as much as possible. > _________________________________________________________________ Get rid of annoying pop-up ads with the new MSN Toolbar  FREE! http://toolbar.msn.com/go/onm00200414ave/direct/01/ From mv at cdc.gov Wed Apr 14 12:01:26 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 14 Apr 2004 12:01:26 -0700 Subject: On Killing Blaster Message-ID: <407D8A6F.D6F061C3@cdc.gov> At 05:29 PM 4/13/04 -0400, An Metet wrote: >Major Variola writes: > >> Crypto *can* keep bits free. And so maybe language. >> >> But Men with Guns control physical reality, which limits what >> those bits can do. Read the archives on the problems with >> linking "credits" to dollars or physical merchandise. > >Fine; you are questioning the feasibility of the cypherpunk model for >achieving freedom through cryptographic anonymity. Isn't it within the Official Charter to explore the limits of social crypto? The constraints imposed by possible states? It is true that >power in the physical world can, in principle, prevent the operation >of the information infrastructure necessary for the cypherpunk dream >to be realized. Bingo. >Whether it can do so without also impairing "good" >information transfers to an unacceptable level remains to be seen. Why do you think this would stop certain states? Look at the content-filters used in public libraries and schools. (Can't find poultry recipes or oncology info because of mammary glands.) >But suppose you're right; suppose men with guns keep crypto anarchy from >working, and the only recourse is to use force of your own. They can't control crypto, which is math; and they can't control individual behavior, even if they can control bulk behavior. But they do control commerce and mass production and the physical bit-handlers. The FCC has vans. Your mesh won't work so well when the only meshers are afraid of being caught, and sparse besides. Don't you regard the limits of the (e.g., cypherpunk) model as part of the study? When I say "the FCC has vans" (etc) it is sometimes only representative of precursors of trends and possibilities, if it isn't obvious. > Your goals of anarchy and >freedom are never going to be popular enough to let you win by using >force in this way. You are projecting. I don't have goals of anarchy. (I'm a lib.) I'm interested in the social implications of, and tech behind, crypto things. I assume most are like this, though some are socialist, and you are a troll. >Some have said they want to use cypherpunk technology to facilitate >their plans for using force to fight the oppressors. They can set up >assassination markets; or more simply, hire hitmen anonymously using >ecash. In this way they can bring force to bear without risk. AP is sci-fi (for now) precisely because of the control over the physical implementations of bits and currency. That some here predicted, even advocated that such a technical system would be used to clean up the civil servant population is another matter entirely. Both are valid if orthogonal points. (Civilian-authorities get fragged even without compooters) And IMHO you'd be immoral, for some possible future (and past) civil servant populations, to object to this encouragement, to feel a little hope that one possible future isn't a boot stomping a face, forever (even if that face is reading uncensorable news while being stomped) >But the reverse is true as well: if and when such markets come to exist, >it can only be because the cypherpunk dream has succeeded beyond our >wildest hopes. A world in which such applications exist despite the >most stringent efforts on the part of the State to eradicate them is one >in which cypherpunks have truly succeeded in burrowing so deep into the >information infrastructure that they can never be stopped. It is a world >in which anonymity is preserved, one where contracts and payment systems >have been developed for even the most risky and uncertain enterprises. I don't think my membership card requires me to believe that there is only one possible future outcome. It requires me to understand how such a system works, including how it might work on a social level. >If cypherpunk technology works to this degree, then it will open up >tremendous new opportunities for people to evade the power of government. >The one overwhelming trend as we move into the 21st century is the power >of information. This is why governments more and more are trying to crack >down and limit its propagation. If cypherpunk technologies are able to >transcend these restrictions, as is implied by the potential existence of >assassination markets, there is essentially no limit to what they can do. Get off the assassination thang. Yes, uncensorable news & views will be possible. That's not sufficient. >The physical world is going to be increasingly less important as we go >forward. What counts is the flow of information. Freedom of expression (bits) is one of many rights. Crypto can do the most here. But bits don't exist outside of physical implementations, so they rely on physical rights. Also, most rights are physical rights ("the right to be left alone" is more general than "the right to be free of compelled speech"). That is what needs >to be protected and made free from interference. If we can achieve >that, the physical world won't much matter. You won't need your guns, >and assassination markets, if they exist, won't be a force for freedom, >but merely another hazard of the physical world, that most people avoid >as much as possible. Um, we're talking about meshing radios, not guns or AP. And social (govt) control of things like those radios, and networks, and the devices that use them. And how such physical control might affect reaching the cypherpunk-predicted future. Sorry that I pissed on your orthodoxy by doubting that everything was inevitable in its strongest form.. From brian-slashdotnews at hyperreal.org Wed Apr 14 06:26:01 2004 From: brian-slashdotnews at hyperreal.org (brian-slashdotnews at hyperreal.org) Date: 14 Apr 2004 13:26:01 -0000 Subject: VIA Releases Source To Custom WASTE Client Message-ID: Link: http://slashdot.org/article.pl?sid=04/04/14/132238 Posted by: timothy, on 2004-04-14 13:10:00 Topic: encryption, 2 comments from the want-not dept. [1]daten writes "VIA has released the [2]source code to their Padlock SL product, based on the Nullsoft WASTE code previously [3]pulled by AOL. Padlock SL offers encrypted chat, instant messaging and file sharing over a private peer-to-peer network. Unlike WASTE, which is still under [4]active development, the VIA client offers a graphical interface for both [5]Windows and Linux users and simpler configuration." [6]Click Here References 1. http://dnetc.org/ 2. http://www.viaarena.com/?PageID=401 3. file://slashdot.org/article.pl?sid=03/05/31/1259206&tid=120 4. http://waste.sourceforge.net/ 5. http://www.viaarena.com/?PageID=399 6. http://ads.osdn.com/?ad_id=2872&alloc_id=7019&site_id=1&request_id=6486376&op =click&page=%2farticle%2epl ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From brian-slashdotnews at hyperreal.org Wed Apr 14 06:26:05 2004 From: brian-slashdotnews at hyperreal.org (brian-slashdotnews at hyperreal.org) Date: 14 Apr 2004 13:26:05 -0000 Subject: American Airlines Is Third Company To Share Data Message-ID: Link: http://slashdot.org/article.pl?sid=04/04/14/0259250 Posted by: timothy, on 2004-04-14 11:34:00 Topic: privacy, 87 comments from the thanks-fellas-no-really dept. [1]crem_d_genes writes "American Airlines has become the third U.S. airline to [2]admit sharing passenger records with the government. They were proceeded in admissions by [3]Northwest Airlines and [4]JetBlue Airways. At the heart of the matter is the implementation of the of [5]U.S. Transportation Security Administration's (TSA) use of the provisions known as [6]CAPPS II. Some privacy advocates have expressed strong dissent with this plan. [7]Some concerns have even been brought up in Congress, though for different reasons. The Department of Homeland Security has a site entitled [8]CAPPS II: Myths and Facts." References 1. mailto:watershed_ne1 at mac.com 2. http://cbs2chicago.com/topstories/topstories_story_101163959.html 3. file://yro.slashdot.org/article.pl?sid=04/01/21/1641251&tid=123 4. file://yro.slashdot.org/article.pl?sid=03/09/18/0142221&tid=158 5. http://www.tsa.gov/public/ 6. http://www.eff.org/Privacy/cappsii/ 7. http://www.fcw.com/fcw/articles/2004/0315/web-capps-03-17-04.asp 8. http://www.dhs.gov/dhspublic/display?content=3163 ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From rah at shipwright.com Wed Apr 14 13:22:27 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 14 Apr 2004 16:22:27 -0400 Subject: Reflections on a Master Message-ID: Forbes Insights Reflections on a Master Peter Huber, 04.26.04, 12:00 AM ET Is technology destined to make us helpless, as George Orwell predicted in 1984, or to empower us? I recently spent several hours with a man who has thought a lot about this question and as a banker fashioned some of the answer: Walter Wriston. In 1947 Wriston was guarding two electromechanical Sigaba encryption machines for the Army on the Pacific island of Cebu. Soon after he accepted an entry-level job at First National City Bank. He went on to serve as chief executive of what is now Citigroup for 17 years, until he retired in 1984. Along the way--years ahead of Gates and Google--he invested almost $2 billion of Citicorp's money to wire it all together, so that traders, and then customers, could get real-time access to their accounts and cash. Next time you step up to an automatic teller machine, think of Wriston. It was Citibank that pioneered this "thin branch" on Wriston's watch. Betting the bank on telecom technology, Wriston dramatically extended Citicorp's reach. It emerged as the Coca-Cola of financial services, the largest foreign lender and the lender most actively engaged in developing countries. Other banks were forced to follow. And this wiring of the world's financial markets had a greater impact on our daily lives than any other private-sector initiative since the invention of the steam engine. As Wriston describes in his 1992 book, The Twilight of Sovereignty, he watched and responded as governments lost control over two key levers of state power, the power to define what is true about how ordinary people live under different forms of government, and the power to define the value of the nation's currency. In the U.S. the gold standard gave way to the information standard in 1971--Richard Nixon ceded control of the value of the dollar to Wriston's network and the millions of traders scattered around the globe, who now use it to conduct the second-by-second plebiscites that set the values of currencies, stocks, bonds and much else besides. For a billion or so ordinary consumers, the fully wired debit/credit card--Wriston's currency, one could call it--now provides far more liquidity than Alan Greenspan's bills. Wriston won't take credit for any of this. As he tells the story of his extraordinary life, he was a simple, plodding fellow, lucky enough to be surrounded by real talent. Behind all the self-effacing diffidence, however, stands a warm, engaging, confident man with terrific judgment, a reliable sense of the future and the courage to take big, calculated risks. The truly great bosses I've met over the years have all been like that. So was Ronald Reagan. Reagan knew how to do entertainment, too, but most of the Wriston-style leaders are too boring for prime time. The nightly news thus focuses, instead, on flamboyant but inconsequential personalities and the corporate investments that fail. Wriston has no Panglossian illusions about technology. We don't yet know whether or not wired networks have made global financial networks more stable. Minute-to-minute volatility is certainly higher than it used to be, he says, but the system may simultaneously impose essential discipline, and thus stability, on central bankers and political autocrats. Wriston recognizes that stateless cash makes possible stateless jobs, and that the decline of sovereign power has facilitated the rise of stateless armies--terrorists. He understands technology for what it is--not necessarily a powerful force for good, but certainly a powerful force, which good people can direct to good ends if they choose. Wired money--the ATM--is convenient, and saves us time. Wired weapons help us pursue our enemies into the caves and spider holes in which they hide. While Wriston was guarding encryption machines on the island of Cebu, Orwell was writing his novel on the island of Jura, off the coast of Scotland. Big Brother, as Orwell envisioned him, would only be the face on the "telescreen"--the real power would be exercised behind the phosphor by a cabal of faceless government bureaucrats and corporate executives who would control everything. Orwell died a few years later; Wriston, one might say, joined the cabal. He rose through the ranks, reached the top, built the machine and ran it for a long stretch. In the future Orwell imagined, the hapless, tragic Winston Smith ends up defeated by the machine. In the future that Walter Wriston created, we carry the machine in our cell phones, shop with it at Wal-Mart and browse it in our dens. Peter Huber, a Manhattan Institute senior fellow, is the author of Hard Green: Saving the Environment From the Environmentalists and the Digital Power Report. Find past columns at www.forbes.com/huber. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Wed Apr 14 10:05:25 2004 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 14 Apr 2004 19:05:25 +0200 Subject: VIA Releases Source To Custom WASTE Client (fwd from brian-slashdotnews@hyperreal.org) Message-ID: <20040414170525.GN1026@leitl.org> ----- Forwarded message from brian-slashdotnews at hyperreal.org ----- From eugen at leitl.org Wed Apr 14 10:06:02 2004 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 14 Apr 2004 19:06:02 +0200 Subject: American Airlines Is Third Company To Share Data (fwd from brian-slashdotnews@hyperreal.org) Message-ID: <20040414170602.GP1026@leitl.org> ----- Forwarded message from brian-slashdotnews at hyperreal.org ----- From justin-cypherpunks at soze.net Wed Apr 14 13:22:37 2004 From: justin-cypherpunks at soze.net (Justin) Date: Wed, 14 Apr 2004 20:22:37 +0000 Subject: Fornicalia Lawmaker Moves to Block Gmail In-Reply-To: <029201c42161$3615a8f0$c71121c2@exchange.sharpuk.co.uk> References: <20040413014942.GA10968@positron.mit.edu> <20040413095302.GA20870@dreams.soze.net> <029201c42161$3615a8f0$c71121c2@exchange.sharpuk.co.uk> Message-ID: <20040414202237.GA1218@dreams.soze.net> Dave Howe (2004-04-13 14:11Z) wrote: > Justin wrote: > > It's not just a private interaction between two consenting parties. > > It's a contract that grants power to a third party eliminating > > traditional legal guarantees of quasi-privacy in communication from > > sender to recipient, one of which is not a party to the contract. > > There's no guarantee the average sender would know that mail to gmail > > is intercepted and parsed. > > And this differs from normal mail how? > most free email services add advert footers, and many email servers offer > virus and spam filtering via just such a parsing method. the Google I'm not concerned with the advertising itself. My concern is that the Gmail service would provide an unacceptable level of detail on message content to whoever's monitoring the advertisement logs. From camera_lumina at hotmail.com Wed Apr 14 18:11:55 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 14 Apr 2004 21:11:55 -0400 Subject: On Killing Blaster Message-ID: "Sorry that I pissed on your orthodoxy by doubting that everything was inevitable in its strongest form." Aside from inevitability there's the road taken...it may have been inevitable that the Nazi's would fall (aside from fighting a 2-front war), but they took out a few folks on their way down. It may be inevitable that crypto and other stuff saves the day, but is that before or after they get me and my family? (According to my shotgun the answer is 'after'...) -TD >From: "Major Variola (ret)" >To: "cypherpunks at al-qaeda.net" >Subject: Re: On Killing Blaster >Date: Wed, 14 Apr 2004 12:01:26 -0700 > >At 05:29 PM 4/13/04 -0400, An Metet wrote: > >Major Variola writes: > > > >> Crypto *can* keep bits free. And so maybe language. > >> > >> But Men with Guns control physical reality, which limits what > >> those bits can do. Read the archives on the problems with > >> linking "credits" to dollars or physical merchandise. > > > >Fine; you are questioning the feasibility of the cypherpunk model for > >achieving freedom through cryptographic anonymity. > >Isn't it within the Official Charter to explore the limits of social >crypto? The constraints imposed by possible states? > > >It is true that > >power in the physical world can, in principle, prevent the operation > >of the information infrastructure necessary for the cypherpunk dream > >to be realized. > >Bingo. > > >Whether it can do so without also impairing "good" > >information transfers to an unacceptable level remains to be seen. > >Why do you think this would stop certain states? Look at the >content-filters used in public libraries and schools. (Can't >find poultry recipes or oncology info because of mammary glands.) > > > >But suppose you're right; suppose men with guns keep crypto anarchy >from > >working, and the only recourse is to use force of your own. > >They can't control crypto, which is math; and they can't control >individual >behavior, even if they can control bulk behavior. But they do control >commerce and mass >production and the physical bit-handlers. The FCC has vans. > >Your mesh won't work so well when the only meshers are afraid of being >caught, and sparse besides. > >Don't you regard the limits of the (e.g., cypherpunk) model as part of >the study? > >When I say "the FCC has vans" (etc) it is sometimes only representative >of >precursors of trends and possibilities, if it isn't obvious. > > > > Your goals of anarchy and > >freedom are never going to be popular enough to let you win by using > >force in this way. > >You are projecting. I don't have goals of anarchy. (I'm a lib.) >I'm interested in the social implications of, and tech behind, crypto >things. >I assume most are like this, though some are socialist, and you are >a troll. > > >Some have said they want to use cypherpunk technology to facilitate > >their plans for using force to fight the oppressors. They can set up > >assassination markets; or more simply, hire hitmen anonymously using > >ecash. In this way they can bring force to bear without risk. > >AP is sci-fi (for now) precisely because of the control over the >physical >implementations of bits and currency. > >That some here predicted, even advocated that such a technical system >would be used >to clean up the civil servant population is another matter entirely. > >Both are valid if orthogonal points. (Civilian-authorities get fragged >even without compooters) > >And IMHO you'd be immoral, for some possible future (and past) civil >servant populations, to object to this encouragement, to feel a little >hope >that one possible future isn't a boot stomping a face, forever (even if >that face >is reading uncensorable news while being stomped) > > > >But the reverse is true as well: if and when such markets come to >exist, > >it can only be because the cypherpunk dream has succeeded beyond our > >wildest hopes. A world in which such applications exist despite the > >most stringent efforts on the part of the State to eradicate them is >one > >in which cypherpunks have truly succeeded in burrowing so deep into the > > >information infrastructure that they can never be stopped. It is a >world > >in which anonymity is preserved, one where contracts and payment >systems > >have been developed for even the most risky and uncertain enterprises. > >I don't think my membership card requires me to believe that there is >only >one possible future outcome. It requires me to understand how such >a system works, including how it might work on a social level. > > > >If cypherpunk technology works to this degree, then it will open up > >tremendous new opportunities for people to evade the power of >government. > >The one overwhelming trend as we move into the 21st century is the >power > >of information. This is why governments more and more are trying to >crack > >down and limit its propagation. If cypherpunk technologies are able to > > >transcend these restrictions, as is implied by the potential existence >of > >assassination markets, there is essentially no limit to what they can >do. > >Get off the assassination thang. Yes, uncensorable news & views >will be possible. That's not sufficient. > > >The physical world is going to be increasingly less important as we go > >forward. What counts is the flow of information. > >Freedom of expression (bits) is one of many rights. Crypto can do the >most here. >But bits don't exist outside of physical implementations, so they rely >on physical rights. >Also, most rights are physical rights ("the right to be left alone" is >more general than >"the right to be free of compelled speech"). > >That is what needs > >to be protected and made free from interference. If we can achieve > >that, the physical world won't much matter. You won't need your guns, > >and assassination markets, if they exist, won't be a force for freedom, > > >but merely another hazard of the physical world, that most people avoid > > >as much as possible. > >Um, we're talking about meshing radios, not guns or AP. And social >(govt) control of things like those radios, and networks, and the >devices >that use them. And how such physical control might affect reaching the >cypherpunk-predicted future. > >Sorry that I pissed on your orthodoxy by doubting that everything was >inevitable in its strongest form.. > > > > _________________________________________________________________ Tax headache? MSN Money provides relief with tax tips, tools, IRS forms and more! http://moneycentral.msn.com/tax/workshop/welcome.asp From brian-slashdotnews at hyperreal.org Wed Apr 14 15:26:04 2004 From: brian-slashdotnews at hyperreal.org (brian-slashdotnews at hyperreal.org) Date: 14 Apr 2004 22:26:04 -0000 Subject: Voice Over IP On Wireless Mesh Message-ID: Link: http://slashdot.org/article.pl?sid=04/04/14/1856224 Posted by: timothy, on 2004-04-14 19:21:00 Topic: wireless, 55 comments from the network-is-the-network dept. infractor writes "ZDNet [1]is reporting that the Linux based [2]LocustWorld Mesh system now has [3]SIP routing at every node. The [4]LocustWorld boxes have been widely used in [5]community broadband projects where DSL is not available, so successfully that they have been [6]seen as a threat to next generation mobile networks. With the addition of VoIP support, these mesh networks can now compete with the telcos on voice as well as data services. [7]More details here." [8]Click Here References 1. http://news.zdnet.co.uk/communications/wireless/0,39020348,39151531,00.htm 2. http://locustworld.com/ 3. http://www.faqs.org/rfcs/rfc2543.html 4. file://slashdot.org/article.pl?sid=02/10/31/2049201&tid=126 5. http://www.muniwireless.com/archives/000201.html 6. http://locustworld.com/media/timesbusiness290104.gif 7. http://locustworld.com/siprouting.php 8. http://ads.osdn.com/?ad_id=2872&alloc_id=7019&site_id=1&request_id=7791007&op =click&page=%2farticle%2epl ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From kelsey.j at ix.netcom.com Wed Apr 14 22:07:31 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Thu, 15 Apr 2004 01:07:31 -0400 Subject: voting In-Reply-To: Message-ID: <5.2.0.9.0.20040414223638.048444c0@pop.ix.netcom.com> At 11:05 AM 4/9/04 -0400, Trei, Peter wrote: ... >1. The use of receipts which a voter takes from the voting place to 'verify' >that their vote was correctly included in the total opens the way for voter >coercion. I think the VoteHere scheme and David Chaum's scheme both claim to solve this problem. The voting machine gives you a receipt that convinces you (based on other information you get) that your vote was counted as cast, but which doesn't leak any information at all about who you voted for to anyone else. Anyone can take that receipt, and prove to themselves that your vote was counted (if it was) or was not counted (if it wasn't). (This is based on attending a presentation of David's scheme at George Washington a few months ago, a conversation I had with a VoteHere guy, and some conversations and documents given to me by each. I haven't tried to verify the protocols or proofs, but I'm convinced that all this is possible, modulo various assumptions. There may be a dozen other people doing similar things, that I've simply not heard of.) ... >1. How does this system prevent voter coercion, while still allowing receipt >based recounts? Or do you have some mechanism by which I can >personally verify every vote which went into the total, to make sure they >are correct? The way I understood these schemes, you can see the initial encrypted ballots (they're published), and then there are several rounds of publically verifiable shuffling and decryption by different TTPs. After the last round of shuffling and decryption, you have raw votes. So anyone can verify the count, assuming the set of initial encrypted ballots are legitimate. And anyone can produce a receipt that can be shown to be one of those encrypted ballots, if it was counted. That doesn't keep someone from stuffing the ballot box, but it does mean that anyone who throws away unfavorable votes is going to leave behind evidence, which can potentially call the whole vote into question. The way I saw these schemes described, there was no recount capability, but the count was done in a completely public way. It seems to me that this kind of scheme has a lot of potential for disruption attacks, since one compromised voting machine can be used to call any election into question. But I could be missing something, as this is really not something I've spent a lot of time on.... >2. On what basis do you think the average voter should trust this system, >seeing as it's based on mechanisms he or she cant personally verify? I see your point, but there's an awful lot of any voting system that isn't being closely observed by the voters, or that isn't really well-understood by most of them. It's not so clear to me that the average voter is going to walk away convinced that a voter-verified paper ballot, or a mark-sense ballot, or whatever other thing isn't going to somehow be subject to attack. Or that if they do walk away convinced, that this has much to do with whether they *should* walk away convinced. >3. What chain of events do I have to beleive to trust that the code which >is running in the machine is actually and correctly derived from the >source code I've audited? I refer you to Ken Thompsons classic paper >"Reflections on trusting trust", as well as the recent Diebold debacle >with uncertified patches being loaded into the machine at the >last moment. Yep, this is a big issue. Which is why I think everyone with any sense agrees that we need some kind of independent audit trail, regardless of whether we're doing voting with computers, or with pens for punching out holes. There are a bunch of ways to do this, one obvious and pretty easy-to-field choice being voter-verified paper ballots. >This last is an important point - there is no way you can eliminate the >requirement of election officials to behave legitimately. Since that >requirement can't be done away with by technology, adding technology >only adds more places the system can be compromised. Huh? Do you think the same is true of payment systems? Those also ultimately require some humans to play by the rules, but it sure seems like a well-designed payment system can remove a lot of the ambiguity about who has violated the rules, and can outright prevent other kinds of rule violations. And it seems to me that this is very similar to the situation with voting. Touch screen voting (with the audio extensions) has at least one huge advantage over pen-and-paper schemes, because blind people can vote with them. The VoteHere and Chaum schemes provide other benefits (a lot of kinds of misbehavior by the authorities are prevented by the design, though of course, not *all* possible misbehavior), at various costs in system complexity, dependence on lots of interacting systems that might not be all that reliable, ability to recover from some low level of fraud, etc. Paper ballots printed behind glass provide a different set of tradeoffs. And you could design twenty other sets of tradeoffs. I'm not at all convinced that the way we optimize for best security is to minimize technology. I agree that it's easy to get carried away by the elegance of your mathematics, or by the really spiffy blinking lights on the computer, and forget the essentials. But technology and math aren't somehow inherently bad things to introduce to voting systems. It just has to be done in a way that makes sense, right? ... >I do think electronic voting machines are coming, and a good >thing. But they should be promoted on the basis that they >are easier to use, and fairer in presentation, then are manual >methods. Promoting them on the basis that they are more >secure, and less subject to vote tampering is simply false. Less subject to vote tampering than the old machines with mechanical counters and levers? That's not too hard. Less subject to vote tampering than paper ballots marked by hand, that may be a little more of a challenge. I think it's more fair to say that the attacks and threats will be different, and that the risk of a class break (work out the details of the attack once, then change votes all over the country) is seriously scary. But it's sure not clear to me that adding computers to the mix must decrease security, or even must leave it unchanged. >Peter Trei --John Kelsey, kelsey.j at ix.netcom.com, who is definitely speaking only for himself. PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 From bill.stewart at pobox.com Thu Apr 15 02:37:41 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Thu, 15 Apr 2004 02:37:41 -0700 Subject: Fornicalia Lawmaker Moves to Block Gmail In-Reply-To: <20040414202237.GA1218@dreams.soze.net> References: <20040413014942.GA10968@positron.mit.edu> <20040413095302.GA20870@dreams.soze.net> <029201c42161$3615a8f0$c71121c2@exchange.sharpuk.co.uk> <20040414202237.GA1218@dreams.soze.net> Message-ID: <6.0.3.0.0.20040415022543.0369cd08@pop.idiom.com> At 01:22 PM 4/14/2004, Justin wrote: > > I'm not concerned with the advertising itself. My concern is that the > > Gmail service would provide an unacceptable level of detail on message > > content to whoever's monitoring the advertisement logs. Unacceptable to whom, and what should they do about it if they don't accept it? If Joe Sixpack to trade the privacy issues for the convenience, because like most of the public his value systems prefer dancing pigs to security, that's his business, and if he doesn't, that's his business too. But if Liz Figueroa "doesn't accept it", and makes laws banning it, because she knows better than Joe what's good for him, well that's typical tacky legislator behaviour, and she need to be educated on why the free market really does make people more free. It would be especially tacky if she argued that Google was somehow abusing their quasi-monopolistic powers here - after all, there are probably over 1000 different free or cheap email providers out there, and you can look them up in Google, and of course many of them are out of her jurisdiction. Personally, I'm also concerned about the depth of detail that might or might not be visible to the advertisers. Do they get queries on keywords or phrases the way banner ads do? How much user information gets passed along with them? Does it only get passed if you click on the ad, or on all queries? Do the advertising calculations get done when the mail is received, or only when you read any given message, or also when you search your inbox for keywords? I'm guessing they don't do the former, because you'd otherwise see lots of banner ads for things you receive email about, and I get enough spam already, thank you :-) ---- Bill Stewart bill.stewart at pobox.com From gabe at seul.org Thu Apr 15 02:48:47 2004 From: gabe at seul.org (Gabriel Rocha) Date: Thu, 15 Apr 2004 05:48:47 -0400 Subject: Fornicalia Lawmaker Moves to Block Gmail In-Reply-To: <20040414202237.GA1218@dreams.soze.net>; from justin-cypherpunks@soze.net on Wed, Apr 14, 2004 at 08:22:37PM +0000 References: <20040413014942.GA10968@positron.mit.edu> <20040413095302.GA20870@dreams.soze.net> <029201c42161$3615a8f0$c71121c2@exchange.sharpuk.co.uk> <20040414202237.GA1218@dreams.soze.net> Message-ID: <20040415054847.A5051@moria.seul.org> On Wed, Apr 14, at 08:22PM, Justin wrote: | I'm not concerned with the advertising itself. My concern is that the | Gmail service would provide an unacceptable level of detail on message | content to whoever's monitoring the advertisement logs. I only say something because I have seen this point before and find it ludicrous. How much more detail than the message itself does the advertizing agency need? Google is the one targetting the adds at its customers. Google is the organization with all the emails. If they want to know what's in your emails, they don't need to bother to come up with an elaborate scheme for it... "You never have to delete email" doesn't have to be an advertizing pitch for customers. Rather, it can be a nice nifty advertizing pitch for the feds. Why subpeana the advertizing logs when you can subpeana the emails themselves? From rah at shipwright.com Thu Apr 15 03:09:19 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 15 Apr 2004 06:09:19 -0400 Subject: Clearing Up The Confusion Message-ID: Wired News Clearing Up The Confusion By Paul Boutin? Story location: http://www.wired.com/news/culture/0,1284,63050,00.html 02:00 AM Apr. 15, 2004 PT Science-fiction author Neal Stephenson's latest 800-page dispatch, The Confusion, arrived in stores this week. But Stephenson fans hoping for another brain-wracking, cryptographic puzzle to solve will find a surprise instead: A central scene in the book provides a long, detailed description of the mechanics of 17th-century bills of exchange. Pivotal themes in the book involve the emergence of a cashless market at Lyon, France, and Sir Isaac Newton's 30-year stint at England's national mint. The Confusion, which consists of two 400-page novels interleaved (literally "con-fused") with one another, is the second of three volumes in The Baroque Cycle, a nearly 3,000-page opus that fictionalizes the exploits of Newton and the Royal Society of scientists to which he belonged. In an interview with Wired News, Stephenson, who rose to fame on cyberpunk-themed novels including Snow Crash and Cryptonomicon, said his interest in money and markets dates back to 1994, a time when crypto hackers and Citicorp/Citibank CEO Walter Wriston were equally likely to expound on the concept of money as an information technology. Wired News: Why the shift from cryptography to money and markets? Neal Stephenson: Cyberpunk has been over for a long time. Some would say it was already over by the early '90s. It's over because it became part of the main current of science fiction. One way of thinking about cyberpunk is that it was a process by which SF belatedly came alive to the importance of information technology, and re-evaluated not only the future but also the past in that light. Similar things have been going on more recently with nanotechnology and biotech. Anyway, for the last 10 years or so, money and markets have been inseparable in my mind from other themes that are of great interest to contemporary SF writers. WN: What does this have to do with The Confusion? Stephenson: To fuse means to melt; "con-fuse" means a melting together. When you say "I'm all mixed up" you're saying the same thing in simpler words. At least as far back as Chaucer, "confused" was being used in its current sense of being muddle-headed. The older, technical meaning of melting things together has become obsolete, but alchemists of the 17th century would have been comfortable with it. Confusion de Confusiones is the title of a book written in 1688 by Joseph de la Vega about the Amsterdam stock market. It takes the form of a very long letter written by a Spanish Jew living in Amsterdam to his country cousins who are thinking about moving to the city. He describes the amazingly diverse tactics and schemes used by investors playing the market there. Even though there was only one stock being traded -- the Dutch East India Company -- they had bulls, bears, panics, bubbles and most of the other features of modern bourses. (There is a de la Vega family in The Baroque Cycle, but they are not meant as historical depictions of Joseph and his cousins. I just used the family name as a way of paying homage to this author.) In The Baroque Cycle we have got confusion of a few different sorts: Not only alchemists melting things together, but also pandemonium in the markets, a re-coinage in England (which means gathering together and melting all the old coins) and the confusion of a war between France and her enemies. Prior to the time I'm writing about -- let's say, 1618 to 1650 -- England and the Continent were in a Hobbesian state of war, chaotic and frozen at the same time. Starting around the mid-1650s, things settled down and there was a time of astonishing creativity and flux, which I attempted to capture in the first volume of this series, Quicksilver. What I'm trying to depict in The Confusion is its aftermath: a time when so much has changed, so fast, that things are all unsettled and out of whack, and settling, in a chaotic way, toward a new equilibrium. WN: In a central scene in The Confusion, the entrepreneurial heroine, Eliza, conducts a lengthy parlor game among idle rich Frenchmen and women of Versailles to explain how they can transfer silver safely across the English Channel using a bill of exchange. Did you think your readers also needed the concept explained in detail? Stephenson: This passage is admittedly an expository one, but it's meant to work on a couple of levels. Partly there is a need to acquaint readers of the book with the basic principles of a bill of exchange. But what's much more alien to modern readers, I think, is the notion that the upper crust of that society tried to avoid having anything to do with commerce. Bills of exchange weren't a new concept. They had been around for centuries at the time the book takes place. They were the basis for the medieval economy and the rise of the Italian banking houses. It is, however, a new concept to the nobles to whom Eliza's explaining it, because according to the code of behavior of the noble class, they're not allowed to dirty their hands with commerce. Nowadays, we take it as a given that the most powerful people in any given society will be the ones who have mastered the art of making and holding on to money, but it was different back then. From our point of view, it seems obvious that this was a crazy situation and such a system was bound to fall apart. How it began to crumble is part of the story I'm telling here. WN: In the book, a huge financial crisis hits Western Europe in the early 1690s, driven by a lack of available coinage, as well as the entire French government losing its credit rating. Did that really happen? Stephenson: It really happened. It would take a better economic historian than I to explain why. At some level, trying to explain such events is a little like trying to explain the weather. Very generally, it has to do with the flow of metal around the world. That's important because money is a sort of medium for the exchange of information. When the price of cloth went up in Antwerp, it was because the system of international trade, in some fashion that's too complex for us to understand, was transmitting information about the supply/demand balance. Money makes that kind of information flow better. Nowadays money is electronic and there's plenty of it. Back then, money had to be silver or gold. In those days silver came from the Spanish colonies of Mexico and Peru, and gold came from the Portuguese colony of Brazil. It was transported across the Atlantic to Europe, though English and other privateers did their best to intercept it en route. Some of it circulated in European markets, some was hoarded in the vaults of wealthy families and institutions, and a lot of it flowed east toward India and China. China was notoriously hungry for silver. It was a complicated flow pattern, with any number of sources and sinks and eddies and feedback loops, and like any other such system it was capable of chaotic behavior. If enough people hoarded their metal, a money shortage would develop, which would make it very difficult to conduct trade on any level beyond that of a village market, and throttle the flow of information. The English coinage had been reformed a century and a half earlier, under Elizabeth. Thomas Gresham is rightly or wrongly given credit for this. At any rate, he got rich and endowed Gresham's College in London, which became the clubhouse of the Royal Society. And after the Royal Society luminaries had achieved a foothold in London, and helped rebuild the place after the fire, many of them turned their attention to problems relating to money. John Locke and Isaac Newton debated how much silver should be in a pound sterling, and what the exchange rate ought to be between silver and gold. The Bank of England was founded in 1694 at a time when the economy was almost stopped because of a currency crisis, and a general re-coinage got under way at around the same time. You asked about France's credit rating. This had its ups and downs, which make for a pretty long and complicated story unto itself. I had to set at least a few limits on how much detail I was going to include about such things in this project, and so I've given a highly simplified, streamlined account of it here. The real crash of the old Lyon system occurred some years later, in the early 1700s. In The Baroque Cycle, I have depicted a major crash during the 1690s. This is not far off the mark since the French economy was profoundly screwed up during that period owing to war, famine, hoarding and messed-up coinage. But as always if you want the full story, you need to read some real history. The third volume of Fernand Braudel's Civilization and Capitalism trilogy covers this pretty well. WN: In the novel, Isaac Newton agrees to join the mint in hopes of recovering a legendary horde of special gold that had been scattered around the globe. Is that true? Stephenson: This is altogether fictitious. No one knows why he decided to work at the mint, but there is zero evidence that it had anything to do with recovering some stolen gold. No one can really know what was going on in Newton's head. In trying to get some understanding of why he was interested in alchemy, I've had to rely on scholars who know more about it than I do, like Richard Westfall and Piers Bursill-Hall. And if I state their views wrongly, I apologize in advance. But the gist of it seems to be that Newton was trying to achieve some specific goals with alchemy. Some of those goals might have been religious, but many were clearly scientific. As a scientist, he knew that he could only explain so much with the tools that he was using, and that to advance beyond that point he was going to need a different toolbox. He recognized that a lot of alchemy was nonsense, but he thought that by going about it in a systematic and rational way he'd be able to solve some scientific problems. He would have rejected the label of magician because it might have had dark connotations to him. WN: Any parallels between the economic crises in The Confusion and today's U.S. economy? Stephenson: That's not what I'm aiming for here. I'm not trying to say that this epoch was interesting because it was somehow analogous to the way things are today. I'm saying it was interesting in its own right. Part of what makes it interesting is just how different it was from today's world. This might sound funny after all that I've said above, but I hope that readers won't be conscious of any of the abstract themes that I've been talking about here. This book is meant to work as a yarn. I hope that readers will take it as such. If they also want to go think deep thoughts about currency fluctuations during the 1690s, then there's plenty of that in here for those who want to read it on that level. Everything I've talked about above took place in a world full of pirate ships, sword fights, seductive courtesans, picaroons and other staples of the bodice-ripping and swashbuckling genres, which I have not been above putting into these books. Neal Stephenson will serve as toastmaster for the Nebula Awards in Seattle this week, and will appear at the Los Angeles Times Festival of Books on April 25. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From dave at farber.net Thu Apr 15 04:59:09 2004 From: dave at farber.net (Dave Farber) Date: Thu, 15 Apr 2004 07:59:09 -0400 Subject: [IP] Cyberspace warriors (MOST INTERESTING djf) Message-ID: From lindac at dimacs.rutgers.edu Thu Apr 15 07:11:24 2004 From: lindac at dimacs.rutgers.edu (Linda Casals) Date: Thu, 15 Apr 2004 10:11:24 -0400 (EDT) Subject: DIMACS Workshop on Electronic Voting -- Theory and Practice Message-ID: ************************************************* DIMACS Workshop on Electronic Voting -- Theory and Practice May 26 - 27, 2004 DIMACS Center, Rutgers University, Piscataway, NJ Organizers: Markus Jakobsson, RSA Laboratories, mjakobsson at rsasecurity.com Ari Juels, RSA Laboratories, ajuels at rsasecurity.com Presented under the auspices of the Special Focus on Communication Security and Information Privacy and the Special Focus on Computation and the Socio-Economic Sciences.. ************************************************ To many technologists, electronic voting represents a seemingly simple exercise in system design. In reality, the many requirements it imposes with regard to correctness, anonymity, and availability pose an unusually thorny collection of problems, and the security risks associated with electronic voting, especially remotely over the Internet, are numerous and complex, posing major technological challenges for computer scientists. (For a few examples, see references below.) The problems range from the threat of denial-of-service-attacks to the need for careful selection of techniques to enforce private and correct tallying of ballots. Other possible requirements for electronic voting schemes are resistance to vote buying, defenses against malfunctioning software, viruses, and related problems, audit ability, and the development of user-friendly and universally accessible interfaces. The goal of the workshop is to bring together and foster an interplay of ideas among researchers and practitioners in different areas of relevance to voting. For example, the workshop will investigate prevention of penetration attacks that involve the use of a delivery mechanism to transport a malicious payload to the target host. This could be in the form of a ``Trojan horse'' or remote control program. It will also investigate vulnerabilities of the communication path between the voting client (the devices where a voter votes) and the server (where votes are tallied). Especially in the case of remote voting, the path must be ``trusted'' and a challenge is to maintain an authenticated communications linkage. Although not specifically a security issue, reliability issues are closely related and will also be considered. The workshop will consider issues dealing with random hardware and software failures (as opposed to deliberate, intelligent attack). A key difference between voting and electronic commerce is that in the former, one wants to irreversibly sever the link between the ballot and the voter. The workshop will discuss audit trails as a way of ensuring this. The workshop will also investigate methods for minimizing coercion and fraud, e.g., schemes to allow a voter to vote more than once and only having the last vote count. This workshop is part of the Special Focus on Communication Security and Information Privacy and will be coordinated with the Special Focus on Computation and the Socio-Economic Sciences. This workshop follows a successful first WOTE event, organized by David Chaum and Ron Rivest in 2001 at Marconi Conference Center in Tomales Bay, California (http://www.vote.caltech.edu/wote01/). Since that time, a flurry of voting bills has been enacted at the federal and state levels, including most notably the Help America Vote Act (HAVA). Standards development has represented another avenue of reform (e.g., the IEEE Voting Equipment Standards Project 1583), while a grassroots movement (http://www.verifiedvoting.org) has arisen to promote the importance of audit trails as enhancements to trustworthiness. ************************************************************** Program: This is a preliminary program. Wednesday, May 26, 2004 7:45 - 8:20 Breakfast and Registration 8:20 - 8:30 Welcome and Opening Remarks Fred Roberts, DIMACS Director 8:30 - 9:15 Ron Rivest (tentative) 9:15 - 10:15 Rebecca Mercuri 10:15 - 10:45 Break 10:45 - 11:30 David Chaum 11:30 - 12:15 Michael Shamos 12:15 - 1:30 Lunch 1:30 - 1:50 European online voting experiences Andreu Riera i Jorba 1:50 - 2:10 Providing Trusted Paths Using Untrusted Components Andre Dos Santos 2:10 - 2:30 Internet voting based on PKI: the TruE-vote system Emilia Rosti 2:30 - 2:50 Andy Neff 2:50 - 3:10 Aggelos Kiayas 3:10 - 3:30 How hard is it to manipulate voting? Edith Elkind and Helger Lipmaa 3:30 - 3:50 Towards a dependability case for the Chaum e - voting scheme Peter Ryan 3:50 - 4:20 Break 4:20 - 4:40 Secure practical voting systems: A Cautionary Note Quisquater 4:40 - 5:25 Rob Ritchie 5:25 - 6:10 Panel (moderator: David Chaum) 6:10 - 7:30 Buffet Dinner - Reception - DIMACS Lounge Thursday, May 27, 2004 7:45 - 8:30 Breakfast and Registration 8:30 - 9:15 Rice University "hack - a - vote" project Dan Wallach 9:15 - 9:50 David Jefferson 9:50 - 10:10 Jeroen Van de Graaf 10:10 - 10:30 Voting, Driving, Death, and Social Security: The risk of centralized voter registration Data Guy Duncan 10:30 - 11:00 Break 11:00 - 11:20 Pedro Rezende 11:20 - 12:05 On optical scanning Doug Jones 12:05 - 1:30 Lunch 1:30 - 2:15 SERVE project Barbara Simons 2:15 - 3:00 Moti Yung 3:00 - 3:20 Ed Gerck 3:20 - 3:50 Break 3:50 - 4:10 Tatsuaki Okamoto 4:10 - 4:30 Lessions from Internet voting during 2002 FIFA WorldCup Korea/Japan(TM) Kwangjo Kim 4:30 - 4:50 Kazue Sako 4:50 - 5:50 Panel (moderator: Sanford Morganstein) ******************************************************************** Registration: (Pre-registration deadline: May 20, 2004) Please see website for complete registration details. ********************************************************************* Information on participation, registration, accomodations, and travel can be found at: http://dimacs.rutgers.edu/Workshops/Voting/ **PLEASE BE SURE TO PRE-REGISTER EARLY** ******************************************************************** --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From emc at artifact.psychedelic.net Thu Apr 15 11:02:53 2004 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Thu, 15 Apr 2004 11:02:53 -0700 (PDT) Subject: US Brings Freedom of Expression to Iraq Message-ID: <200404151802.i3FI2sK1017736@artifact.psychedelic.net> For extra credit, try to find even one mainstream newspaper in AmeriKKKa's Rah Rah "free" press in which this international wireservice story is printed. See the Neocons argue that because the story only appears in the Arab press, it can't be true. Hey, it worked with Accused Jewish War Criminal Ariel Sharon's "The Jewish people control AmeriKKKa" remarks. Somehow, I don't think beating people and bulldozing their houses and businesses every time some writing or image the US chooses to characterize as "anti-Coalition" is spotted, does much to further the US message that we are bringing "democracy" to Iraq, and that those opposed to our behavior "hate our freedoms." It's too bad an alien power can't just lift all 157,000 US troops and associated military hardware from Iraq, compact it into a cube, and drop it on the White House lawn for Shrub to explain to the AmeriKKKan people. I once said "there are no civilians in Israel, not even the babies" after the Jewish people re-elected Accused War Criminal and Egregious Human Rights Violator Ariel Sharon in an overwhelming landslide, enthusiastically supporting his defiance of International Law, and deliberate oppression of the Palestinian people. If the AmeriKKKan people re-elect George W. Bush, who has made a mockery of the UNited Nations, started a war of conquest based on deliberate lies, in violation of International Law, with complete contempt for the wishes of the world community, I don't suppose there'll be any civilians in AmeriKKKa either, and therefore, it will be impossible to label any destructive act committed against the US, either at home or abroad, as "terrorist." ----- KUT, Iraq (AFP) - An Iraqi has died of his wounds after US troops beat him with truncheons because he refused to remove a picture of wanted Shiite Muslim leader Moqtada al-Sadr from his car, police said Wednesday. The motorist was stopped late Tuesday by US troops conducting search operations on a street in the central city of Kut, Lieutenant Mohamad Abdel Abbas told AFP. After the man refused to remove al-Sadr's picture from his car, the soldiers forced him out of the vehicle and started beating him with truncheons, he said. US troops also detained from the same area five men wearing black pants and shirts, the usual attire of al-Sadr's Mehdi Army militiamen and followers. Qassem Hassan, the director of Kut general hospital, identified the man as Salem Hassan, a resident of a Kut suburb. He said the man had died of wounds sustained in the beating. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From eugen at leitl.org Thu Apr 15 02:33:05 2004 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 15 Apr 2004 11:33:05 +0200 Subject: Voice Over IP On Wireless Mesh (fwd from brian-slashdotnews@hyperreal.org) Message-ID: <20040415093305.GD1026@leitl.org> ----- Forwarded message from brian-slashdotnews at hyperreal.org ----- From kutz1 at bezeqint.net Thu Apr 15 05:14:48 2004 From: kutz1 at bezeqint.net (Yuval Dror) Date: Thu, 15 Apr 2004 14:14:48 +0200 Subject: Cyberspace warriors Message-ID: Dave, I have this feeling that you will find the following article, published in this weekend magazine edition of Haaretz, very interesting... Yuval. http://www.haaretz.com/hasen /spages/415859.html Cyberspace warriors [] [] By Yuval Dror [] Following the trauma of 9/11, Israeli-born computer security expert Prof. Abraham Kandel heads a federally funded institute in Florida whose mission is to monitor information about terrorist activity on the Internet. A look at how scientists are battling the spread of terrorist communications on the World Wide Web. [] The Twin Towers were only the beginning, says Prof. Abraham Kandel, who fears an attempt by terrorists to shut down the entire Internet. Kandel is the executive director of the National Institute for Systems Test and Productivity in the United States, a federally-funded research institute operated by the University of South Florida and sponsored by the Space and Naval Warfare Systems Command (www.nistp.csee.usf.edu). Much of the institute's work is secret; its staff is developing tools to monitor information about terrorist activity on the Internet. The programs they are working on can be compared to a huge filter that constantly checks millions of electronic messages with the aim of deciding which of them could lead to terrorists. [] [] "Our programs analyze sentences such as `I sent you ten yams and five lemons' and have to decide whether the sender of the message is a greengrocer or a terrorist who is informing someone about a shipment of explosives," Kandel explains. "We want to know everything. We want to know who's using the Internet and how they are using it. `Who's who in the zoo' is the best description I can offer of our motivation: we want to know where everyone is located, in which cage. If he changes his color, like a chameleon, and disappears, we still want to locate him using our method of operation. We want to identify transfers of money, knowledge or instructions of terrorist bodies." Kandel is aware that his programs are liable to infringe on the privacy of hundreds of millions of people who have nothing to do with terrorism. However, he is not losing any sleep over this, he says. "Our job is to find the needle in the haystack before it's too late," he says. Since September 11, 2001, the U.S. administration has become a laboratory of plans and software programs to locate online activity. New and invasive laws, which were adopted a few days after the attacks on the Twin Towers and the Pentagon, make it possible for the law enforcement authorities to monitor the citizens of the United States. The laws, which substantially reduce Americans' sacred right to privacy, were enacted almost without opposition after it was discovered that the terrorists had lived, learned how to fly and planned their devastating actions on the soil of the United States, and more specifically in the state of Florida. However, monitoring phone calls, e-mail messages, surfing habits on the Web, chat room conversations and announcements in discussion forums is only half the story. The other half entails selecting from the billions of words making their way across the Web the particles of information that will lead to potential terrorists. Reports that were published after September 11, 2001, showed that some of the information linking the perpetrators to the act of terrorism was in the possession of American intelligence bodies, but that they failed to put the puzzle together into one clear picture that would make it possible for them to issue a warning about the biggest terrorist operation in history. One of the systems that drew considerable media and public attention in the United States is known as Carnivore. Developed by the FBI in the 1990s, the system was rapidly and aggressively implemented within days of September 11. Carnivore intercepts and analyzes information that is collected directly from the servers of the Internet providers in the United States. Kandel is unwilling to say whether his system integrates with Carnivore. "Carnivore is not a program but a concept," he says. "It's possible that our tools can be integrated into Carnivore, but that's not my decision, and in any event those who use our programs don't report to me about where and how they use them." Identifying intentions Even before the first question was asked, Kandel ascertained that the condition for conducting the interview was agreed on: his place of residence must be kept secret. He's 62, Israeli-born and holds a degree in electrical engineering from the Haifa Technion. After the 1967 Six-Day War he decided to make a short visit to the United States ("I told my mother-in-law that I'd be back within a year," he relates) to complete his studies. He ended up staying there. Today he describes himself as an American, adding that he spends a lot of time in Israel. "I have spent all my sabbaticals, with the exception of one, in Israel. I feel at home here." Kandel's field of expertise in the institution he heads is in a fascinating side area of mathematics and computers, known as "computational intelligence." It encompasses theories and doctrines in fields such as "fuzzy logic," "sensor networks," "genetic algorithms" (algorithms that emulate biological evolution and encourage the creation of mutations), "data mining" and others. These methods help computers to make decisions in conditions of uncertainty and in an environment that does not produce precise data by integrating them into a "learning" system. "Human language is fuzzy language, which is statistically imprecise," Kandel says. "When I say I met a tall man, the listener is called upon to analyze my intentions solely on the basis of the term `tall,' which is a pretty vague term, yet he is capable of understanding what I am talking about." Kandel offers another example. "Let's say that the world's greatest expert on differential equations is driving his car and suddenly the traffic light in front of him changes from green to red. Does the expert mentally calculate the formulae relating to the friction of the tires with the road in order to decide whether to stop or keep going? No. He uses the same type of information and intuition that we know how to catch and introduce into a computer program." According to Kandel, many cars now have chips based on the laws of fuzzy logic that determine, for example, when the gears should be changed in an automatic gearbox. "When you integrate fuzzy logic into computers or chips that have to make decisions, you get systems that are not only smart but also strong in terms of real-time decision making." A good many years went by between the time Kandel decided to specialize in the field of computational intelligence and his involvement in ferreting out terrorism. Along the way he became one of the world's leading experts in the field, wrote more than 40 books and 500 papers on the subject, was a department head at the University of Florida for 13 years and then headed a department at the University of Southern Florida for 12 years. Gradually he began to apply his expertise to industrial products as well. "Beyond my academic work, I have served as an adviser to bodies such as the U.S. Air Force in spheres of software security and checking software quality, and for Israeli bodies such as Israel Aircraft Industries [IAI]." One of the major applications of fuzzy logic, Kandel says, was carried out in an automatic landing system of an RPV (a pilotless aircraft), which was developed for IAI. Because of his ties with the U.S. Air Force, administration officials asked him, at the end of the 1990s, to establish an institute that would examine software systems. Initially this had nothing to do with the struggle against terrorism. "The Department of Defense discovered that it was losing $80 billion a year because of software that doesn't work properly," Kandel says. "A program that orders a missile to leave the launcher but sends it to the wrong building means a financial loss. The institute was established in an effort to harness the technologies in which I specialize to the automatic examination of computer programs. The major motivation was to save money for the Department of Defense." Then came the events of September 11, 2001. Kandel relates that at the time his young son was working in one of the buildings of the Twin Towers complex. A few weeks earlier he had complained of back pains and had consulted with his father about whether to see a chiropractor. Kandel said he would pay for the consultation. The appointment was for September 11, and thus he was saved. "For a whole week I just stared into the television set," Kandel relates. "I couldn't move. The event had a tremendous impact on me." Immediately afterward he decided to see whether it would be possible to utilize the automatic technologies that examine the working order and efficiency of code lines in computer programs. "I was pleased that the answer was positive," Kandel says. The positive answer brought about a change in the institute's order of priorities and a large injection of funds into the new sphere. The terms Kandel uses stimulate the imagination. "I got into a field called `perception management,' which has the task of managing a computerized system that tries to understand what a certain person's intentions are." The institute staff are apparently utilizing every technology that is capable of learning from its own experience and is capable of simulating the activity of the human brain. As such, the programs have a tremendous advantage: Instead of employing thousands of people who will go over every piece of information and decide its value (not important, important, how important), the computer does the initial filtering by emulating people's mode of thought and way of decision-making. The result is that only the pieces of information that the computer selects as especially important are conveyed for human examination. The systems are programmed in such a way that whenever they make new decisions they learn, improve and become "smarter." Kandel is currently in Israel to carry out a study during the coming academic year, commissioned by the U.S.-Israel Educational Foundation (founded in 1956 to administer the Fulbright Program between the United States and Israel) in cooperation with the Faculty of Engineering at Tel Aviv University. On April 22 the university will hold the first-ever conference in which experts from the field of terrorism and from other fields will lecture on cybernetic terror and the development of tools to monitor activity on the Internet. Secret civilian institute The National Institute for Systems Test and Productivity (NISTP) is a civilian body, whose funding is decided on by the subcommittee for military appropriations in Congress, with the budgets being transferred via the U.S. Navy. Another investor is Boeing, the aircraft manufacturer. The NISTP transfers its products to the Navy, which in turn transfers them to other government bodies. The size of the institute's budget is secret, as is the number of people it employs (it's thought to be a few dozen). The institute's Web site in no way hints at the actual activity it is engaged in. The institute also underwrites the activity of researchers in other countries, including a research group at Ben-Gurion University of the Negev in Be'er Sheva ($250,000 a year). The group in the Negev, Kandel says, is in daily touch with the Florida institute. Part of the activity in Be'er Sheva is funded by the Israeli defense establishment; it's reasonable to assume that at least some of the knowledge accumulated by the American institute ultimately reaches Israeli intelligence bodies as well. "The real battle is moving from the conventional fields to cyberspace," Kandel maintains. "Ten divisions of tanks and five air squadrons wouldn't have helped stop September 11. Accordingly, the tools that are used to fight the new warfare also have to be different." According to Kandel, terrorists make use of the communications networks, and the Internet above all, to coordinate activity and transfer information. It is possible that they will come to understand that the damage they could inflict on the United States and on the American way of life by striking at the Internet would be greater than any other harm they are capable of. How is it possible to destroy the Web? "We're not talking about developing worms and viruses of the type that attack PCs. This will be a more brutal and more destructive assault. The only thing that many organizations have today to defend themselves against that kind of attack is a firewall of one kind or another." What's wrong with that? Companies such as Checkpoint have built an empire around firewall protection. "There's nothing wrong with it. But it's worth asking why companies like Checkpoint or Aladdin or other Israeli companies don't obtain huge contracts from American defense bodies. The answer is not that it's because they are Israeli - after all, I fund activity in Israel with the consent of the U.S. Navy. The reason is that they are developing protective tools that can provide protection up to a certain level against hackers who have a certain background in infiltrating sites. Apparently there is some slight difference between protecting a business organization and protecting U.S. governmental bodies." If so, why don't you develop tools for nongovernmental needs as well? "When I hire new people, I usually ask them if in their opinion it would be possible to launch a startup company that would be based on one of our developments. If he says yes, I show him the door. We are not working for an IPO on the Nasdaq. True, the salaries aren't bad - we don't work for free - but our target market is clear and we work for it alone. There is a great advantage in not seeking to go public and in not having the limitations of a commercial company." Of golems and moles Kandel rejects out of hand the contention that he is engaged in developing software that is the equivalent of the modern crystal ball. "They are wonderful systems, but they don't predict everything. They deal with forecasting that is based on the analysis of existing information. They are systems with power, but their power is anchored in the information that they are fed." And where does the information come from? "We are an organization of five initials; we get our information from organizations of three initials," he laughs, and says he is referring to USF (University of Southern Florida). But he doesn't really mean USF. In the United States alone there are many intelligence organizations of three initials: CIA, FBI and NSA (National Security Agency) are only the best-known of them. It's reasonable to assume that his systems analyze information from all three bodies. It's an equally reasonable assumption that the NSA uses the institute's information analysis tools. Asked about this, Kandel says he can neither confirm nor deny it. The NSA was established in November 1952 and its main activity is cracking enemy codes (so that it will be possible to listen to the enemy) and protecting U.S. government codes (to protect the government from snoopers). In a document outlining intentions for the new century, the NSA declared that it will "develop applications to leverage emerging technologies and sustain both our offensive and defensive information warfare capabilities." The time may have come to establish an Israeli NSA, Kandel says. "The American NSA is not a military body, it's a civilian one. True, it's a secret body, but it's overseen by congressional subcommittees. Unfortunately, in Israel there are no research institutes like mine. Most of the research institutes in Israel produce position papers - they don't develop tools. It's time to act to establish a civilian agency on the model of the NSA and to start a massive development of intelligence tools. Everyone will gain from that." You deal with information that's received from intelligence agencies. Is all the information you handle classified? "No way. You'd be amazed at how much free information is available on the Internet. All you have to know is how to snatch it from the air, download it and view it. The terrorists love publicity and love to publicize themselves." Google, the most successful search engine on the Web, analyzes only 3 billion of about 30 billion pages that exist on the Internet. Do you have a better search engine than Google? Kandel is silent. "I can't answer that question," he says, his face serious. On the other hand, he is ready to talk at length about the moral dilemma he and his staff face when they develop tools that the government is liable to use in order to infringe on people's private lives. Whenever someone uses one of your tools, he monitors my e-mail and turns me into a potential suspect. Doesn't that bother you? "There are two dilemmas here: one legal, the other moral. At the legal level, we don't make a move without the university's lawyers. If I want to develop a certain feature within the software, I first of all check to make sure that it's not against the law. I have no control or information concerning the end users of our software. The problem at the moral level is far greater." Kandel here offers a surprising analogy. "We are like the group of physicists who worked on developing the atomic bomb at Los Alamos. While they were developing the bomb, did the scientists have a moral problem, when it was clear that what was at stake was deciding the war? On the other hand, I wouldn't want to have been in the shoes of Oppenheimer or Fermi when Hiroshima and Nagasaki were blown up." But there is a problem of balance here - we have to fight terrorism, but is it to be done at any price? "No, not at any price, but it seems to me that the price we are paying is a proper one. Do you have any doubt that every one of the families of those who were killed in the terrible attack would be ready to have their e-mail scanned, to have it monitored, if that would have prevented the attack?" In practice, though, that is never the question, is it? "That's right, and we still have to examine the dilemma in those terms. True, public opinion views the tools we are developing as a type of illegal hacking into their privacy, but we are developing the programs in order to protect them." Aren't you concerned that you are creating a type of golem that will one day rise up against its master? "Yes, we are developing a golem, maybe even a few of them. But still, I'm not worried. I'm more worried that one of my employees might be a mole. I lose sleep over that. Is the atomic bomb a type of golem? Probably it is, but the tools we are developing are not meant for offensive purposes, only for defense. They are intended for protection against people who want to destroy, who want to attack civilization and our way of life. I sleep well at night; I have no qualms of conscience." Following the money trail Kandel is stingy with technical explanations about the operation of his systems. When asked about the power of the computerization needed to run the institute's programs, he replies, "Every ordinary supercomputer supplies our needs," like someone who is used to having supercomputers at his disposal. He declines to answer other questions. Sometimes he is silent for some time before he succeeds in mentally formulating a reply that will answer the question without giving away too much information. One of the central goals in the struggle against the terrorists, he says, is to locate their sources of funding. "If you succeed in blocking the money, you succeed in blocking them. The problem is that the money has to be blocked before it gets to the bank, otherwise it's a lost cause. We have to locate it when it is transferred immediately after being created." And how is the money created? It turns out that the terrorists have learned to take advantage of the American system to clip coupons - literally. "Every Sunday booklets of coupons are inserted in the papers," Kandel explains. "The American clips the coupons and receives a discount of, say, 25 percent on the price of a bottle of Coca-Cola. The shop owner sends the coupons to the Coca-Cola Company and receives in return a cash payment for the value of every coupon he sends, plus 7 percent." The terrorists buy newspapers, too, Kandel says. "The whole family sits and clips all the coupons. There are many branches of supermarkets in the United States, whose local managers act as accomplices to terror. The method is quite simple. The father of the family - which has clipped out all the coupons - takes them to the branch manager but doesn't buy Coca-Cola or anything else with them. The manager takes the coupons to Coca-Cola and other companies, gets their value plus 7 percent, and gives the money to the father of the family. >From this point the money begins to roll on. "Now it's a game of mathematics," Kandel says. "If coupons worth $30 or $40 are attached to the paper every Sunday, and in the United States there are a few thousand families like this who cut out coupons - after putting a dollar into the automatic newspaper vendor but pulling out a few dozen newspapers - it won't be long before hundreds of thousands or even millions of dollars are collected." When asked how the institute's software is able to differentiate between legitimate money transfers and transfers made as part of the "coupon scam," he smiles as though hiding a secret. "The systems we have developed don't search aimlessly through databases and Internet communications. They are fed with diverse pieces of information. If you don't know what to look for, everything seems to be the same color and there's no way to select between the legal and the illegal. But if you know where to start, it becomes simpler." Kandel offers an example from the financial market, which relies on sources of information and a different type of research. "Officially, everyone can tell you what the dollar rate is and what the interest rate is, but as a sharp financier you want to know what the whisperers are saying, those who are considered to be in the know. If you're connected to the right sources, if you know how to look for the information in the right place, you get a lead that makes it possible for you to know what and whom to concentrate on. That's the stage at which the search becomes interesting."n ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From frantz at pwpconsult.com Thu Apr 15 14:19:32 2004 From: frantz at pwpconsult.com (Bill Frantz) Date: Thu, 15 Apr 2004 14:19:32 -0700 Subject: voting In-Reply-To: <5.2.0.9.0.20040414223638.048444c0@pop.ix.netcom.com> References: Message-ID: One area we are not addressing in voting security is absentee ballots. The use of absentee ballots is rising in US elections, and is even being advocated as a way for individuals to get a printed ballot in jurisdictions which use electronic-only voting machines. Political parties are encouraging their supporters to vote absentee. I believe that one election in Oregon was recently held entirely with absentee ballots. For classic polling place elections, one strength of an electronic system which prints paper ballots is that there are two separate paths for the counts. The machine can keep its own totals and report them at the end of the election. These totals can then be compared with the totals generated for that precinct by counting the paper ballots. This redundancy seems to me to provide higher security than either system alone. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | "There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet." -- Dean Tribble | Los Gatos, CA 95032 From Freematt357 at aol.com Thu Apr 15 12:11:29 2004 From: Freematt357 at aol.com (Freematt357 at aol.com) Date: Thu, 15 Apr 2004 15:11:29 EDT Subject: OHP's Col. Paul McClellan Makes Misleading Statements about MATRIX Database? Message-ID: <7f.451cd547.2db03861@aol.com> Note from Matt Gaylor: Ohio Highway Patrol Superintendent, Colonel McClellan says in the below article that the availability of the Matrix database could have brought more law-enforcement attention sooner to the recent Columbus-area car shootings that included the killing Nov. 25 of Gail Knisley on I-270. Additionally, Colonel McClellan commented that he can get better Intel from the public library than he can at his office. Col. McClellan's statements are somewhat strange given the fact that Ohio had already been enrolled in the MATRIX database surveillance system during the sniper shootings. This raises the question of the usefulness of the MATRIX system in general or the Patrol's ability to use the system. Col. McClellan gives the impression that Ohio does not have access to the MATRIX system, when in fact Ohio does. --- Article published Friday, April 9, 2004 Database search system debated Police agencies, civil libertarians divided over online records access By DAVID PATCH BLADE STAFF WRITER http://www.toledoblade.com/apps/pbcs.dll/article?AID=/20040409/NEWS03/4040903 85/-1/NEWS Information in a controversial database searching system already is publicly available but not coordinated so law-enforcement officials can easily use it to investigate crimes or thwart terrorism, the head of the Ohio Highway Patrol told a local trucking group yesterday."Right now, the public library has better information than we do," Col. Paul McClellan, the patrol's superintendent, told the Toledo Trucking Association at the Toledo Club. "When I go home at night, I can find out more about people by surfing the Internet on my home computer than I can in my office." The MATRIX search system, which combs public records like driver's licenses, vehicle registrations, court records, and land transaction information, is available only to law-enforcement personnel with a specific investigative purpose, the colonel said. The system, whose name stands for Multi-State Anti-Terrorism Information Exchange, is managed by a Florida firm under contract to five states that are piloting it, including Ohio and Michigan. So far, however, Ohio is not fully participating by contributing photos or Social Security numbers from its licensing records, the colonel said. Civil libertarians argue that the system is an open invitation for police to track the behavior of ordinary citizens, regardless of their involvement in criminal or terrorist activities. MATRIX effectively is "an advanced surveillance system" designed not only to "build dossiers on all of our lives," but also to allow rapid mathematical searches for supposed irregular patterns that might identify troublemakers, according to the American Civil Liberties Union. "Judgments about reasonable suspicion of criminal activity are fundamentally human judgments that cannot now be made accurately by computers," the ACLU said in a recent position paper on the subject. "They make it sound like such an ominous project, but it's not. It's very open," responded Sal Hernandez, vice president of Seisint, Inc., a Boca Raton, Fla.-based information services firm that pioneered the system and manages it for its multistate clients. MATRIX data represent "things the cops already have, but it's putting it all in one place and letting the police access it faster." Dean Kaplan, the trucking association's president who, with his wife, operates a local trucking firm specializing in hazardous materials transport, said his main concern about the system would be if its capability "gets into the wrong hands." Seisint asserts that the system is protected by the most advanced online security available. Colonel McClellan, meanwhile, said that availability of such a system could have brought more law-enforcement attention sooner to the recent spate of Columbus-area car shootings that included the killing Nov. 25 of Gail Knisley on I-270. Only after Mrs. Knisley's death did area police start comparing notes and realize that each had received similar reports of gunshots hitting vehicles on I-270 and other nearby roads, he said. A system like MATRIX would have allowed various agencies to enter what they knew about the case and start narrowing the field of suspects sooner, he said. Charles C. McCoy, Jr., 28, who was arrested March 17 in Las Vegas, pleaded not guilty Monday to charges accusing him of 12 of 24 shootings dating to May, 2003. Contact David Patch at: dpatch at theblade.com or 419-724-6094. ### Distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. --- From camera_lumina at hotmail.com Thu Apr 15 12:33:31 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 15 Apr 2004 15:33:31 -0400 Subject: US Brings Freedom of Expression to Iraq Message-ID: "I don't suppose there'll be any civilians in AmeriKKKa either, and therefore, it will be impossible to label any destructive act committed against the US, either at home or abroad, as "terrorist."" Ah shit I hate hearing this. Is it possible to retroactively re-cast a "terrorist" attack (eg, World Trade Center) into regular old, 'valid' warfare? Bush policies seem to be doing this. Meanwhile, it seems Al Qaeda has offered some kind of bizarre 'treaty" to the Europeans while hardening their stance on the US. SOunds like there getting smarter... -TD >From: Eric Cordian >To: cypherpunks at minder.net >Subject: US Brings Freedom of Expression to Iraq >Date: Thu, 15 Apr 2004 11:02:53 -0700 (PDT) > >For extra credit, try to find even one mainstream newspaper in AmeriKKKa's >Rah Rah "free" press in which this international wireservice story is >printed. > >See the Neocons argue that because the story only appears in the Arab >press, it can't be true. Hey, it worked with Accused Jewish War Criminal >Ariel Sharon's "The Jewish people control AmeriKKKa" remarks. > >Somehow, I don't think beating people and bulldozing their houses and >businesses every time some writing or image the US chooses to characterize >as "anti-Coalition" is spotted, does much to further the US message that >we are bringing "democracy" to Iraq, and that those opposed to our >behavior "hate our freedoms." > >It's too bad an alien power can't just lift all 157,000 US troops and >associated military hardware from Iraq, compact it into a cube, and drop >it on the White House lawn for Shrub to explain to the AmeriKKKan people. > >I once said "there are no civilians in Israel, not even the babies" after >the Jewish people re-elected Accused War Criminal and Egregious Human >Rights Violator Ariel Sharon in an overwhelming landslide, >enthusiastically supporting his defiance of International Law, and >deliberate oppression of the Palestinian people. > >If the AmeriKKKan people re-elect George W. Bush, who has made a mockery >of the UNited Nations, started a war of conquest based on deliberate lies, >in violation of International Law, with complete contempt for the wishes >of the world community, I don't suppose there'll be any civilians in >AmeriKKKa either, and therefore, it will be impossible to label any >destructive act committed against the US, either at home or abroad, as >"terrorist." > >----- > >KUT, Iraq (AFP) - An Iraqi has died of his wounds after US troops beat >him with truncheons because he refused to remove a picture of wanted >Shiite Muslim leader Moqtada al-Sadr from his car, police said >Wednesday. > >The motorist was stopped late Tuesday by US troops conducting search >operations on a street in the central city of Kut, Lieutenant Mohamad >Abdel Abbas told AFP. > >After the man refused to remove al-Sadr's picture from his car, the >soldiers forced him out of the vehicle and started beating him with >truncheons, he said. > >US troops also detained from the same area five men wearing black >pants and shirts, the usual attire of al-Sadr's Mehdi Army militiamen >and followers. > >Qassem Hassan, the director of Kut general hospital, identified the >man as Salem Hassan, a resident of a Kut suburb. > >He said the man had died of wounds sustained in the beating. > >-- >Eric Michael Cordian 0+ >O:.T:.O:. Mathematical Munitions Division >"Do What Thou Wilt Shall Be The Whole Of The Law" > _________________________________________________________________ MSN Toolbar provides one-click access to Hotmail from any Web page  FREE download! http://toolbar.msn.com/go/onm00200413ave/direct/01/ From rah at shipwright.com Thu Apr 15 14:06:56 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 15 Apr 2004 17:06:56 -0400 Subject: DIMACS Workshop on Electronic Voting -- Theory and Practice Message-ID: --- begin forwarded text From eugen at leitl.org Thu Apr 15 08:28:25 2004 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 15 Apr 2004 17:28:25 +0200 Subject: [IP] Cyberspace warriors (MOST INTERESTING djf) (fwd from dave@farber.net) Message-ID: <20040415152825.GT1026@leitl.org> ----- Forwarded message from Dave Farber ----- From egerck at nma.com Thu Apr 15 18:58:46 2004 From: egerck at nma.com (Ed Gerck) Date: Thu, 15 Apr 2004 18:58:46 -0700 Subject: voting References: <5.2.0.9.0.20040414223638.048444c0@pop.ix.netcom.com> Message-ID: <407F3DD6.D4F5C158@nma.com> John Kelsey wrote: > > At 11:05 AM 4/9/04 -0400, Trei, Peter wrote: > .... > >1. The use of receipts which a voter takes from the voting place to 'verify' > >that their vote was correctly included in the total opens the way for voter > >coercion. > > I think the VoteHere scheme and David Chaum's scheme both claim to solve > this problem. The voting machine gives you a receipt that convinces you > (based on other information you get) that your vote was counted as cast, > but which doesn't leak any information at all about who you voted for to > anyone else. Anyone can take that receipt, and prove to themselves that > your vote was counted (if it was) or was not counted (if it wasn't). The flaw in *both* cases is that it reduces the level of privacy protection currently provided by paper ballots. Currently, voter privacy is absolute in the US and does not depend even on the will of the courts. For example, there is no way for a judge to assure that a voter under oath is telling the truth about how they voted, or not. This effectively protects the secrecy of the ballot and prevents coercion and intimidation in all cases. Thus, while the assertion that "Only if all the trustees collude can the election be defrauded" may seem to be reasonable at first glance, it fails to protect the system in the case of a court order -- when all the trustees are ordered to disclose whatever they know and control. Also, the assertion that "All of this is possible while still m aintaining voter secrecy and privacy essential to all public elections" is incorrect, for the same reason. Moreover, the assertion that "Vote receipts cannot be used for vote selling or to coerce your vote" is also incorrect, for the same reason. These shortcomings do not depend on any specific flaw of a shuffling process, a TTP, or any other component of either system. Rather, it is a design flaw. A new election system should do "no harm" -- reducing the level of voter privacy and ballot secrecy should not be an acceptable trade-off for changing from paper to electronic records, or even electronic verification. Court challenges are a real scenario that election officials talk about and want to avoid. Without making voter privacy inherently safe from court orders, voter privacy and ballot secrecy are at the mercy of casuistic, political and corruption influences -- either real or potential. When the stakes are high, we need fail-safe procedures. Now, you may ask, is there any realistic possibility of a court order for all trustees to reveal their keys? Yes, especially in a hot and contested election -- and not only Bush vs. Gore. Many local elections are very close and last year an election in California was decided by *one* vote. For example, the California Secretary of State asked this as an evaluation question, when they were testing voting systems for the 2000 Shadow Election Project. The question was whether and to what extent the voting system could be broken under court order  for example, if some unqualified voters were wrongly allowed to vote in a tight election and there would be a court order to seek out and disqualify their votes under best efforts. Perhaps a trustee could be chosen who would be immune even from a US court order? Well, not for a US election, which is 100% under state and/or federal jurisdiction. But there are additional scenarios -- a bug, Trojan horse, worm and/or virus that infects the systems used by all trustees would also compromise voter secrecy and, thereby, election integrity. Cheers, Ed Gerck From mv at cdc.gov Fri Apr 16 11:31:34 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 16 Apr 2004 11:31:34 -0700 Subject: US Brings Freedom of Expression to Iraq Message-ID: <40802686.D3147D9C@cdc.gov> At 03:33 PM 4/15/04 -0400, Tyler Durden wrote: >Ah shit I hate hearing this. Is it possible to retroactively re-cast a >"terrorist" attack (eg, World Trade Center) into regular old, 'valid' >warfare? Bush policies seem to be doing this. We are freedom fighters. They are terrorists. Any questions? >Meanwhile, it seems Al Qaeda has offered some kind of bizarre 'treaty" to >the Europeans while hardening their stance on the US. SOunds like there >getting smarter... What is bizarre about offering a contract? "Get your filthy hands off my desert xor suffer for not doing same" The US said the same (with a more temperate piece of real estate) to the UK, once. Apparently some need to be reminded that gentlemen don't occupy other countries. There are comments in the oral contract which remind the populace that they suffer for the behavior of their "leaders". Its all very obvious. Osama, bless his naif little heart, even credits the populace with being rational, and with controlling the leaders. Obviously he's not paid close enough attention, but reception is poor in the hills. Maybe he thinks Spain's sensitivity is typical. Maybe the weeks leading up to the next US Election will be extra fun. Good luck getting any reasonable discussion about the truce in this country. There's also a PR value to other Moslems in offering a truce. And the morality of warning before acting. Maybe some stego value too, but that would be paranoid. From egerck at nma.com Fri Apr 16 11:43:57 2004 From: egerck at nma.com (Ed Gerck) Date: Fri, 16 Apr 2004 11:43:57 -0700 Subject: voting References: <5.2.0.9.0.20040414223638.048444c0@pop.ix.netcom.com> <5.1.0.14.0.20040416085123.00a23ba0@pop.theworld.com> Message-ID: <4080296D.18F94552@nma.com> David Jablon wrote: > > I think Ed's criticism is off-target. Where is the "privacy problem" with > Chaum receipts when Ed and others still have the freedom to refuse > theirs or throw them away? The privacy, coercion, intimidation, vote selling and election integrity problems begin with giving away a receipt that is linkable to a ballot. It is not relevant to the security problem whether a voter may destroy his receipt, so that some receipts may disappear. What is relevant is that voters may HAVE to keep their receipt or... suffer retaliation... not get paid... lose their jobs... not get a promotion... etc. Also relevant is that voters may WANT to keep their receipts, for the same reasons. > It seems a legitimate priority for a voting system to be designed to > assure voters that the system is working. As long as this does not go against the 'first law' for public voting systems: voters must not be linkable to ballots. The 'second law' also takes precedence: ballots are always secret, only vote totals are known and are known only after the election ends. > What I see in serious > voting system research efforts are attempts to build systems that > provide both accountability and privacy, with minimal tradeoffs. There is no tradeoff prossible for voter privacy and ballot secrecy. Take away one of them and the voting process is no longer a valid measure. Serious voting system research efforts do not begin by denying the requirements. > If some kind of tradeoff between accountability and privacy is inevitable, There is no such principle. > in an extreme scenario, I'd still prefer the option to make the tradeoff for > myself, rather than have the system automatically choose for me. You don't have this option when the public at large is considered, for a public election. You can do it in a private election for a club, for example, but even then only if the bylaws allow it. Cheers, Ed Gerck From ptrei at rsasecurity.com Fri Apr 16 09:03:13 2004 From: ptrei at rsasecurity.com (Trei, Peter) Date: Fri, 16 Apr 2004 12:03:13 -0400 Subject: voting Message-ID: > Ed Gerck[SMTP:egerck at nma.com] > > John Kelsey wrote: > > > > At 11:05 AM 4/9/04 -0400, Trei, Peter wrote: > > .... > > >1. The use of receipts which a voter takes from the voting place to > 'verify' > > >that their vote was correctly included in the total opens the way for > voter > > >coercion. > > > > I think the VoteHere scheme and David Chaum's scheme both claim to solve > > this problem. The voting machine gives you a receipt that convinces you > > (based on other information you get) that your vote was counted as cast, > > but which doesn't leak any information at all about who you voted for to > > anyone else. Anyone can take that receipt, and prove to themselves that > > your vote was counted (if it was) or was not counted (if it wasn't). > > The flaw in *both* cases is that it reduces the level of privacy > protection > currently provided by paper ballots. > > Currently, voter privacy is absolute in the US and does not depend > even on the will of the courts. For example, there is no way for a > judge to assure that a voter under oath is telling the truth about how > they voted, or not. This effectively protects the secrecy of the ballot > and prevents coercion and intimidation in all cases. > > I'd pretty much dropped this topic after it became clear that Mr. Leichter's only response to the problems that people pointed out in VoteHere's scheme (in particular, its vulnerability to vote coercion, and lack of recountability) was to attempt to redefine them as non-problems. However, since the topic has arisen again..... Ed's got a very good point. I always prefer security which relies for its integrity on the laws of nature, rather than on people behaving with integrity. Peter Trei From emc at artifact.psychedelic.net Fri Apr 16 12:53:58 2004 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Fri, 16 Apr 2004 12:53:58 -0700 (PDT) Subject: US Brings Freedom of Expression to Iraq In-Reply-To: <40802686.D3147D9C@cdc.gov> Message-ID: <200404161953.i3GJrxVU017451@artifact.psychedelic.net> Major Variola (ret) writes: > What is bizarre about offering a contract? "Get your filthy hands off > my desert xor suffer for not doing same" The US said the same (with a > more temperate piece of real estate) to the UK, once. Apparently some > need to be reminded that gentlemen don't occupy other countries. > There are comments in the oral contract which remind the populace that > they suffer for the behavior of their "leaders". Its all very obvious. > Osama, bless his naif little heart, even credits the populace with being > rational, and with controlling the leaders. Obviously he's not paid > close enough attention, but reception is poor in the hills. Maybe he > thinks Spain's sensitivity is typical. Maybe the weeks leading up to the > next US Election will be extra fun. Good luck getting any reasonable > discussion about the truce in this country. I just grabbed a transcript of Osama's remarks and read them. He raises a number of valid objections to US and Jewish behavior, and seems to have a much better grasp of reality than Shrub does. ----- Osama Bin Laden's Offer For Peace Apr 17, 2004 JUS News Desk Editors Note: Here is the complete transcript of Osams bin Laden's latest address as translated by BBC in which he calls for peace with European counrries on the basis that they withdraw from the lands of the Muslims and stop spilling Muslims blood. We remind our viewers that the statements, opinions and points of view expressed in this article are those of the author and shall not be deemed to mean that they are necessarily those of Jihad Unspun, the publisher, editor, writers, contributors or staff. Complete Statement Of Osama Bin Laden Address to the European Countries Praise be to Almighty God; Peace and prayers be upon our Prophet Muhammad, his family, and companions. This is a message to our neighbours north of the Mediterranean, containing a reconciliation initiative as a response to their positive reactions. Praise be to God; praise be to God; praise be to God who created heaven and earth with justice and who allowed the oppressed to punish the oppressor in the same way. Peace upon those who followed the right path: In my hands there is a message to remind you that justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them. The greatest rule of safety is justice, and stopping injustice and aggression. It was said: Oppression kills the oppressors and the hotbed of injustice is evil. The situation in occupied Palestine is an example. What happened on 11 September [2001] and 11 March {the Madrid train bombings] is your commodity that was returned to you. It is known that security is a pressing necessity for all mankind. We do not agree that you should monopolise it only for yourselves. Also, vigilant people do not allow their politicians to tamper with their security. Having said this, we would like to inform you that labelling us and our acts as terrorism is also a description of you and of your acts. Reaction comes at the same level as the original action. Our acts are reaction to your own acts, which are represented by the destruction and killing of our kinfolk in Afghanistan, Iraq and Palestine. The act that horrified the world; that is, the killing of the old, handicapped [Hamas spiritual leader] Sheikh Ahmed Yassin, may God have mercy on him, is sufficient evidence. We pledge to God that we will punish America for him, God willing. Which religion considers your killed ones innocent and our killed ones worthless? And which principle considers your blood real blood and our blood water? Reciprocal treatment is fair and the one who starts injustice bears greater blame. As for your politicians and those who have followed their path, who insist on ignoring the real problem of occupying the entirety of Palestine and exaggerate lies and falsification regarding our right in defence and resistance, they do not respect themselves. They also disdain the blood and minds of peoples. This is because their falsification increases the shedding of your blood instead of sparing it. Moreover, the examining of the developments that have been taking place, in terms of killings in our countries and your countries, will make clear an important fact; namely, that injustice is inflicted on us and on you by your politicians, who send your sons - although you are opposed to this - to our countries to kill and be killed. Therefore, it is in both sides' interest to curb the plans of those who shed the blood of peoples for their narrow personal interest and subservience to the White House gang. We must take into consideration that this war brings billions of dollars in profit to the major companies, whether it be those that produce weapons or those that contribute to reconstruction, such as the Halliburton Company, its sisters and daughters. Based on this, it is very clear who is the one benefiting from igniting this war and from the shedding of blood. It is the warlords, the bloodsuckers, who are steering the world policy from behind a curtain. As for President Bush, the leaders who are revolving in his orbit, the leading media companies and the United Nations, which makes laws for relations between the masters of veto and the slaves of the General Assembly, these are only some of the tools used to deceive and exploit peoples. All these pose a fatal threat to the whole world. The Zionist lobby is one of the most dangerous and most difficult figures of this group. God willing, we are determined to fight them. Based on the above, and in order to deny war merchants a chance and in response to the positive interaction shown by recent events and opinion polls, which indicate that most European peoples want peace, I ask honest people, especially ulema, preachers and merchants, to form a permanent committee to enlighten European peoples of the justice of our causes, above all Palestine. They can make use of the huge potential of the media. I also offer a reconciliation initiative to them, whose essence is our commitment to stopping operations against every country that commits itself to not attacking Muslims or interfering in their affairs - including the US conspiracy on the greater Muslim world. This reconciliation can be renewed once the period signed by the first government expires and a second government is formed with the consent of both parties. The reconciliation will start with the departure of its last soldier from our country. The door of reconciliation is open for three months of the date of announcing this statement. For those who reject reconciliation and want war, we are ready. As for those who want reconciliation, we have given them a chance. Stop shedding our blood so as to preserve your blood. It is in your hands to apply this easy, yet difficult, formula. You know that the situation will expand and increase if you delay things. If this happens, do not blame us - blame yourselves. A rational person does not relinquish his security, money and children to please the liar of the White House. Had he been truthful about his claim for peace, he would not describe the person who ripped open pregnant women in Sabra and Shatila [reference to Israeli Prime Minister Ariel Sharon] and the destroyer of the capitulation process [reference to the Palestinian-Israeli peace process] as a man of peace. He also would not have lied to people and said that we hate freedom and kill for the sake of killing. Reality proves our truthfulness and his lie. The killing of the Russians was after their invasion of Afghanistan and Chechnya; the killing of Europeans was after their invasion of Iraq and Afghanistan; and the killing of Americans on the day of New York {reference to 11 September] was after their support of the Jews in Palestine and their invasion of the Arabian Peninsula. Also, killing them in Somalia was after their invasion of it in Operation Restore Hope. We made them leave without hope, praise be to God. It is said that prevention is better than cure. A happy person is he who learns a lesson from the experience of others. Heeding right is better than persisting in falsehood. Peace be upon those who follow guidance. Osama bin Laden 25 Safar 1425 April 15, 2004 -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From brian-slashdotnews at hyperreal.org Fri Apr 16 06:26:01 2004 From: brian-slashdotnews at hyperreal.org (brian-slashdotnews at hyperreal.org) Date: 16 Apr 2004 13:26:01 -0000 Subject: VIA Pulls PadLockSL Message-ID: Link: http://slashdot.org/article.pl?sid=04/04/16/1215204 Posted by: michael, on 2004-04-16 12:43:00 Topic: encryption, 39 comments from the up-down-up-down dept. [1]yipyow writes "A few weeks ago [2]VIA Technologies posted software based on [3]Nullsoft's [4]WASTE, as reported here [5]a few days ago. VIA PadLockSL included both a Windows and Linux client and some special extensions to work with [6]security hardware built into certain VIA products. It was released under the GPL so I managed to snag a copy of the source code right before VIA suddenly removed their page ([7]Google cache). I have posted Linux compilation instructions and mirrored the source [8]here. If VIA has decided not to pursue the project further, I think the F/OSS community should turn this project into something, it has potential to be a great tool." [9]Click Here References 1. http://sqrville.org/ 2. http://www.via.com.tw/ 3. http://www.nullsoft.com/ 4. http://waste.sourceforge.net/ 5. file://slashdot.org/article.pl?sid=04/04/14/132238&tid=93 6. http://www.via.com.tw/en/padlock/padlock_initiative.jsp 7. http://216.239.41.104/search?q=cache:tQk9omvJNOcJ:padlocksl.viaarena.com/+pad locksl&hl=en&ie=UTF-8 8. http://projects.sqrville.org/staticpages/index.php?page=padlocksl-linux-howt 9. http://ads.osdn.com/?ad_id=2872&alloc_id=7019&site_id=1&request_id=414783&op= click&page=%2farticle%2epl ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From dpj at theworld.com Fri Apr 16 11:07:19 2004 From: dpj at theworld.com (David Jablon) Date: Fri, 16 Apr 2004 14:07:19 -0400 Subject: voting In-Reply-To: <407F3DD6.D4F5C158@nma.com> References: <5.2.0.9.0.20040414223638.048444c0@pop.ix.netcom.com> Message-ID: <5.1.0.14.0.20040416085123.00a23ba0@pop.theworld.com> I think Ed's criticism is off-target. Where is the "privacy problem" with Chaum receipts when Ed and others still have the freedom to refuse theirs or throw them away? It seems a legitimate priority for a voting system to be designed to assure voters that the system is working. What I see in serious voting system research efforts are attempts to build systems that provide both accountability and privacy, with minimal tradeoffs. If some kind of tradeoff between accountability and privacy is inevitable, in an extreme scenario, I'd still prefer the option to make the tradeoff for myself, rather than have the system automatically choose for me. -- David >> At 11:05 AM 4/9/04 -0400, Trei, Peter wrote: >> .... >> >1. The use of receipts which a voter takes from the voting place to 'verify' >> >that their vote was correctly included in the total opens the way for voter >> >coercion. >John Kelsey wrote: >> I think the VoteHere scheme and David Chaum's scheme both claim to solve >> this problem. The voting machine gives you a receipt that convinces you >> (based on other information you get) that your vote was counted as cast, >> but which doesn't leak any information at all about who you voted for to >> anyone else. Anyone can take that receipt, and prove to themselves that >> your vote was counted (if it was) or was not counted (if it wasn't). At 06:58 PM 4/15/04 -0700, Ed Gerck wrote: >The flaw in *both* cases is that it reduces the level of privacy protection >currently provided by paper ballots. > >Currently, voter privacy is absolute in the US and does not depend >even on the will of the courts. For example, there is no way for a >judge to assure that a voter under oath is telling the truth about how >they voted, or not. This effectively protects the secrecy of the ballot >and prevents coercion and intimidation in all cases. From jerrold.leichter at smarts.com Fri Apr 16 13:57:58 2004 From: jerrold.leichter at smarts.com (Jerrold Leichter) Date: Fri, 16 Apr 2004 16:57:58 -0400 (EDT) Subject: voting In-Reply-To: References: Message-ID: | > Currently, voter privacy is absolute in the US and does not depend | > even on the will of the courts. For example, there is no way for a | > judge to assure that a voter under oath is telling the truth about how | > they voted, or not. This effectively protects the secrecy of the ballot | > and prevents coercion and intimidation in all cases. | > | > | I'd pretty much dropped this topic after it became clear that Mr. Leichter's | only response to the problems that people pointed out in VoteHere's | scheme (in particular, its vulnerability to vote coercion, and lack of | recountability) was to attempt to redefine them as non-problems. I did nothing of the sort. With respect to voter coercion, I did raise the question of how absolute a value it was. Since mathematics tends to provide clearcut yes/no answers, we tend to insist on them in the real world, too - but the real world is rarely so simple. I also pointed out that voter coercion could be dealt with within VoteHere's framework by trading it off against the vote verifiability which is the new feature they bring to the table (by only giving some fraction of voters a receipt). I didn't mention recountability. VoteHere's method is equivalent to everyone else's here: Keep unalterable logs of data "as close to the vote as possible". But.... | However, since the topic has arisen again..... | | Ed's got a very good point. I always prefer security which relies for | its integrity on the laws of nature, rather than on people behaving | with integrity. This basically doesn't exist in systems today. Consider paper ballots: How do you guarantee that the ballots are adequately shuffled? If they aren't, anyone keeping track of the order that voters cast ballots might be able to come up with a reasonably accurate assignment of ballots to voters. This problem applies to many related systems. Consider the "paper under glass" proposals for recounting: The "obvious" way to do that is is to print onto a roll of paper and just wind it up on a roll after printing. But that's really bad, because it *guarantees* the ordering. Are those calling for such systems ensuring that the vendors who provide them actually cut apart the individual records? Even if they do that, how are they guaranteeing an adequate shuffle of those records? Just dropping them into a big box is terrible; certainly, those who vote very early or very late get very little privacy. Interestingly enough, proper shuffling of the votes is very much a central concern of systems like VoteHere's! The only system that "by the laws of nature" avoids this kind of attack is the mechanical voting machine, which inherently only stores vote totals, not individual votes. But these are big, complicated machines. Why should you trust that the totals are kept correctly? How could you check? How many people in the world have the competence to examine the mechanical details of such a device? How does that compare to the number of programmers who can examine C code? Is there really all that much of a difference between the complexity/verifiability of such a machine, and of a programmed box where *all* the code, including the compilers and other tools, is publically available? Yes, I know all about the attack in Dennis Ritchie's ACM paper. But this, too, can be defended against by checking the generated code - or pretty much prevented by using a compiler that was in existence before the software development began. In any case, these days, the mechanical systems could be compromised by what is an analogous attack (of going to a different level of abstraction): Sure, that *looks* like a solid brass 50-tooth gear, but maybe there's a tiny motor embedded inside that makes it act in a very non-classical fashion under radio control.... -- Jerry From eugen at leitl.org Fri Apr 16 09:45:14 2004 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 16 Apr 2004 18:45:14 +0200 Subject: VIA Pulls PadLockSL (fwd from brian-slashdotnews@hyperreal.org) Message-ID: <20040416164514.GT1026@leitl.org> ----- Forwarded message from brian-slashdotnews at hyperreal.org ----- From rah at shipwright.com Fri Apr 16 16:44:55 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 16 Apr 2004 19:44:55 -0400 Subject: Vote Market In-Reply-To: <200404170925.53770.pique@netspace.net.au> References: <200404161844.i3GIijVt046465@waste.minder.net> <200404170925.53770.pique@netspace.net.au> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have one word for all of you. Equity. :-). I expect that someday we'll vote shares for the application of non-monopolistic force just like we now "vote" for the application of monopolist force. I think statists -- including most cryptographers who should know better -- are looking this "problem" of the mutual exclusivity of "accountability" versus anonymity in electronic voting and they just don't understand what they're looking at yet. Maybe they never will. I think we're looking at something as fundamental as Coase's theorem, here, or at least Dan Geer's observation that the boundry between symmetric and asymmetric as identical to the boundry between the firm and the outside world. We're looking at the definition of crypto-anarchy here, folks. Anarcho-capitalism made real. Cheers, RAH Who still thinks that financial cryptography is the only cryptography that matters. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQIBv58PxH8jf3ohaEQJs5wCeMmLO1cuXZvhg9XAt39iFy6roLsQAnRrO GG8Yyr5ORZSP4T/D3S5mQtT1 =+4JY -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Fri Apr 16 14:20:57 2004 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 16 Apr 2004 23:20:57 +0200 Subject: Hierarchy, Force Monopoly, and Geodesic Societies In-Reply-To: <20040412174102.S96639-100000@localhost> References: <4079BBF3.4030501@sunder.net> <20040412174102.S96639-100000@localhost> Message-ID: <20040416212056.GN1026@leitl.org> On Mon, Apr 12, 2004 at 06:41:14PM +0100, Jim Dixon wrote: > Of course, most of this discussion revolves around one word: "is". If you > said "the Internet _can be seen_ as a tree", few would disagree with you, > especially if you allowed for the fact that that tree is continuously > changing its shape. But "the Internet _is_ a tree"? That's simply an > error. Do I have some 6 connections to my direct neighbours? Like the guy next door, who's on DSL as well? Geographic routing is just that. Once again, you're too caught up in current technology to understand what the fuck I'm talking about. It doesn't matter on the long run. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From pique at netspace.net.au Fri Apr 16 16:25:53 2004 From: pique at netspace.net.au (Tim Benham) Date: Sat, 17 Apr 2004 09:25:53 +1000 Subject: Vote Market In-Reply-To: <200404161844.i3GIijVt046465@waste.minder.net> References: <200404161844.i3GIijVt046465@waste.minder.net> Message-ID: <200404170925.53770.pique@netspace.net.au> > Date: Fri, 16 Apr 2004 11:43:57 -0700 > From: Ed Gerck > Subject: Re: voting > > David Jablon wrote: > > I think Ed's criticism is off-target. Where is the "privacy problem" > > with Chaum receipts when Ed and others still have the freedom to refuse > > theirs or throw them away? > > The privacy, coercion, intimidation, vote selling and election integrity > problems begin with giving away a receipt that is linkable to a ballot. > > It is not relevant to the security problem whether a voter may destroy > his receipt, so that some receipts may disappear. What is relevant is > that voters may HAVE to keep their receipt or... suffer retaliation... > not get paid... lose their jobs... not get a promotion... etc. Also > relevant is that voters may WANT to keep their receipts, for the same > reasons. I think all this concern about voter coercion is rather overblown. Maybe we should ban bank statements because people might be coerced into showing them to someone and punished for hiding their money. Receipts might open up opportunities for voter coercion but there are mechanisms for combatting coercion other than coercive anonymity. What is missing in this discussion is mention of the benefits which would flow from making voter anonymity optional. Non-anonymous voting is a necessary precondition for a vote market. As I'm sure everyone on this list appreciates, markets work better than elections, and indeed, under a vote market system the negative externalities imposed on other markets by the electoral process would be mitigated. This is because unlike under the current system, under the vote market system the outcome would often be certain well in advance, greatly reducing the impact of political risk on markets. The vote market system would also offer a means for mitigating political risk via transparent market processes rather than the through the current rather slezy practises. There would be social dividends too. The people most likely to sell their vote would be poor people who would benefit from a new and regular source of income. The existence of a vote market would encourage these people, who often feel disenfranchised, to participate in the electoral system, albeit in a venal way. It would also help increase the average intelligence of the vote, because rich people and corporations are generally smarter than poor people. I commend the vote market to the list. cheers, Tim From bill.stewart at pobox.com Sat Apr 17 14:19:58 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Sat, 17 Apr 2004 14:19:58 -0700 Subject: Idea: Offshore gambling as gateway between real and electronic money In-Reply-To: <0404172024310.-1074043916@somehost.domainz.com> References: <0404172024310.-1074043916@somehost.domainz.com> Message-ID: <6.0.3.0.0.20040417140928.03f6cb20@pop.idiom.com> At 11:35 AM 4/17/2004, Thomas Shaddack wrote: >Adoption of anonymous e-money is to great degree hindered by the lack of >infrastructure to convert this currency to/from "meatspace" money. >However, there is possible a method, using offshore gambling companies. You're trying too hard. Gambling has always been a convenient money-laundering technique, as long as the casinos accept the kinds of money you're trying to launder. That's also why spook agencies get anti-money-laundering laws passed. If the casino will take your ecash and give you chips, and you want to make a pretense of gambling rather than just turning the chips back in for conventional euros, go bet ~half the chips on red, ~half on black, some insurance money on green, and tip the croupier, and the casino collects their 1/37 or 2/38 cut. ... Your winnings, sir. From shaddack at ns.arachne.cz Sat Apr 17 05:55:39 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Sat, 17 Apr 2004 14:55:39 +0200 (CEST) Subject: Anonymity vs reputation question Message-ID: <0404171451200.-1074043916@somehost.domainz.com> Thinking about something, I found an interesting problem. It is possible to set up a reputation-based system with nyms, where every nym is an identity with attached reputation. The problem is, a nym that exists for a long time can get its anonymity partially or fully compromised. Abandonment of the nym and using a blank one leads to loss of the reputation and related credibility. Is it possible to have a system where nyms can share reputation without divulging the links between them? That would allow the possibility of eg. publishing as a "new" identity while still having the "weight" of an already established seasoned professional. I suppose this problem is already known and maybe even solved. Am I correct? From Poindexter at SAFe-mail.net Sat Apr 17 12:43:38 2004 From: Poindexter at SAFe-mail.net (Poindexter at SAFe-mail.net) Date: Sat, 17 Apr 2004 15:43:38 -0400 Subject: Sniper rifle implants tracking chip Message-ID: I wonder if this site was put up for April 1st. http://www.backfire.dk/EMPIRENORTH/newsite/products_en001.htm also see their homeland security alert product http://www.backfire.dk/EMPIRENORTH/newsite/products_en002.htm From emc at artifact.psychedelic.net Sat Apr 17 18:12:30 2004 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Sat, 17 Apr 2004 18:12:30 -0700 (PDT) Subject: Usenet Dead. Film at 11 In-Reply-To: Message-ID: <200404180112.i3I1CVPV018512@artifact.psychedelic.net> RAH clipped: > search tool that would scour electronic bulletin boards for millions of > "uncensored" movies and photographs and serve up "an all-you-can-eat taste > of 'the Internet gone wild!"' There used to be a service called "Boypics", which thumbnailed and decoded all of Usenet's picture newsgroups for easy Web access. I think they ultimately closed down after prosecutorial grumbling, although they were just yet another way of reading Usenet, and didn't monitor content, nor log what their users looked at. The indemnity of Usenet providers over content becomes a considerably more grey area if the Usenet content is processed to some form other than articles, even if that processing is done mechanically, without peeking at what is being processed. > Voicenet Communications executives said they didn't know users also were > using their system to access child pornography until January, when > authorities seized the computer servers that ran their "QuikVue" search > program, a lawyer for the company said. Well, of course, it shouldn't matter if they "know." I mean, everyone who has a router through which an uncensored Usenet feed passes "knows" illegal porn and warez are included. That doesn't make them "madams of the child porn bordello", to borrow a colorful phrase from the Landslide circus. > The company's attorney, Mark Sheppard, said the company had no control > over what people posted to the groups, and was no more criminally liable > for their actions than other hosts of Usenet material. It's clear that the current administration would like to corral Usenet. This is the first appearance under the tent of something which resembles the nose of a camel. > Investigators in New York pressed criminal charges against a pair of > Internet service providers in 1998 for allegedly failing to block access to > Usenet groups that contained child pornography. One firm, Buffalo-based > BuffNet, pleaded guilty to a misdemeanor charge of criminal facilitation in > 2001 and paid a $5,000 fine. Right. That was the Dennis Vacco nonsense, when he announced that he had singlehanded stopped an "International Child POrn Ring" and that "Pedo University" was a real organization. He lost the election. When it became evident that they were going to investigate the two companies Vacco had attacked forever and cost them as much money as they could, they rolled over, which was good for them as individual corporations, but bad for the "larger picture." > "The case helped establish that when an Internet service provider becomes > aware of child pornography being on its system, it has an obligation to do > something about it," said Paul Larrabee, a spokesman for New York Attorney > General Eliot Spitzer. You should look at the policy of Giganews over child porn. They say call the FBI. They are not qualified to determine what it and is not child porn. I imagine this is true of most ISPs. I'd hate to think sysadmins would need to sit and view pictures all day trying to decide the age of the participants. > A federal judge imposed a tougher penalty on a Texas couple convicted in > 2000 of operating a service that gave subscribers passwords to overseas Web > sites containing child pornography. A judge sentenced Thomas Reedy to life > in prison. His wife, who helped run the business, got 14 years. Yes, send the owners of an age verification service to prison for life because two of their sites not located in the US were alleged to have child porn. Again, this is an example of people who were told by the best legal advice they could obtain that they weren't liable for content getting screwed over by a jury and a prosecutorial performance that belonged on the Jerry Springer show. My take on Landslide is apparently enjoying a life of its own on the Web. http://www.p-loog.info/English/ashcroft_lies.htm The feds are still grepping the Reedy's customer list by country, and trying to browbeat foreign LEAs into running around searching peoples computers and taking their children away. Aside from the UK, where pedo-bashing is a national sport, there appear to be few takers. These festivities are called "Operation Ore", by the way. And the news stories are replete with factual errors, calling everyone who had an age verification code from Landslide, a "person who paid to access child porn on the Internet," for instance. Of course, if you'll lie to start a war in Iraq, you'll probably lie about anything. > Prosecutors said that even though the couple didn't post child pornography > themselves, they knowingly facilitated access to it and shared their > profits with the Web sites responsible for the illegal material. This is the new crime the Feebs are trying to fabricate. "Paying for access to child porn." This is a step beyond even possession laws, and could be used to put people in prison for just having a subscription to an ISP or USenet provider that carries an uncensored fed, or owning an adult check code that allows access to a single offsore web site which may not even be illegal in the country that hosts it. Bear in mind, that the Feebs had no way of telling if any of the 250,000 Landslide customers had looked at anything illegal under US law, or what sites they had visited. ALl the convictions in the case from from the Feebs trolling the customer list trying to sell their own child porn. So clearly, the next step is to criminalize merely being able to view child porn if one wished to, whether or not any actual viewing takes place. "If it saves just one child." Kind of like Saddam Hussein's "intent to create weapons of mass destruction-related programs activities", or whatever the current bar for justifying Iraq is set at. > "It's one thing to seize a server that is being used for a single Web site > that is illegally serving up child pornography," Morris said. "But to go > into an ISP and seize servers that have millions of postings on them that > are perfectly lawful, with no real evidence that the ISP was intentionally > doing anything criminal, is a much more questionable situation." Well, one fights porn with fear. Never clearly articulating what the rules are by any objective criteria, and slowly pushing the envelope in the direction you want. The obvious intention here is to scare ISPs out of carrying Usenet. Or at least, to force them to block groups whose names suggest they might carry illegal material. And as we know, this will rapidly lead to a Usenet where all porn and warez are posted to rec.pets.cats. :) -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From mdpopescu at yahoo.com Sat Apr 17 08:24:15 2004 From: mdpopescu at yahoo.com (Marcel Popescu) Date: Sat, 17 Apr 2004 18:24:15 +0300 Subject: Anonymity vs reputation question References: <0404171451200.-1074043916@somehost.domainz.com> Message-ID: <1c4601c42490$0b24ace0$726e9cd9@mark> From: "Thomas Shaddack" > Is it possible to have a system where nyms can share reputation without > divulging the links between them? That would allow the possibility of eg. > publishing as a "new" identity while still having the "weight" of an > already established seasoned professional. Yes, I'm pretty sure Brands' certificates can be used for something like this - AFAICR, you could prove one relevant attribute (reputation on list X) without making it possible to link it with anything else (nym). Mark From rah at shipwright.com Sat Apr 17 17:11:09 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 17 Apr 2004 20:11:09 -0400 Subject: Usenet Dead. Film at 11 Message-ID: WCNC.com | News for Charlotte, N.C. | Nation/World Saturday April 17, 2004 8:09 p.m. Seized Web servers raise freedom concerns By DAVID B. CARUSO / Associated Press PHILADELPHIA - For $9.95 a month, a small company offered access to a search tool that would scour electronic bulletin boards for millions of "uncensored" movies and photographs and serve up "an all-you-can-eat taste of 'the Internet gone wild!"' Voicenet Communications executives said they didn't know users also were using their system to access child pornography until January, when authorities seized the computer servers that ran their "QuikVue" search program, a lawyer for the company said. Despite a burgeoning amount of online child pornography, prosecutors have been cautious in their handling of Internet companies that don't manufacture or distribute illegal content themselves, but do make it easier for customers to see material posted by others. The seizure of Voicenet's servers in suburban Ivyland was the first time a Pennsylvania law enforcement agency has stopped an Internet firm from facilitating access to child porn, lawyers said. No criminal charges have been filed but investigators said in court filings that they want to examine lists of QuikVue subscribers. It also was a rarity nationwide. Some free speech advocates have accused prosecutors of ignoring a federal law that generally protects Internet service providers from criminal liability when their systems are used to disseminate child pornography without their knowledge. Voicenet claimed in a federal lawsuit filed last month that QuikVue merely allowed customers to easily access files posted in discussion groups on Usenet, an enormous system of electronic bulletin boards. The company's attorney, Mark Sheppard, said the company had no control over what people posted to the groups, and was no more criminally liable for their actions than other hosts of Usenet material. "This case has very important implications, from a First Amendment standpoint and from a privacy standpoint," Sheppard said. "If Internet service providers are going to have to worry about getting their servers seized, then you have to wonder whether they can continue to offer access to Usenet." The firm asked a federal judge last week to order the government to return its equipment. Lawyers for Pennsylvania Attorney General Gerald Pappert and two county district attorneys involved in the investigation argued that the court should not intervene in an active criminal probe. The judge did not indicate when she would rule. The case has few precedents. Investigators in New York pressed criminal charges against a pair of Internet service providers in 1998 for allegedly failing to block access to Usenet groups that contained child pornography. One firm, Buffalo-based BuffNet, pleaded guilty to a misdemeanor charge of criminal facilitation in 2001 and paid a $5,000 fine. "The case helped establish that when an Internet service provider becomes aware of child pornography being on its system, it has an obligation to do something about it," said Paul Larrabee, a spokesman for New York Attorney General Eliot Spitzer. A federal judge imposed a tougher penalty on a Texas couple convicted in 2000 of operating a service that gave subscribers passwords to overseas Web sites containing child pornography. A judge sentenced Thomas Reedy to life in prison. His wife, who helped run the business, got 14 years. Prosecutors said that even though the couple didn't post child pornography themselves, they knowingly facilitated access to it and shared their profits with the Web sites responsible for the illegal material. John Morris, an attorney with the Center for Democracy and Technology, a civil liberties group, said companies like Voicenet can block access to improper Usenet content, but don't always know what people are posting on their system. "It's one thing to seize a server that is being used for a single Web site that is illegally serving up child pornography," Morris said. "But to go into an ISP and seize servers that have millions of postings on them that are perfectly lawful, with no real evidence that the ISP was intentionally doing anything criminal, is a much more questionable situation." --- On the Net: Voicenet Communications: http://www.voicenet.com Center for Democracy and Technology: http://www.cdt.org -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From shaddack at ns.arachne.cz Sat Apr 17 11:35:49 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Sat, 17 Apr 2004 20:35:49 +0200 (CEST) Subject: Idea: Offshore gambling as gateway between real and electronic money Message-ID: <0404172024310.-1074043916@somehost.domainz.com> Adoption of anonymous e-money is to great degree hindered by the lack of infrastructure to convert this currency to/from "meatspace" money. However, there is possible a method, using offshore gambling companies. There may be a special kind of "gamble", that looks from the "outside" like regular betting, but where the participants to certain degree know the betting results, allowing use of their "e-money" to gain insight into the "game" - using "meatspace" money as a bet and "e-money" to buy the knowledge of cards/numbers/whatever in the value of the e-money that allows a sure win of that amount. In other words: Without use of the e-money, the game is a "normal" game, with appropriate probability of win. With the e-money, the player can buy the 100%-certain win of a given value. Conversely, a "rigged game" with 0%-probability of win could be used for depositing the "real" money and converting them to "e-money". Is this approach possible? Is this approach feasible? Where are the hidden problems there? From rah at shipwright.com Sat Apr 17 19:41:12 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 17 Apr 2004 22:41:12 -0400 Subject: E-mail lists choke on spam Message-ID: CNET News http://www.news.com/ E-mail lists choke on spam By John Borland Staff Writer, CNET News.com http://news.com.com/2100-1038-5190826.html Story last modified April 13, 2004, 1:36 PM PDT For close to half a decade, entertainment executives and copyright-averse college students have debated the future of technology side by side on the "Pho" e-mail list. Now that forum is under siege. Membership is falling, even though subscription requests are rising. In large part that's because so many e-mail addresses are choked with spam, or have fallen incommunicado behind bulk mail filters, and have had to be eliminated. Recently, whole companies--including Time Warner and CNET Networks, publisher of News.com--have periodically started bouncing the list's messages. That's not only frustrated subscribers who miss out on their daily dose of digital music dish; network administrators say they sometimes have to clear their servers of thousands of returned messages a day. ----- What's new: E-mail lists, long one of the most popular and useful online tools, are increasingly in danger of becoming collateral damage in the Net's war on unsolicited bulk mail. Bottom line: Many e-mail groups are responding by changing their format to Web-based bulletin boards or augmenting their discussions with RSS feeds, a popular content-distribution format used by bloggers and news sites. --------- Pho isn't alone. E-mail lists in general, long one of the most popular and useful online tools, are increasingly in danger of becoming collateral damage in the Net's war on unsolicited bulk mail. "Our cures for some of these diseases are boomeranging and killing us," said Jim Griffin, chief executive officer of Cherry Lane Digital and co-founder of the Pho list. "What we're discussing is the passing of a medium. It is alarming to me that one of the most basic features of the Net has been threatened so badly." It's far too early to write an obituary for e-mail lists. The 30-year-old medium has confronted crises before and has been reborn with the help of clever programmers and new technology. E-mail advocates say this process is already under way, as companies and list administrators figure out both how to keep spam under control without so much of an effect on mail lists and other desired e-mail messages. "In the early days of the Net, we built a nervous system, but nobody built an immune system," said Marc Smith, a sociologist who studies communities such as Usenet and e-mail groups for Microsoft's research division. "What we're seeing now is the emergence of an immune system." Nevertheless, it is undeniable that Pho and other groups are facing serious hurdles that could change the way the medium operates forever. It's almost impossible to estimate how broad the e-mail list community runs. Experts say there are certainly millions, perhaps tens of million of lists. They cover every conceivable topic, from the most arcane scientific topics to the most basely sexual. Some have only a few subscribers, while others have as many as tens of thousands. The growing problems are familiar to anyone with an e-mail box. The primary culprits are the avalanches of spam cluttering mailboxes with Viagra advertisements and XXX photos. The energy required to clear through that digital underbrush alone has taxed many people's patience for e-mail discussions, experts say. But the response to the spam assault also has helped undermine mail lists. Many people move e-mail addresses routinely, creating dead boxes that bounce messages back to list administrators. Many people use Web-based mailboxes for e-mail list subscriptions, and these can quickly fill up with spam or even legitimate messages, again bouncing messages back to their original servers, filling administrator mailboxes and requiring substantial time to review and clear. On the flip side are spam filters such as the popular SpamAssassin, used by many corporations. These routinely catch messages sent simultaneously to a large number of people, mistaking list messages for bulk advertisements. Subscribers have little or no way to tell that their mail is not getting through, or that, in some cases, they have been unsubscribed completely from a list. Faced with these growing issues, many e-mail groups are changing their format to Web-based bulletin boards or augmenting their discussions with RSS (Really Simple Syndication) feeds, a popular content-distribution format used by bloggers and news sites. Internet pundit Clay Shirky, who teaches a graduate course in networking at New York University, said he's close to pulling the plug on his mailing list altogether in favor of RSS. "The viability of mail lists is rapidly declining," Shirky said. "Fewer people are reading in e-mail directly. It's getting clear that the ordinary Web plus RSS feeds are better." Periodic crises This isn't the first time e-mail lists have flirted with collapse, however. The first e-mail was sent by Ray Tomlinson in 1971, a simple test message to himself. His message evolved almost immediately into broader discussions, although only a few remained active for long. By the close of the 1970s, there were 17 public e-mail discussion lists on the ARPAnet, the precursor to today's Internet. By 1982, there were 44, according to at least one account. Others were springing up by the dozens on private academic networks such as PLATO and BITNET. But as vibrant as these were, their own inefficiencies led to a crisis almost as dire as today's. At that time, lists were mostly run by hand, which meant that an actual human being had to respond to subscription requests and other problems. When these lists proliferated, it often took weeks for requests to be fulfilled. Adding to problems were traffic jams caused by the era's still-scarce bandwidth. Single messages were sent out to hundreds of addresses at a time, clogging transatlantic lines so badly that e-mails between Europe and the United States sometimes took a week to be delivered. Some people on the lists started discussing whether e-mail discussion groups should be banned altogether. The crisis soon passed, however. In 1986, a BITNET programmer in Paris named Eric Thomas wrote a tool called Listserv that automated the administrator's task of managing subscriptions. It also made message distribution more efficient, virtually eliminating the crippling traffic jams. The tool was quickly adopted elsewhere, and the number of e-mail lists on academic networks exploded. A half-decade later, an American programmer named Brent Thomas started looking around for tools to help automate Internet-based mailing lists. He found Listserv, but decided he could write a new one as quickly as he could learn the old tool, and in a week created a program called Majordomo and a scant 3,000 lines of code. Both tools are still widely used today. Over the ensuing decade, the shape of mailing lists has remained largely the same. Web-based services such as E-Groups, which Yahoo later bought and turned into Yahoo Groups, attracted hundreds of thousands of discussions, but the fundamental idea hasn't changed much. An Internet immune system That's why many in the e-mail list community think they'll survive, despite today's headaches. There is simply nothing that substitutes for the immediacy and simplicity of e-mail, advocates say. "I don't really see too many people dropping off lists," said Chapman, whose Great Circle Associates consulting firm still manages the Majordomo software. "Mailing lists serve a very valuable purpose. They come to you. Certain Web sites I do check, but you have to go check." Administrators are finding ways around the problems. Spam filters on list servers, and tools that ensure only list members can send to the list, help keep unwanted e-mail to a minimum. Automatic unsubscribe tools are helping reduce the amount of unwanted bounced messages. E-mail software itself is getting better at filtering messages into folders, so that all list messages can be segregated away from spam. Web mail services such as Yahoo and Hotmail also support this feature. Future-looking projects hold out hope of better improvements. Some programmers are working on pulling RSS and e-mail into the same interfaces, eliminating what appears to be competition between the mediums today. Others are looking at ways to help people wade through the morass of online discussions more easily. Microsoft's Smith has written about new interfaces that would help highlight important or heated conversations among thousands of messages, for example. These and other innovations, such as better tools to deal with the problems of spam and spam filters, will help keep e-mail lists and communities alive, he said. "Machines have gotten us into this problem, and they're going to have to get us out," Smith said. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From pgut001 at cs.auckland.ac.nz Sat Apr 17 14:42:36 2004 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Sun, 18 Apr 2004 09:42:36 +1200 Subject: Fortress America mans the ramparts In-Reply-To: <40782B25.33655F57@cdc.gov> Message-ID: "Major Variola (ret)" writes: >PS: what happens if your passport's chip doesn't work? Do you get sent back >and the airline fined $10K? Do you wait extra time while the still-readable >passport number indexes your record online? How much extra time? (Anyone >have experience with domestic eg traffic pigs discovering that your magstrip >is corrupted?) > >Are all chip biometrics encrypted with the same key? How much does that cost >on BlackNet these days? How much extra should our Seals Flaps and >Documents dept charge? Details are available from sources like http://www.icao.int/mrtd/download/documents/Biometrics%20deployment%20of%20Machine%20Readable%20Travel%20Documents.pdf and http://www.icao.int/mrtd/download/documents/PKI%20Digital%20Signatures.PDF (in general the docs are at http://www.icao.int/mrtd/download/documents/, where MRTD = machine-readable travel documents) although you have to be careful what you reference since they're still frantically updating the designs as they go, so any document will be out of date in a few months. It's also being (as far as I can tell) designed by people with little or no security experience, under intense pressure from the US to Do Something About Security. Early technical drafts I saw (not the generic whitepapers on the site, which are pretty vague) were an appalling pile of kludgery. From what I've heard since then it hasn't gotten any better. I dunno whether this is because the work is being contracted out to the Usual Suspects, who don't know much about the area, or whether they did try and get experienced people in and were told that what they were trying to do wouldn't work and/or couldn't be done in less than 5-10 years. Peter. From lynn.wheeler at firstdata.com Sun Apr 18 10:07:23 2004 From: lynn.wheeler at firstdata.com (lynn.wheeler at firstdata.com) Date: Sun, 18 Apr 2004 11:07:23 -0600 Subject: Payment system and security conference Message-ID: reminder from this month's enhyper newsletter, 2004 payment system and security conference http//www.enhyper.com/paysec/ also mention financial cryptography blog ... by some of the same people http//www.financialcryptography.com/ they also have short blurb on: http://www.bitpass.com/ enhyper also discovered norm hardy and some of his papers: ... the digital silk road http//www.cap-lore.com/Economics/DSR/ http//www.agorics.com/Library/dsr.html norm's past include LLNL, 360s, vm/370, secure operating systems and secure transactions: http://cap-lore.com/ and secure operating systems at tymshare with gnosis and keykos: http//www.agorics.com/Library/keykosindex.html http//www.cis.upenn.edu/~KeyKOS/ .... and there is EROS -- extremely reliable operation system (outgrowth of keykos) http//www.cis.upenn.edu/~eros/ ... note above mentions looking at getting an EAL7+ evaluation for eros. when MD bought tymshare they were looking at spinning off a number of things. i was brought in to do a technical audit of gnosis as part of its spin-off as keykos. they were also spinning off Doug Engelbart who was working at Tymshare at the time ... tymshare was running doug's "augment" system on pdp10 ... http//www.superkids.com/aweb/pages/features/mouse/mouse.html http//sloan.stanford.edu/MouseSite/dce-bio.htm http//www.invisiblerevolution.net/engelbart/glossary/augment_nls.html http//www.sciencedaily.com/encyclopedia/nls and total topic drift, i've got lots of references to vm/370: http://www.garlic.com/~lynn/subtopic.html#545tech http://www.garlic.com/~lynn/subtopic.html#fairshare http://www.garlic.com/~lynn/subtopic.html#wsclock -- Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From proclus at gnu-darwin.org Sun Apr 18 14:10:08 2004 From: proclus at gnu-darwin.org (proclus at gnu-darwin.org) Date: Sun, 18 Apr 2004 17:10:08 -0400 (EDT) Subject: [Community_studios] Apple's jackboots step on PlayFair in India In-Reply-To: <20040418135126.70CBE168B92@gnu-darwin.org> Message-ID: <20040418212129.22E19168B7C@gnu-darwin.org> woohoo! here is another one. http://p2pnet.net/story/1193 http://www.p2pnet.net/playfair/playfair-0.4.tar.gz Regards, proclus http://www.gnu-darwin.org/ -- Visit proclus realm! http://proclus.tripod.com/ -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GMU/S d+@ s: a+ C++++ UBULI++++$ P+ L+++(++++) E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e++++ h--- r+++ y++++ ------END GEEK CODE BLOCK------ From shaddack at ns.arachne.cz Sun Apr 18 09:06:57 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Sun, 18 Apr 2004 18:06:57 +0200 (CEST) Subject: Behavior pattern recognition Message-ID: <0404181757310.-1074043916@somehost.domainz.com> http://us.cnn.com/2004/TRAVEL/04/16/airline.behavior.ap/ http://www.usatoday.com/travel/news/2004-04-16-behaviorscan_x.htm http://news.bostonherald.com/national/view.bg?articleid=1780 Carnival Booth, anyone? Besides, it's matter of time until the checklists "leak" and the "adversaries" adjust their behavior accordingly. (What would be the next move then?). The "anyone observing security methods" is the funniest part. I am not certain how one can avoid it, given the amount of time to kill that's usually present on the airports (is killing time a terrorist act?) - sooner or later all the tiles on the floor and the panels on the ceiling are counted, and what's left to watch is the guards and the cameras. Wouldn't it be less prone to false positives if they would optimize the airport operations so people won't have to stay there long enough to get bored and start noticing the security holes? From rah at shipwright.com Sun Apr 18 17:41:32 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 18 Apr 2004 20:41:32 -0400 Subject: Payment system and security conference Message-ID: --- begin forwarded text From rah at shipwright.com Sun Apr 18 17:45:55 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 18 Apr 2004 20:45:55 -0400 Subject: Speakers: Payment Systems and Security 04 - June 18/19 2004 Message-ID: Overview Agenda Presentations Venue Travel Accommodation Online Registration Corporate Sponsor: Contact Details Email: events at enhyper.com Telephone: +44 (0) 870 1996774 Payments Systems and Security 18/19th June 2004 Payments Systems and Security 18/19th June 2004 (Draft) Speakers * Geoff Chick, Product Director, Century 24 Solutions Integration Objects? * Dr Iain Saville, Head of Business Process Reform, Lloyds Kinnect - Taking Contracts Digital * Bill Millar, Head of Information Security Governance, Royal Bank of Scotland Security Governance * Ian Grigg, Principal Architect, Systemics Adaptive Governance for Payments and Securities Systems * Dr Sally Leivesley, Managing Director, Newrisk Limited Extreme Risk Management * John Walker, Principal Consultant, SiVenture (a division of NDS UK Ltd.) Unto the breach: breaking the hardware and cryptography of smart card chips * Alistair Dunlop, Director of the Open Middleware Infrastructure Institute, University of Southampton Grid Computing based Open Source Web Services * Paul Guthrie, Principal, Payment Software Corporation Applying digital cash ideas to Commerce * Ir. Simon Lelieveldt, S. Lelieveldt Consultancy How New Entrants Change the Traditional Security Approach to Payments * Frank Trotter, CEO, Everbank Blazing the Branchless Banking Trail - The Highs and Lows of Adoption and Security Issues * Graeme Burnett, Quantitative Technology Achitect, Deutsche Bank Future State Application Security Architecture * James Turk, Managing Director, Goldmoney Internet Gold - the new Governance * Avi Corfas, Managing Director EMEA, Skybox Security Vulnerability Management Needs A New Model: The Role of Attack Simulation in Automation Copyright ) 2004 Enhyper Ltd. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sun Apr 18 17:46:07 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 18 Apr 2004 20:46:07 -0400 Subject: Overview: Payments Systems and Security 18/19th June 2004 Message-ID: Enhyper - Payment Systems and Security 04 - June 18/19 2004 Overview Agenda Presentations Venue Travel Accommodation Online Registration Contact Details Email: events at enhyper.com Tel: +44 (0) 870 1996774 Payments Systems and Security 18/19th June 2004 Enhyper are proud to announce a conference with a difference, to be held at The Innholders Hall on 18/19th Jun 2004. Overview At PaySec2004 we've brought together payment systems developers, security architects, operational risk practitioners and academics to address all aspects of technology, security and operation in the payment systems domain, both present and future state. The best of the Internet versus the best of the City. Short key technical demonstrations will be interspersed to bring context to the challenges and the solutions. Rump sessions will allow you to contribute your experiences for the benefit of others. Headline Topics The conference will cover many crucial topics in the Payment Systems field: * Payment Transformations and integration: a revolutionary code generation approach * Settlement to T+0 and RTGS * Programmatic electronic contract negotiation * Systems Performance Monitoring: Service Level Compliance * Extensible Electronic Currency Frameworks * SSL/SSH based infrastructure to enhance federated security * Payment Systems as Critical National Infrastructure * Automated System Risk Audits for Operational Risk Compliance * Strategies for Defending against Infrastructure Attacks * Reusable Security Architecture via pre-risk assessed patterns Conference Ethos Security of payments is more than the application of cryptography over the the Internet, and more than a secured private network between banks: it is the application of all of the disciplines - technology, a legal framework, risk analysis and mitigation, insurance, good management practice and strong accounting. Our desire is to bring the following four streams together in one conference in the context of applied security: Applications, Infrastructure, Risk and Research. Applications Blending today's payment systems providers with state-of-the-art payment technology developers combines experience with innovative technology. * An Escape From Hard-Coded Application Integration: Demonstration and discussion of a highly scalable message format definition, transformation and transport modelling toolset which solves data integration issues for legacy systems, message-orientated middleware and XML based messaging systems. * Electronic Payments and Contracts: Live demonstration and discussion of several payments frameworks and electronic contract mechanisms. Discussion of operational aspects and how new financial instruments can be supported. Infrastructure Computer infrastructure is changing from service-based to web service delivery. To deliver these services, Grid Infrastructures offer enhanced platform utilistation and massive scalability. * From Client/Server to Grid-based Web Services: Government see grid computing as the powerhouse behind a new economy. We meet the Director of the UK Government's initiative. * Application Security and Risk Assessment: Security is no longer that last final step before production. Threat analysis must be considered on all levels, not just any single one. Risk assessment is no longer a subjective, paper based exercise. Many organisations face the challenge of measuring their level of security, their level of risk and their progress in securing their IT resources. We present a framework for the reuse of security architecture patterns which streamlines the whole development process and greatly enhances application security and awareness. Automated risk assessment techniques will be demonstrated in a revolutionary approach to network vulnerability. Risk The 21st century has brought risks and attacks never previously thought realistic outside a Hollywood movie, but now have to be analysed, quantified, and prepared for. * Payment Systems as Critical National Infrastructure: Discussion of the threats posed by CNBR Research Regulatory and billing systems that assume one simple security model are already under strain, and will need to accomodate the new efficient security models of micropayments. The entry of the mobile phone into the payments platform will lead to increasing convergance pressures on Banks and Telcos. The Event The conference is held on a Friday and Saturday in a friendly, relaxed, cooperative environment, led by experienced payment industry professionals in a venue which combines the traditional with the modern - one of the City of London's oldest Livery halls with a WiFi network connected to the internet. There'll be opportunity to share your experience and hear that of others at one of our five minute rump sessions. Copyright ) 2004 Enhyper Ltd. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From squid at panix.com Sun Apr 18 20:12:24 2004 From: squid at panix.com (Yeoh Yiu) Date: 18 Apr 2004 23:12:24 -0400 Subject: voting In-Reply-To: <4080296D.18F94552@nma.com> References: <5.2.0.9.0.20040414223638.048444c0@pop.ix.netcom.com> <5.1.0.14.0.20040416085123.00a23ba0@pop.theworld.com> <4080296D.18F94552@nma.com> Message-ID: Ed Gerck writes: > David Jablon wrote: > > > The 'second law' also takes precedence: ballots are always secret, only > vote totals are known and are known only after the election ends. > > > What I see in serious > > voting system research efforts are attempts to build systems that > > provide both accountability and privacy, with minimal tradeoffs. > > There is no tradeoff prossible for voter privacy and ballot secrecy. > Take away one of them and the voting process is no longer a valid > measure. Serious voting system research efforts do not begin by > denying the requirements. You get totals per nation, per state, per county, per riding, per precinct, per polling stion and maybe per ballot box. So there's a need to design the system to have more voters than ballot boxes to conform to your second law. From egerck at nma.com Mon Apr 19 00:55:02 2004 From: egerck at nma.com (Ed Gerck) Date: Mon, 19 Apr 2004 00:55:02 -0700 Subject: voting References: <5.2.0.9.0.20040414223638.048444c0@pop.ix.netcom.com> <5.1.0.14.0.20040416085123.00a23ba0@pop.theworld.com> <4080296D.18F94552@nma.com> Message-ID: <408385D6.F8556005@nma.com> Yeoh Yiu wrote: > > Ed Gerck writes: > > > The 'second law' also takes precedence: ballots are always secret, only > > vote totals are known and are known only after the election ends. > > You get totals per nation, per state, per county, per riding, > per precinct, per polling stion and maybe per ballot box. The lowest possible totals are per race, per ballot box. The 'second law' allows you to have such totals -- which are the election results for that race in that ballot box. For example, if there are two candidates (X and Y) in race A , two candidates (Z and W) in race B, and only one vote per candidate is allowed in each race, the election results for ballot box K might be: Vote totals for race A in ballot box K: Votes for candidate X: 5 Votes for candidate Y: 60 Blank votes: 50 Vote totals for race B in ballot box K: Votes for candidate Z: 45 Votes for candidate W: 50 Blank votes: 20 Total ballots in ballot box K: 115 Because only the vote totals are known for each race, a voter cannot be identified by recognizing a pre-defined, unlikely voting pattern in each race of a ballot. This exemplifies one reason why we need the 'second law' -- to preserve unlinkability between ballots and voters. > So there's a need to design the system to have more voters > than ballot boxes to conform to your second law. No. All you need is that there should be more than one voter per ballot box. This is a rather trivial requirement to meet. Cheers, Ed Gerck From anmetet at freedom.gmsociety.org Mon Apr 19 02:57:06 2004 From: anmetet at freedom.gmsociety.org (An Metet) Date: Mon, 19 Apr 2004 05:57:06 -0400 Subject: Anonymity vs reputation question Message-ID: <822834ccf70ba583de22bc4ccbe6f504@anonymous> > Thinking about something, I found an interesting problem. It is possible > to set up a reputation-based system with nyms, where every nym is an > identity with attached reputation. > > Is it possible to have a system where nyms can share reputation without > divulging the links between them? That would allow the possibility of eg. > publishing as a "new" identity while still having the "weight" of an > already established seasoned professional. Yes, you can do this, but there are some problems. First, what is a reputation? Reputations are in people's minds. Any nym will have a different reputation with different people. The only way the new nym could have exactly the same reputation with everyone would be for it to be explicitly linked to the old nym, defeating the purpose of switching. Therefore the new nym's reputation will have to be a simple subset of the reputation of the old nym, in order that many nyms will have equal reputation and the new one won't be linked. This suggests a simple boolean ranking where one or more respected figures can give their endorsement to a nym, and then the new nym can start up and say that it is endorsed by so-and-so. As long as that person gave out quite a few endorsements then there will not be too much linkage to the old nym. As someone mentioned, this is the problem which is solved by cryptographic credentials, like those of Chaum or Brands. The "reputation judge" gives out an endorsement credential to those nyms he deems worthy; then through various cryptographic techniques these credentials can be shown by the new nyms. A simple version of this would be to use the same Chaum blind signatures that are used for ecash. When the reputation judge gives out the credential, in addition to signing the nym, he also issues a blind signature on a blinded identity offered by the nym owner. The judge can't see what nym he is signing, but later that nym can show that its identity is signed by the reputation judge. Brands credentials basically work this same way. A problem with this is that only one new nym gets endorsed, so the holder can only switch identities once. To fix this, the judge could issue several blind signatures, say about 5, which would accommodate that many identity switches. An even simpler approach would be for the reputation judge to create a common public key to be used as a signing key by everyone he endorses. When he endorses someone he reveals to them, privately, the secret key used to sign with the common public key. Then all nyms who have received the endorsement can sign with the common key in addition to their own. When the nym switches identities he still knows the common signing key and can sign with it along with the new nym. The problem with this class of systems is that if anyone leaks the common private key, then the security of the endorsement is lost and anyone can pretend to be endorsed. A similar flaw with the previous proposal is that if someone gets several blind endorsements, they might give some away or sell some, and the new buyers might misuse them, cheapening the value of the endorsement. Yet another method, good if there aren't more than a dozen or so nyms which are endorsed, is to use a ring or group signature. The reputation judge publishes a list of keys that he endorses, and then anyone on the list can make a signature which can be verified as coming from one of the keys, but there is no way to tell which one made it. This has a security problem similar with the 2nd approach, that someone on the list could secretly give away his private key to other people, and they could sign bad messages, with no way to tell which person on the list created them. The reputation judge could address this by withdrawing his endorsement of the last few list members, and seeing if the problem goes away, but it would be a complicated and messy situation. From mv at cdc.gov Mon Apr 19 09:19:49 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 19 Apr 2004 09:19:49 -0700 Subject: Vote Market Message-ID: <4083FC25.41C5D4BD@cdc.gov> At 09:25 AM 4/17/04 +1000, Tim Benham wrote: >I think all this concern about voter coercion is rather overblown. Maybe we >should ban bank statements because people might be coerced into showing them >to someone and punished for hiding their money. Receipts might open up >opportunities for voter coercion but there are mechanisms for combatting >coercion other than coercive anonymity. > >What is missing in this discussion is mention of the benefits which would flow >from making voter anonymity optional. Non-anonymous voting is a necessary >precondition for a vote market And that is why this list is still worth reading. Innovative socio-crypto speculation free of inhibition. Its interesting to consider what the economic benefits would be to individual voters, and the buyers. The bizmodel. How it varies with 'obedience' to one's vote-employer. Receipts give 100% obedience. No receipts could range from 0% to 100% depending on the population's behavior. In some races, buying 10% obedience in 30% of the population can swing a race. How many issues could a voter play, what kind of money are we talking about? The inertia (as in Men w/ Guns, besides insufficient anonymity / anoncash infrastructure) in getting such a market set up is large :-) Though in one sense, are the price of stock-shares the price of control-votes in guiding a private entity? Except confused by the value of the stock as an asset. PS: the Mw/G who want to see your ATM receipts already see them :-) From mv at cdc.gov Mon Apr 19 09:41:30 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 19 Apr 2004 09:41:30 -0700 Subject: Anonymity vs reputation question Message-ID: <4084013A.D794B319@cdc.gov> At 05:57 AM 4/19/04 -0400, An Metet wrote: >> Is it possible to have a system where nyms can share reputation without >> divulging the links between them? That would allow the possibility of eg. >> publishing as a "new" identity while still having the "weight" of an >> already established seasoned professional. > >Yes, you can do this, but there are some problems. > >First, what is a reputation? Reputations are in people's minds. Any nym >will have a different reputation with different people. The only way >the new nym could have exactly the same reputation with everyone would >be for it to be explicitly linked to the old nym, defeating the purpose >of switching. Reputation requires authentication so you know you're talking to the same endpoint. It is easily implemented with a PK signature. Normally you assume the IP:port at the other end remains the same endpoint, but MITM attacks show that this is an exploitably false assumption. IPSec fixes this. So reputation is not in people's minds, its something that one can construct by signing documents with the same key. A nym is just a token, a string, a handle. You can make it more by making it persistant across sessions (ie, keep using the same RSA key instead of using ephemeral DH or one-time RSA keys to authenticate a single session.); normally folks do this to accrue reputation as well as for convenience. All you need is the same RSA key used above. You can further concretize a nym by associating it with a human subject to Men w/ Guns. But its not necessary, any more than persistant authentication (reputation) is. You can use a throw-away email account, or public key, for each message, thread, clique, etc. -------- In thinking about how to transfer reputation-credits, is the Adversary watching any movement on that 'account'? To use the credits, someone has to talk to a clearing house (to avoid double-spending) unless the reputation was on a physical bearer-gizmo like a secure card. (Cash or other anon Finder's-Keeper's bearer bling are the preferred funds transfer mechanism for identity-change). I don't see how you can transfer an unforgable token without some online activity xor secure physical implementation. From camera_lumina at hotmail.com Mon Apr 19 06:55:39 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 19 Apr 2004 09:55:39 -0400 Subject: Blacknet voting Message-ID: I don't know...I've been following some of the voting discussion, and to some extent for the rank-and-file, doesn't this still boil down to "trust us"? (In other words, it looks like a large number of people have to work very carefully to make sure the voting system is secure, and then voters have to trust that the group did the work correctly.) Just riffing here, but isn't there some kind of possility for "Blacknet" voting? In other words, if the "voting machines" were by nature untamperable because of... 1) No one actually knows where they are 2) "They" aren't actually anywhere, perhaps being distributed entities on the network. In fact, votes pass into the voting blacknet and are untraceable. 3) The voting blacknet can be audited perhaps periodically (modula provisions for denial of service attacks), to make sure there's be no systematic tampering (which theoretically should be impossible anyway). OK, of course there are issues of multiple votes &c...but this seems no more difficult than digital cash. -TD >From: Yeoh Yiu >To: Ed Gerck >CC: David Jablon , John Kelsey , > "Trei, Peter" , cypherpunks at al-qaeda.net, > cryptography at metzdowd.com, "'privacy.at Anonymous Remailer'" > >Subject: Re: voting >Date: 18 Apr 2004 23:12:24 -0400 > >Ed Gerck writes: > > > David Jablon wrote: > > > > > > The 'second law' also takes precedence: ballots are always secret, only > > vote totals are known and are known only after the election ends. > > > > > What I see in serious > > > voting system research efforts are attempts to build systems that > > > provide both accountability and privacy, with minimal tradeoffs. > > > > There is no tradeoff prossible for voter privacy and ballot secrecy. > > Take away one of them and the voting process is no longer a valid > > measure. Serious voting system research efforts do not begin by > > denying the requirements. > >You get totals per nation, per state, per county, per riding, >per precinct, per polling stion and maybe per ballot box. >So there's a need to design the system to have more voters >than ballot boxes to conform to your second law. > _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar  get it now! http://toolbar.msn.com/go/onm00200415ave/direct/01/ From rah at shipwright.com Mon Apr 19 16:44:44 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 19 Apr 2004 19:44:44 -0400 Subject: ECC'04 -- Second announcement Message-ID: --- begin forwarded text From ecc at crypto.rub.de Mon Apr 19 13:50:41 2004 From: ecc at crypto.rub.de (ECC 2004) Date: Mon, 19 Apr 2004 22:50:41 +0200 Subject: ECC'04 -- Second announcement Message-ID: THE 8TH WORKSHOP ON ELLIPTIC CURVE CRYPTOGRAPHY (ECC 2004) Ruhr-University Bochum, Germany September 20, 21 & 22, 2004 SECOND ANNOUNCEMENT April 19, 2004 ECC 2004 is the eighth in a series of annual workshops dedicated to the study of elliptic curve cryptography and related areas. The main themes of ECC 2004 will be: - The discrete logarithm problem. - Efficient parameter generation and point counting. - Provably secure cryptographic protocols. - Efficient software and hardware implementation. - Side-channel attacks. - Deployment of elliptic curve cryptography. It is hoped that the meeting will continue to encourage and stimulate further research on the security and implementation of elliptic curve cryptosystems and related areas, and encourage collaboration between mathematicians, computer scientists and engineers in the academic, industry and government sectors. There will be approximately 15 invited lectures (and no contributed talks), with the remaining time used for informal discussions. There will be both survey lectures as well as lectures on latest research developments. SPONSORS: BSI - Bundesamt f|r Sicherheit in der Informationstechnik DFG-Graduate School on Cryptography ECRYPT - European Network of Excellence in Cryptography Ruhr-University Bochum University of Waterloo ORGANIZERS: Gerhard Frey (University of Duisburg-Essen) Tanja Lange (Ruhr-University Bochum) Alfred Menezes (University of Waterloo) Christof Paar (Ruhr-University Bochum) Scott Vanstone (University of Waterloo) CONFIRMED SPEAKERS: Roberto Avanzi (University of Duisburg-Essen, Germany) Paulo Barreto (Scopus Tecnologia, Brazil) Pierrick Gaudry (LIX Paris, France) Marc Joye (Gemplus, France) Norbert Luetkenhaus (University of Erlangen, Germany) Kim Nguyen (Bundesdruckerei, Germany) Alexander May (University of Paderborn, Germany) Matt Robshaw (Royal Holloway University of London, UK) Werner Schindler (BSI, Germany) Jasper Scholten (KU Leuven, Belgium) Hovav Shacham (Stanford University, USA) Igor Shparlinski (Macquarie University, Australia) Nigel Smart (University of Bristol, UK) Thomas Wollinger (Ruhr-University Bochum, Germany) LOCAL ARRANGEMENTS AND REGISTRATION: Bochum is situated approximately 50 km from Dusseldorf International Airport and about 300 km from Frankfurt Airport. Participants should plan to arrive on September 19 to be able to attend the lectures on Monday morning. If you did not receive this announcement by email and would like to be added to the mailing list for the third announcement, please send a brief email to ecc at crypto.rub.de. The announcements are also available from the web site www.cacr.math.uwaterloo.ca/conferences/2004/ecc2004/announcement.html ----------------------------------------------------------------------- REGISTRATION & ACCOMMODATIONS: Details on registration and accomodation will follow in the next announcement. ========================================================================== FURTHER INFORMATION: For further information, please contact: Tanja Lange Information Security and Cryptography Ruhr-University Bochum e-mail: ecc at crpyto.rub.de Fax: +49 234 32 14430 Tel: +49 234 32 23260 ========================================================================== ECC 2004 - Bochum www.cacr.math.uwaterloo.ca/conferences/2004/ecc2004/announcement.html --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From bjonkman at sobac.com Mon Apr 19 21:59:45 2004 From: bjonkman at sobac.com (Bob Jonkman) Date: Tue, 20 Apr 2004 00:59:45 -0400 Subject: PlayFair > Sarovar In-Reply-To: Message-ID: <40847601.21887.7321AE@localhost> That seemed short-lived. Both links to the Playfair project at Sarovar are dead: http://sarovar.org/projects/playfair/ and http://playfair.sarovar.org/ The search function doesn't come up with anything either... Has there been any further news on this? --Bob. This is what R. A. Hettinga said about " PlayFair > Sarovar" on 12 Apr 2004 at 13:42 > > --- begin forwarded text > > > To: nettime > From: kevin lahoda > Subject: PlayFair > Sarovar > Date: Sat, 10 Apr 2004 14:51:11 -0400 > Sender: nettime-l-request at bbs.thing.net > Reply-To: kevin lahoda > > Sarovar.org is India's first portal to host projects under Free/Open > source licenses. It is located in Trivandrum, India and hosted at > Asianet data center. Sarovar.org is customised, installed and > maintained by Linuxense as part of their community services and > sponsored by River Valley Technologies. > > From Sarovar's < http://sarovar.org/ > Latest News: "After a short > "vacation" thanks to a Cease and Desist letter from Apple, we're back > online. Many thanks to Sarovar for hosting us.. -PlayFair " > > Sarovar now hosts The PlayFair project < http://playfair.sarovar.org/ > > which SourceForge has declined in order to avoid tangling with > Apple's decision to go DMCA on their ass < > http://slashdot.org/article.pl?sid=04/04/09/1554203 >. Like something > from a Gibson novel, I wouldn't doubt if Sarovar rises to meet more > than another of these occasions in the near future. > > And so, we have more contentious open source code hosted outside of > the US in order to circumvent unfavorable legal processes. > > Offtshoring in itself is not all that new (another example: < > http://www.citi.umich.edu/u/provos/honeyd/ >). Here is how this one > gets interesting: A big guy - Apple, goes a little sour, another > (kind of) big guy - SourceForge, takes the easy route, and then an > offshore repository stands in. > > With all of this, one thing that should not be ignored is that > SourceForge should be shamed for not holding itself stronger. In a way > SourceForge's decline of PlayFair and non-usage of the Safe Harbor > Provision Act < http://www.chillingeffects.org/dmca512/ > is an admit > of defeat and a failure to stand up for one's (community's) rights. > > What comes out of this? > > Well, maybe Apple wins because they avoid a chance of being tarnished. > Imagine what consumer level acknowledgment of the reality of Apple > marketing a clean yet gritty 'Garage Band' motif (with all that punk > rock implies) while at the same time sleeping with DRM, recently RIAA, > and now DMCA, could entail... One can easily see that Apple is dancing > itself into a bit of a gamble. But then again, what does an Ipod > zombie care about these acronyms anyway? > > What does SourceForge get? Not much. This only makes it easier for > them to weasle out of the next situation that comes up. Not to mention > they also missed a good chance to join PlayFair in telling Apple > what's what. > > k > > http://sarovar.org/ http://sarovar.org/projects/playfair/ > http://slashdot.org/article.pl?sid=04/04/09/1554203 > http://www.chillingeffects.org/dmca512/ > http://www.citi.umich.edu/u/provos/honeyd/ > > http://www.theregister.co.uk/2004/04/09/playfair_dmca_takedown/ > > > > > # distributed via : no commercial use without permission > # is a moderated mailing list for net criticism, > # collaborative text filtering and cultural politics of the nets more > # info: majordomo at bbs.thing.net and "info nettime-l" in the msg body > # archive: http://www.nettime.org contact: nettime at bbs.thing.net > > --- end forwarded text > > > -- > ----------------- > R. A. Hettinga > The Internet Bearer Underwriting Corporation 44 > Farquhar Street, Boston, MA 02131 USA "... however it may deserve > respect for its usefulness and antiquity, [predicting the end of the > world] has not been found agreeable to experience." -- Edward Gibbon, > 'Decline and Fall of the Roman Empire' From pique at netspace.net.au Mon Apr 19 15:28:16 2004 From: pique at netspace.net.au (Tim Benham) Date: Tue, 20 Apr 2004 08:28:16 +1000 Subject: Vote Market In-Reply-To: <200404192125.i3JLPvoI030760@waste.minder.net> References: <200404192125.i3JLPvoI030760@waste.minder.net> Message-ID: <200404200828.16318.pique@netspace.net.au> > Date: Mon, 19 Apr 2004 09:19:49 -0700 > From: "Major Variola (ret)" > Subject: Re: Vote Market > > At 09:25 AM 4/17/04 +1000, Tim Benham wrote: > >I think all this concern about voter coercion is rather overblown. > > Maybe we > > >should ban bank statements because people might be coerced into showing > > them > > >to someone and punished for hiding their money. Receipts might open up > >opportunities for voter coercion but there are mechanisms for > > combatting > > >coercion other than coercive anonymity. > > > >What is missing in this discussion is mention of the benefits which > > would flow > > >from making voter anonymity optional. Non-anonymous voting is a > > necessary > > >precondition for a vote market > > And that is why this list is still worth reading. Innovative > socio-crypto speculation > free of inhibition. I'm glad someone liked it. The voting thread seemed mainly about achieving 19th century ideals with 21st century technology. But it seemed to me as coercively non-libertarian to forcibly prevent people from verifiably revealing their vote as it is to do the opposite. Sometimes you don't want to be anonymous. > > Its interesting to consider what the economic benefits would be to > individual > voters, and the buyers. The bizmodel. How it varies with 'obedience' > to one's vote-employer. Receipts give 100% obedience. No receipts > could > range from 0% to 100% depending on the population's behavior. In > some races, buying 10% obedience in 30% of the population can swing > a race. Yes, but the "optional obedience" model is what we have now, and it's obviously very inefficient. It leads to large amounts of private and common property being squandered in an effort to buy the votes of people who often don't even bother turning up of for work. My plan was to let people sell their vote before the election. I'll leave designing a scheme by which this can be done anonymously online to the lists crypto-mavens. > > How many issues could a voter play, what kind of money > are we talking about? How much to the parties spend on campaigns now? They should be willing to spend more on buying votes, because a bought vote is a much better product. How much they would *have* to spend would depend on the market, but the greater efficiency a vote market would attract more buyers, so it's reasonable to assume that the cost of buying an election would go up. > > The inertia (as in Men w/ Guns, besides insufficient anonymity / > anoncash infrastructure) > in getting such a market set up is large :-) > > Though in one sense, are the price of stock-shares the price of > control-votes in guiding a > private entity? Except confused by the value of the stock as an asset. If a company pays no dividends and returns no capital to its shareholders, then control's the only source of value for the shares. At least that's what my theory tells me (fair value is net present value of income produced by the asset + value of "externalities"), but there are shares that trade at nonzero prices which pay no dividends, return no capital, and have control locked up. I've never been able to work this out. Tim B From mv at cdc.gov Tue Apr 20 09:04:43 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 20 Apr 2004 09:04:43 -0700 Subject: Vote Market Message-ID: <40854A1B.1D118F82@cdc.gov> At 08:28 AM 4/20/04 +1000, Tim Benham wrote: > >I'm glad someone liked it. The voting thread seemed mainly about achieving >19th century ideals with 21st century technology. But it seemed to me as >coercively non-libertarian to forcibly prevent people from verifiably >revealing their vote as it is to do the opposite. Sometimes you don't want to >be anonymous. The 19th century ideals spell out a threat model. Which you can then design procedures & gizmos to resist. A different model is interesting because it instructs in how attacks & resistance work. BTW, its been argued that if you paid people to vote you'd increase participation. Participation is a good thing in some, but not all, opinions on democracy. You could pay folks for merely voting (eg a govt might do this) or you could pay folks by issue (which receipts make practical for proponents of some issue) which you suggest. >My plan was to let people sell >their vote before the election. I'll leave designing a scheme by which this >can be done anonymously online to the lists crypto-mavens. You could create a prototype market by using absentee voters and certification that the paper vote was dropped into a mailbox by a human attendant. There are legal obstacles. but there are shares that trade at nonzero >prices which pay no dividends, return no capital, and have control locked up. >I've never been able to work this out. The owners obviously 1. trust the controllers for some (possibly finite) amount of time 2. expect to be able to sell shares to others in the future. The difference between this and Ponzi schemes is left to the reader.. but as long as there's no coercion, fraud, or pollution, then "whatever"... From article at mises.org Tue Apr 20 06:13:15 2004 From: article at mises.org (Mises Daily Article) Date: Tue, 20 Apr 2004 09:13:15 -0400 Subject: What Should Freedom Lovers Do? Message-ID: http://www.mises.org/fullstory.asp?control=1499 What Should Freedom Lovers Do? by Llewellyn H. Rockwell, Jr. [Posted April 20, 2004] How can one combine professional life with the advancement of liberty? Of course it is presumptuous to offer a definitive answer since all jobs and careers in the market economy are subject to the forces of the division of labor. Because a person focuses on one task doesn't mean that he or she isn't great at many tasks; it means only that the highest productive gains for everyone come from dividing tasks up among many people of a wide range of talents. So it is with the freedom movement. The more of us there are, the more we do well to specialize, to cooperate through exchange, to boost our impact by dividing the labor. There is no way to know in advance what is right for any person in particular. There are so many wonderful paths from which to choose (and which I will discuss below). But this much we can know. The usual answergo into governmentis wrongheaded. Too many good minds have been corrupted and lost by following this fateful course. If often happens that an ideological movement will make great strides through education and organization and cultural influence, only to take the illogical leap of believing that politics and political influence, which usually means taking jobs within the bureaucracy, is the next rung on the ladder to success. This is like trying to fight a fire with matches and gasoline. This is what happened to the Christian right in the 1980s. They got involved in politics in order to throw off the yoke of the state. Twenty years later, many of these people are working in the Department of Education or for the White House, doing the prep work to amend the Constitution or invade some foreign country. This is a disastrous waste of intellectual capital. It is particularly important that believers in liberty not take this course. Government work has been the chosen career path of socialists, social reformers, and Keynesians for at least a century. It is the natural home to them because their ambition is to control society through government. It works for them but it does not work for us. To become a bureaucrat to fight bureaucracy, to join the state in order to roll it back, makes as much sense as fighting fire with matches and gasoline. In the first half of the 20th century, libertarians knew how to oppose statism. They went into business and journalism. They wrote books. They agitated within the cultural arena. They developed fortunes to help fund newspapers, schools, foundations, and public education organizations. They expanded their commercial ventures to serve as a bulwark against central planning. They became teachers and, when possible, professors. They cultivated wonderful families and focused on the education of their children. It is a long struggle but it is the way the struggle for liberty has always taken place. But somewhere along the way, some people, enticed by the prospect of a fast track to reform, rethought this idea. Perhaps we should try the same technique that the left did. We should get our people in power and displace their people, and then we can bring about change toward liberty. In fact, isn't this the most important goal of all? So long as the left controls the state, it will expand in ways that are incompatible with freedom. We need to take back the state. So goes the logic. What is wrong with it? The state's only function is as an apparatus of coercion and compulsion. That is its distinguishing mark. It is what makes the state the state. To the same extent that the state responds well to arguments that it should be larger and more powerful, it is institutionally hostile to anyone who says that it should be less powerful and less coercive. That is not to say that some work from the "inside" cannot do some good, some of the time. But it is far more likely that the state will convert the libertarian than for the libertarian to convert the state. We've all seen this a thousand times. It rarely takes more than a few months for a libertarian intellectual headed for the Beltway to "mature" and realize that his or her old ideals were rather childish and insufficiently real world. A politician promising to defang Washington later becomes the leading expert in applying tooth enamel. Once that fateful step is taken, there are no limits. I know a bureaucrat who helped run martial law in Iraq who once swore fidelity to Rothbardian political economy. The reason has to do with ambition, which is not normally a bad impulse. The culture of Washington, however, requires that ambition work itself out by paying maximum deference to the powers that be. At first, this is easy to justify: how else can the state be converted except by being friendly to it? The state is our enemy, but for now, we must pretend to be its pal. In time, the dreams are displaced by the daily need to curry favor. Eventually the person becomes precisely the kind of person he or she once despised. (For Lord of the Rings fans, it's like being asked to carry the ring for a while; you don't want to give it up.) It is far more likely that the state will convert the libertarian than the libertarian will convert the state I've known people who have gone this route and one day took an honest look in the mirror, and didn't like what they saw. They have said to me that they were mistaken to think it could work. They didn't recognize the subtle ways in which they themselves were being drawn in. They recognize the futility of politely asking the state, day after day, to permit a bit more liberty here and there. Ultimately you must frame your arguments in terms of what is good for the state, and the reality is that liberty is not usually good for the state. Hence, the rhetoric and finally the goal begin to change. The state is open to persuasion, to be sure, but it usually acts out of fear, not friendship. If the bureaucrats and politicians fear backlash, they will not increase taxes or regulations. If they sense a high enough degree of public outrage, they will even repeal controls and programs. An example is the end of alcohol prohibition or the repeal of the 55 mph speed limit. These were pulled back because politicians and bureaucrats sensed too high a cost from continued enforcement. The problem of strategy was something that fascinated Murray Rothbard, who wrote several important articles on the need for never compromising the long-run goal for short-term gain through the political process. That doesn't mean we should not welcome a 1 percent tax cut or repeal a section of some law. But we should never allow ourselves to be sucked into the trade-off racket: e.g., repeal this bad tax to impose this better tax. That would be using a means (a tax) that contradicts the goal (elimination of taxation). The Rothbardian approach to a pro-freedom strategy comes down to the following four affirmations: 1) the victory of liberty is the highest political end; 2) the proper groundwork for this goal is a moral passion for justice; 3) the end should be pursued by the speediest and most efficacious possible means; and 4) the means taken must never contradict the goal"whether by advocating gradualism, by employing or advocating any aggression against liberty, by advocating planned programs, by failing to seize any opportunities to reduce State power, or by ever increasing it in any area." Libertarians are not the first people who have confronted the question of strategy for social advance and cultural and political change. After the Civil War, a large part of the population of the South, namely former slaves, found themselves in a perilous situation. They had a crying need to advance socially within society, but lacked education, skill, and capital. They also bore the burden of pushing social change that permitted them to be regarded as full citizens who made the most of their new freedom. In many ways, they found themselves in a position somewhat like new immigrants but with an additional burden of throwing off an old social status for a new one. The Reconstruction period of Union-run martial law invited many blacks to participate in politics as a primary goal. This proved to be a terrible temptation for many, as the former Virginia slave Booker T. Washington said. "During the whole of the Reconstruction period our people throughout the South looked to the Federal Government for everything, very much as a child looks to its mother." He rejected this political model because "the general political agitation drew the attention of our people away from the more fundamental matters of perfecting themselves in the industries at their doors and in securing property." The state chews up and either eats or spits out those with a passion for liberty. Washington wrote that "the temptations to enter political life were so alluring that I came very near yielding to them at one time" but he resisted this in favor of "the laying of the foundation of the race through a generous education of the hand, head and heart." Later when he visited DC, he knew that he had been right. "A large proportion of these people had been drawn to Washington because they felt that they could lead a life of ease there," he wrote. "Others had secured minor government positions, and still another large class was there in the hope of securing Federal positions." As it was in the 1870s it is today. The state chews up and either eats or spits out those with a passion for liberty. The extent to which W.E.B DuBois's Marxian push for political agitation has prevailed over Washington's push for commercial advance has been tragic for black Americans and for the whole of American society. Many obtained political power but not liberty classically understood. We can learn from this. The thousands of young people who are discovering the ideas of liberty for the first time ought to stay away from the Beltway and all its allures. Instead, they should pursue their love and passion through arts, commerce, education, and even the ministry. These are fields that offer genuine promise with a high return. When a libertarian tells me that he is doing some good as a procurement officer at HUD, I don't doubt his word. But how much more would he do by quitting his job and writing an expose on the entire bureaucratic racket? One well-placed blast against such an agency can bring about more reform, and do more good, than decades of attempted subversion from within. Are there politicians who do some good? Certainly, and the name Ron Paul is the first that comes to mind. But the good he does is not as a legislator as such but as an educator with a prominent platform from which to speak. Every no vote is a lesson to the multitudes. We need more Ron Pauls. But Ron is the first to say that, more importantly, we need more professors, business owners, fathers and mothers, religious leaders, and entrepreneurs. The party of liberty loves commerce and culture, not the state. Commerce and culture is our home and our launching ground for social reform and revolution. _______________________________ Llewellyn H. Rockwell, Jr. [rockwell at mises.org] is president of the Ludwig von Mises Institute in Auburn, Alabama, and editor of LewRockwell.com. He is the author of Speaking of Liberty. See his archive and comment on this article on the blog. A version of this article appeared in the May 2004 issue of The Free Market, available for Members of the Mises Institute. In response to many requests, it is now possible to set your credit-card contribution to the Mises Institute to be recurring. You can easily set this up on-line with a donation starting at $10 per month. See the Membership Page. This is one way to ensure that your support for the Mises Institute is ongoing. [Print Friendly Page] Mises Email List Services Join the Mises Institute Mises.org Store Home | About | Email List | Search | Contact Us | Periodicals | Articles | Games & Fun News | Resources | Catalog | Contributions | Freedom Calendar You are subscribed as: rah at shipwright.com Manage your account. Unsubscribe here or send email to this address. --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From lloyd at randombit.net Tue Apr 20 08:38:19 2004 From: lloyd at randombit.net (Jack Lloyd) Date: Tue, 20 Apr 2004 11:38:19 -0400 Subject: BBC on all-electronic Indian elections In-Reply-To: <40854187.9060602@exmosis.net> References: <40854187.9060602@exmosis.net> Message-ID: <20040420153819.GG29689@acm.jhu.edu> On Tue, Apr 20, 2004 at 04:28:07PM +0100, Graham Lally wrote: > Current report: > > > > The tech: > > > > Bit scant on details.. anyone know anything more about how the machine > (/system) "is fully tamper-proof"? The system they are using has been proven tamper-proof by strong assertion. This method of security proof is used around the world for protecting all kinds of systems. Still, I liked this quote: '"I came to vote because wasting one's ballot in a democracy is a sin," he told the BBC.' Not too common a view in the US these days, it seems like. -Jack From rah at shipwright.com Tue Apr 20 08:46:01 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 20 Apr 2004 11:46:01 -0400 Subject: What Should Freedom Lovers Do? Message-ID: --- begin forwarded text From anmetet at freedom.gmsociety.org Tue Apr 20 12:54:02 2004 From: anmetet at freedom.gmsociety.org (An Metet) Date: Tue, 20 Apr 2004 15:54:02 -0400 Subject: What Should Freedom Lovers Do? Message-ID: <39861fe75d4c97712eb66fc78382a148@anonymous> Lew Rockwell had written: > The Rothbardian approach to a pro-freedom strategy comes down to the > following four affirmations: 1) the victory of liberty is the highest > political end; 2) the proper groundwork for this goal is a moral passion > for justice; 3) the end should be pursued by the speediest and most > efficacious possible means; and 4) the means taken must never contradict > the goal, "whether by advocating gradualism, by employing or advocating any > aggression against liberty, by advocating planned programs, by failing to > seize any opportunities to reduce State power, or by ever increasing it in > any area." This is good advice for cypherpunks as well. We all support the victory of liberty, and we have a moral passion for justice. Whether our means are the speedious and most efficacious may be questionable, but it's not like other forums are seeing vastly greater success. And it's best if freedom lovers push forward on all fronts. Our goals of providing liberty through cryptography are complementary to other efforts to achieve freedom. But the last point is the one I want to emphasize, a continuing theme in my writings for the past several years: that the means must not contradict the goal. Too often have cypherpunks fallen into the trap of advocating violence and aggression as a means to achieve their freedoms. Tim May was the worst of these, wishing for the nuclear obliteration of Washington, cheering the Oklahoma City bombings, even threatening the lives of family members of those who would break their word to him. The destruction of innocents must never be part of the agenda of a supporter of freedom. Of course, if we stick to cypherpunk means, the issue does not arise. Cryptographic anonymity threatens no one but aggressors. It is purely defensive in nature. Using PGP, TOR or Freenet does not harm innocent children or anyone else. Yet these technologies open up new possibilities for freedom of speech today, and hopefully for freedom of contract in the future. In my devotion to freedom, I apparently go beyond the point where most cypherpunks are comfortable, in that I support private initiatives and technologies of all sorts and oppose government regulation of them. I am a supporter and admirer of Microsoft, which has achieved tremendous market success without relying on government support, indeed in the face of steadfast government opposition. I oppose government antitrust efforts in general, and specifically those directed against Microsoft. Yet how many other cypherpunks have spoken up in favor of this widely hated company? Where is your love of freedom, if you can be silent in the face of government infringement of their rights? Re-read Rothbard's fourth point, and understand that support of antitrust actions is exactly what he cautions against. Last year a widely published diatribe against online "monoculture" called for Microsoft to be compelled to engage in all sorts of activities, including rewriting all their software to run on Linux. This homage to statism was authored by, among others, a man who once called himself libertarian: Perry Metzger, moderator of the cryptography mailing list. No one who loves freedom should allow himself to be associated with any such proposal. Likewise, I support privately organized technological initiatives such as DRM and even Trusted Computing. It doesn't matter what the net impact or effects of these technologies will be (although I think they will be overall neutral to positive). The only important point is that these are free and non-coercive, without government regulation. Of course, DRM is presently strengthened by the DMCA, an evil and counter-productive infringement on personal rights, but here it is important to focus on what is wrong and what is right. What is wrong is government restriction; what is right is technology and contract to enforce mutually agreed-upon conditions and permissions. Cypherpunks should take a close look at how they choose which issues to support and oppose. Bear in mind Rothbard's advice against advocating aggression against liberty, advocating planned programs, or supporting the increase in State power in any area. We must be uncompromising in our support for freedom and liberty. If we stick to our goals of building technology to let people communicate privately and anonymously, that will be our contribution to the freedom of the future world. == Read the Unlimited Freedom blog, http://invisiblog.com/1c801df4aee49232/ From rah at shipwright.com Tue Apr 20 12:54:36 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 20 Apr 2004 15:54:36 -0400 Subject: Money laundering rules 'will increase costs' Message-ID: The BBC ----------- RELATED SITES Last updated: 15 April, 2004 - Published 16:13 GMT Money laundering rules 'will increase costs' Criminals are using increasingly sophiscated methods for laundering money Authorities in Anguilla have said proposed international rules to combat money laundering will increase the costs of business transactions. Deputy director of Anguilla's Financial Services Commission Carlyle Rogers said he anticipates the programme will result in greater costs of doing onshore and offshore business. The Paris-based Financial Action Task Force - the financial watchdog of the Organisation for Economic Cooperation and Development - issued the 40-point programme last June. The proposals were designed to keep international law enforcement abreast of increasingly sophisticated efforts by criminals to conceal illegal money flows. The programme lays out broad recommendations for regulating businesses from banks and insurers to gem dealers and real estate agents. Mr Rogers singled out the recommendations that relate to the extension of the due diligence requirements of accountants, law firms, casinos, real estate agents, trust companies and company service providers. He has also questioned the recommendation that calls for the extension of the mandatory reporting of suspicious transactions to authorities by lawyers, accountants and other entities. Anguillan officials say as well as the issue of higher costs banks on the island would come under stricter regulation and scrutiny, in terms of the correspondence banking relationships they have with other financial institutions around the world. Anguilla has recently proposed three new pieces of legislation to bring the island in line with other offshore centres as part of the development of its financial services industry. These include a Mutual Funds Act covering the recognition and registration of offshore mutual funds; an Insurance Act, which provides for the formation of both domestic and captive insurance companies and a Protected Cell Companies Act to offer international clients the opportunity to use protected cell accounts for insurance purposes. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From scribe at exmosis.net Tue Apr 20 08:28:07 2004 From: scribe at exmosis.net (Graham Lally) Date: Tue, 20 Apr 2004 16:28:07 +0100 Subject: BBC on all-electronic Indian elections Message-ID: <40854187.9060602@exmosis.net> Current report: The tech: Bit scant on details.. anyone know anything more about how the machine (/system) "is fully tamper-proof"? .g -- "I Me My! Strawberry Eggs" From dean at av8.com Tue Apr 20 14:30:29 2004 From: dean at av8.com (Dean Anderson) Date: Tue, 20 Apr 2004 17:30:29 -0400 (EDT) Subject: [Politech] Weekly column: FBI's latest wiretapping push [priv] Message-ID: The one thing I try to remind people, is that "technology has no loyalty". It can be used against you as easily as you can use it against someone else. Further, the concept of an _FBI_controlled_ backdoor is completely novel in the telecom industry. With telephone tapping, the FBI is supposed to have paperwork. Then the telephone company will route the audio of that phone to a "wiretap port", a line to the FBI office in response to an FBI request, for which records are kept. The FBI is never, ever given access to the CO cableplant, or the CO facilities. FBI tapping equipment is not allowed in a Telephone Office. There is someone in the Telephone company that _can_ blow the whistle either publicly or to the FBI itself in the event of abuse. (eg, Agent soandso asked for a Tap on his ex-wife) In contrast, the kind of facilities that the FBI is installing into the internet carriers allows the FBI unsupervised access to all and any communications. There is no way to detect abuse. Futher, the FBI's own equipment is itself potentially vulnerable to cracking, and therefore, misuse by criminals. It can be misused by FBI employees, who, as we've found out with the Boston FBI Office, are themselves sometimes working for Organized Crime. The extreme ease of use of internet wiretapping and lack of accountability is not a good situation to create. --Dean ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From pique at netspace.net.au Tue Apr 20 02:39:50 2004 From: pique at netspace.net.au (Tim Benham) Date: Tue, 20 Apr 2004 19:39:50 +1000 Subject: PlayFair > Sarovar In-Reply-To: <200404200738.i3K7c2lX057103@waste.minder.net> References: <200404200738.i3K7c2lX057103@waste.minder.net> Message-ID: <200404201939.50286.pique@netspace.net.au> RAH> > Date: Tue, 20 Apr 2004 00:59:45 -0400 > From: "Bob Jonkman" > Subject: Re: PlayFair > Sarovar > > That seemed short-lived. Both links to the Playfair project at Sarovar are > dead: http://sarovar.org/projects/playfair/ and > http://playfair.sarovar.org/ The search function doesn't come up with > anything either... > > Has there been any further news on this? http://sarovar.org/forum/forum.php?forum_id=474 From rah at shipwright.com Tue Apr 20 20:08:46 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 20 Apr 2004 23:08:46 -0400 Subject: Paying for drinks with wave
of the hand Message-ID: WorldNetDaily Wednesday, April 14, 2004 YOUR PAPERS, PLEASE ... Paying for drinks with wave of the hand Club-goers in Spain get implanted chips for ID, payment purposes Posted: April 14, 2004 5:00 p.m. Eastern By Sherrie Gossett Being recognized has never been easier for VIP patrons of the Baja Beach Club in Barcelona, Spain. Like a scene out of a science-fiction movie, all it takes is a syringe-injected microchip implant for the beautiful men and women of the nightclub scene to breeze past a "reader" that recognizes their identity, credit balance and even automatically opens doors to exclusive areas of the club for them. They can buy drinks and food with a wave of their hand and don't need to worry about losing a credit card or wallet. "By simply passing by our reader, the Baja Beach Club will know who you are and what your credit balance is," Conrad K. Chase explains. Chase is director of the Baja Beach Club in Barcelona. "From the moment of their implantation they will also have free entry and access to the VIP area," he said. In the popular club, which boasts a dance floor that can accommodate 3,000, streamlined services and convenience matter to Chase's VIP customers. Baja Beach Clubs International is the first firm to employ the "VeriPay System," developed by Applied Digital's VeriChip Corporation and announced at an international conference in Paris last year. The company touts this application of the chip implant as an advance over credit cards and smart cards, which, absent biometrics and appropriate safeguard technologies, are subject to theft resulting in identity fraud. Palm Beach-based Applied Digital Solutions (NASDAQ:ADSXD) unveiled the original VeriChip immediately after the 9-11 tragedy. Similar to pet identification chips, the VeriChip is a syringe-injectable radio frequency identification microchip that can be read from a few feet away by either a hand-held scanner or by the implantee walking through a "portal" scanner. Information can be wirelessly written to the chip, which contains a unique 10-digit identification number. Media seized on the novelty factor of the chip implant, driving it to worldwide headlines in 2001. Last year, Art Kranzley, senior vice president at MasterCard, speculated on possible future electronic payment media: "We're certainly looking at designs like key fobs. It could be in a pen or a pair of earrings. Ultimately, it could be embedded in anything q someday, maybe even under the skin." Chase calls the chip implant the wave of the future. The nightclub director has been implanted along with stars from the Spanish version of the TV show "Big Brother." "I know many people who want to be implanted," he said. "Actually, almost everybody has piercings, tattoos or silicone." Will the implant only be of use at the Baja? "The objective of this technology is to bring an ID system to a global level that will destroy the need to carry ID documents and credit cards," Chase said. During a recent American radio interview, Chase said the CEO of VeriChip, Dr. Keith Bolton, had told him that the company's goal was to market the VeriChip as a global implantable identification system. With only 900 people implanted worldwide, though, the global mandate isn't exactly around the corner, and current applications are extremely limited. Chase added, "The VeriChip that we implant at Baja will not only be for the Baja, but is also useful for whatever other enterprise that makes use of this technology." He also alluded to plans for FN Herstal, which manufactures Browning and Smith and Wesson firearms, to develop an implant-firearm system that would make a firearm functional only to the individual implanted with its corresponding microchip. A scanner in the gun would be designed to recognize the owner. Chase's mention of the FN Herstal-Verichip partnership came a full week before it's formal announcement by Applied Digital yesterday. Chase believes all gun owners should be required to have a microchip implanted in their hand to be able to own a gun. While yesterday's Associated Press story on the prototype is primarily from the angle of police usage, WND reported two years ago that from the he outset of the company's acquisition of its "Digital Angel" implant patent q said to be GPS trackable q Applied touted the implant as a potential universal method of gun control. Chase also claimed that the VeriChip company had told him that the Italian government was preparing to implant government workers. "We are the only company today offering human implantable ID technology," said Scott R. Silverman, chairman and chief executive officer of Applied Digital Solutions. "We believe the market opportunity for this technology is substantial, and high-profile successes such as in Spain will serve as catalysts for broader adoption." Since 1999, the Applied Digital Solutions has boasted that it also has a GPS-trackable chip in the works, but four years later the device has yet to come to market. Some mechanical engineers contend such a device requires substantial antenna length and that creating a self-contained unit in the space of a tiny chip is virtually impossible. In addition, questions of accuracy of new GPS consumer items have been raised by the press. A previous Wall Street Journal "road test" of different manufacturers' GPS watches and devices for children had some kids tracked to the Sahara Desert, rather than New York City where they were. Despite the kinks that may need to be worked out, security of loved ones and personal property remains one of the chief marketing focuses of personal GPS devices and RFID chip firms. Meanwhile, in Barcelona the VeriChip is gaining a following of enthusiastic "early adopters." "Everyone embraced the electronic payment application," Chase said. "My customers like the fact that they do not have to carry a credit card or ID card with them. With the VeriPay system, they no longer have to worry about their credit cards getting lost or stolen." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From thad at cc.gatech.edu Tue Apr 20 22:28:11 2004 From: thad at cc.gatech.edu (Thad E. Starner) Date: Wed, 21 Apr 2004 01:28:11 -0400 (EDT) Subject: [wearables] mobile phone exploits: bluejacking and remote monitoring Message-ID: Folks- I'm getting interview requests on the (lack-of) privacy aspects on mobile phones and need some help formalizing my ideas. I've included an article on bluejacking (exploiting bluetooth to extract info from mobile phones) below, but what I'm really interested in is methods to turn on the microphone on a mobile phone without the owner's awareness. Has anyone done this or heard of an exploit to do this yet? I can see three methods off-hand: 1) Bluejacking the phone, sending over a Java app, turning on the mic, and either a) sending the audio over bluetooth b) actually calling back the cracker's phone directly (either immediately or in a time-delayed fashion) c) storing the audio on the owner's phone and then uploading the data at a later time (with PDA cell phones with 4G flash cards, you could store a full year's worth of speech) 2) Having a Java (J2ME) trojan horse app on a website that, when the owner clicks on it, does variants of 1 3) The "service provider" remote downloads software "updates" that do the same thing as #1. (Does anyone have specific knowledge of service providers uploading software updates remotely) a) because the service provider is being forced to do so by a government agency (e.g. in the US based on a subpoena using the FBI wiretap law, for example) b) because the service provider is actually a cracker who got the appropriate software update codes c) because the service provider just thinks this is a good idea for some reason (I can put together some pretty paranoid scenarios for this, but nothing that is really compelling yet) (Note with some of these scenarios, the phone could actually look "off" because almost all phones use soft switches instead of actually disconnecting the power) Other things I'm interested in are 1) When the mobile phone is off, exciting the phone at the carrier frequency, looking at the back scatter, characterizing the specific characteristics of the phone, and then using these as a unique signature that I can use the phone like a passive RFID. I have a pretty good source that says this is actually being done now, but I can't use this info publicly. Anyone have a source I can quote or point to? 2) Using clusters of phones as phased array microphones. Sumit Basu did a phased array microphone based on mics in clothing where the topology was changing. Does anyone know if the math works well enough to do this on a room full of cell phones in people's pockets? Thad ------------ Bluetooth May Put You At Risk of Getting 'Snarfed' By JEREMY WAGSTAFF Staff Reporter of THE WALL STREET JOURNAL April 15, 2004; Page D3 If you spot someone tailgating you on the road or standing next to you wearing a backpack, then watch out: You may have been "snarfed." All the data on your cellphone, including addresses, calendars, whom you called and who called you, may now be in that person's computer. Many cellphones use Bluetooth technology, which allows them to communicate wirelessly with other Bluetooth-equipped devices -- computers, personal-digital assistants and other cellphones. This means you don't need a cable, for example, to synchronize the address books on your laptop and your cellphone. It is convenient, but that makes it possible for someone to steal your data, or even hijack your cellphone for their own purposes. Last year, London security consultant AL Digital spotted flaws in the way some Bluetooth cellphones swapped data with one another -- flaws that could be used to gain unauthorized access to everything stored on that phone without the user ever knowing. AL Digital's Adam Laurie, who discovered the problem, shared his findings with cellphone makers and with the public (leaving out the detail that might allow ne'er-do-wells to copy his experiments at street level). He termed the trick Bluesnarfing. Not a lot has happened since then. Nokia Corp., the market leader in the cellphone industry, acknowledges the flaw but says in an e-mail response to questions that it is "not aware of any attacks against Bluetooth-enabled phones." Sony Ericsson, a joint venture of Telefon AB L.M. Ericsson and Sony Corp., didn't reply to an e-mail. Even those highlighting the danger say they haven't heard of specific attacks. Still, these attacks -- also known as Bluejacking -- nevertheless are possible. Mr. Laurie cites a scenario in which paparazzi could steal celebrity data. He says he was able, with permission, to snarf from a friend's phone details of her company's shops, door codes and safe combinations. "There's any number of angles you can look at, and they are all bad as far as I can see," he says. Martin Herfurt, a 27-year-old German student at Salzburg's Research Forschungsgesellschaft, last month set up a laptop at a technology trade fair in Hannover, Germany, and ran a snarf attack. He found nearly 100 cellphones from which he could have stolen data, sent text messages or even made calls. He has published his findings to prove that this kind of thing can be done easily. How does it work? The attacker can use a Bluetooth-enabled laptop to discover other Bluetooth gadgets within range. Anything with Bluetooth activated and set to "discoverable" will show up, usually identified by its default device name. Being "discoverable" means your gadget is visible to anyone searching, but even if it isn't, an attacker still can find it, using software freely available on the Internet. The attacker then can use more software to take, delete, change or add data. So what is a consumer to do? Turn off Bluetooth on your phone unless you really need it to communicate with your other gadgets. In most cases, phones that have Bluetooth will have prominently displayed the fact on the box the phone came in, or you can expect to find "Bluetooth" in the index of your phone's manual. Otherwise, the Bluetooth settings can usually be found in the "Communications" or "Connections" menu on your phone. More importantly, there shouldn't be anything on your phone that you don't want someone else to have. Write to Jeremy Wagstaff at jeremy.wagstaff at feer.com4 --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Apr 20 22:57:57 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 21 Apr 2004 01:57:57 -0400 Subject: [wearables] mobile phone exploits: bluejacking and remote monitoring Message-ID: --- begin forwarded text From rah at shipwright.com Wed Apr 21 00:44:16 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 21 Apr 2004 03:44:16 -0400 Subject: Security Companies: Shadow Soldiers in Iraq Message-ID: The New York Times April 19, 2004 Security Companies: Shadow Soldiers in Iraq By DAVID BARSTOW his article was reported by David Barstow, James Glanz, Richard A. Oppel Jr. and Kate Zernike and was written by Mr. Barstow. They have come from all corners of the world. Former Navy Seal commandos from North Carolina. Gurkas from Nepal. Soldiers from South Africa's old apartheid government. They have come by the thousands, drawn to the dozens of private security companies that have set up shop in Baghdad. The most prized were plucked from the world's elite special forces units. Others may have been recruited from the local SWAT team. But they are there, racing about Iraq in armored cars, many outfitted with the latest in high-end combat weapons. Some security companies have formed their own "Quick Reaction Forces," and their own intelligence units that produce daily intelligence briefs with grid maps of "hot zones." One company has its own helicopters, and several have even forged diplomatic alliances with local clans. Far more than in any other conflict in United States history, the Pentagon is relying on private security companies to perform crucial jobs once entrusted to the military. In addition to guarding innumerable reconstruction projects, private companies are being asked to provide security for the chief of the Coalition Provisional Authority, L. Paul Bremer III, and other senior officials; to escort supply convoys through hostile territory; and to defend key locations, including 15 regional authority headquarters and even the Green Zone in downtown Baghdad, the center of American power in Iraq. With every week of insurgency in a war zone with no front, these companies are becoming more deeply enmeshed in combat, in some cases all but obliterating distinctions between professional troops and private commandos. Company executives see a clear boundary between their defensive roles as protectors and the offensive operations of the military. But more and more, they give the appearance of private, for-profit militias - by several estimates, a force of roughly 20,000 on top of an American military presence of 130,000. "I refer to them as our silent partner in this struggle," Senator John W. Warner, the Virginia Republican and Armed Services Committee chairman, said in an interview. The price of this partnership is soaring. By some recent government estimates, security costs could claim up to 25 percent of the $18 billion budgeted for reconstruction, a huge and mostly unanticipated expense that could delay or force the cancellation of billions of dollars worth of projects to rebuild schools, water treatment plants, electric lines and oil refineries. In Washington, defense experts and some leading Democrats are raising alarms over security companies' growing role in Iraq. "Security in a hostile fire area is a classic military mission," Senator Jack Reed of Rhode Island, a member of the Armed Service committee, wrote last week in a letter to Defense Secretary Donald H. Rumsfeld signed by 12 other Democratic senators. "Delegating this mission to private contractors raises serious questions." The extent and strategic importance of the alliance between the Pentagon and the private security industry has been all the more visible with each surge of violence. In recent weeks, commandos from private security companies fought to defend coalition authority employees and buildings from major assaults in Kut and Najaf, two cities south of Baghdad. To the north, in Mosul, a third security company repelled a direct assault on its headquarters. In the most publicized attack, four private security contractors were killed in an ambush of a supply convoy in Fallujah. The Bush administration's growing dependence on private security companies is partly by design. Determined to transform the military into a leaner but more lethal fighting force, Mr. Rumsfeld has pushed aggressively to outsource tasks not deemed essential to war-making. But many Pentagon and authority officials now concede that the companies' expanding role is also a result of the administration's misplaced optimism about how Iraqis would greet American reconstruction efforts. The authority initially estimated that security costs would eat up about 10 percent of the $18 billion in reconstruction money approved by Congress, said Capt. Bruce A. Cole of the Navy, a spokesman for the authority's program management office. But after months of sabotage and insurgency, some officials now say a much higher percentage will go to security companies that unblushingly charge $500 to $1,500 a day for their most skilled operators. "I believe that it was expected that coalition forces would provide adequate internal security and thus obviate the need for contractors to hire their own security," said Stuart W. Bowen Jr., the new inspector general of the authority. "But the current threat situation now requires that an unexpected, substantial percentage of contractor dollars be allocated to private security." "The numbers I've heard range up to 25 percent," Mr. Bowen said in a telephone interview from Baghdad. Mark J. Lumer, the Pentagon official responsible for overseeing Army procurement contracts in Iraq, said he had seen similar estimates. But Captain Cole said that the costs were unlikely to reach that level and that the progress of reconstruction would eventually alleviate the current security problems. Still, in many ways the accelerating partnership between the military and private security companies has already outrun the planning for it. There is no central oversight of the companies, no uniform rules of engagement, no consistent standards for vetting or training new hires. Some security guards complain bitterly of being thrust into combat without adequate firepower, training or equipment. There are stories of inadequate communication links with military commanders and of security guards stranded and under attack without reinforcements. Only now are authority officials working to draft rules for private security companies. The rules would require all the companies to register and be vetted by Iraq's Ministry of Interior. They would also give them the right to detain civilians and to use deadly force in defense of themselves or their clients. "Fire only aimed shots," reads one proposed rule, according to a draft obtained by The New York Times. Several security companies have themselves been pressing for the rules, warning that an influx of inexperienced and small companies has contributed to a chaotic atmosphere. One company has even enlisted a former West Point philosopher to help it devise rules of conduct. "What you don't need is Dodge City out there any more than you've already got it," said Jerry Hoffman, chief executive of Armor Group, a large security company working in Iraq. "You ought to have policies that are fair and equal and enforceable." Company executives argue that their services have freed up thousands of troops for offensive combat operations. But some military leaders are openly grumbling that the lure of $500 to $1,500 a day is siphoning away some of their most experienced Special Operations people at the very time their services are most in demand. Pentagon and coalition authority officials said they had no precise tally of how many private security guards are being paid with government funds, much less how many have been killed or wounded. Yet some Democrats and others suggest that the Bush administration is relying on these companies to both mask the cost of the war and augment an overstretched uniformed force. Mr. Rumsfeld has praised the work of security companies and disputed the idea that they were being pressed into action to make up for inadequate troop levels. Still, the government recently advertised for a big new contract - up to $100 million to guard the Green Zone in Baghdad. "The current and projected threat and recent history of attacks directed against coalition forces, and thinly stretched military force, requires a commercial security force that is dedicated to provide Force Protection security," the solicitation states. Danger Zones: Rising Casualties and Deal Making The words did not match the images from Iraq. At a Philadelphia conference last week, a government official pitched the promise of Iraq to dozens of business owners interested in winning reconstruction contracts. William H. Lash III, a senior Commerce Department official, said Baghdad was flowering, that restaurants and hotels were reopening. He told of driving around Baghdad and feeling out of place wearing body armor among ordinary Iraqis. In any case, he joked, the armor "clashed with my suit," so he took it off. But the view from Iraq is considerably less optimistic, with contracting companies and allied personnel alike hunkering down in walled-off compounds. "We're really in an unprecedented situation here," said Michael Battles, co-founder of the security company Custer Battles. "Civilian contractors are working in and amongst the most hostile parts of a conflict or postconflict scenario." One measure of the growing danger comes from the federal Department of Labor, which handles workers' compensation claims for deaths and injuries among among contract employees working for the military in war zones. Since the start of 2003, contractors have filed claims for 94 deaths and 1,164 injuries. For all of 2001 and 2002, by contrast, contractors reported 10 deaths and 843 injuries. No precise nation-by-nation breakdown is yet available, but Labor Department officials said an overwhelming majority of the cases since 2003 were from Iraq. With mounting casualties has come the exponential growth of the little-known industry of private security companies that work in the world's hot spots. In Iraq, almost all of them are on the United States payroll, either directly through contracts with government agencies or indirectly through subcontracts with companies hired to rebuild Iraq. Global Risk Strategies, one of the first security companies to enter Iraq, now has about 1,500 private guards in Iraq, up from 90 at the start of the war. The Steele Foundation has grown to 500 from 50. Erinys, a company barely known in the security industry before the war, now employs about 14,000 Iraqis. In many cases companies are adapting to the dangers of Iraq by replicating the tactics they perfected on Special Forces teams. One, Special Operations Consulting-Security Management Group, has recruited Iraqi informants who provide intelligence that helps the company assess threats, said Michael A. Janke, the company's chief operating officer. The combination of a deadly insurgency and billions of dollars in aid money has unleashed powerful market forces in the war zone. New security companies aggressively compete for lucrative contracts in a frenzy of deal making. "A lot of firms have put out a shingle, and they're not geared to operate in that environment," said Mr. Hoffman, the Armor Group chief executive. One security company, the Steele Foundation, recently turned down an $18 million contract for a corporation that wanted a security force deployed within only a few days; Steele said it simply could not find enough qualified guards so quickly. Another company promptly jumped at the contract. "They just throw bodies at it," said Kenn Kurtz, Steele's chief executive officer. Early on in the war, private security contractors came mostly from elite Special Operations forces. It is a small enough world that checking credentials was easy. But as demand has grown, so has the difficulty of finding and vetting qualified people. "At what point do we start scraping the barrel?" asked Simon Faulkner, chief operating officer of Hart, a British security company. "Where are these guys coming from?" When four guards working for a subcontractor hired by Erinys were killed in an attack in January, they were revealed to be former members of apartheid-era security forces in South Africa. One had admitted to crimes in an amnesty application to the Truth and Reconciliation Commission there. "We were very alarmed," said Michael Hutchings, the chief executive of Erinys Iraq. "We went back to our subcontractors and told them you want to sharpen up on your vetting." Troops and Guards: Distinctions Are Hard to Keep For private security contractors, the rules of engagement are seemingly simple. They can play defense, but not offense. In fact, military legal experts say, they risk being treated as illegal combatants if they support military units in hostile engagements. "We have issued no contracts for any contractor to engage in combat," Mr. Lumer, the Army procurement official. What has happened, Mr. Lumer said in an interview, is that the Pentagon has, to a "clearly unprecedented" degree, relied on security companies to guard convoys, senior officials and coalition authority facilities. No one wants regular troops "standing around in front of buildings," he said. "You don't want them catching jaywalkers or handing out speeding tickets." But in Iraq, insurgents ignore distinctions between security guards and combat troops. And what is more, they have made convoys and authority buildings prime targets. As a result, security contractors have increasingly found themselves in pitched battles, facing rocket-propelled grenades, not jaywalkers.. It is in those engagements, several security executives said, that the distinctions between defense and offense blur most. One notable example came two weeks ago, when eight security contractors from Blackwater USA helped repel a major attack on a coalition authority building in Najaf. The men fired thousands of rounds, and then summoned Blackwater helicopters for more. In an interview, Patrick Toohey, vice president for government relations at Blackwater, grappled for the right words to describe his men's actions. At one moment he spoke proudly of how the Blackwater men "fought and engaged every combatant with precise fire." At another he insisted that his men had not been engaged in combat at all. "We were conducting a security operation," he said. "The line," he finally said, "is getting blurred." And it is likely to get more blurred, with private security companies lobbying for permission to carry heavier weapons. "We will keep pressing for that," said Mr. Faulkner, the Hart executive - especially after four of his men spent 14 hours on a roof of their building in Kut fighting off 10 times as many insurgents. Another Hart employee was killed in the assault, his body later dismembered by the mob. "I cannot accept a situation where four of our people are being besieged by 40 or 60 Iraqis, where they're talking to me on a telephone saying, `Who's coming to help?' " Mr. Faulkner said. They are also seeking ways to improve communications with military units. Two weeks ago, a team of private security guards fought for hours to defend a coalition authority building in Kut. They later complained that allied Ukrainian forces had not responded to their calls for help. Even routine encounters between allied forces and private security teams can be perilous. Mr. Janke, the security company executive and himself a former Navy Seal, said that in a handful of cases over the last year, jittery soldiers had "lit up" - fired on - security companies' convoys. No one was killed, but standard identification procedures might have prevented those incidents, Mr. Janke said. Sorting out lines of authority and communication can be complex. Many security guards are hired as "independent contractors" by companies that, in turn, are sub-contractors of larger security companies, which are themselves subcontractors of a prime contractor, which may have been hired by a United States agency. In practical terms, these convoluted relationships often mean that the governmental authorities have no real oversight of security companies on the public payroll. In other cases, though, the government insists that security companies abide by detailed rules. A solicitation for work to provide security for the United States Agency for International Development, for example, contains requirements on everything from attire to crisis management. "If a chemical and/or biological threat or attack occurs, keep the area near the guard post clear of people," the document states, adding in capital letters, "Remember, during the confusion of this type of act, the guards must still provide security for employees or other people in the area." The words are emphatic, but empty. Government contracting officials and company executives concede that private guards have every right to abandon their posts if they deem the situation too unsafe. They are not subject to the Uniform Code of Military Justice, nor can they be prosecuted under civil laws or declared AWOL. Scott Earhart said he left Iraq because he was disgusted at the risks he was asked to take without adequate protection or training. Mr. Earhart, 34, arrived in Iraq in October to work as a dog handler for a bomb-detection company hired by Custer Battles. A former sheriff's deputy in Maryland, he said that there were not enough weapons and that his body armor was substandard. "If you didn't get to the supply room in time you wouldn't have a gun," he said. Mr. Earhart said the breaking point came when he was asked to drive unarmed to Baghdad from Amman, Jordan. "I felt my safety was in jeopardy," he said. Mr. Battles, of Custer Battles, said that it had taken longer than expected to get weapons shipments, and that the company had had "growth issues, like everybody else." But, he emphasized, "under no circumstances did we let people out into the field without proper equipment." Clearer Rules: Search for Standards, Even a Philosophy For more than a decade, military colleges have produced study after study warning of the potential pitfalls of giving contractors too large a role on the battlefield. The claimed cost savings are exaggerated or illusory, the studies argue. Questions of coordination and oversight have not been adequately resolved. Troops could be put at risk. Several senior American commanders in Iraq and Kuwait, or who have recently returned, expressed mixed feelings about the use of private security companies. "The key thing is there are many requirements that are still best filled with combat units that can call on gunship support - Apache and Kiowa Warriors overhead - medevac, and just plain old reinforcements," one senior Army general wrote in an e-mail message to The Times. "Our task is to outsource what MAKES SENSE given the enemy situation." In an unusual reversal of roles, the push for industry standards is coming from security executives themselves. In Washington, Pentagon lawyers are reviewing the rules governing security companies. At the same time, coalition authority and Iraqi officials are drafting operating rules for the private security companies. The draft rules urge the use of "graduated force" - first shout, then shove, then show your weapon, then shoot. And they spell out when the guards may use deadly force. But they do not cover precisely how security operators will be screened and trained. For now, companies are often writing their own rules and procedures for Iraq. "It's an industry that if it's not careful could easily blend into what is usually referred to as war profiteers or soldiers of fortune or mercenaries," "It is a very ill-defined operating space right now," Mr. Battles said. "We draw the lines." Custer Battles went so far as to hire an expert in military ethics, Paul Christopher, who taught philosophy at West Point. Mr. Christopher is helping the company define its place and policies in the chaos of Iraq. "He's the anti-Rambo," Mr. Battles said. "This is a deep thinker." Eric Schmitt contributed reporting from Washington for this article. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From isn at c4i.org Wed Apr 21 04:13:44 2004 From: isn at c4i.org (InfoSec News) Date: Wed, 21 Apr 2004 06:13:44 -0500 (CDT) Subject: [ISN] Britons go 'toothing' for sex with strangers Message-ID: http://www.theage.com.au/articles/2004/04/21/1082395891416.html [Who would have thought a security vulnerability would lead to wild anonymous sex? :) - WK] London April 21, 2004 British commuters take note - the respectable person sitting next to you on the train fumbling with his or her cell phone may be a "toother" looking for sex with a stranger. "Toothing" is a new craze where strangers on trains, buses, in bars and even supermarkets hook up for illicit meetings using messages sent via the latest in phone technology. "Toothing is a form of anonymous sex with strangers -- usually on some form of transport or enclosed area such as a conference or training seminar," says the Beginner's Guide To Toothing on a website dedicated to the pursuit. It is made possible by Bluetooth technology which allows users to send phone contacts, pictures and messages to other Bluetooth-enabled equipment over a range of about 10 metres. Users discovered they could send anonymous messages to people they didn't know with Bluetooth equipment, spawning a craze dubbed "bluejacking". Jon, aka "Toothy Toothing" and the guide's author, explained toothing was born after he was "bluejacked" by an unknown girl while commuting to work in London. After a few days of flirting, she suggested a brief encounter in a station lavatory. "The meeting wasn't a romantic thing - it was purely sexual. Barely anything was said," he said via e-mail. He said potential toothers begin by sending out a random greeting -- usually "Toothing?". "If the other party is interested, messages are exchanged until a suitable location is agreed -- usually a public toilet, although there are tales of more adventurous spots such as deserted carriages or staff areas," his guide adds. Jon, who's in his 20s and works in finance, estimates there could be tens of thousands of toothers from all sorts of professions and lifestyles. Certainly the website's message board is busy. "Any toothing on these trains?" asks one message about services between Cambridge and London, prompting positive responses from "Dannyboy" and "Zeke". "I'll be around London Bridge mainline station around 9.45 - 10am tomorrow if anyone's interested...," another messager called "Boi" wrote hopefully. While some happily recount their successful encounters, others suggest there are a few teething problems with toothing. "I tried toothing in Tooting (south London) last night... not a device to be found," a frustrated "Snowdog" posted sadly. Although clearly not what the industry had in mind, toothing may lead operators towards similar, more mainstream projects. Last month it was reported that a team in Boston had created a service for cell phones called Serendipity, an wireless alternative to online dating. It allows subscribers to store their personal details and what they want from a partner. When there are enough similarities between two people and they happen to be in the same area, it tells their phones to communicate with each other. Dario Betti, of the British-based consultancy Ovum, said bluejacking had really taken off, helped by the fact the service was free. "The element of the unknown, that you are connecting to someone around you that you might not know, it's a novelty factor that is helping it to start," he said. If Jon and those who use his forum are right, toothing is certainly livening up life for some bored commuters. "A lot of my day's taken up with a soul-aching commute into the city, and that just feels like dead time," Jon said. "Flirting is fun, sex is fun. We're just employing expensive, complex toys to find the most basic form of entertainment." _________________________________________ ISN mailing list Sponsored by: OSVDB.org --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From egerck at nma.com Wed Apr 21 09:09:24 2004 From: egerck at nma.com (Ed Gerck) Date: Wed, 21 Apr 2004 09:09:24 -0700 Subject: voting References: <5.2.0.9.0.20040414223638.048444c0@pop.ix.netcom.com> <5.1.0.14.0.20040416085123.00a23ba0@pop.theworld.com> <5.1.0.14.0.20040420155713.00a9bd60@pop.theworld.com> Message-ID: <40869CB4.871A3CB5@nma.com> David Jablon wrote: > ... *absolute* voter privacy > seems like an unobtainable goal, and it should not be used to trump > other important goals, like accountability. But it IS assured today by paper ballots. Nothing less should be accepted in electronic systems, otherwise new, easy and silent fraud modes become possible. Coercion and vote selling are just the most obvious. Ed Gerck From dpj at theworld.com Wed Apr 21 06:47:34 2004 From: dpj at theworld.com (David Jablon) Date: Wed, 21 Apr 2004 09:47:34 -0400 Subject: voting In-Reply-To: <4080296D.18F94552@nma.com> References: <5.2.0.9.0.20040414223638.048444c0@pop.ix.netcom.com> <5.1.0.14.0.20040416085123.00a23ba0@pop.theworld.com> Message-ID: <5.1.0.14.0.20040420155713.00a9bd60@pop.theworld.com> >David Jablon wrote: >> [...] Where is the "privacy problem" with >> Chaum receipts when Ed and others still have the freedom to refuse >> theirs or throw them away? At 11:43 AM 4/16/04 -0700, Ed Gerck wrote: >The privacy, coercion, intimidation, vote selling and election integrity >problems begin with giving away a receipt that is linkable to a ballot. These problems begin elsewhere. Whether a receipt would add any new problem depends on further analysis. >It is not relevant to the security problem whether a voter may destroy >his receipt, so that some receipts may disappear. What is relevant is >that voters may HAVE to keep their receipt or... suffer retaliation... >not get paid... lose their jobs... not get a promotion... etc. Also >relevant is that voters may WANT to keep their receipts, for the same >reasons. These are all relevant issues, and the system needs to be considered as a whole. The threat of coercion is present regardless of whether there's a system-provided receipt, linkable, anonymous, or none. For example, I might be told that after I vote I'll come face-to-face with a thug around the corner, who will ask who I voted for, and who has a knack for spotting liars. Or I may be told there's a secret camera in the booth. Or I may think I'm at risk in simply showing up to vote, due to my public party affiliation records, physical appearance, etc. These issues must be addressed, and these concerns show that the integrity of receipt validation must be ensured to at least the same degree as the integrity of vote casting. But *absolute* voter privacy seems like an unobtainable goal, and it should not be used to trump other important goals, like accountability. -- David From rah at shipwright.com Wed Apr 21 07:06:47 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 21 Apr 2004 10:06:47 -0400 Subject: "Itís So Simple, Itís Ridiculous": Taxing times for 16th Amendment rebels Message-ID: Reason: May 2004 "Itms So Simple, Itms Ridiculous" Taxing times for 16th Amendment rebels. Brian Doherty "I wonmt go to jail." Bob Schulz announces this in late January to a rapt crowd of 200 gathered in an auditorium in Crystal City, Virginia. Itms the first national conference of the We The People Foundation for Constitutional Education, a nonprofit advocacy group Schulz founded and runs. He delivers his declaration not with reckless bravado but with a dignified, quiet, middle-management-lifer assurance, in keeping with his general mien. Schulz is a serious white male in a nice conservative dark suit, a former environmental engineer for both General Electric and the Environmental Protection Agency. Hems been married for 38 years to the same woman, and he has four children of whom he is quite proud. Yet when his kids begged him to reconsider the path that requires him to declare publicly that he wonmt go to jail, his wife Judy told them, "Your father put his country before his family, and I support him." Schulz has stopped paying federal income tax, and he isnmt afraid to let anyone, including the Internal Revenue Service (IRS), know it. Not only is he not paying, but hems also leading a national movement telling everyone else they shouldnmt pay either. When I talk to him after the conference, he doesnmt seem quite so confident he wonmt go to jail. But he doesnmt seem to care one way or the other. "Clearly [the government is] going to react," he says. "They may well sooner or later come at me in one way or another. You hear people say, kBob, theymre going to take you out. Dozens of armed agents will come turn your life upside down.m You hear all these things. I have to say I have no fears. I fear God and God alone." Americans have been protesting and avoiding taxes since before the U.S. officially existed. We are a nation born of tax protests. This tradition feeds the attitude that unites the serious, almost obsessed crowd here: the belief that they are the true patriots,staunch constitutionalists fiercely dedicated to the ideals that make America great. A radical transvaluation of values is going on right here in Crystal City. Far from being the very foundation of solid citizenry, acceding to the federal personal income tax is, among this crowd, an act of treason against what defines America: its Constitution and its "true laws." Schulzms We The People Foundation is transforming the often subterranean struggle to deny the legitimacy of the income tax. For decades this movement has been an inchoate collection of small congregations following varied gurus. Schulz and his crew, by contrast, offer a unified church with a canon of Right Arguments. The anti-income tax movement now has, through Schulz, a united, highly activist national membership organization claiming around 5,000 dues-paying members, a mailing list of 64,000, and local coordinators in 39 states and 600 counties. While in the past evangelists of the "income tax is a fraud" message have tended to sell books and seminars, the We The People Foundation has the advantage of being hard to blithely condemn as a scam. It is not a business selling advice but a nonprofit dedicated to spending money -- more than $1 million since taking up this fight -- to spread the word. Its founder claims Gandhi as his influence: From him Schulz learned that to fight an unjust tyranny, you need a proactive, nonviolent mass movement, and that is what he is trying to create. The movement against the income tax has lately adopted one of the tropes that define an on-the-rise minority in modern America: Its members want to be called what they call themselves -- the "tax honesty" movement -- and not be slapped with the pejoratives that most people have known them by (if aware of them at all). At the politest, their nemesis the IRS calls them "tax protesters." (Less politely, theymve been known as "income tax cranks.") A woman who runs a small business making and selling display boards in Massachusetts, who claims to have not paid personal income tax for a few years now with no practical repercussions, tells me that "when people say ktax protester movement,m it drives me nuts. I do not protest taxes. I think they are absolutely necessary. I protest illegal confiscation of assets, which is what the income tax is." She has no problem, she assures me, with sales taxes, property taxes, or corporate taxes. The partisans of the tax honesty movement go beyond complaining that the income tax is too high, or that out-of-control IRS agents enforce it in thuggish ways. They claim, for a dizzyingly complicated variety of reasons, that there is no legal obligation to pay it. The continued life -- and even flourishing -- of that notion, in the face of obloquy, fines, and jail sentences, says something fascinating about a peculiarly American spirit of defiance. It may even say something encouraging about what it means to live in a nation of laws, not of men. "I Used to Be Normal, But..." Bob Schulz has a long history of fighting the government in the name of constitutionally limited powers and proper procedure. His battles date back to 1979, when he successfully sued to halt a new sewage treatment system near Lake George in New York. (According to Schulz, the proposal ignored environmental impact requirements.) Since then hems been involved in more than 100 such lawsuits and won many. All that is small beer compared to his latest crusade. Since 1999 Schulz has presented his contentions regarding the income taxms illegality to the IRS, the president, the Department of Justice (DOJ), and every member of Congress. He has humbly beseeched them to answer a list of questions regarding whether he, or any American citizen, has an actual constitutional, statutory, legal obligation to pay the federal income tax. Hems led marches around IRS headquarters in D.C., and he went on a brief hunger strike in 2001. In July of that year his persistence prompted representatives of the IRS and DOJ to promise to show up at a public meeting Schulz was organizing. They promised to lay forth their official arguments as to why we do indeed have a legal obligation to pay income tax. That meeting was scheduled for September 25-26, 2001. The 9/11 attacks made Schulz reschedule, and the feds bowed out of appearing at the rescheduled event. Schulz feels he has pursued every proper step to find an answer to his questions. Now, he says, itms time to fight. When The New York Times asked IRS spokesman Terry Lemons why the Schulz petition was being ignored, Lemons "said that courts had upheld the validity of the tax laws and that the agency did not want to waste time and resources dealing with well-settled issues. Mr. Lemons added that the recent spate of enforcement actions taken by the IRS against promoters of abusive tax schemes...show other ways that government is answering the petition." Not the answer the movement wants, obviously. But itms one they should have expected. Never has any court anywhere -- much less the IRS -- accepted as valid any of the many arguments the movement offers for how and why there is no legal obligation for individuals to pay federal income tax. In fact, courts will fine you up to $25,000 for even raising them, insisting such arguments have been rejected so often by so many courts at so many levels that they are patently frivolous and time-wasting. Despite this, the dominant vibe at this conference, even among those whose pursuit of these curious doctrines has led them to conflicts with government or employers, is hopeful in a religious sense. They clasp valiantly to belief in their own righteousness and the certainty that through that righteousness they one day will be delivered. I eavesdrop on one smiling lady with a shock of short white hair telling a fellow attendee of her long fight over garnishment of her wages from a tax lien. It sounds like plenty of trouble came her way, and in the end the courts were taking her money anyway. But she was still cheerful, evincing no regret for the path shemd taken. Wrapping up her tale, she confided, with a smile and an only slightly wistful sigh, "I used to be normal, but...." No one at the conference -- from the man who tries to pay for his Au Bon Pain lunch with a privately minted silver coin to the airline employee whose union is getting tired of his fights over tax withholding -- strikes me as merely fumbling for some scam to avoid paying taxes. Their concerns are higher than that. The Constitution and a properly limited government are their guiding lights. Indeed, the conference isnmt only about the income tax: Panels about the Second Amendment, jury nullification, and the questionable pedigree of the Federal Reserve are also offered, and also well attended. Mel Gibsonms controversial father, Hutton Gibson, gives a rousing speech on the need to fight the New World Order to defend our traditional liberties and is cheered heartily. Most everyone here seems aware therems a good chance they will pay a price far higher than the mere cash of taxes for pursuing the movementms difficult truth. When a speaker announces that his listeners need to be prepared to go to jail, almost all clap. In one question-and-answer session, a woman airs her concerns about all the practical difficulties that accompany the tax honesty path. How, for example, can one get a mortgage loan without tax returns to show? She seems to be begging for some loophole in the loopholes -- some reason she doesnmt have to refrain from paying income taxes. But the crowd and Schulz are pitiless. After she offers up too many what-ifs and how-do-yous, Schulz acknowledges that this path of truth might not be for everyone -- only, by implication, for the bravest and staunchest of patriots. Reality does, however, toss the tax honesty movement the occasional sweet crumb of hope. A couple of the crumbs that materialized in the last year seemed substantial and nourishing at first nibble. Most significantly, a tax honesty true believer named Vernice Kuglin, a vivacious and attractive Federal Express pilot who has a crowd of admirers following her everywhere during the conference, was slammed with criminal charges for failure to file and for tax evasion. She beat the rap in August, acquitted of all charges by a federal jury in Memphis. Also last year, Texas plastics manufacturer Dick Simkanin was finally brought to trial for failure to withhold income taxes for his dozens of employees. Simkanin had been a poster child in We The People-sponsored ads in USA Today, featured as a businessman who honestly believes it is his right under law not to withhold. Two grand juries who had gotten to speak to Simkanin failed even to indict him. Finally a third grand jury, whom he didnmt get to speak to, did indict. But at the end of his first trial in November, the jurors could not reach a verdict. Both these events occasioned great rejoicing in the tax honesty community. But both had grimmer denouements. Kuglin stayed out of jail, but she was slapped with civil liens for past taxes due and penalties. These days shems only collecting around $290 per pay period from her FedEx job, with the rest snatched by the IRS. Simkanin was promptly retried and found guilty in January, and he now faces a potential 129 years in prison. How the Simkanin case played out should give the tax honesty movement pause. Judge John McBryde was not entirely fair to his client, says Simkaninms lawyer, Arch McColl, who spoke at the conference. Schulz and other movement heroes testified on Simkaninms behalf in vain. McBryde prevented McColl from mounting a real defense, the attorney complains, sustaining the prosecutorsm objections almost every time he tried to raise tax honesty arguments. The jury sent back a question to the judge asking to see the codes that directly stated Simkanin was required to withhold. (Some of the defendantms ideas clearly had gotten through.) The judge told them simply to trust him when he said the law required Simkanin to withhold -- essentially directing the verdict, since Simkanin never denied not withholding. (McColl has strong expectations that this response, among other things, will help guarantee a successful appeal.) Other aspects of how the system treated Simkanin should further discourage tax rebels. Despite being a 59-year-old heretofore-respectable small-business owner not yet convicted of anything, he has been in jail since June. (A federal plant claimed via hearsay, denied in court testimony by someone who was present when the comment was allegedly made, that Simkanin had threatened to kill some judges. The prosecutors sure knew their audience.) During the trial Simkanin was dragged into court in leg irons. The IRS doesnmt resort to criminal prosecution very often, so when it does, it wants to make a vivid example. Itms Magic, You Know: Never Believe Itms Not So The We The People conference brought together many of the movementms leading lights. It also presents some new strategies. Schulz, with the help of superstar radical lawyer Mark Lane, is in the process of launching a class action lawsuit to call the governmentms cheating hand on this whole income tax matter. Lane has a mysterious tendency to be wherever the quirky action is in American politics and law. Hems famous for being one of the first Warren Commission revisionists with his 1966 book Rush to Judgment and for being the lawyer for Peoplems Temple death cultist Jim Jones. He has successfully defended some tax honesty clients, though he tells me: "I pay taxes and never advise any client not to. But I can tell you, Imve read all these cases, and I donmt see where it says you have to pay, and I donmt understand why the government doesnmt answer [Schulzms] questions." The planned suit relies on interestingly fresh grounds: Schulz is claiming that all these government officials who refuse to answer his questions about the income tax are violating his First Amendment right to petition the government for a redress of grievances. Surely, after all, that right must include the ability not merely to send in such petitions but to get some sort of reasonable response. Schulz recruits plaintiffs at the conference for another planned class action, this one against employers who have refused to stop withholding income tax from their paychecks when employees request it. This is illegal according to Schulzms reading of U.S. Code Title 26, Subtitle C, Chapter 24, Section 3402(n), which does indeed seem to indicate, to quote that section, that "notwithstanding any other provision of this section, an employer shall not be required to deduct and withhold any tax under this chapter upon a payment of wages to an employee if there is in effect with respect to such payments a withholding exemption certificate...furnished to the employer by the employee certifying that the employee -- (1) incurred no liability for income tax imposed under subtitle A for his preceding taxable year, and (2) anticipates that he will incur no liability for income tax imposed under subtitle I for his current taxable year." This is an option on every W4 form. Schulz maintains that the language of the law clearly implies the employer canmt get in trouble with the IRS for not withholding as long as the employee thus certifies. As a matter of fact, if not law, the IRS will regularly question such W4s (or ones that claim "too many" exemptions) and lean on employers to start deducting as if a straight one-exemption W4 has been filed. Schulz thinks any employer doing that -- and some do so even without the IRSms prodding -- should be sued, and he intends to do so in the spring. To his mind, and those of the 200 gathered at the conference, they are doing everything an American citizen needs to do when faced with injustice: using every legal, reasonable means to seek a redress. The Constitution will not defend itself, Schulz tells me; it is just a piece of paper. Keeping it healthy requires bold action, often expensive and time-consuming action, from those who love it. After Lane gives his presentation about the redress of grievances suit, with its announcement that parties to the suit intend to withhold their cooperation with the income tax until the questions are answered, a sour-voiced, heavy-set woman toward the back is appalled. No one owes the tax, she exclaims, so what kind of weapon is that to hold over the governmentms head, withholding something that wasnmt even due in the first place? In his role as general MC for the conference, Schulz is clearly wearied by the obsessions of some of his audience members -- for example, the notion that hiring an attorney means abandoning personal sovereignty before the law, or that having a yellow-fringed flag in a room means you are under martial law. But he is generally polite about it, if in a pained way. He tries to explain to the woman that lots of people are paying, and that they were seeking to enjoin the IRS from enforcing any tax liabilities on them until the petition is answered. Sessions at the three-day conference often run late -- through lunch and into the evening, past the announced closing time -- and the crowds stay through it all. I meet computer industry workers, violin makers, and even ex-IRS agents, from all across the country; they are overwhelmingly white, about two-thirds male, and mostly between 30 and 60 years old. Their comportment and appearance are not kooky by any means. They dress in business casual mostly, evincing no untoward whooping or mania or anger. Gauging audience reaction to certain statements from the podium, Imd say the majority of them are serious Christians. They are serious people in general: rebels without cool, with no sense of humor or irony, armed merely with the conviction that they are right. Their devotion to their beliefs is certainly religious. Indeed, tax litigation consultant Daniel Pilla, author of The IRS Problem Solver, says theymre "like programmed cult members -- you canmt reason with them." More charitably, the tax honesty people are staunch exemplars of Americams glorious Protestant heritage. This observation is not merely a pun on their status as "tax protesters." Their attitude toward the Constitution and the statutes and legal decisions regarding the income tax are uniquely Protestant, relying on a laymanms ability -- indeed, obligation -- to read and study and parse the original documents himself, to come to his own personal relationship with the law and the cases, and to prefer his understanding to that of the priesthood of lawyers, judges, and accountants. "Case law" -- the kind that proves that you can and will be arrested or fined for not filing or paying income tax -- means nothing to them; they like to rely strictly on the statutes as written, or on Supreme Court cases and straight constitutional interpretation. Irwin Schiff, the godfather of the movement, is insistent that you shouldnmt just take his word for anything: You should check the statutes. He is, he declares, the biggest reseller of the published version of the U.S. tax code. He sells specially tabbed copies leading you straight to the pages in the multithousand-page behemoth you must see to understand his own interpretations. Not merely Protestant, the tax honesty people are strangely reminiscent of fandom -- of the comic book, fantasy, science fiction, role-playing-game variety. They have the same obsession with continuity and coherence within a created fantasy world of words. Itms just that, in this case, that world of words isnmt a multivolume fantasy epic or a long-running TV series -- itms U.S. law. When these people try to reconcile the definition of income in this subsection of Title 26 of the U.S. Code with the definition in a 1918 Supreme Court case, itms like hearing an argument over the inconsistencies between a supervillainms origin as first presented in a 1965 issue of The Amazing Spider-Man and the explanation given in a 1981 edition of Peter Parker, the Spectacular Spider-Man. The tax honesty movementms vision of the world is fantastical in another way. It is not merely obsessed with continuity; it is magical in a traditional sense. Itms devoted to the belief that the secret forces of the universe can be bound by verbal formulas if delivered with the proper ritual. There are numerous formulae in the tax honesty spellbook, with rival mages defending them. Which spell is best: The summoning of the Sovereign Citizen? The incantation of the Constitutional Definition of Income? The banishing spell of No Proper Delegation? The tax honesty folks similarly believe that their foe the IRS must also be bound by these grimoires of magic: that without the properly sanctified OMB number an IRS form holds no power, that without uttering the mystic word liable no authority to tax can truly exist. And always, always, the ultimate incantation, The Question: Where does it say that I owe income taxes? Show me the law! "There Is Hereby Imposed on the Taxable Income of..." You hear this all the time. When presented with the simple request to "show me the law that unambiguously requires me to pay income tax," I was told, everyone from congressmen to tax lawyers to IRS agents is stymied, even when Schiff and others offer enormous rewards to anyone who can do so. It didnmt take me long to find what seemed to be an answer to that question. In U.S. Code Title 26, Subtitle A, Chapter 1, Subchapter A, Part I, Section 1, it says, "There is hereby imposed on the taxable income of...," followed by subcategories that seem to include most Americans, complete with tables showing the percentage owed for each income range. (Subchapter A even comes close to that magic word liable that many in the movement insist is nowhere applied to personal income taxes -- itms called "Determination of Tax Liability.") But "taxable income" is the rub. Tax honesty types claim the "constitutional" definition of income, as set forth in such Supreme Court cases as Doyle v. Mitchell Brothers (1918), is corporate profits, not individualsm wages. (Courts have knocked down this claim regularly during the last 30 years.) The movement has an argument against the income tax for every level of abstraction, from the highest (taxing the fruits of our labor is against our natural rights as sovereign individuals) to the lowest (the IRS canmt manage to get everyone, so it is reasonably safe just not to file). One California paralegal who speaks at the We The People conference relies on everything from the Magna Carta to the Treaty of Paris of 1765 to the U.N. Declaration of Human Rights to defend her contention that she doesnmt owe any income tax. Massed together, the chorus of tax honesty voices canmt help but remind you of the lawyer in the old joke who argued that his client was not even in town when the victim was killed; and if he was in town, he didnmt kill him; and if he did kill him, he was insane when he did it. At the conference you learn that taxing violates our natural rights; and anyway, the Constitution does not permit an unapportioned direct tax like an income tax; and if you think the 16th Amendment took care of that, well, it wasnmt properly ratified; and even if it was, it didnmt give any new taxing powers to Congress; and even if it did, the statutes and codes of the IRS as written arenmt officially U.S. law; and even if they were, they donmt define liability and income such that any normal working American owes taxes; and anyway, if you just donmt file they might never catch you. And there are plenty of complications on every step of this tangled path. (The claim that the 16th Amendment wasnmt properly ratified actually holds up pretty well. To judge from the pathbreaking research of Bill Benson -- a marvelous example of legal Protestantism -- there were enough procedural irregularities in its passage that it technically should not have been declared ratified in 1913. Still, it was thus certified, and the courts tend to respond to Bensonite arguments by saying itms too late to do anything about it now, and it isnmt the courtms problem.) This doesnmt mean anything goes in stabbing at the income tax. There are fringe beliefs even on this fringe. Larry Becraft is a lawyer who has actually won a handful of acquittals -- including one for Vernice Kuglin -- in defending people on trial for tax evasion. He gives a talk that is basically a warning to the movement to get its act straight and stop being absurd. Among the beliefs even others in the movement condemn as silly are the notions that by using a ZIP code or allowing a government document to spell your name in all capital letters, you surrender your sovereignty and make yourself a serf of the federal government, and that the income tax applies only to people who live in a federal territory or district, not to residents of the states. "Here I Am, IRS, and I Donmt Believe in You!" Far from that sort of futile reliance on concepts of personal sovereignty that U.S. law just does not recognize, I encounter a remarkably frank and refreshing approach from Peymon Mottahedeh and his Freedom Law School. (Technically, he tells me, the school is a function of a church he runs.) Peymon has a table set up at the We The People conference seeking customers ("students," he prefers to call them) for the "tax defense funds" he sells (both "simple" and "royal" packages). Peymon and his crew do believe the basic catechism of the movement: that one technically does not have a legal obligation to pay the individual income tax. They also know these arguments never succeed in court. When we meet later at his U.S. Code-lined office, attached to his home on the rural outskirts east of Los Angeles, he tells me hems never seen much value in waving your hands in the air tauntingly and bellowing, "Here I am, IRS, and I donmt believe in you!" Thus Peymon advocates simply not filing and relying on the luck of the draw. Peymon claims more than 60 million Americans a year donmt file. (There is no official number for this, though some more recent estimates from the government have it that only around 10 million people a year who are supposed to be filing arenmt. The IRS admits that in the last three years fewer than 230 nonfilers a year have been convicted.) The next step is to ignore the threatening letters and audit re--quests you receive until you get an official Notice of Deficiency from the IRS. Then you go to Tax Court and stonewall like crazy, making the IRS prove you owe them something without the aid of the "tax confession form," as Peymon calls the 1040. (This all works better for you if you are self-employed and the IRS hasnmt already gotten its hands on your money through withholding.) Peymon is a natural-born salesman, a handsome Iranian man with thick black hair swept back. He says he doesnmt really fear retaliation from the IRS since, after escaping from the Shahms Iran, he feels hems living a second life now anyway. "If we lose our freedom here, where else are we going to go?" he asks. Since hems been selling this advice for only a couple of years, and tax court proceedings often stretch out that long, he says he doesnmt have solid stats on how well this approach is doing, and he shies from announcing his number of customers -- wouldnmt the IRS love to know? But he thinks his approach is the smartest one the movement has come up with. The IRS is a big bully; the smartest thing to do is stay out of the bullyms way and not call attention to yourself. Itms too late for that for the movementms biggest star, Irwin Schiff. At the We The People conference I witness a young fellow enthusiastically shake the hand of this compact 75-year-old man with a broad and squeaky voice and call him his hero; Schiff takes it in stride. He is the man, the granddaddy, in many ways the Founding Father of the modern tax honesty movement. Some of his signature ideas were floated by earlier figures, including Pete Soehnlen and Robert Golden, but he became the first mass phenomenon of tax honesty with his 1982 book How Anyone Can Stop Paying Income Taxes, originally self-published and later distributed by Simon & Schuster. He says hems sold nearly half a million copies of his various books. Schiff used to sell tax shelters, and he first came to prominence in anti-statist circles with a 1976 Arlington House hit called The Biggest Con -- which, despite the title, is a standard right-wing peroration against taxing, spending, and Social Security and does not take a radical anti-income tax stance. Even though he tells us anyone can stop paying income taxes, Schiff has spent a few years in prison as a result of criminal prosecutions on various charges stemming from his own failure to pay taxes. He has been out of jail since the early m90s and has avoided "failure to file" convictions since then by filing an innovation he popularized, the "zero return." That means you file a 1040 but claim to have had no taxable income -- which by Schiffms reading of the tax code and various Supreme Court cases, he does not (and neither do you). His latest book-length disquisition on these matters, The Federal Mafia, is a work of baroque complexity. Yet when Schiff hears Imm a reporter writing about the movement, he says the truth about taxes is easy to grasp. "Itms so simple, itms ridiculous," he tells me. Sometimes Schiffms arguments are not really about the law, just an appeal to a basic sense of fairness. For example, how can a country with a Fifth Amendment require us to file and sign 1040s under penalty of perjury when the information on them can be used against us in civil and criminal prosecutions? Mostly, though, his shtick is based on various sorts of word magic. While some sections of the excise tax code specifically list the circumstances under which one becomes liable for them, for example, there appears to be no such section for the income tax. Therefore, Schiff argues, no one is actually liable for it -- even though, as detailed above, the tax is "imposed." Similarly, he posits a terribly significant distinction between a "notice of levy" and a "levy." I get hit with a hilarious application of Schiffms verbal judo as he attempts to convince me and another apparently confused attendee that "compensation for services" could not mean the same thing as "wages" for tax liability purposes. (This all fits in with his argument that only corporate profits should be considered "income.") He shows us a place in the code that seems to define "compensation for services" as taxable while not mentioning "wages." The other guy objects that surely a wage falls into the category of a "compensation for services." "Itms not the same!" barks Schiff, the Socrates of the tax code. "And Imll prove it to you: Can a corporation receive compensation for services?" His interlocutor admits that yes, wise Schiff, it cannot be denied this is indeed so. "Can a corporation receive wages?" The guy pauses a moment, then grants that this proposition seems doubtful. "See!" Schiff is pleased. "Theymre not the same!" It all seems so sensible with the energetic Schiff yapping at you. Of course, to say that something falls into a category is not the same as saying it is identical to the category. Schiffms argument is ultimately as convincing as saying that if an apple is a fruit, and an apple is not an orange, then an orange canmt be a fruit. Still, he seems happy with it. How, one might ask (and many have), can Schiff continue to maintain there is no legal obligation to pay income taxes when he has spent time in jail for not paying income taxes? He addresses this question in the latest edition of The Federal Mafia: "Unfortunately, some people who were persuaded by [my books] that they could legally stop paying income tax (they could) went to jail. How many, I donmt know. But they and their families paid a terrible price because of what they learned....I must again warn you regarding the use of this information. There is no question that it is all correct. Paying and filing income taxes are, by law, voluntary. The law...also provides you with a means for stopping the withholding of that tax, which, by any legitimate standard, you have a perfect right to do. But, by doing so, you run the risk of going to jail!" "Liable, Liable, What Makes Me Liable?" The reason for that seeming paradox, Schiff says, is simple: The IRS and the judges it brings cases before are corrupt and donmt care what the law says. Which is why, since February 2003, Schiff has had his Las Vegas office raided and records of all his clients seized; the IRS has moved for judgment on $2.5 million in back taxes and penalties it claims he owes; and a federal judge has banned the sale and distribution of The Federal Mafia by Schiff and forbade him from publicly saying what he believes about the income tax. (That ban is under appeal now.) Schiff tells a group of well-wishers this latest wave of statist oppression swamped him momentarily -- he went into a depression and lost 20 pounds -- but "Imm back! Imm back! Imm going to kick their ass!" He proudly points out that all the back taxes in the $2.5 million judgment are from many years ago and that the IRS has done nothing to him for his more recent zero return filings. This proves to him that strategy must be foolproof. Vernice Kuglinms acquittal on criminal charges has made her one of the movementms new saints and heroes. I witness her taking aside a man troubled by the mess hems in because he advocated these beliefs as an accountant; she tells him kindly but firmly, "We know in our core thatms what we have to do." She was involved in Libertarian Party activities in the early m90s and through that was exposed to tax honesty ideas. By 1995 she was sending letters to the IRS asking what specific section of U.S. code or statutes made her liable for the federal income tax. Were she legally liable, she insisted, she would be more than happy to pay. Despite the liens on her income, Kuglin is optimistic. A juror in her case, she tells me, had a dream during deliberations in which he heard Kuglin repeating, "Liable, liable, what makes me liable?" This was apparently the crack in his mind that convinced him to lead the jury to acquittal. And then her son had a dream in which she and her lawyer were standing in front of the courthouse, and a ball of light spread around them and enveloped the world. She believes it is all fate, that the universe is taking care of her, that her victory is the beginning of the end of the whole evil lie of the income tax, and that "every setback is one more step to the win" in this battle. A sober assessment of the empirical evidence shows that the exact opposite is true -- that victories for the tax honesty movement (the occasional criminal acquittal or mistrial) lead inevitably to a later defeat (further convictions or civil seizures). But that realization doesnmt rely on contemplating the Constitution, statutes, codes, or rabbinical parsings of word definitions. Thus, it is not quick to occur to the devotees of tax honesty. They move, with heavenly grace, through an existential hell: In their minds and hearts they are absolutely certain that they are right, and even doing Godms work. (The contention that the Constitution was divinely inspired elicits a fair amount of clapping and no open unrest at the We The People conference.) But they are also fully aware that all the powers and dominions of the earth are arrayed against them and regularly torment them. They believe, in the face of all evidence to the contrary, that their citizenms understanding of the written law should, and in some Platonic sense does, trump the realities of dealing with the government. This makes them uniquely American rebels -- more true, they maintain, to the nationms core values than those of us who follow the pragmatic advice an accountant once gave to one man at the conference. When the tax honesty devotee showed him a Schiff-marked copy of the tax code, the accountant replied: "You mess with that shit, you are going to jail." Well, not necessarily to jail. Tax honesty folks adore the Supreme Courtms 1991 decision Cheek v. U.S., which authoritatively ruled that a belief, however objectively unreasonable, that one was not liable to pay income tax could negate the element of willfulness necessary to establish criminal culpability for income tax crimes. In this area, in essence, ignorance of the law is an excuse. But as Daniel Pilla puts it, Cheek "might keep you out of jail, but it wonmt mean you donmt owe the tax." Still, the tax honesty folks believe, to their core, that a written Constitution and written laws truly can restrain the unbridled force of government. They push a naive Americanism, but an Americanism nonetheless. They are no more insane, in principle, then anyone else anywhere who has ever tried to fight city hall, sue the government, or halt congressional action by relying on, say, the Commerce Clause. Their facts are mostly wrong. But whether wrong or not, they are irrelevant -- and the tax honesty folks know it. Not a one seems unaware that jail and property confiscation are a likely result of acting on their ardently held conclusions. But they refuse to believe it. This makes them foolish, to be sure. But it doesnmt necessarily mean they arenmt heroic. As one conference attendee tells me, "I donmt care how many cowards there are. Therems one less on the planet, and thatms me. Everyone has to stand up for something in their lifetime." Senior Editor Brian Doherty is the author of This Is Burning Man, to be published this summer by Little, Brown. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Wed Apr 21 07:06:53 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 21 Apr 2004 10:06:53 -0400 Subject: Five Reasons You Don't Owe Income Tax, Dammit! Message-ID: Reason: May 2004 Five Reasons You Don't Owe Income Tax, Dammit! The most heartfelt beliefs of the "tax honesty" movement Brian Doherty Here are some of the core arguments against the legality of the income tax one finds in the tax honesty movement. Devotees probably would regard them as oversimplifications. This is certainly not an all-inclusive list. 1) The IRS declares in various documents that the income tax is "voluntary." And in Flora v. U.S. (1960), the Supreme Court announced, "Our system of taxation is based upon voluntary assessment and payment." 2) In Brushaber v. Union Pacific (1916), the Supreme Court declared that "the conclusion that the 16th Amendment provides for a hitherto unknown power of taxation" is "erroneous," and thus the 16th Amendment did not give Congress any taxing powers it did not already have. Hence, an unapportioned direct tax such as the income tax still cannot be legal. (Most mainstream readings of this extremely hard-to-follow decision say the Court meant Congress always had the power to levy an income tax, and that it was merely the question whether it should have to be apportioned that was at issue.) 3) Income, for the purposes of the tax code, should not be understood in any "common sense" way but only as defined by the Supreme Court. The Supreme Court, in Merchant's Loan and Trust Company v. Smietanka (1921), defined it as having the same meaning as in the Corporation Excise Tax of 1909-and as Irwin Schiff has written, "nothing that was received by private persons was taxable as 'income' under that Act." Income is defined as "gain derivedVfrom labor" in a previous Supreme Court decision, Stratton's Independence v. Howbert (1913). 4) Title 26 of the U.S. Code, in which tax-related statutes are found, is inherently "void for vagueness" because it lacks precise definitions of such terms as state, United States, employee, and person. Again, "common sense" definitions aren't good enough. (Many tax honesty types interpret the use of the word includes in the tax code as properly meaning, "is limited to.") 5) According to the tax-honesty reading of U.S. Code 26, Section 861, only income from foreigners or from overseas activity appears to actually be subject to the income tax. Senior Editor Brian Doherty is the author of This Is Burning Man, to be published this summer by Little, Brown. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Wed Apr 21 07:24:00 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 21 Apr 2004 10:24:00 -0400 Subject: [ISN] Britons go 'toothing' for sex with strangers Message-ID: --- begin forwarded text From dave at farber.net Wed Apr 21 07:26:57 2004 From: dave at farber.net (Dave Farber) Date: Wed, 21 Apr 2004 10:26:57 -0400 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push Message-ID: From morlockelloi at yahoo.com Wed Apr 21 15:57:24 2004 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Wed, 21 Apr 2004 15:57:24 -0700 (PDT) Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: <20040421195716.GB1026@leitl.org> Message-ID: <20040421225724.24813.qmail@web40601.mail.yahoo.com> > The extreme ease of use of internet wiretapping and lack of accountability > is not a good situation to create. False. It is the best possible situation cpunk-wise I can imagine. It effectively deals away with bs artists (those who *argue* against this or that) and empowers mathematics. If one is so fucking stupid, lazy or both not to encrypt, anonymize and practice other safe-sex approaches then let's hope that whatever broad wiretapping results in will also have slight (but measurable) pressure in factoring those out from the gene pool. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? Yahoo! Photos: High-quality 4x6 digital prints for 25" http://photos.yahoo.com/ph/print_splash From rah at shipwright.com Wed Apr 21 14:38:14 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 21 Apr 2004 17:38:14 -0400 Subject: Bank Transfer via Quantum Cryptography Based on Entangled Photons Message-ID: Sigh... The old hype-meter pegs so much the needle's bent... Cheers, RAH -------- Quantum Cryptography "live" World Premiere: Bank Transfer via Quantum Cryptography Based on Entangled Photons Press conference and demonstration of the ground-breaking experiment: 21 April 2004, 11:30, Vienna City Hall q Steinsaal A collaboration of: group of Professor Anton Zeilinger, Vienna University; ARC Seibersdorf research GmbH; City of Vienna; Wien Kanal Abwassertechnologien GmbH and Bank Austria q Creditanstalt Downloads: Einladung (pdf-file, german) Invitation (pdf-file, english) Presse-Information (pdf-file, german) Press release (pdf-file, english) Where to get Pictures of the Event :: Fotoinformation (pdf-file) Poster 1 (pdf-file, german) Poster 2 (pdf-file, german) Poster 3 (pdf-file, german) Poster 4 (pdf-file, german) Poster 5 (pdf-file, german) For further Information please contact: Julia Petschinka ARC Seibersdorf research; Information Technologies e-mail: Julia.Petschinka at arcs.ac.at Phone: +43-(0)50550-4161 Fax: +43-(0)50550-4150 Mobile: +43-(0)664-8251064 or: Andrea Aglibut Institut fuer Experimentalphysik, University of Vienna e-mail: Andrea.Aglibut at univie.ac.at Phone: +43-(1)4277-51166 Fax: +43-(1)4277-9512 Mobile: +43-(0)664-60277-51166 -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From sfurlong at acmenet.net Wed Apr 21 18:49:07 2004 From: sfurlong at acmenet.net (Steve Furlong) Date: 21 Apr 2004 21:49:07 -0400 Subject: Real-world quantum cryptography Message-ID: <1082598547.13703.8.camel@daft> http://www.quantenkryptographie.at/ Click on the News: April 21 link, which goes to http://www.quantenkryptographie.at/rathaus_press.html World Premiere: Bank Transfer via Quantum Cryptography Based on Entangled Photons Press conference and demonstration of the ground-breaking experiment: 21 April 2004, 11:30, Vienna City Hall  Steinsaal From eugen at leitl.org Wed Apr 21 12:57:17 2004 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 21 Apr 2004 21:57:17 +0200 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push (fwd from dave@farber.net) Message-ID: <20040421195716.GB1026@leitl.org> ----- Forwarded message from Dave Farber ----- From sfurlong at acmenet.net Wed Apr 21 19:31:43 2004 From: sfurlong at acmenet.net (Steve Furlong) Date: 21 Apr 2004 22:31:43 -0400 Subject: Real-world quantum cryptography In-Reply-To: <1082598547.13703.8.camel@daft> References: <1082598547.13703.8.camel@daft> Message-ID: <1082601103.13703.10.camel@daft> On Wed, 2004-04-21 at 21:49, Steve Furlong wrote: > http://www.quantenkryptographie.at/ Gah. That's what I get for trying to do a Hettinga -- he beats me to it. OK, Bob, you got me this time. From DaveHowe at gmx.co.uk Wed Apr 21 17:13:48 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Thu, 22 Apr 2004 01:13:48 +0100 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push References: <20040421225724.24813.qmail@web40601.mail.yahoo.com> Message-ID: <013101c427fe$b03e5cf0$01c8a8c0@broadbander> Morlock Elloi wrote: >> The extreme ease of use of internet wiretapping and lack of >> accountability is not a good situation to create. > False. > It is the best possible situation cpunk-wise I can imagine. No, it is a terrible situation. It establishes a legal requirement that communications *not* be private from the feds. from there, it is just a small step to defining encryption as a deliberate attempt to circumvent that law, and so a crime in itself. From mv at cdc.gov Thu Apr 22 08:31:15 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 22 Apr 2004 08:31:15 -0700 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push Message-ID: <4087E543.78084915@cdc.gov> At 12:09 PM 4/22/04 +0200, Eugen Leitl wrote: > >Are you truly expecting a worldwide ban on encryption? How do you prove >somebody is using encryption on a steganographic channel? Torture, of the sender, receiver, or their families, has worked pretty well. If you're good you don't even leave marks. From rah at shipwright.com Thu Apr 22 08:16:31 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 22 Apr 2004 11:16:31 -0400 Subject: Real-world quantum cryptography In-Reply-To: <1082601103.13703.10.camel@daft> References: <1082598547.13703.8.camel@daft> <1082601103.13703.10.camel@daft> Message-ID: At 10:31 PM -0400 4/21/04, Steve Furlong wrote: >OK, Bob, you got me this time. To paraphrase a surgeon in the cartoons this morning, your awe is thanks enough... ;-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu Apr 22 08:17:26 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 22 Apr 2004 11:17:26 -0400 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: <20040422100928.GW1026@leitl.org> References: <20040421225724.24813.qmail@web40601.mail.yahoo.com> <013101c427fe$b03e5cf0$01c8a8c0@broadbander> <20040422100928.GW1026@leitl.org> Message-ID: At 12:09 PM +0200 4/22/04, Eugen Leitl wrote: >Are you truly expecting a worldwide ban on encryption? Amen. It's like expecting a worldwide ban on finance. Been tried. Doesn't work. :-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Thu Apr 22 11:53:07 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 22 Apr 2004 11:53:07 -0700 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push Message-ID: <40881492.4C32C412@cdc.gov> At 05:56 PM 4/22/04 +0200, Thomas Shaddack wrote: >On Thu, 22 Apr 2004, Major Variola (ret) wrote: > >> At 12:09 PM 4/22/04 +0200, Eugen Leitl wrote: >> > >> >Are you truly expecting a worldwide ban on encryption? How do you prove >> >somebody is using encryption on a steganographic channel? >> >> Torture, of the sender, receiver, or their families, has worked pretty >> well. >> If you're good you don't even leave marks. > >However, it's not entirely reliable. At some point, the suspect tells you >what you want to hear, whether or not it is the truth, just so you leave >him alone. It can even happen that the suspect convinces himself that what >he really did what he was supposed to do. Interrogators check out each confession. First ones won't work, bogus keys. Just noise. Second confession reveals pork recipes hidden in landscape pictures. Beneath that layer of filesystem is stego'd some porn. Beneath that, homosexual porn. But your interrogators want the address book stego'd beneath that. They know that these are stego distraction levels, uninteresting to them. You'll give it to them eventually. If you give them a believable but fake one, it will damage innocents or true members of your association. >This brings another ofren underestimated problem into the area of >cryptosystem design, the "rubberhose resistance". My comments were written with that in mind. I'm familiar with filesystems (etc) with layers of deniable stego. I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help. From eugen at leitl.org Thu Apr 22 03:09:28 2004 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 22 Apr 2004 12:09:28 +0200 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: <013101c427fe$b03e5cf0$01c8a8c0@broadbander> References: <20040421225724.24813.qmail@web40601.mail.yahoo.com> <013101c427fe$b03e5cf0$01c8a8c0@broadbander> Message-ID: <20040422100928.GW1026@leitl.org> On Thu, Apr 22, 2004 at 01:13:48AM +0100, Dave Howe wrote: > No, it is a terrible situation. > It establishes a legal requirement that communications *not* be private from > the feds. from there, it is just a small step to defining encryption as a > deliberate attempt to circumvent that law, and so a crime in itself. Are you truly expecting a worldwide ban on encryption? How do you prove somebody is using encryption on a steganographic channel? -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From rah at shipwright.com Thu Apr 22 09:43:51 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 22 Apr 2004 12:43:51 -0400 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: <056d01c4287e$ff7c19d0$c71121c2@exchange.sharpuk.co.uk> References: <20040421225724.24813.qmail@web40601.mail.yahoo.com> <013101c427fe$b03e5cf0$01c8a8c0@broadbander> <20040422100928.GW1026@leitl.org> <056d01c4287e$ff7c19d0$c71121c2@exchange.sharpuk.co.uk> Message-ID: At 4:32 PM +0100 4/22/04, Dave Howe wrote: >There isn't a worldwide ban on breaking CSS - doesn't stop the film >industry trying to enforce it in the US courts. Carl Ellison tells the story about how, with the advent of the longbow, all these peasants had to get absolution from their local priests for killing knights. Kill a noble on Wednesday, confess on Sunday, lather, rinse, repeat. Needless to say, the impedance mismatch between reality and dogma resolved itself. The economics of networks outweighs the economics of intellectual property law. That, too, will resolve itself, just like Clipper did. As for finance itself, there's a reason that I say that financial cryptography is the only cryptography that matters. Since the time of Mesopotamian bullae and grain banks, cryptography has been essential to finance. You can't do one without the other. The more cryptography you do, the more finance you can do, the better off everyone is. It's a virtuous circle. The internet and Moore's law accelerates cryptographic, and thus financial, progress. More stuff cheaper. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Thu Apr 22 11:57:08 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 22 Apr 2004 14:57:08 -0400 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push Message-ID: "As for finance itself, there's a reason that I say that financial cryptography is the only cryptography that matters. Since the time of Mesopotamian bullae and grain banks, cryptography has been essential to finance. You can't do one without the other. The more cryptography you do, the more finance you can do, the better off everyone is. It's a virtuous circle." I don't agree, though I'm tempted to. What have nominally been called religious and/or race wars throughout history have almost always had at their core economics, or at least in the western world. It's easy to see how finance might be the underlying reason for lots of nominally non-crypto communications. Your statement is arguably true as t-->infinity. However, I'd bet there are short-term applications for crypto that really matter and yet have no real relationship to $$$ (for instance, what if there was widespread communications and crypto in Nazi Germany...would the holocaust have happened?) -TD >From: "R. A. Hettinga" >To: >Subject: Re: [IP] One Internet provider's view of FBI's CALEA wiretap >push >Date: Thu, 22 Apr 2004 12:43:51 -0400 > >At 4:32 PM +0100 4/22/04, Dave Howe wrote: > >There isn't a worldwide ban on breaking CSS - doesn't stop the film > >industry trying to enforce it in the US courts. > >Carl Ellison tells the story about how, with the advent of the longbow, all >these peasants had to get absolution from their local priests for killing >knights. Kill a noble on Wednesday, confess on Sunday, lather, rinse, >repeat. > >Needless to say, the impedance mismatch between reality and dogma resolved >itself. > >The economics of networks outweighs the economics of intellectual property >law. That, too, will resolve itself, just like Clipper did. > > >As for finance itself, there's a reason that I say that financial >cryptography is the only cryptography that matters. Since the time of >Mesopotamian bullae and grain banks, cryptography has been essential to >finance. You can't do one without the other. The more cryptography you do, >the more finance you can do, the better off everyone is. It's a virtuous >circle. > >The internet and Moore's law accelerates cryptographic, and thus financial, >progress. More stuff cheaper. > >Cheers, >RAH > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' > _________________________________________________________________ Lose those love handles! MSN Fitness shows you two moves to slim your waist. http://fitness.msn.com/articles/feeds/article.aspx?dept=exercise&article=et_pv_030104_lovehandles From rah at shipwright.com Thu Apr 22 11:58:57 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 22 Apr 2004 14:58:57 -0400 Subject: United States Patent: 6,721,423 Message-ID: ( 1 of 1 ) United States Patent 6,721,423 Anderson , et al. April 13, 2004 Lost cost countermeasures against compromising electromagnetic computer emanations Abstract A set of methods is specified whereby software reduces compromising electromagnetic emanations of computers that could otherwise allow eavesdroppers to reconstruct sensitive processed data using periodic averaging techniques. Fonts for screen display of text are low-pass filtered to attenuate those spectral components that radiate most strongly, without significantly affecting the readability of the text, while the character glyphs displayed are chosen at random from sets that are visually equivalent but that radiate differently. Keyboard microcontroller scan loops are also furnished with random variations that hinder reconstruction of the signal emanated by a keyboard. Drivers for hard disks and other mass-storage devices ensure that the read head is never parked over confidential data longer than necessary. Inventors: Anderson; Ross J. (10 Water End, Wrestlingworth, Sandy, Bedfordshire, GB SG29 2HA); Kuhn; Markus Guenther (Schlehenweg 9, Uttenreuth, DE D-91080) Appl. No.: 238560 Filed: January 28, 1999 Current U.S. Class: 380/252; 380/268; 380/210; 380/54 Intern'l Class: H04L 009/00 Field of Search: 380/205,210,268,287,22,1,252,54 713/190,189 References Cited [Referenced By] U.S. Patent Documents 3770269 Nov., 1973 Elder 463/18. 4203102 May., 1980 Hydes 345/467. 4695904 Sep., 1987 Shinyagaito et al. 5379343 Jan., 1995 Grube et al. 5530390 Jun., 1996 Russell 327/164. 5726538 Mar., 1998 Jackson et al. 315/370. 5894517 Apr., 1999 Hutchison et al. 380/268. Other References van Eck, "Electromagnetic Radiation for Video Display Units: An Eavesdropping Risk?" Computers and Technology 4 (1985) 269-286. Primary Examiner: Barron; Gilberto Assistant Examiner: Gurshman; G Claims What is claimed is: 1. A method of obstructing the reconstruction of information shown on a video-display system from electromagnetic emissions generated by that system, in which the display is altered using character fonts that compose each displayed graphic character using more than two pixel amplitudes in order to reduce the electromagnetic emissions in video-signal frequencies that are radiated or conducted to potential eavesdropper receiver positions particularly well. 2. A method of obstructing the reconstruction of information shown on a video-display system from electromagnetic emissions generated by said video-display system comprising: generating several character fonts consisting of pixel images of glyphs; each of said fonts providing a glyph image for each graphic character of a supported character set, said character set being common across all generated fonts; each of said glyph images differing slightly in style, size, position and quantization noise from glyph images that represent the same character in the other generated fonts responsive to monitored emission measurements and subject to a trade-off that keeps the differences in visual appearance at a minimum and that maximizes the differences in electromagnetic emissions in video-signal frequencies that are radiated or conducted to a potential eavesdropper receiver, and a mechanism to alter said video display by randomly choosing among said fonts for each newly displayed instance of a character. 3. A method of obstructing the reconstruction of information shown on a video-display system from electromagnetic emission generated by said video-display system comprising: generating character fonts consisting of grey-level pixel images of glyphs; filtering said generated character fonts in a horizontal direction responsive to monitored emission measurements and a signal-energy to display-quality trade-off, and altering said video display by using character fonts that compose displayed characters using more than two pixel amplitudes for reducing the electromagnetic emissions in video-signal frequencies that are radiated or conducted to a potential eavesdropper receiver. Description TECHNICAL FIELD This invention is related to the protection of confidential computer data against eavesdroppers who try to reconstruct it from the electromagnetic emanations generated by computers. BACKGROUND OF THE INVENTION It has been known to military organizations since at least the early 1960s that computers generate electromagnetic radiation which not only interferes with radio reception, but which also makes information about the processed data available to a remote radio receiver (see for example Peter Wright: Spycatcher--The Candid Autobiography of a Senior Intelligence Officer. William Heinemann Australia, 1987, ISBN 0-85561-098-0). Known as compromising emanation or Tempest radiation, this electromagnetic broadcast of data has been a significant concern in security-sensitive computer applications. Compromising emanations of video display units (see for example Wim van Eck: Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? Computers & Security vol 4 (1985) 269-286; Erhard Moller, Lutz Bernstein, Ferdinand Kolberg: Schutzma.beta. nahmen gegen kompromittierende elektromagnetische Emissionen von Bildschirmsichtgeraten [Protective measures against compromising electromagnetic emissions from video display terminals]. Labor fur Nachrichtentechnik, Fachhochschule Aachen, Aachen, Germany) and serial data cables (see Peter Smulders: The Threat of Information Theft by Reception of Electromagnetic Radiation from RS-232 Cables. Computers & Security vol 9 (1990) 53-58) have been described in the open literature. One common and expensive countermeasure is to fit metallic shielding to the device, the room, or the entire building (see Electromagnetic Pulse (EMP) and Tempest Protection for Facilities. Engineer Pamphlet EP 1110-3-2, 469 pages, U.S. Army Corps of Engineers, Publications Depot, Hyattsville, Dec. 31, 1990; and Deborah Russell, G. T. Gangemi Sr.: Computer Security Basics. O'Reilly & Associates, 1991, ISBN 0-937175-71-4). Cross-correlation test methods suitable for verifying the effectiveness of such shielding have been described in Wolfgang Bitzer, Joachim Opfer: Schaltungsanordnung zum Messen der Korrelationsfunktion zwischen zwei vorgegebenen Signalen [Circuit arrangement for measuring the correlation function between two given signals]. German Patent DE.sup..about. 3911155.sup..about. C2, Deutsches Patentamt, Nov. 11, 1993, and Joachim Opfer, Reinhart Engelbart: Verfahren zum Nachweis von verzerrten und stark gestorten Digitalsignalen und Schaltungsanordnung zur Durchfuhrung des Verfahrens [Method for the detection of distorted and strongly interfered digital signals and circuit arrangement for implementing this method]. German Patent DE.sup..about. 4301701.sup..about. C1, Deutsches Patentamt, May 5, 1994. Devices that generate a correlated jamming signal in order to make eavesdropping more difficult have been described in John H. Dunlavy: System for Preventing Remote Detection of Computer Data from TEMPEST Signal Emissions. U.S. Pat. No. 5,297,201, Mar. 22, 1994, and Lars Hoivik: System for Protecting Digital Equipment Against Remote Access. U.S. Pat. No. 5,165,098, Nov. 17, 1992. The electromagnetic data-dependent signals generated by computers and emanated over the air, or via power supply and communication cables, are rather weak and distorted. In addition, if several computers are located in close proximity, their signals will be overlaid. The eavesdropper will therefore use various techniques to separate the signals of interest from the background noise before attempting further decoding (see Markus G. Kuhn, Ross J. Anderson: Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations, in David Aucsmith (Ed.): Information Hiding, Second International Workshop, IH'98, Portland, Oreg., USA, Apr. 15-17, 1998, Proceedings, LNCS 1525, Springer-Verlag, ISBN 3-540-65386-4, pp. 126-143). Periodic averaging is a very powerful noise elimination technique and can be applied to many signals of particular interest from computer systems that process confidential data. If the signal of interest s(t) has a known period T such that s(t)=s(t+T) most of the time, then the eavesdropper can reconstruct from the received noisy signal r(t)=s(t)+n(t), where n(t) is uncorrelated background noise, a noise-reduced estimate of the signal from a moving average: ##EQU1## which has a significantly better signal-to-noise ratio than s(t). Three periodic signals found in a typical computer may contain confidential information and are thus of particular interest to an eavesdropper: 1. The video display signal is generated by writing the content of the display frame buffer to the display with a period equivalent to the vertical refresh frequency of the cathode-ray tube, liquid crystal panel, or other display device. 2. A microcontroller or a specialized circuit in the keyboard applies voltages in succession to each row of a matrix circuit to which the keys are connected. Scanning the column lines for this voltage allows the microcontroller or specialized circuit to determine which key is currently pressed in order to report the appropriate key code word to the main processor (see Ed L. Sonderman, Walter Z. Davis: Scan-controlled keyboard, U.S. Pat. No. 4,277,780, Jul. 7, 1981). This scan cycle is repeated with high frequency to ensure that no key-press events are missed. The sequence of instructions executed in the scan loop often depends on which key is currently pressed. Therefore the precise shape of the emanations reveals information about key presses, and manually entered text may be reconstructed by an eavesdropper. 3. In most mass storage devices such as magnetic or magneto-optical discs, data is organized into storage tracks and a motor moves the head between them. After data has been read from or written to a track, the head usually remains located on that track until a request to access another track is received. During this time, the readout amplifier receives, amplifies and emits the data content of the storage track periodically, where the period is identical to the rotation time of the disk. SUMMARY OF THE INVENTION The present invention is a low-cost means of making it more difficult for an eavesdropper to gain knowledge about the data processed on a normal computer system that features standard components such as a video display, a keyboard and a hard disk. In its most general terms the presents invention proposes that instead of, or in addition to, physical screening of an electronic system, the system should be designed or modified to reduce (or substantially eliminate) the generation of electromagnetic signals which are periodic or otherwise predictable. Accordingly, the invention may be expressed as a method of obstructing the reconstruction of information contained in an electronic apparatus from electromagnetic emissions, by reducing the energy of certain periodic signals in electromagnetic emissions generated by the system and destroying the periodicity of residual signals or other signals. These methods may involve only software or firmware changes in the computer system and can therefore be implemented at a much lower cost than the conventional techniques described above, in which electromagnetic radiation is reabsorbed after it has been generated (i.e. physical shielding). They may also be implemented using low-cost hardware devices. Whether they are implemented in software, firmware or hardware, these techniques can also be combined with traditional physical shields in order to provide an independent layer of protection against shield failure. The general means of protection is to render signals more difficult for an attacker to recover using periodic averaging and cross-correlation techniques. Three specific methods are filtering out from periodic signals those spectral components that cause the highest levels of compromising radiation, spreading the spectrum of the residual information-bearing radiation using a sequence unknown to the attacker, and removing periodic signals directly. We will describe examples of these three techniques in turn. An example of the first method consists of displaying text on the video display device using a special font that employs a plurality of pixel luminosities in order to represent character glyphs. The use of more than two pixel luminosities to display anti-aliased characters and thus avoid staircase effects in slanted lines and italic characters has been described in Richard B. Preiss, John C. Dalrymple: System and method for smoothing the lines and edges of an image on a raster-scan display, U.S. Pat. No. 4,672,369, Jun. 9, 1987, and Bradley J. Beitel, Robert D. Gordon, Joseph B. Witherspoon III: Anti-alias font generation, U.S. Pat. No. 5,390,289, Feb. 14, 1995}. The innovation in the present invention is to use a font specially designed so that the horizontal spatial frequency spectrum of the glyphs is adapted to the emission spectrum of the video display device so as to reduce the broadcast energy and thus minimize the range within which eavesdroppers can identify the displayed characters. An example of the second method consists, firstly, of using a random number generator to select one of a number of character glyphs which are visually similar but which are generated by different video signals, in order to make it more difficult to reconstruct the signal using signal processing techniques; and secondly, introducing a variable delay into the keyboard matrix scan cycle, which makes it harder for eavesdroppers to reconstruct the compromising emissions of the keyboard. The innovation in the present invention is to randomise the inadvertently emitted signal and thus make its reconstruction by an attacker more difficult. An example of the third method is to modify the device driver software or controller firmware responsible for the control of disk drives, or in general any mass storage device that uses moveable read/write heads to access a plurality of storage tracks on the surface of a storage medium. The innovation in the present invention is to park inactive read/write heads on a storage track that does not contain confidential data. BRIEF DESCRIPTION OF THE FIGURES FIG. 1 shows a pixel field containing normal raster text. FIG. 2 shows a pixel field containing horizontally low-pass filtered raster text, illustrating the application of the second emanation protection method described in this invention. FIG. 3 shows a magnified photograph of the pixel field in FIG. 1 as it is displayed on a cathode-ray computer monitor. FIG. 4 shows a magnified photograph of the pixel field in FIG. 2 as it is displayed on a cathode-ray computer monitor. FIG. 5 shows an excerpt from the video signal generated by the pixel field shown in FIG. 1. FIG. 6 shows an excerpt from the video signal generated by the pixel field shown in FIG. 2, taken from the same pixel coordinates as those used in FIG. 5. FIG. 7 shows the video signal from FIG. 6 after it has passed a simple analog low-pass filter that has been installed on the computer video adapter output in order to attenuate the aliasing frequencies generated by the discrete nature of the video signal and by the shape of a single pixel pulse. FIG. 8 shows a photograph of the screen of a Tempest eavesdropping receiver when the computer screen under surveillance contains normal raster text fonts as shown in FIG. 1. FIG. 9 shows a photograph of the screen of a Tempest eavesdropping receiver when the computer screen under surveillance contains horizontally low-pass filtered content as shown in FIG. 2, demonstrating the protective effect of this invention. DETAILED DESCRIPTION In the case of the video display unit, we shape the spectrum of the periodic video signal by using digital filtering or by combining digital filtering and anti-aliasing techniques to generate a character font with little spectral energy in those frequency ranges in which the computer monitor radiates particularly well. The spectral characteristics of the monitor are first determined by using the graphics adapter of the computer to display test images such as a zoneplate pattern. The emanations are then measured in an electromagnetic compatibility laboratory using a spectrum analyzer or a Tempest monitoring receiver. In one test system described in Markus G. Kuhn, Ross J. Anderson "Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations" (in David Aucsmith (Ed.): Information Hiding, Second International Workshop, IH'98, Portland, Oreg., USA, Apr. 15-17, 1998, Proceedings, LNCS 1525, Springer-Verlag, ISBN 3-540-65386-4, pp. 126-143) these measurements showed that for a video mode with 95 MHz pixel frequency, most of the emitted energy came from parts of the test image with frequencies in the range 33-47.5 MHZ. The emitted energy was not only present in this frequency range but also as higher harmonics of frequencies in this band. Preferably, the present invention reduces the amount of emitted information bearing radiation by at least 10 dB, or more preferably by at least 20 dB or even 30 dB. This is because in the zoning model used by many governments to decide which classification of information may be processed on which type of apparatus in which zone of a building, a signal attenuation of 10 dB corresponds to a single zone (see Deborah Russell, G. T. Gangemi Sr.: Computer Security Basics. O'Reilly & Associates, 1991, ISBN 0-937175-71-4). Text displayed with a font in which all horizontal pixel lines have been processed with a digital filter to attenuate frequency components in this range by about 20 dB becomes practically invisible on a Tempest monitor while the display quality and readability of the text by persons in front of the authorised display device is only marginally affected. This processing can be achieved by passing the video signal through a suitable hardware filter, or more conveniently by software graphic processing. In our typical embodiment, we start out with a high-resolution version of a character font and generate grey-level pixel images of the glyphs, selecting for the background and foreground luminosity 85% and 15% of the available maximal white luminosity in order to prevent overflow or underflow during subsequent filtering. We then apply a normal subsampling filter in both horizontal and vertical directions in order to prevent aliasing by removing all frequency components that are above the Nyquist limit of the final pixel spacing. Our innovation over existing anti-aliasing technology is to apply in the horizontal direction a further filter that attenuates those frequencies at which the video display device radiates compromising RF emanations efficiently. The spectral shape of the anti-emission filter depends on the results of the monitor emission measurements and on a signal energy versus display quality tradeoff. After these filtering steps, the filtered high-resolution font is subsampled and stored for use by display routines. The resulting filtered glyphs may be significantly wider than the underlying original glyphs and thus the display routine must superpose them using addition, with the background (85%) luminosity treated as zero for the purpose of this addition. An example text that has been generated this way is shown in FIG. 2 as a pixel field and in FIG. 4 as a CRT screen photograph. FIG. 6 shows a typical video signal generated this way, from which further harmonics can be removed by an analog filter at the video adapter output, resulting in a smoother signal such as that shown in FIG. 7. For best performance, a 30 MHz low-pass hardware filter is used; if the application admits only software countermeasures, then the filters installed in monitor cables for EMC and RFI compliance purposes together with the natural inductance of the cables and the limitations of the video amplifier circuitry have a similar if less controlled effect. FIG. 9 shows the signal received by the eavesdropping receiver described in Markus G. Kuhn, Ross J. Anderson "Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations" (in David Aucsmith (Ed.): Information Hiding, Second International Workshop, IH'98, Portland, Oreg., USA, Apr. 15-17, 1998, Proceedings, LNCS 1525, Springer-Verlag, ISBN 3-540-65386-4, pp. 126-143), when the screen content has been low-pass filtered using software only as described by this invention. FIG. 1, FIG. 3, FIG. 5, and FIG. 8 illustrate the corresponding situation found with normal video display units if no protective filtering takes place; this gives a considerably better received signal as shown in FIG. 8. To further complicate automated radio frequency character recognition of displayed text using a digital eavesdropping receiver and pattern matching techniques, one typical embodiment utilizes a plurality of fonts that differ slightly in character style, size, and position and it randomly selects for every character of the displayed text one of these font variations. In the case of the keyboard scan cycle, we adapt the same idea and spread the spectrum of the emanations by adding a variation and a random delay into the scan sequence. Transforming the scan cycle into a non-periodic process spreads the harmonics of the sample cycle frequency in the spectrum such that they cannot be extracted easily by periodic averaging. The random repetition delay between the application of voltages to the rows of the keyboard matrix is accomplished both by varying the order in which rows are scanned and by using delay loops to vary slightly the time that passes between the scan of one row and the next. The choice of row order and delays depends on the output of a cryptographically strong random number generator that is periodically reseeded by combining its old internal state with keyboard input so as to make its output unpredictable to an eavesdropper. Cryptographic random number generators are described in Bruce Schneier: Applied Cryptography (John Wiley & Sons Inc, 1996, ISBN 0-471-11709-9). The emitted spectrum of the keyboard scan microcontroller and other processors in general can also be spread by slightly frequency modulating the clock signal of this processor using a random noise source, which creates an additional difficulty for eavesdropping receivers. Finally, the scan codes are encrypted for transmission along the keyboard cable to the computer in order to prevent direct eavesdropping of the serial cable emanations as described in Peter Smulders: The Threat of Information Theft by Reception of Electromagnetic Radiation from RS-232 Cables (Computers & Security vol 9 (1990) 53-58). In the case of the mass storage device, we could also reduce the readability of confidential data in the unavoidable periodic signal that the read amplifiers generate as the device turns, by moving the disk head in a random or pseudorandom manner when it is not in use. However in this case there is available a simpler and deterministic remedy which imposes less mechanical wear on the device. We simply move the read head as soon as possible away from a sensitive track if no further read requests are pending. In our preferred implementation, the head is always moved to safe tracks--tracks that contain either no data at all or non-sensitive data--during disk idle times. The disk driver maintains a list of safe tracks to which the writing of sensitive data is prevented, and where there are a number of mechanically coupled heads to access stacked or otherwise juxtaposed media, there will be allocated a number of sets of safe tracks corresponding to disk head positions at which the writing of sensitive data is similarly not permitted. Whenever the request queue for a device is empty and the last access was to a sector other than on a safe track, the driver will determine the closest safe track and either move the read head there directly or issue a read instruction to one of the sectors in this track depending on the disk interface. This way, the sensitive data content of the hard disk will only be amplified for the minimal necessary time and the probability that an eavesdropper can successfully reconstruct any of it by periodic averaging is significantly reduced. * * * * * -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From pcapelli at ieee.org Thu Apr 22 13:00:49 2004 From: pcapelli at ieee.org (Pete Capelli) Date: Thu, 22 Apr 2004 16:00:49 -0400 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push References: <20040421225724.24813.qmail@web40601.mail.yahoo.com> <013101c427fe$b03e5cf0$01c8a8c0@broadbander> <20040422100928.GW1026@leitl.org> Message-ID: <004b01c428a4$82750070$1302a8c0@firedancer> > At 12:09 PM +0200 4/22/04, Eugen Leitl wrote: > >Are you truly expecting a worldwide ban on encryption? > > Amen. > > It's like expecting a worldwide ban on finance. Been tried. Doesn't work. But the goal isn't to ban it; just marginalize it enough to be able to tar it as a terrorist action. True, there is no worldwide ban on finance. But there is the delightful 'know your customer' law. From roy at rant-central.com Thu Apr 22 13:18:25 2004 From: roy at rant-central.com (Roy M. Silvernail) Date: Thu, 22 Apr 2004 16:18:25 -0400 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: <40881492.4C32C412@cdc.gov> References: <40881492.4C32C412@cdc.gov> Message-ID: <1082665104.25501.4.camel@localhost> On Thu, 2004-04-22 at 14:53, Major Variola (ret) wrote: > I wonder how quickly one could incinerate a memory card in the field > with high success rate? Destroy the data and the passphrases don't > help. The first thing that popped into my mind is a USB key with a small cake of potassium permanganate affixed to the flash chip and a rupturable bladder filled with glycerin on top. In case of problem, squeeze to rupture the bladder and throw it somewhere. If outside and near weeds, it'll be very hard to find before the misture does its exothermic thing. That mixture will ignite thermite... should be able to do a number on a flash chip pretty well. -- Roy M. Silvernail is roy at rant-central.com, and you're not Never Forget: It's Only 1's and 0's! SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com From DaveHowe at gmx.co.uk Thu Apr 22 08:28:59 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Thu, 22 Apr 2004 16:28:59 +0100 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push References: <20040421225724.24813.qmail@web40601.mail.yahoo.com> <013101c427fe$b03e5cf0$01c8a8c0@broadbander> <20040422100928.GW1026@leitl.org> Message-ID: <056501c4287e$8e15cc00$c71121c2@exchange.sharpuk.co.uk> Eugen Leitl wrote: > On Thu, Apr 22, 2004 at 01:13:48AM +0100, Dave Howe wrote: >> No, it is a terrible situation. >> It establishes a legal requirement that communications *not* be >> private from the feds. from there, it is just a small step to >> defining encryption as a deliberate attempt to circumvent that law, >> and so a crime in itself. > Are you truly expecting a worldwide ban on encryption? No. Just one on using crypto in america to avoid the feds listening in - currently this is legal, but adds an additional penalty if you are convicted of something *and* the feds decide you used crypto as well. > How do you > prove somebody is using encryption on a steganographic channel? obviously you don't - but I doubt you could conveniently find a steganographic channel convincing enough to pass muster and yet fast enough to handle VoIP traffic. Besides, it could easily devolve into a your-word-against-theirs argument, after you have already spent some time in jail waiting to get to trial (or at least the threat of this). Martha already found out how the FBI can bend the rules if they want to make an example of you. From DaveHowe at gmx.co.uk Thu Apr 22 08:32:15 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Thu, 22 Apr 2004 16:32:15 +0100 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push References: <20040421225724.24813.qmail@web40601.mail.yahoo.com> <013101c427fe$b03e5cf0$01c8a8c0@broadbander> <20040422100928.GW1026@leitl.org> Message-ID: <056d01c4287e$ff7c19d0$c71121c2@exchange.sharpuk.co.uk> R. A. Hettinga wrote: > At 12:09 PM +0200 4/22/04, Eugen Leitl wrote: >> Are you truly expecting a worldwide ban on encryption? > It's like expecting a worldwide ban on finance. Been tried. Doesn't > work. There isn't a worldwide ban on breaking CSS - doesn't stop the film industry trying to enforce it in the US courts. That it doesn't apply outside the US is fine if you are in the netherlands, not so hot if you, your isp, or some branch of your ISP is in the states. From rah at shipwright.com Thu Apr 22 14:48:18 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 22 Apr 2004 17:48:18 -0400 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: <004b01c428a4$82750070$1302a8c0@firedancer> References: <20040421225724.24813.qmail@web40601.mail.yahoo.com> <013101c427fe$b03e5cf0$01c8a8c0@broadbander> <20040422100928.GW1026@leitl.org> <004b01c428a4$82750070$1302a8c0@firedancer> Message-ID: At 4:00 PM -0400 4/22/04, Pete Capelli wrote: >But the goal isn't to ban it; just marginalize it enough to be able to tar >it as a terrorist action. > >True, there is no worldwide ban on finance. But there is the delightful >'know your customer' law. That's just a monster in the closet. Fact is, the more people are able to hack insecure networks, the stronger the crypto gets. At some point, we converge to instantaneous transactions, and that means stuff like blind signatures. Anything else costs too much. When we're at bearer transactions, we don't have audit trails anymore... Right? :-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From shaddack at ns.arachne.cz Thu Apr 22 08:56:16 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Thu, 22 Apr 2004 17:56:16 +0200 (CEST) Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: <4087E543.78084915@cdc.gov> References: <4087E543.78084915@cdc.gov> Message-ID: <0404221740370.-1252214992@somehost.domainz.com> On Thu, 22 Apr 2004, Major Variola (ret) wrote: > At 12:09 PM 4/22/04 +0200, Eugen Leitl wrote: > > > >Are you truly expecting a worldwide ban on encryption? How do you prove > >somebody is using encryption on a steganographic channel? > > Torture, of the sender, receiver, or their families, has worked pretty > well. > If you're good you don't even leave marks. However, it's not entirely reliable. At some point, the suspect tells you what you want to hear, whether or not it is the truth, just so you leave him alone. It can even happen that the suspect convinces himself that what he really did what he was supposed to do. Of course, the solved-crimes statistics doesn't care about this subtle difference. This brings another ofren underestimated problem into the area of cryptosystem design, the "rubberhose resistance". From shaddack at ns.arachne.cz Thu Apr 22 12:23:50 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Thu, 22 Apr 2004 21:23:50 +0200 (CEST) Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: <40881492.4C32C412@cdc.gov> References: <40881492.4C32C412@cdc.gov> Message-ID: <0404222103190.-1252214992@somehost.domainz.com> On Thu, 22 Apr 2004, Major Variola (ret) wrote: > >However, it's not entirely reliable. At some point, the suspect tells > >you what you want to hear, whether or not it is the truth, just so you > >leave him alone. It can even happen that the suspect convinces himself > >that what he really did what he was supposed to do. > > Interrogators check out each confession. First ones won't work, bogus > keys. Just noise. Second confession reveals pork recipes hidden in > landscape pictures. Beneath that layer of filesystem is stego'd some > porn. Beneath that, homosexual porn. But your interrogators want the > address book stego'd beneath that. They know that these are stego > distraction levels, uninteresting to them. You'll give it to them > eventually. Or not - if you weren't who they thought and there really was nothing more than the gay porn. > If you give them a believable but fake one, it will damage > innocents or true members of your association. Innocents could be a good "cannon fodder" that can bring a lot of backslash and alienation aganst the goons, stripping them from public support. > >This brings another ofren underestimated problem into the area of > >cryptosystem design, the "rubberhose resistance". > > My comments were written with that in mind. I'm familiar with > filesystems (etc) with layers of deniable stego. You are one of the few who are familiar with it. Are there any decent implementations for Linux/BSD/NT? Some time ago I was looking around for something (not necessarily stego, "standard" single-layer encrypted filesystem would be enough) for removable media, and would like to share them between machines running several operation systems. Didn't manage to find anything usable. The requirements are security, stability, and portability (at least read-only) between platforms. > I wonder how quickly one could incinerate a memory card in the field > with high success rate? Destroy the data and the passphrases don't > help. There are magnesium rods on the camping market, sold as firestarters for very bad weather. Very high temperature of burning, with proper mechanical configuration (card strapped between two such rods?) could be enough to melt the chip. Maybe could be used together with some kind of break-and-shake chemical ignition even for eg. the USB drives. Their casings typically have considerable amount of space (few mm, enough for a Mg strip) over the chip that carries the data themselves. Which reminds me there are toilets designed for burning the waste using propane burners or electrical heating elements. Could be possible to use them as a basis for the "ultimate document shredder", if combined together with a standard lower-security one, within $2000 total. From rah at shipwright.com Thu Apr 22 18:36:43 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 22 Apr 2004 21:36:43 -0400 Subject: Did You Hear the One About the Salesman Who Traveled Better? Message-ID: The Wall Street Journal April 23, 2004 SCIENCE JOURNAL By SHARON BEGLEY Did You Hear the One About the Salesman Who Traveled Better? April 23, 2004 Traveling salesmen star in more jokes than almost any other occupation, but William Cook doesn't let that distract him. A mathematician at Georgia Institute of Technology, Atlanta, Prof. Cook is one of hundreds of researchers who, since the 1930s, have wracked their brains over the puzzle known as the traveling-salesman problem. It asks: What's the shortest itinerary a salesman can follow to visit all the stops on his route? If our Willy Loman has to make only three or four stops, the optimal route is easy to figure out. But once he adds a few dozen, the number of possible sequences grows exponentially, and the computer time it would take to calculate every possibility grows into the decades. As a result, after three mathematicians solved the problem for 49 cities in 1954, it took until 1971 to solve it for only 15 more. But Prof. Cook and three colleagues broke the problem wide open in the 1990s, solving it for 13,509 cities in 1998 and for 24,978 a few weeks ago. That feat took 67 computer years. (You can see the optimal paths at www.math.princeton.edu/tsp/vlsi/index.html1.) While not even the busiest salesman has a route that big, the problem has become a boldface celebrity in the business world because all manner of practical problems involve the basic question, what is the best way to do something? Applications range from scheduling cable-TV service calls and routing parcel-delivery trucks to drilling holes in a circuit board, where you want to minimize how far the drill, like the salesman, must travel. Faster computers are still not fast enough for this task, because such problems have zillions of possible combinations, notes Michael Trick of Carnegie Mellon University, Pittsburgh. UPS, for one, has upward of 1,500 pick-up/delivery facilities and sorting centers. It would take millennia of computer hours to solve its routing problems using the traditional problem-solving methods. So, scientists in "operations research" (a hybrid of math, engineering and computer science) now are exploiting what Prof. Trick calls "profound insights into the mathematics of the problem." In other words, they're figuring out clever shortcuts the computers can take. These insights take the form of algorithms, a sort of mathematical recipe. "We're developing algorithms that are 10,000 times faster than the ones we used 15 years ago," says Irv Lustig, an operations researcher at ILOG Inc., Mountain View, Calif. "Now we can say, given the data, here is the probably-best answer." An algorithm he developed for ILOG, which sells algorithm-packed custom software, tackled the National Football League's 2004 schedule. He had to juggle 256 games among 32 teams, subject to multiple constraints. There had to be a nationally appealing game every Monday night and at least one must-see match-up every Sunday, for example, and he couldn't send a team on the road for weeks at a time. Dr. Lustig's algorithm created thousands of schedules that fit these constraints in a fraction of the time it took by trial-and-error computing. Even better, it can tweak a schedule in less than a day if, say, the NFL decides that a Giants-Redskins game simply won't do for Week 8 (it's Week 2). In the past, making that change would produce a domino effect taking days to fix. Many of the new algorithms emerged from advances in a relatively young field of math called linear programming. Despite its name, linear programming is not a kind of software-writing. Instead, it's a way to solve optimization problems. Among the most powerful algorithms in linear programming is one that could use some help from a branding consultant, but for now is called the "interior-point method." Imagine that every possible solution to a problem is represented as a point on the surface of a million-faceted diamond. The best solution is the one at the top. The challenge is to reach it. Traditionally, you'd do that by climbing (mathematically) from point to higher point along the outside of the diamond. The interior-point method lets you zoom up the inside. Depending on the number of facets on the diamond, that may let you find the solution more quickly. Thanks to abstruse breakthroughs like this, operations research (OR) has scored in more than the NFL. To eliminate backtracking and overlapping routes, Waste Management Inc. solved what you might call a traveling garbage-truck problem. Using an optimization algorithm to reroute its fleet, WMI eliminated 761 trucks, saved $91 million in annual operating costs and still hauled the trash on time. So-called fractional-fleet services needed a similar mathematical rescue. These companies promise customers who own, say, one-quarter of a business jet that they can depart from anywhere within four hours. The easiest way to do that is to have a plane at every airport their customers use. But that is a good way to bleed cash. With operations research, Bombardier Flexjet was able to cut crew levels by 20%, while getting 10% more daily flights out of each of its aircraft. Bombardier and WMI are among the finalists in a competition run by Informs, the professional group for operations research. The winner will be announced next week. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Thu Apr 22 14:33:24 2004 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 22 Apr 2004 23:33:24 +0200 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: <40881492.4C32C412@cdc.gov> References: <40881492.4C32C412@cdc.gov> Message-ID: <20040422213324.GO1026@leitl.org> On Thu, Apr 22, 2004 at 11:53:07AM -0700, Major Variola (ret) wrote: > I wonder how quickly one could incinerate a memory card in the field > with high success rate? Destroy the data and the passphrases don't > help. Smallish lithium battery has enough oomph to heat a NiCr filament (or charge an electrolyte capacitor to vaporize a thin filament) to detonate a pellet of lead azide or similiar. It will blow a hole in glass, or reliably destroy a flash chip, while being fairly safe when not held in hand (or embedded in a bulky enough case). This will produce a loud bang, obviously. Thermite is a good choice to turn your fileserver into lava, but that thing better be outside, or mounted in chamotte- or asbestos-lined metal closet. Will produce smoke, and take some time, too. If your keyring's been securely wiped, rubberhosing the passphrase out of you to unlock it will give the attacker very little. Assuming the device is powered on, and easily triggerable, that would be quickest. If you're just running a P2P which encrypts relay traffick, and a CFS hosting your warez and kiddie porn which needs interactive passphrase input to mount any forensics type people will only wind up with a glob of useless bits. Assuming the knuckle-draggers will know a CFS from a corrupted FS or a dead drive, that is. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From s.schear at comcast.net Fri Apr 23 09:32:09 2004 From: s.schear at comcast.net (Steve Schear) Date: Fri, 23 Apr 2004 09:32:09 -0700 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: References: Message-ID: <6.0.1.1.0.20040423092530.05699dc8@mail.comcast.net> At 07:43 AM 4/23/2004, Trei, Peter wrote: >If you're dealing with a state-level attacker, any >scheme involving explosives or incendiaries would get >the attackee in as much or more trouble than the >original data would. > >This is a hard problem. I suspect any solution will >involve tamper-resistant hardware, which zeroizes >itself if not used in the expected mode. Right, there are at least two workable solutions- Hard drives with user alterable firmware. I surprised that none of the major drive manufacturers seems to have thought about offering a version of their controllers, for substantially more money, that offers this. A retrofit device that screws into the side of the hard drive and is set to inject a corrosive that almost instantly destroys the drive surfaces. The device can be triggered by any number of intrusion detectors or a voice-activated system keyed to the operators voice print. steve From camera_lumina at hotmail.com Fri Apr 23 07:09:46 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 23 Apr 2004 10:09:46 -0400 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push Message-ID: "I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help." Well, what if there were 3 passwords: 1) One for Fake data, for amatuers (very few of the MwG will actually be smart enough to look beyond this...that's why they have guns) 2)One for real data...this is what you're hiding 3) One for plausible real data, BUT when this one's used, it also destroys the real data as it opens the plausible real data. Of course, some really really smart MwG (or the cool suits standing behind them) will be able to detect that data is being destroyed, but statistically speaking that will be much rarer. -TD >From: "Major Variola (ret)" >To: "cypherpunks at al-qaeda.net" >Subject: Re: [IP] One Internet provider's view of FBI's CALEA wiretap >push >Date: Thu, 22 Apr 2004 11:53:07 -0700 > >At 05:56 PM 4/22/04 +0200, Thomas Shaddack wrote: > >On Thu, 22 Apr 2004, Major Variola (ret) wrote: > > > >> At 12:09 PM 4/22/04 +0200, Eugen Leitl wrote: > >> > > >> >Are you truly expecting a worldwide ban on encryption? How do you >prove > >> >somebody is using encryption on a steganographic channel? > >> > >> Torture, of the sender, receiver, or their families, has worked >pretty > >> well. > >> If you're good you don't even leave marks. > > > >However, it's not entirely reliable. At some point, the suspect tells >you > >what you want to hear, whether or not it is the truth, just so you >leave > >him alone. It can even happen that the suspect convinces himself that >what > >he really did what he was supposed to do. > >Interrogators check out each confession. First ones won't work, bogus >keys. Just noise. Second confession reveals pork recipes hidden in >landscape >pictures. Beneath that layer of filesystem is stego'd some >porn. Beneath that, homosexual porn. But your interrogators >want the address book stego'd beneath that. They know that these >are stego distraction levels, uninteresting to them. You'll give it to >them eventually. If you give them a believable but fake one, >it will damage innocents or true members of your association. > > >This brings another ofren underestimated problem into the area of > >cryptosystem design, the "rubberhose resistance". > >My comments were written with that in mind. I'm familiar with >filesystems >(etc) with layers of deniable stego. > >I wonder how quickly one could incinerate a memory card in the field >with high success rate? Destroy the data and the passphrases don't >help. > > > _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar  get it now! http://toolbar.msn.com/go/onm00200415ave/direct/01/ From rah at shipwright.com Fri Apr 23 07:19:27 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 23 Apr 2004 10:19:27 -0400 Subject: Blood Money Message-ID: The Wall Street Journal April 23, 2004 COMMENTARY Blood Money By JOHN W. SNOW April 23, 2004; Page A14 One of the most critical things the 9/11 Commission hearings have brought to light is the important role the Patriot Act plays in helping to win the war on terror. We have heard a lot about "the wall" -- a conceptual barrier that prohibited agencies such as the FBI and CIA from communicating freely with each other. That wall was knocked down when President Bush signed the Patriot Act in October 2001. Sept. 11 compelled our nation to identify the areas we needed to bolster in order to secure our homeland. We have learned a number of very important lessons about the vulnerabilities in our financial system. First, that our ability to combat terrorist financing is linked with our ability to combat money laundering. Second, that we must remain vigilant in our continuing efforts to identify new ways in which terrorists and criminals will attempt to use our own financial system to fuel their agendas. And third, that our ability to obtain and share financial information is critical to our success in identifying and bringing down terrorist networks. Money is the lifeblood of terrorists because, like any businesspeople, they cannot sustain operations without it. A lack of finances can hinder or thwart short-term goals, and dismantle long-term agendas. Without funds, terrorist groups suffer disarray, defection and, ultimately, demise. The Patriot Act aids the ability of the government, along with our partners in the financial sector, to identify dollars flowing through our financial system in support of nefarious acts, and to prevent new dollars from entering the system. Notably, the act has helped the U.S. and our international partners designate 361 individuals and organizations as terrorists and terrorist supporters -- and to freeze and seize approximately $200 million in terrorist-related assets. Under the Patriot Act, banks and other financial institutions are directed to bolster defenses in potentially vulnerable areas. As we strengthen our defenses against financial crimes in traditional financial institutions, such as banks, criminals and terrorists will look to other types of financial institutions or methods through which to move or launder their money. With that in mind, we continue to bring additional types of businesses under the umbrella of anti-money-laundering and anti-terrorist-financing regulation, thereby raising awareness of the issues and equipping these businesses with the tools to protect themselves. We are committed to balancing the weight imposed by these regulations with our mission of ensuring that we are taking all appropriate steps to keep our citizens safe. We believe that financial institutions should have the flexibility to design programs custom-tailored to address their business, the products they offer and their customer base. This reflects the Treasury Department's judgment that those dealing directly with the public are in the best position to make such decisions, and that this flexibility ultimately enhances the effectiveness of the regulation. Additionally, the Patriot Act authorizes the sharing of critical information about suspected terrorist or money-laundering activity -- not only between the government and financial institutions, but also among financial institutions themselves -- by allowing them to register with the Treasury Department. As a first step to expand its information-sharing capabilities, Treasury has asked law enforcement authorities to provide the names of suspected terrorists and money launderers. We then review the names and, if appropriate, send them on to financial institutions to search their account and transaction records for potential matches. Matches are forwarded to law enforcement authorities through Treasury. At that point authorities must follow the appropriate legal process to take further steps. This process has been incredibly helpful to law-enforcement officials' efforts by saving them critical time and resources. In addition, the financial community has done an exemplary job; institutions large and small have committed themselves to the task, provided valuable leads for law enforcement, and our country is safer because of it. Since September 11, there has been a tremendous resolve in the financial community to deny terrorists access to the financial system. However, the Patriot Act was essential to first put in place the procedures needed to follow through on that resolve by providing innovative and essential tools to eliminate known risks to our financial system, as well as to identify and halt new risks that develop. As I mentioned before, the Patriot Act also lowered a wall that prevented the intelligence community from supporting our administrative authority. For example, when the Treasury Department had information indicating that two U.S.-based charities -- the Benevolence International Foundation and the Global Relief Foundation -- might be supporting al Qaeda, the Patriot Act gave Treasury clear authority to block the assets of these organizations while they were under investigation. This action prevented those assets from being dissipated or diverted to support terrorists. The U.N. ultimately joined the U.S. in designating these entities as supporters of Osama bin Laden and al Qaeda. Cutting off terrorists from the financial system is fundamental to disrupting their activities. Through our efforts, we continue to make it more difficult for terrorists to move money through formal financial systems, thus exposing them to greater risk of detection. The results are crippling to the networks that want to do us harm. Perhaps the most important result of the Patriot Act has been the strengthened partnership among the financial community, the government's financial agencies, and law enforcement, much to the detriment of terrorists. This partnership is the key to our success in choking off the blood money used by terrorists to fuel their agendas of hatred. Mr. Snow is secretary of the Treasury. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From ptrei at rsasecurity.com Fri Apr 23 07:43:14 2004 From: ptrei at rsasecurity.com (Trei, Peter) Date: Fri, 23 Apr 2004 10:43:14 -0400 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push Message-ID: Tyler Durden wrote: > > "I wonder how quickly one could incinerate a memory card in the field > with high success rate? Destroy the data and the passphrases don't > help." > > Well, what if there were 3 passwords: > > 1) One for Fake data, for amatuers (very few of the MwG will > actually be > smart enough to look beyond this...that's why they have guns) > 2)One for real data...this is what you're hiding > 3) One for plausible real data, BUT when this one's used, it > also destroys > the real data as it opens the plausible real data. > > Of course, some really really smart MwG (or the cool suits > standing behind > them) will be able to detect that data is being destroyed, > but statistically > speaking that will be much rarer. > > -TD Whats your threat model? If the prospective attacker has state-level resources, this will always fail. There are a number of guides online describing how attackers should deal with computer data. One of the most basic is they *never* run the attackees software on the original disk. Step one is always to make a bit-level mirror of the entire hard drive, and work with a copy of that. Step zero is to pull the power, so any shutdown code does not run. Any protective scheme which relies on the attacker inadvertantly activating software is doomed from the start. If you're dealing with a state-level attacker, any scheme involving explosives or incendiaries would get the attackee in as much or more trouble than the original data would. This is a hard problem. I suspect any solution will involve tamper-resistant hardware, which zeroizes itself if not used in the expected mode. Peter Trei From peter.thoenen at email-tc3.5sigcmd.army.mil Fri Apr 23 02:17:42 2004 From: peter.thoenen at email-tc3.5sigcmd.army.mil (Thoenen, Peter Mr CN Sprint SFOR) Date: Fri, 23 Apr 2004 11:17:42 +0200 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: References: Message-ID: <4088DF36.9070405@email-tc3.5sigcmd.army.mil> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tyler Durden wrote: | However, I'd bet there are short-term applications for crypto that | really matter and yet have no real relationship to $$$ (for instance, | what if there was widespread communications and crypto in Nazi | Germany...would the holocaust have happened?) | | -TD Yes. The Jews knew what was happening which is why the rich, smart, and / or politically savvy got out early in the 30's. Sure it may have saved a few more lives, but prevented it, no. Crypto won't hide your ethnicity. This is like arguing would widespread communications and crypto in the US slave south have prevented black enslavement. Sure the underground railroad would have worked better, but your still black. - -Peter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) iD8DBQFAiN82riJJDZPNJ28RAjbVAKDUWgWQJjH0xw3ulnez9SRfalfLaACgn1I3 jYawSZU+yp9kkXQhxy+oI+g= =3EaI -----END PGP SIGNATURE----- From mv at cdc.gov Fri Apr 23 12:18:51 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 23 Apr 2004 12:18:51 -0700 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push Message-ID: <40896C1B.2F91DF66@cdc.gov> At 09:23 PM 4/22/04 +0200, Thomas Shaddack wrote: >Innocents could be a good "cannon fodder" that can bring a lot of >backslash and alienation aganst the goons, stripping them from public >support. Yes, this has been discussed before, in addition to using it retributionally --finger some deserving civil servant's offspring. But eventually they'll come back to you wanting names that turn out to be legit, and reveal yet more names. Which is not to say that such countermeasures aren't valuable for the *warning time* your colleages get as a result. >> filesystems (etc) with layers of deniable stego. >Are there any decent implementations for Linux/BSD/NT? I haven't looked recently. One property that such a FS or app should have is that it is useful for something *else* besides stego & duress layers. Maybe a watermark :-) management tool that can embed multiple watermarks that don't interfere. Hmm... a meaty problem... tasty, with heavy theory sauce.. >> I wonder how quickly one could incinerate a memory card in the field >> with high success rate? Destroy the data and the passphrases don't >> help. > >There are magnesium rods on the camping market, sold as firestarters for >very bad weather. One can also buy mag ribbon which is more convenient than the mini-ingots you are referring to. I know that pyrotechs coat Mg curls and the like with blackpowder paste (apply wet then dry). A coil of coated ribbon and a rocket-igniter would make a neat little daughterboard :-) Just don't take it on an airplane. There are patents on similar, of course. Testing might get expensive unless you can get destructive-test dongles cheaply, and how much effort do you expend trying to read the data? From mv at cdc.gov Fri Apr 23 12:31:31 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 23 Apr 2004 12:31:31 -0700 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push Message-ID: <40896F13.8821F8DC@cdc.gov> At 11:33 PM 4/22/04 +0200, Eugen Leitl wrote: > This will produce a loud bang, obviously. > >Thermite is a good choice to turn your fileserver into lava, but that thing >better be outside, or mounted in chamotte- or asbestos-lined metal closet. >Will produce smoke, and take some time, too. Thanks, I hadn't thought about the sensory impact of various methods. Varying amounts of bang vs. heat vs smoke vs lava. Obviously they affect usage environment. >If your keyring's been securely wiped, rubberhosing the passphrase out of you >to unlock it will give the attacker very little. Assuming the device is >powered on, and easily triggerable, that would be quickest. Yes, particularly if USB flash memory has no persistance. But there is no "clear" button on a USB dongle. "Secure clear" would require a small amount of logic. >Assuming the knuckle-draggers will know a CFS from a corrupted FS or a dead >drive, that is. You know the rules of the game, you have to assume that. From mixmaster at remailer.privacy.at Fri Apr 23 03:34:55 2004 From: mixmaster at remailer.privacy.at (privacy.at Anonymous Remailer) Date: Fri, 23 Apr 2004 12:34:55 +0200 (CEST) Subject: Blind signatures with DSA/ECDSA? Message-ID: <5a30e050aeb41978ec9aae567f0eb181@remailer.privacy.at> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Often people ask about blind DSA signatures. There are many known variants on DSA signatures which allow for blinding, but blinding "plain" DSA signatures is not discussed much. Clearly, blinding DSA signatures is possible, through general purpose two party multi-party computations, such as circuit based protocols. However these would be too inefficient. I believe that the technique of Philip MacKenzie and Michael K. Reiter, Two-Party Generation of DSA Signatures, Crypto 2001, http://www.ece.cmu.edu/~reiter/papers/, can be adapted for blind DSA signatures that would be reasonably efficient. The problem they solved was different in that both parties had a share of the private key, and there was no effort to hide the message hash being signed or the (r,s) signature values. However the same basic idea should work. The scheme uses a homomorphic encryption key held by the first party, Alice, who is the one who will receive the signature. Bob is the signer. The homomorphic encryption system allows Bob to take an encrypted value and multiply it by a constant known to him; and also to add two encrypted values together. (That is, Bob can produce an output cyphertext which holds the result. He does not learn the result.) Suggested cryptosystems with the desired properties include those from Paillier; Naccache and Stern; or Okamoto and Uchiyama. Alice starts with the message hash H, and knows the public key parameters y, g, p and q. Bob knows the private key x such that y = g^x mod p, where q is the order of g. DSA signatures are computed by choosing a random value k mod q and computing r = g^k mod p mod q; z = 1/k mod q; s = x*r*z + H*z mod q; with (r,s) being the signature. For the protocol, Alice and Bob will compute k as multiplicatively shared, with Alice knowing k1 and Bob knowing k2, where k1*k2 = k mod q. We start, then, with Bob (the signer) computing r2 = g^k2 mod p and sending that to Alice. Alice computes r = r2^k1 mod p mod q = g^(k2*k1) mod p mod q = g^k mod p mod q. Alice and Bob also compute z1 = 1/k1 mod q and z2 = 1/k2 mod q respectively; then z = 1/k mod q = z1*z2 mod q. Alice uses the homomorphic encryption and produces a = E(r*z1) and b = E(H*z1). She sends these to Bob along with some ZK proofs that the values are well formed. Bob uses the homomorphic properties to multiply the plaintext of a by x*z2 and the plaintext of b by z2 and to add them, along with a large random multiple of q, q*d, where d is random mod q^5: c = a X (x*z2) + b X z2 + E(d*q). Here X means the operation to multiply the hidden encrypted value by a scalar, and + is the operation to add two encrypted values. Bob sends c back to Alice. Alice decrypts c and takes the result mod q to recover s = r*z1*x*z2 + H*z1*z2 = x*r*z + H*z mod q, the other component of the DSS signature. She can verify that Bob behaved correctly by checking that (r,s) is a valid DSS signature on H. For a quick security analysis, Alice is clearly safe as Bob never sees anything from her but some encrypted values, and his k2 share of k is uncorrelated to k itself. In the other direction, Bob has to be concerned about revealing x. He is given two encrypted values and has to multiply one by x*z2 and the other by z2 and add them. If the encrypted plaintexts are u and v, this produces (u*x + v) * z2. This value is completely uncorrelated with x, mod q, because of the multiplication by z2 which is uniformly distributed. Then adding the large multiple of q should effectively hide the value of x. For strictly provable security it may be necessary for Alice and perhaps even Bob to provide some ZK proofs that they are behaving correctly. The system is reasonably efficient, the main issue being the need to be able to PK encrypt values as large as q^6, which for DSS would be 6*160 or 960 bits. That would require a Paillier key of about 2K bits which is very manageable. The total cost is about 9 modular exponentiations of 2K bit values to 1K bit exponents, plus whatever ZK proofs are necessary. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQFAiKbxHIAd9K7kkjIRAmLEAKCUNcW3fsDysi9Mul9WlFzVMQivWgCgxdHt dq6rlO2tfSoufs9NrhX616Y= =gBz4 -----END PGP SIGNATURE----- From mv at cdc.gov Fri Apr 23 12:45:38 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 23 Apr 2004 12:45:38 -0700 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push Message-ID: <40897262.CC34B130@cdc.gov> t 10:09 AM 4/23/04 -0400, Tyler Durden wrote: >"I wonder how quickly one could incinerate a memory card in the field >with high success rate? Destroy the data and the passphrases don't >help." > >Well, what if there were 3 passwords: > >1) One for Fake data, for amatuers (very few of the MwG will actually be >smart enough to look beyond this...that's why they have guns) >2)One for real data...this is what you're hiding >3) One for plausible real data, BUT when this one's used, it also destroys >the real data as it opens the plausible real data. The first thing cops do is make backups of the harddrives. So you can't destroy the "real data". You would need a tamper-"proof" card (ie trusted security region) to implement this. None of the commercial memory gizmos, from USB dongles to stamp-sized memory cards, do this. None of the smart cards are user programmable and none include secure wipe, AFAIK. Do PDA apps? How do they store data between battery changes? Is it enough to hold a tiny memory card for a minute over a lighter? Merely snapping the card into pieces? Does one need to make a scene with fireworks? (I'm remembering that spammer who tried to eat a small memory card.) From s.schear at comcast.net Fri Apr 23 12:58:28 2004 From: s.schear at comcast.net (Steve Schear) Date: Fri, 23 Apr 2004 12:58:28 -0700 Subject: Smartcard patents Message-ID: <6.0.1.1.0.20040423125809.05695878@mail.comcast.net> http://www.financialcryptography.com/mt/archives/000121.html ------------------------------------------------------------------------ Cryptography Research, the California company that announced the discovery of differential power analysis around late 1997, have picked up a swag of patents covering defences against DPA. One can't read too much into the event itself, as presumably they filed all these a long time ago, way back when, and once filed you just have to stay the distance. It's what companies do, over that side, and if you didn't predict it, you were naive (I didn't, and I was). What is more significant is the changed market place for smart cards. The Europeans dominated this field due to their institutional structure. Big contracts from large telcos and banks lead to lots of support, all things that were lacking in the fragmented market in the US. Yet the Europeans kept their secrets too close to the chest, and now they are paying for the vulnerability. CR managed to discover and publish a lot of the stuff that the Europeans thought they had secretly to themselves. Now CR has patented it. What a spectacular transfer of rights - even if the European labs can prove they invented it first (I've seen some confidential stuff on this from my smart card days) because they kept it secret, they lose it. Secrets don't enjoy any special protection. Security by obscurity loses in more ways than one. What's more, royalties and damages may be due, just like in the Polaroid film case. When both sides had the secret, it didn't matter who invented it, it was who patented it first that won. We will probably see the switch of a lot more smart card work across to CR's labs, and a commensurate rush by the European labs to patent everything they have left. Just a speculative guess, mind. With those patents in hand, CR's future looks bright, although whether this will prove to be drain or a boon to the smart card world remains to be seen. From mv at cdc.gov Fri Apr 23 13:03:12 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 23 Apr 2004 13:03:12 -0700 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push Message-ID: <40897680.C1C7A6BA@cdc.gov> At 08:51 PM 4/23/04 +0200, Thomas Shaddack wrote: >On Fri, 23 Apr 2004, John Kelsey wrote: > >> The obvious problem with multiple levels of passwords and data is: When >> does the guy with the rubber hose stop beating passwords out of you? > >This serves a purpose as well. > >Why would you ever cooperate if you can't expect much from the deal >anyway? Since passphrases are in persons' minds, and minds and wills can be broken, one has to consider the security implications of this. Mil orgs don't assume that prisoners are able to keep secrets under arbitrary duress. Duress layering buys time for your colleages and family in all cases, whether they kill you or not. If they're not killing you, then maybe they'll buy one of the deeper levels of duress layers. If you physically destroy the keys or the data, there is little to gain by torturing you or your family. That is superior to gambling that your deeper duress levels are convincing to the man with the electrodes. An iButton that you could crunch in your teeth to destroy it would be nice... From rah at shipwright.com Fri Apr 23 11:03:13 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 23 Apr 2004 14:03:13 -0400 Subject: Entangled photons secure money transfer Message-ID: Further entanglement of the hype-meter with its peg... Cheers, RAH ------- New Scientist Entangled photons secure money transfer 17:10 22 April 04 NewScientist.com news service An electronic money transaction has been carried out in at a bank in Austria using entangled photons to create an unbreakable communications code. Although commercial quantum cryptography products already exist, none of these use entangled photons to guarantee secure communications. The link was used to transfer money between Vienna City Hall and Bank Austria Creditanstalt on Wednesday. The cryptographic system was developed by Anton Zeilinger and colleagues from the University of Vienna and the Austrian company ARC Seibersdorf Research. Entangled photons obey the strange principles of quantum physics, whereby disturbing the state of one will instantly disturb the other, no matter how much distance there is in between them. The pairs of entangled photons used were generated by firing a laser through a crystal to effectively split single photons into two. One photon from each entangled pair was then sent from the bank to the city hall via optic fibre. Key creation When these photons arrived at their destination, their state of polarisation was observed. This provided both ends of the link with the same data, either a one or a zero. In this way, it is possible to build a cryptographic key with which to secure the full financial transaction. Quantum entanglement ensures the security of communications because any attempt to intercept the photons in transit to determine the key would be immediately obvious to those monitoring the state of the other photons in each pair. And because the resulting key is random it can be used to provide completely secure link even over an unprotected communications channel, provided a new key is used each time. This system can be guaranteed secure. By contrast, most existing non-quantum cryptographic systems rely on extremely time-consuming mathematical problems to create a code that are impractical - but not impossible - to break. "If you are talking about large sums of money, people are interested," Zeilinger told New Scientist. He adds that the system should not be much more expensive to implement than current technology. Sewer link The photon-encrypted money transfer saw the Mayor of Vienna transfer a 3000-Euro donation into an account belonging to the University of Vienna team. The two buildings are just 500 metres away from one another, but fibre optics had to be fed through 1.5 kilometres of sewage system to make the link. Zeilinger says in principle it should be possible to extend this link to 20 kilometres. Beyond this distance it becomes difficult to transmit single photons reliably. In June 2003 the same team at the University of Vienna transmitted entangled photons through free space across the river Danube. The commercial quantum cryptographic devices that exist already, made by companies like ID Quantique and MagiQ, use different principles to create a secure key. They also use weak light pulses instead of individual photons. Because these pulses must be sufficiently weak to guarantee security, more sensitive detectors are required, says Tim Spiller, a quantum communications researcher at Hewlett-Packard's research laboratory in Bristol, UK. He notes that using pairs of entangled photons would make it easier to guarantee absolute secrecy. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From kelsey.j at ix.netcom.com Fri Apr 23 11:26:37 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Fri, 23 Apr 2004 14:26:37 -0400 (GMT-04:00) Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push Message-ID: <26863915.1082744797838.JavaMail.root@beaker.psp.pas.earthlink.net> >From: Tyler Durden >Sent: Apr 23, 2004 10:09 AM >To: cypherpunks at al-qaeda.net >Subject: Re: [IP] One Internet provider's view of FBI's CALEA wiretap push ... >Well, what if there were 3 passwords: >1) One for Fake data, for amatuers (very few of the MwG will actually >be smart enough to look beyond this...that's why they have guns) >2)One for real data...this is what you're hiding >3) One for plausible real data, BUT when this one's used, it also >destroys the real data as it opens the plausible real data. The obvious problem with multiple levels of passwords and data is: When does the guy with the rubber hose stop beating passwords out of you? After he gets one? Yeah, that's plausible, if he's convinced there's only one. But once he's seen a second hidden level, why will he ever believe there's not a third, fourth, etc.? The same calculation applies to a judge or district attorney. He *knows* (even if he's wrong) that there's evidence of kiddie-porn, drug dealing, etc., in there somewhere. He knows you've given up two passwords. Why is he ever going to let you out of jail, or ever going to reduce the charges down to something a normal human might live long enough to serve out the time for? >-TD --John From mv at cdc.gov Fri Apr 23 15:12:08 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 23 Apr 2004 15:12:08 -0700 Subject: Duress, Watermarking, a simple design Message-ID: <408994B8.F2BC3E2D@cdc.gov> Specificiation For A Duress File System. Disguised as a Watermark Annotation Management System Maj. Variola (ret), the OsamaSoft Corporation --------------------------------------------------- Background: To deter torture, physically *destroy* your data. If you can't destroy it, you need a *duress* system. It will at least buy some time. Specs for a duress system: Adversary can't know if there's more data You can reveal multiple passphrases to satisfy the Adversary (incl. false data) The former requires stego, otherwise the Adversary could tell that there's more data. The latter requires that your stego'd info doesn't interfere with other stego'd data. Simple Multiple-Use Implementation: Treat the cover media as a block-sized filesystem. The user must specify (and keep track of) the index of the block to embed the payload. To extract data, only a passphrase (not index) is needed if a checksum accompanies data in each occupied block. Multiple blocks can be embedded using the same passphrase, they are all decoded when that passphrase is supplied. (I don't think its possible to store allocation info *in* the file without giving away the presence of more occupied blocks!) Usage: As a watermarking system, anyone can embed any type of watermark in a "block" so long as block occupations are tracked globally. eBay could stego-watermark images in the upper left quadrant, individuals get to use the upper right. Each could use their own watermarking tools. As a collaborative tool, if the annotations are all plaintext this could be like writing comments on the back of a JPG. With the convenience of keeping them with the image. As a duress file system, the watermarks are secret data. They are compressed, encrypted, then embedded in the given block of the cover media. It would be smart to use boring annotations in some blocks so that its not unusual to use the tool with the cover media. (One should also use layers of increasingly sensitive info to give up gradually, as well as plausible fakes.) From brian-slashdotnews at hyperreal.org Fri Apr 23 09:26:02 2004 From: brian-slashdotnews at hyperreal.org (brian-slashdotnews at hyperreal.org) Date: 23 Apr 2004 16:26:02 -0000 Subject: Postfix 2.1 Released Message-ID: Link: http://slashdot.org/article.pl?sid=04/04/23/1356214 Posted by: michael, on 2004-04-23 15:14:00 Topic: software, 109 comments from the got-mail? dept. [1]MasTRE writes "After an extended period of polishing and testing, [2]Postfix 2.1 is released. Some highlights: complete documentation rewrite (long overdue!), policy delegation to external code, real-time content filtering _before_ mail is accepted (a top 10 most requested feature in previous versions), major revision of the LDAP/MySQL/PGSQL code. Version 2.2 is in thw works, which promises even more features like client rate limiting and integration of the TLS and IPv6 patches into the official tree. There's never been a better time to migrate from [3]Sendmail (just _had_ to get that in there ;)." [4]Click Here References 1. mailto:dukeN.0 at S.P.A.M.mastre.k0m 2. http://www.postfix.org/ 3. http://sendmail.org/ 4. http://ads.osdn.com/?ad_id=2589&alloc_id=6221&site_id=1&request_id=5961291&op =click&page=%2farticle%2epl ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From eugen at leitl.org Fri Apr 23 08:06:44 2004 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 23 Apr 2004 17:06:44 +0200 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: References: Message-ID: <20040423150644.GP1026@leitl.org> On Fri, Apr 23, 2004 at 10:43:14AM -0400, Trei, Peter wrote: > Step zero is to pull the power, > so any shutdown code does not run. Pulling the power is the exact wrong thing to do if it's a CFS requiring a passphrase at startup. Does anyone know what the default procedure is when hardware is being seized (threat model=knuckle-dragger/gumshoe)? I presume people don't yet scan for remote machines on wireless networks, too. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From morlockelloi at yahoo.com Fri Apr 23 17:56:03 2004 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Fri, 23 Apr 2004 17:56:03 -0700 (PDT) Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: <4088DF36.9070405@email-tc3.5sigcmd.army.mil> Message-ID: <20040424005603.50151.qmail@web40602.mail.yahoo.com> > underground railroad would have worked better, but your still black. Obviously you don't know about whitening properties of moder ciphers! Seriously, today the distingushing marks among classes, tribes and castes are far more informational than physical. So today crypto *can* make you white, or better to say discoloured. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? Yahoo! Photos: High-quality 4x6 digital prints for 25" http://photos.yahoo.com/ph/print_splash From eugen at leitl.org Fri Apr 23 09:57:06 2004 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 23 Apr 2004 18:57:06 +0200 Subject: Postfix 2.1 Released (fwd from brian-slashdotnews@hyperreal.org) Message-ID: <20040423165706.GT1026@leitl.org> TLS ----- Forwarded message from brian-slashdotnews at hyperreal.org ----- From shaddack at ns.arachne.cz Fri Apr 23 10:07:03 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 23 Apr 2004 19:07:03 +0200 (CEST) Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: <6.0.1.1.0.20040423092530.05699dc8@mail.comcast.net> References: <6.0.1.1.0.20040423092530.05699dc8@mail.comcast.net> Message-ID: <0404231843040.0@somehost.domainz.com> > Right, there are at least two workable solutions- > > Hard drives with user alterable firmware. I surprised that none of the > major drive manufacturers seems to have thought about offering a version of > their controllers, for substantially more money, that offers this. > > A retrofit device that screws into the side of the hard drive and is set to > inject a corrosive that almost instantly destroys the drive surfaces. The > device can be triggered by any number of intrusion detectors or a > voice-activated system keyed to the operators voice print. Maybe there is also a third solution: a FPGA sitting on the IDE bus between the disk and the controller (optionally as a PCI controller card), realtime-encrypting the data with something suitably strong, eg. AES256, with the key stored in a way that's easy to destroy it - most likely a self-contained tamper-resistant device that forgets the key under a range of conditions: if a wrong access code gets entered n times, if a door sensor detects forced entry, if a kill-switch is pressed, if a machine is moved without the correct movement-authorizing code is entered before, anything that fits the threat model. The key itself can be destroyed pyrotechically (burn, chip, burn), or just let a RAM forget it (where the RAM may be a battery-backed microcontroller system which shuffles the bits through a SRAM periodically in order to avoid problems with retention after power-off; the algorithm then can be chosen in the way that makes it more difficult to eavesdrop on the electromagnetical emissions and power consumption variations - a lot of this problematics is already solved by the secure-smartcards industry). Optionally, backup of the code is possible in many forms, if the desired safety/reliability requires recovery from accidental key erase. The key, being just 256 bits, may be stored in myriads ways, including a m-of-n scheme where the parts are stored in various places or under control of different people. Serial EEPROM chips could be suitable as containers, as they are easy to work with, small, easy to transport and hide; this requires a degree of security-by-obscurity, but the possibility to require m chips (or other containers) (which could be under control of other people, including offshore entities) could alleviate this to certain degree. From mdpopescu at yahoo.com Fri Apr 23 09:31:28 2004 From: mdpopescu at yahoo.com (Marcel Popescu) Date: Fri, 23 Apr 2004 19:31:28 +0300 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push References: Message-ID: <077301c42950$6d671090$726e9cd9@mark> From: "Tyler Durden" > 3) One for plausible real data, BUT when this one's used, it also destroys > the real data as it opens the plausible real data. For Windows, look up Strong Disk Pro, they're quite paranoid - it can be used like this. Mark From shaddack at ns.arachne.cz Fri Apr 23 11:51:09 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 23 Apr 2004 20:51:09 +0200 (CEST) Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: <26863915.1082744797838.JavaMail.root@beaker.psp.pas.earthlink.net> References: <26863915.1082744797838.JavaMail.root@beaker.psp.pas.earthlink.net> Message-ID: <0404232043230.-1252215136@somehost.domainz.com> On Fri, 23 Apr 2004, John Kelsey wrote: > The obvious problem with multiple levels of passwords and data is: When > does the guy with the rubber hose stop beating passwords out of you? > After he gets one? Yeah, that's plausible, if he's convinced there's > only one. But once he's seen a second hidden level, why will he ever > believe there's not a third, fourth, etc.? The same calculation > applies to a judge or district attorney. He *knows* (even if he's > wrong) that there's evidence of kiddie-porn, drug dealing, etc., in > there somewhere. He knows you've given up two passwords. Why is he > ever going to let you out of jail, or ever going to reduce the charges > down to something a normal human might live long enough to serve out > the time for? This serves a purpose as well. Why would you ever cooperate if you can't expect much from the deal anyway? From shaddack at ns.arachne.cz Fri Apr 23 13:07:23 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 23 Apr 2004 22:07:23 +0200 (CEST) Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: <40896C1B.2F91DF66@cdc.gov> References: <40896C1B.2F91DF66@cdc.gov> Message-ID: <0404232129450.-1252214992@somehost.domainz.com> On Fri, 23 Apr 2004, Major Variola (ret) wrote: > >> filesystems (etc) with layers of deniable stego. > >Are there any decent implementations for Linux/BSD/NT? > > I haven't looked recently. One property that such a FS or app should > have is that it is useful for something *else* besides stego & duress > layers. Maybe a watermark :-) management tool that can embed multiple > watermarks that don't interfere. Hmm... a meaty problem... tasty, with > heavy theory sauce.. Regarding filesystems, some time ago I came up with an idea of a filesystem as a block device that has the filesystem handling code in its bootblock area in a bytecode. Mount the fs, it reads the functions into the interpreter's sandbox. Could be useful especially for read-only media that would be using exotic encryption or compression algorithms, and quick portability of them between various OSes; you have to develop only the interpreter and the filesystem API for any OS in question, the rest is on the medium itself. I recently stumbled over an extremely interesting Linux project, "FUSE" - filesystem in userspace. The fuse.o module serves as an interface between the kernel and user space, relaying the filesystem-related calls. It's quite robust approach, as any crash of the external filesystem code is in userspace and is unlikely to take down the machine itself. Wondering if something like that could be written for Windows. Would simplify a lot of things. > >There are magnesium rods on the camping market, sold as firestarters for > >very bad weather. > > One can also buy mag ribbon which is more convenient than the > mini-ingots you are referring to. I know that pyrotechs coat Mg curls > and the like with blackpowder paste (apply wet then dry). A coil of > coated ribbon and a rocket-igniter would make a neat little > daughterboard :-) Just don't take it on an airplane. There are patents > on similar, of course. Somebody mentioned here the trick with KMnO4 and glycerol. I saw this experiment in elementary school, where it was shown as a demonstration that mixing "ordinary" things may give extraordinary results - it was shown to light up a glob of magnesium shavings. A setup with a dongle circuitboard covered with an insulating/protective varnish, a magnesium strip attached over the memory chip (held in place by steel wire thick enough to keep it there even while burning, for long enough to deliver enough heat into the chip, or wrapped around the chip and the board), the strip coated with caked permanganate, and a glass vial with glycerol in the dongle's casing, could be usable for the field use - if you get enough time to drop the dongle and step on it. Electrical ignition of the Mg strip may be useful in the setups when the device is connected to home security system or machine movement sensors. A purely electronic system would have an advantage, though - could be shipped much easier as it won't contain more "dangerous" components than a lithium or silver-oxide cell. Maybe a microcontroller with a SRAM chip, with the data stored as XORs of pairs of cells, and the micro periodically inverting the pairs, to prevent the "remembering" in the SRAM cells after a power-off? (Related question: are there any SRAM chips with smaller capacity, that would have smaller case and smaller number of pins?) > Testing might get expensive unless you can get destructive-test dongles > cheaply, and how much effort do you expend trying to read the data? Or replace the test dongles with test rig with a mechanically similar chip; new serial EEPROMs in SMD casings can be bought for as cheap as USD1/3-1/4, maybe even less. We don't need to completely obliterate the chip; we need to heat it just enough to get the electrons from the floating gates (maybe my terminology is wrong, but if you saw a pic of an EEPROM or FEPROM cell, you are likely to know what I mean), get them over the not-that-high energetical barrier so they can (and will) jump back and forth freely, discharge the memory cells. Then not even the most expensive atomic-level machinery can recover the original content. If the temperature is enough to recrystallize the silicon at the chip surface, it should have a rather wide safety margin. The casings of the SMD chips are fairly thin - under a millimeter between the surface and the chip, so even a relatively small strip should be enough. Tests can be done even with discarded chips, as the remains aren't required (nor supposed) to be functional anyway - they have to be examined by eg. optical microscopy. Electron microscopy would be the best - but that's outside of the reach of a "garage technician"; maybe an university or an industrial lab could be hired or bribed to do the tests, though. From juicy at melontraffickers.com Fri Apr 23 22:15:44 2004 From: juicy at melontraffickers.com (A.Melon) Date: Fri, 23 Apr 2004 22:15:44 -0700 (PDT) Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: <40897680.C1C7A6BA@cdc.gov> Message-ID: Major Variola writes... > If you physically destroy the keys or the data, there is little to gain by > torturing you or your family. That is superior to gambling that your > deeper duress levels are convincing to the man with the electrodes. Are there any publicly available documents that detail interrogation protocols and what brainwave patterns and bloodflow look like during truth telling and lying? Preferably something that gets into how to consciously alter brainwave patterns and bloodflow with this application in mind... A document with a thorough discussion of various depressants on such an interrogation process would also be most interesting. We all know that no lie detector is not perfect, but trying to convince captors that I'm part of a minority of subjects -- those who appear to be lying when they're not -- is not my idea of fun. From bill.stewart at pobox.com Sat Apr 24 10:33:11 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Sat, 24 Apr 2004 10:33:11 -0700 Subject: cop-proof disk drives In-Reply-To: <0404231843040.0@somehost.domainz.com> References: <6.0.1.1.0.20040423092530.05699dc8@mail.comcast.net> <0404231843040.0@somehost.domainz.com> Message-ID: <6.0.3.0.0.20040424101220.04387dc0@pop.idiom.com> That's really overkill. Computers these days have enough horsepower to run file system encryption in the CPU. (If you remember 5-10 years ago, computers in those days had enough horsepower to run disk compression in the CPU, and CPU speed has increased a lot faster than disk throughput since then.) Build the system with an inactivity timeout for /home if you want. Swap space has the advantage that it doesn't need to preserve state across system reboots, so you can run an encrypted swap partition that generates a random key at boot time. If you want to get fancy about rubber-hose prevention and avoid the except-for-terrorism clause in the 5th amendment, you could do something with secret-sharing with your unindicted co-conspirators (oh, wait, they don't bother with indictments these days, do they?) so that all of you need to cooperate in a challenge-response thing to restart some of the services. Or you could hide that little 802.11 widget on the shelf that stores one of the keyfiles you need to access the secure drive. Once UWB's widely available, it'll be better for that (lower power - harder to detect.) Just make sure that your system _is_ restartable after power failures, because those are a much more likely event than cop invasions. From shaddack at ns.arachne.cz Sat Apr 24 05:16:18 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Sat, 24 Apr 2004 14:16:18 +0200 (CEST) Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: References: Message-ID: <0404241413420.-1252214992@somehost.domainz.com> On Fri, 23 Apr 2004, A.Melon wrote: > Are there any publicly available documents that detail interrogation > protocols and what brainwave patterns and bloodflow look like during truth > telling and lying? Preferably something that gets into how to consciously > alter brainwave patterns and bloodflow with this application in mind... There is other possibility how to "beat" interrogation - suitable only for some subsets of situations, when the organization design is prepared for this. Tell them all. Tell them the truth. Make sure in advance that you can afford to do it without telling them what they need/want to know - design the system the way you won't be *able* to know the information that could endanger the "important" parts of your system/organization. From anmetet at freedom.gmsociety.org Sat Apr 24 14:08:57 2004 From: anmetet at freedom.gmsociety.org (An Metet) Date: Sat, 24 Apr 2004 17:08:57 -0400 Subject: Blind signatures with DSA/ECDSA? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here is the blind DSA signature based on MacKenzie and Reiter, http://www.ece.cmu.edu/~reiter/papers/2001/CRYPTO.pdf, in graphical form. Recall that a DSA public key is p, q, g, y; private key x; signature on hash h is: Choose k < q r = g^k mod p mod q s = rx/k + h/k mod q Output (r,s) Here is the blind signature protocol, with Alice, the recipient, on the left and Bob, the signer, on the right: Alice (recipient) Bob (signer) - ------------------------------------------------ Choose k2 < q z2 = 1/k2 mod q Send r2 = g^k2 mod p <--------------------------- Choose k1 < q r = r2^k1 mod p mod q Send a=E(r/k1 mod q) and b = E(h/k1 mod q) and ZKP --------------------------> Check ZKP Choose d < q^5 Send c = a '*' x*z2 '+' b '*' z2 '+' E(d*q) <--------------------------- s = D(c) mod q Output (r,s) Here, E() and D() represent encryption and decryption in a homomorphic encryption system like the Paillier encryption. Only Alice knows the private key, but Bob is able to multiply encrypted values by scalars (indicated by '*' above) and to add encrypted values (indicated by '+' above). ZKP sent by Alice in the 2nd step is a zero knowledge proof that the two encrypted values are known and are < q^3. (Actually the values are less than q but the standard ZKP for this has some slop in it, which is OK for this purpose.) Bob operates on the two homomorphic encryptions of r/k1 and h/k1. He multiplies the first by x/k2 and the second by 1/k2 and adds them to get rx/k + h/k mod q (where k = k1*k2), exactly as required for the signature. Then he adds the large multiple of q to fully hide his secret x value. One interesting thing about this protocol is that it may escape the Chaum blind signature patent, US 4759063, for two reasons. First, the Chaum patent covers three step blinding, while this is a four step process. In the regular Chaum blind signature there is no need for the initial step where the signer sends an initial r2 value. That step is crucial here; k2 must be fresh for every signature or the signer's key is leaked. Second, the Chaum patent describes the signer's operation as performing a public key digital signature operation. This is in fact how the Chaum blind signature works; the signer does do an ordinary RSA signature operation. But in this case, the signer performs a completely different transformation, working with two homomorphically encrypted values in an unusual way. This is not a conventional digital signature operation. Therefore this type of blind signature should escape the patent. Of course the patent expires in a little over a year so it is largely moot now anyway. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQFAirIcHIAd9K7kkjIRAk/nAJ0cIxTYSudiKd0rrXv/T1kUuMHbjQCfSaya NmVhsnuT/jBeqf5eVIx2FaI= =x3ps -----END PGP SIGNATURE----- From shaddack at ns.arachne.cz Sat Apr 24 11:37:05 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Sat, 24 Apr 2004 20:37:05 +0200 (CEST) Subject: cop-proof disk drives In-Reply-To: <6.0.3.0.0.20040424101220.04387dc0@pop.idiom.com> References: <6.0.1.1.0.20040423092530.05699dc8@mail.comcast.net> <0404231843040.0@somehost.domainz.com> <6.0.3.0.0.20040424101220.04387dc0@pop.idiom.com> Message-ID: <0404242014270.0@somehost.domainz.com> On Sat, 24 Apr 2004, Bill Stewart wrote: > That's really overkill. Computers these days have enough > horsepower to run file system encryption in the CPU. That's true, but it's possible to get access to the key in memory. Once the machine is compromised, the keys are leaked. It's true that when the machine is compromised the plaintext data may be leaked, but it's more difficult to inspect and transfer couple gigs of data than just the key and then come and haul away the machine. Or to compromise the encryption software itself. It's much more difficult to do that with a hardware unit (and much more difficult if the case was eg. spot-welded - you still can get inside using power tools, but not without visibly damaging the case). Another advantage of a pure-hardware solution is independence on software, thus no risk of present nor future incompatiBILLities. > If you want to get fancy about rubber-hose prevention > and avoid the except-for-terrorism clause in the 5th amendment, > you could do something with secret-sharing with your > unindicted co-conspirators (oh, wait, they don't bother with > indictments these days, do they?) so that all of you > need to cooperate in a challenge-response thing > to restart some of the services. I'd suggest a m-of-n scheme because of reliability issues. It won't be good to lose all data because one of the co-conspirators died in a car crash. > Or you could hide that little 802.11 widget on the shelf > that stores one of the keyfiles you need to > access the secure drive. Once UWB's widely available, > it'll be better for that (lower power - harder to detect.) A 802.11 standalone data storage unit (I think they're on sale already) hidden under the floor, over the ceiling, or between the drywalls could do the job nicely. > Just make sure that your system _is_ restartable after > power failures, because those are a much more likely event > than cop invasions. Reliability vs security is a big dilemma. Maybe a good approach could be forgetting the key if the machine is moved without telling the processor guarding the key that it should stop watching a movement sensor for a given time interval, or after entering a wrong (or kill-) PIN? A power blackout then won't affect the operation, but switching the equipment off and hauling it away would destroy the keys. Same as an attempt to bruteforce the access code, or opening the machine case by force. From sfurlong at acmenet.net Sun Apr 25 09:14:30 2004 From: sfurlong at acmenet.net (Steve Furlong) Date: 25 Apr 2004 12:14:30 -0400 Subject: Is there a Brands certificate reference implementation? Message-ID: <1082909670.12512.119.camel@daft> Does anyone know of a reference implementation for Stefan Brands's digital certificate scheme? Alternatively, does anyone have an email address for Brands so I can ask him myself? (I haven't gotten anything back from ZKS's "contact us" address. But I don't know if Brands is still at ZKS.) From iang at systemics.com Sun Apr 25 11:47:25 2004 From: iang at systemics.com (Ian Grigg) Date: Sun, 25 Apr 2004 14:47:25 -0400 Subject: No subject Message-ID: Gecko/20040113 Thunderbird/0.4 To: Ivan Krstic Cc: Metzdowd Crypto Subject: Re: Bank transfer via quantum crypto Sender: owner-cryptography at metzdowd.com Ivan Krstic wrote: > I have to agree with Perry on this one: I simply can't see a compelling > reason for the push currently being given to ridiculously overpriced > implementations of what started off as a lab toy, and what offers - in > all seriousness - almost no practical benefits over the proper use of > conventional techniques. You are looking at QC from a scientific perspective. What is happening is not scientific, but business. There are a few background issues that need to be brought into focus. 1) The QC business is concentrated in the finance industry, not national security. Most of the fiber runs are within range. 10 miles not 100. 2) Within the finance industry, the security of links is done majorly by using private lines. Put in a private line, and call it secure because only the operator can listen in to it. 3) This model has broken down somewhat due to the arisal of open market net carriers, open colos, etc. So, even though the mindset of "private telco line is secure" is still prevalent, the access to those lines is much wider than thought. 4) there is eavesdropping going on. This is clear, although it is difficult to find confirmable evidence on it or any stats: "Security forces in the US discovered an illegally installed fiber eavesdropping device in Verizon's optical network. It was placed at a mutual fund company ..shortly before the release of their quarterly numbers" Wolf Report March, 2003 (some PDF that google knows about.) These things are known as vampire taps. Anecdotal evidence suggests that it is widespread, if not exactly rampant. That is, there are dozens or maybe hundreds of people capable of setting up vampire taps. And, this would suggest maybe dozens or hundreds of taps in place. The vampires are not exactly cooperating with hard information, of course. 5) What's in it for them? That part is all too clear. The vampire taps are placed on funds managers to see what they are up to. When the vulnerabilities are revealed over the fibre, the attacker can put in trades that take advantage. In such a case, the profit from each single trade might be in the order of a million (plus or minus a wide range). 6) I have not as yet seen any suggestion that an *active* attack is taking place on the fibres, so far, this is simply a listening attack. The use of the information happens elsewhere, some batch of trades gets initiated over other means. 7) Finally, another thing to bear in mind is that the mutual funds industry is going through what is likely to be the biggest scandal ever. Fines to date are at 1.7bn, and it's only just started. This is bigger than S&L, and LTCM, but as the press does not understand it, they have not presented it as such. The suggested assumption to draw from this is that the mutual funds are *easy* to game, and are being gamed in very many and various fashions. A vampire tap is just one way amongst many that are going on. So, in the presence of quite open use of open lines, and in the presence of quite frequent attacking on mutual funds and the like in order to game their systems (endemic), the question has arisen how to secure the lines. Hence, quantum cryptogtaphy. Cryptographers and engineers will recognise that this is a pure FUD play. But, QC is cool, and only cool sells. The business circumstances are ripe for a big cool play that eases the fears of funds that their info is being collected with impunity. It shows them doing something. Where we are now is the start of a new hype cycle. This is to be expected, as the prior hype cycle(s) have passed. PKI has flopped and is now known in the customer base (finance industry and government) as a disaster. But, these same customers are desparate for solutions, and as always are vulnerable to a sales pitch. QC is a technology who's time has come. Expect it to get bigger and bigger for several years, before companies work it out, and it becomes the same disputed, angry white elephant that PKI is now. If anyone is interested in a business idea, now is the time to start building boxes that do "just like QC but in software at half the price." And wait for the bubble to burst. iang PS: Points 1-7 are correct AFAIK. Conclusions, beyond those points, are just how I see it, IMHO. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From checker at panix.com Sun Apr 25 12:28:49 2004 From: checker at panix.com (Premise Checker) Date: Sun, 25 Apr 2004 15:28:49 -0400 (EDT) Subject: [>Htech] WT: FBI up for private screens Message-ID: WT: FBI up for private screens By Guy Taylor THE WASHINGTON TIMES Published March 26, 2004 _________________________________________________________________ The FBI and the Department of Homeland Security are developing a database that will allow private companies to submit lists of individuals to be screened for a connection to terrorism, the FBI Terrorist Screening Center Director Donna A. Bucella told legislators yesterday. The database "will eventually allow private-sector entities, such as operators of critical infrastructure facilities or organizers of large events, to submit a list of persons associated with those events to the U.S. government to be screened for any nexus to terrorism," Miss Bucella said at a joint hearing of the House Judiciary and Homeland Security subcommittees. The screening center oversees the master database of known and suspected terrorists, which became operational in December. That database, created by the FBI and the Department of Homeland Security, was developed to ensure investigators, screeners and agents work off a unified set of antiterrorist information. In his opening statement for the hearing, Rep. Christopher Cox, California Republican and chairman of the House Select Committee on Homeland Security, said the screening center's support is "particularly important to our nation's first responders, our border protection officials, and the consular officers who adjudicate hundreds of visa applications every day." However, Mr. Cox also raised concerns about the need for the watch list not to violate the privacy of Americans. "To be the right solution, the TSC must not come at the price of the civil rights or First Amendment freedoms of American citizens," he said. Civil liberties groups say federal law-enforcement and intelligence officials are keeping the terror watch lists so secret by that mistakes are inevitable. Mrs. Bucella said a process to address "misidentification issues" is in place. "We recognize that with all of these capabilities also comes the responsibility to ensure that we continue to protect our civil liberties," she said. "Procedures are in place to review and promptly adjust or delete erroneous or outdated domestic terrorism information." After the deadly hijackings of September 11, 2001, the Bush administration attempted to stem confusion caused by the existence of multiple terrorist watch lists by establishing a joint FBI-CIA Terrorist Threat Integration Center (TTIC), consolidating more than a dozen previous lists, including the State Department's TIPOFF database of more than 110,000 known and suspected terrorists. In September, a few days after the two-year anniversary of the hijackings that killed about 3,000 people, officials announced the creation of the TSC to consolidate watch lists and provide round-the-clock operation support for federal screeners across the country and around the world. Mrs. Bucella outlined several successes since the TSC became operational in September, including the establishment of a consolidated 24-hour call center that law-enforcement authorities can call to determine whether an individual in question is a suspected terrorist. After a positive or negative match, "we help coordinate operation support as to how the person should be handled," Mrs. Bucella said. The system has fielded 2,000 calls since its inception. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Buy Ink Cartridges or Refill Kits for your HP, Epson, Canon or Lexmark Printer at MyInks.com. Free s/h on orders $50 or more to the US & Canada. http://www.c1tracking.com/l.asp?cid=5511 http://us.click.yahoo.com/mOAaAA/3exGAA/qnsNAA/PMYolB/TM ---------------------------------------------------------------------~-> -----BEGIN TRANSHUMANTECH SIGNATURE----- Post message: transhumantech at yahoogroups.com Subscribe: transhumantech-subscribe at yahoogroups.com Unsubscribe: transhumantech-unsubscribe at yahoogroups.com List owner: transhumantech-owner at yahoogroups.com List home: http://www.yahoogroups.com/group/transhumantech/ -----END TRANSHUMANTECH SIGNATURE----- Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/transhumantech/ <*> To unsubscribe from this group, send an email to: transhumantech-unsubscribe at yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From checker at panix.com Sun Apr 25 12:33:19 2004 From: checker at panix.com (Premise Checker) Date: Sun, 25 Apr 2004 15:33:19 -0400 (EDT) Subject: [>Htech] The Courier-Mail: China launches web 'big brother' Message-ID: China launches web 'big brother' http://www.thecouriermail.news.com.au/printpage/0,5942,9355931,00.html 4.4.22 From correspondents in Shanghai CHINA has stepped control of the Internet in its largest city Shanghai with the installation of video surveillance equipment and software in public places, state press reported today. The directive from the Shanghai Culture, Radio, Film and TV Administration was designed to prevent the surfing of banned websites and to stop people under 16 from entering Internet bars, the Shanghai Daily said. Authorities have already installed video cameras in every Internet cafe in the city so officials can keep track of youngsters' movements, the newspaper said. The yet-to-be installed software will force users to input personal identification data to log on, while a supervisory centre will monitor surfing and check whether a cafe was illegally operating at night, it said. Foreigners will have to input their passport number. "The software, which cost seven million yuan (850,000 dollars) to develop, can help supervise more than 110,000 computers at the city's 1,325 Internet bars and spot illegal activities immediately," the paper quoted project director Yu Wenchang as saying. The measures are part of a six-month campaign by municipal authorities, which began this month, to crackdown on Internet bars. Fifty-seven net bars have been punished or shut down in the city so far. There are roughly 70 million Internet users in China, putting the world's most populous nation second behind the United States in terms of people online. The Internet explosion is both a blessing and a curse for the Chinese authorities, who want people to be more tech-savvy without absorbing too many foreign ideas or spreading anti-government messages. Internet users are frequently jailed for posting articles critical of the government. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Buy Ink Cartridges or Refill Kits for your HP, Epson, Canon or Lexmark Printer at MyInks.com. Free s/h on orders $50 or more to the US & Canada. http://www.c1tracking.com/l.asp?cid=5511 http://us.click.yahoo.com/mOAaAA/3exGAA/qnsNAA/PMYolB/TM ---------------------------------------------------------------------~-> -----BEGIN TRANSHUMANTECH SIGNATURE----- Post message: transhumantech at yahoogroups.com Subscribe: transhumantech-subscribe at yahoogroups.com Unsubscribe: transhumantech-unsubscribe at yahoogroups.com List owner: transhumantech-owner at yahoogroups.com List home: http://www.yahoogroups.com/group/transhumantech/ -----END TRANSHUMANTECH SIGNATURE----- Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/transhumantech/ <*> To unsubscribe from this group, send an email to: transhumantech-unsubscribe at yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From sfurlong at acmenet.net Sun Apr 25 14:57:08 2004 From: sfurlong at acmenet.net (Steve Furlong) Date: 25 Apr 2004 17:57:08 -0400 Subject: Is there a Brands certificate reference implementation? In-Reply-To: <408C1EB9.9050007@crimbles.demon.co.uk> References: <1082909670.12512.119.camel@daft> <408C1EB9.9050007@crimbles.demon.co.uk> Message-ID: <1082930227.14240.3.camel@daft> On Sun, 2004-04-25 at 16:25, David Crookes wrote: > He started a new company called Credentica. > > http://archives.abditum.com/cypherpunks/C-punks20020603/0053.html Pretty amusing -- that link points to the achive I maintain. There's probably a parable in there about having knowledge at your fingertips but not knowing it's there. Thanks. From rah at shipwright.com Sun Apr 25 15:26:51 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 25 Apr 2004 18:26:51 -0400 Subject: Cracking secrets Message-ID: Cracking secrets A WHOLE book of secrets is what S.C. Coutinho gives in The Mathematics of Ciphers, published by Universities Press (www.orientlongman.com) . "A leisurely journey, with many stops to appreciate the scenery and contemplate sites of historical interest", the author promises to reach the final destination - RSA system of cryptography. Since the work has grown out of lectures to first-year students of computer science, there is no presumption of mathematics knowledge. "Cryptography is the art of disguising a message so that only its legitimate recipient can understand it." That should explain why we don't understand many election speeches. Perhaps the `twin sister' of cryptography could help, cryptoanalysis: `the art of breaking a cipher'. The most widely used public key cryptosystems is RSA, invented in 1978 by Rivest, Shamir and Adleman. Put simply, "every user has a personal pair of primes that must be kept secret" though the product of these primes is made public. What's the big deal, you might ask; factor the product and you would get the two prime numbers, won't you? "However, if the primes have more than 100 digits each, the time and resources required to factor `n' are such that the system becomes very hard to break." This is the trapdoor of RSA - computing product is easy, not factoring. For this, the `exact computation' of computer comes handy. Greeks distinguished between logistics (the science that deals with numbered things, not numbers) and arithmetic (nature of numbers with the mind only). The book is full of stories that would make you like math and computing too. For instance, geometry originated in Egypt where the pharaoh distributed land to people in rectangular plots on which he levied an annual tax. "If the Nile swept away part of the plot, the surveyors had to be called in to calculate how much land had been lost." Because the owner would be eligible for a reduced tax, proportional to the land lost. To find primes from the ocean of numbers, you can use the `sieve of Erathostenes', named after a Greek mathematician born around 284 BC. He was nicknamed `Beta' because his contemporaries believed that he hadn't reached a truly eminent position. When you apply the sieve to a list of positive integers, composite numbers pass through but primes get retained. Good read for the vacation to sharpen your numbers. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From lists at crimbles.demon.co.uk Sun Apr 25 13:25:29 2004 From: lists at crimbles.demon.co.uk (David Crookes) Date: Sun, 25 Apr 2004 21:25:29 +0100 Subject: Is there a Brands certificate reference implementation? In-Reply-To: <1082909670.12512.119.camel@daft> References: <1082909670.12512.119.camel@daft> Message-ID: <408C1EB9.9050007@crimbles.demon.co.uk> Steve Furlong wrote: > Does anyone know of a reference implementation for Stefan Brands's > digital certificate scheme? Alternatively, does anyone have an email > address for Brands so I can ask him myself? (I haven't gotten anything > back from ZKS's "contact us" address. But I don't know if Brands is > still at ZKS.) > > He started a new company called Credentica. http://archives.abditum.com/cypherpunks/C-punks20020603/0053.html http://www.credentica.com/ From rah at shipwright.com Sun Apr 25 20:19:20 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 25 Apr 2004 23:19:20 -0400 Subject: How to WASTE and want not Message-ID: Infoshop News - How to WASTE and want not posted by j1o2n3a4s5 on Sunday April 25 2004 @ 05:14PM PDT WASTE would have to be pretty close to what you'd come up with. WASTE provides a way for you to create secure ad hoc p2p mesh networks with little technical setup and iron clad communications via link level Blowfish encryption and authentication via RSA public key cryptography. It allows secure instant messaging, group chat, file sharing, browsing and transfer. Everything you need to get some substantive work done, not to mention students or corporate techies just needing to communicate without interference. From the software itself, "WASTE is a tool that is designed to permit secure distributed collaboration and communications for small trusted groups of users." And it's back - resurrected like Lazarus in January - even after the assembled might of AOL tried to shut it down. This is how it was: Jonathan Frankel, the coding wunderkind, grunge poster child and "Benevolent Dictator" of Nullsoft, acquired in 1999, was behind its wildly popular free music player WinAMP (because it "really whips the llama's ass"). For an encore, he came up with Gnutella the p2p network of choice for quite some time. AOL ordered him to kill of the project so he came up with something even better. In a flurry of coding as artistic self expression and self-respecting hacker protest, he came up with WASTE. He GPLed it, put it online, sat back - and watched the fur fly. WASTE was an instant hit. Downloaded, dissected and analyzed across the Internet, all reports were favourable. AOL was not, however, amused, claiming it its intellectual property rights were being infringed, shut down the site, chastised Frankel and posted an online page demanding that all code downloaded from the site should be destroyed because of IP violations. Frankel left AOL over the whole issue. You have to respect the guy. But they were too late. WASTE was out in the wild, as well as example clients for windows and limited servers for BSD and OSX. It was only a short amount of time until the project re-emerged, re-implemented on sourceforge. Already a Mac OSX version 1.0 has been ported and has been available for download since September of last year. WASTE 1.4 alpha 3 hit the air April 15th. New documentation was added soon after that and 1.4 is shaping up nicely with new features. Why call it WASTE Yet another nod to coolness. WASTE is taken from Thomas Pynchon's The Crying of Lot 49 where WASTE is a renegade underground postal system operating in plain sight of the status quo undetected. The acronym itself is "We Await Silent Tristero's Empire." Even the horn on a stamp icon used in the application is a nod to the stamps used by WASTE in the Pynchon story. Defiant yells from the underground are all over the program, making you wonder whether software can't be reclassified as the new legitimate form of popular dissent. Even the port WASTE uses for communications is a slap in the face of a growing repressiveness in the corporate monoculture. Port 1337 is hacker do0D speak for "Leet" or elite. An awful lot of subtext for a piece of software. While the project hasn't produced a huge volume of code lately, the authors state "We have been experimenting with technologies to create a more feature rich program instead of releasing betas." Even now, the WASTE clients to date are eminently usable and are providing even non-technical users who understand the basic concepts a way to create secure mesh P2P networks. There's a clear wizard for key creation and a simple interface for connecting and interacting with the other members of your mesh. Version 1.4 promises even more features. If you're worried too much bandwidth might give away file trading activities you can even throttle down the bandwidth to make your traffic indistinguishable from normal encrypted network traffic. Students that have been beaten over the head by the RIAA and university administrators are now creating darknets - encrypted file sharing mesh network between themselves. Because the communications are secure, no one can tell what sort of files they're trading, or even if it is files they're trading even if they are RIAA or DMCA bloodhounds. But that's not where WASTE's true value lies. The real potential is for activist groups, not-for-profits and people who need privacy in a world becoming increasingly more hostile to their activities. Like Zimmerman's PGP before it, WASTE is another example of one of those empowering grassroots tools which provides a direct affirmation of personal freedoms, rights and the sanctity of individual privacy: a simple way for the technically unsophisticated to self-service ad hoc secure networks without a huge IT overhead and expensive hardware or software. Activists can collaborate online in a secure manner in real time without fear of eavesdropping. WASTE is a holy grail for a number of organizations working hard to trying and make things better for everyone. Make security transparent and easy to use, and everyone will be using it. In a modern atmosphere that' is growing increasingly hostile to individual privacy and tending towards the criminalization of legitimate dissent and protest, WASTE has the potential to be the next tool that levels the playing field for individuals and activists alike. Want to get started You can download the latest binaries for Windows and Mac OSX or take a look at the source from sourceforge. A great documentation guide - in case you have trouble with WASTE - is also available from hummus and pita. Source: http://p2pnet.net/story/1295 -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From isn at c4i.org Sun Apr 25 23:32:57 2004 From: isn at c4i.org (InfoSec News) Date: Mon, 26 Apr 2004 01:32:57 -0500 (CDT) Subject: [ISN] Hackers: Under the hood - Peiter Mudge Zatko Message-ID: http://www.zdnet.com.au/insight/security/0,39023764,39116620-6,00.htm Name: Peiter Mudge Zatko Handle(s): Mudge, PeiterZ Marital status: Single Current residence: New England, USA Job: Chief Scientist, Intrusic First computer: Tektronix 4051 Best known for: Creating L0phtCrack Area(s) of expertise: "Thinking outside of the box" It's hard to tell if Peiter Mudge Zatko was born eccentric or whether he's just a stickler for privacy. Take the response to ZDNet Australia's request for his age as an example: "[I'm] not trying to be coy, but my age, race, religion, etcetera, are always items I try not to divulge. The rationale is probably quite different than what most people infer. It is as follows: without irrelevant information such as skin colour and the aforementioned items, people are stripped of data that normally would encourage functional fixation." It seems Zatko's brain has been over-clocking from a very young age. "When I was growing up, around the age of five or so, I couldn't wrap my head around 'life'. "The notion of death being an accepted unknown without any further details drove me bonkers," he told ZDNet Australia. Some may argue that existentialist dilemmas such as these belong to adults, or at the very least in the adolescent domain. But Zatko was introduced to a myriad of advanced concepts at an extremely tender age. "In my crib, as an infant, my father sanded down the edges of early 60s-type computer components ... like the face plates of systems with glowing [amber] numeric 'vacuum tube style' readouts," he recalled. The way Zatko speaks of him suggests that his father was his mentor in life. "I asked my father what he believed in -- what his religious beliefs were. He refused to tell me. Instead, he started taking me to churches of different denominations each Sunday and would ask me what my interpretations were. "Several years later I came up with my own 'codified' religious beliefs," Zatko said. And he's fanatical about getting the job done. "Anything that I do, I must engross myself in totally," he said. To Zatko, there's no distinction between work and personal life, and readily admits that his life knows no balance. "There's also no difference between business and personal relationships. When I decided to get into Golden Gloves Boxing and Muay Thai [boxing] it was to master them. When I deal with computers it is to entirely comprehend the socio-psychological interactions and weaknesses they introduce," he revealed. His parents, while educated, came from fairly blue-collar backgrounds. He said his mother "experienced the depression" while his father grew up working on a farm. As a child, Zatko was given musical training, and was taught science and mathematics while maintaining a "respect for manual labour and living off the land". He still holds dear to his heart the values his parents instilled in him while growing up. "I was intentionally given freedom and a feeling of independence at a young age. In looking back the rationale was obvious: learn decision making and life choices while you are still able to be protected paternally," he explained. "I watched people self destruct at the tail-end of high school and in college -- where it was obvious that that was their first taste of freedom." In 2000, Zatko was invited to participate in a security summit chaired by former US President Bill Clinton. "I was afforded the rare opportunity to hang out with him afterwards and engage in some private conversations," he said. "I have tons of stories but they're too long." As one of the founding members of grey hat outfit L0pht Heavy Industries -- which later became the foundation for security firm @Stake -- he was responsible for the creation of L0phtCrack, a product still sold by @Stake. L0pht Crack is a simple product and a remarkably affective password cracker for Windows-based systems. Zatko insists he wrote it to prove a point and not for commercial reasons. "When I first created and wrote it, one of the goals was to show that the Microsoft systems being deployed could not embody 'secure' encrypted passwords ... not that there were some passwords that were stronger than others. "This didn't mean that people should not use Microsoft technology but rather they should understand where their security perimeters needed to be in order to take advantage of the [Microsoft] platform without exposing undue risk to infrastructures," he said. "Is something like L0phtCrack still useful? Yes. Is this an example of people misinterpreting what a tool is showing them and potentially having a false sense of security because of it? Unfortunately, the answer is again yes," he added. Zatko believes that example -- the misuse of a tool like L0phtCrack -- applies to many security products. He has some advice to help improve the situation, though: "Share, be open, communicate, ask questions to all, share the answers that help you with [everyone], do not think in black and white, do not hurt others or yourself. Improve the world, not your own self image -- the former is possible, and the latter is not accomplished without being a part of the former." -- Patrick Gray _________________________________________ ISN mailing list Sponsored by: OSVDB.org --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From anmetet at freedom.gmsociety.org Mon Apr 26 02:47:05 2004 From: anmetet at freedom.gmsociety.org (An Metet) Date: Mon, 26 Apr 2004 05:47:05 -0400 Subject: Is there a Brands certificate reference implementation? Message-ID: Steve Furlong writes: > Does anyone know of a reference implementation for Stefan Brands's > digital certificate scheme? Alternatively, does anyone have an email > address for Brands so I can ask him myself? (I haven't gotten anything > back from ZKS's "contact us" address. But I don't know if Brands is > still at ZKS.) I will give you some pointers, but in exchange, Steve Furlong, you are commanded to fix your cypherpunks archive at http://archives.abditum.com/cypherpunks/index.html. Despite your comments on the web page as of February 13, none of the year 2004 links work. You were already pointed to www.credentica.com, but it's not a very informative page, is it? Just a logo and a mailto. Well, there is at least some "hidden" content, at http://www.credentica.com/technology/technology.html. This has a paper on Brands' technology and some information on his book. In late 2002 I saw email from Brands with two return addresses, brands at credentica.com and sbrands at videotron.ca. As for implementations, there was library called NCash created by Swedish student Niels MC6ller, described briefly at http://www.lysator.liu.se/~nisse/hacks.html: "For my master of science thesis, I implemented an offline digital cash system invented by Stefan Brands. I haven't done anything about it since I got my MSc degree, but the information about it is still available." Well, the information isn't available, not there, anyway. But if you hunt around, you can find an announcement about NCash at http://www.privacy.nb.ca/cryptography/archives/coderpunks/new/1998-02/0008.html and the source code plus a technical paper are at http://munitions.vipul.net/dolphin.cgi?action=render&category=09. The good news is that the source code is available; the bad news is that it is written in Pike. No, I'd never heard of it, either. Apparently it is some Swedish language that was all the rage back in 1997. However it seems to be a pretty straightforward language, kind of Pythonish with a C like syntax, so it might be feasible to port it to something more modern, probably Python. Or you could get the latest Pike interpreter and see how well they've maintained backwards compatibility all these years. According to the announcement, you'll also need the Pike crypto library, but my guess is that it's been incorporated into the Pike package by this time. I'm sure you're aware that Brands credentials are patented up the wazoo. Like Chaum, Brands prefers to publish his work in the pages of the U.S. Patent Office. That's why they're both so rich. From rah at shipwright.com Mon Apr 26 04:46:30 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 26 Apr 2004 07:46:30 -0400 Subject: [ISN] Hackers: Under the hood - Peiter Mudge Zatko Message-ID: --- begin forwarded text From rah at shipwright.com Mon Apr 26 07:21:43 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 26 Apr 2004 10:21:43 -0400 Subject: The Oppenheimer Riddle: New evidence of Communist membership debated by scholars of Berkeley scientist Message-ID: Gee. I'm crushed. Alger Hiss *was* a Spy. The Rosenbergs *were* spies. Oppenheimer *was* a Communist. Gosh. Who'da thunk it? ;-) Cheers, RAH --------- THE OPPENHEIMER RIDDLE New evidence of Communist membership debated by scholars of Berkeley scientist Charles Burress, Chronicle Staff Writer Friday, April 23, 2004 A UC professor says he's solved one of the darkest mysteries in U.S. history: Was J. Robert Oppenheimer, the brilliant Berkeley scientist known as "the father of the atomic bomb," a secret member of the Communist Party? Recently uncovered documents show that Oppenheimer belonged to a hidden Communist Party cell of professionals in Berkeley, according to UC Merced history Professor Gregg Herken. Charges of Communist associations led to Oppenheimer's downfall during the McCarthyist hysteria of the early 1950s, and he became, in the words of the Encyclopedia Britannica, "the victim of a witch hunt." In 1954, he was stripped of his security clearance and his position as a high-level U.S. government adviser. Many colleagues leapt to his defense, saying he was ostracized because of his post-World War II advocacy of arms control and opposition to the hydrogen bomb. Historians ever since have clashed over Oppenheimer's puzzling links to the party. Herken's findings will face public scrutiny today when a critical mass of Oppenheimer scholars convenes at UC Berkeley. The campus is celebrating the centennial of Oppenheimer's birth with special exhibits and a two-day conference today and Saturday. "The evidence is pretty compelling," Herken said of two unpublished memoirs that recently came to light -- one by a Berkeley professor and one by the wife of a close associate of Oppenheimer's. The two documents offer details about a small group of professionals that met regularly, sometimes at Oppenheimer's home, in the far-left milieu of 1930s Berkeley. One manuscript calls it "a secret unit of the Communist Party" with six to eight members. The other says that the three UC faculty members of the group, including Oppenheimer, all saw themselves as Communist and produced a Communist newsletter. "Oppenheimer had always denied membership in the Communist Party," said Herken, who was a senior historian at the Smithsonian Institution before joining the new Merced faculty. "Now, it's pretty clear he wasn't telling the truth." Still, Herken stressed that he didn't believe that Oppenheimer, who guided the birth of the atomic bomb in the top-secret Manhattan Project, had betrayed his government. "While he was a Communist, he was also a patriot," said Herken, adding that he rejects FBI Director J. Edgar Hoover's argument "that communism was synonymous with treason." Even with the new evidence, historians dispute Oppenheimer's relationship to the Communist Party. "We disagree with Herken," said Tufts University history Professor Martin Sherwin, co-author with historian Kai Bird of an upcoming Oppenheimer biography. It's true that Oppenheimer, who died in 1967, belonged to a loose-knit group of like-minded professionals who shared some Communist views and had links to Communist Party members, but not all members of such groups were party members, Sherwin said. Yale historian Daniel Kevles, who delivered a preconference lecture Thursday at Cal, said in an e-mail that he believed, "based on the available evidence, that Oppenheimer didn't think of it (the Berkeley group) as a secret unit of the CP and that he didn't think his participation in it constituted membership in the CP." But Stanford historian Barton Bernstein, another Oppenheimer expert who will join Herken, Sherwin and Bird to dissect the issue on a panel this afternoon, leans toward Herken's view. "On a jury, one could find the evidence not meeting a reasonable doubt," Bernstein said, "but in the court of historical opinion, it seems to me far more likely than not from the amalgam of evidence that Oppenheimer was a member, at least covert, for a few years." An unpublished manuscript by the late Professor Gordon Griffiths, who was a UC Berkeley grad student at the time, said Griffiths had been the Communist liaison to the group, bringing party literature to the twice-a-month meetings and collecting dues. "Nobody carried a party card," he wrote, but "all three (UC professors in the group) considered themselves to be Communists." He said he had not collected dues from Oppenheimer, having been "given to understand that Oppenheimer ... made his contribution through some special channel." "The most important activity of the faculty group," said Griffiths, who died in 2001, "was the publication of an occasional 'Report to Our Colleagues' " signed by unnamed Communist members of the faculty and "no doubt paid for by 'Oppie' (Oppenheimer)." "The time has come to set the record straight," Griffiths wrote in the manuscript, which Herken learned about in January after Griffiths' family turned it over to the Library of Congress. Griffiths stressed, however, that the key question was not whether Oppenheimer was a Communist "but whether such membership should, in itself, constitute an impediment to his service in a position of trust." In the other manuscript, the late Barbara Chevalier, wife of Oppenheimer friend Haakon Chevalier, wrote of the group, saying her husband and Oppenheimer "joined a secret unit of the Communist Party. There must have been only six or eight members." The new evidence buttresses Haakon Chevalier's description of the group included in Herken's 2002 book, "Brotherhood of the Bomb," about Oppenheimer and fellow A-bomb scientists Ernest Lawrence and Edward Teller. "Oppenheimer would later characterize the group as an innocent and rather naive political coffee klatch," Herken wrote in his book, which cites Haakon Chevalier's characterization of the assemblage as "a 'closed unit' of the Communist Party." But Haakon Chevalier, before he died, gave a more ambiguous answer when Sherwin asked him whether he and Oppenheimer had been Communist Party members. "We both were and were not, anyway you want to look at it," Chevalier replied, according to Sherwin. Oppenheimer's grandson, Charles Oppenheimer of Reno, said he preferred to focus on what had happened to his grandfather in the 1950s rather than the Communist issue. During the Red Scare, Sen. Joe McCarthy, R-Wis., announced that he had lists of suspected Communists, including Oppenheimer. The House Un-American Activities Committee investigated suspected Communists and blacklisted those who refused to cooperate. "Whether he was a member or not, it's not against the law to be a Communist," the grandson said at a preconference reception Thursday night. "I think it's insulting what happened in the '50s. I wish people would concentrate on that. He served his country in every way possible." Herken rejects the claim that Oppenheimer was a spy and Soviet agent, a charge levied in "Sacred Secrets," a 2002 book by the journalist-historian team of Jerrold and Leona Schecter that, according to Bernstein and Sherwin, is not highly regarded by most Oppenheimer scholars. "In a way, it's really like 'Rashomon,' " said Bird, referring to the famous Akira Kurosawa film on the elusiveness of truth based on conflicting accounts. Information about the conference and other Oppenheimer Centennial events at Berkeley can be found on the Web at http://ohst.berkeley.edu/oppenheimer/. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Mon Apr 26 07:44:10 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 26 Apr 2004 10:44:10 -0400 Subject: Mask secures personal displays Message-ID: Sounds like something out of a Gibson novel... Cheers, RAH ------- optics.org - News - Mask secures personal displays 26 April 2004 A mask that decodes encrypted pixels ensures that sensitive information can be viewed securely. When you view secure information on a screen, there is always the risk that someone is peering over your shoulder and taking notes. To remove this worry, scientists in Japan have been experimenting with a technique known as visual cryptography. The team believes this approach could ensure the security of information displayed on PDAs, computer screens or bank terminals. (Optics Express 12 1258) Secure display In a visual cryptography system, the image containing the sensitive information is encrypted and appears as a random pattern. The only way to view the information is to place a decoding mask over the encrypted image. Hirotsugu Yamamoto and colleagues from the University of Tokushima have developed a decoding mask that has two functions: to decrypt the display and limit the viewing zone of the decrypted image. Key to the technique is an algorithm that generates the pixels in both the encrypted image and the mask. The team's paper describes its algorithm to encrypt images containing 8 colours. To test their algorithm, the researchers printed the mask out on an overhead transparency and placed it in front of an LCD showing an encrypted image. Secret images were only perceived when the viewer stood in front of the LCD. "The viewing zone covers about 10 cm to the right and 10 cm to the left of the center at the designated viewing distance of 1.5 m," Yamamoto explained. Improving both the security of the decoding mask and the image quality are now Yamamoto's priorities. "In the next version, I'm making the mask pattern on a plastic plate," he told OLE. "The mask pattern has some layers and prevents someone from copying it. The number of encrypted colours has also been increased to 216 and 343." The team is also working on a decoding goggle similar to the glasses that cinema audiences have to wear to see movies in 3D. Yamamoto is also optimistic that this technique will find commercial applications. "Display of secret information on PDA and computer screens are practical applications," he explained. "Other business applications include: securing the screen of a terminal at a bank; an operator screen that shows personal information; and a touch panel screen of a safe." This work was funded by the Japanese Ministry of Education, Culture, Sports, Science and Technology; the Mazda Foundation; and the Secom Science and Technology Foundation. Author Jacqueline Hewett is technology editor on Optics.org and Opto & Laser Europe magazine. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From sunder at sunder.net Mon Apr 26 08:18:52 2004 From: sunder at sunder.net (sunder) Date: Mon, 26 Apr 2004 11:18:52 -0400 Subject: BBC on all-electronic Indian elections In-Reply-To: <20040420153819.GG29689@acm.jhu.edu> References: <40854187.9060602@exmosis.net> <20040420153819.GG29689@acm.jhu.edu> Message-ID: <408D285C.7060302@sunder.net> Jack Lloyd wrote: > Still, I liked this quote: '"I came to vote because wasting one's ballot in a > democracy is a sin," he told the BBC.' Not too common a view in the US these > days, it seems like. What do you expect when the previous choice we've had was between Al "I Invented the Innnernet" Gore, and George "Nucular" Dubbya? From lloyd at randombit.net Mon Apr 26 08:34:39 2004 From: lloyd at randombit.net (Jack Lloyd) Date: Mon, 26 Apr 2004 11:34:39 -0400 Subject: BBC on all-electronic Indian elections In-Reply-To: <408D285C.7060302@sunder.net> References: <40854187.9060602@exmosis.net> <20040420153819.GG29689@acm.jhu.edu> <408D285C.7060302@sunder.net> Message-ID: <20040426153439.GA32694@acm.jhu.edu> On Mon, Apr 26, 2004 at 11:18:52AM -0400, sunder wrote: > Jack Lloyd wrote: > > >Still, I liked this quote: '"I came to vote because wasting one's ballot > >in a > >democracy is a sin," he told the BBC.' Not too common a view in the US > >these > >days, it seems like. > > What do you expect when the previous choice we've had was between Al "I > Invented the Innnernet" Gore, and George "Nucular" Dubbya? AFAIK most local/state elections have even lower turnout than the recent ones for the prez. Anyway, you could always have voted for Nader/Brown/Tim May/etc. Hmmm... that's a thought. Tim May as president. Election slogan: "You're *all* going up the chimneys." From dgerow at afflictions.org Mon Apr 26 09:00:27 2004 From: dgerow at afflictions.org (Damian Gerow) Date: Mon, 26 Apr 2004 12:00:27 -0400 Subject: BBC on all-electronic Indian elections In-Reply-To: <408D285C.7060302@sunder.net> References: <40854187.9060602@exmosis.net> <20040420153819.GG29689@acm.jhu.edu> <408D285C.7060302@sunder.net> Message-ID: <20040426160027.GA77143@afflictions.org> Thus spake sunder (sunder at sunder.net) [26/04/04 11:31]: : What do you expect when the previous choice we've had was between Al "I : Invented the Innnernet" Gore, and George "Nucular" Dubbya? Actually, Mr. Gore didn't once claim to invent the Internet. Through various mis-wordings and lax fact-checkings, the Mass Media came to represent what he said through that phrase. What he /actually/ claimed (and what he /actually/ did) was recognize its importance, and then push for funding, in the 1980's. So he didn't 'invent' the Internet, he helped provide the funding for its inventors. From sunder at sunder.net Mon Apr 26 09:58:46 2004 From: sunder at sunder.net (sunder) Date: Mon, 26 Apr 2004 12:58:46 -0400 Subject: BBC on all-electronic Indian elections In-Reply-To: <20040426160027.GA77143@afflictions.org> References: <40854187.9060602@exmosis.net> <20040420153819.GG29689@acm.jhu.edu> <408D285C.7060302@sunder.net> <20040426160027.GA77143@afflictions.org> Message-ID: <408D3FC6.8010704@sunder.net> Damian Gerow wrote: > Actually, Mr. Gore didn't once claim to invent the Internet. Through > various mis-wordings and lax fact-checkings, the Mass Media came to > represent what he said through that phrase. > > What he /actually/ claimed (and what he /actually/ did) was recognize its > importance, and then push for funding, in the 1980's. So he didn't 'invent' > the Internet, he helped provide the funding for its inventors. > Yeah so what? I still wouldn't want to vote for him (except as a vote against Shrubbya) Al's prise pig of a wife, Tipper, helped found the PMRC against lyrics in songs. See Megadeth's Hook in Mouth for details on this censorious organization: http://www.songlyrics4u.com/megadeth/hook-in-mouth.html and http://www.geocities.com/fireace_00/pmrc.html for details about the PMRC. From dgerow at afflictions.org Mon Apr 26 10:14:47 2004 From: dgerow at afflictions.org (Damian Gerow) Date: Mon, 26 Apr 2004 13:14:47 -0400 Subject: Fact checking In-Reply-To: <408D3FC6.8010704@sunder.net> References: <40854187.9060602@exmosis.net> <20040420153819.GG29689@acm.jhu.edu> <408D285C.7060302@sunder.net> <20040426160027.GA77143@afflictions.org> <408D3FC6.8010704@sunder.net> Message-ID: <20040426171446.GB77143@afflictions.org> Thus spake sunder (sunder at sunder.net) [26/04/04 13:10]: : >Actually, Mr. Gore didn't once claim to invent the Internet. Through : >various mis-wordings and lax fact-checkings, the Mass Media came to : >represent what he said through that phrase. : > : >What he /actually/ claimed (and what he /actually/ did) was recognize its : >importance, and then push for funding, in the 1980's. So he didn't : >'invent' : >the Internet, he helped provide the funding for its inventors. : > : : Yeah so what? I still wouldn't want to vote for him (except as a vote : against Shrubbya) So what? Please get your facts straight -- you may have good reasons for not voting for him, just make sure they're valid before spewing them off. Who you vote for is up to you. I'm not telling you to vote for him, I'm just correcting a pretty large non-truth propogated by American media. : Al's prise pig of a wife, Tipper, helped found the PMRC : against lyrics in songs. See Megadeth's Hook in Mouth for details on this : censorious organization: : http://www.songlyrics4u.com/megadeth/hook-in-mouth.html : and http://www.geocities.com/fireace_00/pmrc.html for details about the : PMRC. Hey, I'm no fan of Tipper either. And I'm not saying that Al Gore was a /good/ choice. But in retrospect, he probably would have been a lesser evil than the current president. From sunder at sunder.net Mon Apr 26 10:30:07 2004 From: sunder at sunder.net (sunder) Date: Mon, 26 Apr 2004 13:30:07 -0400 Subject: Fact checking In-Reply-To: <20040426171446.GB77143@afflictions.org> References: <40854187.9060602@exmosis.net> <20040420153819.GG29689@acm.jhu.edu> <408D285C.7060302@sunder.net> <20040426160027.GA77143@afflictions.org> <408D3FC6.8010704@sunder.net> <20040426171446.GB77143@afflictions.org> Message-ID: <408D471F.7070407@sunder.net> Damian Gerow wrote: > Hey, I'm no fan of Tipper either. And I'm not saying that Al Gore was a > /good/ choice. But in retrospect, he probably would have been a lesser evil > than the current president. THAT, ultimately is the meta-point. You shouldn't have to vote for the lesser evil, but when your choice is so vastly limited, why even bother voting? After the events involving Vince Foster, Lon "It was self defense, she threatened me with her baby" Hioruchi(sp?), Janet Reno, and Monicagate, Dubbya Jr. seemed the lesser of two evils. Until 9.11.2001. At that point, Gore clearly became the lesser of two evils, but by that time, it was far too late to see it. How much of the public knew about the connections to Haliburton before election day? How much of the public knew about the Project for a New American Century? How much of the public knew about USA PATRIOT ACT and it's sequel? What's missing is some sort of vote out of office mechanism, a big great "Undo" vote as it were. There are no guarantees that if you vote for Scumbag #1 that s/he'll be less of a scumbag that Scumbag #2. When more than half the country doesn't want to do something, it shouldn't be done just because congress and POTUS decides it's in their pocketbook's interest, but where's the mechanism to stop it? Where's the recall vote? Where's the oversight committee that says "When you ran for office you promised X,Y,Z and you're half in your term and haven't delivered." Where's the "I want X% of my dollars to go to this issue, and 0% to go to that one" option? Elections where you only chose between evil #1 and evil #2, are an ironic joke, and the ones laughing their way to the bank aren't those with your interests in mind. From camera_lumina at hotmail.com Mon Apr 26 10:33:24 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 26 Apr 2004 13:33:24 -0400 Subject: BBC on all-electronic Indian elections Message-ID: "Hmmm... that's a thought. Tim May as president. Election slogan: "You're *all* going up the chimneys."" Wasn't there something close a few years ago? I remember a write-in campaign to get "Unabomber" Ted Kascinsky elected as President. -TD >From: Jack Lloyd >To: sunder >CC: cypherpunks at al-qaeda.net >Subject: Re: BBC on all-electronic Indian elections >Date: Mon, 26 Apr 2004 11:34:39 -0400 > >On Mon, Apr 26, 2004 at 11:18:52AM -0400, sunder wrote: > > Jack Lloyd wrote: > > > > >Still, I liked this quote: '"I came to vote because wasting one's >ballot > > >in a > > >democracy is a sin," he told the BBC.' Not too common a view in the US > > >these > > >days, it seems like. > > > > What do you expect when the previous choice we've had was between Al "I > > Invented the Innnernet" Gore, and George "Nucular" Dubbya? > >AFAIK most local/state elections have even lower turnout than the recent >ones >for the prez. Anyway, you could always have voted for Nader/Brown/Tim >May/etc. > >Hmmm... that's a thought. Tim May as president. Election slogan: "You're >*all* >going up the chimneys." > _________________________________________________________________ MSN Toolbar provides one-click access to Hotmail from any Web page  FREE download! http://toolbar.msn.com/go/onm00200413ave/direct/01/ From dgerow at afflictions.org Mon Apr 26 10:44:38 2004 From: dgerow at afflictions.org (Damian Gerow) Date: Mon, 26 Apr 2004 13:44:38 -0400 Subject: Fact checking In-Reply-To: <408D471F.7070407@sunder.net> References: <40854187.9060602@exmosis.net> <20040420153819.GG29689@acm.jhu.edu> <408D285C.7060302@sunder.net> <20040426160027.GA77143@afflictions.org> <408D3FC6.8010704@sunder.net> <20040426171446.GB77143@afflictions.org> <408D471F.7070407@sunder.net> Message-ID: <20040426174438.GC77143@afflictions.org> Thus spake sunder (sunder at sunder.net) [26/04/04 13:38]: : >Hey, I'm no fan of Tipper either. And I'm not saying that Al Gore was a : >/good/ choice. But in retrospect, he probably would have been a lesser : >evil : >than the current president. : : THAT, ultimately is the meta-point. You shouldn't have to vote for the : lesser evil, but when your choice is so vastly limited, why even bother : voting? Okay, you've completely missed my point. I'll repeat it one last time, then I shall contribute no more to this inane diatribe: I don't give a flying fuck who you vote for, who the options are, what you think of them, or even if they're convicted drunk drivers hell-bent on converting the world to their belief system (...). I was pointing out that your one presented argument (in the e-mail I read) was completely not true. Al Gore did *not* claim to invent the Internet, and to use that false argument as a reason to dislike him is to be either purposefully dishonest, or honestly misled. I was simply correcting your facts, and suggesting you check them out before you believe everything you see/read in mass media. The rest of your arguments are simply your opinions, and all I have to say is: what little you knew of Bush and Gore /before/ the elections has no bearing on the amount of information available about them. Their histories (criminal, educational, political, and family) were all very publicly available. Just because you (and, dare I say, a vast majority of the American public) didn't want to do your research on your candidates, does not mean that the facts weren't there. You're also sadly, sadly mistaken in saying that there's only two options. I guess it shows that you didn't vote. - Damian From pcapelli at ieee.org Mon Apr 26 10:54:48 2004 From: pcapelli at ieee.org (Pete Capelli) Date: Mon, 26 Apr 2004 13:54:48 -0400 Subject: Fact checking References: <40854187.9060602@exmosis.net> <20040420153819.GG29689@acm.jhu.edu> <408D285C.7060302@sunder.net> <20040426160027.GA77143@afflictions.org> <408D3FC6.8010704@sunder.net> <20040426171446.GB77143@afflictions.org> Message-ID: <009e01c42bb7$94fe4d80$110f4b18@firedancer> Damian Gerow wrote: > Who you vote for is up to you. I'm not telling you to vote for him, I'm > just correcting a pretty large non-truth propogated by American media. B*llshit. From a transcript of an interview of Al Gore by Wolf Blitzer: http://www.cnn.com/ALLPOLITICS/stories/1999/03/09/president.2000/transcript.gore/ " During my service in the United States Congress, I took the initiative in creating the Internet." > Hey, I'm no fan of Tipper either. And I'm not saying that Al Gore was a > /good/ choice. But in retrospect, he probably would have been a lesser evil > than the current president. Mindlessly voting for anyone but bush is just as ignorant as voting midlessly for him. From sunder at sunder.net Mon Apr 26 11:41:13 2004 From: sunder at sunder.net (sunder) Date: Mon, 26 Apr 2004 14:41:13 -0400 Subject: What Should Freedom Lovers Do? In-Reply-To: <39861fe75d4c97712eb66fc78382a148@anonymous> References: <39861fe75d4c97712eb66fc78382a148@anonymous> Message-ID: <408D57C9.8020609@sunder.net> An Metet wrote: > In my devotion to freedom, I apparently go beyond the point where most > cypherpunks are comfortable, in that I support private initiatives and > technologies of all sorts and oppose government regulation of them. > I am a supporter and admirer of Microsoft, which has achieved tremendous > market success without relying on government support, indeed in the > face of steadfast government opposition. I oppose government antitrust > efforts in general, and specifically those directed against Microsoft. I agree with everything you've said in your post, including >PRIVATE< DRM measures, but, I disagree that Microsoft should be admired. I've seen far too much evil emminated from Redmond: * from outright theft of smaller companies' IP (i.e. Stacker), * dumping ("We'll help you migrate from Netware to NT 3.51 for free"), * FUD (GNU is communism and Anti-American), * evil contracts (if you sell blank machines without Windows, you have to pay $X more for our software) * stealth funding of SCO's lawsuit against IBM and linux end users, * to lots of needless security holes - some even by design, (i.e. security is a checkbox as a marketing feature, or an afterthought: i.e. this chant: "Active X! Active X! Format Hard drive? Just say 'YES!'") For the final one, I used to work at Earthweb, which ran Gamelan (pronounced gah-meh-lohn, not game LAN), a Java repository. At one point, EW decided to start an Active X repository. Some guy wrote an Active X browser component that shut off your machine if you clicked yes. The component did exactly what it said it did, but it was a good example that it could have done something else. Hence the "Active X! Active X! Format Hard Drive? Just say YES!" chant. Let me tell you, Microsoft tried very, very hard to get us to remove that bit of code from the repository. We didn't, because it did exactly what it claimed to do. More financial damage has been done to the planet by Microsoft than good. Far too many sysadmin/developer hours were lost because of Microsoft. You can certainly count the hours in lost human lives... Hell, just add up the cost of each virus/trojan/worm outbreak which targets Outlook, Office, and Internet Exploiter. Now don't get me wrong. I'm not some knee-jerk Linux Good, Windows bad clueless geek wannabee. I started out as a Novell Netware sysadmin. (Well, I started out as a coder, but fell into sysadming over time.) When NT starting taking over, I picked it up and thought it was cool. It's design was certainly revolutionary, and the NTFS was one of the best designed file systems I've seen, even to this day. NT's borrow a driver from the server printing was beautiful. User management via domains? Sweet! Ok, not too much better than NIS, but hey, very nice. Active Directory? Much, much mo'e better. DHCP? Great wonderful idea. Gateway for Netware Services and Migration from Netware? A bit scummy, but hey it's free with the server, might as well use it*. File and Printer sharing for Macintosh? Cool! - well, except for that one bug with the dancing icons back a few years ago... (* Gateway Service for Netware allowed a scummy sysadmin to bypass the license limitation of Netware servers. A single "user" from the NT server would login to the Netware server and proxy hundreds if not thousands of user requests. You suffered in performance, but one of it's uses was to bypass licensing. If you read NT's license it says something along the lines that you can't use another proxy this way against an NT server.) Registry? Hey, wonderful idea. No, really. Storing all your machine's settings in a single place and having a single editor (ok two of them) to control them was beautiful. Just make sure you (can and do) back it up. No, I'm not being sarcastic, if you know how the registry works, how to back it up, how to restore it, and how to repair it, it's a great thing - much better than lots of .ini, .rc or .conf files everyfuckingwherethankyouverymuch. Ok, in unixen everything lives in /etc. But which /etc? /etc? /usr/local/etc? /usr/local/samba/etc? and the dot files in home directories? ouch! (A regular thing that I do is to backup all of /etc /usr/local/etc just to make sure I can restore them. With Windows, you just run rdisk /s- and copy %SYSTEMROOT%\system32\repair.) At the last job, we had a dead Exchange 5.5 on NT 4.0 server. Its hardware died. I worked for a shitty little dot com. The guy admining it couldn't restore it. We didn't have another motherboard that mached the drivers on that box, so we couldn't just move the hard drive over. Know what I did? I merged the hardware related registry files from the sacrificial machine on the OS of the dead one to get it to boot, then hand reinstalled the network driver and a few other minor things like the video driver. It's not so hard if you know what you're doing, and a registry isn't a bad thing. All of the above features more or less beat the shit out of all flavors of unix when NT 3.5x/4.0 came out. By the time XP was on, Linux and FreeBSD had caught up and then some. Solaris at this point was trying to get Linux compatibility with lxrun, SGI was already gonzo from the art market with Mac taking over. NT was beautiful - in theory, and on paper. Because a lot of it was VMS on steroids. Remote management tools weren't too horrible. Ok, you couldn't ssh into a box, and the command line tools sucked - even after the resource kit, but MMC worked nicely and let you mostly manage boxes remotely if you knew what you were doing. Sure, you couldn't easily launch a program on a remote server, but you could run the scheduler remotely and tell it to run something two minutes from now. But, oh man, the bugs were murder. So were the patches. Things like invisible, unkillable processes, hidden data forks in the file systems that you can't see to back up, worms didn't help my point of view. Reboots after each of dozens of hotfixes, good luck getting your system to work after a service pack. Hell, you had to reboot after changing IP addresses for fuck's sake! Worse yet, with NT 4.0, it would constantly forget about licenses. It allowed you to set the number to whatever you liked, but in a normal environment when you had only 20 users logging on and off, it easily filled up those 20 licenses. Even if you lied and set it to several hundred, it would forget that some logged off and seize up with "Out of Licenses!" At one point, I had set it to several thousand and had an AT job (cron for unix guys) restarting the license "service" twice a day just to prevent users from getting kicked off! Have a software RAID 5 volume instead of a RAID 1 under NT? Was your OS too hosed to get back up and running? Couldn't restore it with last known good or the registry repair? Good luck restoring those RAID volumes after a reinstall! Wasn't impossible, but wasn't easy either. Exchange server? Ouch! What a load of overpriced bloatware! Have fun repairing it's db's or even backing it up without special software plugins. Excel in a financial environment? Have fun with the Bloomberg plug-in crashing several times a day. Multiply by a few hundred guys on a trade floor and welcome to IT HELL! Thanks, but I'd rather flip burgers than deal with that shit again. Yeah, NT/2K/XP's gotten a lot better after Win2K, but no thanks, I won't go to XP. Ever. That NSA back door key didn't exactly win my friendship over either. XP's creepy product activation isn't my cup of tea. Windows Media Player's reporting back to Mama what I play or what codecs I use is a no-no in my book too. Service Packs where I "agree" that Microsoft has the right to stick anything on my machine? Fuck that noise. Microsoft is evil. Cthulhu sized evil. Ballmer and Butt-head aren't nice, warm, pro-liberty guys. Neither are Scott McNealy and Larry Ellison who both attempted to profit from the World Trade Center/Pentagon bombings by offering their idea of a national ID. All of these folks are far, far worse than Tim May with Microsoft being as slimy and evil as the Neo-CONS! You know what? I'm pro capitalism, pro-freedom, pro-making a buck, but I can see how Microsoft deserves far, far, worse than their anti-trust lawsuit. My fight against them? I won't do windows, I won't use windows in any new machines I buy, I won't work in environments where I'm forced to babysit it. From dgerow at afflictions.org Mon Apr 26 12:04:14 2004 From: dgerow at afflictions.org (Damian Gerow) Date: Mon, 26 Apr 2004 15:04:14 -0400 Subject: Fact checking In-Reply-To: <009e01c42bb7$94fe4d80$110f4b18@firedancer> References: <40854187.9060602@exmosis.net> <20040420153819.GG29689@acm.jhu.edu> <408D285C.7060302@sunder.net> <20040426160027.GA77143@afflictions.org> <408D3FC6.8010704@sunder.net> <20040426171446.GB77143@afflictions.org> <009e01c42bb7$94fe4d80$110f4b18@firedancer> Message-ID: <20040426190414.GD77143@afflictions.org> Thus spake Pete Capelli (pcapelli at ieee.org) [26/04/04 13:56]: : > Who you vote for is up to you. I'm not telling you to vote for him, I'm : > just correcting a pretty large non-truth propogated by American media. : : B*llshit. From a transcript of an interview of Al Gore by Wolf Blitzer: : http://www.cnn.com/ALLPOLITICS/stories/1999/03/09/president.2000/transcript.gore/ : : " During my service in the United States Congress, I took the initiative in : creating the Internet." Yes, that's exactly what he said: That's not saying that he invented the internet, it's saying that he took initiative in creating it. Two very different things. I took initiative in building a house. That's not saying that I built it, it's saying that I approved the blueprints, paid the builders, and would check on things every once in a while, to make sure they weren't going too far astray. : > Hey, I'm no fan of Tipper either. And I'm not saying that Al Gore was a : > /good/ choice. But in retrospect, he probably would have been a lesser : evil : > than the current president. : : Mindlessly voting for anyone but bush is just as ignorant as voting : midlessly for him. Yes, that's about what I was saying. Mindless voting is, in some regards, worse than not voting at all. And it appears that's what sunder has done -- not voted, instead of mindlessly voted. But when all the facts, and the necessities to check the facts, are at your fingertips, there's no reason to be doing either. - Damian From sunder at sunder.net Mon Apr 26 12:22:46 2004 From: sunder at sunder.net (sunder) Date: Mon, 26 Apr 2004 15:22:46 -0400 Subject: Fact checking In-Reply-To: <20040426174438.GC77143@afflictions.org> References: <40854187.9060602@exmosis.net> <20040420153819.GG29689@acm.jhu.edu> <408D285C.7060302@sunder.net> <20040426160027.GA77143@afflictions.org> <408D3FC6.8010704@sunder.net> <20040426171446.GB77143@afflictions.org> <408D471F.7070407@sunder.net> <20040426174438.GC77143@afflictions.org> Message-ID: <408D6186.9030700@sunder.net> Damian Gerow wrote: > I don't give a flying fuck who you vote for, who the options are, what you > think of them, or even if they're convicted drunk drivers hell-bent on > converting the world to their belief system (...). You, sir, are in great need of an enema. *PLONK* From pcapelli at ieee.org Mon Apr 26 13:00:53 2004 From: pcapelli at ieee.org (Pete Capelli) Date: Mon, 26 Apr 2004 16:00:53 -0400 Subject: Fact checking References: <40854187.9060602@exmosis.net> <20040420153819.GG29689@acm.jhu.edu> <408D285C.7060302@sunder.net> <20040426160027.GA77143@afflictions.org> <408D3FC6.8010704@sunder.net> <20040426171446.GB77143@afflictions.org> <009e01c42bb7$94fe4d80$110f4b18@firedancer> <20040426190414.GD77143@afflictions.org> Message-ID: <000d01c42bc9$30bb2b10$110f4b18@firedancer> > : B*llshit. From a transcript of an interview of Al Gore by Wolf Blitzer: > : http://www.cnn.com/ALLPOLITICS/stories/1999/03/09/president.2000/transcript.gore/ > : > : " During my service in the United States Congress, I took the initiative in > : creating the Internet." > > Yes, that's exactly what he said: > > > > That's not saying that he invented the internet, it's saying that he took > initiative in creating it. Two very different things. Now take it in context. Do you really believe that he didn't want people to think he was instrumental from the beginning (since he created it) in the Internet? Or that he was simply another GC, working off an architects plans? I think people took it the right way the first time. Sure, I agree its importance is way overblown; I mean, name one politician who *hasn't* taken credit for someone else's work. But don't be an apologist. If he wants to run for president, he's got to deal with his record, just like kerry (did I or didnt I throw away those medals) or bush (i know those national guard records are here somewhere). > I took initiative in building a house. That's not saying that I built it, > it's saying that I approved the blueprints, paid the builders, and would > check on things every once in a while, to make sure they weren't going too > far astray. Yeah, he was in there on John Postel's CC: list for RFC evaluations. From dgerow at afflictions.org Mon Apr 26 13:12:40 2004 From: dgerow at afflictions.org (Damian Gerow) Date: Mon, 26 Apr 2004 16:12:40 -0400 Subject: Fact checking In-Reply-To: <000d01c42bc9$30bb2b10$110f4b18@firedancer> References: <40854187.9060602@exmosis.net> <20040420153819.GG29689@acm.jhu.edu> <408D285C.7060302@sunder.net> <20040426160027.GA77143@afflictions.org> <408D3FC6.8010704@sunder.net> <20040426171446.GB77143@afflictions.org> <009e01c42bb7$94fe4d80$110f4b18@firedancer> <20040426190414.GD77143@afflictions.org> <000d01c42bc9$30bb2b10$110f4b18@firedancer> Message-ID: <20040426201240.GL77143@afflictions.org> Thus spake Pete Capelli (pcapelli at ieee.org) [26/04/04 16:01]: : > Yes, that's exactly what he said: : > : > : > : > That's not saying that he invented the internet, it's saying that he took : > initiative in creating it. Two very different things. : : Now take it in context. Do you really believe that he didn't want people to : think he was instrumental from the beginning (since he created it) in the : Internet? Or that he was simply another GC, working off an architects : plans? : : I think people took it the right way the first time. Sure, I agree its : importance is way overblown; I mean, name one politician who *hasn't* taken : credit for someone else's work. But don't be an apologist. If he wants to : run for president, he's got to deal with his record, just like kerry (did I : or didnt I throw away those medals) or bush (i know those national guard : records are here somewhere). Agreed, every politician has their own problems. I /personally/ don't believe that Mr. Gore was trying to take credit for 'inventing' the Internet. His wording is incredibly vague, and I agree that it could be taken as him trying to take credit for building up the Internet to the point it is today. But he'd have to be *incredibly* stupid to actually believe that he could get away with claiming he invented something that existed (albeit in various forms) years previous. My problem lays in the fact that not one person (save Gore himself) can verifiably know what Gores intentions were with that statement. The way he phrased the statement is tricky, and leaves it pretty open to interpretation. But I hold fast that he was /not/ saying he invented the Internet. Anyhow, I wasn't trying to get into a debate over what he said, although I guess that was unavoidable. I'm not trying to apologize for what he's said, nor am I trying to make excuses. If he's going to live in the public eye, he's got to either maintain an impeccable character, or suffer its flaws. My problem was that the statement /is/ vague, and the vagueness was then translated into 'inventing the Internet'. Which, again, isn't really all that true. Had sunder said, "Al 'Creating The Internet' Gore", that would have been spot on, and I'd have chuckled. But he didn't, so it wasn't, so I didn't. : > I took initiative in building a house. That's not saying that I built it, : > it's saying that I approved the blueprints, paid the builders, and would : > check on things every once in a while, to make sure they weren't going too : > far astray. : : Yeah, he was in there on John Postel's CC: list for RFC evaluations. No, nor was I there for the developing of the blueprints, nor the chopping of the trees, nor the mixing of the mortar. But I still took initiative in building the house. Just as Gore took initiative in creating -- or rather, helping to create, or helping to fund the creation of -- the Internet. At this point, I concede that there's no way to tell the truth, and that continued discussion can't really progress anywhere. Al Gore munged his words*, and paid the price. End of story, and at this point, it doesn't much matter what he really meant -- he's still not the president, nor will he ever be. - Damian * = More than this once, I might add. From hseaver at cybershamanix.com Mon Apr 26 16:24:57 2004 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Mon, 26 Apr 2004 18:24:57 -0500 Subject: Fact checking In-Reply-To: <20040426201240.GL77143@afflictions.org> References: <40854187.9060602@exmosis.net> <20040420153819.GG29689@acm.jhu.edu> <408D285C.7060302@sunder.net> <20040426160027.GA77143@afflictions.org> <408D3FC6.8010704@sunder.net> <20040426171446.GB77143@afflictions.org> <009e01c42bb7$94fe4d80$110f4b18@firedancer> <20040426190414.GD77143@afflictions.org> <000d01c42bc9$30bb2b10$110f4b18@firedancer> <20040426201240.GL77143@afflictions.org> Message-ID: <20040426232457.GB9558@cybershamanix.com> On Mon, Apr 26, 2004 at 04:12:40PM -0400, Damian Gerow wrote: > > Agreed, every politician has their own problems. I /personally/ don't > believe that Mr. Gore was trying to take credit for 'inventing' the > Internet. His wording is incredibly vague, and I agree that it could be > taken as him trying to take credit for building up the Internet to the point > it is today. > > But he'd have to be *incredibly* stupid to actually believe that he could > get away with claiming he invented something that existed (albeit in various > forms) years previous. > Good grief -- algore is fucking pathological liar. That was just one example among thousands. He can't even tell the truth about where and how he grew up. Gore the lessor of two evils? As much as I despise dubbya, I can't say I'd prefer gore -- but then I voted for Ralph, and will again. And voted libertarian the two elections before that. And the local elections are no prime pickings either, it's crooks to the left of us, crooks to the right of us, ahead and behind, above and below. Extremely few real choices. The real problem is -- most people don't vote. What needs to be done is a real grass roots effort to educate people and get them to vote. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com Hoka hey! From sfurlong at acmenet.net Mon Apr 26 15:30:24 2004 From: sfurlong at acmenet.net (Steve Furlong) Date: 26 Apr 2004 18:30:24 -0400 Subject: BBC on all-electronic Indian elections In-Reply-To: <20040426153439.GA32694@acm.jhu.edu> References: <40854187.9060602@exmosis.net> <20040420153819.GG29689@acm.jhu.edu> <408D285C.7060302@sunder.net> <20040426153439.GA32694@acm.jhu.edu> Message-ID: <1083018624.17427.3.camel@daft> On Mon, 2004-04-26 at 11:34, Jack Lloyd wrote: > Hmmm... that's a thought. Tim May as president. Election slogan: "You're *all* > going up the chimneys." I voted for Cthulhu -- why vote for the lesser of two evils? http://www.cthulhu.org/ From sfurlong at acmenet.net Mon Apr 26 15:39:27 2004 From: sfurlong at acmenet.net (Steve Furlong) Date: 26 Apr 2004 18:39:27 -0400 Subject: BBC on all-electronic Indian elections In-Reply-To: <408D3FC6.8010704@sunder.net> References: <40854187.9060602@exmosis.net> <20040420153819.GG29689@acm.jhu.edu> <408D285C.7060302@sunder.net> <20040426160027.GA77143@afflictions.org> <408D3FC6.8010704@sunder.net> Message-ID: <1083019167.17427.7.camel@daft> On Mon, 2004-04-26 at 12:58, sunder wrote: > Al's prise pig of a wife, Tipper, helped found the PMRC > against lyrics in songs. And, like all statists, they went widely astray of their goals. Frank Zappa's _Jazz from Hell_ got a "Tipper Sticker", indicating obscene lyrics. They didn't notice that _JfH_ was an instrumental album. From shaddack at ns.arachne.cz Mon Apr 26 09:40:15 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Mon, 26 Apr 2004 18:40:15 +0200 (CEST) Subject: Mask secures personal displays In-Reply-To: References: Message-ID: <0404261838470.-1252215136@somehost.domainz.com> > Yamamoto is also optimistic that this technique will find commercial > applications. "Display of secret information on PDA and computer screens > are practical applications," he explained. "Other business applications > include: securing the screen of a terminal at a bank; an operator screen > that shows personal information; and a touch panel screen of a safe." Question: if there is a goggle version, why not use a "real" wearable display instead, eg, the kind by www.microopticalcorp.com ? From rah at shipwright.com Mon Apr 26 15:54:52 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 26 Apr 2004 18:54:52 -0400 Subject: Fact checking In-Reply-To: <20040426213644.GM77143@afflictions.org> References: <40854187.9060602@exmosis.net> <20040420153819.GG29689@acm.jhu.edu> <408D285C.7060302@sunder.net> <20040426160027.GA77143@afflictions.org> <408D3FC6.8010704@sunder.net> <20040426171446.GB77143@afflictions.org> <009e01c42bb7$94fe4d80$110f4b18@firedancer> <20040426190414.GD77143@afflictions.org> <20040426213644.GM77143@afflictions.org> Message-ID: At 5:36 PM -0400 4/26/04, Damian Gerow wrote: >: YMO"I"MV? > >Hum. I've never seen this before -- what's it stand for? Your Meaning Of "Is" May Vary... ;-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Mon Apr 26 10:01:28 2004 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 26 Apr 2004 19:01:28 +0200 Subject: [>Htech] The Courier-Mail: China launches web 'big brother' (fwd from checker@panix.com) Message-ID: <20040426170128.GT1026@leitl.org> ----- Forwarded message from Premise Checker ----- From eugen at leitl.org Mon Apr 26 10:02:38 2004 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 26 Apr 2004 19:02:38 +0200 Subject: [>Htech] WT: FBI up for private screens (fwd from checker@panix.com) Message-ID: <20040426170237.GU1026@leitl.org> ----- Forwarded message from Premise Checker ----- From sunder at sunder.net Mon Apr 26 16:25:07 2004 From: sunder at sunder.net (sunder) Date: Mon, 26 Apr 2004 19:25:07 -0400 Subject: Paying for drinks with wave
of the hand In-Reply-To: References: Message-ID: <408D9A53.809@sunder.net> R. A. Hettinga wrote: > > > WorldNetDaily > > Wednesday, April 14, 2004 > > YOUR PAPERS, PLEASE ... > Paying for drinks with wave > of the hand > Club-goers in Spain get implanted chips for ID, payment purposes > Posted: April 14, 2004 > 5:00 p.m. Eastern 2004.12.18: "A new crime is sweeping the nation. Criminals everywhere are now cloning implanted chips of passerby well to do rich. Some have been caught hiding outside the bushes of the rich with a high powered RFID transponder, waiting for their victims to drive by. Congress has been presented with a bill outlawing all RFID readers, except by store owners." 2005.03.22: "In the news today, actress Jennifer Lopez has been found dead in a dumpster near a shady street with her hand severed. Her American Express implant chip records show that unscrupulous fiends have ran up several million dollars in bar tabs all over downtown Los Angeles, and several large money wire transfers to Saudi Arabia, Afghanistan, and Iran. Ms. Lopez apparently instructed AMEX to remove all her daily spending limits on her credit chip after her chip refused her intended purchases at her local Porsche dealer. A recorded conversation with AMEX customer support reveals she believe it cramped her style. "The FBI is searching for her killers. Special Agent Tom Jones said that no further information will be made available at this time, as that the FBI does not wish to comment on an ongoing investigation since it may aid the perpetrators, and that citizens should switch to cash immediately. "Random J. Citizen on the street commented: 'Well, what do you expect? Congress Outlawed RFID readers, and now the thugs have resorted to chopping off hands.' "Meanwhile thousands of implanted citizens are suing American Express for refusing to allow removal of their credit card chips, some demanding billions of dollars for their severed hands." 2006.03.23: "In an unsurprising move today, CEO Jim Jones of American Express Corporation has stepped down after his company recently filed for Chapter 11 protection after Visa Corporation backed out of purchase negotiations." --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From dgerow at afflictions.org Mon Apr 26 17:20:06 2004 From: dgerow at afflictions.org (Damian Gerow) Date: Mon, 26 Apr 2004 20:20:06 -0400 Subject: Fact checking In-Reply-To: <20040426232457.GB9558@cybershamanix.com> References: <20040420153819.GG29689@acm.jhu.edu> <408D285C.7060302@sunder.net> <20040426160027.GA77143@afflictions.org> <408D3FC6.8010704@sunder.net> <20040426171446.GB77143@afflictions.org> <009e01c42bb7$94fe4d80$110f4b18@firedancer> <20040426190414.GD77143@afflictions.org> <000d01c42bc9$30bb2b10$110f4b18@firedancer> <20040426201240.GL77143@afflictions.org> <20040426232457.GB9558@cybershamanix.com> Message-ID: <20040427002006.GN77143@afflictions.org> Thus spake Harmon Seaver (hseaver at cybershamanix.com) [26/04/04 19:25]: : And the local elections are no prime pickings either, it's crooks to the left : of us, crooks to the right of us, ahead and behind, above and below. Extremely : few real choices. The real problem is -- most people don't vote. What needs to : be done is a real grass roots effort to educate people and get them to vote. So, how does one start a grass roots effort? I'm Canuck, and I'm not exactly impressed with this year's pickings up North. My last vote was a vote /against/ the in-office party, not for the party I'd like to see in office. How do you start motivating a lazy and apathetic public to learn about their candidates, and vote? Door-to-door campaigns? Talks at the local library? Grocery store posters? From rgb at enhyper.com Mon Apr 26 12:21:43 2004 From: rgb at enhyper.com (Graeme Burnett) Date: Mon, 26 Apr 2004 20:21:43 +0100 Subject: No subject Message-ID: Gecko/20040316 To: cryptography at metzdowd.com Subject: The future of security Sender: owner-cryptography at metzdowd.com Hello folks, I am doing a presentation on the future of security, which of course includes a component on cryptography. That will be given at this conference on payments systems and security: http://www.enhyper.com/paysec/ Would anyone there have any good predictions on how cryptography is going to unfold in the next few years or so? I have my own ideas, but I would love to see what others see in the crystal ball. Graeme --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Mon Apr 26 17:49:26 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 26 Apr 2004 20:49:26 -0400 Subject: 10 years jail for false ID Message-ID: The Register Biting the hand that feeds IT The Register ; Security ; Identity ; Original URL: http://www.theregister.co.uk/2004/04/25/blunkett_id_fraud_penalties/ 10 years jail for false ID - Blunkett PR deploys rattle of shackles By John Lettice (john.lettice at theregister.co.uk) Published Sunday 25th April 2004 10:27 GMT UK Home Secretary David Blunkett is set to publish his draft national identity card bill, and according to weekend reports is expected to announce a new offence of possession of a false document, maximum penalty ten years in prison, as he does so. This plugs a major hole in UK law, we are told by the public prints, because "It is currently not an offence to possess a false document unless it has been used in the commission of another crime" (The Guardian (http://www.guardian.co.uk/guardianpolitics/story/0,3605,1202359,00.html)) The Graun goes on to tell us: "Ministers believe it will make it easier for the police to catch criminals at an earlier stage. Someone found at an airport with a suitcase full of forged passports could be prosecuted for that alone", and other papers take a similar line (e.g. The Sun: "Under current laws, prosecutors have to prove those caught with false identity papers were also planning or had committed other crimes.") But exorcise any images you were getting of some weird liberal la-la land where kindly bobbies hand back your fake passport to you, and customs officials close your suitcase full of false passports and wave you through with a cheery smile, because it's not true. A cursory study of the facts leads one almost inescapably to the conclusion that the 'ten years for ID fraud' headlines are being deployed to help Blunkett present a tough on ID fraud, tough on immigration stance in order to improve the reception of his ID bill on Monday. The current position is as follows. If you arrive at Heathrow with a suitcase full of false passports, you will be charged with Having a False Instrument, contrary to Section 5(2) of the Forgery and Counterfeiting Act 1981 (example (http://www.nationalcrimesquad.police.uk/Hot_off_the_press/2003/may/56.html)). Or if you're caught running a passport factory, you will be charged with conspiracy to make forged instruments (example (http://www.nationalcrimesquad.police.uk/Hot_off_the_press/2003/july/85.html)). Penalties are not what you'd call trivial - in our second example, the organiser received five years in prison plus the threat of another three if he did not pay the authorities #200,000. Defendants were (as is usual in these case, subject to a confiscation hearing to identify and seize any ill-gotten gains. The position as regards individuals holding false documentation is particularly interesting, because this is our second draconian crackdown in ten months. Prior to the Criminal Justice Act 2003 fraudulently obtaining a passport was dealt with under the Theft Act 1968, but one problem perceived with this was that although high penalties were available, loss tended to be equated with the value of the document, rather than the potential use to which the document could be put. Provisions increasing the penalty for falsely obtaining a passport or driving licence to a maximum of two years prison came into effect on 29h January 2004 (Home Office circular (http://www.homeoffice.gov.uk/docs3/hoc0704.html)). And when the late Beverley Hughes, a Home Office minister at the time, announced the change at the Combating Identity Fraud Conference in London in June last year, she said: "The new offence will make it much easier and swifter for police to arrest criminals for identity theft as they will be able to arrest the criminals for just possessing fake or stolen documents" (Home Office press release* (http://66.102.9.104/search?q=cache:8G84gJe8OVEJ:www.homeoffice.gov.uk/n_story.asp%3Fitem_id%3D508+beverley+hughes+linked+crimes+conviction&hl=en)). Much useful information on the related issues of illegal immigration and people trafficking is available from the Metropolitan Police Authority, which reports that "as the Home Office have become more concerned about immigration and introduced more controls, so the opportunities for serious and organised criminals to profit from would-be migrants by providing them with fraudulently obtained, forged or stolen travel documentation, or secure means of transportation across borders, have increased" (performance report, 8th May 2003 (http://www.mpa.gov.uk/committees/ppr/2003/030508/09.htm)). The MPA says that numbers trafficked "rather than facilitated" are relatively small, that London is the principal target for organised crime and illegal immigration, and that 75 per cent of failed asylum seekers live in London. Joint operations with the Immigration Service had a target of the removal of 350 failed asylum seekers per month last May, and it was intended to ramp this to 800 a month by March 2004. Actions supporting this ramp include "a 'walk up' at identified locations throughout London with a focus that includes car washes and other similar activity." So clearly, even under the grotesquely inadequate laws of 2003, the police do not seem to have been significantly impeded in their ability to spot-check ID and nick people. A more recent MPA report (http://www.mpa.gov.uk/committees/ppr/2004/040212/11.htm) gives an indication of what happens to people carrying false ID, and indicates what the Home Office is doing to in the fight against organised crime (er, it's impeding it). Says the report: "It is evident, though, that UKIS and UKPS [Immigration Service and Passport Service respectively] are working to a different set of objectives to Operation MAXIM [the Met task force dealing with organised immigration-related crime]. From an enforcement perspective, UKIS is focused on meeting Government targets for removals and... considers identifying and tackling organised immigration crime networks as a secondary issue, potentially best addressed by police resources." So in chasing their failed asylum removal targets, IKIS and UKPS are whipping detainees out of the country so fast that police chances of tracking the origins of their false documentation are substantially reduced. The report continues: "This is leading to a number of missed opportunities where linked offences, such as forged passports coming from the same source, are not being followed up, because the focus is on removing the holder of the forged passport and not expanding the investigation to include identifying the network that supplied it and others in the series." So shall we recap? We will have a new, stiffer penalty for an offence that gained a new, stiffer penalty just last year. A large proportion of those caught carrying false ID will, as previously, be swiftly ejected from the country, and will therefore not be going to prison anyway. The Metropolitan Police is meanwhile is "negotiating" with the Immigration Service in order to agree procedures that will give it data on false identity documents that will actually stand up in court. Should UKIS be able to tear itself away from its Home Office targets for long enough to do this, then the police will be rather better equipped to target organised crime's production of false identity documents. . * Our apologies for the Google cache link. At time of writing great swathes of the UK government's documentation, including select committee reports, had been offline for several days. As the provision of information to the citizenry is merely a key component of the democratic process in the electronic age, we accept that this probably doesn't count as mission-critical. Related stories: UK public wants ID cards, and thinks we'll screw up the IT (http://www.theregister.co.uk/2004/04/22/id_cards/) Fingerprints as ID - good, bad, ugly? (http://www.theregister.co.uk/2004/04/19/biometrics/) Draft ID card Bill one month away - Blunkett (http://www.theregister.co.uk/2004/04/07/id_cards/) ) Copyright 2004 -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From shaddack at ns.arachne.cz Mon Apr 26 13:28:10 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Mon, 26 Apr 2004 22:28:10 +0200 (CEST) Subject: Infrared flash? Message-ID: <0404262223240.-1252199436@somehost.domainz.com> For bright flashes of visible light, xenon flash tubes are the choice. But when I want a really bright flash on about 800-900 nm, what approach is the best? One application is a security camera taking a snapshot without alerting the adversary with a flash. (Could be a good system against black-bag jobs.) Another application, with higher flash frequency, could be a stroboscope throwing the AGC circuits in cameras off-track, Macrovision-style. What would be the best approach? The energies here are more in the range of rotation/vibration changes than electrons jumping up and down between the energy states. How to convert a blast of electrical energy into a shower of near-IR photons? From rah at shipwright.com Mon Apr 26 20:33:05 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 26 Apr 2004 23:33:05 -0400 Subject: Id Cards 'Will Protect Youngsters from Paedophiles' Message-ID: Horseman #1, Terrorists: Check. Horseman #2, Pedophiles: Check. Next? Cheers, RAH --------- print close Tue 27 Apr 2004 2:47am (UK) Id Cards 'Will Protect Youngsters from Paedophiles' By James Lyons, Political Correspondent, PA News Identity cards will help keep youngsters safe from perverts, Education Secretary Charles Clarke claimed today. Cards containing personal information like fingerprints would make it more difficult to side-step checks, said Mr Clarke. That was just one of the benefits of the controversial scheme, outlined yesterday, he was telling a Commons select committee. The controversial move could also save money and stamp out fraud, his evidence to the Home Affairs committee shows. In a written submission released ahead of this afternoon's hearing, Mr Clarke wholeheartedly backs the scheme. "I am very much in favour of identity cards not only because of the broad benefits to the UK such as tackling illegal working, preventing identity fraud and theft but because of the significant benefits that I believe that ID cards would bring the work of my department and its agencies," he said. Mr Clarke's appearance before the committee comes after Cabinet colleague David Blunkett produced draft proposals yesterday. People who refuse to register will not be jailed but face a fine of up to #2,500 under the Home Secretary's plans. Mr Blunkett said did not want to give opponents the opportunity to become "martyrs". The draft Identity Cards Bill allows the creation of a National Identity Register of up to 60 million UK residents. This will be linked to "biometric" cards carrying features including facial recognition, iris images and fingerprints. This biometric technology will be incorporated into existing identification documents, such as passports and driving licences. The first documents with facial recognition are due in 2005, and fingerprint details are expected to be added from 2007. People who do not need passports or driving licences will be able to apply for a "plain" ID card. Funding the introduction of the scheme will come from hikes in the cost of passports and driving licences. A combined passport/ID card will cost an estimated #77, a combined driving licence/ID card #73 and a "plain" card around #35. There will be concessions for the elderly and poor, with all 16-year-olds issued with their first card free of charge. Initially, the cards will be voluntary but they are expected to be made compulsory around 2013, by which time 80% of adults should already be carrying biometric ID. Any switch to a universal card would by made by an Order, subject to the approval of both Houses of Parliament, but new primary legislation would not be required. New criminal offences for the possession of false identity documents will be created, with a maximum sentence of 10 years jail. If they are made compulsory, cards will have to be produced to access a range of public services, including non-emergency treatment on the NHS and benefits. Latest News: http://news.scotsman.com/latest.cfm -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Mon Apr 26 20:34:51 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 26 Apr 2004 23:34:51 -0400 Subject: U.K. Identity Card Will Make Fraud Easier, Expert Says Message-ID: Bloomberg ines Expanding European Union in Economic Competitiveness Study Amvescap, BAE, BP, BAT, Ferraris, Solitaire: U.K., Irish Equity Preview Royal Mail Group Seeking Permission to Price Letters by Size, Not Weight U.K. Identity Card Will Make Fraud Easier, Expert Says April 27 (Bloomberg) -- A U.K. identity card will not prevent terrorism and may make identity fraud easier, a leading security expert says, undermining the case for the cards made by Home Secretary David Blunkett. Blunkett on Monday set out plans for a national identity card featuring ``biometric'' measures such as fingerprints and iris scans to be introduced in 2007. A six-month trial of biometric recording and verification, involving 10,000 volunteers, has just begun. He said an ID card would protect Britain from terrorism, identity fraud and ``benefit tourism'' - people visiting the U.K. to claim welfare payments. ``An ID card makes ID fraud easier because it's a one-stop shop,'' said Bruce Schneier, a security expert and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World. ``My fear is that once you have a credential that everybody trusts, faking it becomes so much more valuable. There will be a false sense of security and you can abuse that.'' In an interview with the BBC in London on Monday, Blunkett cited information from the security forces that 35 percent of terrorists had used fake IDs. ``How is this going to help?'' said Schneier, who has testified on security before the US congress, from California. ``Let's pretend he's right, and let's pretend the card is 100 percent successful. So now there's no terrorists using fake IDs. Does it reduce the threat of an attack? No. They will just find another way. Any anti-terrorist measure that forces a terrorist to change his tactics in a meaningless way is a waste of money.'' The Home Office said in a statement that because the new cards would use biometric measures, the system would identify people trying to apply for multiple cards under different names. ``Biometrics won't stop me getting a card in your name,'' said Schneier. ``Pictures are a biometric, and we use pictures on cards in the US and fraud happens all the time. What's new is biometrics being checked by computer. Is your computer reliable? Mine isn't. ``The operators who run the computers are bribeable. What does it cost to bribe someone to go into a database and change the fingerprint?'' The plan to introduce a compulsory identity card for the first time since the cards were scrapped after World War II has met resistance from other member's of Prime Minister Tony Blair's government, including Trade and Industry Secretary Patricia Hewitt. Parliament will be given a vote before the cards are made compulsory in 2013. ``The whole point of this trial is to see what glitches we uncover,'' the Home Office said in a statement Replying to Schneier's criticisms. ``We will work to make the system as secure as possible.'' -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From hseaver at cybershamanix.com Tue Apr 27 05:15:04 2004 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Tue, 27 Apr 2004 07:15:04 -0500 Subject: Fact checking In-Reply-To: <20040427002006.GN77143@afflictions.org> References: <408D285C.7060302@sunder.net> <20040426160027.GA77143@afflictions.org> <408D3FC6.8010704@sunder.net> <20040426171446.GB77143@afflictions.org> <009e01c42bb7$94fe4d80$110f4b18@firedancer> <20040426190414.GD77143@afflictions.org> <000d01c42bc9$30bb2b10$110f4b18@firedancer> <20040426201240.GL77143@afflictions.org> <20040426232457.GB9558@cybershamanix.com> <20040427002006.GN77143@afflictions.org> Message-ID: <20040427121504.GA9854@cybershamanix.com> On Mon, Apr 26, 2004 at 08:20:06PM -0400, Damian Gerow wrote: > > Thus spake Harmon Seaver (hseaver at cybershamanix.com) [26/04/04 19:25]: > : And the local elections are no prime pickings either, it's crooks to the left > : of us, crooks to the right of us, ahead and behind, above and below. Extremely > : few real choices. The real problem is -- most people don't vote. What needs to > : be done is a real grass roots effort to educate people and get them to vote. > > So, how does one start a grass roots effort? I'm Canuck, and I'm not > exactly impressed with this year's pickings up North. My last vote was a > vote /against/ the in-office party, not for the party I'd like to see in > office. > > How do you start motivating a lazy and apathetic public to learn about their > candidates, and vote? Door-to-door campaigns? Talks at the local library? > Grocery store posters? All of the above, but mostly door-to-door voter registration. When you consider that both klinton and dubbya were elected with only 13%-14% of the eligible voters, it wouldn't take all that many new voters to really make a difference. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com Hoka hey! From rah at shipwright.com Tue Apr 27 06:46:39 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 27 Apr 2004 09:46:39 -0400 Subject: Driver's certificates: Logic meets the streets Message-ID: Nashville City Paper Driver's certificates: Logic meets the streets April 27, 2004 Gov. Phil Bredesen split the difference on allowing illegal aliens to get driver's licenses, and his solution is a good one. Bredesen is proposing legislation that will allow only U.S. citizens and lawful permanent residents of the United States to get Tennessee driver's licenses. The administration says it will be the toughest driver's license policy in the nation. It's nice to finally be first in something desirable. But the Bredesen administration has also answered the question of what to do with illegal aliens working in Tennessee who operate motor vehicles. The argument for issuing them driver's licenses has always been that at least the state can be sure they know our rules of the road which are so often completely different from their countries of origin. Bredesen has proposed that the state issue a "certificate of driving" to those who either have temporary, legal documents to work or go to school here or to those who can prove their identity and residence in Tennessee. The certificates cannot be used as legal identification so, for example, the bearer of a certificate could not use it to board a plane or rent a car. Toughening up our driver's license requirements and finding a way to accommodate those who don't meet requirements for citizenship is a good compromise. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Apr 27 07:05:55 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 27 Apr 2004 10:05:55 -0400 Subject: Computer Student on Trial for Aid to Muslim Web Sites Message-ID: The New York Times April 27, 2004 Computer Student on Trial for Aid to Muslim Web Sites By TIMOTHY EGAN OISE, Idaho, April 23 - Not long after the terrorist attacks of Sept. 11, 2001, a group of Muslim students led by a Saudi Arabian doctoral candidate held a candlelight vigil in the small college town of Moscow, Idaho, and condemned the attacks as an affront to Islam. Today, that graduate student, Sami Omar al-Hussayen, is on trial in a heavily guarded courtroom here, accused of plotting to aid and to maintain Islamic Web sites that promote jihad. As a Web master to several Islamic organizations, Mr. Hussayen helped to maintain Internet sites with links to groups that praised suicide bombings in Chechnya and in Israel. But he himself does not hold those views, his lawyers said. His role was like that of a technical editor, they said, arguing that he could not be held criminally liable for what others wrote. Civil libertarians say the case poses a landmark test of what people can do or whom they can associate with in the age of terror alerts. It is one of the few times anyone has been prosecuted under language in the antiterrorism law known as the USA Patriot Act, which makes it a crime to provide "expert guidance or assistance" to groups deemed terrorist. "Somebody who fixes a fax machine that is owned by a group that may advocate terrorism could be liable," said David Cole, a Georgetown University law professor who argued against the expert guidance part of the antiterrorism law this year, in a case where it was struck down by a federal judge. Mr. Hussayen, 34, a father of three who was pursuing a doctorate in computer sciences at the University of Idaho, is charged with three counts of conspiracy to support terrorism and 11 counts of visa and immigration fraud. His trial opened on April 14 and is expected to last until June. The trial offers conflicting views of Mr. Hussayen, a son of the Saudi middle class. Defense lawyers have portrayed him as a loving family man who embraces Western values while holding to his Islamic faith; the prosecution team has presented him as a secret conspirator, aiding the cause of terrorism through his computer skills. [In a ruling that bolstered Mr. Hussayen's case on Monday, Judge Edward J. Lodge of Federal District Court in Idaho would not let prosecutors show the jury a Web page that encourages suicide bombings. The judge said the government must prove that Mr. Hussayen created the page or endorsed its contents.] Earlier this year, Judge Audrey B. Collins of the Federal District Court in Los Angeles, struck down a part of the antiterrorism law being used in this trial, ruling that it was overly broad and vague. But Judge Collins did not extend her ruling beyond the one case in California. President Bush made several recent campaign-style stops on behalf of the antiterrorism law, saying it is an essential tool for law enforcement. "The Patriot Act defends our liberty, is what it does, under the Constitution of the United States," Mr. Bush said in Buffalo on Tuesday. Idaho, one of the most Republican states, has become an unlikely home of opposition to the act. The state's senior senator, the Republican Larry E. Craig, and Representative C. L. Otter, also a Republican, have sponsored bills to amend the act, which they have called a threat to civil liberties. Mr. Hussayen's lead lawyer, David Nevin, is best known for his defense in 1993 of Kevin Harris, who was involved in a standoff with government agents at a cabin in Ruby Ridge, Idaho, along with Randall C. Weaver. That case, in which Mr. Weaver's wife and teenage son were shot and killed by government agents, is a cause cilebre among mainly right-leaning civil libertarians. Some of Mr. Hussayen's supporters say they see a similar kind of government abuse in his trial. "It's an illustration of how much power the government can bring against somebody," said John Dickinson, a retired professor of computer sciences who was Mr. Hussayen's doctoral adviser at the University of Idaho. "It should scare anybody." Mr. Dickinson said he was interviewed by the F.B.I. for several hours after Mr. Hussayen's arrest in February 2003. "They kept saying his Ph.D. program was a front and that the person I knew was only the tip of this monstrous iceberg," he said. "But I've yet to hear one thing the government has said since then that has made me question his innocence." Justice Department officials and prosecutors refused to comment on the broader implications of the case, citing the trial. But in court documents, the government makes a case that Mr. Hussayen funneled money to Islamic charities with terrorist ties and that he posted calls for jihad by different Saudi sheiks. In the indictment, the government charged that Mr. Hussayen provided "computer advice and assistance, communications facilities, and financial instruments and services that assisted in the creation and maintenance of Internet Web sites and other Internet medium intended to recruit and raise funds for violent jihad, particularly in Palestine and Chechnya." And they have argued that Mr. Hussayen's technical assistance, even if he did not share the beliefs of the groups he helped, were like providing a gun to an armed robber. Most of the facts are not in dispute. Mr. Hussayen's lawyers said that he gave money to legitimate Islamic charities and that his Web site work was protected by the First Amendment. The Web sites he maintained also posted views opposing jihad, they said. The government has argued that Mr. Hussayen, a Saudi citizen who is the son of a retired Saudi minister of education, does not have all the protections of an American citizen. They said he abused his privilege as a student by working for computer sites that advocate terror. His friends in the Idaho college town may have known one side of him, the prosecutor, Kim Lindquist, said in his opening remarks to the jury, but they seldom saw "the private face of extreme jihad." The Saudi government is paying for the defense of Mr. Hussayen, his family said. One of the charities that Mr. Hussayen supported, Islamic Assembly of North America, still operates out of Ann Arbor, Mich. On its Web site, the group says its mission is to promote the spread of Islam, and the group solicits money from the public. Mr. Nevin said the charity has never been classified as terrorist by the government. But the government said the Michigan charity was one of the Web sites that "accommodated materials that advocated violence against the United States." Both sides in this case are looking to appeals that will probably turn on the part of the antiterrorism law thrown out by Judge Collins in January. In that case, the judge ruled on behalf of several humanitarian groups that wanted to provide support to the nonviolent arms of two organizations designated as terrorist in Turkey and Sri Lanka. Judge Collins wrote that "a woman who buys cookies at a bake sale outside her grocery store to support displaced Kurdish refugees to find new homes could be held liable" if the sale was sponsored by a group designated terrorist. The American Civil Liberties Union, which is trying to overturn the antiterrorism law in court, tried to join the Idaho case but was rebuffed by Judge Lodge. "We very much wanted to be involved in this case because it is by far the most radical prosecution we've seen under the Patriot Act," said Ann Beeson, associate legal director of the national A.C.L.U. "You shouldn't be held liable for what somebody else said. Under this theory, you could charge the electrician who services the wrong client." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Tue Apr 27 08:06:50 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 27 Apr 2004 11:06:50 -0400 Subject: Fact checking Message-ID: >How do you start motivating a lazy and apathetic public to learn about >their >candidates, and vote? Door-to-door campaigns? Talks at the local library? >Grocery store posters? Well, imagine if we could buy votes...I'd bet we could scrounge up a few hundred thousand votes for the price of a few vials of crack. Then imagine we 'elect' bin Laden as a Senator or something with these votes. I bet people would start voting after that. -TD >From: Harmon Seaver >To: cypherpunks at minder.net >Subject: Re: Fact checking >Date: Tue, 27 Apr 2004 07:15:04 -0500 > >On Mon, Apr 26, 2004 at 08:20:06PM -0400, Damian Gerow wrote: > > > > Thus spake Harmon Seaver (hseaver at cybershamanix.com) [26/04/04 19:25]: > > : And the local elections are no prime pickings either, it's crooks >to the left > > : of us, crooks to the right of us, ahead and behind, above and below. >Extremely > > : few real choices. The real problem is -- most people don't vote. What >needs to > > : be done is a real grass roots effort to educate people and get them to >vote. > > > > So, how does one start a grass roots effort? I'm Canuck, and I'm not > > exactly impressed with this year's pickings up North. My last vote was >a > > vote /against/ the in-office party, not for the party I'd like to see in > > office. > > > > How do you start motivating a lazy and apathetic public to learn about >their > > candidates, and vote? Door-to-door campaigns? Talks at the local >library? > > Grocery store posters? > > All of the above, but mostly door-to-door voter registration. When you >consider that both klinton and dubbya were elected with only 13%-14% of the >eligible voters, it wouldn't take all that many new voters to really make a >difference. > > > >-- >Harmon Seaver >CyberShamanix >http://www.cybershamanix.com >Hoka hey! > _________________________________________________________________ Stop worrying about overloading your inbox - get MSN Hotmail Extra Storage! http://join.msn.com/?pgmarket=en-us&page=hotmail/es2&ST=1/go/onm00200362ave/direct/01/ From rah at shipwright.com Tue Apr 27 08:11:51 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 27 Apr 2004 11:11:51 -0400 Subject: Mathematicians From Around the World Collaborate to Solve Latest RSA Factoring Challenge Message-ID: Duelling crypto-crack press-releases this morning. Ford vs. GM, er, Certicom vs. RSA... Cheers, RAH ------- Silicon Valley Biz Ink :: The voice of the valley economy April 27, 2004 Computers/Electronics News Press release distributed by PR Newswire Mathematicians From Around the World Collaborate to Solve Latest RSA Factoring Challenge < back Contest provides practical gauge of current cryptographic research and encourages development of higher standards of security for organizations BEDFORD, Mass., April 27 /PRNewswire-FirstCall/ -- RSA Laboratories, the research center of RSA Security Inc. (Nasdaq: RSAS) today announced that a team from the Scientific Computing Institute and the Pure Mathematics Institute in Germany, along with the National Research Institute for Mathematics and Computer Science in the Netherlands and several other organizations, has solved the RSA-576 Factoring Challenge. The worldwide team of eight solved the challenge using approximately 100 workstations in a little more than three months, and earned a cash prize of $10,000 from RSA Security for their efforts. Originally started in 1991 and relaunched with its current set of challenge numbers in 2001, RSA Laboratories' Factoring Challenge was established to encourage research into computational number theory and the practical difficulty of factoring large integers. "The information received during these challenges is a valuable resource to the cryptographic community and can be helpful for organizations in choosing appropriate cryptographic measures for a desired level of security," said Burt Kaliski, chief scientist and director at RSA Laboratories. To solve the factoring challenge, the consortium leveraged resources from around the world, including hardware from the Experimental Mathematics Institute in Essen, Germany, from the Bundesamt fur Sicherheit in der Informationstechnologie (BSI), and experts from the Number Field Sieve network of mathematicians throughout Canada, the United States and the United Kingdom. The factoring of RSA-576 was completed using the general number field sieve factoring algorithm (GNFS) to gather data, find dependencies among the data and ultimately leverage those dependencies to factor the number. "I'm very proud of all these individuals from around the world and their efforts to solve this first factoring challenge," said Jens Franke of the Pure Mathematics Institute at Bonn University. "The collaborative efforts of everyone involved in this accomplishment are indicative of the achievements in mathematics, and cryptography on a greater scale, that can be realized and applied to protect the data of businesses around the world. We are excited to continue working on such projects that will assist in cryptographic research to build stronger algorithms in an effort to ensure the integrity of sensitive corporate information." RSA Laboratories sponsors a series of cryptographic challenges that allow individuals or groups to attempt to solve various encryption "puzzles" for cash prizes. The RSA-576 Factoring Challenge is one of a series of factoring challenges set forth by the research arm of RSA Security to determine the difficulty of customizing algorithms for factoring and assessing the strength of larger key sizes. RSA-576 is a smaller-scale example of the types of cryptographic keys that are recommended to secure Internet and wireless transactions. Typical keys are at least 1024 bits (310 decimal digits); RSA-576 is 576 bits (174 decimal digits). Larger numbers are considered to provide significantly greater security. The next challenge number in the series is RSA-640. "RSA Security extends our congratulations to the team for their efforts," said Kaliski. "This challenge demonstrates how the work of a few can have a broad impact on the development of the critical nature of cryptography. Their work reflects the kind of expertise and resources needed to factor large numbers. Such challenges are designed to track the evolution of cryptographic research and ensure businesses are protecting their intellectual property and critical data with the right levels of security." About RSA Security Inc. RSA Security Inc. helps organizations protect private information and manage the identities of people and applications accessing and exchanging that information. RSA Security's portfolio of solutions -- including identity & access management, secure mobile & remote access, secure enterprise access and secure transactions -- are all designed to provide the most seamless e- security experience in the market. Our strong reputation is built on our history of ingenuity, leadership, proven technologies and our more than 14,000 customers around the globe. Together with more than 1,000 technology and integration partners, RSA Security inspires confidence in everyone to experience the power and promise of the Internet. For more information, please visit http://www.rsasecurity.com. RSA is a trademark of RSA Security Inc. in the United States and/or other countries. All other products and services mentioned are trademarks of their respective companies. For more information: Roger Fortier Tim Powers McGrath/Power Public Relations RSA Security Inc. (408) 727-0351 (781) 515-6212 rogerf at mcgrathpower.com tpowers at rsasecurity.com -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From caroline at ripfree.com Tue Apr 27 02:51:32 2004 From: caroline at ripfree.com (Caroline Heatlie) Date: Tue, 27 Apr 2004 11:51:32 +0200 Subject: Message-ID: http://www.wsws.org/articles/2004/apr2004/blun-a24.shtml Twenty years after 1984, the date for George Orwell's dystopian vision, the British home secretary hopes to introduce a new category of imprisonable offence-"thought crime," or guilt by association. According to two recent newspaper articles, David Blunkett is considering jailing those who merely "sympathise" with so-called extremist Islamic groups or who continue to "associate" with alleged terrorist suspects. The Observer wrote on April 11, "Sympathisers with extremist Islamic groups will risk jail under controversial plans to make merely associating with a suspected terrorist a crime." The next day, the Times reported, "Those whose names were found on seized mobile phones, computers or e-mails and who tried further contact would find themselves facing prison." The paper added that the home secretary would like a formal warning given to "every known contact of a terror suspect or extremist Islamic group." A source close to the home secretary was quoted saying, "We are targeting support networks, the things that enable terrorism to be perpetrated by other people. It is intended to deter people from hanging around the fringes of undesirables." The latest musings of Blunkett are a double attack on democratic rights. Firstly, the proposal to introduce "guilt by association" makes criminals of those who have committed no crime. Secondly, by extension the so-called "undesirables" with whom they associate face a form of banning order reminiscent of the apartheid regime in South Africa, preventing them from coming into contact with anyone. Barry Hugill, spokesman for civil rights group Liberty, said, "You cannot start imprisoning people for what may or may not be going on inside their head." The Labour government has introduced some of the most draconian "anti-terrorist" legislation in Europe. Britain has declared a "technical" state of emergency, enabling the suspension of sections of the European Convention on Human Rights. This then makes possible the indefinite internment of foreign nationals as "terrorist suspects," without recourse to the normal juridical process. The 14 individuals who have been locked up under the terms of the Anti-Terrorism, Crime and Security Act 2001 (ATCSA) enter a Kafkaesque world where they may not see the evidence that supposedly justifies their incarceration, nor may they appoint an independent legal representative to challenge their imprisonment in the courts. They can only be set free if they agree to be deported back to the country from which they have fled, where their life may well be in danger. The choice is stark: indefinite detention without due legal process, or possible death. In February, Blunkett proposed the introduction of a form of "pre-emptive" justice, where suspects could be jailed based on charges for crimes they had not yet committed. It is a measure of the disregard for longstanding democratic norms that permeates official politics and most of the media in Britain that the home secretary's latest proposal passed largely without comment or criticism. See Also: Britain: home secretary proposes "pre-emptive" justice [10 February 2004] Britain prepares its own version of US Patriot Act [21 January 2004] # distributed via : no commercial use without permission # is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: majordomo at bbs.thing.net and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: nettime at bbs.thing.net --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From declan at well.com Tue Apr 27 09:33:54 2004 From: declan at well.com (Declan McCullagh) Date: Tue, 27 Apr 2004 12:33:54 -0400 Subject: [Politech] A criticism of Gmail and a call for encryption everywhere [priv] Message-ID: -------- Original Message -------- Subject: Opposing view of Gmail issues (Cypherpunk tie in) Date: Sun, 25 Apr 2004 13:11:53 -0500 (CDT) From: J.A. Terranson To: Declan McCullagh References: <4087CD30.5020800 at well.com> Good Afternoon Declan, As with much of the online community, I have been discussing this topic since it was announced by Google, and until recently, I was also of the opinion that this was a simple contractual choice between the user of Gmail and Google. My opinion was altered by a gentleman in England, who used the following story to illustrate his point: When Google released their toolbar, he, like most of us, installed it. What was different was that he installed it with all of the advanced features (including the tracking options, which Google goes out of their way to make crystal clear *is* tracking software). He reasoning was similar to the thoughts you expressed below: he had nothing to hide, he believed Google really was stripping identity data from their observations of his browsing habits, and he did not mind having them "watch". One day he had a firewall issue when trying to retrieve a file, and the person who was hosting it offered to put it on a "private" (i.e., unlinked) page for him to grab over HTTP. He accepted, downloaded the document, and promptly forgot about it - until this document, which had extremely personal information on it (personal to the person *hosting* it, not the person retrieving it) showed up on Google a short time later. You see, the toolbar had seen him go to a web page that Google did not have, and so they indexed it right away. Without meaning to, the user of the toolbar had helped Google to violate the privacy of the person who went out of his way to keep this document private. This person knew nothing of the toolbar, and had no agreement with Google, yet he became the unwilling participant in Google's web cache. The senders of email to users of Gmail are in the very same position as our friend above: they know nothing of the agreement, they are not participants in the Gmail program - they have never agreed to allow a third party to access *their* private thoughts and utterances, yet they too are caught in the middle. As much as it goes against my gut reaction, I must admit that Gmail has some very serious privacy implications, some of which almost definitely fall under EU privacy laws. The ultimate solution to the problem is close to what was suggested in the essay below: encryption. But not by Google. Encryption by the senders. The Cypherpunk cries of "Encryption Everywhere" lands smack dab in the middle of the plate here - email stays private, regardless of Google indexing, government snooping, or end user negligence. Pity that people will spend thousands of hours, and millions of dollars arguing over the best way to protect us from ourselves, but that we won't spend five minutes learning to use a simple encryption system that could completely erase these very issues. Yours, Alif Terranson sysadmin at mfn.org On Thu, 22 Apr 2004, Declan McCullagh wrote: > [It seems to me that Brad is being kind here by not denouncing the > privacy fundamentalists for trying to ban Google's Gmail in its current > form. It is true that there are potential costs of using Gmail for email > storage (just as there are costs of using your own laptop for that > purpose). The question is whether consumers should have the right to > make that choice and balance the tradeoffs, or whether it will be > preemptively denied to them by privacy fundamentalists out to deny > consumers that choice. --Declan] > _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Tue Apr 27 10:22:03 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 27 Apr 2004 13:22:03 -0400 Subject: Fact checking Message-ID: "How do you start motivating a lazy and apathetic public to learn about their candidates, and vote? Door-to-door campaigns? Talks at the local library? Grocery store posters?" Well, we could just tell them their lives would be much better under Kodos, rather than Kang. -TD >From: Damian Gerow >To: Harmon Seaver >CC: cypherpunks at ds.pro-ns.net >Subject: Re: Fact checking >Date: Mon, 26 Apr 2004 20:20:06 -0400 > >Thus spake Harmon Seaver (hseaver at cybershamanix.com) [26/04/04 19:25]: >: And the local elections are no prime pickings either, it's crooks to >the left >: of us, crooks to the right of us, ahead and behind, above and below. >Extremely >: few real choices. The real problem is -- most people don't vote. What >needs to >: be done is a real grass roots effort to educate people and get them to >vote. > >So, how does one start a grass roots effort? I'm Canuck, and I'm not >exactly impressed with this year's pickings up North. My last vote was a >vote /against/ the in-office party, not for the party I'd like to see in >office. > >How do you start motivating a lazy and apathetic public to learn about >their >candidates, and vote? Door-to-door campaigns? Talks at the local library? >Grocery store posters? > _________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee. Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 From rah at shipwright.com Tue Apr 27 11:24:32 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 27 Apr 2004 14:24:32 -0400 Subject: [Politech] A criticism of Gmail and a call for encryption everywhere [priv] Message-ID: --- begin forwarded text From rah at shipwright.com Tue Apr 27 13:28:48 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 27 Apr 2004 16:28:48 -0400 Subject: NAS Inducts Four MIT Faculty Message-ID: NAS Inducts Four MIT Faculty Four MIT faculty are among the 72 recently-elected members of the National Academy of Sciences. Professors Shafrira Goldwasser, Nancy H. Hopkins, Ronald L. Rivest, and Maria Zuber were selected for their achievements in original research. They join 55 other current MIT faculty as members of the prestigious group. A professor in Course VI (Electrical Engineering and Computer Science), Goldwasser leads the Cryptography and Information Security Group in the Computer Science and Artificial Intelligence Laboratory, where her research is focused on complexity theory. Hopkins, the Course VII (Biology) Amgen Professor, studies the genes necessary for early development in zebrafish and the role of these genes in the predisposition to cancer of adult zebrafish. Rivest, the reason for the 'R' in RSA, was an inventor of the RSA public-key cryptosystem. Like Goldwasser, he is a founding member of the Cryptography and Information Security Group in CSAIL. He has done extensive work in cryptography and algorithmic research. Zuber is the department head for Course XII (Earth, Atmospheric, and Planetary Sciences). Her research ranges from the modeling of geophysical processes to the development and implementation of space-based laser ranging systems. Including the newly elected members, 123 members of the NAS have had affiliations with MIT. Also newly elected to the NAS are 18 foreign associates, including former MIT Dean of Science Robert J. Birgeneau, who is now the president of the University of Toronto. Hopkins, the chair of the School of Science committee that released a 1999 report on the status of women faculty at MIT, commented on the large number of women faculty selected for the NAS. "It's a fluke of small numbers, but it's a pretty spectacular fluke," Hopkins said. She added that this was the "result of hiring terrific women and giving them the resources to do science." According to the NAS web site, the NAS is a private group that was chartered by Congress in 1863 with a mandate to advise the federal government on scientific issues. -- Kelley Rivoire MIT Undergrad Robbed Near Sidney-Pacific An MIT undergraduate was the victim of an unarmed robbery outside the Sidney-Pacific Graduate Residence early on Friday morning, according to an MIT Police report. The victim, who wished to remain anonymous, said that he noticed five black males following him as he walked home from Central Square. He said he ran towards the dormitory, where he is not a resident, but was kicked by the suspects before he was able to get there. The victim gave the suspects ten dollars on demand, after which the suspects took his wallet. The police report said that the victim's credit cards and an additional $13 were taken. The victim said that he was bumped on his head and suffered a bruise to his face, though he does not remember being hit. He said that he pressed the blue emergency call button outside Sidney-Pacific, summoning the MIT Police. He was taken to MIT Medical, and medical tests did not find any serious injuries. John Di Fava, director of office security and campus police services, said that the installation of additional lighting near Sidney Pacific is an ongoing project. He also said he hopes to move an ATM into the dormitory. Di Fava recommends that residents use common sense when going out at night. He said that the Cambridge Police has been cooperative with MIT Police efforts to lower crime in the area, allowing MIT Police to share data with the Cambridge Police and having additional patrols in the Central Square area. Residents of Sidney-Pacific were concerned about the robbery, but said that the robbery did not cause changes in their daily activities. Adrian K. C. Lee G said that he has the Cambridge Police phone number stored in his cell phone and arranges his schedule to avoid walking alone late at night. Benjamin Estevez G said that though he was surprised by the robbery, he was "not really worried." Anthony H. Kim G said "I don't pay much attention" to the crime in the area, but added that he tries to be careful when out in the area. -- Kelley Rivoire This story was published on Tuesday, April 27, 2004. Volume 124, Number 22 Copyright and distribution information Other options: Read other stories in this issue. Return to our home page. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rsw at jfet.org Tue Apr 27 14:17:44 2004 From: rsw at jfet.org (Riad S. Wahby) Date: Tue, 27 Apr 2004 17:17:44 -0400 Subject: recent node activity Message-ID: <20040427211744.GA26663@jfet.org> The al-Qaeda.net node was down for about 30 hours or thereabouts. It ought to be back up now. Messages received during that period have been resent. Sorry for the unannounced outage. Things should be better now. -- Riad Wahby rsw at jfet.org MIT VI-2 M.Eng From rah at shipwright.com Tue Apr 27 14:26:54 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 27 Apr 2004 17:26:54 -0400 Subject: ID cards to use 'key database' of personal info Message-ID: The Register Biting the hand that feeds IT The Register ; Internet and Law ; Digital Rights/Digital Wrongs ; Original URL: http://www.theregister.co.uk/2004/04/26/id_card_draft_published/ ID cards to use 'key database' of personal info By John Lettice (john.lettice at theregister.co.uk) Published Monday 26th April 2004 15:34 GMT David Blunkett today published his draft bill paving the way for a compulsory UK ID card, and reports over the weekend claimed that cabinet opposition had drawn some of the scheme's fangs, the draft suggests that it will be more extensive than expected in several key areas. According to the Sunday Times, (http://www.timesonline.co.uk/article/0,,2087-1086784,00.html) Foreign Secretary Jack Straw has secured agreement that it will never be mandatory to carry a card, that a Commons vote will be required before police can require a card's production, and that it will not be necessary to produce a card in order to obtain hospital treatment or welfare benefits. Speaking this morning however Blunkett disputed this, pointing to sections 15-18 of the draft as giving the necessary clearances. This section indeed makes provision for public services to hinge on ID cards, but specifically rules out the compulsion to carry it at all times or produce it for police. How long this will last is perhaps another matter. Blunkett is however pitching the scheme far more widely than simply as an entitlement, immigration, crime or terror control mechanism. Rather, it is intended as the cornerstone of identity and identity-management in the UK. The draft bill covers the setting up of a national identity register, which is described as "the key database of personal information which the biometric cards would link to," and envisages the creation of "a 'family' of ID cards, based on designated existing and new documents." This suggests far broader purposes than simply identifying individuals, and the Home Office announcement makes no bones about this: "ID cards will help tackle the type of serious and organised crime which depends on being able to use false identities - terrorism, drug trafficking, money laundering, fraud through ID theft, and illegal working and immigration. They will also enable people to access services more easily, and prevent access to those with no entitlement. And crucially, the cards will help people live their everyday lives more easily, giving them a watertight proof of identity for use in daily transactions and travel." The extent of the ID card's utility in dealing with false identity is at the very least somewhat slighter than Blunkett would have us believe, and its usefulness in dealing with ID fraud in commercial areas is dependent on whether or not it is used as strong ID there, and on the necessary equipment to validate the ID being present. An ID card with your fingerprints on it, for example, is of no protection to you in cases of 'cardholder not present' fraud (and it certainly useless in the Internet), and doesn't stop someone intercepting your mail and signing up for credit cards in your name. If we were just talking about a piece of government ID issued for government purposes only, then that would be OK - but here we're talking about "watertight proof of identity for use in daily transactions and travel." So we're not - Blunkett is really talking about something that will need substantially more networked checking points than something that was just 'son of passport', and about a lot more data, accessed by a lot more different government and non-government organisations, held centrally. And if it leads to more data on the card itself that can be used without further and/or biometric validation, then the cards themselves will tend to become more worth stealing. This is surely recklessly ambitious. More so because Blunkett still shows little sign of having a sound grasp of the actual capabilities of ID systems. This morning, for example, he told Today that ID cards "couldn't solve Madrid [the bombings] because nobody has biotechnology today." In the cases of both 9/11 and Madrid the attackers appear to have had valid ID, so biometric valid ID is neither here nor there, but despite having had this put to him by numerous interviewers Blunkett seems unable to stop presenting biometrics as some kind of magic. He went on to explain the situation of countries who didn't have biometric ID: "Those without biometrics will be known as the easiest touch. That's why we need to be ahead." The logic of this situation, that those countries where it is easier to obtain ID can be used by terrorists to establish valid ID which can then be used to visit and bomb the UK, seems to elude him. The Home Office does have schemes for biometric ID for non-UK passport holders in the UK, and is already fingeprinting asylum seekers and some visa applicants, but the scheme as announced today actually rules out biometrics for visitors who are staying less than three months. Which would seem to suggest that terrorists on an awayday are entirely immune to the #3.1 billion biometric checking regime. The roadmap as presented by Blunkett yesterday is as follows. Following the publication of the draft there will be "further consultation including opening up technical issues and inviting a development partner from the private sector", then a full bill will be introduced in the autumn session. Biometric passports will appear within three years, and "as we're putting this on a clean database this will not be forgeable." Foreign nationals will be brought into the scheme "as quickly as possible" and "we're hoping people will want voluntarily to renew their passport early" (not at those prices mate, so we can expect some special incentive discounts on the #73 for a passport), "so within seven years we will start to move to the position where people across the population have got an ID card." The Home Office itself today published a target of 80 per cent of the economically active population by 2013. Privacy International described the scheme as "draconian and dangerous," pointing out that the draft gave the Home Secretary wide powers to disclose identity-related information to a range of authorities, including police, Inland Revenue and Customs & Excise, can order a person to register for an ID card, and can even have them registered against their will if the necessary data is already known. A range of new offences including failure to notify of a damaged or defective card, and failure to report a change of address, is also introduced. The home Secretary (i.e. Blunkett) "has the power to make Orders to change almost every element of the proposed system." It is, says Privacy International director Simon Davies, "a disgrace to democracy." Related links: Draft bill and consultation (http://www.homeoffice.gov.uk/docs3/identitycardsconsult.pdf) Privacy International release (http://www.privacyinternational.org/issues/idcard/uk/pi-id-card-4-04.html) UK public wants ID cards, and thinks we'll screw up the IT (http://www.theregister.co.uk/2004/04/22/id_cards/) Fingerprints as ID - good, bad, ugly? (http://www.theregister.co.uk/2004/04/19/biometrics/) ID cards: a guide for technically-challenged PMs (http://www.theregister.co.uk/2004/04/05/uk_id_cards/) -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Apr 27 14:27:01 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 27 Apr 2004 17:27:01 -0400 Subject: Airport security failures justify CAPPS-II snoop system Message-ID: The Register Biting the hand that feeds IT The Register ; Security ; Identity ; Original URL: http://www.theregister.co.uk/2004/04/26/airport_security_failures/ Airport security failures justify CAPPS-II snoop system By Thomas C Greene (thomas.greene at theregister.co.uk) Published Monday 26th April 2004 20:21 GMT Recent government reports on the failure of American airport screeners to detect threat objects at security checkpoints may provide ammunition for proponents of the controversial Computer Assisted Passenger Prescreening System (CAPPS II) database solution, which is currently stalled by myriad snafus too numerous to mention. Human error The Department of Homeland Security (DHS) Inspector General and the Congressional General Accounting Office (GAO) have both submitted reports on the competence of airport passenger and baggage screeners, and found, not surprisingly, that they are no more effective today than they were before the security frenzy brought about by the 11 September atrocities. In testimony before the House Aviation Subcommittee (http://www.house.gov/transportation/aviation/04-22-04/04-22-04memo.html), Inspector General for Homeland Security Clark Ervin and GAO Managing Director Norman Rabkin said that the Transportation Security Administration's (TSA's) well-paid screening personnel are no more effective than the inexpensive rent-a-cops provided by private contractors. A comparison between federal screeners and those participating in a pilot program for private contractors called the PP5 Program. According to Ervin, federal and private screeners "performed about the same, which is to say, equally poorly." He added that "this result was not unexpected, considering the degree of TSA involvement in hiring, deploying, and training the [private sector] screeners." It's believed that TSA's interference in the PP5 Program and its bureaucratic inertia are important reasons why the private-sector screeners failed to outdo their civil-service counterparts. Both reports are biased against the TSA. They assume that TSA is a lost cause, although, ironically, it had originally been touted as a much-needed fix for the incompetence of private contractors, upon whom blame for the 9/11 atrocity was conveniently fixed in the immediate aftermath. It now appears that TSA is seen as the chief source of security incompetence and failure. "TSA's tight controls over the pilot program restricted flexibility and innovation that the contractors may have implemented to perform at levels exceeding that of the federal workforce. TSA needs to establish a more robust pilot program that allows greater flexibility to test new innovations and approaches," Ervin said. Defective detectives Indeed, passenger screening is no better than it was 17 years ago. Covert testing conducted in 1978 - back when screeners were reasonably polite and quick and unobtrusive about their business - found that 13 per cent of threat objects passed undetected. Today, in the wake of post-9/11 security hysteria, and its attendant aggressive bullying of the public and punishment-strip searching of anyone daring to pass a sarcastic comment, the figure is 20 per cent. TSA Administrator Admiral David Stone defended his outfit and took issue with the reports. "Testing in the Nineties was in no way even comparable to what we do," he said. While it may be true that today's covert testing is more sophisticated, detection equipment has also improved to make the screeners' jobs easier, though he neglected to emphasize this fact. The red teams and the blue teams have both got better tricks up their sleeves, so there's certainly nothing unfair about the penetration tests, as Stone tried to imply. Still, bad news for human screeners may well be good news for technology. Database Hell Stone showed little enthusiasm for the PP5 Program, but he is a big proponent of CAPPS II, having touted it before the same House committee back in March as a scheme promising to deliver "vital impact ... on aviation security." He has studied the vendor's PR boilerplate with great care. CAPPS II is a "second-generation prescreening system [that] will be a centralized, automated, threat-based, real time, risk assessment platform ... expected to employ technology and data analysis techniques to conduct an information-based identity authentication," he gushed. The system is a product of aviation defense contractor Lockheed Martin Corporation, promoted by US Transportation Secretary and former Lockheed Martin Vice President Norman Mineta, Stone's boss. At present, the grand "risk assessment platform" is mired in failure. What little of it currently works has not been tested adequately because carriers are withholding passenger data in fear of a public backlash on privacy grounds. The accuracy of the many databases that CAPPS II will scour for its incriminating evidence has not yet been established. Procedures for passengers to detect inaccurate data, and get inaccurate data and false positives resolved, have not been implemented. Major privacy threats inherent in the system, particularly those involving restrictions on access, have not been addressed. The potential for malevolent identity thieves to impersonate innocent travelers remains high. False consciousness This is all good, because CAPPS II is one of the worst possible solutions to airport security. It won't prevent terrorists from flying; rather, it will increase the probability of another successful attack using commercial aircraft. The reason is painfully obvious: a group can very conveniently use the system to pre-screen its members and discover which of them have profiles that result in extra scrutiny. Thus CAPPS II is a superb tool for terrorists to use in assessing airport defenses. A group of unarmed terrorists can board two or three flights in succession and observe how the system reacts to them. If, after a few trial runs, they discover that they're allowed to board unchallenged, they can assume that their profiles do not trigger a warning. Armed with that information, they'll stand a good chance of mounting a real attack. CAPPS II is a disaster for two reasons: first, it will create a false sense of security among airline staff and provide further excuses for screeners to perform poorly; and second, it offers terrorists an excellent training device that they can use to assemble a group of people who can get onto airplanes without arousing suspicion. Ironically, the closer CAPPS II comes to achieving its stated goals, the more effective it will become as a terrorist tool. So it is indeed good that its development is going poorly. The problem, however, is that the recently publicized failures among human screeners will provide rationale to rush it into service. CAPPS II may well find itself on a fast track, pushed hard by those who would exploit the popular misconception that computers and other high-tech gizmos can compensate for human fallibility. . Thomas C Greene is the author of Computer Security for the Home and Small Office, a complete guide to system hardening, online anonymity, encryption, and data hygiene for Windows and Linux, available at discount in the USA (http://www.amazon.com/exec/obidos/tg/detail/-/1590593162/), and in the UK (http://www.amazon.co.uk/exec/obidos/ASIN/1590593162/). Related stories American Airlines data used to test passenger snoop system (http://www.theregister.co.uk/2004/04/13/privacy/) The wrong stuff: what it takes to be a TSA terror suspect (http://www.theregister.co.uk/2004/04/07/aclu-suit/) Campaigners fight biometric passports (http://www.theregister.co.uk/2004/03/29/campaigners_fight_biometric_passports/) Data on 10m Northwest fliers handed to NASA for testing (http://www.theregister.co.uk/2004/01/20/data_on_10m_northwest_fliers/) US using EU airline data to test CAPPS II snoop system (http://www.theregister.co.uk/2004/01/15/us_using_eu_airline_data/) Commission agrees US access to EU citizen personal data (http://www.theregister.co.uk/2003/12/17/commission_agrees_us_access/) Congress threatens two hi-tech Gestapo programs (http://www.theregister.co.uk/2003/07/17/congress_threatens_two_hitech_gestapo/) -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Apr 27 14:27:11 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 27 Apr 2004 17:27:11 -0400 Subject: ID card scheme £2,500 fine threat Message-ID: The BBC Monday, 26 April, 2004, 18:41 GMT 19:41 UK ID card scheme #2,500 fine threat People who refuse to register for the government's planned ID card scheme could face a "civil financial penalty" of up to #2,500, it has emerged. David Blunkett said not making registering a criminal issue would avoid "clever people" becoming martyrs. And he promised strict limits on the type of information stored on ID cards. Under Monday's draft bill, carrying false papers will be a criminal offence but MPs have until 2013 to decide if registration should be compulsory. 'Soft touch' Details of card holders kept on the National Identity Register will include name, address and previous addresses as well as nationality and immigration status. Mr Blunkett also confirmed that people will have the right to see their entry on the register. He said ID cards were needed to prevent the UK becoming a "soft touch" for terrorists. But DNA and other health information would not be included on the cards and there would be an independent regulator to control the type of information they contain. Royal family Legislation is expected to be introduced to Parliament in the autumn, with the first biometric passports, which store fingerprint or iris scan information, issued in 2005 and the first cards carrying fingerprint details in 2007. HOW SCHEME WILL WORK Passport price hike of #35 to meet #3.1bn cost of ID card scheme Postal passport applications would no longer be possible 2008: 80% of economically active population will carry some form of biometric identity document 2013: MPs to vote on whether registration should be compulsory New ID would require people to sit in a "biometric enrolment pod" which photographs them and scans the face and iris Information is recorded on a microchip and in a central database Source: Home Office Ministers will make the final decision on compulsory registration by 2013, as detailed in the government's original timetable published in November. By that time, Mr Blunkett expects 80% of the population to hold biometric identification either in the form of a passport, a driving licence or a voluntary ID card. Asked whether members of the Royal Family would be required to apply for a card if compulsion is introduced, Mr Blunkett said: "We are all subjects and citizens." Illegal working A trial of identity card technology was launched on Monday involving 10,000 volunteers. Ministers believe that as well as fighting terrorism, the cards will help to crack down on ID fraud, human trafficking and illegal working, as well as stopping people exploiting health and welfare services. Mr Blunkett claimed the biometric system would make UK ID cards impossible to forge - unlike cards used elsewhere in Europe. Safeguards Liberal Democrat home affairs spokesman Mark Oaten said: "I would much rather see the #3bn that's going to be incurred in looking at better intelligence". Shadow Home Secretary David Davis said the Tories backed the idea of ID cards but said safeguards had to be put in place to prevent the misuse of personal information. The draft Bill sets out proposals for a national identity register to hold details of all 60 million people in the UK. This will enable a person's identity to be authenticated when they produce their card. The legislation also sets out safeguards to prevent government officials from misusing the data. As part of a large-scale test of the equipment, volunteers are having biometric details recorded, involving facial scans, iris scans and fingerprints. Trials are beginning at the UK Passport Service's London HQ on Monday, with further trials to be held in Leicester, Newcastle and Glasgow The biometric checks will become compulsory for anyone applying for, or renewing, passports from 2007. Biometrics will also be introduced into driving licences later. If cards are made compulsory, they will have to be produced to access a range of public services including the NHS and benefits. The estimated #3.1bn cost of introducing the scheme will be met by increasing the cost of passports. Civil rights campaign group Liberty said the government was effectively introducing an identity tax. Liberty director Shami Chakrabarti said there were privacy implications, while no government had yet shown itself competent to manage such databases. The Home Affairs select committee said it would be placing the draft bill under close scrutiny. As part of the inquiry, the committee will take evidence from the Home Secretary David Blunkett MP on 4 May and will also be calling for written submissions on the draft bill as part of the process of pre-legislative scrutiny. People who want to take part in the trial should send an email to trial at mori.com. BIOMETRICS OPTIONS Facial scanning: A camera with appropriate software records face contours and converts them into code. A computer processes the data and checks against stored record. Iris imaging: Software scans a digital image of the iris to compare its unique pattern with all those stored. Fingerprinting: A scanner reads the ridge patterns and compares the converted code with those on a database. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Apr 27 14:28:03 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 27 Apr 2004 17:28:03 -0400 Subject: Fact checking Message-ID: [having problems with an MX record somewhere. Let's see if this works...] At 3:04 PM -0400 4/26/04, Damian Gerow parsed a sentence thusly: >That's not saying that he invented the internet, it's saying that he took >initiative in creating it. Okay. I'll bite. Let's do a Rorschach test. Please parse *this* sentence: "A well regulated militia, being necessary to the security of a free state, the right of the people to keep and bear arms, shall not be infringed." :-) Too hard? How about this one: "Counsel is fully aware that Ms. Lewinsky has filed, has an affidavit which they are in possession of saying that there is absolutely no sex of any kind in any manner, shape or form, with President Clinton..." ;-) YMO"I"MV? Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "...if a person can't communicate, the very least he can do is to shut up." -- Tom Lehrer From roy at rant-central.com Tue Apr 27 14:45:27 2004 From: roy at rant-central.com (Roy M. Silvernail) Date: Tue, 27 Apr 2004 17:45:27 -0400 Subject: BBC on all-electronic Indian elections In-Reply-To: <1083019167.17427.7.camel@daft> References: <40854187.9060602@exmosis.net> <20040420153819.GG29689@acm.jhu.edu> <408D285C.7060302@sunder.net> <20040426160027.GA77143@afflictions.org> <408D3FC6.8010704@sunder.net> <1083019167.17427.7.camel@daft> Message-ID: <1083102327.18725.0.camel@localhost> On Mon, 2004-04-26 at 18:39, Steve Furlong wrote: > On Mon, 2004-04-26 at 12:58, sunder wrote: > > Al's prise pig of a wife, Tipper, helped found the PMRC > > against lyrics in songs. > > And, like all statists, they went widely astray of their goals. Frank > Zappa's _Jazz from Hell_ got a "Tipper Sticker", indicating obscene > lyrics. They didn't notice that _JfH_ was an instrumental album. Must have been because of 'G-Spot Tornado'. -- Roy M. Silvernail is roy at rant-central.com, and you're not Never Forget: It's Only 1's and 0's! SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com From rsw at jfet.org Tue Apr 27 14:54:04 2004 From: rsw at jfet.org (Riad S. Wahby) Date: Tue, 27 Apr 2004 17:54:04 -0400 Subject: Infrared flash? In-Reply-To: <0404262223240.-1252199436@somehost.domainz.com> References: <0404262223240.-1252199436@somehost.domainz.com> Message-ID: <20040427215404.GB26663@jfet.org> Thomas Shaddack wrote: > What would be the best approach? The energies here are more in the range > of rotation/vibration changes than electrons jumping up and down between > the energy states. How to convert a blast of electrical energy into a > shower of near-IR photons? If all you're trying to do is screw with surveillance cameras, a Xenon tube is crushing a fly with a crane. You can probably get away with an IR laser and a diffuser or something to that effect. It would be cheap (diode laser) and easy to build (for a strobe-like effect it would take, what? a 555, a couple resistors, a cap, and the diode). If you want, you can probably extend this idea to much more IR output just by adding more diodes and more juice. I don't remember the numbers off the top of my head, but IIRC the efficiency of a diode is substantially greater than the efficiency of a Xenon tube. Just took a quick look around, and it seems like a Xenon would still work at 900nm: http://msp.rmit.edu.au/Article_03/02a.html Apparently, Xenon tubes put out lots of crap around 900nm. In fact, it's somewhat more than they do in the visible spectrum. If you get yourself a good enough filter, you might be able to pull off a mega-photon-dump setup. -- Riad Wahby rsw at jfet.org MIT VI-2 M.Eng From declan at well.com Tue Apr 27 17:10:55 2004 From: declan at well.com (Declan McCullagh) Date: Tue, 27 Apr 2004 19:10:55 -0500 Subject: [IP] One Internet provider's view of FBI's CALEA wiretap push In-Reply-To: <20040423150644.GP1026@leitl.org>; from eugen@leitl.org on Fri, Apr 23, 2004 at 05:06:44PM +0200 References: <20040423150644.GP1026@leitl.org> Message-ID: <20040427191055.A8609@baltwash.com> On Fri, Apr 23, 2004 at 05:06:44PM +0200, Eugen Leitl wrote: > Pulling the power is the exact wrong thing to do if it's a CFS requiring a > passphrase at startup. > > Does anyone know what the default procedure is when hardware is being seized > (threat model=knuckle-dragger/gumshoe)? This might have a clue. Been a while since I read it, though. http://www.cybercrime.gov/s&smanual2002.htm -Declan From skquinn at xevious.kicks-ass.net Tue Apr 27 17:30:42 2004 From: skquinn at xevious.kicks-ass.net (Shawn K. Quinn) Date: Tue, 27 Apr 2004 19:30:42 -0500 Subject: Multiple copies of messages Message-ID: <200404271930.43061.skquinn@xevious.kicks-ass.net> Just today, I started getting multiple copies of each message. Am I the only person this is happening to? -- Shawn K. Quinn From rsw at jfet.org Tue Apr 27 17:30:51 2004 From: rsw at jfet.org (Riad S. Wahby) Date: Tue, 27 Apr 2004 20:30:51 -0400 Subject: looping Message-ID: <20040428003051.GA2908@jfet.org> Looping should be fixed now. Sorry y'all; I suck. -- Riad Wahby rsw at jfet.org MIT VI-2 M.Eng From dgerow at afflictions.org Tue Apr 27 18:05:32 2004 From: dgerow at afflictions.org (Damian Gerow) Date: Tue, 27 Apr 2004 21:05:32 -0400 Subject: Fact checking In-Reply-To: <20040427121504.GA9854@cybershamanix.com> References: <20040426160027.GA77143@afflictions.org> <408D3FC6.8010704@sunder.net> <20040426171446.GB77143@afflictions.org> <009e01c42bb7$94fe4d80$110f4b18@firedancer> <20040426190414.GD77143@afflictions.org> <000d01c42bc9$30bb2b10$110f4b18@firedancer> <20040426201240.GL77143@afflictions.org> <20040426232457.GB9558@cybershamanix.com> <20040427002006.GN77143@afflictions.org> <20040427121504.GA9854@cybershamanix.com> Message-ID: <20040428010532.GT76534@afflictions.org> Thus spake Harmon Seaver (hseaver at cybershamanix.com) [27/04/04 17:18]: : All of the above, but mostly door-to-door voter registration. When you : consider that both klinton and dubbya were elected with only 13%-14% of the : eligible voters, it wouldn't take all that many new voters to really make a : difference. "Hi, Sir, my name is Bob and I'm here to educate you about all the candidates in the upcoming election that your eight second attention span will allow me. Oops, I guess I've used it all up. Bye now!" These things all work in theory, but never in practice. Why bother putting something up in a library? Chances are, if someone's reading it there, they're already somewhat knowledgable about the candidates. Or heck, maybe they're even there to do /research/ on them! Grocery store posters? When was the last time you stopped to read one of those? Radio ads? What group of volunteers would have the dough to cough up enough to get a spot on a semi-popular radio station? One that's unbiased enough to /let/ you play a spot like what you'd want to play? I don't see any way to educate the mass public. The best option I've seen was when a couple of Canadians, frustrated at the options, started eating their ballots. They got arrested a few times, but I think the charges were dropped. At least that caught /some/ attention. The more shocking it is, the more attention it will grab, the more effect it will have, however short-term it may be. And the more I think of swapping crack for cracked votes, the more I like it. From gbi at actti.com Wed Apr 28 06:07:03 2004 From: gbi at actti.com (Gail) Date: Wed, 28 Apr 2004 06:07:03 -0700 Subject: [IP] Florida town to record all license plate numbers; check drivers Message-ID: Dear Dave, Last summer I had a chance to go to Virginia Beach, VA. Not only do they have "FaceIt" facial recognition cameras on the street corners http://newsobserver.com/24hour/nation/story/1027482p-7209015c.html but they have all sorts of other goodies to make it one of the scariest towns I've been to. All the features of this "family town" were instituted not after 9/11, but to contain the African Americans during the "GreekFest" in the late eighties. http://www.portfolioweekly.com/html/the_future_strip.html I've included an image I took of the "no cussing" signs Gail Bracy "If I take my medication, my bad uncle stays in Yonkers." - Law and Order. ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From jdd at dixons.org Wed Apr 28 00:48:47 2004 From: jdd at dixons.org (Jim Dixon) Date: Wed, 28 Apr 2004 08:48:47 +0100 (BST) Subject: Multiple copies of messages In-Reply-To: <200404271930.43061.skquinn@xevious.kicks-ass.net> Message-ID: <20040428084529.G43648-100000@localhost> On Tue, 27 Apr 2004, Shawn K. Quinn wrote: > Just today, I started getting multiple copies of each message. Am I the > only person this is happening to? Three copies of your message received so far. -- Jim Dixon jdd at dixons.org tel +44 117 982 0786 mobile +44 797 373 7881 http://jxcl.sourceforge.net Java unit test coverage http://xlattice.sourceforge.net p2p communications infrastructure From pique at netspace.net.au Tue Apr 27 15:54:52 2004 From: pique at netspace.net.au (Tim Benham) Date: Wed, 28 Apr 2004 08:54:52 +1000 Subject: Fact checking In-Reply-To: <200404272140.i3RLebpM067830@waste.minder.net> References: <200404272140.i3RLebpM067830@waste.minder.net> Message-ID: <200404280854.52166.pique@netspace.net.au> > Date: Tue, 27 Apr 2004 11:06:50 -0400 > From: "Tyler Durden" > Subject: Re: Fact checking > > >How do you start motivating a lazy and apathetic public to learn about > >their > >candidates, and vote? Door-to-door campaigns? Talks at the local > > library? Grocery store posters? > > Well, imagine if we could buy votes...I'd bet we could scrounge up a few > hundred thousand votes for the price of a few vials of crack. Then imagine > we 'elect' bin Laden as a Senator or something with these votes. > > I bet people would start voting after that. If they don't, offer them two vials of crack! More benefits of the vote buying scheme are being discovered daily. Maybe it could be trialled at a local level in the US. You could get it started with one of those proposition thingies you have over there. It shouldn't be difficult - how much would it cost to get someone to sign a petition? cheers, Tim From mv at cdc.gov Wed Apr 28 09:26:31 2004 From: mv at cdc.gov (Major Variola (ret.)) Date: Wed, 28 Apr 2004 09:26:31 -0700 Subject: DNA tracking Message-ID: <408FDB36.810D9B5F@cdc.gov> Rapist being hunted with DNA London, , Apr. 28 (UPI) -- British authorities are using a new DNA technique to catch a serial rapist and burglar, the Times of London reported Wednesday. Known as "ancestral testing," the technique aims to discover the rapist's family background and narrow the number of suspects. DNA samples taken from victims have established the rapist is descended from native Americans, Europeans and sub-Saharan Africans. Those samples also indicate the criminal's family originally came from an island in the Caribbean. Scotland Yard wants police and civilian staff from West Indian backgrounds to provide samples so a DNA map can be created to pinpoint the rapist's origins. Police also are using another DNA technique to check criminal records to see if a relative of the attacker has come to police notice. The perpetrator is responsible for 84 burglaries, four rapes and 27 indecent assaults over 12 years. His sex crimes are against elderly women. http://washingtontimes.com/upi-breaking/20040428-100131-6387r.htm From dave at farber.net Wed Apr 28 06:30:49 2004 From: dave at farber.net (Dave Farber) Date: Wed, 28 Apr 2004 09:30:49 -0400 Subject: [IP] Florida town to record all license plate numbers; check drivers Message-ID: From mv at cdc.gov Wed Apr 28 10:06:04 2004 From: mv at cdc.gov (Major Variola (ret.)) Date: Wed, 28 Apr 2004 10:06:04 -0700 Subject: Arrested for webmastering Message-ID: <408FE47A.D0326B7C@cdc.gov> Computer Student on Trial for Aid to Muslim Web Sites By TIMOTHY EGAN Published: April 27, 2004 OISE, Idaho, April 23  Not long after the terrorist attacks of Sept. 11, 2001, a group of Muslim students led by a Saudi Arabian doctoral candidate held a candlelight vigil in the small college town of Moscow, Idaho, and condemned the attacks as an affront to Islam. Today, that graduate student, Sami Omar al-Hussayen, is on trial in a heavily guarded courtroom here, accused of plotting to aid and to maintain Islamic Web sites that promote jihad. As a Web master to several Islamic organizations, Mr. Hussayen helped to maintain Internet sites with links to groups that praised suicide bombings in Chechnya and in Israel. But he himself does not hold those views, his lawyers said. His role was like that of a technical editor, they said, arguing that he could not be held criminally liable for what others wrote. Civil libertarians say the case poses a landmark test of what people can do or whom they can associate with in the age of terror alerts. It is one of the few times anyone has been prosecuted under language in the antiterrorism law known as the USA Patriot Act, which makes it a crime to provide "expert guidance or assistance" to groups deemed terrorist. "Somebody who fixes a fax machine that is owned by a group that may advocate terrorism could be liable," said David Cole, a Georgetown University law professor who argued against the expert guidance part of the antiterrorism law this year, in a case where it was struck down by a federal judge. http://www.nytimes.com/2004/04/27/national/27BOIS.html?pagewanted=all& ....... Compare to the recent law where editing a paper from a nasty nation would be illegal. The IEEE kissed Ashcroft's ass, other periodicals objected more. ------ Of course there are limits in regards to freedom of speech. They are as follows: "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances." Everything else is, of course, allowed. -Sunder From hseaver at cybershamanix.com Wed Apr 28 08:34:04 2004 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Wed, 28 Apr 2004 10:34:04 -0500 Subject: Fact checking In-Reply-To: <20040428010532.GT76534@afflictions.org> References: <408D3FC6.8010704@sunder.net> <20040426171446.GB77143@afflictions.org> <009e01c42bb7$94fe4d80$110f4b18@firedancer> <20040426190414.GD77143@afflictions.org> <000d01c42bc9$30bb2b10$110f4b18@firedancer> <20040426201240.GL77143@afflictions.org> <20040426232457.GB9558@cybershamanix.com> <20040427002006.GN77143@afflictions.org> <20040427121504.GA9854@cybershamanix.com> <20040428010532.GT76534@afflictions.org> Message-ID: <20040428153404.GA13643@cybershamanix.com> On Tue, Apr 27, 2004 at 09:05:32PM -0400, Damian Gerow wrote: > > Thus spake Harmon Seaver (hseaver at cybershamanix.com) [27/04/04 17:18]: > : All of the above, but mostly door-to-door voter registration. When you > : consider that both klinton and dubbya were elected with only 13%-14% of the > : eligible voters, it wouldn't take all that many new voters to really make a > : difference. > > "Hi, Sir, my name is Bob and I'm here to educate you about all the > candidates in the upcoming election that your eight second attention span > will allow me. Oops, I guess I've used it all up. Bye now!" > > These things all work in theory, but never in practice. > You obviously have never done any door-to-door. People are quite often very interested. We've had fairly good success organizing people on local issues which affect them, like opposition to street widening. Voter registration is the same thing. > Why bother putting something up in a library? Chances are, if someone's > reading it there, they're already somewhat knowledgable about the > candidates. Or heck, maybe they're even there to do /research/ on them! > The mention was "giving talks in libraries", which works fairly well. The local library is the logical meeting place for local groups to hold meetings and talks. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com Hoka hey! From pelle at veraxpay.com Wed Apr 28 10:30:11 2004 From: pelle at veraxpay.com (Pelle Braendgaard) Date: Wed, 28 Apr 2004 12:30:11 -0500 Subject: [Neuclear-general] ANNOUNCE: Released version 0.7 of NeuClear Commons Message-ID: Panama City, 28 April, 2004. We are happy to announce the 0.7 release of NeuClear Commons. Main goal of this release is to support the 0.9 release of NeuClear ID. Download it today and join in the NeuClear revolution. Major new features are: * New Swing based Passphrase Agent * DefaultSigner is now completely interactive. * SQLSigner stores Public Private Key Pairs in SQL using Hibernate. * Removed all old SQL support code. * Added in memory caching to Public Key Resolver * Added new interactive signing model with the BrowsableSigner interface * New SetPublicKeyCallback method for returning the public key in interactive applications For more information see: http://dev.neuclear.org/commons/ Full Release notes below: Release Notes - NeuClear Commons - Version r_0_7 ** Bug * [COM-13] - Handle Invalid Passphrase in SwingAgent * [COM-14] - Use different screen layout for normal passphrase in SwingAgent * [COM-25] - Remembered passphrase is forgotten if identity is changed * [COM-27] - Loop when JCESigner is loaded with incorrect passphrase * [COM-31] - Remembered passphrase doesnt enable "sign" button * [COM-33] - Signed HTML generated by Identity and subclasses fail verification ** New Feature * [COM-4] - Create Completely Interactive Signing Method * [COM-5] - Support for more advanced passphrase agent * [COM-6] - Set PublicKey Callback Method * [COM-10] - Create Improved GUI Agent * [COM-11] - Add remember Passphrase to SwingAgent * [COM-12] - Add Identity Generator to SwingAgent * [COM-16] - add Password encrypted private key methods to CryptoTools * [COM-17] - Create SQLSigner * [COM-18] - Make DefaultSigner an intelligent wrapper for end user signing front ends * [COM-20] - Add Save Key Store Dialog to InteractiveAgent * [COM-21] - Add Open Key Store Dialog to InteractiveAgent * [COM-22] - Implement Save in SwingAgent ** Task * [COM-15] - Update project.xml with latest dependencies * [COM-32] - Drop all the sql packages as no longer needed ** Improvement * [COM-9] - Add in memory caching to PublicKey Resolver * [COM-19] - Create signing task queue on SwingAgent * [COM-26] - Change to DefaultSigner's method of saving -- http://talk.org + Live and direct from Panama http://neuclear.org + Clear it both ways with NeuClear ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Neuclear-general mailing list Neuclear-general at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/neuclear-general --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From emc at artifact.psychedelic.net Wed Apr 28 12:57:26 2004 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Wed, 28 Apr 2004 12:57:26 -0700 (PDT) Subject: Lowering the Bar for Threats Message-ID: <200404281957.i3SJvQRN000744@artifact.psychedelic.net> Federal Prosecutors say the conviction of Matthew Hale on charges including trying to have a federal judge killed sends an important message. But don't they always? The "plot" to kill the federal judge in this case consisted of a recorded conversation with an FBI Informant which went something like this... FBI Shill: Are we gonna exterminate the rat? Hale: I'm going to fight within the law and, but, ... if you wish to, ah, do anything, yourself, you can. Uh, right. Emboldened by their latest success in pushing the envelope, the Feebs now plan to monitor so-called "Hate Sites" more closely, and warn that under the new standards, simply publishing someone's address could be considered a murder threat. Meanwhile, a man totally unconnected with the case is under 24 hour Feeb protection because he has the same name as the aforementioned FBI Shill, and someone posted his address on the Web by mistake. Murder plotting is easy. Comedy is hard. In other threat related news, a 15 year high school freshman in Washington was questioned by the Secret Circus after a portfolio of drawings he turned in featured an armed Middle Eastern man holding an oversized Shrub head on a stick. We can all thank God he didn't publish the President's address. So apparently, if someone asks me if I plan to kill the President, and I reply that I intend to conform my behavior to all the requirements of the law, but that I wouldn't cry uncontrollably if Shrub were dropped by parachute into a mob of screaming Iraqi women with cleavers, that's apparently good for a long prison sentence these days. I wonder how long it will be until Americans get their houses pushed over with bulldozers for criticizing the government. Probably at least until after the election. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From pelle at neubia.com Wed Apr 28 11:47:48 2004 From: pelle at neubia.com (Pelle Braendgaard) Date: Wed, 28 Apr 2004 13:47:48 -0500 Subject: [Neuclear-general] ANNOUNCE: NeuClear XMLSig 0.13 Released Message-ID: Panama City, 28th of April 2004. We are happy to announce the 0.13 release of NeuClear XMLSIG. Major new features are: * Support for Interactive signing * HTML Signatures For more info see: http://dev.neuclear.org/xmlsig/ For a quick usage introduction see the Busy Developers Guide at: http://dev.neuclear.org/xmlsig/bdg.html To try it out interactively run the following (Requires Java 1.4 or above with Java Web Start) http://dist.neuclear.org/app/neuclear-signer.jnlp -- http://talk.org + Live and direct from Panama http://neuclear.org + Clear it both ways with NeuClear ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Neuclear-general mailing list Neuclear-general at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/neuclear-general --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Wed Apr 28 14:25:16 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 28 Apr 2004 14:25:16 -0700 Subject: Tipper "piggy" Gore Message-ID: <4090213C.A5BD3C61@cdc.gov> At 06:39 PM 4/26/04 -0400, Steve Furlong wrote: >And, like all statists, they went widely astray of their goals. Frank >Zappa's _Jazz from Hell_ got a "Tipper Sticker", indicating obscene >lyrics. They didn't notice that _JfH_ was an instrumental album. I didn't know that album got Tippered. I do know that the she-pig's voice is on the Mothers of Prevention album. From mv at cdc.gov Wed Apr 28 14:29:12 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 28 Apr 2004 14:29:12 -0700 Subject: Infrared flash? Message-ID: <40902228.B15D60FB@cdc.gov> At 10:28 PM 4/26/04 +0200, Thomas Shaddack wrote: >But when I want a really bright flash on about 800-900 nm, what approach >is the best? A 1 watt IR laser diode used for burning wood. They show up on eBay for ~$100. Might start a fire though :-) Also has pointing issues. >What would be the best approach? The energies here are more in the range >of rotation/vibration changes than electrons jumping up and down between >the energy states. How to convert a blast of electrical energy into a >shower of near-IR photons? Regular tungsten driven to red but not bright, with a piece of low-pass filtering glass over it. You can't get rapid modulation with tungsten, of course, but a few Hz is possible. Years ago IR leds on baseball caps were posited for defeating certain (eg ATM) cameras. Don't know if they worked. From mv at cdc.gov Wed Apr 28 14:35:51 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 28 Apr 2004 14:35:51 -0700 Subject: Driver's certificates: Logic meets the streets Message-ID: <409023B7.391CA03E@cdc.gov> At 09:46 AM 4/27/04 -0400, R. A. Hettinga wrote: >Bredesen has proposed that the state issue a "certificate of driving" to >those who either have temporary, legal documents to work or go to school >here or to those who can prove their identity and residence in Tennessee. > >The certificates cannot be used as legal identification so, for example, >the bearer of a certificate could not use it to board a plane or rent a car. Damn they're stupid in Tenn. Either the cert has identifying information or its useless. If it has identifying info, it can be used as an "ID". Regardless of some yokel's fiat. From rah at shipwright.com Wed Apr 28 12:45:47 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 28 Apr 2004 15:45:47 -0400 Subject: [Neuclear-general] ANNOUNCE: Released version 0.7 of NeuClear Commons Message-ID: --- begin forwarded text From rah at shipwright.com Wed Apr 28 12:45:56 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 28 Apr 2004 15:45:56 -0400 Subject: [Neuclear-general] ANNOUNCE: NeuClear XMLSig 0.13 Released Message-ID: --- begin forwarded text From scribe at exmosis.net Wed Apr 28 07:47:55 2004 From: scribe at exmosis.net (Graham Lally) Date: Wed, 28 Apr 2004 15:47:55 +0100 Subject: Fact checking In-Reply-To: <20040428010532.GT76534@afflictions.org> References: <20040426160027.GA77143@afflictions.org> <408D3FC6.8010704@sunder.net> <20040426171446.GB77143@afflictions.org> <009e01c42bb7$94fe4d80$110f4b18@firedancer> <20040426190414.GD77143@afflictions.org> <000d01c42bc9$30bb2b10$110f4b18@firedancer> <20040426201240.GL77143@afflictions.org> <20040426232457.GB9558@cybershamanix.com> <20040427002006.GN77143@afflictions.org> <20040427121504.GA9854@cybershamanix.com> <20040428010532.GT76534@afflictions.org> Message-ID: <408FC41B.2080703@exmosis.net> Damian Gerow wrote: > Why bother putting something up in a library? Chances are, if someone's > reading it there, they're already somewhat knowledgable about the > candidates. Or heck, maybe they're even there to do /research/ on them! > [...] > > I don't see any way to educate the mass public. Indeed, why bother? How about a system that removes your right to vote if you haven't exercised it in the last 3 elections? That way you cut out all those who really don't care, and provide an incentive for those who might. Nothing grabs attention like threatening to remove /privileges/, even if they don't actually get used. Make sure there's a handy "abstain" option for those who want to get the point across about lack of choice, and maybe a space to say why, too. Then stick the (anonymous) reasons up in a publicly-viewable space and eh, instant feedback. Or something. .g -- "I have practysed & lerned at my grete charge & dispense to ordeyne this said book in prynte that every man may have them attones." - W. Caxton From rah at shipwright.com Wed Apr 28 12:49:03 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 28 Apr 2004 15:49:03 -0400 Subject: The future of security Message-ID: --- begin forwarded text From rah at shipwright.com Wed Apr 28 12:55:41 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 28 Apr 2004 15:55:41 -0400 Subject: The crypto whiz Message-ID: CNET News http://www.news.com/ The crypto whiz By Michael Kanellos and Charles Cooper Staff Writer, CNET News.com http://news.com.com/2008-7355-5201504.html Story last modified April 28, 2004, 4:00 AM PDT Paul Kocher, president and chief scientist of Cryptography Research, came to prominence in the industry by breaking things. In 1998, the company cracked security on smart cards by monitoring how much power their internal microprocessors used. Kocher also came up with the software inside Deep Crack, a machine tailored to crack encrypted documents. Of course, he also fixes things. In the last few years, Kocher has emerged as one of the key technologists for financial companies and studios that are hoping to protect their intellectual property. He recently sat down with CNET News.com to discuss the ongoing melodramas surrounding privacy, piracy and stolen information. Q: What is the top agenda issue for cryptography? A: Let me tell you what it is not. The one thing that is stable--and really, nobody should be spending too much time worrying about--is which algorithms to use and what key sizes to use. Those are simple problems. The huge challenge, from a technical perspective, is handling complexity, because we are getting systems that are just more and more complicated, and nobody knows how to get the bugs out. The software side or hardware? Every legacy feature is a potential exposure. Software, hardware--everything. You pick it, and it is a lot more complicated today than it used to be, whether it is your network, whether it is your individual PC, whether it is a device of some kind, whether it is your microprocessor. Nobody ever removes features; they only add them--and from a security perspective, every legacy feature is a potential exposure. If you have one component that you understand really well, it is pretty easy to get your hands around your one simple piece. But then you start having 600 components that all talk to each other. Not only do you have 600 times as many components to worry about, you have to worry about all of the interactions between these things. So you have now got 360,000 different interactions. This is just horrible, because one person can no longer understand it; one person can no longer even begin to debug it. So, then you try to assign groups of people to individual pieces of the problem. But a lot of people staring at different angles of the elephant often will miss the big picture. In order to just handle this technical problem, what we often try to do is first simplify things. If you look at some of those things that we design, once you get your mind on what it is doing, it seems simple, compared to a lot of other things. That way, we can be more confident that we have not missed something. Can you give us an overview of what Cryptography Research does? Typically, our goal is to bring new technical approaches to solving really hard security problems. When you are dealing with any kind of new technology, if it backfires, there is a substantial risk. The ones that we have had the most success with have been with the security challenges of financial institutions like credit card organizations. Another area we are focusing on increasingly is piracy. We also do a lot of work with infrastructure wireless systems. Most of our revenues are from technology licensing, but most of our time goes into services. How bad is the privacy situation getting? Privacy is going to become a bigger and bigger problem over time, because sensors and data collection capabilities are improving along with Moore's Law. People collect data but do not have any plan of how they are going to get rid of it or what they are going to do with it, and so you end up aggregating vast quantities of data. It is a huge privacy risk. I can now record as much audio as I will ever experience in my entire life, and video will be there in just a few years. The chips to do location tracking are getting smaller and smaller. There is one in my cell phone. Anybody who knows what they are doing can know where I am. There is this notion that information is bad in aggregate--but good in the cases where you need it. This is something that is very alien to a lot of people, and I am not sure how to solve it. Piracy continues to be a huge, hot potato, with the studios blaming the device makers and the hardware makers trying to put responsibility on the studios. How will this get resolved? The studios are rightly upset that these companies are not spending as much money as they should to solve their security problems. But is it my job to keep your house from getting broken into? The way that I believe that it should work instead is that the studio should put some security code on the disk, and the player should run it. The technical impediments to piracy that's based on copying and storing the data are going to go away. The studios have a pretty powerful incentive to protect these materials, so how come this system isn't in place now? It turns out that there are some very complicated technical problems in making this work. And fixing the problem from an economic perspective is not the way most engineers look at it. Most people look at security as this binary thing: Either it is insecure, or it is secure. If you take that kind of a perspective, this whole notion of apportioning risk does not even really apply. One of the advantages our research group has is a lot of experience in working with credit card industries. The philosophy you learn there is really valuable, because there is this notion of risk. You can copy your average credit card with a piece of VCR tape and an iron. It is completely insecure technology, and you are always going to have fraud. But what matters is not whether you have fraud; it is what your fraud rate is. So, Visa's published numbers are 0.07 percent and 0.08 percent. Overall, it is profitable for the different participants. If the fraud rates went up by a factor of 10, it would not be. I think it has to be applied to other unsolvable problems like spam, like PC security, like piracy. Your goal here is to keep the rate of compromise low but to recognize that you cannot get rid of piracy completely or get rid of spam completely. But if piracy is below 1 percent of your revenues, it is the cost of doing business. How is the notion of risk sitting with the entertainment field? We have a guy in Japan who is meeting with CD companies. We've usually got somebody in Japan and somebody in LA. I am spending about half my time with studios right now. Nobody is saying anything publicly, but we have unofficial and strong support from much of the studios for what we are doing. Some studios have one person whose job is piracy across the entire studio. Others have an actual group of people that are reasonably technical. Who is more open to this concept--the music or the movie studios? I think that with the movie industry in particular, there is going to be this sudden and catastrophic point in time, where it becomes more convenient or more economically advantageous for your average person to pirate a movie instead of obtaining it legitimately. The music industry has sort of crossed a threshold already. They are really getting hammered by piracy. With movies, the only big difference is that you have a lot more data, which takes time to download. Instead of having a couple megabytes, you have a couple gigabytes. But Moore's Law clearly shows that is going to change, and when that changes, piracy rates are going to go up dramatically. Hard disks double about every 12 months. You will be able to put every major Hollywood release ever onto an $80 hard disk in high definition, and if it is not 2013, it will be 2015. The technical impediments to piracy based on copying and storing the data are going to go away. How did you get into cryptography, anyway? Well, you grow up in Oregon, and you have no driver's license, and you have a PC in your house--that's part of it. I went to Stanford and studied biology, so I cannot really credit my formal education with anything, but while I was there, I worked part-time for Martin Hellman (co-inventor of Public Key Cryptography). When I graduated, Hellman retired the same year and sent consulting projects my way. Also, the neat thing about cryptography is that almost any aspect of society you pick has some connection to it. When you look at the government and espionage and military issues, personal liberties to voting, it is very hard to find any issue that does not have some cryptography angle to it. ? -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Wed Apr 28 12:58:54 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 28 Apr 2004 15:58:54 -0400 Subject: RSA-576 Factored Message-ID: MathWorld Headline News RSA-576 Factored By Eric W. Weisstein December 5, 2003--On December 3, the day after the announcement of the discovery of the largest known prime by the Great Internet Mersenne Prime Search on December 2 (MathWorld headline news, December 2, 2003), a team at the German Federal Agency for Information Technology Security (BIS) announced the factorization of the 174-digit number 1881 9881292060 7963838697 2394616504 3980716356 3379417382 7007633564 2298885971 5234665485 3190606065 0474304531 7388011303 3967161996 9232120573 4031879550 6569962213 0516875930 7650257059 known as RSA-576. RSA numbers are composite numbers having exactly two prime factors (i.e., so-called semiprimes) that have been listed in the Factoring Challenge of RSA Security.. While composite numbers are defined as numbers that can be written as a product of smaller numbers known as factors (for example, 6 = 2 x 3 is composite with factors 2 and 3), prime numbers have no such decomposition (for example, 7 does not have any factors other than 1 and itself). Prime factors therefore represent a fundamental (and unique) decomposition of a given positive integer. RSA numbers are special types of composite numbers particularly chosen to be difficult to factor, and they are identified by the number of digits they contain. While RSA-576 is a much smaller number than the 6,320,430-digit monster Mersenne prime announced earlier this week, its factorization is significant because of the curious property of numbers that proving or disproving a number to be prime ("primality testing") seems to be much easier than actually identifying the factors of a number ("prime factorization"). Thus, while it is trivial to multiply two large numbers p and q together, it can be extremely difficult to determine the factors if only their product pq is given. With some ingenuity, this property can be used to create practical and efficient encryption systems for electronic data. RSA Laboratories sponsors the RSA Factoring Challenge to encourage research into computational number theory and the practical difficulty of factoring large integers and also because it can be helpful for users of the RSA encryption public-key cryptography algorithm for choosing suitable key lengths for an appropriate level of security. A cash prize is awarded to the first person to factor each challenge number. RSA numbers were originally spaced at intervals of 10 decimal digits between one and five hundred digits, and prizes were awarded according to a complicated formula. These original numbers were named according to the number of decimal digits, so RSA-100 was a hundred-digit number. As computers and algorithms became faster, the unfactored challenge numbers were removed from the prize list and replaced with a set of numbers with fixed cash prizes. At this point, the naming convention was also changed so that the trailing number indicates the number of digits in the binary representation of the number. Hence, RSA-576 has 576 binary digits, which translates to 174 digits in decimal. RSA numbers received widespread attention when a 129-digit number known as RSA-129 was used by R. Rivest, A. Shamir, and L. Adleman to publish one of the first public-key messages together with a $100 reward for the message's decryption (Gardner 1977). Despite widespread belief at the time that the message encoded by RSA-129 would take millions of years to break, it was factored in 1994 using a distributed computation that harnessed networked computers spread around the globe performing a multiple polynomial quadratic sieve (Leutwyler 1994). The result of all the concentrated number crunching was decryption of the encoded message to yield the profound plain-text message "The magic words are squeamish ossifrage." (An ossifrage is a rare predatory vulture found in the mountains of Europe.) Factorization of RSA-129 followed earlier factorizations of RSA-100, RSA-110, and RSA-120. The challenge numbers RSA-130, RSA-140, RSA-155, and RSA-160 were also subsequently factored between 1996 and April of this year. (Amusingly, RSA-150 apparently remains unfactored following its withdrawal from the RSA Challenge list.) On December 2, Jens Franke circulated an email announcing factorization of the smallest prize number RSA-576. The factorization was accomplished using a prime factorization algorithm known as the general number field sieve. The two 87-digit factors found using this sieve are 3980750 8642406493 7397125500 5503864911 9906436234 2526708406 3851895759 4638895726 1768583317 x 4727721 4610743530 2536223071 9730482246 3291469530 2097116459 8521711305 2071125636 3590397527 and can easily be multiplied to verify that they do indeed give the original number. Franke's note detailed the factorization process in which "lattice" sieving was done by J. Franke and T. Kleinjung using hardware at the Scientific Computing Institute and the Pure Mathematics Institute at Bonn University, Max Planck Institute of Mathematics in Bonn, and Experimental Mathematics Institute in Essen; and "line" sieving was done by P. Montgomery and H. te Riele at CWI, F. Bahr and his family, and NFSNET (which at that time consisted of D. Leclair, P. Leyland, and R. Wackerbarth). Post-processing of this data to construct the actual factors was then done with the support of the BSI. For their efforts, the team will receive a cash prize of $10,000 from RSA Security. However, award seekers need not be deterred. As the following table shows, RSA-640 to RSA-2048 remain open, carrying awards from $20,000 to $200,000 to whoever is clever and persistent enough to track them down. A list of the open challenge numbers may be downloaded from RSA or in the form of a Mathematica package from the MathWorld package archive. number digits prize factored RSA-100 100 Apr. 1991 RSA-110 110 Apr. 1992 RSA-120 120 Jun. 1993 RSA-129 129 $100 Apr. 1994 RSA-130 130 Apr. 10, 1996 RSA-140 140 Feb. 2, 1999 RSA-150 150 withdrawn? open RSA-155 155 Aug. 22, 1999 RSA-160 160 Apr. 1, 2003 RSA-576 174 $10,000 Dec. 3, 2003 RSA-640 193 $20,000 open RSA-704 212 $30,000 open RSA-768 232 $50,000 open RSA-896 270 $75,000 open RSA-1024 309 $100,000 open RSA-1536 463 $150,000 open RSA-2048 617 $200,000 open References Franke, J. "RSA576." Privately circulated email reposted to primenumbers Yahoo! Group. Gardner, M. "Mathematical Games: A New Kind of Cipher That Would Take Millions of Years to Break." Sci. Amer. 237, 120-124, Aug. 1977. Leutwyler, K. "Superhack: Forty Quadrillion Years Early, a 129-Digit Code Is Broken." Sci. Amer. 271, 17-20, 1994. NFSNet: Large-Scale Distributed Factoring. http://www.nfsnet.org RSA Security.. "The New RSA Factoring Challenge." http://www.rsasecurity.com/rsalabs/challenges/factoring RSA Security.. "The RSA Challenge Numbers." http://www.rsasecurity.com/rsalabs/challenges/factoring/numbers.html Weisstein, E. W. Mathematica package RSANumbers.m. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Wed Apr 28 07:02:39 2004 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 28 Apr 2004 16:02:39 +0200 Subject: [IP] Florida town to record all license plate numbers; check drivers (fwd from dave@farber.net) Message-ID: <20040428140239.GC25728@leitl.org> ----- Forwarded message from Dave Farber ----- From rah at shipwright.com Wed Apr 28 13:15:17 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 28 Apr 2004 16:15:17 -0400 Subject: Bank transfer via quantum crypto Message-ID: --- begin forwarded text From ptrei at rsasecurity.com Wed Apr 28 13:40:39 2004 From: ptrei at rsasecurity.com (Trei, Peter) Date: Wed, 28 Apr 2004 16:40:39 -0400 Subject: Lowering the Bar for Threats Message-ID: > -----Original Message----- > From: owner-cypherpunks at minder.net > [mailto:owner-cypherpunks at minder.net]On Behalf Of Eric Cordian > > I wonder how long it will be until Americans get their houses > pushed over > with bulldozers for criticizing the government. Probably at > least until > after the election. Didn't they do that at Waco? I remember the heavy vehicles knocking in the walls, as all the while the loudspeakers advised the men, women, and children trapped inside that 'this is not a raid'. Peter Trei From justin-cypherpunks at soze.net Wed Apr 28 12:37:53 2004 From: justin-cypherpunks at soze.net (Justin) Date: Wed, 28 Apr 2004 19:37:53 +0000 Subject: Fact checking In-Reply-To: <408FC41B.2080703@exmosis.net> References: <20040426171446.GB77143@afflictions.org> <009e01c42bb7$94fe4d80$110f4b18@firedancer> <20040426190414.GD77143@afflictions.org> <000d01c42bc9$30bb2b10$110f4b18@firedancer> <20040426201240.GL77143@afflictions.org> <20040426232457.GB9558@cybershamanix.com> <20040427002006.GN77143@afflictions.org> <20040427121504.GA9854@cybershamanix.com> <20040428010532.GT76534@afflictions.org> <408FC41B.2080703@exmosis.net> Message-ID: <20040428193753.GB8633@dreams.soze.net> Graham Lally (2004-04-28 14:47Z) wrote: > Damian Gerow wrote: > >I don't see any way to educate the mass public. > > Indeed, why bother? How about a system that removes your right to vote > if you haven't exercised it in the last 3 elections? Requiring that adults vote is a terrible idea. While being deathly ill or otherwise unable to vote for three consecutive federal elections is extremely unlikely, the fact remains that failure to vote is not indicative of lack of desire to vote. The above proposal only requires 33% turnout among current non-voters. While that's certainly an "improvement" (by your metric), it doesn't resolve the core issues. If not voting is the sin you seek to prevent, why settle for 33 percent? If it is dumb voters you're trying to eliminate, requiring them to drive their dumb asses to the polls isn't going to make then any smarter or more informed. It might even increase stupid voting patterns by encouraging dumb people to form cliques. They won't want to appear dumb to their friends as a result of voting for the "wrong person," and groupthink is bad for elections. > Make sure there's a handy "abstain" option for those who want to get > the point across about lack of choice, and maybe a space to say why, > too. Then stick the (anonymous) reasons up in a publicly-viewable > space and eh, instant feedback. There is an abstention option. The poll administrator checks off your name when you show up, so someone knows that you "voted." You don't have to choose anyone on your ballot. You can either toss it in the garbage on your way out, or draw pictographs derogatory to politicians on non-critical areas of the ballot before feeding it to the fiber-starved voting machine. -- "Not your decision to make." "Yes. But it's the right decision, and I made it for my daughter." - Bill and Beatrix From justin-cypherpunks at soze.net Wed Apr 28 12:43:17 2004 From: justin-cypherpunks at soze.net (Justin) Date: Wed, 28 Apr 2004 19:43:17 +0000 Subject: Fact checking In-Reply-To: <0404282027300.0@somehost.domainz.com> References: <200404272140.i3RLebpM067830@waste.minder.net> <200404280854.52166.pique@netspace.net.au> <0404282027300.0@somehost.domainz.com> Message-ID: <20040428194317.GA9429@dreams.soze.net> Thomas Shaddack (2004-04-28 18:32Z) wrote: > What won't hurt could be making them liable for their promises, as they > can be considered to be a contract with the voters. With specific > penalties for not delivering the results in the specified timeframe. Presidents don't pass laws. Presidential campaigns would be reduced to issues that are mutable (vulnerable?) to executive orders. Individual candidates for federal office can't pass laws either. You want to hold a Senator liable when his compatriots (even if they form the majority) don't support everything your senator supports? Nobody who understands the basics of U.S. government construction could possibly believe that a candidate's "promise" is a guarantee. It is merely a statement of ideology. What then, consequences for not "attempting" to effect promises? Who's to judge? -- "Not your decision to make." "Yes. But it's the right decision, and I made it for my daughter." - Bill and Beatrix From shaddack at ns.arachne.cz Wed Apr 28 11:32:19 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Wed, 28 Apr 2004 20:32:19 +0200 (CEST) Subject: Fact checking In-Reply-To: <200404280854.52166.pique@netspace.net.au> References: <200404272140.i3RLebpM067830@waste.minder.net> <200404280854.52166.pique@netspace.net.au> Message-ID: <0404282027300.0@somehost.domainz.com> On Wed, 28 Apr 2004, Tim Benham wrote: > > I bet people would start voting after that. > If they don't, offer them two vials of crack! It's already being done; it's called "political promises". The candidates are usually pretty high on that stuff. What won't hurt could be making them liable for their promises, as they can be considered to be a contract with the voters. With specific penalties for not delivering the results in the specified timeframe. From rah at shipwright.com Wed Apr 28 18:29:34 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 28 Apr 2004 21:29:34 -0400 Subject: Oppenheimer Message-ID: Apparently someone doesn't know how to use the cypherpunks address... Forwarded without comment. Cheers, RAH ------- --- begin forwarded text From dgerow at afflictions.org Wed Apr 28 19:07:27 2004 From: dgerow at afflictions.org (Damian Gerow) Date: Wed, 28 Apr 2004 22:07:27 -0400 Subject: Fact checking In-Reply-To: <20040428193753.GB8633@dreams.soze.net> References: <009e01c42bb7$94fe4d80$110f4b18@firedancer> <20040426190414.GD77143@afflictions.org> <000d01c42bc9$30bb2b10$110f4b18@firedancer> <20040426201240.GL77143@afflictions.org> <20040426232457.GB9558@cybershamanix.com> <20040427002006.GN77143@afflictions.org> <20040427121504.GA9854@cybershamanix.com> <20040428010532.GT76534@afflictions.org> <408FC41B.2080703@exmosis.net> <20040428193753.GB8633@dreams.soze.net> Message-ID: <20040429020727.GF76534@afflictions.org> Thus spake Justin (justin-cypherpunks at soze.net) [28/04/04 15:41]: : > Damian Gerow wrote: : > >I don't see any way to educate the mass public. : > : > Indeed, why bother? How about a system that removes your right to vote : > if you haven't exercised it in the last 3 elections? : : Requiring that adults vote is a terrible idea. While being deathly ill : or otherwise unable to vote for three consecutive federal elections is : extremely unlikely, the fact remains that failure to vote is not : indicative of lack of desire to vote. Proxy vote. I did it for two 'invalid' relatives this year. Besides, this isn't requiring them to vote. : The above proposal only requires 33% turnout among current non-voters. : While that's certainly an "improvement" (by your metric), it doesn't : resolve the core issues. Not in the first year, no. And not in the second year, nor in the third. But in the fourth, you'll see a drastic drop in the number of apathetic voters -- the ones who don't care. What this /won't/ have an effect on is mis-informed voting. People who vote because they've been paid to do so, or because some other influencing factor(s) got the voters out there, aside from knowing the candidates and voting for the one you honestly believe will do the best job. : If not voting is the sin you seek to prevent, why settle for 33 percent? : If it is dumb voters you're trying to eliminate, requiring them to drive : their dumb asses to the polls isn't going to make then any smarter or : more informed. It might even increase stupid voting patterns by : encouraging dumb people to form cliques. They won't want to appear dumb : to their friends as a result of voting for the "wrong person," and : groupthink is bad for elections. Australia has mandatory voting. I think that's what you're arguing against -- this is essentially a way to say, "I'd rather not vote" by not actually doing anything. It's perfect for the already lazy and apathetic folks. It forces nobody's hand, places no undue expectations on anyone, and doesn't bend the rules of democracy. It simply says that if you don't want to vote, fine, we just won't include you in the valid voters list. : > Make sure there's a handy "abstain" option for those who want to get : > the point across about lack of choice, and maybe a space to say why, : > too. Then stick the (anonymous) reasons up in a publicly-viewable : > space and eh, instant feedback. : : There is an abstention option. The poll administrator checks off your : name when you show up, so someone knows that you "voted." You don't : have to choose anyone on your ballot. You can either toss it in the : garbage on your way out, or draw pictographs derogatory to politicians : on non-critical areas of the ballot before feeding it to the : fiber-starved voting machine. AFAIK, you can't toss your ballot out in Canada. And there's a certain way to mark it to 'abstain' -- not just drawing cartoons on it. From sunder at sunder.net Wed Apr 28 19:14:49 2004 From: sunder at sunder.net (sunder) Date: Wed, 28 Apr 2004 22:14:49 -0400 Subject: Id Cards 'Will Protect Youngsters from Paedophiles' In-Reply-To: References: Message-ID: <40906519.1070509@sunder.net> Riiiigggh! And posting your full name, address, phone number, date of birth, social security number, the account and expiration dates of all your credit cards + the 3 digit extra code on their backs, ATM card account # and the PIN, plus, several samples of your signature (optional) in JPEG format, and the code to your alarm system on your web page will prevent identity theft. So, whaddayasay? It's a fine bridge, lightly used, as you can see, it's got a lotta traffic between Manhattan and Brooklyn, I could sell it to you real cheap, 'cause you look like a nice guy and all, you know, you could make a fortune, setup a toll booth and all that. R. A. Hettinga wrote: > Horseman #1, Terrorists: Check. > Horseman #2, Pedophiles: Check. > > Next? > > Cheers, > RAH > --------- > > > print > close > Tue 27 Apr 2004 > > 2:47am (UK) > Id Cards 'Will Protect Youngsters from Paedophiles' > > By James Lyons, Political Correspondent, PA News > > > Identity cards will help keep youngsters safe from perverts, Education > Secretary Charles Clarke claimed today. From dgerow at afflictions.org Wed Apr 28 20:37:26 2004 From: dgerow at afflictions.org (Damian Gerow) Date: Wed, 28 Apr 2004 23:37:26 -0400 Subject: Fact checking In-Reply-To: <20040428153404.GA13643@cybershamanix.com> References: <20040426171446.GB77143@afflictions.org> <009e01c42bb7$94fe4d80$110f4b18@firedancer> <20040426190414.GD77143@afflictions.org> <000d01c42bc9$30bb2b10$110f4b18@firedancer> <20040426201240.GL77143@afflictions.org> <20040426232457.GB9558@cybershamanix.com> <20040427002006.GN77143@afflictions.org> <20040427121504.GA9854@cybershamanix.com> <20040428010532.GT76534@afflictions.org> <20040428153404.GA13643@cybershamanix.com> Message-ID: <20040429033726.GG76534@afflictions.org> Thus spake Harmon Seaver (hseaver at cybershamanix.com) [28/04/04 11:40]: : > "Hi, Sir, my name is Bob and I'm here to educate you about all the : > candidates in the upcoming election that your eight second attention span : > will allow me. Oops, I guess I've used it all up. Bye now!" : > : > These things all work in theory, but never in practice. : : You obviously have never done any door-to-door. People are quite often very : interested. We've had fairly good success organizing people on local issues : which affect them, like opposition to street widening. Voter registration is the : same thing. Actually, I /have/ done door-to-door. Granted, it's not extensive, but I have been involved in a few campaigns. In a good neighbourhood, we'd get about 3/4 of the people who would care enough or have enough time at that moment to listen/contribute. : > Why bother putting something up in a library? Chances are, if someone's : > reading it there, they're already somewhat knowledgable about the : > candidates. Or heck, maybe they're even there to do /research/ on them! : : The mention was "giving talks in libraries", which works fairly well. The : local library is the logical meeting place for local groups to hold meetings and : talks. Yes, it does, so long as you get people there. It's the getting people there that's difficult. I s'pose a door-to-door campaign advertising a speaking at the library would be best. From skquinn at xevious.kicks-ass.net Wed Apr 28 22:21:33 2004 From: skquinn at xevious.kicks-ass.net (Shawn K. Quinn) Date: Thu, 29 Apr 2004 00:21:33 -0500 Subject: Fact checking In-Reply-To: <40904CA5.10280.3927566@localhost> References: <408FC41B.2080703@exmosis.net> <40904CA5.10280.3927566@localhost> Message-ID: <200404290021.34579.skquinn@xevious.kicks-ass.net> On Wednesday 2004 April 28 23:30, Bob Jonkman wrote: > In Canada we have the option to "decline to vote". Go to the polling > station, register your name, take the ballot, then tell the clerk > that you "decline to vote". This indicates that you believe that > no-one on the ballot is a suitable candidate for office. The ballot > is counted, but none of the candidates gets a vote. I noticed something similar when I voted in the primary this year. I voted in the Republican primary, and there were *two* choices for president: Bush and "Undecided" (or maybe it was "Uncommitted"). Anyway, my question: can you decline to vote on an office-by-office basis, or is it all or nothing? -- Shawn K. Quinn From bjonkman at sobac.com Wed Apr 28 21:30:29 2004 From: bjonkman at sobac.com (Bob Jonkman) Date: Thu, 29 Apr 2004 00:30:29 -0400 Subject: Fact checking In-Reply-To: <20040428193753.GB8633@dreams.soze.net> References: <408FC41B.2080703@exmosis.net> Message-ID: <40904CA5.10280.3927566@localhost> This is what Justin said about "Re: Fact checking" on 28 Apr 2004 at 19:37 > > Make sure there's a handy "abstain" option for those who want to get > > the point across about lack of choice, and maybe a space to say why, > > too. Then stick the (anonymous) reasons up in a publicly-viewable > > space and eh, instant feedback. > > There is an abstention option. The poll administrator checks off your > name when you show up, so someone knows that you "voted." You don't > have to choose anyone on your ballot. You can either toss it in the > garbage on your way out, or draw pictographs derogatory to politicians > on non-critical areas of the ballot before feeding it to the > fiber-starved voting machine. But then the ballot is spoiled, and not counted. In Canada we have the option to "decline to vote". Go to the polling station, register your name, take the ballot, then tell the clerk that you "decline to vote". This indicates that you believe that no-one on the ballot is a suitable candidate for office. The ballot is counted, but none of the candidates gets a vote. This ensures that you don't accidentally elect an unsuitable candidate with a protest vote, ie. selecting the lesser of two evils. By declining to vote you elect neither of the two evils. I'm not sure what happens when there are more declined ballots than votes for a candidate. Certainly it should draw some media attention to the option of declining to vote -- I find that very few people know about it. It sure caused a stir at our polling booth! -- -- -- -- Bob Jonkman From nobody at paranoici.org Wed Apr 28 16:13:39 2004 From: nobody at paranoici.org (Anonymous) Date: Thu, 29 Apr 2004 01:13:39 +0200 (CEST) Subject: Oppenheimer Message-ID: "A classic illustration of this phenomenon comes from a book entitled "Special Tasks" (Little-Brown, 1994, 1995) written by Pavel Sudoplatov and his son Anatoly. Lieutenant General Pavel Sudoplatov was Joseph Stalin's NKVD director in charge of stealing atomic secrets. He reported directly to Beria. >From page 172: "The most vital information for developing the first Soviet atomic bomb came from scientists engaged in the Manhattan Project to build the American Atomic Bomb - Robert Oppenheimer, Enrico Fermi, and Leo Szilard." Robert Oppenheimer was the director in charge of the Manhattan project. >From page 186-87: "When it became clear that the atomic project was a heavily guarded, top-secret American priority, Eitingon and I suggested that we use our networks of illegals as couriers for our sources of information. Vassili Zarubin, our Washington rezident, instructed Kheifetz to divorce all intelligence operations from the American Communist party, which we knew would be closely watched by the FBI, and to have Oppenheimer sever all contacts with Communists and left-wingers." On page 188: "In 1943, a world-famous actor of the Moscow Yiddish State Art Theatre, Solomon Mikhoels, together with well -known yiddish poet Itzik Feffer, toured the United States on behalf of the Jewish Antifascist Committee. Before their departure, Beria instructed Mikhoels and Feffer to emphasize the great Jewish contribution to science and culture in the Soviet Union. Their assignment was to raise money and convince American public opinion that Soviet anti-semitism had been crushed as a result of Stalin's policies. Kheifetz made sure that the message they brought was conveyed to Oppenheimer. Kheifetz said that Oppenheimer, the son of a German-Jewish immigrant, was deeply moved by the information that a secure place for Jews in the Soviet Union was guaranteed. They discussed Stalin's plans to set up a Jewish autonomous republic in the Crimea after the war was won against facism." Beria understood the psychology of unitary loyalty perfectly! Continuing on page 189: "In developing Oppenheimer as a source, Vassili Zarubin's wife, Elizabeth, was essential. She hardly appeared foreign in the United States. Her manner was so natural and sociable that she immediately made friends. Slim, with dark eyes, she had the classic Semitic beauty that attracted both men and women, and she was one of the most successful agent recruiters, establishing her own illegal network of Jewish refugees from Poland, and recruiting one of Szilard's secretaries, who provided technical data." Oppenheimer's rationale was "fear that the Germans might produce the first atomic bomb." But all he had to do to beat the Germans to the punch was to build the bomb for America. And indeed, that would have been the natural result of "dual loyalties." He could have helped Jews and remained loyal to America at the same time. But then helping America was not in the calculus at all. As Beria understood perfectly, he was concerned only with one unitary question; "How does this affect Jews?" And the answer was that just as organizing the blacks and browns to vote their antagonistic racial interests is critical to maintaining Jewish power over whites in the 1990's, giving the atomic secrets to Russia was the one way to reduce the power of whites in America in the 1940s and 50s. Oppenheimer's naive view (prior to the creation of the Israeli State) was that a nuclear armed Russia would provide one more possible haven for Jews with the power to protect them. The goyim in our OSS (the forerunner of the CIA) would have assumed "dual loyalty" and concluded that Oppenheimer presented no security risk." http://www.ddc.net/ygg/rj/rj-26.htm --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From ryan at venona.com Wed Apr 28 22:20:53 2004 From: ryan at venona.com (Ryan Lackey) Date: Thu, 29 Apr 2004 05:20:53 +0000 Subject: test Message-ID: <20040429052053.GA23943@metacolo.com> this may or may not go through; I don't know. -- Ryan Lackey [RL960-RIPE AS24812] ryan at venona.com +1 202 258 9251 OpenPGP DH 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F From sasha_watson_bg at cc.umanitoba.ca Wed Apr 28 23:28:32 2004 From: sasha_watson_bg at cc.umanitoba.ca (Sasha K. Watson) Date: Thu, 29 Apr 2004 06:28:32 +0000 Subject: Sinners help Message-ID: e.R.X.s Stay Longer! Go HARDER! BE BIGGER! On Sale For A Short Time Only! Enjoy the most intense orgasms of your life! Become immensely confident. * Increased circulation and ENLARGE your girth and size up to 3 inches or even larger * Increased semen and sperm production up to 600 percent * Increased testosterone up to 500 percent * Obtain GIANT rock-solid more powerful erections * Have LONGER LASTING erections * Increased libido and vitality have more energy for vigorous activity * Best of all, Recommended by real doctors eRXs is not doctor prescribed and its for men and women! Go here for more details. No Thanks, Opt Me Out w lxe From pique at netspace.net.au Wed Apr 28 14:37:31 2004 From: pique at netspace.net.au (Tim Benham) Date: Thu, 29 Apr 2004 07:37:31 +1000 Subject: cypherpunks-digest V1 #13260 In-Reply-To: <200404281959.i3SJx4B5063180@waste.minder.net> References: <200404281959.i3SJx4B5063180@waste.minder.net> Message-ID: <200404290737.31626.pique@netspace.net.au> > Date: Wed, 28 Apr 2004 19:43:17 +0000 > From: Justin > Subject: Re: Fact checking > > Thomas Shaddack (2004-04-28 18:32Z) wrote: > > What won't hurt could be making them liable for their promises, as they > > can be considered to be a contract with the voters. With specific > > penalties for not delivering the results in the specified timeframe. > > Presidents don't pass laws. Presidential campaigns would be reduced to > issues that are mutable (vulnerable?) to executive orders. > > Individual candidates for federal office can't pass laws either. You > want to hold a Senator liable when his compatriots (even if they form > the majority) don't support everything your senator supports? > > Nobody who understands the basics of U.S. government construction could > possibly believe that a candidate's "promise" is a guarantee. It is > merely a statement of ideology. > > What then, consequences for not "attempting" to effect promises? Who's > to judge? You could make giving enforceable promises an option for candidates -- something like "If I can't cut taxes in my first term I will eat my hat" or "... I'll owe everyone with a voting receipt with my name on it $100". Then there'd be pressure on candidates to boost their credibilty by making enforceable promises instead of "empty" ones. Secondly you could get around the problems induced by the labyrinthine checks and balances of the US system by tying the liability to measurable behaviors. The president either vetos a certain bill or fails to; a senator or representative either introduces a certain bill or fails to. As long as the bill is specifically identifiable in advance there isn't a great deal of wriggle room. A third alternative is to remove the politiican from the loop. At the same time you vote for candidates, you vote for propositions which become law if approved by a majority of those voting. The problem is who gets to decide what's proposed. Alternatively groups of candidates (e.g. parties) could be able to codify their promises as bills before the election. If a enough candidates who subscribed to the relevant platform get elected, then they're deemed to have voted for the bill already in their official capacity as senator or whatever. cheers, Tim From ryan at venona.com Thu Apr 29 00:48:57 2004 From: ryan at venona.com (Ryan Lackey) Date: Thu, 29 Apr 2004 07:48:57 +0000 Subject: test 2 Message-ID: <20040429074857.GA24010@metacolo.com> -- Ryan Lackey [RL960-RIPE AS24812] ryan at venona.com +1 202 258 9251 OpenPGP DH 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F From ryan at venona.com Thu Apr 29 02:07:44 2004 From: ryan at venona.com (Ryan Lackey) Date: Thu, 29 Apr 2004 09:07:44 +0000 Subject: message, but also test Message-ID: <20040429090744.GA24581@metacolo.com> I have two questions: 1) Does anyone have actual performance measurements of ZKS from when it was operational/at peak, in terms of bandwidth, MTU, latency, and jitter? Is there a good way to quantify just how far from "acceptable" it was? 2) Does anyone know of any existing reviews of bandwidth cost in multiple jurisdictions (say, per 1Mbps CIR international terrestrial), as well as electricity (per-Kwh)? I'm working on a research report which shows the 5-10 year costs for a few specific businesses in as many different locations and jurisdictions as possible, since otherwise it's almost impossible to quantify how much "better" a jurisdiction is than any other. I know bandwidth costs for all the markets I actually care about, but I'd like to flesh this out to account for more individual countries. The problem is the bandwidth numbers I have are public as well as very aggressively negotiated, and there's usually a spread of 3-10x between them, so I'd rather not have to go through that level of negotiation for any additional data points. (some people have been sending to cypherpunks at metacolo.com vs. cypherpunks at cypherpunks.metacolo.com, which was causing a bunch of cypherpunks mail to accumulate in the catchall spool for metacolo.com. I just added cypherpunks and cypherpunks-* aliases in the metacolo domain as well, so it should work, of which this is a test) (I also subscribed the al-qaeda node, and will probably finish setting up the spamfiltered version of the list, as well as passing the back archives through the same archiving software as current archives, and search-indexing them, next time I get bored) -- Ryan Lackey [RL960-RIPE AS24812] ryan at venona.com +1 202 258 9251 OpenPGP DH 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F _______________________________________________ cypherpunks mailing list cypherpunks at cypherpunks.metacolo.com http://cypherpunks.metacolo.com/mailman/listinfo/cypherpunks From rah at shipwright.com Thu Apr 29 06:27:19 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 29 Apr 2004 09:27:19 -0400 Subject: test In-Reply-To: <20040429052053.GA23943@metacolo.com> References: <20040429052053.GA23943@metacolo.com> Message-ID: At 5:20 AM +0000 4/29/04, Ryan Lackey wrote: >this may or may not go through; I don't know. It works. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu Apr 29 06:52:16 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 29 Apr 2004 09:52:16 -0400 Subject: Britain: Blunkett to legislate for thought crimes and guilt by association Message-ID: --- begin forwarded text From rah at shipwright.com Thu Apr 29 07:32:31 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 29 Apr 2004 10:32:31 -0400 Subject: For Icahn, ImClone Purchase Was a Good Thing Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This *this* boys and girls, is *exactly* why "insider" trading laws are just so much statist happy horseshit. As we see below, one woman's trash is another man's treasure, and *nobody* knows which is which, no matter *how* much "inside" information they have. As in anything else, *nobody* can calculate the future value of information, "inside" or otherwise. The value of *anything* can *only* be *discovered* in a free market, and not calculated, in mind or machine, much less legislated by vote, fiat, or anything in between. Even in the worst cases, so-called "insiders" know just as much as you or I do about the future value of any stock, including that of their own companies: exactly nothing. "Insider" trading regulation wasn't even *promulgated* until the early 1960's, at the height of government hubris about it's ability to "regulate" everything. Something that has been shown, from the price of gold, to the price of gas, to the availability of airline seats, to be evil, if not stupid. In the case of "insider" trading, just because you have information about shareholder positions in almost realtime, like they were able to do with the advent of computer-based book-entry settlement and manditory registration of equity positions, doesn't mean that you have an obligation to control it. If somebody took an axe to all government "regulation" of the economy, particularly from about the passage of the 16th amendment -- about 1916 or so -- we would be enormously better off. Not that it'll ever happen of course, but I feel like venting this morning... Cheers, RAH - ------- The Wall Street Journal April 29, 2004 HEARD ON THE STREET For Icahn, ImClone Purchase Was a Good Thing Investor Faces $250 Million Profit From Bet Made as Stewart Sold; Time to Take the Money and Run? By SUSAN PULLIAM Staff Reporter of THE WALL STREET JOURNAL April 29, 2004; Page C1 Talk about zigging when others zagged. By now, everyone knows how Martha Stewart was alerted by a Merrill Lynch & Co. brokerage assistant that Sam Waksal, her friend and founder of ImClone Systems, was trying to sell the biotech company's shares. Less well known, however, is the story of how financier Carl Icahn was buying ImClone shares that very day, possibly even snapping up the same shares that Ms. Stewart was unloading. Mr. Icahn recently disclosed in a filing with the Securities and Exchange Commission that he owns 5.24 million shares of ImClone, a stake he first began accumulating with a purchase of 10,000 shares on Dec. 27, 2001, people close to the situation say. After his purchase on Dec. 27, Mr. Icahn stopped buying ImClone for a few months. As the scandal unfolded and the share price fell to below $10 in the summer of 2002, Mr. Icahn began buying ImClone shares again, adding 3.6 million shares to his holdings. He bought the stock again earlier this year, picking up 1.63 million shares. That purchase brought his average purchase price to $19.58, according to the SEC filing. His profit, with ImClone shares now at $70 each, the level where they were before the scandal hit would be a cool $250 million. So much for the value of a tip from a broker. Ms. Stewart was recently convicted on criminal charges of lying to prosecutors about the facts surrounding her sale of ImClone stock, which she sold at about $58. Her lawyers have asked for a new trial on the grounds that one of the jurors lied on his courtroom questionnaire. Mr. Waksal, meanwhile, is serving a seven-year jail sentence after pleading guilty to insider-trading charges. But Mr. Icahn, who is famous for his contrarian bets, went the opposite direction of the ImClone inner circle, believing that the drop in the stock represented a chance to pick up a bargain, say people close to the situation. Mark Weitzen, Mr. Icahn's lawyer, declined to comment. BUYING OPPORTUNITY While Martha Stewart was unloading her ImClone shares, Carl Icahn starting to build up his stake. See how ImClone's stock0 has performed since 2001. ImClone shares began falling in December 2001, from $75 on Dec. 6 to $46.46 on Dec. 28, when ImClone announced that the Food and Drug Administration had refused to review its application to market Erbitux, ImClone's promising new cancer drug. The stock continued to plunge to a low of around $6 in the summer of 2002, after news surfaced that Mr. Waksal had tipped off his family about the development, triggering an investigation. Around the same time, prosecutors launched an investigation of Ms. Stewart's sale of ImClone stock. It turns out Mr. Icahn's instincts were right. This February, the FDA finally approved Erbitux for use against colon cancer. On Tuesday, ImClone reported a big jump in earnings on the strength of Erbitux and a licensing payment by Bristol-Myers Squibb Co. connected to the approval of the drug. Earnings for the New York biotechnology company totaled $62.7 million, compared with a loss of $34.8 million a year earlier. In 4 p.m. trading yesterday on the Nasdaq Stock Market, ImClone shares fell 63 cents to $69.31. The question now is how long Mr. Icahn will hang on to his ImClone shares. If history is any guide, he could be thinking of taking some money off the table. That is because Mr. Icahn's latest gain in ImClone stock follows a nearly identical profit of $250 million on an investment in ImClone in December 2000, when Mr. Icahn disclosed in an SEC filing that a group, including himself, owned more than six million shares of ImClone. Mr. Icahn's group sold those shares in mid-2001 at around $70 each. That was a few months before Bristol-Myers bought a big stake in ImClone. Mr. Icahn's sale back then preceded a big drop in ImClone's shares to below $40. People close to the situation say the financier joked at the time with Mr. Waksal that he was selling the shares because it was his rule of thumb to sell when an investment gain totals "a quarter of a billion dollars." It isn't clear whether Mr. Icahn applies that rule the second time around. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQJERh8PxH8jf3ohaEQKYjQCgrqJyIgYG7vogBKd5fnRVAp5OYKIAoIOV PadwJRMUlQ6yhC+TMeC2QIll =g7cW -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From scribe at exmosis.net Thu Apr 29 05:31:41 2004 From: scribe at exmosis.net (Graham) Date: Thu, 29 Apr 2004 13:31:41 +0100 Subject: ID card scheme =?ISO-8859-1?Q?=A32=2C500_fine_threat?= In-Reply-To: References: Message-ID: <4090F5AD.1000207@exmosis.net> R. A. Hettinga wrote: > > > People who refuse to register for the government's planned ID card > scheme could face a "civil financial penalty" of up to #2,500, it has > emerged. > > David Blunkett said not making registering a criminal issue would > avoid "clever people" becoming martyrs. So in Blunkett's vision of the UK future, only the rich will be able to be terrorists and paedophiles? Maybe they'll be softer on the poor who want to avoid the Great Database, some kind of NIT - "Non-Identity Tax" - perhaps. .g From rsw at jfet.org Thu Apr 29 10:43:28 2004 From: rsw at jfet.org (Riad S. Wahby) Date: Thu, 29 Apr 2004 13:43:28 -0400 Subject: looping test Message-ID: <20040429174328.GA4822@jfet.org> Test message to check for looping. Please ignore. -- Riad Wahby rsw at jfet.org MIT VI-2 M.Eng From rah at shipwright.com Thu Apr 29 10:44:13 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 29 Apr 2004 13:44:13 -0400 Subject: iTunes 4.5: "24 hours after I downloaded it... I've broken it" Message-ID: crazney.net - iTunes stuff Welcome to my iTunes stuff website, here you will find various things relating to iTunes hacking that I have written. Last updated:April 29, 2004 iTunes 4.5: iTunes 4.5 uses a new authentication algorithm. However, not even 24 hours after I downloaded it, and that includes a little sleep and lots of uni time, I've broken it. Hah. Anyhow, libopendaap 0.2.0 and tunesbrowser 0.1.4 are now available. brb have to shut chooks in. "I have just deconstructed the encryption protocol designed by Apple's finest enginee..ah fuck the chicken has escaped" Pages here: * libopendaap: A library for connecting to iTunes shares and streaming audio files. * tunesbrowser: An application, built on top of libopendaap in GTK for browsing and playing the songs in various iTunes shares. * authentication: A page describing the authentication procedure used by the latest iTunes programs in order to lock out third party applications. * iTunes Music Store authentication: A page describing the authentication packets used by the iTMS. This complements Jason Rohrers iTMS-4-ALL project. Say no to the AUS-FTA! Contact info: See the front page for contact details. Please let me know if you use and enjoy (or hate) this software! Apple and iTunes are registered trademarks of Apple Computer, Inc. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From rsw at jfet.org Thu Apr 29 10:46:32 2004 From: rsw at jfet.org (Riad S. Wahby) Date: Thu, 29 Apr 2004 13:46:32 -0400 Subject: looping test (#2) Message-ID: <20040429174632.GB4822@jfet.org> Looping test, please ignore. -- Riad Wahby rsw at jfet.org MIT VI-2 M.Eng From rah at shipwright.com Thu Apr 29 11:31:08 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 29 Apr 2004 14:31:08 -0400 Subject: Signs Point to Worm Attack on SSL Vulnerability Message-ID: EWeek Signs Point to Worm Attack on SSL Vulnerability April 27, 2004 By Dennis Fisher Security experts on Tuesday said they are seeing evidence of what appears to be a worm exploiting the recently announced vulnerability in the Windows implementation of the Secure Sockets Layer (SSL) protocol. During the morning and early afternoon Tuesday, specialists at VeriSign Inc.'s security operations center observed a large-scale exploitation of the vulnerability. While there are a number of software tools available on the Internet to attack the vulnerability, experts said the volume of activity is too great for the attacks to be manual. ADVERTISEMENT "The attacks are too heavy and too regular to be anything but a worm. This has to be a worm or a mass rooter," said Jerry Brady, chief security officer of managed security services at VeriSign, based in Mountain View, Calif. "The activity is at much too high of a rate for it to be people manually using the exploit." The vulnerability, for which Microsoft Corp. released a patch earlier this month, is in an older Microsoft protocol called PCT (Protected Communications Transport). Microsoft's SSL library contains a buffer overrun flaw that enables attackers to run arbitrary code on vulnerable machines by sending specially designed PCT handshake packets. PCT is included in the SSL library, which is present in a number of products, including IIS and Exchange Server. VeriSign and other security services warned of this vulnerability last week. Click here to read more about the previous alert and the specific action of this exploit. Brady said the majority of the company's managed services customers who have Internet-facing IIS servers have been attacked already. He added that the company is in the process of breaking down the attacks to see whether they are installing back doors or Trojans on compromised machines. "It's too soon to tell right now. We're still doing the forensics at this point," Brady said. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu Apr 29 15:27:55 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 29 Apr 2004 18:27:55 -0400 Subject: Jury Finds for Most Insurers In World Trade Center Case Message-ID: ...which means, that now Uncle Fed et. al. is on the hook, financially, to build the proposed bedrock-to-blue-sky mausoleum at WTC. Which stands to reason, given the fact that the property was expropriated by the state anyway, some 40+ years ago. World "Trade", indeed... Cheers, RAH ------- The Wall Street Journal April 29, 2004 5:14 p.m. EDT DOW JONES REPRINTS This copy is for your personal, non-commercial use only. To order presentation-ready copies for distribution to your colleagues, clients or customers, use the Order Reprints tool at the bottom of any article or visit: www.djreprints.com. * See a sample reprint in PDF format. * Order a reprint of this article now. Jury Finds for Most Insurers In World Trade Center Case Associated Press April 29, 2004 5:14 p.m. NEW YORK -- World Trade Center leaseholder Larry Silverstein suffered a court defeat Thursday that means he won't get his $3.5 billion insurance policy paid twice over. In a partial verdict, a federal jury found that the majority of the insurers, who hold more than a billion dollars of the policy, are bound by a form that defined the Sept. 11 terrorism attack as one event. The trial was the first of at least two that will ultimately decide how much insurance money will be available to rebuild ground zero. The verdict came just after the jury said in a note that it had reached a decision days ago on all except the largest insurance company, Swiss Re International Business Insurance Co. Judge Michael Mukasey decided to accept the findings and to send the jury back to resume deliberating the Swiss Re issue. The jury did find in Silverstein's favor regarding three insurance companies, but they provided less than $200 million of the insurance for the trade center. If Mr. Silverstein prevails against Swiss Re and companies not subject to this trial, he could eventually receive a double payment for roughly $2 billion in insurance. The partial verdict came after a 21/2-month trial that focused on which insurance policies applied at the trade center when the towers collapsed on Sept. 11, 2001. Mr. Silverstein has waged a court battle since shortly after Sept. 11 to have the destruction of the trade center declared two separate events for insurance purposes, which would entitle him to two payouts of the $3.5 billion policy he was still negotiating when the towers fell. Although the 13 insurers' policy hadn't been finalized on Sept. 11, the insurers said they had signed temporary binders based on the terms of a form issued by Mr. Silverstein's broker, Willis Group Holdings Ltd. An appeals court ruled last September that that form, known as Wilprop, would define the Sept. 11 destruction of the trade center as one occurrence for insurance purposes, meaning Mr. Silverstein would only be entitled to one payout. The 13 insurers held about $2.1 billion in coverage on the trade center. A second trial will attempt to define the trade center's collapse as one attack or two. A third trial would determine how much the insurers must pay. In closing arguments last week, Mr. Silverstein's attorney Herbert Wachtell argued that the Willis brokers had switched the 13 insurers over to another policy form issued by Travelers Property Casualty Corp. in July 2001. Mr. Wachtell said that Willis broker Timothy Boyd, who obtained insurance for Mr. Silverstein, either told representatives for the insurers they were switching to Travelers, or weren't obligated to because some insurers waived the ultimate wording of the policy's form. But insurers' attorneys, led by Barry Ostrager of Swiss Reinsurance Ltd., which carried a leading 22% share of the policy, said that the Willis brokers could produce no emails or written notice to the insurers that a switch was being made. The insurers also referred to a Sept. 12, 2001, fax by Silverstein insurance manager Robert Strachan of the Wilprop form to site owner Port Authority of New York and New Jersey and a leading Silverstein lender as evidence that that was the insurance that applied at the time. Silverstein attorneys argued that Mr. Strachan was distraught the day after the attacks and mistakenly didn't receive an email attachment of the Travelers form, so just faxed what he had in his office. One Willis broker, Paul Blackmore, did testify he had emailed the Travelers form to Swiss Re underwriter Daniel Bollier, who testified that he received it, but didn't read it carefully because such a form had never been discussed with him. In his instructions to the jury, Judge Mukasey said that jurors could decide that one party in the case is bound by a form it didn't read, but only if the party had been given fair notice of the existence of that form. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu Apr 29 16:39:09 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 29 Apr 2004 19:39:09 -0400 Subject: A national identity card is unlikely to deliver all the things expected of it Message-ID: The Economist Identity cards Will they work? Apr 29th 2004 >From The Economist print edition A national identity card is unlikely to deliver all the things expected of it BRITONS like to think of themselves as plucky individualists, resistant to authoritarianism both foreign and domestic. It's a self-image that is becoming increasingly difficult to sustain. This week, David Blunkett, the home secretary, unveiled a draft bill that, if enacted, would create the most ambitious and intrusive national identity card scheme in Europe. For many, the only complaint was that it was long overdue. Over the past decade, opinion polls have consistently shown 75-85% in favour of ID cards. Oddly, people want them even though they don't trust the government with personal information. MORI, a pollster, reports that just 10% are "very confident" their details would be kept secure. A YouGov poll carried out last September found that two-thirds didn't trust civil servants to keep information from one another, while half suspected they would share it with outsiders. Clear majorities also predicted disruption, inconvenience, and a rash of forgeries. This puts unusual pressure on the scheme. Britons want cards to help stop illegal immigrants from working or using public services, and to fight terrorism and reduce fraud. They will compromise on personal privacy because they reckon the system will deliver on these things. Will it? The government's plans are certainly ambitious. Starting from scratch, it wants to build a central register that will hold the name, date of birth, current and former addresses, nationality, passport number and national insurance details of everybody residing in the country longer than three months. The register will also record every occasion on which this information is accessed or changed, and by whom. Keen citizens will be able to add more to the register if they find this insufficient. More ambitious still are plans to link the register to other government databases, and to incorporate biometrics such as fingerprints and iris scans. This is handy for deterring forgers, but it raises the price and complexity of the system well above anything that exists, or is being contemplated, elsewhere in Europe. Building a secure ID-card system is not difficult, says Richard Barrington, head of government affairs at Sun Microsystems. The real problems (and the costs) arise elsewhere: in collecting people's images or iris patterns, "binding" these to paper documents such as driving licences, and managing the system so that false and multiple identities are expunged. "If this is not done in a disciplined way, the register will become like every other government database-that is, full of junk," he says. This becomes exponentially more difficult as the job progresses. On the current, rather relaxed timetable for building the register (a pace forced by cabinet sceptics), it will capture about 80% of the economically active population by 2013. Then comes the challenge. The final 20% includes people on the fringes of society-those who do not work legitimately, drive, vote, or hold British passports; in other words, precisely the sort you would want in a database. Capturing them will be desperately difficult, despite a proposed #2,500 ($4,500) fine for non co-operation. A larger problem is one of function creep. There is likely to be pressure, not just from politicians but also from convenience-minded citizens, to make the card do more. Data will inevitably be added to the register, and (as MPs have themselves hinted) companies will make increasing use of it to check identities. The problem, say security engineers, is that the more uses for a card, the more rapidly it degrades. Even in Belgium, which has had compulsory identity cards since 1919, social-security information is kept on a separate bit of plastic. Those lonely souls who worry about the erosion of civil liberties might take comfort from the fate of the various "smart card" schemes already in existence in Britain. The most ambitious one was launched three years ago, in Southampton. By now, every resident was supposed to have a card, which would allow access to, and payment for, a wide range of council services. Electronic voting was mooted. But it proved difficult to get banks, transport operators, or even council departments on board. Today, the card is used mostly to check out library books and get into leisure centres. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From anmetet at freedom.gmsociety.org Thu Apr 29 16:39:48 2004 From: anmetet at freedom.gmsociety.org (An Metet) Date: Thu, 29 Apr 2004 19:39:48 -0400 Subject: Lowering the Bar for Threats Message-ID: <33bfc6c99da0b345eaf51e8a4a0c5e5a@anonymous> Eric Cordian quotes: > FBI Shill: Are we gonna exterminate the rat? > > Hale: I'm going to fight within the law and, but, ... if you wish to, > ah, do anything, yourself, you can. You're such a liar. I don't know why I even bother to respond to you. You left off the next few lines: "So that makes it clear," Hale added. "Consider it done," Evola said. "Good", Hale replied. And now you know... the rest of the story. I encourage anyone interested in the case to read the details online. By most accounts, jurors did a good job of seeing through Hale's obfuscations and careful attempts at plausible deniability. > I wonder how long it will be until Americans get their houses pushed over > with bulldozers for criticizing the government. Probably at least until > after the election. Free speech is one thing. Soliciting murder is something else. But let's say you're right and the government cracks down on criticism. Which is easier, to get government to change, or to ignore the restrictions and continue to publish critical essays, protected by cryptographic anonymity? From em at em.no-ip.com Thu Apr 29 05:01:57 2004 From: em at em.no-ip.com (Enzo Michelangeli) Date: Thu, 29 Apr 2004 20:01:57 +0800 Subject: Can Skype be wiretapped by the authorities? Message-ID: ----- Original Message ----- From: "Axel H Horns" To: Sent: Wednesday, April 28, 2004 4:49 AM Subject: Can Skype be wiretapped by the authorities? > Is something known about the details of the crypto protocol within > Skype? How reliable is the encryption? > > See e.g. > > http://www.financialcryptography.com/mt/archives/000076.html > > Can Skype be wiretapped by the authorities? With collaboration of the > Skype operator? Without? What do you mean with "operator"? AFAIK, the system is fully peer-to-peer (http://www.skype.com/skype_p2pexplained.html ). Regarding the crypto, at http://www.skype.com/help_faq.html#Technical they say: What type of encryption is used? Skype uses AES (Advanced Encryption Standard) - also known as Rijndel - which is also used by U.S. Government organizations to protect sensitive, information. Skype uses 256-bit encryption, which has a total of 1.1 x 1077 possible keys, in order to actively encrypt the data in each Skype call or instant message. Skype uses 1536 to 2048 bit RSA to negotiate symmetric AES keys. User public keys are certified by Skype server at login. OK, so "Rijndael" is misspelled and the RSA-based key exchange does not provide forward secrecy, but apart from that it doesn't smell like snake oil. Not too bad, at least. BUT, unfortunately, the implementation is closed source, so there are no guarantees that the software is not GAKked. And yes, definitely an opensource (and multiplatform) alternative would be a cool thing to have. A message I posted a while ago to the list p2p-hackers was reposted by Eugene Leitl to cypherpunks (http://www.mail-archive.com/cypherpunks at minder.net/msg81814.html ) but the couple of followups it elicited didn't seem to center the issues I raised. I didn't reply then because I'm not a subscriber of cypherpunks any longer, so I'd like to take this occasion for doing it here now: Major Variola (ret) commented (indented lines, followed by my comment): [...] >Skype claims to use RSA-based key exchange, which is good for >multi-party conferencing but does not preserve forward secrecy. >Maybe some variant of ephemeral D-H authenticated by RSA >signatures, with transparent renegotiation every time someone >joins the conference, could do the job better. RSA (ie persistant keys) may be an option but MUST NOT be required, for secrecy reasons as mentioned. (At worst RSA keys can be used once, then discarded. Lots of primes out there :-) Well, I don't see why RSA signatures (only for authentication of the key exchange) could endanger forward secrecy. Also, this is *voice*, ie biometric auth, so public-key-web-o-trust verislime scam is unnecessary at best. It's not only voice, it's also IM-style text chat. And even with voice, biometric authentication becomes awkward to use with conference calls. [...] >One could always implement a brand new >network, using Distributed Hash Table algorithms such as Chord or >Kademlia, We don't give a flying fuck as to which shiny new algorithm you use, although were we a graph theory wonk, we might care. The issue here is that DHT algorithms allow to implement a fully distributed directory, which means one much more resistant to attacks (especially from institutional attackers) than implementations based on centralized servers (see, in a related fild, the different destinies of Napster and its distributed successors such as Overnet or the less efficient Gnutella). Still, a full search takes O(log(n)) steps, making them practical for implementing directory/presence services. [...] >but it would be much easier to rely from the very beginning upon >a large number of nodes (at least for directory and presence >functionality, if not for the reflectors which require specific >UDP code). What the NAT world (yawn) needs is free registry services exploitable by any protocol. Those NAT-users with RSA-clue can sign their registry entry. Not only that: NATted agents cannot be "called" unless they first register with some reflector on the open Internet. And centralized reflectors are, again, easy to attack, and also expensive to operate, as the bandwidth requirements are substantial (all the traffic flows through them): see e.g. John Walker's analysis of the reasons that led him to abandon SpeakFreely at http://www.fourmilab.ch/speakfree/ . Thomas Shaddack suggested to leverage on Jabber, but: 1. Jabber uses TCP as transport, and therefore can't be efficiently used as transport for telephony, i.e. using encapsulation of the voice packets in the Jabber protocol in order to traverse NAT devices. 2. Jabber is based on a client-server paradigm similar to e-mail. Running a Jabber server requires an always-on machine with its own domain name; and, although dynamic DNS can help, the model again tend to be hierarchical, easy to attack etc. That pretty much rules it out also for session initiation, directory/presence etc. The beauty of Skype, encryption aside, is that it's based on an overlay network solely based on P2P servents, relies (if their FAQ tells the truth) upon NO central registry for presence and directory services, and each client that runs non-NATted can transparently act as reflector supporting NATted users. Plus, all this (including, besides voice, text-based instant messaging) works with zero configuration with an idiotproof UI. Enzo --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From anmetet at freedom.gmsociety.org Thu Apr 29 18:03:17 2004 From: anmetet at freedom.gmsociety.org (An Metet) Date: Thu, 29 Apr 2004 21:03:17 -0400 Subject: message, but also test Message-ID: <8e0291d327b38f5e3db85fbe2dfd6c7e@anonymous> Ryan Lackey writes: > I have two questions: > > 1) Does anyone have actual performance measurements of ZKS from when > it was operational/at peak, in terms of bandwidth, MTU, latency, and > jitter? Is there a good way to quantify just how far from > "acceptable" it was? I don't have any actual measurements, but as far as I can remember it worked pretty well, i.e., slower than usual but still pages would load within a few seconds. Recently I've experimented with the onion routing system at www.freehaven.net/tor, and the main problem there is slow startup times setting up the first path. Seems to take a couple of minutes sometimes for the first web page to download. I think it's struggling to find a working path, or something. But then after that the performance seems comparable to Freedom. I'm a big user of anonymity systems, and the worst problem I've had with proxies is remembering who I am supposed to be at the time. Several times with Freedom and more recently with other proxies, I have done stuff using my real name when I was in the mode where my nym was being used, and vice versa. Oops. That's a pretty big mistake to make and can totally destroy your pseudonymity, both at the time and throughout the past lifetime of the nym. What I'd like would be some kind of big, glaring indication that I am in "anonymous" mode, like overlaying some kind of color display on the screen, or maybe a crawling animation around the edges, or something. I realize that this is out of scope for most efforts of this type, but from my experience it's a big problem. > (I also subscribed the al-qaeda node, and will probably finish setting > up the spamfiltered version of the list, as well as passing the back > archives through the same archiving software as current archives, and > search-indexing them, next time I get bored) Making your deep archive available in search-indexed form would be a great service, as would spam-cleaning your current one. May you grow bored soon. BTW, how big is the entire CP archive when compressed? Would it fit into a gmail account that someone could set up and share the passphrase to? I'd pay quite a few bucks to have a copy of that on my disk. _______________________________________________ cypherpunks mailing list cypherpunks at cypherpunks.metacolo.com http://cypherpunks.metacolo.com/mailman/listinfo/cypherpunks From declan at well.com Thu Apr 29 21:24:45 2004 From: declan at well.com (Declan McCullagh) Date: Fri, 30 Apr 2004 00:24:45 -0400 Subject: [Politech] John Gilmore's horrific, dystopian view of an RFID world [priv] Message-ID: [I always learn something from John Gilmore, and this is no exception. Although parts of his dystopia are already true: I travel with a cell phone, 802.1x devices, and Bluetooth devices that broadcast my identity (to a sufficiently savvy adversary) even more efficiently than an RFID tag would... --Declan] -------- Original Message -------- Subject: Re: [Politech] Computerworld falls for RFID "sniper rifle" hoax? Date: Wed, 28 Apr 2004 13:21:35 -0700 From: John Gilmore To: Declan McCullagh CC: politech at politechbot.com References: <408F2D74.8040301 at well.com> Nice hoax. But the opposite is more likely to come true. Rather than shooting RFID chips into people, people with RFID chips already in or on them will be shot. People with RFID chips in their clothing, books, bags, or bodies could be targeted by "smart projectiles" that will zero in on that particular Smart. Today's "smart bombs" already self-guide toward laser-identified or RF-identified or heat-identified targets. The technical challenges involved in guiding a missile toward an RFID chip would probably relate to the speed of the missile compared to the range at which the RFID chip can be made to respond and the agility with which the missile can change course. Such a missile could probably more easily be designed to *arm* or *trigger* its explosion when a particular RFID chip is in range. That way, if fired at innocents, it would be a dud that would only cause minimal damage, but if fired at the right person, it would blow up. But we need not get so science-fiction about it. Rather than bring the mountain to Mohammed, let's let Mohammed come to the mountain. Let's see what this technology would do for an everyday practice of today's freedom fighters who are defending their country by opposing one of the US Government's current wars of occupation. In order to comply with government labeling mandates resulting from the huge Firestone tire recall, Michelin has announced that it plans to put RFID chips in every tire it sells to car makers (and eventually in every tire they sell). Similar plans are afoot for many other automotive and personal products. Imagine being able to bury an explosive in a roadway -- that would only go off when a particular car drove over it. You could bury these bombs months in advance, in any or every major or minor roadway. You could change the targeting whenever you liked (e.g. via driving a radio-equipped car over it and transmitting new instructions to it). You could give it a whole list of cars that it would explode for, or a set of cars and dates. If you put such bombs throughout a metropolitan area, a car could drive through the area for months without triggering anything -- taking evasive routes, etc. But on the appointed day, each the bombs surrounding the area would know to go off when that same car passed. Without the responsible parties having to visit the sites later than days or weeks beforehand (making them hard to catch or deter). Such explosives would be detectable by their radio emissions -- RFID pings. But in a world where RFID pings are being transmitted by everything around you, including every cellphone and doorframe and cash register and ATM machine and camera and car and computer and palmtop and parking meter and cop car ... you won't even notice. Places with "congestion pricing" like central London, or any toll road anywhere, would even have plenty of active RFID readers buried in the roadway already. And I'm sure the cops anywhere would love to have them for tracking where everybody is driving -- individually. Welcome to automated personal death. Courtesy of RFID and leading shortsighted global corporations, with government encouragement. John _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From emc at artifact.psychedelic.net Fri Apr 30 01:50:41 2004 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Fri, 30 Apr 2004 01:50:41 -0700 (PDT) Subject: Lowering the Bar for Threats In-Reply-To: <33bfc6c99da0b345eaf51e8a4a0c5e5a@anonymous> Message-ID: <200404300850.i3U8of33023130@artifact.psychedelic.net> An Metet writes: > Eric Cordian quotes: > > FBI Shill: Are we gonna exterminate the rat? > > Hale: I'm going to fight within the law and, but, ... if you wish to, > > ah, do anything, yourself, you can. > You're such a liar. I don't know why I even bother to respond to you. > You left off the next few lines: > "So that makes it clear," Hale added. > "Consider it done," Evola said. > "Good", Hale replied. > And now you know... the rest of the story. So the story is that the FBI Shill solicited murder, and Hale made the mistake of saying the equivalent of "um hmmm." I'm so unimpressed. > I encourage anyone interested in the case to read the details online. > By most accounts, jurors did a good job of seeing through Hale's > obfuscations and careful attempts at plausible deniability. Hale didn't initiate anything. It seems to me that one shouldn't be able to get convicted in a free country when someone working for the government comes to you with plans for a crime, just because you didn't denounce them loudly enough while being recorded. To quote a favorite poster of mine in alt.abuse.recovery... "``Failure to Condemn'' is an age-old tactic--a dirty trick, actually--used to smear somebody by association when you can't actually get anything concrete on him. I know this one backwards and forwards; it's been used on me dozens of times." The Sheeple have been well-trained to use the legal process to screw anyone with racist views. Juries in such trials have admitted aftwards that they were proud of imprisoning people because of their racist views, and awarding their property to do-gooders on flimsy evidence. > Free speech is one thing. Soliciting murder is something else. Yes. FBI Shills should stop doing that. > But let's say you're right and the government cracks down on criticism. > Which is easier, to get government to change, or to ignore the > restrictions and continue to publish critical essays, protected by > cryptographic anonymity? Wars are won by superior weaponry, not by superior essays. What are you going to do, throw your pen at them, stamp your feet, and threaten to hold your breath until you turn blue? As I've said many times, "What the world needs is a fifty dollar weapon that sinks aircraft carriers." AmeriKKKa is founded on the principle that they are most easily governed, who believe that they govern themselves. People need to learn that a voting choice between "evil" and "slightly less evil" does not a democracy make. I look forward to proclaiming after the upcoming presidential election that "There are no civilians in AmeriKKKa." -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From isn at c4i.org Fri Apr 30 00:30:16 2004 From: isn at c4i.org (InfoSec News) Date: Fri, 30 Apr 2004 02:30:16 -0500 (CDT) Subject: [ISN] Mobile flaws expose executives to bugging Message-ID: http://business.timesonline.co.uk/article/0,,8209-1092789,00.html By Steve Boggan April 30, 2004 EXECUTIVES at some of Britain's biggest companies are using mobile phones that can be secretly tracked and bugged, despite a series of Times investigations demonstrating gaping holes in handset security. During tests at the offices of Shell, BP, HSBC and Goldman Sachs, The Times identified 95 phones potentially vulnerable to a new form of hacking known as "bluesnarfing". Under the process, which threatens mobile phones that use Bluetooth wireless technology, hackers can download text messages, phone lists and even remotely tamper with handsets to enable them to be used as listening devices. Last week The Times identified 46 phones that could have been vulnerable to attack during a 12-minute test in the central lobby of the Palace of Westminster. During our latest experiment, we had the ability to access the phone of a Shell employee supplying aviation fuel to aircraft companies and bug the handsets of chauffeurs driving executives. At the offices of Shell, a passive scan showed that 19 phones would have accepted an unauthorised Bluetooth connection. None was made, to avoid infringement of the Computer Misuse Act. Of these, 13 were Nokias and five were Ericssons. The Nokia 6310 and 6310i, the most popular business phones in the UK, and the Ericsson T610, one of the best-selling picture phones, have proved to be the most insecure. Outside, a group of chauffeurs were waiting in seven identical and consecutively-numbered Volvos. An attack on any of their phones would have allowed us to set up a divert to a handset of our choice. We could then have instructed their phones to call us secretly, leaving a channel open through which we could have heard executives conversations in the cars. At BPs office in St Jamess Square, Westminster, we identified 24 potentially vulnerable phones while at Goldman Sachs in Fleet Street, the figure was 35 phones. We scanned in a smoking area outside the offices of HSBC in Canary Wharf during a ten-minute period. Seventeen potentially vulnerable phones were identified. The latest cause for concern involving the Nokia 6310s and Sony Ericsson T610s involves secret tracking. Commercial companies offer phone tracking services to businesses and individuals who want to locate sales forces quickly. An SMS message is sent to the relevant mobile phone with an activation code. Once activated, the phones location is shown on an internet website map. Bluesnarfing allows the activation code to be diverted to an attacker, so that an account is set up without the handset owners knowledge. He or she could then be tracked, without their knowledge, 24 hours a day. Nokia admits there are problems with its 6310s and 8910s but says it is working on a solution that will be available to users from this summer. Sony Ericsson says it has cured the text message and divert problems in new phones but phone lists, calendars and pictures can still be accessed. It promises a cure for that problem in the second half of the year. Shell and BP said they never commented on security; Goldman Sachs was aware of the problem and had issued advice to staff; and HSBC said its technical staff were looking into the problem. _________________________________________ ISN mailing list Sponsored by: OSVDB.org --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri Apr 30 04:43:06 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 30 Apr 2004 07:43:06 -0400 Subject: [Politech] John Gilmore's horrific, dystopian view of an RFID world [priv] Message-ID: --- begin forwarded text From pique at netspace.net.au Thu Apr 29 15:00:10 2004 From: pique at netspace.net.au (Tim Benham) Date: Fri, 30 Apr 2004 08:00:10 +1000 Subject: cypherpunks-digest V1 #13266 In-Reply-To: <200404291724.i3THOYNG039926@waste.minder.net> References: <200404291724.i3THOYNG039926@waste.minder.net> Message-ID: <200404300800.10896.pique@netspace.net.au> > Date: Thu, 29 Apr 2004 16:20:44 +0000 > From: Justin > Subject: Re: Fact checking > ... > > Australia has mandatory voting. I think that's what you're arguing > > against > > I'm arguing against any sort of coercion - whether it's a loss of > rights, being stuffed in a prison, or being beaten with a stick. You > consider voting in Australia to be mandatory? The punishment is a fine, > different from loss of suffrage but not necessarily more serious. I'm not in favor of compulsory voting, but you wont have to pay the small fine unless you're too lazy to think of an excuse. Last time I got off by claiming my foot was too sore to walk to the polling station. In practice it's only compulsory to either apply for an absentee vote or attend a polling station on election day and get your name crossed off a list. You can bin the pieces of paper the official gives you. The effect is that about 70% of voters just turn up and vote the way "their" party tells them to vote. This number is in secular decline. I think what's needed is a "None of the above" option on the ballot. If "None of the above" won a majority then the office would be left vacant. (We actually had this system for student elections at my alma mater) Non-voters obviously aren't sufficiently attracted to any of the candidates to bother voting, so they should be counted as votes for "None of the above" (but not this part -- they were doing well to get a 10% turn-out for a student election). Pretty soon we'd have no government. cheers, Tim From anmetet at freedom.gmsociety.org Fri Apr 30 06:12:26 2004 From: anmetet at freedom.gmsociety.org (An Metet) Date: Fri, 30 Apr 2004 09:12:26 -0400 Subject: no anon conversations? Message-ID: <65cb06ef96e9059249828c91f05e223a@anonymous> What technologies currently exist for receiving a/psuedononymous message? With Mixmaster, sending mail, posting news, and even blog posting are possible, However, receiving replies securely or, better, holding a private conversation is difficult or impossible. Best bet seems is to encrypt and spam somewhere very public? Ugly, ugly. No technological method, just a few "trust me" remailers. Other options? From paquin at credentica.com Fri Apr 30 10:38:40 2004 From: paquin at credentica.com (Christian Paquin) Date: Fri, 30 Apr 2004 13:38:40 -0400 Subject: Credentica (Re: Is there a Brands certificate reference implementation?) In-Reply-To: References: Message-ID: <40928F20.1010405@credentica.com> Hello Steve, > From: Steve Furlong > To: dgcchat at lists.goldmoney.com, cypherpunks at al-qaeda.net > Fwd: cryptography at metzdowd.com, e$@vmeng.com > Date: 25 Apr 2004 12:14:30 -0400 > > Does anyone know of a reference implementation for Stefan Brands's > digital certificate scheme? Alternatively, does anyone have an email > address for Brands so I can ask him myself? (I haven't gotten anything > back from ZKS's "contact us" address. But I don't know if Brands is > still at ZKS.) I am one of the lead developers of Credentica, which is Stefan Brands' latest venture after his amicable departure from ZKS quite some time ago. We are exclusively focused on the development of identity and access management technology based on Stefan's Digital Credential work. Following our closing of investment from Nokia earlier this year, we started with the design and implementation of a Software Development Toolkit for Digital Credentials. We are exploring the idea of releasing parts of it under an open-source license, and intend to post updates here from time to time on our progress. More information will be available on our upcoming Web site, which should be up soon. Meanwhile, if you are interested in getting a glimpse of what we are doing, check out Stefan's keynote materials at a recent NIST PKI workshop, which you can find here: http://middleware.internet2.edu/pki04/proceedings/ Kind regards, Christian Paquin Cryptographic Developer Credentica From DaveHowe at gmx.co.uk Fri Apr 30 06:25:44 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Fri, 30 Apr 2004 14:25:44 +0100 Subject: no anon conversations? References: <65cb06ef96e9059249828c91f05e223a@anonymous> Message-ID: <08a101c42eb6$a86e4120$c71121c2@exchange.sharpuk.co.uk> An Metet wrote: > What technologies currently exist for receiving a/psuedononymous > message? With Mixmaster, sending mail, posting news, and even blog > posting are possible, However, receiving replies securely or, better, > holding a private conversation is difficult or impossible. Best bet > seems is to encrypt and spam somewhere very public? Ugly, ugly. No > technological method, just a few "trust me" remailers. Other options? Nyms, or alt.anonymous.messages are both contenders. speaking of the former - what nymservers are recommended these days? From anmetet at freedom.gmsociety.org Fri Apr 30 12:32:03 2004 From: anmetet at freedom.gmsociety.org (An Metet) Date: Fri, 30 Apr 2004 15:32:03 -0400 Subject: no anon conversations? Message-ID: <020c0cd337d619eb150f13a51a18986e@anonymous> On Fri, 2004-04-30 at 14:12, An Metet wrote: > What technologies currently exist for receiving a/psuedononymous message? > With Mixmaster, sending mail, posting news, and even blog posting are > possible, However, receiving replies securely or, better, holding a private > conversation is difficult or impossible. Best bet seems is to encrypt and > spam somewhere very public? Ugly, ugly. No technological method, just a few > "trust me" remailers. Other options? A simple option is to use a free webmail account and access it via an anonymizing proxy. You can send mail that way too. The great advantage of this is that it does not brand you as an "anonymous mail user" and thereby call attention to your activities. You look like just another of the millions of people who use such services. For anonymizing proxies, do a google search on anonymous web surfing. There are many more companies than anonymizer.com, although it is the oldest and probably the best. You can also begin experimenting with the onion routing network at http://www.freehaven.net/tor. This is like a free version of the old ZKS Freedom network where you construct a path through a number of forwarding nodes. You could also combine these and use TOR to access anonymizer.com and go from there to hotmail.com, etc. There's a new proposal out called the Pynchon Gate from Len Sassaman and Bram Cohen, http://www.freehaven.net/doc/pynchon-gate/. Sassaman is one of the main Mixmaster/Mixminion developers, and Cohen of course has revolutionized the P2P file sharing scene this past year with his BitTorrent. These guys have a pretty good pedigree for getting stuff done, and they claim to be in the process of implementing this new system. The Pynchon Gate will use a crypto protocol called Private Information Retrieval to let people receive messages anonymously. The way PIR works, all the incoming messages for all users are stored in a big database which is replicated at several servers. Recipients connect to each server and download a packet of data, which is combined at the local machine to reconstruct one incoming message. However the algorithm is such that each individual server learns nothing about which message is being fetched, protecting the receiver's anonymity. Here's a simple example of how it would work. The method relies on two properties of XOR: XORing a value with itself yields zero; and the result of XORing a random value with a predetermined pattern is still a random value. Suppose there are only two database servers, each holding 8 messages, where the messages are all split or padded to be a standard size: M1 M2 M3 M4 M5 M6 M7 M8 Suppose you want to fetch M4. Now you create a random 8-bit binary string: 1 0 1 0 0 0 0 1 Make a copy of that string and XOR in the bit position of the message we want, in this the 4th bit: 1 0 1 1 0 0 0 1 Note that because of the 2nd property of XOR listed above, both bit strings are individually indistinguishable from random and neither by itself gives any information about which bit was XOR'd. Send the first bit string to the first server and the 2nd bit string to the 2nd server. Each server XOR's the messages corresponding to the 1 bits and returns the results, which will be the size of single standard message: Server 1: M1 xor M3 xor M8 Server 2: M1 xor M3 xor M4 xor M8 The recipient xors these two messages together: (M1 xor M3 xor M8) xor (M1 xor M3 xor M4 xor M8) = (M1 xor M1) xor (M3 xor M3) xor (M8 xor M8) xor M4 = M4 The result is the required message. Individually, each server saw a random bit string and neither one by itself had any indication about which message was being fetched, hence the recipient's anonymity was protected. The same method can be generalized to larger numbers of servers, and that is the intention with the Pynchon Gate system. The privacy threat with this approach is that if the servers combine their information, they can deduce which message the recipient was fetching, by XORing all their bit strings together. However, as long as even one server is honest and refuses to go along with this, the other servers can learn nothing about which message was being fetched. This security guarantee is similar to that of a remailer chain, where if they all colluded they could track user messages, but if at least one is honest then privacy is protected. Hence it is a good match for users who rely on remailers. It's not yet clear that this method can be really practical, can scale to a reasonable number of users, resist flooding, and avoid leaking information in terms of how many requests a given user makes in a given period of time. These are serious practical issues that need to be solved. But they do have one really good idea, which is that the user-end software will be an agent that executes this protocol on a regular basis to fetch messages, then makes them available to the mail client by acting as a local POP server. All modern mail clients let you set multiple POP servers to be queried, so this should produce nearly transparent integration to existing mail clients. This concept might be copied for other mail receiving methods in the future. From joss at nekrodomos.net Fri Apr 30 08:33:36 2004 From: joss at nekrodomos.net (joss) Date: Fri, 30 Apr 2004 16:33:36 +0100 Subject: no anon conversations? In-Reply-To: References: Message-ID: <1083339216.12496.6.camel@shiva.pseudonymity.net> On Fri, 2004-04-30 at 14:12, An Metet wrote: > What technologies currently exist for receiving a/psuedononymous message? > With Mixmaster, sending mail, posting news, and even blog posting are > possible, However, receiving replies securely or, better, holding a private > conversation is difficult or impossible. Best bet seems is to encrypt and > spam somewhere very public? Ugly, ugly. No technological method, just a few > "trust me" remailers. Other options? Also, the mixminion Type-III anonymous remailer which is currently in development (www.mixminion.net) supports secure replies to anonymous messages. This technology is, however, still very much in alpha phases. Usable, but not secure. Worth looking at and following, but not useful for anonymity right now. Joss From rah at shipwright.com Fri Apr 30 14:06:39 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 30 Apr 2004 17:06:39 -0400 Subject: Fwd: [ISN] Mobile flaws expose executives to bugging Message-ID: *Took* 'em long enough... Cheers, RAH --- begin forwarded text