From mhamrick at cryptonomicon.net  Mon Feb  2 07:20:36 2004
From: mhamrick at cryptonomicon.net (Matthew S. Hamrick)
Date: Mon,  2 Feb 2004 10:20:36 -0500
Subject: Are Terrorists Using Crypto?
Message-ID: <mailman.827.1576007641.31620.cypherpunks-legacy@lists.cpunks.org>

Once again I've had to defend the domestic use of encryption technology. My
latest "opinion" is at
http://www.cryptonomicon.net/modules.php?name=News&file=article&sid=645 . I
don't know if it's of any value to either of you guys, but I thought I would
pass it along anyway.

-Matt H.

-- 
One Ringtone to rule them all, one Carrier to find them,
One Phone to bring them all and to the Service Contract bind them.

__

-------------------------------------
You are subscribed as eugen at leitl.org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

----- End forwarded message -----
-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net




From camera_lumina at hotmail.com  Mon Feb  2 13:27:04 2004
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Mon, 02 Feb 2004 16:27:04 -0500
Subject: Cypherpunks response to viral stimuli
Message-ID: <BAY7-F73H28bCGSVmRt0001a4ce@hotmail.com>

Well, I'm still wondering...

Could a TLA or other group, wanting to know who was lurking or otherwise 
subscribed to a list (such as cypherpunks) deliberately craft a virus that 
was easy to detect, for the purposes of having the automated email reply 
systems "out" that subscriber?

And then, is it possible to create some kind of filter that stops these 
replies?

Of course, it could be very difficult to determine the difference between an 
automated reply and a real posting.

ANyone have any thoughts?

-TD

_________________________________________________________________
Scope out the new MSN Plus Internet Software  optimizes dial-up to the max! 
   http://join.msn.com/?pgmarket=en-us&page=byoa/plus&ST=1




From bill.stewart at pobox.com  Mon Feb  2 16:59:15 2004
From: bill.stewart at pobox.com (Bill Stewart)
Date: Mon, 2 Feb 2004 16:59:15 -0800 (PST)
Subject: Indian Govt bans pre-paid cell because of "separatists"
Message-ID: <4819.216.240.32.1.1075769955.squirrel@smirk.idiom.com>

http://news.bbc.co.uk/2/hi/south_asia/3448581.stm

The Indian government has banned the sale of pre-paid cash cards for cell
phones in the northeastern states of Assam and Meghalaya, allegedly
because separatists have bought lots of them for hard-to-trace
communications.  Reliance Telephone, who runs cell service in those areas,
didn't feel they had a choice about complying.  (If it were VSNL, the
former telecom monopoly, that'd be no surprise, but Reliance is a big
competitor.)  Consumer groups are extremely upset and vocal (at least
until their current phone cards run out, at which point they'll become
much quieter...)  We'll see how long Bogus Homeland Security can override
consumers and smugglers.-- 

Bill Stewart bill.stewart at pobox.com




From bill.stewart at pobox.com  Mon Feb  2 17:23:02 2004
From: bill.stewart at pobox.com (Bill Stewart)
Date: Mon, 2 Feb 2004 17:23:02 -0800 (PST)
Subject: Cypherpunks response to viral stimuli
In-Reply-To: <401EDB99.80304@sunder.net>
References: <BAY7-F73H28bCGSVmRt0001a4ce@hotmail.com>        
  <20040202215202.GA11036@SDF.LONESTAR.ORG>        
  <401EDB99.80304@sunder.net>
Message-ID: <2242.216.240.32.1.1075771382.squirrel@smirk.idiom.com>

-----BEGIN PGP SIGNED MESSAGE-----
Five or ten years ago, when the Feds were still pretending to be in
control of crypto, crypto enthusiasts were still a threat - these days you
can pick up VPN boxes at the grocery store, and if they still care about
us, they're more likely to be interested in content and the identities of
active posters than in the identity of lurkers.   They can observe a lot
just by looking, or they can announce a sale on tinfoil hats and see who
responds, or ask a Stupid Newbie Question and see who flames them, or
forge a message about Guns from a Usual Suspect and see who claims that
theirs is bigger, or post about something tangential like how to stop spam
(which has pretty much replaced libertarianism and censorship as the
all-consuming discussion topic on the net.)
Viruses and Web Bugs are less likely to be useful for detecting
Cypherpunks (or Mac users, or Linux users) than for detecting the general
public - to some  extent we may be smarter about that, or at least
grumpier about HTML mail, plus some of the cpunks nodes filter out that
sort of thing.  But perhaps they're exploiting that stack overflow bug in
PGP 2.6.2 instead.
<<attachment GoodTimes.txt was deleted by RoboVirusBlocker>>
<<attachment echelon.scr was deleted by RoboVirusBlocker>>
----END PGP SIGNED MESSAGE----
----BEGIN PGP SIGNATURE BLOCK-----
LKJSHFVDJHDSKL5REWAJKLHFVJDSHVHDSKLJFHLKGJVHJHSDAFLHKJSADHFLKSAJDHR
IOUVIUASDFKLDSAFHLKJHYCLSACHADJKSDHLFCKJSDHCLKJSHLCJKHSDLKFJHSADFHF
FHVLJKHDSLKFJHWQLKJFHLKSJHDVSDAJKFHVJKLDHFVJKLHSVHHJKL3245324VCSCSS
-----END PGP SIGNATURE BLOCK------




From rsw at jfet.org  Mon Feb  2 15:09:55 2004
From: rsw at jfet.org (Riad S. Wahby)
Date: Mon, 2 Feb 2004 18:09:55 -0500
Subject: Cypherpunks response to viral stimuli
In-Reply-To: <BAY7-F73H28bCGSVmRt0001a4ce@hotmail.com>; from
  camera_lumina@hotmail.com on Mon, Feb 02, 2004 at 04:27:04PM -0500
References: <BAY7-F73H28bCGSVmRt0001a4ce@hotmail.com>
Message-ID: <20040202180955.A2959@positron.mit.edu>

Tyler Durden <camera_lumina at hotmail.com> wrote:
> And then, is it possible to create some kind of filter that stops these 
> replies?

If it's the type of virus that delivers its payload as soon as it's
viewed (relying on bugs in MSOE or whatever), then it's possible that
such a thing could go undetected, especially if AV signatures haven't
been updated to stop it.  Of course, you could also just put a web bug
in an HTML email sent to the list and wait for people to view the
message in the proper viewer (read: MSOE, &c).

Other than relying on bugs (or "features") of the mail client,
however, it seems that any such system relies on the user opening a
malicious attachment.  Any reasonably clueful person knows not to do
this, so the answer to the filter question is yes; lack of stupidity
is a filter that will stop this sort of attack.  Of course, this
assumes that the mail client doesn't automagically execute the
payload; on the other hand, it could be argued that using such a
client is itself an act of stupidity.

There's another answer as well: subscribe to a moderated node that
demimes messages before passing them on.  Viruses won't get through at
all, nor will HTML email.  LNE used demime before its demise;
pro-ns.net and al-qaeda.net do as well.

-- 
Riad Wahby
rsw at jfet.org
MIT VI-2 M.Eng




From sunder at sunder.net  Mon Feb  2 15:22:01 2004
From: sunder at sunder.net (sunder)
Date: Mon, 02 Feb 2004 18:22:01 -0500
Subject: Cypherpunks response to viral stimuli
In-Reply-To: <20040202215202.GA11036@SDF.LONESTAR.ORG>
References: <BAY7-F73H28bCGSVmRt0001a4ce@hotmail.com>
  <20040202215202.GA11036@SDF.LONESTAR.ORG>
Message-ID: <401EDB99.80304@sunder.net>

petard wrote:


> Along these same lines, mightn't a TLA or similar induce someone
> downstream of them to spam the cypherpunks remailers and collect the
> identities of those who complain?

That's got to be the dumbest thing I've ever heard of.  No TLA would do 
that.  They'd simply watch upstream of each node.  They can wait for 
outgoing messages and collect email addresses to their heart's content....

By definition, if you've subscribed to cypherpunks, you can expect all of 
the TLA's to at least know your email address.

If anything, you can blame the slew of anti-SCO and non-SCO related virii 
for the lack of messages...  If you were going to pull some half assed 
conspiracy theory, you might have come up with something more original - 
like "Maybe the TLA's are sending the virii so as to choke off the 
lists..."  But that's dumb as well for far more obvious reasons:

See, the cypherpunks is a gold mine for the TLA's.  All they have to do is 
subscribe, listen, and wait.  At some point, some poor dumb nutcase like 
Jim Bell will do something silly.  The polyester suited knights will hit 
the champale and have a nice party on his ass...

Man, the collective IQ's of the posters on this list has certainly been 
dropping lower and lower... sheesh!




From camera_lumina at hotmail.com  Mon Feb  2 18:17:17 2004
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Mon, 02 Feb 2004 21:17:17 -0500
Subject: Cypherpunks response to viral stimuli
Message-ID: <BAY7-F150jLKv0KOYLK0003a54f@hotmail.com>

Sunder wrote...

"That's got to be the dumbest thing I've ever heard of.  No TLA would do 
that.  They'd simply watch upstream of each node.  They can wait for 
outgoing messages and collect email addresses to their heart's content...."

I'm not sure I understand this. On Cypherpunks we always seem to assume that 
the TLAs have infinite amounts of cash, and that's just not the case. If 
they can spend a couple of bucks to flush out a list rather than mount some 
major operation that's what they'll do, if for no other reason than to keep 
their exposure down. And if they're going to Gitmo me one day, I sure as 
hell want them to spend  a few hundred thou rather than a few hundred, and 
hopefully leave a paper trail so I can sue the crap out of 'em if somehow I 
survive.

And in case it's not clear, I'm suggesting that it may be useful for them to 
deliberately create a "fake" virus that is easily detectable, and so cull 
the bounce messages.

-TD




>From: sunder <sunder at sunder.net>
>To: petard <petard at freeshell.org>
>CC: Tyler Durden <camera_lumina at hotmail.com>, cypherpunks at minder.net
>Subject: Re: Cypherpunks response to viral stimuli
>Date: Mon, 02 Feb 2004 18:22:01 -0500
>
>petard wrote:
>
>
>>Along these same lines, mightn't a TLA or similar induce someone
>>downstream of them to spam the cypherpunks remailers and collect the
>>identities of those who complain?
>
>That's got to be the dumbest thing I've ever heard of.  No TLA would do 
>that.  They'd simply watch upstream of each node.  They can wait for 
>outgoing messages and collect email addresses to their heart's content....
>
>By definition, if you've subscribed to cypherpunks, you can expect all of 
>the TLA's to at least know your email address.
>
>If anything, you can blame the slew of anti-SCO and non-SCO related virii 
>for the lack of messages...  If you were going to pull some half assed 
>conspiracy theory, you might have come up with something more original - 
>like "Maybe the TLA's are sending the virii so as to choke off the 
>lists..."  But that's dumb as well for far more obvious reasons:
>
>See, the cypherpunks is a gold mine for the TLA's.  All they have to do is 
>subscribe, listen, and wait.  At some point, some poor dumb nutcase like 
>Jim Bell will do something silly.  The polyester suited knights will hit 
>the champale and have a nice party on his ass...
>
>Man, the collective IQ's of the posters on this list has certainly been 
>dropping lower and lower... sheesh!

_________________________________________________________________
High-speed usersbe more efficient online with the new MSN Premium Internet 
Software. http://join.msn.com/?pgmarket=en-us&page=byoa/prem&ST=1




From rah at shipwright.com  Mon Feb  2 20:11:01 2004
From: rah at shipwright.com (R. A. Hettinga)
Date: Mon, 2 Feb 2004 23:11:01 -0500
Subject: The SWIPE Toolkit
Message-ID: <p06020434bc44cfc3e745@[66.149.49.5]>

<http://turbulence.org/Works/swipe/main.html>


THE SWIPE TOOLKIT: INTRO

The SWIPE Toolkit is a collection of web-based tools that sheds light on
personal data collection and usage practices in the United States. The
tools demonstrate the value of personal information on the open market and
enable people to access information encoded on a driver's license or stored
in some of the many commercial data warehouses.

 
Decode Your Barcode
This application unveils the mystery of the 2D barcode. Currently 39 states
use 2D barcodes to digitally store personal information on the backside of
drivers' licenses. What information is encoded on your license that
machines can read and you cannot?
 

 
Request Your Data
Send away for your information that commercial data warehouses collect
about you and sell to third party clients. What does this information look
like, how accurate is it, and who is buying it? Take a look at your data
files and find out for yourself. Currently we can help you send away for
information from ChoicePoint,Acxiom, LocatePlus and Experian. Report back
here when you receive your data and help us keep track of the companies'
response times and accuracy.
 

 
Data Calculator
How much is your personal information worth on the open market? Why are you
just giving it away whenever it is requested? Use this handy calculator to
determine the approximate value of your data bits so you can demand proper
monetary compensation. Now when you release information that will later be
sold for a profit, at least you'll be getting a cut. Use this calculator
here online or download it to your PDA and make calculations "on the go."


 


The SWIPE Toolkit is part of a larger project titled SWIPE that includes a
performance, installation, and workshop. For more information about SWIPE,
visit www.we-swipe.us or contact info at we-swipe.us. SWIPE is produced by
Beatriz da Costa, Jamie Schulte, and Brooke Singer.

The SWIPE Toolkit is a 2003 commission of New Radio and Performing Arts,
Inc. (aka Ether-Ore) for its Turbulence web site. It was made possible with
funding from the Jerome Foundation. And special thanks to Chris Hoofnagle
for his advice and support.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From morlockelloi at yahoo.com  Mon Feb  2 23:27:00 2004
From: morlockelloi at yahoo.com (Morlock Elloi)
Date: Mon, 2 Feb 2004 23:27:00 -0800 (PST)
Subject: Cypherpunks response to viral stimuli
In-Reply-To: <BAY7-F150jLKv0KOYLK0003a54f@hotmail.com>
Message-ID: <20040203072700.64846.qmail@web40610.mail.yahoo.com>

Can a TLA please give some sign here, any sign - just ack that you know the
list exists, otherwise the legitimacy of cpunks is definitely going down the
drain.

Looks like a Berlin wall syndrome.



=====
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/




From Freematt357 at aol.com  Mon Feb  2 21:09:36 2004
From: Freematt357 at aol.com (Freematt357 at aol.com)
Date: Tue, 3 Feb 2004 00:09:36 EST
Subject: Anti-Porn Zealot Bruce Taylor Lands Bush Appointment At DOJ
Message-ID: <178.2535f304.2d508710@aol.com>

Anti-Porn Zealot Bruce Taylor Lands Bush Appointment At DOJ

Bruce Taylor, has accepted an appointment to the DOJ. His official title
is Senior Counsel to the Assistant Attorney General, Criminal Division,
U.S. Department of Justice. This position, which is a presidential
appointment took place on January 26, 2004.

As Senior Counsel to the Assistant Attorney General for the Criminal
Division. He will work primarily on federal obscenity prosecution issues.

>From 1989-1994, Bruce was at the Department of Justice as a Special
Attorney in the Criminal Divisionbs National Obscenity Enforcement Unit
and then a Senior Trial Attorney in the Child Exploitation and Obscenity
Section.

He has served as an Assistant Attorney General of Arizona in 1989 and was
an Assistant Prosecutor and Assistant Director of Law for the City of
Cleveland, where he handled 600 obscenity cases and 100 appeals from
1973-78.

Since 1973, he has prosecuted nearly 100 state and federal obscenity jury
cases, as well as trials on prostitution, RICO, child pornography, and
child sexual abuse, has written over 200 appeal and amicus curiae briefs,
presented over 50 appellate arguments, and has represented public
officials, law enforcement personnel, and citizens in civil lawsuits on
civil rights, zoning, Internet pornography, nuisance abatement,
injunctions, forfeiture actions, criminal procedure, defamation, and
First Amendment challenges to federal, state, and municipal laws.

Since 1995, he was President and Chief Counsel of the National Law Center
for Children and Families in Fairfax, Virginia, where he assisted
prosecutors, police, legislators, and public officials with laws and
cases involving obscenity, child pornography, commercial sexual
exploitation, protecting minors from Internet pornography, and
trafficking in persons.




From eugen at leitl.org  Mon Feb  2 23:47:10 2004
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 3 Feb 2004 08:47:10 +0100
Subject: [IP] Charging For E-Mail (fwd from dave@farber.net)
Message-ID: <20040203074710.GO13816@leitl.org>

----- Forwarded message from Dave Farber ----- From: Dave Farber Date:
Mon, 02 Feb 2004 17:34:41 -0500 To: ip at v2.listbox.com Subject: [IP]
Charging For E-Mail X-Mailer: munch X-Mailer: QUALCOMM Windows Eudora
Version 6.0.2.0 Reply-To: dave at farber.net And there are several more good
arguments against it as proposed. Dave Delivered-To:
dfarber+ at ux13.sp.cs.cmu.edu Date: Mon, 02 Feb 2004 12:52:49 -0800 (PST)
From: Lauren Weinstein Subject: Charging For E-Mail To: dave at farber.net
Dave, Just a few notes on the issues of "charging" for e-mail... - As you
point out, any fee structure is likely to start off low and rise as
attempts are made to maximize the profit center on the part of ISPs. -
Once ISP e-mail charging schemes are in place, governments will likely
express interest in potential revenue to be derived from such sources.
The long-debunked rumor of the "e-mail tax" might well become a reality.
It has already been suggested in some quarters that the U.S. Postal
Service's new "Electronic Postmark" EPM/Authentidate system could
ultimately be a model in this regard. - It appears likely that a primary
initial use for e-mail charging schemes would be to allow certain classes
of bulk mailers to bypass ISP anti-spam filters to directly reach the
captive audience of those ISPs. If you've got the bucks, you're
classified as a "good" spammer and your wonderful offers will reach all
those "grateful" e-mail recipients without interference from those pesky
filter rules. - E-mail charging schemes can be used as an excuse to
further bind customers tightly to their current ISPs. The "SPF" e-mail
domain control system already has this effect by discouraging the
legitimate use of alternate domains by users in many cases. -
Widely-deployed e-mail charging would likely require ISPs to attempt
extremely tight, centralized control over e-mail routing to try prevent
"unauthorized" (and uncharged) e-mail flows by users operating their own
MTAs (Mail Transfer Agents), non-escrowed e-mail encryption systems,
and/or other "unapproved" technologies. Such centralized and enforced ISP
control over e-mail would obviously have drastic potential negative
privacy and security impacts. - The concept of widespread, enforced
e-mail charging neglects to acknowledge the reality that e-mail is
fundamentally an end-to-end Internet application that can be
indistinguishable at the data level from most other applications. The
backlash to e-mail charging schemes would likely give rise to vast
distributed "underground" e-mail transport systems, encrypted and even
designed to masquerade as other types of data. Even draconian attempts by
ISPs to limit their subscribers' access to alternate TCP/IP ports would
be unlikely to stem the flood of such alternate e-mail transport
environments, that could even emulate standard Web (HTTP) traffic.
Illicit music file trading would likely look like a drop in the bucket by
comparison. Bottom line: Trying to charge broadly for e-mail could well
provide a textbook definition of "Pandora's Box" brought to life.
--Lauren-- Lauren Weinstein lauren at pfir.org or lauren at vortex.com or
lauren at privacyforum.org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren
Co-Founder, PFIR - People For Internet Responsibility -
http://www.pfir.org Co-Founder, Fact Squad - http://www.factsquad.org
Co-Founder, URIICA - Union for Representative International Internet
Cooperation and Analysis - http://www.uriica.org Moderator, PRIVACY Forum
- http://www.vortex.com Member, ACM Committee on Computers and Public
Policy ------------------------------------- You are subscribed as
eugen at leitl.org To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip Archives at:
http://www.interesting-people.org/archives/interesting-people/ ----- End
forwarded message ----- -- Eugen* Leitl leitl
______________________________________________________________ ICBM:
48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014
B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org
http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From eugen at leitl.org  Tue Feb  3 02:16:50 2004
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 3 Feb 2004 11:16:50 +0100
Subject: Cypherpunks response to viral stimuli
In-Reply-To: <2242.216.240.32.1.1075771382.squirrel@smirk.idiom.com>
References: <BAY7-F73H28bCGSVmRt0001a4ce@hotmail.com>
  <20040202215202.GA11036@SDF.LONESTAR.ORG> <401EDB99.80304@sunder.net>
  <2242.216.240.32.1.1075771382.squirrel@smirk.idiom.com>
Message-ID: <20040203101650.GV13816@leitl.org>

On Mon, Feb 02, 2004 at 05:23:02PM -0800, Bill Stewart wrote:

> Five or ten years ago, when the Feds were still pretending to be in
> control of crypto, crypto enthusiasts were still a threat - these days you
> can pick up VPN boxes at the grocery store, and if they still care about
> us, they're more likely to be interested in content and the identities of
> active posters than in the identity of lurkers.   They can observe a lot

I presume tracking down people who're actually concerned about security and
take some troubles to conceal their identity would be a good bootcamp for 
beginner TLAings. Iterated tiger teams interactions will inbreed, so they
need a source of novelty. But tracking down competent h4x0rs will be no doubt far
more challenging.

> just by looking, or they can announce a sale on tinfoil hats and see who
> responds, or ask a Stupid Newbie Question and see who flames them, or
> forge a message about Guns from a Usual Suspect and see who claims that
> theirs is bigger, or post about something tangential like how to stop spam
> (which has pretty much replaced libertarianism and censorship as the
> all-consuming discussion topic on the net.)

What's the point of busting a wannabee? Just to earn some tinfoil stars, to
make your organizational unit look good? Doesn't compute. No one got
bitchslapped but the AP fellow.

> Viruses and Web Bugs are less likely to be useful for detecting
> Cypherpunks (or Mac users, or Linux users) than for detecting the general
> public - to some  extent we may be smarter about that, or at least
> grumpier about HTML mail, plus some of the cpunks nodes filter out that
> sort of thing.  But perhaps they're exploiting that stack overflow bug in
> PGP 2.6.2 instead.

If you have advanced remote-diagnostic and remote-exploit capabilities, you
never let your hand show on an insignficant target. Even if you camouflage as
a h4x0r, penetrating a well-secured box is bound to raise some eyebrows (you
don't see a packet logger in passive mode).

No doubt such capabilities are reserved for cyberwar and industrial
espionage.

P.S. Sorry about the MIME sig screwup. I forgot.

-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net




From rah at shipwright.com  Tue Feb  3 09:02:51 2004
From: rah at shipwright.com (R. A. Hettinga)
Date: Tue, 3 Feb 2004 12:02:51 -0500
Subject: The Farewell Dossier
Message-ID: <p060204bdbc45802f7d15@[66.149.49.5]>

<http://www.nytimes.com/2004/02/02/opinion/02SAFI.html?pagewanted=print&position=>

The New York Times

February 2, 2004
OP-ED COLUMNIST

The Farewell Dossier
By WILLIAM SAFIRE

ASHINGTON

Intelligence shortcomings, as we see, have a thousand fathers; secret
intelligence triumphs are orphans. Here is the unremarked story of "the
Farewell dossier": how a C.I.A. campaign of computer sabotage resulting in
a huge explosion in Siberia - all engineered by a mild-mannered economist
named Gus Weiss - helped us win the cold war.

Weiss worked down the hall from me in the Nixon administration. In early
1974, he wrote a report on Soviet advances in technology through purchasing
and copying that led the beleaguered president - ditente notwithstanding -
to place restrictions on the export of computers and software to the
U.S.S.R.

Seven years later, we learned how the K.G.B. responded. I was writing a
series of hard-line columns denouncing the financial backing being given
Moscow by Germany and Britain for a major natural gas pipeline from Siberia
to Europe. That project would give control of European energy supplies to
the Communists, as well as generate $8 billion a year to support Soviet
computer and satellite research.

President Frangois Mitterrand of France also opposed the gas pipeline. He
took President Reagan aside at a conference in Ottawa on July 19, 1981, to
reveal that France had recruited a key K.G.B. officer in Moscow Center.

 Col. Vladimir Vetrov provided what French intelligence called the Farewell
dossier. It contained documents from the K.G.B. Technology Directorate
showing how the Soviets were systematically stealing - or secretly buying
through third parties - the radar, machine tools and semiconductors to keep
the Russians nearly competitive with U.S. military-industrial strength
through the 70's. In effect, the U.S. was in an arms race with itself.

Reagan passed this on to William J. Casey, his director of central
intelligence, now remembered only for the Iran-contra fiasco. Casey called
in Weiss, then working with Thomas C. Reed on the staff of the National
Security Council. After studying the list of hundreds of Soviet agents and
purchasers (including one cosmonaut) assigned to this penetration in the
U.S. and Japan, Weiss counseled against deportation.

 Instead, according to Reed - a former Air Force secretary whose
fascinating cold war book, "At the Abyss," will be published by Random
House next month - Weiss said: "Why not help the Soviets with their
shopping? Now that we know what they want, we can help them get it." The
catch: computer chips would be designed to pass Soviet quality tests and
then to fail in operation.

 In our complex disinformation scheme, deliberately flawed designs for
stealth technology and space defense sent Russian scientists down paths
that wasted time and money.

 The technology topping the Soviets' wish list was for computer control
systems to automate the operation of the new trans-Siberian gas pipeline.
When we turned down their overt purchase order, the K.G.B. sent a covert
agent into a Canadian company to steal the software; tipped off by
Farewell, we added what geeks call a "Trojan Horse" to the pirated product.

 "The pipeline software that was to run the pumps, turbines and valves was
programmed to go haywire," writes Reed, "to reset pump speeds and valve
settings to produce pressures far beyond those acceptable to the pipeline
joints and welds. The result was the most monumental non-nuclear explosion
and fire ever seen from space."

 Our Norad monitors feared a nuclear detonation, but satellites that would
have picked up its electromagnetic pulse were silent. That mystified many
in the White House, but "Gus Weiss came down the hall to tell his fellow
NSC staffers not to worry. It took him another twenty years to tell me why."

 Farewell stayed secret because the blast in June 1982, estimated at three
kilotons, took place in the Siberian wilderness, with no casualties known.
Nor was the red-faced K.G.B. about to complain publicly about being tricked
by bogus technology. But all the software it had stolen for years was
suddenly suspect, which stopped or delayed the work of thousands of worried
Russian technicians and scientists.

 Vetrov was caught and executed in 1983. A year later, Bill Casey ordered
the K.G.B. collection network rolled up, closing the Farewell dossier. Gus
Weiss died from a fall a few months ago. Now is a time to remember that
sometimes our spooks get it right in a big way. 


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From sunder at sunder.net  Tue Feb  3 10:28:47 2004
From: sunder at sunder.net (sunder)
Date: Tue, 03 Feb 2004 13:28:47 -0500
Subject: Cypherpunks response to viral stimuli
In-Reply-To: <BAY7-F150jLKv0KOYLK0003a54f@hotmail.com>
References: <BAY7-F150jLKv0KOYLK0003a54f@hotmail.com>
Message-ID: <401FE85F.6030503@sunder.net>

Tyler Durden wrote:

> And in case it's not clear, I'm suggesting that it may be useful for 
> them to deliberately create a "fake" virus that is easily detectable, 
> and so cull the bounce messages.

Right, why should they do something passive that doesn't tip their hand and 
allows them to collect the information they need, when instead they can do 
something active and stupid that could possibly give away their position.

Think about it.  In fact, apply Occam's Razor to this, in fine, thin slices:

If you were a TLA and you'd want to send a "fake" virus, it would need to 
be something that would trip every anti-virus software that anyone could 
possibly run, but yet, not be a virus, and you'd need to do so without 
giving away your IP address - while making it look like it came from lots 
of sources.  If you'd only use a single IP address, the guy that runs the 
node would likely block you as a virus source.

Then, on top of it, you'd have to *HOPE* that none of your targets saw the 
real version of the virus, and then bothered to compare the two, or worse 
yet, dissect the decoy you've sent, and figure out that it isn't real.


How's would you do this and have it be successful?  Unless, of course, you 
wish to claim that the TLA's wrote the anti-SCO viruses?  In which case, 
there's a lovely bridge between Brooklyn and Manhattan that I would gladly 
sell you...  Real cheap...  it's a bit old, but it's in decent shape... 
No?  How about some nice foil hats?  Real cheap...  For you, only $100 each 
(plus tax of course)... guaranteed to be made of 100% aluminum foil.


Or would you instead, simply just stick a Carnivore machine at one hop 
above each CDR node that you're interested in, and gather the information 
you wanted with nearly zero risk of tipping your hand?  Or even simpler 
than that, get a hotmail or yahoomail account and just subscribe.  Which of 
the above scenarios makes the most sense in terms of Occam's?


P.S.: I stand by my original statement: the collective IQ of the posters on 
list is dropping.




From declan at well.com  Tue Feb  3 10:44:02 2004
From: declan at well.com (Declan McCullagh)
Date: Tue, 03 Feb 2004 13:44:02 -0500
Subject: No subject
Message-ID: <mailman.828.1576007641.31620.cypherpunks-legacy@lists.cpunks.org>

---


From camera_lumina at hotmail.com  Tue Feb  3 10:57:07 2004
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Tue, 03 Feb 2004 13:57:07 -0500
Subject: Cypherpunks response to viral stimuli
Message-ID: <BAY7-F80bCJnEMzAUor00008b2d@hotmail.com>

"Or would you instead, simply just stick a Carnivore machine at one hop 
above each CDR node that you're interested in, and gather the information 
you wanted with nearly zero risk of tipping your hand?  Or even simpler than 
that, get a hotmail or yahoomail account and just subscribe.  Which of the 
above scenarios makes the most sense in terms of Occam's?"

While you make some good points, you've way overstated both sides of your 
argument.
But this statement..."simply stick a Carnivore machine at one hop above each 
CDR node"...
Isn't that almost like saying "simply splice into the undersea cable"? Of 
course, if we're talking about hunting down Osama bin Laden a TLA (or 
whoever) would probably do that. But in terms of merely rounding up the 
names of potential trouble makers (particularly when they don't want anyone 
to know that they're doing this) it seems to be an awfully easy thing to do.

As for the fake virus part, all they need to do is go to some year-old virus 
list, select a virus, and send one directly through a non-de-mimed list 
server, and then watch what comes out. Seems a lot cheaper and easier.

But this misses the point: Even IF this would be "stupid", it would be 
stupider still to be aware that this is possible, and then not implement a 
fix (if a cheap fix is available). De-miming is now obvious.
In other words, the idea is not to compare dick sizes but to actually force 
them to spend huge amounts of money on trivial tasks, by raising aware of 
and plugging any holes that become evident. That assymetry is exactly what 
crypto is, in a nutshell.

-TD



>From: sunder <sunder at sunder.net>
>To: Tyler Durden <camera_lumina at hotmail.com>
>CC: petard at freeshell.org, cypherpunks at minder.net
>Subject: Re: Cypherpunks response to viral stimuli
>Date: Tue, 03 Feb 2004 13:28:47 -0500
>
>Tyler Durden wrote:
>
>>And in case it's not clear, I'm suggesting that it may be useful for them 
>>to deliberately create a "fake" virus that is easily detectable, and so 
>>cull the bounce messages.
>
>Right, why should they do something passive that doesn't tip their hand and 
>allows them to collect the information they need, when instead they can do 
>something active and stupid that could possibly give away their position.
>
>Think about it.  In fact, apply Occam's Razor to this, in fine, thin 
>slices:
>
>If you were a TLA and you'd want to send a "fake" virus, it would need to 
>be something that would trip every anti-virus software that anyone could 
>possibly run, but yet, not be a virus, and you'd need to do so without 
>giving away your IP address - while making it look like it came from lots 
>of sources.  If you'd only use a single IP address, the guy that runs the 
>node would likely block you as a virus source.
>
>Then, on top of it, you'd have to *HOPE* that none of your targets saw the 
>real version of the virus, and then bothered to compare the two, or worse 
>yet, dissect the decoy you've sent, and figure out that it isn't real.
>
>
>How's would you do this and have it be successful?  Unless, of course, you 
>wish to claim that the TLA's wrote the anti-SCO viruses?  In which case, 
>there's a lovely bridge between Brooklyn and Manhattan that I would gladly 
>sell you...  Real cheap...  it's a bit old, but it's in decent shape... No? 
>  How about some nice foil hats?  Real cheap...  For you, only $100 each 
>(plus tax of course)... guaranteed to be made of 100% aluminum foil.
>
>
>Or would you instead, simply just stick a Carnivore machine at one hop 
>above each CDR node that you're interested in, and gather the information 
>you wanted with nearly zero risk of tipping your hand?  Or even simpler 
>than that, get a hotmail or yahoomail account and just subscribe.  Which of 
>the above scenarios makes the most sense in terms of Occam's?
>
>
>P.S.: I stand by my original statement: the collective IQ of the posters on 
>list is dropping.

_________________________________________________________________
Check out the new MSN 9 Dial-up  fast & reliable Internet access with prime 
features! http://join.msn.com/?pgmarket=en-us&page=dialup/home&ST=1




From dave at farber.net  Tue Feb  3 12:26:52 2004
From: dave at farber.net (Dave Farber)
Date: Tue, 03 Feb 2004 15:26:52 -0500
Subject: [IP] Are terrorists using encryption to cloak
  their secrets?
Message-ID: <mailman.829.1576007641.31620.cypherpunks-legacy@lists.cpunks.org>



From dave at farber.net  Tue Feb  3 12:28:45 2004
From: dave at farber.net (Dave Farber)
Date: Tue, 03 Feb 2004 15:28:45 -0500
Subject: [IP] Bruce Schneier on ID cards and the
  "illusion of security"
Message-ID: <mailman.830.1576007641.31620.cypherpunks-legacy@lists.cpunks.org>


http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2004/02/03/EDGSI4M3171.DTL&type=printable

 How We Are Fighting the War on Terrorism
 IDs and the illusion of security
 Bruce Schneier
 Tuesday, February 3, 2004
 San Francisco Chronicle | Feedback | FAQ


 In recent years there has been an increased use of identification checks
as a security measure. Airlines always demand photo IDs, and hotels
increasingly do so. They're often required for admittance into government
buildings, and sometimes even hospitals. Everywhere, it seems, someone is
checking IDs. The ostensible reason is that ID checks make us all safer,
but that's just not so. In most cases, identification has very little to do
with security.

 Let's debunk the myths:

 First, verifying that someone has a photo ID is a completely useless
security measure. All the Sept. 11 terrorists had photo IDs. Some of the
IDs were real. Some were fake. Some were real IDs in fake names, bought
from a crooked DMV employee in Virginia for $1,000 each. Fake driver's
licenses for all 50 states, good enough to fool anyone who isn't paying
close attention, are available on the Internet. Or if you don't want to buy
IDs online, just ask any teenager where to get a fake ID.

 Harder-to-forge IDs only help marginally, because the problem is not
making sure the ID is valid. This is the second myth of ID checks: that
identification combined with profiling can be an indicator of intention.

 Our goal is to somehow identify the few bad guys scattered in the sea of
good guys. In an ideal world, what we would want is some kind of ID that
denotes intention. We'd want all terrorists to carry a card that says
"evildoer" and everyone else to carry a card that said "honest person who
won't try to hijack or blow up anything." Then, security would be easy. We
would just look at people's IDs and, if they were evildoers, we wouldn't
let them on the airplane or into the building.

 This is, of course, ridiculous, so we rely on identity as a substitute. In
theory, if we know who you are, and if we have enough information about
you, we can somehow predict whether you're likely to be an evildoer. This
is the basis behind CAPPS-2, the government's new airline passenger
profiling system. People are divided into two categories based on various
criteria: the traveler's address, credit history and police and tax
records; flight origin and destination; whether the ticket was purchased by
cash, check or credit card; whether the ticket is one way or round trip;
whether the traveler is alone or with a larger party; how frequently the
traveler flies; and how long before departure the ticket was purchased.

 Profiling has two very dangerous failure modes. The first one is obvious.
Profiling's intent is to divide people into two categories: people who may
be evildoers and need to be screened more carefully, and people who are
less likely to be evildoers and can be screened less carefully.

 But any such system will create a third, and very dangerous, category:
evildoers who don't fit the profile. Oklahoma City bomber Timothy McVeigh,
Washington-area sniper John Allen Muhammed and many of the Sept. 11
terrorists had no previous links to terrorism. The Unabomber taught
mathematics at UC Berkeley. The Palestinians have demonstrated that they
can recruit suicide bombers with no previous record of anti-Israeli
activities. Even the Sept. 11 hijackers went out of their way to establish
a normal-looking profile; frequent-flier numbers, a history of first-class
travel and so on. Evildoers can also engage in identity theft, and steal
the identity -- and profile -- of an honest person. Profiling can result in
less security by giving certain people an easy way to skirt security.

 There's another, even more dangerous, failure mode for these systems:
honest people who fit the evildoer profile. Because evildoers are so rare,
almost everyone who fits the profile will turn out to be a false alarm.
This not only wastes investigative resources that might be better spent
elsewhere, but it causes grave harm to those innocents who fit the profile.
Whether it's something as simple as "driving while black" or "flying while
Arab," or something more complicated such as taking scuba lessons or
protesting the Bush administration, profiling harms society because it
causes us all to live in fear...not from the evildoers, but from the police.

 Security is a trade-off; we have to weigh the security we get against the
price we pay for it. Better trade-offs are to spend money on intelligence
and analysis, investigation and making ourselves less of a pariah on the
world stage. And to spend money on the other, nonterrorist security issues
that affect far more Americans every year.

 Identification and profiling don't provide very good security, and they do
so at an enormous cost. Dropping ID checks completely, and engaging in
random screening where appropriate, is a far better security trade-off.
People who know they're being watched, and that their innocent actions can
result in police scrutiny, are people who become scared to step out of
line. They know that they can be put on a "bad list" at any time. People
living in this kind of society are not free, despite any illusionary
security they receive. It's contrary to all the ideals that went into
founding the United States.

 Bruce Schneier, CTO of Counterpane Internet Security in Cupertino, is the
author of "Beyond Fear: Thinking Sensibly About Security in an Uncertain
World" (Copernicus Books, 2003).

-------------------------------------
You are subscribed as eugen at leitl.org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

----- End forwarded message -----
-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net




From gnu at toad.com  Tue Feb  3 18:33:09 2004
From: gnu at toad.com (John Gilmore)
Date: Tue, 03 Feb 2004 18:33:09 -0800
Subject: AAMVA National ID Forum, Feb 26-29
Message-ID: <mailman.831.1576007641.31620.cypherpunks-legacy@lists.cpunks.org>

They call it the "2004 Driver Licensing and Identification Security
Forum".  But what it really is about is making "one individual, one
document, one database record" -- in other words, one national ID per
person in the US, that happens to be issued by the US states (and
Canadian provinces and Mexican states).

Join the bureaucrats who are plotting to make this happen, in scenic
Houston, Feb 26-29.  (Don't forget to show your ID to travel there,
and also to check in to the Westin Galleria, "of course".  That
requirement is why I won't be there; I'm under regional arrest because
I refuse to get, or show, such an ID.)  Feb 29th is specially set
aside as "Canada Day" for dealing with how Canadian provinces are
going to issue these coordinated "US National IDs".

  http://www.aamva.org/events/mnu_evt2004IDSecuritySummit.asp
    (Meeting Contact: Lucia Osterbind, +1 703 522 4200)

This AAMVA project is a multi-year effort that started before 9/11 but
accelerated afterward, in a misguided attempt to categorize and file
every person on the continent so we'll then know all the "good guys"
from the "bad guys" and can merely lock up all the bad guys and then
we'll feel safe.  The bills that authorize and enable this cross-state
collaboration are due to be introduced in state legislatures STARTING
NOW, and need active opposition from local privacy groups.  But
first, you need information about what they're up to -- so attend.

Privacy activists and journalists should converge on this conference,
to find out what's really happening, and to ask them if they've lost
their minds.  Curiously, the scheme is being perpetrated by middle
level bureaucrats in state motor vehicle agencies, who actually think
they are doing good for the world by tracking every citizen from the
cradle to the grave.  Privacy activists have been absent from their
deliberations for years.  Neither their bosses the Governors, nor
their own legislatures, know what they are up to.  (The Feds are in it
up to their armpits, of course, but only as "advisors".)

	John Gilmore

_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)

-------------------------------------
You are subscribed as eugen at leitl.org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

----- End forwarded message -----
-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net




From wmo at rebma.pro-ns.net  Tue Feb  3 16:55:36 2004
From: wmo at rebma.pro-ns.net (Bill O'Hanlon)
Date: Tue, 3 Feb 2004 18:55:36 -0600
Subject: Cypherpunks response to viral stimuli
In-Reply-To: <BAY7-F80bCJnEMzAUor00008b2d@hotmail.com>
References: <BAY7-F80bCJnEMzAUor00008b2d@hotmail.com>
Message-ID: <20040204005536.GA93866@rebma.pro-ns.net>

On Tue, Feb 03, 2004 at 01:57:07PM -0500, Tyler Durden wrote:
> 
> But this statement..."simply stick a Carnivore machine at one hop above 
> each CDR node"...
> Isn't that almost like saying "simply splice into the undersea cable"? Of 


No.  Not even a little bit like that.




From shaddack at ns.arachne.cz  Tue Feb  3 10:03:33 2004
From: shaddack at ns.arachne.cz (Thomas Shaddack)
Date: Tue, 3 Feb 2004 19:03:33 +0100 (CET)
Subject: The Farewell Dossier
In-Reply-To: <p060204bdbc45802f7d15@[66.149.49.5]>
References: <p060204bdbc45802f7d15@[66.149.49.5]>
Message-ID: <0402031813460.-1321381456@somehost.domainz.com>

>  "The pipeline software that was to run the pumps, turbines and valves was
> programmed to go haywire," writes Reed, "to reset pump speeds and valve
> settings to produce pressures far beyond those acceptable to the pipeline
> joints and welds. The result was the most monumental non-nuclear explosion
> and fire ever seen from space."

Russians did one BIG mistake: they entrusted a critical system into the
hands of a single electronical system. Safety systems should be a
multi-level combination of approaches; from mechanical safety valves
(which may be as simple as a thinner patch of metal with defined pressure
resistance mounted over a pipeline tap, so when an overpressure happens
the line blows in a known, easy to guard and inspect (and replace) place,
instead in a weld or junction somewhere) to a diverse array of monitoring
tools sourced by multiple vendors. In case of full dependence on foreign
(and hostile) source, the acquired system has to be thoroughly
reverse-engineered and audited. In cases where it is
impossible/impractical, eg. big computer systems, another system should
check a subset of the results of the main computer, and alert about
possible discrepancies.

As added advantage, this approach catches not only intentional sabotages,
but also natural mishaps.

This story wasn't a success of US sabotage by far as much as it was a
blatant failure of Soviet engineering.

God is. His name is Murphy. Engineer defensively.




From jtrjtrjtr2001 at yahoo.com  Tue Feb  3 23:41:44 2004
From: jtrjtrjtr2001 at yahoo.com (Sarad AV)
Date: Tue, 3 Feb 2004 23:41:44 -0800 (PST)
Subject: cloak their secrets? (fwd from dave@farber.net)
In-Reply-To: <20040203224522.GS13816@leitl.org>
Message-ID: <20040204074144.69312.qmail@web21205.mail.yahoo.com>

if  terrorists used compression instead of
cryptography,it is not possible to determine that they
are terrorists in the first place. If some one knows
that,the given person is a terrorist,you can bust him
whether or not he uses cryptography.Just because 
terrorist uses cryptograhy, doesn't allow others to
identify him as a terrorist and if you cant identify a
terrorist,it is immaterial that he uses crypto or not.

This never should be the reason for govt. to moderate
cryotography in the future.


Sarath.
--- Eugen Leitl <eugen at leitl.org> wrote:
> ----- Forwarded message from Dave Farber
> <dave at farber.net> -----
> 
> From: Dave Farber <dave at farber.net>
> Date: Tue, 03 Feb 2004 15:26:52 -0500
> To: ip at v2.listbox.com
> Subject: [IP] Are terrorists using encryption to
> cloak
>   their secrets?
> X-Mailer: munch
> X-Mailer: QUALCOMM Windows Eudora Version 6.0.2.0
> Reply-To: dave at farber.net
> 
> 
> Delivered-To: dfarber+ at ux13.sp.cs.cmu.edu
> Date: Tue, 03 Feb 2004 13:44:02 -0500
> From: Declan McCullagh <declan at well.com>
> ---
> 
> Date: Mon,  2 Feb 2004 10:20:36 -0500
> From: "Matthew S. Hamrick"
> <mhamrick at cryptonomicon.net>
> To: jya at cryptome.org, declan at well.com
> Subject: Are Terrorists Using Crypto?
> 
> Once again I've had to defend the domestic use of
> encryption technology. My
> latest "opinion" is at
>
http://www.cryptonomicon.net/modules.php?name=News&file=article&sid=645
> . I
> don't know if it's of any value to either of you
> guys, but I thought I would
> pass it along anyway.
> 
> -Matt H.
> 
> -- 
> One Ringtone to rule them all, one Carrier to find
> them,
> One Phone to bring them all and to the Service
> Contract bind them.
> 
> __
> 
> -------------------------------------
> You are subscribed as eugen at leitl.org
> To manage your subscription, go to
>  http://v2.listbox.com/member/?listname=ip
> 
> Archives at:
>
http://www.interesting-people.org/archives/interesting-people/
> 
> ----- End forwarded message -----
> -- Eugen* Leitl <a href="http://leitl.org">leitl</a>
>
______________________________________________________________
> ICBM: 48.07078, 11.61144           
> http://www.leitl.org
> 8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443
> 8B29 F6BE
> http://moleculardevices.org        
> http://nanomachines.net
> 


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/




From eugen at leitl.org  Tue Feb  3 14:45:00 2004
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 3 Feb 2004 23:45:00 +0100
Subject: [IP] Bruce Schneier on ID cards and the "illusion of security"
  (fwd from dave@farber.net)
Message-ID: <20040203224500.GR13816@leitl.org>

----- Forwarded message from Dave Farber <dave at farber.net> -----


From eugen at leitl.org  Tue Feb  3 14:45:22 2004
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 3 Feb 2004 23:45:22 +0100
Subject: [IP] Are terrorists using encryption to cloak their secrets?
  (fwd from dave@farber.net)
Message-ID: <20040203224522.GS13816@leitl.org>

----- Forwarded message from Dave Farber <dave at farber.net> -----


From jtrjtrjtr2001 at yahoo.com  Tue Feb  3 23:48:16 2004
From: jtrjtrjtr2001 at yahoo.com (Sarad AV)
Date: Tue, 3 Feb 2004 23:48:16 -0800 (PST)
Subject: Indian Govt bans pre-paid cell because of "separatists"
In-Reply-To: <4819.216.240.32.1.1075769955.squirrel@smirk.idiom.com>
Message-ID: <20040204074816.70410.qmail@web21205.mail.yahoo.com>

hi,

The threat from seperatists is very real from north
eastern states of india, the terrain is full of
mountains and jungle, the army itself go in big groups
in this region. Private gun owner ship(smuggled) are
very high in this part of the country.

Sarath.


--- Bill Stewart <bill.stewart at pobox.com> wrote:
> http://news.bbc.co.uk/2/hi/south_asia/3448581.stm
> 
> The Indian government has banned the sale of
> pre-paid cash cards for cell
> phones in the northeastern states of Assam and
> Meghalaya, allegedly
> because separatists have bought lots of them for
> hard-to-trace
> communications.  Reliance Telephone, who runs cell
> service in those areas,
> didn't feel they had a choice about complying.  (If
> it were VSNL, the
> former telecom monopoly, that'd be no surprise, but
> Reliance is a big
> competitor.)  Consumer groups are extremely upset
> and vocal (at least
> until their current phone cards run out, at which
> point they'll become
> much quieter...)  We'll see how long Bogus Homeland
> Security can override
> consumers and smugglers.-- 
> 
> Bill Stewart bill.stewart at pobox.com
> 
> 
> 
> 


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/




From declan at well.com  Wed Feb  4 05:45:43 2004
From: declan at well.com (Declan McCullagh)
Date: Wed, 04 Feb 2004 08:45:43 -0500
Subject: No subject
Message-ID: <mailman.832.1576007641.31620.cypherpunks-legacy@lists.cpunks.org>



From eugen at leitl.org  Wed Feb  4 06:39:06 2004
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 4 Feb 2004 15:39:06 +0100
Subject: MetaCarta
Message-ID: <20040204143906.GG24465@leitl.org>

 ip2location (which is surprisingly accurate) on steroids.
http://news.bbc.co.uk/1/hi/technology/3430987.stm Spooks turn to hi-tech
geography By Alfred Hermida BBC News Online technology editor Imagine
being able to pinpoint someone's location anywhere in the world simply by
typing a few keywords on your PC. That is what software partly funded by
the US military is trying to do. The MetaCarta program works by analysing
thousands of documents and cross-checking the results with a massive
geographical database. So far it has largely been used by US intelligence
agencies to analyse the huge amount of information collected as part of
the war on terror. "The government and international security agencies
have a desire to find, track and sometimes arrest people," said Randy
Ridley, MetaCarta's Vice President of Sales. "Our system can be used to
find them across the globe." "Perhaps it could be used to find Osama Bin
Laden by checking out various aspects of Afghanistan and other parts of
the world where we think he might be and see if there is a lot of data
that supports a potential presence," he told BBC News Online. Patterns of
activity The company behind the software was founded in 1999 by
researchers from the renowned Massachusetts Institute of Technology. It
received funding from the Defense Advanced Research Projects Agency and
the investment arm of the CIA to develop its MetaCarta Geographic Text
Search program. In three to four years we expect this software to be
ubiquitous, something that everybody has to use to do their work Randy
Ridley, MetaCarta The software automatically extracts geographic
references from text documents such as e-mails or webpages. Millions of
documents can be searched using keywords, place names or a time
reference. Search results appear as points on a map instead of as a list
of documents. The company says this information can be used, for example,
to track patterns of criminal activity and identify spots of intensity.
The software relies on the reliability of the documents searched. But the
program tries to take account of some of these factors by making sure it
has found the right location. This can be particularly tricky in the
Middle East, where many place names are the same as a person's name. To
counter this, the MetaCarta software uses an AI process to make sense of
the geographical information, rating the results on a probability factor.
'Ubiquitous' software The company sees its product as giving the
intelligence community an edge in providing timely and reliable analysis
of mountains of data. "Government agencies have information archived,
streaming in," said Mr Ridley. "We estimate that there is roughly 1,000
to one or 10,000 to one productivity advantage over a human doing it
manually, depending on the process." "In three to four years we expect
this software to be ubiquitous," he added, "something that everybody has
to use to do their work." Since September 11, US security agencies have
increasingly turned to technology to help them process website postings,
internet chat and e-mail traffic. MetaCarta was exhibiting its technology
at the recent Government Convention on Emerging Technologies in Las
Vegas, which showcases hi-tech products developed for use in the fight
against terror. Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/1/hi/technology/3430987.stm Published:
2004/01/30 09:04:35 GMT -- Eugen* Leitl leitl
______________________________________________________________ ICBM:
48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014
B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org
http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From dave at farber.net  Wed Feb  4 13:30:22 2004
From: dave at farber.net (Dave Farber)
Date: Wed, 04 Feb 2004 16:30:22 -0500
Subject: [IP] AAMVA National ID Forum scheduled for Feb
  26-29 in Houston [priv]
Message-ID: <mailman.833.1576007641.31620.cypherpunks-legacy@lists.cpunks.org>



From eugen at leitl.org  Thu Feb  5 03:56:34 2004
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 5 Feb 2004 12:56:34 +0100
Subject: [IP] AAMVA National ID Forum scheduled for Feb 26-29 in Houston
  [priv] (fwd from dave@farber.net)
Message-ID: <20040205115634.GN24465@leitl.org>

----- Forwarded message from Dave Farber <dave at farber.net> -----


From s.schear at comcast.net  Sat Feb  7 09:28:43 2004
From: s.schear at comcast.net (Steve Schear)
Date: Sat, 07 Feb 2004 09:28:43 -0800
Subject: Seven years jail, $150,000 fine if you don't tell the world  
  your email and home address
Message-ID: <6.0.1.1.0.20040207092753.053abba0@mail.comcast.net>

Senator Lamar Smith of Texas - chairman of the Courts, the Internet and 
Intellectual Property Subcommittee of the House Judiciary Committee - 
yesterday produced from nowhere extensions to the 1946 Trademark Act that 
would make giving false contact information for a domain name a civil and 
criminal offence.

http://www.theregister.co.uk/content/6/35376.html


A foolish Constitutional inconsistency is the hobgoblin of freedom, adored 
by judges and demagogue statesmen.
- Steve Schear 




From hseaver at cybershamanix.com  Sat Feb  7 16:09:24 2004
From: hseaver at cybershamanix.com (Harmon Seaver)
Date: Sat, 7 Feb 2004 18:09:24 -0600
Subject: Feds win rights to war protesters records.
Message-ID: <20040208000924.GA29560@cybershamanix.com>

  Also, activists subpoened to grand jury. 


http://story.news.yahoo.com/news?tmpl=story&u=/ap/20040207/ap_on_re_us/activist_investigation


-- 
Harmon Seaver	
CyberShamanix
http://www.cybershamanix.com




From s.schear at comcast.net  Sat Feb  7 18:23:53 2004
From: s.schear at comcast.net (Steve Schear)
Date: Sat, 07 Feb 2004 18:23:53 -0800
Subject: Feds win rights to war protesters records.
In-Reply-To: <20040208000924.GA29560@cybershamanix.com>
References: <20040208000924.GA29560@cybershamanix.com>
Message-ID: <6.0.1.1.0.20040207182201.05390648@mail.comcast.net>

At 04:09 PM 2/7/2004, Harmon Seaver wrote:

>   Also, activists subpoened to grand jury.
>
>
>http://story.news.yahoo.com/news?tmpl=story&u=/ap/20040207/ap_on_re_us/activist_investigation

This is why all such records, if they are generated at all, should be held 
offshore and accessible only through a procedure which includes a duress 
clause.

steve  




From blueeskimo at phreaker.net  Sat Feb  7 17:22:01 2004
From: blueeskimo at phreaker.net (Adam)
Date: Sat, 7 Feb 2004 20:22:01 -0500
Subject: Feds win rights to war protesters records.
In-Reply-To: <20040208000924.GA29560@cybershamanix.com>
References: <20040208000924.GA29560@cybershamanix.com>
Message-ID: <20040207202201.5f6edff3.blueeskimo@phreaker.net>

On Sat, 7 Feb 2004 18:09:24 -0600
Harmon Seaver <hseaver at cybershamanix.com> wrote:

>   Also, activists subpoened to grand jury. 
> 
> 
> http://story.news.yahoo.com/news?tmpl=story&u=/ap/20040207/ap_on_re_us/activist_investigation
> 

I don't see how this could possibly be legal. How can they get away with
this? Grrrr


-- 
Adam




From shaddack at ns.arachne.cz  Sat Feb  7 21:07:34 2004
From: shaddack at ns.arachne.cz (Thomas Shaddack)
Date: Sun, 8 Feb 2004 06:07:34 +0100 (CET)
Subject: Seven years jail, $150,000 fine if you don't tell the world
    your email and home address
In-Reply-To: <6.0.1.1.0.20040207092753.053abba0@mail.comcast.net>
References: <6.0.1.1.0.20040207092753.053abba0@mail.comcast.net>
Message-ID: <0402080557570.-1216902800@somehost.domainz.com>

On Sat, 7 Feb 2004, Steve Schear wrote:
> Senator Lamar Smith of Texas - chairman of the Courts, the Internet and
> Intellectual Property Subcommittee of the House Judiciary Committee -
> yesterday produced from nowhere extensions to the 1946 Trademark Act that
> would make giving false contact information for a domain name a civil and
> criminal offence.

Does it apply only to domains registered through US companies? Does it
apply to out-of-country people (eg. if I register a .com site in Europe,
with false (or, better said, privacy-compliant) contact information, could
I be jailed if I'd visit the USA, or be extradited there)? Does it apply
to domains registered through a "trust", where the registering person is
offshore, not a subject to US law, while the end user is merely the one to
whose machines the A and MX records point to? What if the machines are
also offshore, with just the services leased to their user? What about
domain registrars of foreign countries, eg. Korea or Hong Kong?

Due to the global nature of the Internet, this proposal has more holes
than a pound of Swiss cheese and any technically minded person would laugh
it off.

Which, due to the nature of politicos, makes it more likely to pass.




From rah at shipwright.com  Sun Feb  8 17:18:08 2004
From: rah at shipwright.com (R. A. Hettinga)
Date: Sun, 8 Feb 2004 20:18:08 -0500
Subject: Ancient clay stamp seals and sealings of  Sri Lanka
Message-ID: <p06020438bc4c8c6a4340@[66.149.49.5]>

<http://www.sundayobserver.lk/2004/02/08/fea20.html>
Sunday,  8 February 2004
 

Online edition of Sunday Observer - Business

Ancient clay stamp seals and sealings of  Sri Lanka

by Rajah M. Wickremesinghe
The world's oldest clay stamp seal had been unearthed in 1990 in the
ancient Mesopotamian city of Ur. This city was situated in Southern Iraq
along the river Euphrates, below present day Baghdad. The seal is
attributed to a king of the 1st dynasty of Babylon circa 2550 BC.

 Sarah Kielt has in her work expressed the opinion that the various  types
of seals discovered by archaeologists can be dated from as far back  as
6000 BC particularly in the ancient civilisations of the Near East.  Roger
J. Mathews identifies such seals as stamp, cylinder, and tablet, the  last
named bearing a seal impression on both sides.

 A stamp seal could even have been attached to a ring and has only one
impression impression as opposed to a cylinder seal which had multiple
imprints on it. The latter were utilized by rolling them on to wet clay.
Cylinder seals have an aperture running through the centre in its entire
length, facilitating being rolled. They could also be worn round the
owners neck to make it secure. It is accepted by archaeologists that
cylinder seals had been invented in Southern Mesopotamia around 3500 BC.

 Seals provide important evidence similarly to coins, for the
re-construction of ancient socio-economic history of a region. Many active
trading and administrative centres of ancient civilisations have yielded
seals and sealings of clay in very large numbers. This has enabled the
uncovering of their hidden secrets.

 Seals had initially been used for accounting and later as Temple  records,
for administration purposes and lastly as trading receipts. In  the Near
East it is observed that the advent of coins was centuries after  the use
of seals.

 However, in Sri Lanka we note that in Ruhuna a unique lead coinage
inscribed in Brahmi appears simultaneously with seals and clay sealings.

A sealing is the impression of a seal pressed on wet clay, its usage
similar to that in modern times, when sealing wax is placed over a knot,
in the instance string is used to secure a parcel or package. In ancient
times a lump of clay was pressed over the knot of string or strapping
securing packages or bundles and then marked with the senders seal which
was his stamp of ownership. Sealings were also used when the mouth of jars
or containers were covered with woven material and secured with a string.
In Mesopotamia they were in addition used to securing containers, jars,
baskets, sacks, leather bags and also door ways and lids of boxes.

 The clay sealing 32x30 mm (fig. 1) bearing the legend 'Maharaja Gamini
Tissaha Devanampiya' in Nagari Script meaning 'of the great king Gamini
Tissa the beloved of the Gods' was found by a villager cultivating his
land in Akurugoda in Tissamaharama in 1989. In 'Ruhuna an ancient
civilisation revisited' co-authored by O. Bopearachchi and the writer it
is attributed to king Saddhatissa 77 - 59 BC.

 This at present is the oldest attested clay sealing found in the  island.
At the centre of the seal is a railed swastika with the above  noted legend
distributed on the three sides excluding the base.

 Two other sealings also of the same provenance are illustrated (Figs.  II
and III). One depicts the foreparts of two lions each facing opposite
directions with outstretched fore legs and the other a lion and elephant
similarly joined. Both sealings have distinct legends in Brahmi.

 The three sealings described above are not trade sealings. They have no
impressions of string at the back and could be identified as having been
used only for an administrative purpose. This places these three sealings
apart from all other sealings described.

 Clay trade sealings

Fig. IV depicts a sealing with evidence of a securing device (appearing  to
be a strap and not string at the back) and bears a large railed  swastika
68x58 mm. with an indistinct Brahmi legend on the outer edge.  This
presently is the largest trade sealing found in the Island.

Fig. V is of a unique clay sealing yet unpublished, found in Niyadella  in
Ruhuna in 1996 where figures similar to those found on Roman coins of  the
early Christian era, are clearly visible in the three separate stamps  on
the sealing. On the reverse instead of a string it depicts the design  of a
woven reed mat on which the seal has been placed. Another clay  sealing
depicting the head of a Roman soldier similar to those on 3rd  century
brass Roman coins had been found in Tissamaharama in 1989.

 Over 30 stamp sealings recording trade had been found in Akurugoda,
depicting male and female figures, lions, elephants, bulls and humped
bulls both standing and seated, wild boar, fishes, and one in which one
animal appears to be attacking another astride its back. Illustrated are
clay trade sealings with clear evidence of string used for securing - 'A'
an elephant (the reverse clearly depicts evidence of the manner of
securing) 'B' a horse, 'D' a standing humped bull and 'E' a recumbent
bull. These animals are variously featured in pre - 3rd century AD coins
of Sri Lanka. Also illustrated is a modern sealing - bearing the seal of
the GPO Kandy in order to enable readers to have an easier understanding
of a 'sealing'.

 Seals

Of over 20 seals found in Akurugoda in 1989-90 one made of bone bearing  3
Brahmi characters is in the shape of an inverted pudding bowl Fig. VI.
Some large clay seals found in Ruhuna depict variations of the railed
swastika.

 A clay seal with clear finger prints on the body of the seal and
depicting a standing horse is at Fig. VII. One seal made of ivory which
provided the impression of a seated bull had a hole pierced through its
stem facilitating it to be worn on a string (Fig. VIII). Fig IX is of a
juggling acrobat, possibly an entertainer in the king's court.

 Dr. Siran Deraniyagala the former Director General of Arahcaeology had  in
excavations at Gedige in Anuradhapura in 1979, discovered a unique
carnelian seal. H. Parker at the Yatthala dagaba in Tissamaharama had 100
years previously in 1884 found a seal also of carnelian which he believed
had been attached to a ring. Semi-precious gem-stones including carnelian
were often used in the manufacture of intaglios.

Such intaglios mounted on rings produced sealings when stamped on clay.
"Ruhuna an ancient civilisation re-visited' features colour  illustrations
of intaglios found in Akurugoda in Tissamaharama, as well as  other
relevant finds.

 A cylinder type seal also found in Akurugoda made of wood, with six  sides
had a hole through two sides through which a string or rod could be passed.
It bears a legend in Brahmi on the remaining four sides as seen on a
plasticine impression Fig. X.

 This legend is read as 'of Tissya, son of the accountant Goratha'  written
in Brahmi. Collectors should be aware of modern imitations.

 The author is currently the President of the Sri Lanka Numismatic  Society.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Mon Feb  9 12:48:51 2004
From: rah at shipwright.com (R. A. Hettinga)
Date: Mon, 9 Feb 2004 15:48:51 -0500
Subject: MIPI serves papers on Kazaa offices in Vanuatu
Message-ID: <p0602041ebc4da23b61aa@[66.149.49.5]>

For any of you who still think that "regulatory arbitrage", or
"jurisdiction shopping" ever had a chance...

Cheers,
RAH
-------


<http://www.smh.com.au/cgi-bin/common/popupPrintArticle.pl?path=/articles/2004/02/09/1076175068630.html>

The Sydney Morning Herald
   Print this article |   Close this window

MIPI serves papers on Kazaa offices in Vanuatu
 By Online Staff
 February 9, 2004

 The enforcement arm of the Australian record industry has served papers on
two Kazaa-related companies in Vanuatu, following the raids which took
place on Friday and Saturday.

 Music Industry and Piracy Investigations general manager Michael Speck
said both Sharman Networks and Sharman Licensed Holdings had been served
with papers this morning.

 Speck said the case would be taken to court on the morrow, with MIPI
alleging that the operations of Sharman infringed copyright in Australia.

 AAP adds: While the Record Industry Association of America has been
ferocious in its quest to stamp out illegal file-sharing, The Australian
Recording Industry Association (ARIA) has appeared less than active in
recent years, despite Kazaa operating out of Sydney for the last three
years. That is, until Friday.

 The man behind the raid is Michael Speck, the head of ARIA's Music
Industry Piracy Investigations (MIPI) unit.

 "We started an investigation six months ago and it was based on technical
and physical changes in the infrastructure of Kazaa," Speck said.

 "At that point it was becoming apparent that they had become an Australian
operation infringing Australian copyright".

 Although Kazaa has been based in Sydney for the last three years, it was
only recently after internal changes that the company was recognised
legally as an Australian operation.

 "Essentially there were physical changes to the resources and technical
changes of the software that make it clear that what the Kazaa operation is
doing is clear-cut infringement of copyright in Australia," Speck said.

 "We've actually over the last several years run a whole range of important
strategic cases. The objective of those cases was to develop a safe and
productive environment for music business and their consumers. As far as
Kazaa is concerned this last six month period has changed their position.

 ARIA/MIPI issued proceedings against Kazaa in the Australian Federal court
under strict guidelines.

 "It was a civil raid by way of Anton Pilar orders" Speck said.

 "What they are is the civil equivalent of a search warrant. On Thursday we
went to the Federal court and we applied for orders to attend premises, to
obtain documentary and electronic evidence that related to the Kazaa
operation. To do that, you have to show the court you have a case and a
fear about the dissipation of evidence before the orders are issued.

 "When the orders are issued they are on a very restricted basis. You are
obliged to take an independent lawyer who reports directly to the court
about the conduct of the search or any search process and also about what
was located and taken. On the team is also a music industry lawyer, a music
industry investigator and a computer forensics expert. By way of context,
when you do these, you don't actually take anything away. You copy it. We
started at about 8am and the very last group of investigators left the
offices of Kazaa in the early hours of Saturday morning."

 According to Speck, they entered "the offices of the Kazaa operation, so
Sharman at Cremorne, the home of Nikki Hemming, the chief executive of the
Sharman organisation, the home of Philip Moore, the IT director, Brilliant
Digital Entertainment, the joint venture partners and the home of Kevin
Bermeister, the chief executive of Brilliant".

 The three Universities were "Queensland, The University of NSW and Monash".

 The four ISPs were Telstra, Akamai, iHug and NTT.

 "There are no allegations against the universities or ISPs," Speck says.
"They simply because of the nature of their business contain evidence we
believe is relevant against the Kazaa operation".

 Speck expects action will be swift.

 "We are back in court on Tuesday to report on the search," he says.
"Generally at that time, a timetable is set for the case to start and
evidence to be put forward. It will be a relatively quick process".


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From s.schear at comcast.net  Wed Feb 11 08:15:58 2004
From: s.schear at comcast.net (Steve Schear)
Date: Wed, 11 Feb 2004 08:15:58 -0800
Subject: Offshoring of commercial data...
In-Reply-To: <BAY7-F61KShPdHfKsp30003e272@hotmail.com>
References: <BAY7-F61KShPdHfKsp30003e272@hotmail.com>
Message-ID: <6.0.1.1.0.20040211080850.05787e90@mail.comcast.net>

At 07:44 AM 2/11/2004, Tyler Durden wrote: >Steve Schear wrote... >
>>This is why all such records, if they are generated at all, should be
>>held offshore and accessible only through a procedure which includes a
>>duress clause. > >This leads me to an interesting set of ideas I've
been playing with recently. > >Let's say I work for a large commercial
entity with very large amounts of >data about lots of US (and other)
consumers. Let's also say that I'm >starting to feel that the integrity
of this data can't be assured under >the current (or future) regime in
DC. (And this lack-of-integrity may play >out as a very real
marketing/customer service issue.) Let's also say that >I've convinced
the relevant parties within this commerical entity to start >moving this
data (or a copy of it, perhaps) offshore, where it can be more >readily
'protected'. > >Has this kind of thing been done already? (I'm talking
about huge amounts >of commercial data.) And, how is that data placed so
that there's a >reasonable level of confidence that it's 'safe' (ie, if
the data were >moved to the UK I would assume our cronies over there
would be eager to >help DC dig out whatever they needed). Do we need a
few copies in varying >political regimes in order for this to work? Since
some very sensitive citizen data is already being accessed and processed
offshore I doubt there are laws against its only copy being moved
offshore as well. The companies doing so, of course, would need to
prevent the data's corruption or misuse. >ALso, anybody know if there are
any legal consequences/risks here in the >US if this was even attempted?
(ie, 'moving' data really means copying >overseas and then destroying the
local copy...I assume a big corporation >could do this without any legal
consequences...). > >Also, is this even worth doing or is there some big
hole in the logic >here? (Tyler Durden being a Cypherpunk of the Stoopid
variety...) In at least a few cases large companies have been blackmailed
by offshore workers unhappy with pay. I can't recall the exact details
but one situation, I think, involved some Pakistanis threatening to
release confidential medical patient data, a clear violation of the HIPPA
regs., if they didn't get more dosh. steve
 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus
system (http://www.grisoft.com). Version: 6.0.574 / Virus Database: 364 -
Release Date: 1/29/2004




From camera_lumina at hotmail.com  Wed Feb 11 07:44:24 2004
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Wed, 11 Feb 2004 10:44:24 -0500
Subject: Offshoring of commercial data...
Message-ID: <BAY7-F61KShPdHfKsp30003e272@hotmail.com>

Steve Schear wrote...

>This is why all such records, if they are generated at all, should be held 
>offshore and accessible only through a procedure which includes a duress 
>clause.

This leads me to an interesting set of ideas I've been playing with 
recently.

Let's say I work for a large commercial entity with very large amounts of 
data about lots of US (and other) consumers. Let's also say that I'm 
starting to feel that the integrity of this data can't be assured under the 
current (or future) regime in DC. (And this lack-of-integrity may play out 
as a very real marketing/customer service issue.) Let's also say that I've 
convinced the relevant parties within this commerical entity to start moving 
this data (or a copy of it, perhaps) offshore, where it can be more readily 
'protected'.

Has this kind of thing been done already? (I'm talking about huge amounts of 
commercial data.) And, how is that data placed so that there's a reasonable 
level of confidence that it's 'safe' (ie, if the data were moved to the UK I 
would assume our cronies over there would be eager to help DC dig out 
whatever they needed). Do we need a few copies in varying political regimes 
in order for this to work?

ALso, anybody know if there are any legal consequences/risks here in the US 
if this was even attempted? (ie, 'moving' data really means copying overseas 
and then destroying the local copy...I assume a big corporation could do 
this without any legal consequences...).

Also, is this even worth doing or is there some big hole in the logic here? 
(Tyler Durden being a Cypherpunk of the Stoopid variety...)

Hey...someone whip a copy of this to old Crotchety May...I bet he's already 
looked into this.

-TD

_________________________________________________________________
Keep up with high-tech trends here at "Hook'd on Technology." 
http://special.msn.com/msnbc/hookedontech.armx




From skquinn at xevious.kicks-ass.net  Thu Feb 12 15:33:20 2004
From: skquinn at xevious.kicks-ass.net (Shawn K. Quinn)
Date: Thu, 12 Feb 2004 17:33:20 -0600
Subject: Where did everyone go?
In-Reply-To: <20040212180811.H3006@seul.org>
References: <20040212175120.510e7172.blueeskimo@phreaker.net>
  <20040212180811.H3006@seul.org>
Message-ID: <200402121733.20505.skquinn@xevious.kicks-ass.net>

On Thursday 2004 February 12 17:08, Gabriel Rocha wrote:
> 		On Thu, Feb 12, at 05:51PM, Adam wrote:
> | The old Cypherpunks node (LNE) was much more active. Since that one
> | went down and I joined up on this one, traffic has decreased by 80%
> | (at least). Where did all those guys go (Tim May, Major Variola,
> | James Donald, etc)? Is there a different node that most people
> | migrated to?
>
> It seems alot of people just didn't migrate at all... A shame really.

I was off the list for a while, and only rarely posted when I was on it. 
I just didn't have the time for the better part of a year. But, now I'm 
back into studying security/privacy/cryptography stuff so I'll probably 
be on the list again for a long while.

-- 
Shawn K. Quinn




From blueeskimo at phreaker.net  Thu Feb 12 14:51:20 2004
From: blueeskimo at phreaker.net (Adam)
Date: Thu, 12 Feb 2004 17:51:20 -0500
Subject: Where did everyone go?
Message-ID: <20040212175120.510e7172.blueeskimo@phreaker.net>

The old Cypherpunks node (LNE) was much more active. Since that one went
down and I joined up on this one, traffic has decreased by 80% (at
least). Where did all those guys go (Tim May, Major Variola, James
Donald, etc)? Is there a different node that most people migrated to?

-- 
Adam




From declan at well.com  Thu Feb 12 16:07:24 2004
From: declan at well.com (Declan McCullagh)
Date: Thu, 12 Feb 2004 18:07:24 -0600
Subject: Windows source leaked?
In-Reply-To: <20040212182525.B24434@positron.mit.edu>; from rsw@jfet.org
  on Thu, Feb 12, 2004 at 06:25:25PM -0500
References: <20040212182525.B24434@positron.mit.edu>
Message-ID: <20040212180724.A11019@baltwash.com>

On Thu, Feb 12, 2004 at 06:25:25PM -0500, Riad S. Wahby wrote:
> Windows source would endanger future projects (assuming, of course,
> that simple copying---which is clearly illegal---doesn't happen).
> Comments?

Why would it? There may be some problems on the margin, but for the
most part I think it's /. silliness.

-Declan




From gabe at seul.org  Thu Feb 12 15:08:12 2004
From: gabe at seul.org (Gabriel Rocha)
Date: Thu, 12 Feb 2004 18:08:12 -0500
Subject: Where did everyone go?
In-Reply-To: <20040212175120.510e7172.blueeskimo@phreaker.net>; from
  blueeskimo@phreaker.net on Thu, Feb 12, 2004 at 05:51:20PM -0500
References: <20040212175120.510e7172.blueeskimo@phreaker.net>
Message-ID: <20040212180811.H3006@seul.org>

		On Thu, Feb 12, at 05:51PM, Adam wrote:
| The old Cypherpunks node (LNE) was much more active. Since that one went
| down and I joined up on this one, traffic has decreased by 80% (at
| least). Where did all those guys go (Tim May, Major Variola, James
| Donald, etc)? Is there a different node that most people migrated to?

It seems alot of people just didn't migrate at all... A shame really.




From rsw at jfet.org  Thu Feb 12 15:15:59 2004
From: rsw at jfet.org (Riad S. Wahby)
Date: Thu, 12 Feb 2004 18:15:59 -0500
Subject: Where did everyone go?
In-Reply-To: <20040212180811.H3006@seul.org>; from gabe@seul.org on Thu,
  Feb 12, 2004 at 06:08:12PM -0500
References: <20040212175120.510e7172.blueeskimo@phreaker.net>
  <20040212180811.H3006@seul.org>
Message-ID: <20040212181558.A24434@positron.mit.edu>

Gabriel Rocha <gabe at seul.org> wrote:
> It seems alot of people just didn't migrate at all... A shame really.

Unfortunately, this appears to be the case.  

All of the presently-operational nodes of which I'm aware (pro-ns,
algebra, minder, and al-qaeda) still communicate, so any traffic to
other nodes does get through to al-qaeda.net subscribers.  The traffic
just isn't there any more.

That said, please don't refrain from talking just because it seems
like fewer are listening now.  A little controversy goes a long way in
generating interesting (or at least non-noise) traffic.

-- 
Riad Wahby
rsw at jfet.org
MIT VI-2 M.Eng




From rsw at jfet.org  Thu Feb 12 15:25:25 2004
From: rsw at jfet.org (Riad S. Wahby)
Date: Thu, 12 Feb 2004 18:25:25 -0500
Subject: Windows source leaked?
Message-ID: <20040212182525.B24434@positron.mit.edu>

Among others, /. is reporting that Win2k and WinNT source code may
have leaked.  

http://slashdot.org/article.pl?sid=04/02/12/2114228

Does anyone here have any good evidence as concerns the truth or
falsity of this claim?

Lots has been said about OSS developers not wanting to look at this
for fear that they will be "tainted."  While it is true that simply
the act of looking at the code is unauthorized and illegal, I wonder
if there is any truth to the claim that a developer who looked at
Windows source would endanger future projects (assuming, of course,
that simple copying---which is clearly illegal---doesn't happen).
Comments?

-- 
Riad Wahby
rsw at jfet.org
MIT VI-2 M.Eng




From camera_lumina at hotmail.com  Fri Feb 13 06:42:30 2004
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Fri, 13 Feb 2004 09:42:30 -0500
Subject: FCC Rules on Internet Telephony
Message-ID: <BAY7-F83St26MEENTX300056625@hotmail.com>

This came out on lightreading.com. Seems there's one tiny step backward for 
CALEA w.r.t Internet telephony. I guess it's obvious the FBI will eventually 
get it's way, but it's be interesting to see how it goes about it from here 
out.

-TD


At its open meeting today, the FCC took a couple of baby steps toward 
providing regulatory clarity on Internet telephony.

The first big decision was a victory for VOIP proponents. The commission 
ruled that Pulver.com's Free World Dialup VOIP service is an information 
service, not a telecommunications service. The decision was based largely on 
the analysis that it doesn!/t fit the 1996 Telecom Act!/s definition of a 
telecommunications service.

!0There is no question that this doesn!/t constitute a telecommunications 
service,!1 said commissioner Kathleen Abernathy. !0It falls squarely outside 
that statutory definition.!1


That analysis was shared by commissioner Jonathan Adelstein: !0Pulver.com!/s 
service is largely unregulated today and, in my view, should stay that 
way.!1

Commissioner Michael Copps dissented amid concerns that the FCC hadn!/t 
fully considered the implications, particularly for law enforcement, 
universal service, and public safety. !0I!/m afraid we!/re leaping before 
we!/re looking,!1 he said. !0This rush to reclassify will lead us down a 
road where we!/re compelled to engage in legal calisthenics and contortion 
of both CALEA and the 1996 Telecom Act to meet our statutory obligations. 
This is admittedly an important decision, but not so important that it 
cannot wait a little while longer while we conduct an expeditious review.!1

That review is coming. After the vote on Free World Dialup, the commission 
initiated a Notice of Proposed Rulemaking (NPRM) on Internet telephony (see 
http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-243868A1.doc). 
Although the commission is starting from the premise that VOIP should be 
subject to minimal regulation, it still has to clarify issues such as 
wiretaps and whether Internet telephony is an intrastate or interstate 
service.

However, there are two reasons to believe that the FCC won!/t issue an Order 
on VOIP until late 2004 -- if then. First, the commission historically 
doesn!/t undertake major policy initiatives in a Presidential election year. 
Second, Internet telephony is such a complex issue with such far-reaching 
implications that it!/s difficult to see how it could be resolved to 
everyone!/s satisfaction, let alone in one fell swoop.

One thing is clear: The commission believes that federal regulators, not 
states, should set VOIP regulations. The NPRM is an opportunity to avoid a 
patchwork of rules across the country, Abernathy says. Nevertheless, 
completely preempting state authority likely would send Internet telephony 
to the courts, prolonging uncertainty.

!* Tim Kridel, Senior Editor, Heavy Reading



--------------------------------------------------------------------------------

_________________________________________________________________
Let the advanced features & services of MSN Internet Software maximize your 
online time. http://click.atdmt.com/AVE/go/onm00200363ave/direct/01/




From DaveHowe at gmx.co.uk  Fri Feb 13 02:26:33 2004
From: DaveHowe at gmx.co.uk (Dave Howe)
Date: Fri, 13 Feb 2004 10:26:33 -0000
Subject: Windows source leaked?
References: <20040212182525.B24434@positron.mit.edu>
Message-ID: <00f901c3f21b$dde22510$c71121c2@exchange.sharpuk.co.uk>

Riad S. Wahby wrote:
> Lots has been said about OSS developers not wanting to look at this
> for fear that they will be "tainted."  While it is true that simply
> the act of looking at the code is unauthorized and illegal, I wonder
> if there is any truth to the claim that a developer who looked at
> Windows source would endanger future projects (assuming, of course,
> that simple copying---which is clearly illegal---doesn't happen).
> Comments?
I suspect a little of the other direction may come into play - OSS writers
checking though the source to see if any of *their* code has been added to
the MS product... Sorta like SCO and system V -> Linux ;)




From rah at shipwright.com  Fri Feb 13 07:52:15 2004
From: rah at shipwright.com (R. A. Hettinga)
Date: Fri, 13 Feb 2004 10:52:15 -0500
Subject: Electricity Teleportation Devised
Message-ID: <p06020430bc5297f4ff4a@[66.149.49.5]>

<http://www.technologyreview.com/articles/rnb_020904.asp?trk=nl>

Technology Review  



TOPIC > Computers and Electronics > Computers
  ?Electricity Teleportation Devised

Technology Research News  February 9, 2004

Researchers from Leiden University in the Netherlands have devised a way to
teleport electricity.

 Teleportation is possible at the atomic scale, and was discovered a decade
ago for photons in free space. The researchers' proposal works for
electrons contained in conductors, and could eventually be used within
computer circuits.

A major obstacle to quantum teleportation is that in a metal or
semiconductor electrons exist in a crowd, dubbed the Fermi sea, making
individual electrons difficult to isolate and manipulate.

When the two carriers of electrical current -- negatively charged electrons
and positively charged holes -- meet, they cancel each other out. The
researchers have postulated that an entangled electron, however, could
continue its existence at a distant location.

Entangled electrons are connected in such a way that specific properties of
the electrons remain synchronized regardless of the physical distance
between them.

The method could eventually be used to instantly transport information
between the quantum bits, or qubits, of a quantum computer if electrons
could be transported over distances of around 100 microns. Quantum
computers use the properties of particles like photons, electrons and atoms
to compute and are theoretically very fast at certain large problems,
including those that would render today's encryption-based security systems
obsolete.

Laboratory demonstrations showing that the method could be used to
transport electrons a few microns could happen within two to five years;
practical applications are a decade or two away, according to the
researchers. The work appeared in the December, 2003 issue of Physical
Review Letters.




-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From ptrei at rsasecurity.com  Fri Feb 13 08:13:14 2004
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Fri, 13 Feb 2004 11:13:14 -0500
Subject: Free RSA Expo passes available
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A064A7545@EXNA07>

The RSA Security Conference in San Francisco is coming up:
Feb 23-27.

As in the past, free Expo passes are available if you register online at
the conference site: http://2004.rsaconference.com/ (The expo is not
open all days - check the schedule).

Last year, getting a badge required an ID and getting photographed.
I expect its the same this year. Some list members succeeded in 
gaming this system in highly entertaining ways.

Peter




From rah at shipwright.com  Fri Feb 13 08:21:52 2004
From: rah at shipwright.com (R. A. Hettinga)
Date: Fri, 13 Feb 2004 11:21:52 -0500
Subject: File Sharing's New Face
Message-ID: <p06020450bc52a98c1f28@[66.149.49.5]>

<http://www.nytimes.com/2004/02/12/technology/circuits/12shar.html?position=&pagewanted=print&position=>

The New York Times

February 12, 2004

File Sharing's New Face
By SETH SCHIESEL

EATTLE

AFTER working for a parade of doomed dot-com startups, a young programmer
named Bram Cohen finally got tired of failure.

"I decided I finally wanted to work on a project that people would actually
use, would actually work and would actually be fun," he recalled.

 Three years later, Mr. Cohen, 28, has emerged as the face of the next wave
of Internet file sharing. If Napster started the first generation of
file-sharing, and services like Kazaa represented the second, then the
system developed by Mr. Cohen, known as BitTorrent, may well be leading the
third. Firm numbers are difficult to come by, but it appears that the
BitTorrent software has been downloaded more than 10 million times.

And just as earlier forms of file-sharing seem to be waning in popularity
under legal pressure from the music industry, new technologies like
BitTorrent are making it easier than ever to share and distribute the huge
files used for video. One site alone,

 suprnova.org, routinely offers hundreds of television programs, recent
movies and copyrighted software programs. The movie industry, among others,
has taken notice.

What Mr. Cohen has created, however, seems beyond his control. And when he
was developing the system, he said, widespread copyright infringement was
not what he had in mind.

Rather, he was intrigued by a problem familiar to many Internet users and
felt acutely by friends who were trading music online legally: the
excruciating wait while files were being downloaded.

"Obviously their problem was not enough bandwidth to meet demand," Mr.
Cohen said in an interview at a Mexican restaurant near his home in
Seattle. "It seemed pretty clear to me that there is a lot of bandwidth out
there, but it's not being used properly. There's all of this upload
capacity that people aren't using."

That was the essential insight behind BitTorrent. Under older file-sharing
systems like Napster and Kazaa, only a small subset of users actually share
files with the world. Most users simply download, or leech, in cyberspace
parlance.

BitTorrent, however, uses what could be called a Golden Rule principle: the
faster you upload, the faster you are allowed to download. BitTorrent cuts
up files into many little pieces, and as soon as a user has a piece, they
immediately start uploading that piece to other users. So almost all of the
people who are sharing a given file are simultaneously uploading and
downloading pieces of the same file (unless their downloading is complete).

The practical implication is that the BitTorrent system makes it easy to
distribute very large files to large numbers of people while placing
minimal bandwidth requirements on the original "seeder." That is because
everyone who wants the file is sharing with one another, rather than
downloading from a central source. A separate file-sharing network known as
eDonkey uses a similar system.

For Mr. Cohen, BitTorrent was always about exercising his brain rather than
trying to fatten his wallet. Unlike many other file-sharing programs,
BitTorrent is both free and open-source, which means that those with enough
technical know-how can incorporate Mr. Cohen's code into their own programs.

While writing the software, "I lived on savings for a while and then I
lived off credit cards, you know, using those zero percent introductory
rates to use one credit card to pay off the previous card," Mr. Cohen said.

The first usable version of BitTorrent appeared in October 2002, but the
system needed a lot of fine-tuning. Luckily for Mr. Cohen, he was living in
the Bay Area at the time and his project had attracted the attention of
John Gilmore, the free-software entrepreneur, who had also been one of the
first employees at  Sun Microsystems. Mr. Gilmore ended up helping Mr.
Cohen with some of his living expenses while he finished the system.

"Part of what matters to me about this is that it makes it possible for
people with limited bandwidth to supply very popular files," Mr. Gilmore
said in a telephone interview. "It means that if you are a small software
developer you can put up a package, and if it turns out that millions of
people want it, they can get it from each other in an automated way."

 BitTorrent really started to take off in early 2003 when it was used to
distribute a new version of Linux and fans of Japanese anime started
relying on it to share cartoons.

It is difficult to measure BitTorrent's overall use. But Steven C. Corbato,
director of backbone network infrastructure for Internet2, the high-speed
network consortium, said he took notice in May. "We started seeing
BitTorrent traffic increase right around May 15, 2003, and by October it
was above 10 percent of the traffic," he said.

Data for the week of Jan. 26, which Mr. Corbato said was the latest
reliable information, showed that BitTorrent generated 9.3 percent of the
total data traffic on Internet2's so-called Abilene backbone, which
connects more than 200 of the nation's biggest research universities, in
addition to laboratories and state education networks. By contrast, no
other file sharing system registered more than 1 percent of the traffic,
though Mr. Corbato said his network might be underreporting the use of
those other services.

Just a few months ago, however, that success still had not translated into
dollars for Mr. Cohen.

"This past September I had, like, no money," he recalled. "I was just
scraping along and doing the credit card thing again."

But unknown to Mr. Cohen, BitTorrent was serving as a job application. Out
of the blue, he heard from Gabe Newell, the managing director of Valve
Software, based in nearby Bellevue, Wash. Valve is developing what gaming
experts anticipate will be a blockbuster video game, Half-Life 2, but it is
also creating an online distribution network that it calls Steam. Because
of Mr. Cohen's expertise in just that area, Valve offered him a job. He
moved to Seattle and started work in October.

 "When we looked around to see who was doing the most interesting work in
this space, Bram's progress on BitTorrent really stood out," Mr. Newell
said. "The distributed publishing model embedded in BitTorrent is exactly
the kind of thing media companies need to build on for their own systems."

All along, Mr. Cohen had accepted donations from BitTorrent users at his
Web site, bitconjurer.org, but the sum had been minimal. In October,
however, Mr. Cohen's father prevailed on him to ask a bit more directly.
Now, Mr. Cohen said, he is receiving a few hundred dollars a day.

"It's been a pretty dramatic turnaround in lifestyle in just a few months,
with the job and the donations coming in," Mr. Cohen said. "It's nice."

According to survey data from the Pew Internet and American Life Project,
file sharing is on the wane, apparently as a result of the music industry's
legal offensive. Last May, 29 percent of adult Internet users in the United
States reported that they had engaged in file sharing; that figure dropped
to 14 percent in a survey conducted in November and December. Nonetheless,
the ranks of the BitTorrent faithful - whether anime fanatics, Linux users,
Deadheads or movie pirates - appear to be growing. And some are quite
thankful to Mr. Cohen.

"I think Bram is going to be like Shawn Fanning in terms of the impact this
is going to have," said Steve Hormell, a co-founder of etree.org, a
music-trading site that predates the file-sharing phenomenon, referring to
the inventor of the original Napster service. "It is a bit of paradigm
shift and I can't stress the community aspect of it enough. You have to
give back in order to get. Going back 15 years, that's what the Internet
was all about until the suits came along."

Not surprisingly, the movie industry is not amused. "BitTorrent is
definitely on our radar screen," Tom Temple, the director for Internet
enforcement for the Motion Picture Association of America, said in a
telephone interview. While the association first became aware of the
technology about a year ago, BitTorrent's surging popularity prompted the
group to start sending infringement notices to BitTorrent site operators in
November.

"We do have investigations open into various BitTorrent link sites that
could lead to either civil or criminal prosecution in the near future," Mr.
Temple said.

For his part, Mr. Cohen pointed out that BitTorrent users are not anonymous
and that their numeric Internet addresses are easily viewable by anyone who
cares. "It amazes me that sites like Suprnova continue to stay up, because
it would be so easy to sue them," he said. Using BitTorrent for illegal
trading, he added, is "patently stupid because it's not anonymous, and it
can't be made anonymous because it's fundamentally antithetical to the
architecture."

That said, Mr. Cohen is not in the nanny business.

"I'm not going to get up on my high horse and tell others not to do it
because it's not my place to berate people," he said. "I just sort of watch
it with some amusement."


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From ptrei at rsasecurity.com  Fri Feb 13 08:43:11 2004
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Fri, 13 Feb 2004 11:43:11 -0500
Subject: Call to the Usual Suspects
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A064A7547@EXNA07>

I'll be in the SF/SJ area the week of the RSA conference.
Anyone interested in getting together for dinner one night?

We used to try to schedule a BA Cypherpunks Physical
Meeting to match up with the event, but the PMs seem to
have died out.

Peter Trei




From mv at cdc.gov  Fri Feb 13 11:45:34 2004
From: mv at cdc.gov (Major Variola (ret))
Date: Fri, 13 Feb 2004 11:45:34 -0800
Subject: Windows source leaked?
Message-ID: <402D295E.65C6F8C9@cdc.gov>

[sent to al-q; does cypherpunks-moderated at minder.net forward there?]

At 06:25 PM 2/12/04 -0500, Riad S. Wahby wrote:
>Among others, /. is reporting that Win2k and WinNT source code may
>have leaked.

The horror, the horror.

>Lots has been said about OSS developers not wanting to look at this
>for fear that they will be "tainted."  While it is true that simply
>the act of looking at the code is unauthorized and illegal,

If you didn't steal it, its not your problem if you read it.

I wonder
>if there is any truth to the claim that a developer who looked at
>Windows source would endanger future projects (assuming, of course,
>that simple copying---which is clearly illegal---doesn't happen).

How would M$ show that you had in fact read the code?
And if you didn't copy it, why would a court care?




From ericm at lne.com  Fri Feb 13 14:08:13 2004
From: ericm at lne.com (Eric Murray)
Date: Fri, 13 Feb 2004 14:08:13 -0800
Subject: Windows source leaked?
In-Reply-To: <402D295E.65C6F8C9@cdc.gov>; from mv@cdc.gov on Fri, Feb
  13, 2004 at 11:45:34AM -0800
References: <402D295E.65C6F8C9@cdc.gov>
Message-ID: <20040213140813.A17313@slack.lne.com>

On Fri, Feb 13, 2004 at 11:45:34AM -0800, Major Variola (ret) wrote:
(in reply to someone else)
> 
> >Lots has been said about OSS developers not wanting to look at this
> >for fear that they will be "tainted."  While it is true that simply
> >the act of looking at the code is unauthorized and illegal,
> 
> If you didn't steal it, its not your problem if you read it.

I disagree.  I don't have time to look up the cases now
but there have been a number of cases of companies being sued for
(effectively) their programmers having SEEN some other code.
The theory being that they are somehow contaminated with
the valuable ideas embodied within and are helpless to resist
implementing them.  This has resulted in
many companies having "chinese walls" between some programming
groups who are working on a version of a competitors product that
the company has the code for.

This may not be "right", but it was extremely common in the early 90s.
It's very expensive so I would be quite suprised if there was not
strong case law on this.

> I wonder
> >if there is any truth to the claim that a developer who looked at
> >Windows source would endanger future projects (assuming, of course,
> >that simple copying---which is clearly illegal---doesn't happen).
> 
> How would M$ show that you had in fact read the code?

They'd just alledge that you had, and then have "discovery"
all through your files.  Essentially any program could look
like an "infriging work" to some judge somewhere.

If I were a conspiracy theorist I'd say tha MS released the code
themselves just for this reason.

Eric




From mv at cdc.gov  Fri Feb 13 15:13:43 2004
From: mv at cdc.gov (Major Variola (ret))
Date: Fri, 13 Feb 2004 15:13:43 -0800
Subject: Windows source leaked?
Message-ID: <402D5A27.9790FCC0@cdc.gov>

At 02:08 PM 2/13/04 -0800, Eric Murray wrote:
>On Fri, Feb 13, 2004 at 11:45:34AM -0800, Major Variola (ret) wrote:
>(in reply to someone else)
>>
>> >Lots has been said about OSS developers not wanting to look at this
>> >for fear that they will be "tainted."  While it is true that simply
>> >the act of looking at the code is unauthorized and illegal,
>>
>> If you didn't steal it, its not your problem if you read it.

>I disagree.

I meant there is no crime in reading anyone elses (lost) trade secrets.

I don't have time to look up the cases now
>but there have been a number of cases of companies being sued for
>(effectively) their programmers having SEEN some other code.
>The theory being that they are somehow contaminated with
>the valuable ideas embodied within and are helpless to resist
>implementing them.  This has resulted in
>many companies having "chinese walls" between some programming
>groups who are working on a version of a competitors product that
>the company has the code for.

Yes I know about this.  The solution was that the engineers
worked from specs only and had never seen the code.  It was OK
if the specs were derived from reverse engineering, or in M$'s case,
a source leak.  So a cleanroom use of leaked code (Alice extracts specs,

Bob who doesn't look at the code writes to them.) would be OK.

How are you going to show that Bob read the leaked code?
There simply won't be enough similarity *even if* (I'll assert)
Bob does take a peak.  Unless he's got photographic memory in
which case he should be in Vegas.

>This may not be "right", but it was extremely common in the early 90s.
>It's very expensive so I would be quite suprised if there was not
>strong case law on this.

Its mostly about employee-grabbing being bad, and writing to specs to
interoperate
being ok.

>> I wonder
>> >if there is any truth to the claim that a developer who looked at
>> >Windows source would endanger future projects (assuming, of course,
>> >that simple copying---which is clearly illegal---doesn't happen).
>>
>> How would M$ show that you had in fact read the code?
>
>They'd just alledge that you had, and then have "discovery"
>all through your files.

An abuse perhaps, perhaps it would be noticed after the first few
hundred
uses... And one would hide or wipe or shred such files after use anyway,

good hygiene.

Essentially any program could look
>like an "infriging work" to some judge somewhere.

Yes but what to do?  Perhaps organizations will help the sued with legal
costs,
precedents will get established that protect folks in the future.

..and goofball judges will be collected on wheelbarrows, bulldozed into
the flaming ovens..
sorry..... channelling you know who...



>If I were a conspiracy theorist I'd say tha MS released the code
>themselves just for this reason.

And surely this list is thirsty for conspiracy theories.

\begin{IANAL}

If someone spills the trade secret recipe for Coca Cola, its not the
case that
no one else can ever make a soda closer to Coca Cola than before.

You can sue a ham sandwich.  Sucks to be that ham sandwich though.

\end{IANAL}




From mv at cdc.gov  Fri Feb 13 15:25:11 2004
From: mv at cdc.gov (Major Variola (ret))
Date: Fri, 13 Feb 2004 15:25:11 -0800
Subject: Windows source leaked?
Message-ID: <402D5CD7.8E3DF537@cdc.gov>

At 05:34 PM 2/13/04 -0500, Steve Furlong wrote:
>
>In principle they can prove that the secret didn't have any influence
on
>the work, but in practice they're stuck having to prove a negative.

I was hoping the courts would see the impossibility of proving a
negative,
and see true dissimilarities in the code as indicitive of fair play.

> If push came to shove, the
>implementors could have sworn that they had never seen the IBM code.

But other than their "sworn word", how would anyone know what they did,
except that their source differed from the original?

I hope the precedent of the IBM case and the widespread ability to
publish
anything instantly nowadays sways an intelligent court without
programmers getting harmed.

Its rather asymmetric --open source is out there, proprietary isn't.  I
wonder
if frags of OSS code can be found in proprietary binaries.




From ericm at lne.com  Fri Feb 13 15:45:26 2004
From: ericm at lne.com (Eric Murray)
Date: Fri, 13 Feb 2004 15:45:26 -0800
Subject: Windows source leaked?
In-Reply-To: <402D5CD7.8E3DF537@cdc.gov>; from mv@cdc.gov on Fri, Feb
  13, 2004 at 03:25:11PM -0800
References: <402D5CD7.8E3DF537@cdc.gov>
Message-ID: <20040213154526.A17920@slack.lne.com>

On Fri, Feb 13, 2004 at 03:25:11PM -0800, Major Variola (ret) wrote:
 
> I wonder if frags of OSS code can be found in proprietary binaries.

Of course.

Here's an example of MS using BSD code:
http://www.kuro5hin.org/?op=displaystory;sid=2001/6/19/05641/7357
and another:
http://austinlug.org/archives/alg/2002-05/msg00606.html




From shaddack at ns.arachne.cz  Fri Feb 13 07:36:56 2004
From: shaddack at ns.arachne.cz (Thomas Shaddack)
Date: Fri, 13 Feb 2004 16:36:56 +0100 (CET)
Subject: FCC vs decentralization
Message-ID: <0402131636200.-1078828572@somehost.domainz.com>

Wondering a little.

FCC recently mandated fees for Internet radio "broadcasters", based on the
number of listeners. However, there are emergent technologies for P2P
broadcasting, where some of the clients act as broadcasters themselves,
"retranslating" the stream. This way it may not be technically possible
for the broadcaster itself to know the number of listeners -> impossible
to assess the fees -> impossible to getting reliably proved the number of
listeners to. What can happen then?

Similar with FCC decency rules they recently tightened after the
"Superbowl Boob Incident". How can the FCC execute their jurisdiction over
a distributed struture, where there is no official registered owner of the
station? Can they go after the volunteering DJs, or after the listeners?

How would look a good, decentralized structure for allowing pseudonymous
IP stream "broadcast" with minimal resources, the ultimate Internet Pirate
Radio station?




From eugen at leitl.org  Fri Feb 13 08:13:45 2004
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 13 Feb 2004 17:13:45 +0100
Subject: FCC vs decentralization
In-Reply-To: <0402131636200.-1078828572@somehost.domainz.com>
References: <0402131636200.-1078828572@somehost.domainz.com>
Message-ID: <20040213161344.GA28489@leitl.org>

On Fri, Feb 13, 2004 at 04:36:56PM +0100, Thomas Shaddack wrote:

> FCC recently mandated fees for Internet radio "broadcasters", based on the

You're hailing from .cz, me from .de. Of what relevance is FCC to us?

> number of listeners. However, there are emergent technologies for P2P
> broadcasting, where some of the clients act as broadcasters themselves,
> "retranslating" the stream. This way it may not be technically possible

There's Peercast, but there's also Alluvium:
http://www.theregister.co.uk/content/4/29436.html

Maybe a peerpunk can post a summary, of what's out there?

> for the broadcaster itself to know the number of listeners -> impossible
> to assess the fees -> impossible to getting reliably proved the number of
> listeners to. What can happen then?

Technically (advocatus diaboli, that is), if listeners 
are broadcasters, they need to keep track of
whomever they're broadcasting to, and do the accounting.

Of course this is difficult to enforce, especially if streams cross
jurisdiction compartments. Of course, there is this trend for nivellation,
driven by lobbies.... 
 
> Similar with FCC decency rules they recently tightened after the
> "Superbowl Boob Incident". How can the FCC execute their jurisdiction over
> a distributed struture, where there is no official registered owner of the
> station? Can they go after the volunteering DJs, or after the listeners?

In theory, yes.
 
> How would look a good, decentralized structure for allowing pseudonymous
> IP stream "broadcast" with minimal resources, the ultimate Internet Pirate
> Radio station?

Lag is no problem, but QoS is. I'm not sure traffic remixing allows for that,
given current prevalence of ADSL and cable modems.

-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net




From sfurlong at acmenet.net  Fri Feb 13 14:34:02 2004
From: sfurlong at acmenet.net (Steve Furlong)
Date: 13 Feb 2004 17:34:02 -0500
Subject: Windows source leaked?
In-Reply-To: <402D295E.65C6F8C9@cdc.gov>
References: <402D295E.65C6F8C9@cdc.gov>
Message-ID: <1076711642.3998.9.camel@daft>

On Fri, 2004-02-13 at 14:45, Major Variola (ret) wrote:
> [sent to al-q; does cypherpunks-moderated at minder.net forward there?]
> 
> At 06:25 PM 2/12/04 -0500, Riad S. Wahby wrote:
> >Among others, /. is reporting that Win2k and WinNT source code may
> >have leaked.
...
> If you didn't steal it, its not your problem if you read it.
...
> How would M$ show that you had in fact read the code?
> And if you didn't copy it, why would a court care?

Eric is correct in his reply to MV's article. Joe Programmer isn't
necessarily obligated not to look at leaked trade secrets, but if he
implements anything remotely related to the leaked secret, he and his
employers or customers are subject to being sued for using the secret.
In principle they can prove that the secret didn't have any influence on
the work, but in practice they're stuck having to prove a negative.

Eric is also correct about the "Chinese wall" between the people who
look at or figure out the secret and the implementation group. Back in
the early days of the IBM PC, IBM released the source to the BIOS,
figuring they could use copyright to keep anyone else from implementing
a compatible BIOS. Compaq did the Chinese wall trick, with one group
developing a rigorous spec from the released code, then throwing it over
the wall to the implementation group. If push came to shove, the
implementors could have sworn that they had never seen the IBM code.




From jya at pipeline.com  Fri Feb 13 20:13:23 2004
From: jya at pipeline.com (John Young)
Date: Fri, 13 Feb 2004 20:13:23 -0800
Subject: Call to the Usual Suspects
In-Reply-To: <20040214124011.jroul8m0cwsc8ssc@mail.cs.auckland.ac.nz>
Message-ID: <E1AroP0-0004CC-00@granger.mail.mindspring.net>

Follow the invisible man's rainbow socks in sandals. The real emitter
not the no-knock-knocks wearing Tempest protection and LEDs
in horn-rims.

Hear their beeps, scatter, there's a nab acoming.

Once I almost met a cpunk, then it vanished, lo, it was
a cyberpunk oozing.




From sfurlong at acmenet.net  Fri Feb 13 18:07:08 2004
From: sfurlong at acmenet.net (Steve Furlong)
Date: 13 Feb 2004 21:07:08 -0500
Subject: Windows source leaked?
In-Reply-To: <20040214000244.GA22811@dreams.soze.net>
References: <402D295E.65C6F8C9@cdc.gov> <1076711642.3998.9.camel@daft> 	
  <20040214000244.GA22811@dreams.soze.net>
Message-ID: <1076724428.3998.27.camel@daft>

On Fri, 2004-02-13 at 19:02, Justin wrote:
> Case law on point?  I don't think that is true at all.  Trade secrets
> that are leaked are no longer trade secrets.

Incorrect. Trade secrets that are deliberately released by the owner are
no longer secret. Secrets that are carelessly released by the owner (eg,
wide-open path between their web server and their CVS repository) are
probably no longer secrets, but that's subject to finding of fact if it
goes to trial. Secrets that are stolen or illegally leaked are still
legally secrets. That's pretty clear, though things like developers
leaving a company and using their knowledge elsewhere can be
questionable. That's why most companies have non-disclosure forms for
you to sign when you start work.

Regarding case law cites, you can check google or findlaw as well as I.
Here, for the lazy or inept, is a useful page:

http://cyber.law.harvard.edu/openlaw/DVD/research/EFF_General_8.html

>   I think the issue would be
> copyright and/or patent violation.

That, too. In the case of IBM's PC-BIOS that I mentioned before, IBM
relied on copyright rather than trade secret. (Obviously, given that
they released the source themselves.) Note, also, that that happened in
the days before rampant software patents. If the same were to happen
today, they'd almost certainly get a patent on their BIOS, and Compaq
wouldn't have been able to do their clean-room reimplementation.




From rah at shipwright.com  Fri Feb 13 19:46:00 2004
From: rah at shipwright.com (R. A. Hettinga)
Date: Fri, 13 Feb 2004 22:46:00 -0500
Subject: Call to the Usual Suspects
In-Reply-To: <E1AroP0-0004CC-00@granger.mail.mindspring.net>
References: <E1AroP0-0004CC-00@granger.mail.mindspring.net>
Message-ID: <p060204e2bc534a6ad3e6@[66.149.49.5]>

At 8:13 PM -0800 2/13/04, John Young wrote:
>Hear their beeps, scatter, there's a nab acoming.

Heeee's Baaaaaack...

:-)

Cheers,
RAH

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From justin-cypherpunks at soze.net  Fri Feb 13 16:02:44 2004
From: justin-cypherpunks at soze.net (Justin)
Date: Sat, 14 Feb 2004 00:02:44 +0000
Subject: Windows source leaked?
In-Reply-To: <1076711642.3998.9.camel@daft>
References: <402D295E.65C6F8C9@cdc.gov> <1076711642.3998.9.camel@daft>
Message-ID: <20040214000244.GA22811@dreams.soze.net>

Steve Furlong (2004-02-13 22:34Z) wrote:

> Eric is correct in his reply to MV's article. Joe Programmer isn't
> necessarily obligated not to look at leaked trade secrets, but if he
> implements anything remotely related to the leaked secret, he and his
> employers or customers are subject to being sued for using the secret.

Case law on point?  I don't think that is true at all.  Trade secrets
that are leaked are no longer trade secrets.  I think the issue would be
copyright and/or patent violation.

I seem to recall something about copyright periods for trade secrets not
beginning until the secret is released, a similar situation being
patents issued to the NSA or other TLAs... they only start ticking when
the patent is revealed.  So trade secrets offer a copyright advantage.

Obviously, if you can locate the persons who released a trade secret,
you can probably sue them because they're probably under contract.  But
suing random people who happened to have looked at trade secrets and
implemented similar non-patented code?  Sounds shaky.

-- 
No humanitarian endeavor can ever fill the void left by my past crimes. -Sloane




From eugen at leitl.org  Sat Feb 14 02:50:18 2004
From: eugen at leitl.org (Eugen Leitl)
Date: Sat, 14 Feb 2004 11:50:18 +0100
Subject: FCC vs decentralization
In-Reply-To: <20040214123401.3phg3iggoc8w8kck@mail.cs.auckland.ac.nz>
References: <20040214123401.3phg3iggoc8w8kck@mail.cs.auckland.ac.nz>
Message-ID: <20040214105018.GR28489@leitl.org>

On Sat, Feb 14, 2004 at 12:34:01PM +1300, Peter Gutmann wrote: > The
RIAA/MPAA and US govt.are working on that. Stand by. I mentioned the
trend, but the point is that's not there yet. There are other countries,
which will take a lot of talking to and threat of economic sanctions,
before it happens. Trust-based BlackNets are really hard to penetrate --
you have to gain trust to join the network. A lot of the nodes will be
run by trojaned machines. A lot of these machines will be run on wireless
networks. Then there's anonymizing traffic remixing, and global
anonymized document storage -- it isn't, but it will be there, by the
time the threat becomes global. At that point a society has to make a
watershed decision, whether it's going police state, or will protect
pockets of privacy. So, no, I'm not over-worried yet. -- Eugen* Leitl
leitl ______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3
B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org
http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From pgut001 at cs.auckland.ac.nz  Fri Feb 13 15:34:01 2004
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Sat, 14 Feb 2004 12:34:01 +1300
Subject: FCC vs decentralization
Message-ID: <20040214123401.3phg3iggoc8w8kck@mail.cs.auckland.ac.nz>

Eugen Leitl <eugen at leitl.org> writes:
>On Fri, Feb 13, 2004 at 04:36:56PM +0100, Thomas Shaddack wrote:
>> FCC recently mandated fees for Internet radio "broadcasters", based on the
>
>You're hailing from .cz, me from .de. Of what relevance is FCC to us?

The RIAA/MPAA and US govt.are working on that.  Stand by.

Peter.




From pgut001 at cs.auckland.ac.nz  Fri Feb 13 15:40:11 2004
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Sat, 14 Feb 2004 12:40:11 +1300
Subject: Call to the Usual Suspects
Message-ID: <20040214124011.jroul8m0cwsc8ssc@mail.cs.auckland.ac.nz>

"Trei, Peter" <ptrei at rsasecurity.com> writes:

>I'll be in the SF/SJ area the week of the RSA conference. Anyone interested
>in getting together for dinner one night?

Do these things actually get organised?  I thought you just bump into other
Cpunks via the usual Brownian motion and at some point someone suggests a
place to go, half the participants slope off to an alternative establishment
on the way there, and that's how dinner gets arranged.

Peter.




From rabbi at abditum.com  Sat Feb 14 18:55:37 2004
From: rabbi at abditum.com (Len Sassaman)
Date: Sat, 14 Feb 2004 18:55:37 -0800 (PST)
Subject: Call to the Usual Suspects
In-Reply-To: <F504A8CEE925D411AF4A00508B8BE90A064A7547@EXNA07>
References: <F504A8CEE925D411AF4A00508B8BE90A064A7547@EXNA07>
Message-ID: <Pine.LNX.4.58.0402141854350.1261@thetis.deor.org>

On Fri, 13 Feb 2004, Trei, Peter wrote:

> I'll be in the SF/SJ area the week of the RSA conference.
> Anyone interested in getting together for dinner one night?

If you're in town the weekend before the RSA Conference, I'll be there too
(CodeCon is the Friday - Sunday before RSA.)

> We used to try to schedule a BA Cypherpunks Physical
> Meeting to match up with the event, but the PMs seem to
> have died out.




From mv at cdc.gov  Sun Feb 15 10:06:19 2004
From: mv at cdc.gov (Major Variola (ret))
Date: Sun, 15 Feb 2004 10:06:19 -0800
Subject: Humorous Airport DoS (from cryptogram)
Message-ID: <402FB51A.49191C9@cdc.gov>

For example, airports have dogs and devices for detecting the chemical
emissions from explosives.  If I took a small perfume sprayer and
filled it with nitrobenzene (used in firearm bore cleaning solvents)
and sprayed people's luggage with it as they awaited security
screening, the airport would soon be shut down due to the threat
perceived by security.  Or if I sprayed the seats in the airports
lounge or restaurant, the bomb-sniffing dogs would become butt-sniffing
dogs, to the major embarrassment of security.  This last, while
humorous, would go a long way toward discrediting the security force.




From rah at shipwright.com  Sun Feb 15 13:42:16 2004
From: rah at shipwright.com (R. A. Hettinga)
Date: Sun, 15 Feb 2004 16:42:16 -0500
Subject: The Politicization of Security (Re: CRYPTO-GRAM, February 15, 
  2004)
In-Reply-To: <4.2.2.20040215043159.00ab1cd8@counterpane.com>
References: <4.2.2.20040215043159.00ab1cd8@counterpane.com>
Message-ID: <p06020499bc559661c25d@[66.149.49.5]>

At 4:32 AM -0600 2/15/04, Bruce Schneier wrote:
>         The Politicization of Security
>
>
>
>Since 9/11, security has become an important political issue.  The Bush
>administration has seized on terrorism as a means to justify its
>policies.  Bush is running for re-election on a "strong on security"
>platform.  The Democrats are attacking the administration's record on
>security.  Congress has voted on, and will continue to vote on,
>security countermeasures.  And the FBI and the Justice Department are
>implementing others, even without Congressional approval.
>
>In the last issue of Crypto-Gram I published a couple of security
>essays that had a political component.  I was surprised by the number
>of e-mails I received from people accusing me of bashing Bush (or
>worse).  American politics may be getting vitriolic, but I think it's
>worth stepping back and looking at the political security landscape.
>
>I believe that the Bush administration is using the fear of terrorism
>as a political tool.  That being said, I'm not sure a Democrat would do
>anything different in Bush's place.  Fear is a powerful motivator, and
>it takes strong ethics to resist the temptation to abuse it.  I believe
>the real problem with America's national security policy is that the
>police are in charge; that's far more important than which party is in
>office.
>
>Some of the Democratic presidential candidates for president have been
>more rational about security, but none have discussed security in terms
>of trade-offs.  On the Republican side, I've read some criticisms of
>Bush's heavy-handed security policies.  Certainly the traditional
>Republican ideals of personal liberty and less government intervention
>are in line with smart security.  And have the people who accuse me of
>hating Republicans forgotten that the Clipper Chip initiative was
>spearheaded by the Clinton administration?
>
>The Republicans don't have a monopoly on reducing civil liberties in
>the United States.
>
>Rational security is not the sole purview of any political
>party.  Fighting stupid security does not have to be partisan.  Bush's
>White House has done more to damage American national security than
>they have done to improve it.  That's not an indictment of the entire
>Republican party; it's a statement about the current President, his
>Attorney General, and the Secretary of the Department of Homeland
>Security.  It's a statement about the current political climate, where
>the police -- and I use this term to encompass the FBI, the Justice
>Department, the military, and everyone else involved in enforcing order
>-- and their interests are put ahead of the interests of the
>people.  My personal politics on non-security issues are not relevant.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Sun Feb 15 20:21:36 2004
From: rah at shipwright.com (R. A. Hettinga)
Date: Sun, 15 Feb 2004 23:21:36 -0500
Subject: 5 million on terrorism list
Message-ID: <p0602049ebc559b1bddfa@[66.149.49.5]>

<http://www.canoe.ca/NewsStand/TorontoSun/News/2004/01/20/pf-318488.html>
Tue, January 20, 2004

Toronto Sun:

 5 million on terrorism list
 Canuck: U.S. on the lookout for 'potential problem'
 By TOM GODFREY, TORONTO SUN

 U.S. security agents have a master list of five million people worldwide
thought to be potential terrorists or criminals, officials say. "The U.S.
lookout index contains some five million names of known terrorists and
other persons representing a potential problem," Brian Davis, a senior
Canadian immigration official in Paris, said in a confidential document
obtained by the Sun.

 Names on the list are compared against those applying for visas or on
flights travelling to the U.S.

 Anyone whose name is on the list is questioned or banned from entering the
U.S. -- as passengers were on two British Airways flights to Los Angeles
two weeks ago.

 The master list was revealed by U.S. embassy officials to a Canadian
standing immigration committee in April 2002. Its existence was revealed in
Davis' document, obtained by Montreal lawyer Richard Kurland through an
Access to Information request.

 Davis said Canadian visa officers abroad do not keep an extensive list
like the U.S. because terrorists can use bogus documents and change their
identities.

 "We examine each application according to profiles," he said. "(We) apply
experience and knowledge gained from a variety of sources. Canada's
approach to identifying persons who may pose a danger was as sound as
possible."

 CSIS agents in Paris send a "brief" to Ottawa for cases that require more
in-depth investigation.



-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From shaddack at ns.arachne.cz  Sun Feb 15 14:24:58 2004
From: shaddack at ns.arachne.cz (Thomas Shaddack)
Date: Sun, 15 Feb 2004 23:24:58 +0100 (CET)
Subject: Humorous Airport DoS (from cryptogram)
In-Reply-To: <402FB51A.49191C9@cdc.gov>
References: <402FB51A.49191C9@cdc.gov>
Message-ID: <0402152304491.-1078844128@somehost.domainz.com>

> Or if I sprayed the seats in the airports lounge or restaurant, the
> bomb-sniffing dogs would become butt-sniffing dogs, to the major
> embarrassment of security.  This last, while humorous, would go a long
> way toward discrediting the security force.

Chemicals that aren't detected themselves but undergo slow change
(oxidation, hydrolysis...) to the ones that trigger the detectors
(including but not limited to the dogs) bear a lot of potential too. I
remmember an incident in a friend's school couple years ago, with some
crystalline stuff that hydrolyzed to (I think ethyl-) mercaptan.

A bottle of a detergent the janitors use for floor cleaning could be
contaminated with something similar as well. Imagine the puzzled dogs the
next days. Those cute little ones occassionally used for sniffing drugs
could look especially funny.




From cryptomjs at eudoramail.com  Mon Feb 16 03:29:31 2004
From: cryptomjs at eudoramail.com (Mark Saarelainen)
Date: Mon, 16 Feb 2004 03:29:31 -0800
Subject: A message to Vipul Ved Prakash 
Message-ID: <DMPNEEOAPGLPAAAA@whowhere.com>

Already in 1997 some person :

Vipul Ved Prakash                 | - Electronic Sec"
"urity & Crypto 
vipul at best.com 	                  | - Web Objects 
91 11 2233328                     | - PERL Development 
198 Madhuban IP Extension         "
"| - Linux & Open Systems 
Delhi, INDIA 110 092   

emailed me the following messages. I do not know where Vipul Ved Prakash is today. Actually, my little program works very well.

------


"61 73 239 75 53 86 191 200 243 177 159 132 167 52 69 12 247 51 37 75 20 246 175 56 19 57 61 92 247 36 111 156 23 43 29 241 52 22 159 195 136 210 206 29 95 92 13 44 103 25 36 49 12 38 15 160 75 145 159 84 135 204 111 84 199 131 29 75 172 174 215 128 211 33 181 52 141 244 45 148 71 51 191 57 20 62 181 128 171 161 13 220 15 244 37 124 31 25 181 57 28 132 47 128 195 17 13 92 47 156 6 87 239 139 197 105 148 158 23 48 9 187 188 61 22 245 21 124 15 131 191 249 182 244 29 202 217 168 253 108 55 100 37 156 47 186 197 49 92 30 181 24 81 203 55 22 135 36 77 6 "
"246 90 180 232 68 254 215 48 217 9 23 102 13 38 111 13 15 123 214 26 156 198 39 128 243 187 29 28 151 12 101 60 71 131 191 65 172 174 181 49 250 224 167 140 141 22 245 124 95 187 5 65 172 174 181 136 243 9 181 116 247 212 69 148 247 25 229 1 156 30 253 170 123 177 13 44 167 244 37 116 87 25 4 1 76 166 207 16 67 210 206 52 167 228 69 100 23 155 149 217 164 132 15 232 163 187 237 60 167 116 111 164 23 25 181 105 28 132 159 216 195 41 85 148 47 28 21 116 109 19 205 105 62 30 159 176 115 41 213 180 71 86 93 44 103 187 21 217 20 30 181 8 163 187 61 84 167 63 62 12 "
"239 155 221 1 36 142 23 224 163 201 5 22 47 20 69 204 109 163 45 1 156 174 197 170 250 144 4 181 247 44 13 156 109 19 205 105 62 151 215 208 99 137 213 140 207 245 21 124 15 131 191 201 172 254 7 224 251 145 246 71 167 36 117 148 167 155 29 1 68 246 181 160 171 153 159 52 167 76 253 204 239 187 245 49 76 132 167 160 67 145 189 22 247 36 111 164 47 51 191 104 21 31 181 234 250 177 61 28 141 125 29 28 255 211 61 233 116 254 199 170 66 25 149 100 175 92 253 36 37 112 238 65 76 166 181 185 187 193 37 36 199 204 45 6 103 123 133 49 172 206 23 232 179 33 159 132 167 204 237 44 "
"119 187 245 249 20 230 127 218 217 152 180 141 141 212 253 124 223 83 157 97 164 132 29 26 177 169 213 180 141 12 69 204 247 25 181 57 28 132 255 48 176 234 53 140 167 116 111 44 175 187 149 57 164 206 7 128 187 113 159 92 255 86 125 12 31 67 245 57 4 132 191 216 251 187 173 92 255 92 29 28 71 105 191 11 189 23 181 217 243 1 5 172 199 196 69 78 109 42 197 217 62 38 247 128 217 137 53 116 239 63 62 164 71 219 29 75 164 38 207 56 19 219 246 71 207 244 205 132 189 97 199 241 132 62 197 224 171 137 229 4 167 92 205 118 119 99 213 51 164 38 207 56 147 145 5 110 151 108 37 126 "
"247 187 197 217 244 244 175 144 147 67 213 52 101 254 247 142 197 217 31 211 86 158 45 34 176 234 246 71 229 62 111 111 60 154 197 241 20 230 215 170 187 241 237 44 167 196 69 36 29 25 175 8 68 62 141 48 217 144 149 132 47 20 151 22 109 112 238  156 132 15 160 67 187 149 22 151 44 29 180 71 107 29 1 68 246 191 200 217 145 237 108 39 108 45 6 231 179 149 209 156 206 207 216 217 177 237 52 141 61 197 100 15 51 45 75 4 142 7 128 217 25 221 60 141 63 62 28 23 107 13 97 76 38 255 208 171 177 253 22 135 36 245 188 71 139 223 75 46 31 23 224 187 217 159 140 15 28 29 116 "
"39 107 133 59 46 237 228 227 144 242 214 22 141 86 111 6 109 113 215 75 46 23 159 160 67 193 237 6 237 86 100 156 39 115 197 249 78 132 220 251 49 83 119 254 101 190 135 238 133 241 87 163 214 108 93 66 49 83 119 254 101 190 135 238 133 241 87 163 214 108 93 66 49 83 119 254 101 190 135 238 133 241 87 163 214 108 93 66 49 83 119 254 101 190 135 238 133 241 87 163 214 108 93 66 49 83 246 71 62 28 237 172 15 25 12 97 28 132 54 56 211 225 149 140 207 86 111 6 109 25 191 75 62 132 181 170 217 187 159 22 141 86 141 6 5 25 148 41 20 158 23 56 163 201 213 12 141 205 69 28 "
"199 139 245 233 244 132 133 170 194 41 85 148 47 44 111 111 60 171 245 201 148 230 182 184 243 33 61 102 151 44 5 6 36 25 191 75 62 132 181 170 217 187 159 22 141 86 111 6 109 25 191 169 62 236 181 17 243 169 159 109 159 4 69 28 207 131 191 34 111 76 61 170 81 51 159 134 29 206 247 158 253 217 191 75 62 132 181 170 217 187 159 22 141 86 111 6 109 25 191 75 62 132 181 72 217 211 159 149 166 197 12 6 78 51 13 97 92 254 55 192 243 201 61 22 228 7 231 206 173 25 212 65 28 198 31 184 211 201 159 93 14 86 68 196 207 51 205 209 116 254 199 170 217 187 159 22 141 86 111 6 "
"143 25 215 75 93 206 199  27 187 175 22 246 212 69 116 109 130 117 209 156 174 223 48 217 210 206 53 167 52 45 76 13 25 244 56 29 207 190 170 81 51 31 22 13 158 255 6 109 25 191 75 62 132 181 170 217 187 159 22 141 180 111 110 109 106 149 233 132 254 39 240 243 153 159 165 199 196 205 172 103 123 191 208 188 142 175 128 67 120 92 213 78 149 172 197 174 218 124 136 253 71 118 105 26 120 92 213 78 149 172 197 174 218 124 136 253 71 118 105 26 120 92 213 78 149 172 197 174 218 124 136 253 71 118 105 26 120 92 213 78 149 172 197 174 218 124 136 253 71 118 105 26 120 92 213 78 149 172 197 "



Need a new email address that people can remember
Check out the new EudoraMail at
http://www.eudoramail.com




From jtrjtrjtr2001 at yahoo.com  Mon Feb 16 06:14:36 2004
From: jtrjtrjtr2001 at yahoo.com (Sarad AV)
Date: Mon, 16 Feb 2004 06:14:36 -0800 (PST)
Subject: 5 million on terrorism list
In-Reply-To: <p0602049ebc559b1bddfa@[66.149.49.5]>
Message-ID: <20040216141436.18135.qmail@web21207.mail.yahoo.com>

is it true or just another make up so as to make its
citizens feel justified when they go invade another
nation.How much effort does it take to get credible
information of 5 million people oveseas?

Sarath.

--- "R. A. Hettinga" <rah at shipwright.com> wrote:
>
<http://www.canoe.ca/NewsStand/TorontoSun/News/2004/01/20/pf-318488.html>
> 
>  U.S. security agents have a master list of five
> million people worldwide
> thought to be potential terrorists or criminals,
> officials say. "The U.S.
> lookout index contains some five million names of
> known terrorists and
> other persons representing a potential problem,"
> Brian Davis, a senior
> Canadian immigration official in Paris

__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html




From rah at shipwright.com  Mon Feb 16 10:03:12 2004
From: rah at shipwright.com (R. A. Hettinga)
Date: Mon, 16 Feb 2004 13:03:12 -0500
Subject: GPS Goes to Court
Message-ID: <p06020443bc568ef60683@[66.149.49.5]>

<http://www.technologyreview.com/blog/blog.asp?blogID=1278&trk=nl>

Technology Review  



GPS Goes to Court ?
In what is a first of a kind ruling in the nation, the Washington State
Supreme Court declared Thursday that police may not attach a Global
Positioning System tracker to a suspect's car without getting a warrant.

 "Use of GPS tracking devices is a particularly intrusive method of
surveillance, making it possible to acquire an enormous amount of personal
information about the citizen under circumstances where the individual is
unaware that every single vehicle trip taken and the duration of every
single stop may be recorded by the government," Justice Barbara Madsen
wrote in the unanimous decision.

A spokesperson for the Washington chapter of the American Civil Liberties
Union compared the use of GPS trackers in law enforcement to "placing an
invisible police officer in a person's back seat."

Meanwhile, USA Today has an article (not in the online edition) about the
use of GPS tracker data as evidence in the Scott Peterson case. Apparently,
the Modesto police used GPS trackers to monitor the suspect's movements for
four months before his arrest. Peterson's defense attorney wants the
evidence tossed out. One of their tactics is to question the motives of the
experts who are defending the accuracy of such information, claiming that
they are self-interested: "I assume you want the judge to rule that this
evidence is admissible so you can sell more GPS receivers." Here, the
dispute centers less around the constitutionality of its deployment than on
its reliability, resulting in a war of competing experts.

This is a fascinating example of the negotiation process by which a society
-- or in this case, the courts -- adjusts to the potentials of a new
technology. Whether it gets adopted or not depends on how it passes these
various legal challenges.
posted by Henry Jenkins @ 2/13/2004 3:05:27 PM |  Comments (4) |
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From jya at pipeline.com  Mon Feb 16 15:04:19 2004
From: jya at pipeline.com (John Young)
Date: Mon, 16 Feb 2004 15:04:19 -0800
Subject: GPS Goes to Court
In-Reply-To: <p06020443bc568ef60683@[66.149.49.5]>
Message-ID: <E1Asp0Y-0001hd-00@smtp10.atl.mindspring.net>

So when does illegal-GPS-bit Jim Bell get out of the pokey 
and a public apology from the DEA (who planted it), IRS (who
asked for it), Treasury (who wanted to nail a tax-dissident)
US Attorney (who wanted a law partnership), Judge Tanner
(who is blind to justice), US News and World Report (who 
needed raw feed), Jessica Stern (who needed a crucifixion), 
and Justice Scalia (who needed a ride-bribe)?

No doubt there will be a specious argument that Washington
State courts don't trump federal, so it will take the ACLU
another 100 years to come to Jim's defense -- he's so 
un-fund-raisable pre-911, so politically indigestible.




From DaveHowe at gmx.co.uk  Mon Feb 16 10:28:57 2004
From: DaveHowe at gmx.co.uk (Dave Howe)
Date: Mon, 16 Feb 2004 18:28:57 -0000
Subject: 5 million on terrorism list
References: <20040216141436.18135.qmail@web21207.mail.yahoo.com>
Message-ID: <03a301c3f4ba$bf2a7130$c71121c2@exchange.sharpuk.co.uk>

Sarad AV wrote:
> is it true or just another make up so as to make its
> citizens feel justified when they go invade another
> nation.How much effort does it take to get credible
> information of 5 million people oveseas?
Not really that much, provided you are willing to preassume "attended an
anti-war protest or signed a petition"=="potential terrorist"
I imagine most national police agencies keep such info by default - I know
the UK one does.




From camera_lumina at hotmail.com  Tue Feb 17 07:30:30 2004
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Tue, 17 Feb 2004 10:30:30 -0500
Subject: 5 million on terrorism list
Message-ID: <BAY7-F54izfZxuB6P0P00019cb8@hotmail.com>

Sarath wrote...

>is it true or just another make up so as to make its
>citizens feel justified when they go invade another
>nation.How much effort does it take to get credible
>information of 5 million people oveseas?

Overseas? I would have thought most of them would be in the US! (Probably 4 
million are democrats.)

-TD

_________________________________________________________________
Watch high-quality video with fast playback at MSN Video. Free! 
http://click.atdmt.com/AVE/go/onm00200365ave/direct/01/




From mv at cdc.gov  Wed Feb 18 09:25:14 2004
From: mv at cdc.gov (Major Variola (ret.))
Date: Wed, 18 Feb 2004 09:25:14 -0800
Subject: GPS allowed
Message-ID: <40339FF9.180AB3DF@cdc.gov>

Feb 18, 8:16 AM (ET)

By KIM CURTIS

(AP) Sharon Rocha, mother of murder victim Laci Peterson, enters the San
Mateo Superior Courthouse after...
Full Image








REDWOOD CITY, Calif. (AP) - A judge ruled that evidence police gathered
using electronic devices to track Scott Peterson after his pregnant wife
disappeared can be used in his murder trial, despite defense objections
that the technology is unreliable.

Because global positioning system technology has yet to be tested in
state criminal court, prosecutors had to establish its reliability and
demonstrate the technology was used correctly.

Judge Alfred A. Delucchi decided Tuesday they had met those legal tests.

Peterson's lawyer, Mark Geragos, tried to convince the judge that
temporary glitches rendered unreliable the devices that Modesto police
secretly attached to vehicles Peterson drove before his April 2003
arrest.



Hugh Roddis, president of the company that sold Modesto police the three
devices, said that covertly placed global positioning devices are a
"good investigative tool."

The satellite-based radio navigation system can pinpoint locations
within feet and is in common use, including in commercial aircraft.

Geragos seized on tracking errors in several of the devices Modesto
police used, including one that he said didn't work for nearly three
weeks.

Roddis blamed the errors on inaccurate maps, a faulty wireless antenna
and a bad microprocessor connection.

http://apnews.myway.com/article/20040218/D80PMBH01.html




From rah at shipwright.com  Thu Feb 19 06:53:16 2004
From: rah at shipwright.com (R. A. Hettinga)
Date: Thu, 19 Feb 2004 09:53:16 -0500
Subject: VeriSign To Add Brick to Great Firewall?
Message-ID: <p0610021abc5a7e362d2f@[66.149.49.5]>

<http://online.wsj.com/article_print/0,,BT_CO_20040219_000372,00.html>

The Wall Street Journal

      February 19, 2004 1:42 a.m. EST



 VeriSign To Set Up Internet Traffic Hub In China


DOW JONES NEWSWIRES


BEIJING -- U.S.-based VeriSign Inc. (VRSN), which provides Internet
infrastructure services, Thursday said it has signed a deal which is
expected to boost the efficiency of the Internet in China.

Under a memorandum of understanding signed with China's Ministry of
Information Industry, VeriSign, which provides the .net and .com
infrastructure, will create a Domain Name Service Internet constellation
site in Beijing.

The site will directly route online traffic through China rather than an
external location, a company executive told Dow Jones Newswires.

The Beijing location will join California, Washington, London, Stockholm,
Singapore and Tokyo, among others, as VeriSign's 14th such site worldwide.

Internet traffic in Asia is currently typically handled through California,
Tokyo or Singapore, Neil Edwards, vice president of VeriSign's Naming and
Directory Services division, said.

"China will now be one of the hubs in Asia. It'll be one of the prominent
points for receiving Internet traffic, so that's significant," Edwards said.

The Beijing site will contain a master list of .com and .net domain names
originating from China.

It will quicken response time for Chinese Internet users and boost online
security and reliability, Edwards said, since a copy of the traffic will be
available locally rather than through foreign connections.

"The other benefit is that other Asian countries will depend on China's
infrastructure, which makes China more prominent in terms of its network
exchanges," Edwards said.

The move is also expected to also help Asia as a whole, with the added
bandwidth reducing the load placed on other hubs since Internet traffic is
routed "based on the path of least resistance."

VeriSign expects to complete and begin operating the site by year-end.

"We hope very quickly to deliver the site, hopefully earlier rather than
later, but we can't commit to the exact date yet," Edwards said.

The executive said the company won't publicly disclose financial terms of
the deal, but that it was "very significant."


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Thu Feb 19 20:35:43 2004
From: rah at shipwright.com (R. A. Hettinga)
Date: Thu, 19 Feb 2004 23:35:43 -0500
Subject: NSA deal re-energizes Certicom
Message-ID: <p06100236bc5b3ec75051@[66.149.49.5]>

<http://www.theglobeandmail.com/servlet/ArticleNews/TPPrint/LAC/20040219/CERTICOM19/TPTechnology/?mainhub=GT>

The Globe and Mail

 NSA deal re-energizes Certicom

Morale at the high-tech security firm has improved as it finally reaches
profitability


 By KEITH DAMSELL
 TECHNOLOGY REPORTER



 UPDATED AT 11:34 PM EST
 Thursday, Feb. 19, 2004

MISSISSAUGA -- For the first time in a long time, there's some optimism in
the halls of Certicom Corp. Staff at the high-tech security company
recently received their first raise in three years. In December, the annual
Christmas party was reinstated. The Mississauga firm turned a profit last
quarter, the first time it has made money in its 19-year history. Over the
past four months, shares have almost tripled in value.

"Morale around here is the best it's been in a long, long time," one
information technology employee said.

The source of optimism is a $25-million (U.S.) contract with the U.S.
government, the biggest deal ever for Certicom. Management considers the
agreement a watershed moment that proves the tech survivor is, at long
last, living up to its potential.

"This is a landmark deal," said Ian McKinnon, the company's president and
chief executive officer, of the 10-year agreement with the National
Security Agency, the largest and most secretive of U.S. spy bureaus.

"There is no greater endorsement one can get in the industry than the NSA .
. . this has really created another market for us," Mr. McKinnon said.

Certicom was founded in 1985 by Scott Vanstone, a math and computer science
professor with a knack for cryptography, the science of secret codes. He
spent the next 10 years pioneering the development of "elliptic curve"
encryption, a technology that can tamper-proof everything from charge cards
and car keys to smart phones and data networks.

The first efforts to commercialize the company's so-called ECC technology
in the late nineties were greeted with a roar of approval from the
investment community. Licensing deals with blue-chip techs including
Motorola Inc. and Palm Inc. helped drive shares to a record $240.95
(Canadian) each in March, 2000.

 At its peak, Certicom had a staggering stock market value of $2.7-billion
on annual sales of less than $40-million.

"The stock went really, really high . . . everybody had options and there
was a lot of overspending," one former employee said.

Employees were dressed in Certicom sportswear and enjoyed round-the-clock
in-office meals on the company tab. In one instance, 80 Canadian employees
were flown to the San Francisco operations and took in an Oakland Raiders
football game and a Napa Valley wine tour.

But substantial orders for Certicom's technology failed to materialize and
the firm repeatedly missed sales and profit targets. The Internet bubble
burst and shares plunged to a record low of 65 cents in 2002.

That year Mr. McKinnon, a well-regarded executive with a history of turning
around troubled tech firms, was brought in to restructure operations.

 The employee headcount was slashed to 105, down from a peak of 450. Costs
and expenses were cut to $13.6-million (U.S.) in fiscal 2003, down from
$100-million in 2002.

The October deal with the NSA is a shift in Certicom's revenue model. Going
forward, there will be less priority on wireless and consumer product
licensing deals and greater emphasis on exploiting the company's patents,
especially with security-conscious government and military agencies.

Under the terms of the NSA deal, contractors will incorporate Certicom's 26
patents into communications devices manufactured for use by the U.S.
government. Positive buzz from the NSA contract helped the company conclude
a $15-million (Canadian) stock offering in November.

The big problem is no one knows how rapidly Certicom's market will grow.
Security is a rising corporate priority and ECC is widely considered the
technology to beat. But predicting Certicom's future sales stream and when
demand may unseat security market leader RSA Security Inc. of Bedford,
Mass., is very difficult, analysts agree.

"The technology is great, but the real question is what do you need it
for?" one analyst said. "Do you know anybody doing bank transfers with a
BlackBerry? It may happen one day, but it's not going to be tomorrow."

For Certicom, a firm that's weathered the sector's lavish highs and
tumultuous lows, there's only upside.

"We believe ECC is moving in to a very high growth phase of its evolution,"
Mr. McKinnon said. "We know it is going to happen, it's a question of how
quickly, how rapidly . . . it's hard to know when people will make that
shift, but it will occur."

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From cypherpunks at salvagingelectrons.com  Sun Feb 22 16:20:34 2004
From: cypherpunks at salvagingelectrons.com (Tim Meehan)
Date: Sun, 22 Feb 2004 19:20:34 -0500
Subject: Fill The Hill 2004 - June 5, 2004 - Ottawa, Canada
Message-ID: <lohi30hr7rua3hmhprumqhm6h98qlrrad1@4ax.com>

>From: "Jody Pressman" <jdp at sympatico.ca>
>Date: Sun, 22 Feb 2004 19:04:27 -0500

http://fillthehill.ca/

I'm proud to announce that the website for the largest drug reform rally in
Canadian history has launched.

Fill the Hill 2004 now has a home on the internet at fillthehill.ca

Fill the Hill 2004 will feature a broad cross-section of Canada's leading
political actors and activists in the fight for a sensible drug policy.
Speakers include Libby Davies, NDP M.P. for Vancouver-East and former member
of the decrim Bill (C-38) House committee, Marc Emery, President of the
B.C. Marijuana Party, Philippe Lucas from Canadians for Safe Access and the
Vancouver Island Compassion Society, David Malmo-Levine, recent Supreme
Court appellant and Vancouver cannabis activist, Alison Myrden, noted
medical marijuana activist, Honourable Senator Pierre Claude Nolin, member
of the Senate of Canada and Chair of the comprehensive and extensive Special
Senate Committee on Illegal Drugs, Eugene Oscapella, director of the
Canadian Foundation for Drug Policy, Kirk Tousaw, Policy Director for the
BCCLA, Marc Boris-St. Maurice, leader of the Marijuana Party of Canada, and
last but certainly not least, Alan Young, respected lawyer, law professor,
and author of Justice Defiled: Perverts, Potheads, Serial Killers & Lawyers.

http://fillthehill.ca/ will serve as an important organizational and
communication tool in the coming months to keep people informed about this
exciting and unprecedented event.

Be sure to check our our website, join our mailing list, plan to be in
Ottawa on Saturday June 5, 2004 to 'fill the Hill' and support reform to our
failed marijuana laws.

Jody Pressman
Fill the Hill, Event Coordinator
http://fillthehill.ca/




From discord-nobody at erisiandiscord.de  Sun Feb 22 11:45:05 2004
From: discord-nobody at erisiandiscord.de (Anonymous)
Date: Sun, 22 Feb 2004 20:45:05 +0100 (CET)
Subject: Freematt's review of "A State of Disobedience" By Tom
  Kratman
Message-ID: <c2619b5172471c442b2c318a997531d7@erisiandiscord.de>

   Yes, unfortunately most of the literature of this type
fails to recognize the basic problem in the US -- that what
really is needed to ensure freedom for the rest of us is
to round up all the christians and put them some place where
they can no longer bother anyone. Preferably a gas chamber. 




From dave at farber.net  Sun Feb 22 18:45:43 2004
From: dave at farber.net (Dave Farber)
Date: Sun, 22 Feb 2004 21:45:43 -0500
Subject: [IP] DoD proceeding with "TIA", etc. under
  ARDA (sic) and other orgs
Message-ID: <mailman.834.1576007642.31620.cypherpunks-legacy@lists.cpunks.org>



http://www.newsday.com/news/nationworld/wire/sns-ap-terror-privacy,0,2991104.story?coll=sns-ap-nationworld-headlines 



U.S. Pressing for High-Tech Spy Tools

By MICHAEL J. SNIFFEN
Associated Press Writer

February 22, 2004, 2:27 PM EST

WASHINGTON -- Despite an outcry over privacy implications, the government 
is pressing ahead with research to create powerful tools to mine millions 
of public and private records for information about terrorists.

Congress eliminated a Pentagon office that had been developing this 
terrorist-tracking technology because of fears it might ensnare innocent 
Americans.

Still, some projects from retired Adm. John Poindexter's Total Information 
Awareness effort were transferred to U.S. intelligence offices, 
congressional, federal and research officials told The Associated Press.

In addition, Congress left undisturbed a separate but similar $64 million 
research program run by a little-known office called the Advanced Research 
and Development Activity, or ARDA, that has used some of the same 
researchers as Poindexter's program.

"The whole congressional action looks like a shell game," said Steve 
Aftergood of the Federation of American Scientists, which tracks work by 
U.S. intelligence agencies. "There may be enough of a difference for them 
to claim TIA was terminated while for all practical purposes the identical 
work is continuing."

Poindexter aimed to predict terrorist attacks by identifying telltale 
patterns of activity in arrests, passport applications, visas, work 
permits, driver's licenses, car rentals and airline ticket buys as well as 
credit transactions and education, medical and housing records.

The research created a political uproar because such reviews of millions of 
transactions could put innocent Americans under suspicion. One of 
Poindexter's own researchers, David D. Jensen at the University of 
Massachusetts, acknowledged that "high numbers of false positives can 
result."

Disturbed by the privacy implications, Congress last fall closed 
Poindexter's office, part of the Defense Advanced Research Projects Agency, 
and barred the agency from continuing most of his research. Poindexter quit 
the government and complained that his work had been misunderstood.

The work, however, did not die.

In killing Poindexter's office, Congress quietly agreed to continue paying 
to develop highly specialized software to gather foreign intelligence on 
terrorists.

In a classified section summarized publicly, Congress added money for this 
software research to the "National Foreign Intelligence Program," without 
identifying openly which intelligence agency would do the work.

It said, for the time being, products of this research could only be used 
overseas or against non-U.S. citizens in this country, not against 
Americans on U.S. soil.

Congressional officials would not say which Poindexter programs were killed 
and which were transferred. People with direct knowledge of the contracts 
told the AP that the surviving programs included some of 18 data-mining 
projects known in Poindexter's research as Evidence Extraction and Link 
Discovery.

Poindexter's office described that research as "technology not only for 
`connecting the dots' that enable the U.S. to predict and pre-empt attacks 
but also for deciding which dots to connect." It was among the most 
contentious research programs.

Ted Senator, who managed that research for Poindexter, told government 
contractors that mining data to identify terrorists "is much harder than 
simply finding needles in a haystack."

"Our task is akin to finding dangerous groups of needles hidden in stacks 
of needle pieces," he said. "We must track all the needle pieces all of the 
time."

Among Senator's 18 projects, the work by researcher Jensen shows how 
flexible such powerful software can be. Jensen used two online databases, 
the Physics Preprint Archive and the Internet Movie Database, to develop 
tools that would identify authoritative physics authors and would predict 
whether a movie would gross more than $2 million its opening weekend.

Jensen said in an interview that Poindexter's staff liked his research 
because the data involved "people and organizations and events ... like the 
data in counterterrorism."

At the University of Southern California, professor Craig Knoblauch said he 
developed software that automatically extracted information from travel Web 
sites and telephone books and tracked changes over time.

Privacy advocates feared that if such powerful tools were developed without 
limits from Congress, government agents could use them on any database.

Sen. Ron Wyden, D-Ore., who fought to restrict Poindexter's office, is 
trying to force the executive branch to tell Congress about all its 
data-mining projects. He recently pleaded with a Pentagon advisory panel to 
propose rules on reviewing data that Congress could turn into laws.

ARDA, the research and development office, sponsors corporate and 
university research on information technology for U.S. intelligence 
agencies. It is developing computer software that can extract information 
from databases as well as text, voices, other audio, video, graphs, images, 
maps, equations and chemical formulas. It calls its effort "Novel 
Intelligence from Massive Data."

The office said it has given researchers no government or private data and 
obeys privacy laws.

The project is part of its effort "to help the nation avoid strategic 
surprise ... events critical to national security ... such as those of 
Sept. 11, 2001," the office said.

Poindexter had envisioned software that could quickly analyze "multiple 
petabytes" of data. The Library of Congress has space for 18 million books, 
and one petabyte of data would fill it more than 50 times. One petabyte 
could hold 40 pages of text for each of the world's more than 6.2 billion 
people.

ARDA said its software would have to deal with "typically a petabyte or 
more" of data. It noted that some intelligence data sources "grow at the 
rate of four petabytes per month." Experts said those probably are files 
with satellite surveillance images and electronic eavesdropping results.

The Poindexter and ARDA projects are vastly more powerful than other 
data-mining projects such as the Homeland Security Department's CAPPS II 
program to classify air travelers or the six-state, Matrix anti-crime 
system financed by the Justice Department.

In September 2002, ARDA awarded $64 million in contracts covering 3 1/2 
years. The contracts went to more than a dozen companies and university 
researchers, including at least six who also had worked on Poindexter's 
program.

Congress threw these researchers into turmoil. Doug Lenat, the president of 
Cycorp Corp. in Austin, Texas, will not discuss his work but said he had an 
"enormous seven-figure deficit in our budget" because Congress shut down 
Poindexter's office.

Like many critics, James Dempsey of the Center for Democracy and Technology 
sees a role for properly regulated data-mining in evaluating the vast, 
underanalyzed data the government already collects.

Expansions of data mining, however, increase "the risk of an innocent 
person being in the wrong place at the wrong time, of having rented the 
wrong apartment ... or having a name similar to the name of some bad guy," 
he said.


-------------------------------------
You are subscribed as eugen at leitl.org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

----- End forwarded message -----
-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net




From camera_lumina at hotmail.com  Mon Feb 23 06:53:15 2004
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Mon, 23 Feb 2004 09:53:15 -0500
Subject: Freematt's review of "A State of Disobedience" By Tom
  Kratman
Message-ID: <BAY7-F105Drisgv4wHO00009397@hotmail.com>

Damn. I'd say "that's the most intolerant hate-filled garbage I ever..."

But shit. It's basically true. Or at least the fundamentalists in charge of 
the government these days seem to equate their two-dimensional cartoon view 
of the world with reality, and that's dangerous because their guns are 
real...."Let God sort 'em out" seems to be the basic philosophy.

As it so happens I saw 'Malcom X' on cable last night....

-TD


>From: Anonymous <discord-nobody at erisiandiscord.de>
>To: cypherpunks at minder.net
>Subject: Re: Freematt's review of "A State of Disobedience" By Tom Kratman
>Date: Sun, 22 Feb 2004 20:45:05 +0100 (CET)
>
>    Yes, unfortunately most of the literature of this type
>fails to recognize the basic problem in the US -- that what
>really is needed to ensure freedom for the rest of us is
>to round up all the christians and put them some place where
>they can no longer bother anyone. Preferably a gas chamber.
>

_________________________________________________________________
Watch high-quality video with fast playback at MSN Video. Free! 
http://click.atdmt.com/AVE/go/onm00200365ave/direct/01/




From pcapelli at capelli.org  Mon Feb 23 09:06:48 2004
From: pcapelli at capelli.org (Pete Capelli)
Date: Mon, 23 Feb 2004 12:06:48 -0500
Subject: Freematt's review of "A State of Disobedience" By Tom
  Kratman
References: <bd3c9b98521babc9fa813a32978fa38c@paranoici.org>
Message-ID: <004501c3fa2f$6e2a03c0$42601b09@warehouse>

Message flagged as -1 (Troll)

>    And if you look back, it's clear that 99% if not all repression
> in the US comes from exactly that basis -- all the sex laws, porn
> laws, drug laws -- the intolerant, hate-filled christian mindset that
> says sex is bad, mental freedom is bad, pleasure is bad, the wilderness
> is bad and must be tamed, subjegated, and "civilised", that the
environment
> is for humans alone to exploit, that other religions and cultures are
> evil and must be suppressed and "rehabilitated" and re-educated as they
> did with the Indians.
>    Isn't it time for freedom loving people to wake up and start dealing
> with the basic problem in the world and especially the US -- christianity?
>

(You left out cancer, AIDS, and supersized happy meals)

    Intolerant hate filled christian mind set?  How does this differentiate
christians from the muslims, jews, native americans (I can't believe you
were so insensitive as to call them Indians) or even atheists?

    Perhaps we should all give in to the fun-loving stalinist's.  They got
rid of God, and it worked out well for them (and for human rights,
economics, etc etc).

-p




From camera_lumina at hotmail.com  Mon Feb 23 09:51:20 2004
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Mon, 23 Feb 2004 12:51:20 -0500
Subject: More on VoIP
Message-ID: <BAY7-F60LniqcZZ3m8K000047ca@hotmail.com>

Encryption ain't the half of it. Really good liottle article. And I didin't 
know Skype was based in Luxemborg....

http://slate.msn.com/id/2095777/

-TD

_________________________________________________________________
Get fast, reliable access with MSN 9 Dial-up. Click here for Special Offer! 
http://click.atdmt.com/AVE/go/onm00200361ave/direct/01/




From camera_lumina at hotmail.com  Mon Feb 23 09:57:40 2004
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Mon, 23 Feb 2004 12:57:40 -0500
Subject: Freematt's review of "A State of Disobedience" By Tom
  Kratman
Message-ID: <BAY7-F115JfmyDX3JRB00039603@hotmail.com>

Well, yeah...there's been a lot of good to come out of the Christian world, 
including the notion of "unalienable human rights".

But it's a worthwhile topic to troll about for a while. If you make a 
calculation of the number of humans made miserable by greater Christendom 
(to use a Kierkegaardian term), it probably dwarfs a similar calculation 
made for other religions, including Stalinism. On the other hand, the 
Christians learned how to make precise-bore gunpowder weapons earlier than 
anyone else, so maybe it's just an historic accident.

However, fundamentalist forms of Christianity seem to be at the heart of a 
lot of this Administration's shenannigans (see that Vanity Fair article on 
Orrin Hatch and you'll be pretty upset...)

-TD


>From: "Pete Capelli" <pcapelli at capelli.org>
>Reply-To: "Pete Capelli" <pcapelli at capelli.org>
>To: <cypherpunks at minder.net>
>Subject: Re: Freematt's review of "A State of Disobedience" By Tom Kratman
>Date: Mon, 23 Feb 2004 12:06:48 -0500
>
>Message flagged as -1 (Troll)
>
> >    And if you look back, it's clear that 99% if not all repression
> > in the US comes from exactly that basis -- all the sex laws, porn
> > laws, drug laws -- the intolerant, hate-filled christian mindset that
> > says sex is bad, mental freedom is bad, pleasure is bad, the wilderness
> > is bad and must be tamed, subjegated, and "civilised", that the
>environment
> > is for humans alone to exploit, that other religions and cultures are
> > evil and must be suppressed and "rehabilitated" and re-educated as they
> > did with the Indians.
> >    Isn't it time for freedom loving people to wake up and start dealing
> > with the basic problem in the world and especially the US -- 
>christianity?
> >
>
>(You left out cancer, AIDS, and supersized happy meals)
>
>     Intolerant hate filled christian mind set?  How does this 
>differentiate
>christians from the muslims, jews, native americans (I can't believe you
>were so insensitive as to call them Indians) or even atheists?
>
>     Perhaps we should all give in to the fun-loving stalinist's.  They got
>rid of God, and it worked out well for them (and for human rights,
>economics, etc etc).
>
>-p
>
>

_________________________________________________________________
Get a FREE online computer virus scan from McAfee when you click here. 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963




From eugen at leitl.org  Mon Feb 23 04:23:54 2004
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 23 Feb 2004 13:23:54 +0100
Subject: [IP] DoD proceeding with "TIA", etc. under ARDA (sic) and other
  orgs (fwd from dave@farber.net)
Message-ID: <20040223122354.GL18204@leitl.org>

----- Forwarded message from Dave Farber <dave at farber.net> -----


From nobody at paranoici.org  Mon Feb 23 08:29:12 2004
From: nobody at paranoici.org (Anonymous)
Date: Mon, 23 Feb 2004 17:29:12 +0100 (CET)
Subject: Freematt's review of "A State of Disobedience" By Tom
  Kratman
Message-ID: <bd3c9b98521babc9fa813a32978fa38c@paranoici.org>

Tyler Durden wrote:

> Damn. I'd say "that's the most intolerant hate-filled garbage I ever..."
>
> But shit. It's basically true. Or at least the fundamentalists in charge of   
> the government these days seem to equate their two-dimensional cartoon view
> of the world with reality, and that's dangerous because their guns are
> real...."Let God sort 'em out" seems to be the basic philosophy.

   And if you look back, it's clear that 99% if not all repression
in the US comes from exactly that basis -- all the sex laws, porn
laws, drug laws -- the intolerant, hate-filled christian mindset that
says sex is bad, mental freedom is bad, pleasure is bad, the wilderness
is bad and must be tamed, subjegated, and "civilised", that the environment
is for humans alone to exploit, that other religions and cultures are
evil and must be suppressed and "rehabilitated" and re-educated as they
did with the Indians.
   Isn't it time for freedom loving people to wake up and start dealing
with the basic problem in the world and especially the US -- christianity?




From DaveHowe at gmx.co.uk  Tue Feb 24 01:49:13 2004
From: DaveHowe at gmx.co.uk (Dave Howe)
Date: Tue, 24 Feb 2004 09:49:13 -0000
Subject: More on VoIP
References: <BAY7-F60LniqcZZ3m8K000047ca@hotmail.com>
Message-ID: <00c401c3fabb$7767b720$c71121c2@exchange.sharpuk.co.uk>

Tyler Durden wrote:
> Encryption ain't the half of it. Really good liottle article. And I
> didin't know Skype was based in Luxemborg....
> http://slate.msn.com/id/2095777/
Not playing with Skype - why risk a closed source propriatory solution
when there is open source, RFC documented SIP?




From camera_lumina at hotmail.com  Tue Feb 24 07:17:03 2004
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Tue, 24 Feb 2004 10:17:03 -0500
Subject: More on VoIP
Message-ID: <BAY7-F3c00goZolmRBa00005e0c@hotmail.com>

Uhm. Good point. But I think that the Luxemborg wrinkle was interesting...

The more interesting idea is peer-to-peer VoIP. That plus crypto and I don't 
think prying ears could do a whole hell of a lot. In fact, the game may be 
over on some levels...certainly, CALEA seems to have at best a slippery 
legal hold on VoIP at all, and that's when the VoIP calls are hubbed or 
"switched" somehow (you packet heads can remove the quote-marks from 
'switched'). Peered VoIP seems to push any eavesdropping all the way out to 
the edges of the network.

In fact, I'm wondering if there may be a popular 'giving up' underway on the 
greater crypto issue, with greater starting to encompass voice traffic. 
Actually, while we're fighting Satan's Minions(TM) (ie, the evil 
dark-skinned ragheads), nobody seems to care as much about some hydroponic 
pot growers and whatnot, and Al Qaeda seems to think that word of mouth 
works just fine for disseminating mission-critical information.


-TD


>From: "Dave Howe" <DaveHowe at gmx.co.uk>
>To: <cypherpunks at minder.net>
>Subject: Re: More on VoIP
>Date: Tue, 24 Feb 2004 09:49:13 -0000
>
>Tyler Durden wrote:
> > Encryption ain't the half of it. Really good liottle article. And I
> > didin't know Skype was based in Luxemborg....
> > http://slate.msn.com/id/2095777/
>Not playing with Skype - why risk a closed source propriatory solution
>when there is open source, RFC documented SIP?
>

_________________________________________________________________
Find and compare great deals on Broadband access at the MSN High-Speed 
Marketplace. http://click.atdmt.com/AVE/go/onm00200360ave/direct/01/




From rah at shipwright.com  Tue Feb 24 13:35:49 2004
From: rah at shipwright.com (R. A. Hettinga)
Date: Tue, 24 Feb 2004 16:35:49 -0500
Subject: Voices Inside Their Heads: Fbi 'Drowning' In Info From Bugs, 
  Wiretaps
Message-ID: <p06100259bc6166d56f5b@[66.149.49.5]>

<http://www.drudgereport.com/flash2.htm>

The Drudge Report


Support The DrudgeReport; Visit Our Advertisers


 VOICES INSIDE THEIR HEADS: FBI 'DROWNING' IN INFO FROM BUGS, WIRETAPS
 Tue Feb 24 2004 08:48:10 ET

 Thanks to the bundle of anti-terrorism measures known as the USA Patriot
Act, the FBI is conducting a "record amount" of electronic surveillance,
including the use of wiretaps and bugs, CONGRESSIONAL QUARTERLY reports on
Tuesday.

 But the bureau can't keep up with all the information pouring in from
those and other sources, CQ's Justin Rood reports.

 "We have a record amount of collection going on," said FBI spokesman Ed
Cogswell in a telephone interview.

 The Justice Department's 2005 budget justification for the bureau backs
Cogswell up.

 "Electronic Surveillance (ELSUR) collection volumes are expected to
continue an upward trend for months and years ahead," the justification for
the FBI reads.

 The document says the increases are the result of "statutory easements to
Foreign Intelligence Surveillance Act (FISA) authority (USA Patriot Act), a
shift of FBI investigative resources to counterterrorism and
counterintelligence programs heavily dependant [sic] upon ELSUR collection,
and incremental growth in available ELSUR line capacity."

 Electronic Surveillance - ELSUR - refers to telephone wiretaps, hidden
microphones, cameras placed in private areas, and other forms of
surreptitious interception of oral, written or electronic communication.

 The 2001 Patriot Act (PL 107-56) included provisions making it easier for
the FBI to obtain permission to spy on individuals as a part of
counterterrorism investigations.

 "All systems are go," said Steven Aftergood, director of the Project on
Government Secrecy at the Federation of American Scientists.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Tue Feb 24 15:10:04 2004
From: rah at shipwright.com (R. A. Hettinga)
Date: Tue, 24 Feb 2004 18:10:04 -0500
Subject: [IP] Ruling on Doe v Chao [ for IP list]
Message-ID: <p061002ccbc618a42bd46@[66.149.49.5]>

--- begin forwarded text



From dave at farber.net  Tue Feb 24 14:35:36 2004
From: dave at farber.net (Dave Farber)
Date: Tue, 24 Feb 2004 18:35:36 -0400
Subject: [IP] Ruling on Doe v Chao [ for IP list]
Message-ID: <mailman.835.1576007642.31620.cypherpunks-legacy@lists.cpunks.org>


-----Original Message-----
From: janice at e-mailamerica.net
Date: Tue, 24 Feb 2004 14:32:50
To:Dave Farber <dave at farber.net>
Subject: Ruling on Doe v Chao [ for IP list]

Dave,

The Supreme Court handed down its decision on the important Doe v Chao
case today; please see attached. --




Court Protects Gov't From Privacy Suits
Associated Press
Tue Feb 24,12:29 PM ET

WASHINGTON - The Supreme Court made it tougher Tuesday to make the
government pay for revealing someone's Social Security (news - web
sites) number and other personal information.

Justices ruled 6-3 against a coal miner who sought $1,000 in damages
after his Social Security number was revealed. He sued under the
Privacy Act, a 1974 law which prohibits routine data collection on
ordinary Americans and protects people from having their government
records intentionally disclosed.

The Supreme Court said the Virginia man, known as Buck Doe, had to
prove that the government's violation of the privacy law actually
harmed him.

Justice David H. Souter, writing for the majority, said it is not
enough to argue that someone suffers "presumed damages" when
information about them is improperly made public.

At issue was the Labor Department (news - web sites)'s handling of
black lung disease claims. The department used miners' Social Security
numbers as case numbers and then published the numbers in reports that
became part of computerized legal research databases.

In a dissent that was longer than the ruling in the case, Justice Ruth
Bader Ginsburg (news - web sites), joined by Justices John Paul Stevens
(news - web sites) and Stephen Breyer (news - web sites), said that the
miner was emotionally damaged by the government's mistake.

He should not have to prove out-of-pocket expenses, Ginsburg said, like
fees for credit reports to ensure his identity was not stolen, or
costly prescription drugs for anxiety.

The case is Doe v. Chao, 02-1377

-------------------------------------
You are subscribed as rah at shipwright.com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From declan at well.com  Tue Feb 24 22:56:43 2004
From: declan at well.com (Declan McCullagh)
Date: Wed, 25 Feb 2004 00:56:43 -0600
Subject: GPS Goes to Court
In-Reply-To: <E1Asp0Y-0001hd-00@smtp10.atl.mindspring.net>; from
  jya@pipeline.com on Mon, Feb 16, 2004 at 03:04:19PM -0800
References: <p06020443bc568ef60683@[66.149.49.5]>
  <E1Asp0Y-0001hd-00@smtp10.atl.mindspring.net>
Message-ID: <20040225005643.A447@baltwash.com>

On Mon, Feb 16, 2004 at 03:04:19PM -0800, John Young wrote:
> So when does illegal-GPS-bit Jim Bell get out of the pokey 
> and a public apology from the DEA (who planted it), IRS (who
> asked for it), Treasury (who wanted to nail a tax-dissident)

Whatever the merits of Jim Bell's arguments, it does appear that the
Feds who snooped on him had (sadly, not-difficult-to-obtain) court
authorization.  So I don't see how this ruling would make a
difference, even if it had happened before Bell's self-immolation on
the stand and subsequent conviction. --Declan




From rah at shipwright.com  Wed Feb 25 07:23:31 2004
From: rah at shipwright.com (R. A. Hettinga)
Date: Wed, 25 Feb 2004 10:23:31 -0500
Subject: Microsoft Plans Biometric ID Cards
Message-ID: <p06100206bc626e543296@[66.149.49.5]>

<http://www.cbronline.com/print_friendly/b6e1a01bb2c038c380256e450038609e>


DATE: 25/02/2004
Microsoft Plans Biometric ID Cards


Microsoft Corp yesterday announced that it plans to get into the identity
card business, as it lifted the veil on software, under the name
Tamper-Resistant Biometric Ids, it currently has under development.

 Demonstrated during Bill Gates' keynote address at the RSA Conference
yesterday, the software comprises a system for producing cards and
subsequently verifying that they have not been altered.

 Cards would consist of a photograph of the bearer, along with some
personal information such as date of birth. The photo and the data would be
hashed and stored in a two-dimensional color "bar code" on the card itself.

 Tampering could be subsequently detected by scanning the entire card and
reperforming the hash, to see if it matched the one on the card. The word
"biometric" seems to be loosely applied here to the fact that the cards
carry photographs.

 Gates did not give a firm data for when the company expects to come to
market with this technology, but it was suggested that it will not be this
year.
Terms & Conditions | Privacy Policy | Add to Favorites
 Copyright | ComputerWire 2004

 

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From sunder at sunder.net  Wed Feb 25 08:29:50 2004
From: sunder at sunder.net (sunder)
Date: Wed, 25 Feb 2004 11:29:50 -0500
Subject: Microsoft Plans Biometric ID Cards
In-Reply-To: <p06100206bc626e543296@[66.149.49.5]>
References: <p06100206bc626e543296@[66.149.49.5]>
Message-ID: <403CCD7E.6080704@sunder.net>

No doubt such a card will automatically be linked to a Microsoft Passport 
account, Microsoft Wallet, etc. to make sure that the violation of your 
privacy can continue  unhindered.

No doubt, the 2nd step will be to either add an RFID chip inside it plus a 
reader on the PC... Or setting the next Microsoft PC spec to include a 
barcode/RFID reader on the PC.  (Or perhaps this is already in the spec, 
just not advertised?)

Then you'll need to login with the card, and activating Windows XP, etc. 
will require the card; all Office documents will be signed/stamped with a 
GID that matches said card, etc...  Hell, it might as well be your SSN... 
After all, continuing abuse of the social security numbers meets all 
Microsoft criteria for such a thing: it's a sensitive number, that when 
handled in an unsecure way (Microsoft's modus operandi, of course) it's 
guaranteed to open you up to ID, financial, and privacy theft...

That said, "Backdoor*" Billy Gee is about two and half years late to share 
the feed through at the scummy emperor of privacy invasion:

You see, both Larry "I wear a kimono" Ellison, and Scooter (formerly known 
as the "The Dot in dot com" CEO) both had immediate wet dreams of a 
national ID card right after 9.11.2001.  Of course, the former wanted it to 
involve Oracle, the latter wanted it to be on a Java smartcard...  uh huh...

Yes, we all know great government issued ID's worked to prevent the 
disposable terrorists of 9.11.  I'm sure that the Microsoft ID will work 
even better in making us just even more "secure."


* "Secure" is a newspeak marketing feechure checklist item which is to be 
translated the same way as the word love in Ministry of Love, the word 
peace in the Ministry of Peace, the word truth in the Ministry of Truth.

* Backdoor in this case refers not to Billy's preference of human 
interaction, but rather to the 'More "Secure" than before' feature of 
Windows XP which was made famous by various trojans, worms, and other 
self-replicating bits of code.


R. A. Hettinga wrote:

> <http://www.cbronline.com/print_friendly/b6e1a01bb2c038c380256e450038609e>
> 
> 
> DATE: 25/02/2004
> Microsoft Plans Biometric ID Cards




From sfurlong at acmenet.net  Wed Feb 25 20:49:11 2004
From: sfurlong at acmenet.net (Steve Furlong)
Date: 25 Feb 2004 23:49:11 -0500
Subject: Authentification required. Read the attachment!
In-Reply-To: <Pine.LNX.4.33.0402252059250.7205-100000@einstein.ssz.com>
References: <Pine.LNX.4.33.0402252059250.7205-100000@einstein.ssz.com>
Message-ID: <1077770951.5273.5.camel@daft>

On Wed, 2004-02-25 at 22:00, Jim Choate wrote:
> > TO SUBSCRIBE to Cypherpunks, one should send a message to ONE of the following
> > addresses:
> >
> > 	majordomo at minder.net
> > 	majordomo at lne.com
> > 	majordomo at ssz.com
> 
> There is no SSZ node anymore.

LNE, neither.

Try

majordomo at al-qaeda.net
majordomo at ds.pro-ns.net




From anmetet at freedom.gmsociety.org  Wed Feb 25 22:00:28 2004
From: anmetet at freedom.gmsociety.org (An Metet)
Date: Thu, 26 Feb 2004 01:00:28 -0500
Subject: The EFF Offers a Better Way Forward on File Sharing
Message-ID: <88ac2934c19f545e048e3db8ec524f74@anonymous>

Invisiblog is a service which uses anonymous remailers and gpg-signed
messages to allow bloggers to make their contributions anonymously.
The following essay is taken from the Unlimited Freedom blog:
http://invisiblog.com/1c801df4aee49232/article/6241d2ffded8876b97cd140c6e48694f .
It discusses the EFF white paper on file sharing at:
http://www.eff.org/share/collective_lic_wp.php .



Thanks to Derek Slater for his pointer to an interesting new proposal
for handling music file sharing.

I've criticized the EFF in the past, but their new white paper is
definitely worth a read. "A Better Way Forward: Voluntary Collective
Licensing of Music File Sharing" has some great ideas and would be a
terrific solution to the file sharing problem if it could be made to
work. I do see some problems, but perhaps they can be solved, and in
any case the concept looks highly promising.

Voluntary Collective Licensing (VCL), as the EFF explains, is the system
used by radio broadcasters and other public performers to compensate
the music copyright owners. The broadcasters pay a fee to ASCAP and
other collection societies to gain the rights to play the music;
ASCAP then divides it up and pays it out to the artists. Having just
a few collective organizations like ASCAP makes it easy for the radio
broadcasters to license all the music they play.

The same idea in the P2P world would mean that users would pay a fixed
fee to the VCL agency, which the EFF suggests might be a modest five
dollars a month. This would then give them the rights to freely download
and share all the songs belonging to the artists (or record companies)
which had joined the VCL collective. The fees would be divided among
the artists using a combination of something like Nielsen ratings
plus monitoring public file sharing activity. Users would be free of
the threat of lawsuits or of the record companies using the various
technical countermeasures which are continually being developed and
deployed. And the record companies would be making money from the P2P
filesharing phenomenon which shows no sign of stopping.

My initial reaction to this proposal doesn't even need to get past the
first word. It's voluntary? I'm for it.

Look up at the top of this blog and you see what I'm about. Voluntary
arrangements are the essence of freedom as I see it. This is why I support
trusted computing and DRM, as well as encryption and anonymity. All of
these are technologies which people can use voluntarily to interact with
each other in new and powerful ways. Giving people access to the maximal
set of options in their lives is part of what I call Unlimited Freedom.

And the EFF proposal truly is voluntary. Artists would only join the
collective if they chose to do so; but staying outside would force the
artists to pursue expensive legal and technical warfare against file
sharers. Users would only sign up and pay the fees if they wanted to; but
refusing to pay would expose them to the hassles and hardship of illegal
downloading (not to mention the ethical conflicts). The EFF points out
that current anti-trust laws might interfere with the formation of a VCL
agency, but from the libertarian perspective I am of course entirely in
favor of weakening antitrust.

So before going on to criticize the proposal, I want to emphasize again
how pleased I am that the EFF has come up with an idea which respects
principles of freedom and choice for all parties. It makes me proud that
I have joined EFF and have supported it with contributions over the years.

However, while the goals of the VCL are laudable and the methods are
highly ethical, I do see practical difficulties which the EFF seems
overly optimistic about. These are fundamentally due to the loss of
price information which is such a crucial part of a normal market
structure. With music downloads disconnected from costs, signals are
no longer automatically provided to the producers to show how consumer
demand is being distributed. While the plan tries to provide proxies
and other mechanisms to provide this information, it is extremely hard
to do so reliably.

More concretely, there are three obvious problems with the idea. First,
people are still going to freeload, and it's possible that the greater
availability of legal P2P filesharing will be exploitable by illegal file
traders to make their jobs that much easier. Second, setting the size
of the per-month fees is going to be a difficult and risky calculation,
and it's all too likely that the artists will initially err on the side
of caution, setting them too high for the plan to succeed. And third,
finding a reliable way to divide up the proceeds which accurately reflects
listener preferences will be difficult, since cheaters will have financial
motivation to distort the results.

As far as illegal file sharing, the EFF very optimistically and
idealistically predicts that if the license fee is in the modest range
they suggest, $5/month, users will want to be honest and enjoy the ethical
and practical gains from getting their music legally and honorably. I
have real admiration for the EFF's high opinion of the file sharing
community. The EFF has worked with members of this group for years,
and they should have a good sense of how file traders feel.

But I'm sure that even the EFF would admit that there might well be a
significant percentage of people who will refuse to pay any amount for
the privilege of downloading music. I have certainly seen such sentiments
expressed in various online forums. Many people have come of age with
the expectation that music ought to be free, because that is all they
have known. They see the creation of music as an inexhaustable fountain
from which they can drink as often and as long as they wish. Now that
they have gotten used to having their music for free, they won't want
to go back to paying for it.

The existence of such people is going to make the whole plan more
expensive and difficult, in several ways. For one thing, the only thing
that will motivate people to stay with the program and not freeload
will be some kind of negative consequence if they leave. So the record
companies may have to continue their program of lawsuits and technical
countermeasures, even once the VCL plan is in place. A major potential
cost savings thus does not materialize. And even if the percentage of
freeloaders is small, the expense of the lawsuits may have to continue
to be large, in part because locating such people may be more difficult
now that they can hide among a much larger number of legal file sharers.

If the freeloaders can't be effectively deterred, then their existence
will serve as a constant temptation for legal members to quit the
program. We have all seen situations where a law which is ignored with
impunity by a minority eventually becomes less respected by everyone. The
same kind of gradual breakdown would be a constant threat to a VCL
program. It's not like radio, where there are only a few hundred or
thousand broadcasters. We're talking millions or potentially billions
of people now, and the enforcement lessons from radio are not applicable.

Another problem with the EFF plan is setting the size of the VCL fees. I
give the EFF enormous credit for resisting the temptation to put the
government in control of this aspect of the program. Politicizing this
issue would be disastrous. Letting the creators of the music (or their
agents) decide how much they are willing to let it go for is the only
free, fair and economically sound possibility.

Nevertheless, there are going to be significant practical difficulties
in getting a reasonable licensing fee. First, from the theoretical side,
it's not even clear what kind of fee we would see, if the VCL agency had
perfect knowledge. What would maximize their profits? As they increase
their fees, revenue per subscriber goes up, but they lose subscribers,
and face the costs described above to try to coax people back into the
program. But as further argued above, those enforcement costs may not
be able to be reduced below a threshold value, since people can always
leave the program and potentially still get access to music. It's a
complicated tradeoff.

It's often the practice, with new business models, to set initial fees
on the high side in order to reduce risk. Then the fees can be gradually
lowered as market demand increases. This provides for a gradual and
manageable growth rate. The VCL agency probably can't realistically sign
up and manage 100 million subscribers the first year. They might prefer
to set the fees high enough so that they have only a million subscribers
that first year, and then bring them down gradually. This will also give
them a sense of the shape of the demand curve, how many more subscribers
they get for a particular decrease in licensing fees.

For these reasons, I'd expect the fees to be quite a bit higher than the
EFF estimate of five dollars a month, especially at first. Hopefully they
would come down within a few years, and maybe the EFF goal would not be
too far off, eventually. But initially the plan will face criticism and
disillusionment if the fees are considerably higher than were initially
promised. As far as likely long-term licensing rates, I'd like to see
some analysis and modeling of this tradeoff which could shed more light
on where a good price point is likely to be found.

The third problem I listed is the difficulty of accurately figuring
out how the proceeds should be distributed to the artists. The EFF
report suggests copying the Nielsen ratings and having randomly selected
families allow their downloads to be monitored. This isn't a bad idea,
but the problem is that there are far more songs in common use than
TV shows. At any given time there are probably no more than 200 shows
tracked by the Nielsen ratings. But there must be tens or even hundreds
of thousands of different songs being downloaded in a typical day. That
means that the statistical precision necessary to fairly divide up the
revenues is going to be far more difficult to meet than for TV shows. The
truth is that Nielsen ratings have larger error bars than many people
realize, and once you divide the measurements a hundredfold or worse,
the statistical errors are likely to swamp the measured results. The
noise will overwhelm the signal.

The other idea the EFF suggests is to monitor file sharing activity,
as is done already by companies like Big Champagne. The problem with
this is that at present, no one has much incentive to try to manipulate
this data. But in a VCL system, these measurements will determine the
financial success or failure of artists and record companies. If the
system can be gamed, it will be. So far I haven't seen a proposal that
would both respect user privacy and simultaneously prevent people from
creating bogus download requests or using other tricks to inflate the
numbers for a desired artist or company. The EFF's confidence that these
two methods will work is not well justified at present.

In summary, the EFF's Voluntary Collective License proposal is innovative,
ethical, and idealistic. It respects the freedom of all parties involved
and tries to offer a path which everyone can walk to their mutual
benefit. There are still significant practical problems to be overcome,
but the goal is important and desirable enough that it is worthwhile
putting in effort to see if this system can succeed. Even if it ultimately
fails, VCL should be encouraged as a new, voluntary and creative option
for people to approach the difficult issues of file sharing today.




From mv at cdc.gov  Thu Feb 26 10:01:05 2004
From: mv at cdc.gov (Major Variola (ret))
Date: Thu, 26 Feb 2004 10:01:05 -0800
Subject: The EFF Offers a Better Way Forward on File Sharing
Message-ID: <403E3461.E5F46C7D@cdc.gov>

Quoth A. Metet:

>>Many people have come of age with
the expectation that music ought to be free, because that is all they
have known. They see the creation of music as an inexhaustable fountain
from which they can drink as often and as long as they wish. Now that
they have gotten used to having their music for free, they won't want
to go back to paying for it.<<

Interesting that the govt and its RF licensees *created* this
expectation.
With the complicity of the creators and their ASCAP et al. mafia.

Since the 30s, people "came of age" with free radio, all you have to do
is listen to the commercials, you can tape what you want, and dupe those
copies too.  Later
the same situation with TV.

The  internet did the same with e.g., news and commentary, though there
was no govt-granted slice of spectrum involved here, just the value
of eyeballs, market share in an exponentially growing population.

The development of this expectation of "free as in beer" is really an
aside to Metet's essay.
But the EFF proposal which he lauds is just an upgraded ASCAP.  What
they and
others really need to get their heads around is the Street Performer
Protocol,
and/or the Grateful Dead business model.




From mv at cdc.gov  Thu Feb 26 13:39:22 2004
From: mv at cdc.gov (Major Variola (ret.))
Date: Thu, 26 Feb 2004 13:39:22 -0800
Subject: Gentlemen don't read each others' mail
Message-ID: <403E678A.FEA5CDD8@cdc.gov>

Britain Accused of Spying on U.N.'s Annan

LONDON (AP) - Britain spied on U.N. Secretary-General Kofi Annan in the
build up to the Iraq war, a former Cabinet minister said Thursday,
triggering yet another postwar crisis for Prime Minister Tony Blair

http://apnews.myway.com/article/20040226/D80V5N901.html


Gentlemen don't read each others' mail
Unless they're at war..
And we have always been at war with Oceania bin Laden




From mv at cdc.gov  Thu Feb 26 13:42:22 2004
From: mv at cdc.gov (Major Variola (ret.))
Date: Thu, 26 Feb 2004 13:42:22 -0800
Subject: FBI above the law
Message-ID: <403E683E.A464068E@cdc.gov>

WASHINGTON (AP) - The FBI has banned its employees from taking any items
from crime scenes or evidence sites after Justice Department
investigators found that 13 agents took debris from the rubble of the
World Trade Center.
...
Sen. Charles Grassley, R-Iowa, said in a letter Thursday to FBI Director
Robert Mueller that there appears to be a double standard for agents
because private citizens have been prosecuted and given prison sentences
for taking items from the site.

http://apnews.myway.com/article/20040226/D80V2MP80.html




From mv at cdc.gov  Fri Feb 27 07:55:14 2004
From: mv at cdc.gov (Major Variola (ret))
Date: Fri, 27 Feb 2004 07:55:14 -0800
Subject: Gentlemen don't read each others' mail
Message-ID: <403F6862.8FA3AA2B@cdc.gov>

At 09:41 AM 2/27/04 -0500, Tyler Durden wrote:
>Looks like the UN's going to need some encrypted VoIP...
>-TD

Silly lad, the walls have ears.   And the ceilings, trimwork, light
fixtures,
heating ducts, etc.

Think outside the (secure) box, dude.




From mv at cdc.gov  Fri Feb 27 08:19:08 2004
From: mv at cdc.gov (Major Variola (ret.))
Date: Fri, 27 Feb 2004 08:19:08 -0800
Subject: FCC commisar wants to earn hanging
Message-ID: <403F6DFB.67F49070@cdc.gov>

NEW YORK, Feb 25 (Reuters) - U.S. regulators should consider whether
radio and television services carried by cable and satellite must adhere
to indecency standards, Federal Communications Commissioner Kevin Martin
said on Wednesday.

http://biz.yahoo.com/rc/040225/tech_summit_indecency_1.html

--------

If the FCC can regulate the content of *private* media which one must
choose (and pay) to receive, what is to stop them from regulating the
Internet or other interstate media?   Such attempts would be a
treasonous
violation of the 1st.




From camera_lumina at hotmail.com  Fri Feb 27 06:41:58 2004
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Fri, 27 Feb 2004 09:41:58 -0500
Subject: Gentlemen don't read each others' mail
Message-ID: <BAY7-F518q9zc45kcrb0001cf43@hotmail.com>

Looks like the UN's going to need some encrypted VoIP...
-TD


>From: "Major Variola (ret.)" <mv at cdc.gov>
>Reply-To: cypherpunks at lne.com
>To: "cypherpunks at al-qaeda.net" <cypherpunks at al-qaeda.net>
>Subject: Gentlemen don't read each others' mail
>Date: Thu, 26 Feb 2004 13:39:22 -0800
>
>Britain Accused of Spying on U.N.'s Annan
>
>LONDON (AP) - Britain spied on U.N. Secretary-General Kofi Annan in the
>build up to the Iraq war, a former Cabinet minister said Thursday,
>triggering yet another postwar crisis for Prime Minister Tony Blair
>
>http://apnews.myway.com/article/20040226/D80V5N901.html
>
>
>Gentlemen don't read each others' mail
>Unless they're at war..
>And we have always been at war with Oceania bin Laden
>
>
>
>

_________________________________________________________________
Take off on a romantic weekend or a family adventure to these great U.S. 
locations. http://special.msn.com/local/hotdestinations.armx




From s.schear at comcast.net  Fri Feb 27 11:55:03 2004
From: s.schear at comcast.net (Steve Schear)
Date: Fri, 27 Feb 2004 11:55:03 -0800
Subject: Gentlemen don't read each others' mail
In-Reply-To: <BAY7-F116MzAUor03u900019101@hotmail.com>
References: <BAY7-F116MzAUor03u900019101@hotmail.com>
Message-ID: <6.0.1.1.0.20040227115359.053d7f70@mail.comcast.net>

At 10:20 AM 2/27/2004, you wrote: Of course, there's laser-based
eavesdropping from the outside of the building, and I'd bet this was
actually the method used in many cases. Laser/vibration-proof glass
apparently does exist (it's installed in that DARPA building in downtown
watchamaface VA), but I doubt it's installed in the UN, as it's VERY
expensive. (But then again, maybe some select rooms have it.) That is why
most secure meetings occur in interior rooms. steve
 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus
system (http://www.grisoft.com). Version: 6.0.585 / Virus Database: 370 -
Release Date: 2/11/2004




From camera_lumina at hotmail.com  Fri Feb 27 10:20:47 2004
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Fri, 27 Feb 2004 13:20:47 -0500
Subject: Gentlemen don't read each others' mail
Message-ID: <BAY7-F116MzAUor03u900019101@hotmail.com>

Variola wrote...


>Silly lad, the walls have ears.   And the ceilings, trimwork, light
>fixtures,
>heating ducts, etc.
>
>Think outside the (secure) box, dude.

Well, of course those are the conventional channels, and for sure some of 
them would have been employed. But an all-around secure communications 
infrastructure would have to include the telephony, or else all of the other 
precautions can more or less be CALEA'd away 9ie, using the physical 
infrastructure of CALEA).

And there's also the question of willing "our boys" would be of incurring 
some international incident by installing eavesdropping devices. Something 
CALEA-like seems far less instrusive.

Of course, there's laser-based eavesdropping from the outside of the 
building, and I'd bet this was actually the method used in many cases. 
Laser/vibration-proof glass apparently does exist (it's installed in that 
DARPA building in downtown watchamaface VA), but I doubt it's installed in 
the UN, as it's VERY expensive. (But then again, maybe some select rooms 
have it.)

-TD

_________________________________________________________________
Click, drag and drop. My MSN is the simple way to design your homepage. 
http://click.atdmt.com/AVE/go/onm00200364ave/direct/01/




From DaveHowe at gmx.co.uk  Fri Feb 27 10:57:21 2004
From: DaveHowe at gmx.co.uk (Dave Howe)
Date: Fri, 27 Feb 2004 18:57:21 -0000
Subject: Gentlemen don't read each others' mail
References: <BAY7-F116MzAUor03u900019101@hotmail.com>
Message-ID: <08bf01c3fd63$88ca3a10$c71121c2@exchange.sharpuk.co.uk>

Tyler Durden wrote:
> Of course, there's laser-based eavesdropping from the outside of the
> building, and I'd bet this was actually the method used in many cases.
> Laser/vibration-proof glass apparently does exist (it's installed in
> that DARPA building in downtown watchamaface VA), but I doubt it's
> installed in the UN, as it's VERY expensive. (But then again, maybe
> some select rooms have it.)
I would have thought it was very cheap. stick one of those peizo "flat
speaker" widgets onto the outer pane of double-glazing and play random
noise into it...




From rah at shipwright.com  Fri Feb 27 18:19:28 2004
From: rah at shipwright.com (R. A. Hettinga)
Date: Fri, 27 Feb 2004 21:19:28 -0500
Subject: Anger Management
Message-ID: <p061002c6bc65a99f1c12@[66.149.49.5]>

This just came by on another list. It's been passed around, and it's a
chestnut, probably here even, I don't remember, hell, it's probably in
Snopes or something, but, hey, it's got a cypherpunk punchline, and we need
a laugh around here...

Cheers,
RAH
-------

Anger Management


When you occasionally have a really bad day, and you just need to take it
out on someone, don't take it out on someone you know, take it out on
someone you don't know.

I was sitting at my desk when I remembered a phone call I'd forgotten to
make.   I found the number and dialed it. A man answered, saying "Hello." I
politely said, "This is Chris. Could I please speak with Robin Carter?"
Suddenly the phone was slammed down on me. I couldn't believe that anyone
could be so rude.

 I tracked down Robin's correct number and called her. I had transposed the
last two digits of her phone number. After hanging up with her, I decided
to call the 'wrong' number again. When the same guy answered the phone, I
yelled "You're an asshole!" and hung up.

 I wrote his number down with the word! '! asshole' next to it, and put it
in my desk drawer. Every couple of weeks, when I was paying bills or had a
really bad day, I'd call him up and yell, "You're an asshole!" It always
cheered me up.

 When Caller ID came to our area, I thought my therapeutic 'asshole'
calling would have to stop. So, I called his number and said, "Hi, this is
John Smith from the telephone company. I'm calling to see if you're
familiar with our Caller ID Program?" He yelled "NO!" and slammed down the
phone.

 I quickly called him back and said, "That's because you're an asshole!"

 One day I was at the store, getting ready to pull into a parking spot.
Some guy in a black BMW cut me off and pulled into the spot I had patiently
waited for. I hit the horn and yelled that I'd been waiting for that spot.
The idiot ignored me. I noticed a "For Sale" sign in his car window, so I
wrote d! ow! n his number.

 A couple of days later, right after calling the first asshole ( I had his
number on speed dial,) I thought that I'd better call the BMW asshole, too.

 I said, "Is this the man with the black BMW for sale?"

 "Yes, it is."

 "Can you tell me where I can see it?"

 "Yes, I live at 1802 West 34th Street. It's a yellow house, and the car's
parked right out in front."

 "What's your name?" I asked.

 "My name is Don Hansen," he said.

 "When's a good time to catch you, Don?"

 "I'm home every evening after five."

 "Listen,Don, can I tell you something?"

 "Yes?"

 "Don, you're an asshole." Then I hung up, and added his number to my speed
dial, too. Now, when I had a problem, I had two assholes to call.

 But after several months of calling them, it wasn't as enjoyable as it
used to be. So, I came up with an idea. I called Asshole #1.

 "Hello."

 "You're an asshole!" (But I didn't hang up.)

 "Are you still there?" he asked.

 "Yeah," I said.

 "Stop calling me," he screamed.

 "Make me," I said.

 "Who are you?" he asked.

 "My name is Don Hansen."

 "Yeah? Where do you live?"

"Asshole, I live at 1802 West 34th Street, a yellow house, with my black
Beamer parked in front."

 He said, "I'm coming over right now, Don. And you had better start saying
your prayers."

 I said, "Yeah, like I'm really scared, asshole."

 Then I called Asshole #2. "Hello?" he said.

 "Hello, asshole," I said.

 He yelled, "If I ever find out who you are..."

 "You'll what?" I said.

 "I'll kick your ass," he exclaimed.

 I answered, "Well, asshole, here's your chance. I'm coming over right now."

 Then I hung up and immediately called the police, saying that I lived at
1802 West 34th Street, and that I was on my way over there to kill my gay
lover.

 Then I called Channel 13 News about the gang war going down on West 34th
Street.

 I quickly got into my car and headed over to 34th street. There I saw two
assholes beating the crap out of each other in front of six squad cars, a
police helicopter and a news crew.

 NOW I feel much better.  Anger management really works !!!     :)


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From jtrjtrjtr2001 at yahoo.com  Fri Feb 27 22:05:07 2004
From: jtrjtrjtr2001 at yahoo.com (Sarad AV)
Date: Fri, 27 Feb 2004 22:05:07 -0800 (PST)
Subject: Gentlemen don't read each others' mail
In-Reply-To: <BAY7-F518q9zc45kcrb0001cf43@hotmail.com>
Message-ID: <20040228060507.25932.qmail@web21204.mail.yahoo.com>

They must be doing it all time.It now just turned out
as a diplomatic issue.

Sarath.

--- Tyler Durden <camera_lumina at hotmail.com> wrote:
> Looks like the UN's going to need some encrypted
> VoIP...
> -TD
> 
> 
> >From: "Major Variola (ret.)" <mv at cdc.gov>
> >Reply-To: cypherpunks at lne.com
> >To: "cypherpunks at al-qaeda.net"
> <cypherpunks at al-qaeda.net>
> >Subject: Gentlemen don't read each others' mail
> >Date: Thu, 26 Feb 2004 13:39:22 -0800
> >
> >Britain Accused of Spying on U.N.'s Annan
> >
> >LONDON (AP) - Britain spied on U.N.
> Secretary-General Kofi Annan in the
> >build up to the Iraq war, a former Cabinet minister
> said Thursday,
> >triggering yet another postwar crisis for Prime
> Minister Tony Blair
> >
>
>http://apnews.myway.com/article/20040226/D80V5N901.html
> >
> >
> >Gentlemen don't read each others' mail
> >Unless they're at war..
> >And we have always been at war with Oceania bin
> Laden
> >
> >
> >
> >
> 
>
_________________________________________________________________
> Take off on a romantic weekend or a family adventure
> to these great U.S. 
> locations.
http://special.msn.com/local/hotdestinations.armx


__________________________________
Do you Yahoo!?
Get better spam protection with Yahoo! Mail.
http://antispam.yahoo.com/tools




From mv at cdc.gov  Fri Feb 27 22:37:51 2004
From: mv at cdc.gov (Major Variola (ret))
Date: Fri, 27 Feb 2004 22:37:51 -0800
Subject: Gentlemen don't read each others' mail
Message-ID: <4040373F.EEC1F424@cdc.gov>

At 10:05 PM 2/27/04 -0800, Sarad AV wrote:
>They must be doing it all time.It now just turned out
>as a diplomatic issue.

Yep.  When a govt is caught, its a diplomatic issue.   When a tech
is caught, its death, prison, or prison followed by a trade for
similar.  Unless the tech
is recognized "embassy staff" in which case he merely has to pack his
bags pronto.

Does Annan/UN have its own counterintel group?   Are they 0wn3d by the
US?

Not that some of the better bugs can be found by a sweep.  Anyone
remember the bursting bug in the wall-trim-that-prevents-chair-damage,
in some US State Dept
room?

Of *course* the phones are tapped at the CO, and yes a SecPhone would
work, *except* for the room bugs, no lasers (too finicky) needed.  As is
Annan's (et al) limo and apartment.  Hell, all the luxury cars have
microphones to adjust the radio volume anyway; sometimes for noise
cancellation.  And the On-Star mic has been used to
bug folks too, from the On-Star office.  Isn't remote control great?
A trojan on wheels.  Well, the original trojan probably had wheels too.

PS: the solution for a laser-bugger
to a speaker in your double-glazed window is to find the
recording of the music used as cover, and subtract.   Takes a little
longer but there's a machine in Ft. Meade that does this real fast.
Getting the phase right is the hardest part.

The secretary will disavow any knowledge, of course.




From mv at cdc.gov  Fri Feb 27 22:37:51 2004
From: mv at cdc.gov (Major Variola (ret.))
Date: Fri, 27 Feb 2004 22:37:51 -0800
Subject: If you doubted that history repeats...
Message-ID: <4040373F.91F69422@cdc.gov>

Agencies Finishing Warnings On Lead
http://www.washingtonpost.com/wp-dyn/articles/A10503-2004Feb26.html

Now can anyone think of another colonial empire whose capital was
thought
to suffer from lead poisoning too?

When DC is cratered, after a few half-lives elapse, when its inhabitable
again, perhaps they'll use copper next time.




From cypherpunks at salvagingelectrons.com  Fri Feb 27 23:06:12 2004
From: cypherpunks at salvagingelectrons.com (Tim Meehan)
Date: Sat, 28 Feb 2004 02:06:12 -0500
Subject: Authentic Journalism -- help end predatory drug policies...
Message-ID: <2cf040h8tt9tdf3qupnto6hdn82nne6fka@4ax.com>

https://www.paypal.com/xclick/business=andrewgrice%40authenticjournalism.org&item_name=Tim+Meehan+Letter&item_number=022804&no_note=1&tax=0&currency_code=USD

Letter from Tim Meehan of Pot TV

Dear Friends of Authentic Journalism:

We're at a very unique and special time in the history of our planet: Voices of
marginalized peoples are now on the same level of those called on by the
establishment media, thanks to the Internet.

With that in mind, I hope you will carefully consider a donation to the Fund for
Authentic Journalism.

Many of you already know of the good work of Al Giordano and the journalists at
Narconews.com. Chronicling the drug war, from somewhere in a country called
Amirica, Al and his colleagues bring the voice of the people directly affected
by predatory drug and national policies to an unprecedented world audience. Last
year, Narco News took the initiative to establish the School for Authentic
Journalism to educate people about reporting on the effects of the
Narco-Industrial Complex -- in several languages -- at a local level and
especially in Latin America, where the battle is fiercest.  

Widely considered the fresh battleground between predatory governmental policies
and sane drug policy, the nations of Venezuela, Brazil, Ecuador, Argentina and
Peru, among others, have been struggling to find their path.  The peoples of
those nations will pursue a rational policy when it comes to the drug trade, but
only if they are given unbiased, truthful, and complete information.

When it comes to reporting on drug wars from around the world, the importance of
this work cannot be understated. For example, we here in Canada have noticed the
difference that Authentic Journalism has made in the shaping our national debate
around cannabis legalization.

As Authentic Journalist Richard Cowan of marijuananews.com and pot-tv.net has
pointed out, "We are too White to invade, and too close to ignore," and our
voices are having a considerable impact on the story of our struggle in the
United States.  Often times our voices are not welcomed by U.S. interests, but
fortunately, we have the backing of interested philanthropists who fund and
facilitate (on a limited level) the telling of our stories.  

Many poorer nations, unfortunately, do not have this support, often times simply
because they happen to be of a different race, language, or nationality. This is
why it is so important to ask for your donation to help support the voices of
people across Amirica.

If you're not convinced yet, it helps if you look at the international
narco-industrial complex as a machine. 

Predatory governments depend on this narco-industrial machine for their income
and prosperity.  Their agenda is raw power and money.

Establishment media (some of them in a perverse symbiotic relationship with
these same predatory governments) often feign concern for certain aspects of the
machine's operation.  Perhaps the control panel is designed improperly, or maybe
the operators are improperly trained in efficient operation.  However, they
ultimately ignore stories damaging to the government's agenda, and by extension,
theirs. People that speak out, saying that this machine has no place in society,
are ignored because it threatens their access and power.

Authentic Journalists, on the other hand, look at the wiring of the machine,
look at where the power source is coming in, look at who benefits from the
existence of the machine in the first place, and expose these truths -- as well
as a way to cut the power off. Authentic Journalists have an agenda too -- make
no mistake about it.  Their agenda is truth.

The Internet has changed the rules of engagement in the battle for ideas.  While
this may be obvious to those like myself, who have followed its progression from
text-based to graphical interfaces, and to today with it's entrenchment into
American and Canadian society, it helps have a historical perspective on things.

Part of the problem with asking funding for these projects may simply be because
of the lack of realization by donors that were are ahead of the curve.

So I'll ask you now to make a contribution to The Fund for Authentic Journalism,
specifically to train beginning journalists and journalism students at next
summer's School of Authentic Journalism session, via this PayPal Link:

https://www.paypal.com/xclick/business=andrewgrice%40authenticjournalism.org&item_name=Tim+Meehan+Letter&item_number=022804&no_note=1&tax=0&currency_code=USD

Or you can send a check to:

The Fund for Authentic Journalism
P.O. Box 71051
Madison Heights, MI 48071 USA

And if you'd like to acknowledge this letter - an example of mutual aid among
independent media - as inspiring your donation, please write "Tim Meehan Letter"
on the envelope.

All funds received in direct response to this letter by midnight March 18, 2004,
will help determine how many scholarships in Authentic Journalism that Narco
News can offer this year.

Sir Authur C. Clarke came up with the idea of geosynchronous orbit for
communication satellites almost twenty years before they became a reality.
Marshall McLuhan prophesied the world wide web's global village in the 1960s,
and it came to fruition almost fourteen years after his death in 1980.

Ultimately, any donation to a cause like ours is a gamble on future.  We truly
believe Authentic Journalism will change the world, and we sincerely believe we
will meet your expectations -- and then some. 

I hope we can count on your support.

Sincerely,

Tim Meehan
POT-TV News
Ontario Consumers for Safe Access to Recreational Cannabis
Toronto, Ontario, Canada

tim.meehan at utoronto.ca / tim at ocsarc.org

Email Link to Give Funds Online for the Tim Meehan Letter on behalf of the
School of Authentic Journalism:

https://www.paypal.com/xclick/business=andrewgrice%40authenticjournalism.org&item_name=Tim+Meehan+Letter&item_number=022804&no_note=1&tax=0&currency_code=USD




From mv at cdc.gov  Sun Feb 29 14:19:13 2004
From: mv at cdc.gov (Major Variola (ret.))
Date: Sun, 29 Feb 2004 14:19:13 -0800
Subject: Gentlemen reading mail part II
Message-ID: <40426560.8B3D9993@cdc.gov>

Blix says US spied on him over Iraq

Reuters London Feb 28: Former chief United Nations weapons inspector Mr
Hans Blix said today he suspected the United States bugged his office
and home in the run-up to the Iraq war, but had no hard evidence.

Describing such behaviour as disgusting, Mr Blix told Britains
Guardian newspaper in an interview: It feels like an intrusion into
your integrity in a situation when you are actually on the same side.

His allegation came on top of a diplomatic row sparked this week when
former British minister Ms Clare Short said Britain bugged UN Secretary
General Mr Kofi Annans office as London and Washington tried but failed
to win UN backing to invade Iraq.

Mr Blix said his suspicions were raised when he had trouble with a
telephone connection at home.

It might have been something trivial or it might have been something
installed somewhere, I dont know, he said.

The Swede said he asked UN counter-surveillance teams to check his
office and home for listening devices.

If you had something sensitive to talk about you would go out into the
restaurant or out into the streets, said Mr Blix.

He said US state department envoy Mr John Wolf visited him two weeks
before the Iraq war with pictures of an Iraqi drone and a cluster bomb
that the former inspector believed could have been secured only from
within the UN weapons office.

He should not have had them. I asked him how he got them and he would
not tell me, Mr Blix said.

It could have been some staff belonging to us that handed them to the
Americans... It could also be that they managed to break into the secure
fax and got it that way, he said.

Ms Short, in government before and during the Iraq war, said on Thursday
she had seen transcripts of what she said were bugged accounts of Mr
Annans conversations. She resigned after the war.

The British Prime Minister, Mr Tony Blair accused her of being
irresponsible and of undermining intelligence services at a time when
Britain faced a threat of attack from Islamic militants.

Blair said British security services acted within domestic and
international law.

But UN spokesman Mr Fred Eckhard said Mr Annan would seek a fuller
explanation from Britain on the allegations, saying any attempt to
eavesdrop on the Secretary General was illegal and should stop as it
would violate three international treaties.

Mr Blair warned critics like Ms Short that unless they buried
differences they risked ousting his Labour Party from power as it
prepares to fight a general election expected in 2005.

Former UN secretary-general Mr Boutros Boutros-Ghali and another former
chief UN weapons inspector, Mr Richard Butler, said yesterday they
believed they had been spied on.

From the first day I entered my office they told me: beware, your
office is bugged, your residence is bugged, Mr Boutros-Ghali told the
BBC.

It is a tradition that member states that have the technical capacity
to bug will do it without hesitation, he said.

http://www.navhindtimes.com/stories.php?part=news&Story_ID=022910




From mv at cdc.gov  Sun Feb 29 18:36:19 2004
From: mv at cdc.gov (Major Variola (ret))
Date: Sun, 29 Feb 2004 18:36:19 -0800
Subject: Gentlemen reading mail part II
Message-ID: <4042A1A3.3E603665@cdc.gov>

At 09:16 PM 2/29/04 -0500, Steve Furlong wrote:
>On Sun, 2004-02-29 at 17:19, Major Variola (ret.) forwarded:
>> Blix says US spied on him over Iraq
>> ...
>> It feels like an intrusion into
>> your integrity in a situation when you are actually on the same
side.
>
>Begging the question of whether Blix was actually on the same side as
>the Brits or the US.

Hans is either being coy or naif.    Of course he wasn't on our side;
he was after the facts, not revenge, or colonialism.

One wonders about the mindset of the UN folks.  Don't they realize
they are 0wn3d?   Or at least herded?   Perhaps I underestimate
the human capacity for idealism, or gullibility.

In any case, it should be clear why the US 'tolerates' the UN
and planted its HQ in NYC.  A fine source of PR sometimes,
and a good source of intel other times.  Rather tough for the
UN counterintel force I imagine.

PS: what's the price of gas masks in Athens these days?


-----
BWM says interplanetary roadside assistance is "dodgy", but lets see
them
do a firmware update to a dead car a few hundred million miles away.




From sfurlong at acmenet.net  Sun Feb 29 18:16:52 2004
From: sfurlong at acmenet.net (Steve Furlong)
Date: 29 Feb 2004 21:16:52 -0500
Subject: Gentlemen reading mail part II
In-Reply-To: <40426560.8B3D9993@cdc.gov>
References: <40426560.8B3D9993@cdc.gov>
Message-ID: <1078107412.2761.1.camel@daft>

On Sun, 2004-02-29 at 17:19, Major Variola (ret.) forwarded:
> Blix says US spied on him over Iraq
> ...
> It feels like an intrusion into
> your integrity in a situation when you are actually on the same side.

Begging the question of whether Blix was actually on the same side as
the Brits or the US.




From rah at shipwright.com  Sun Feb 29 19:31:15 2004
From: rah at shipwright.com (R. A. Hettinga)
Date: Sun, 29 Feb 2004 22:31:15 -0500
Subject: Online Anonymity May Fade
Message-ID: <p06100274bc685e44762f@[66.149.49.5]>

<http://www.reuters.com/printerFriendlyPopup.jhtml?type=reutersEdge&storyID=4438554>

Reuters

Online Anonymity May Fade
 Wed Feb 25, 2004 04:18 PM ET

 NEW YORK (Reuters) - Online profiling in which consumers' names and
addresses are connected to their Internet habits could be in the works as
consumers begin to trust the Web more, Kevin Ryan, the chief executive of
Internet advertiser DoubleClick, said on Wednesday.

 "There will be more targeting using this with customers having the ability
to opt out," Ryan told the Reuters Technology Media and Telecommunications
Summit in New York.

 While DoubleClick has no immediate plans to link data on specific Internet
users to their online behavior at this time, it may come down the road, he
said.

 Ryan suggested that privacy concerns have eased over the years, similar to
how many people have relaxed about using their credit cards online.

 While people don't think twice now about using their credit cards for
online purchases, polls showed that Internet users in the late 1990s were
more afraid of fraud, he said.

 "I said the same thing many, many years ago, that I thought privacy
concerns would follow the credit card fraud concerns," he said. "What
happened was the actual risk wasn't that great. In fact, people started to
realize that nothing is 100 percent safe ever."

 In the early years of Internet advertising, DoubleClick was the subject of
several probes into its potential use of information gleaned about Internet
users from "cookies" -- small pieces of software that keep track of what
Web sites they visit.

 DoubleClick's 1999 acquisition of direct marketer Abacus Direct was of
particular concern for consumer groups worried about corporate abuse of
customer profiling. It provided DoubleClick with the ability to combine
data such as a person's name and address with information on the Web sites
they visit and items they purchase.

 The company agreed to keep those lines of information separate to address
privacy concerns.

 Abacus maintains a cooperative database that catalog companies and
publishers contribute information to about their customers, such as names,
addresses and purchase information. The data is collected by household, not
individuals, the DoubleClick Web site says.

 At the time of the merger, the market was not ready for sophisticated
targeting tools, Ryan said. "Businesswise, we felt like it didn't make
sense to link" those different types of consumer data, he added.

 Now, the market is "starting to kick in" to make such applications
worthwhile for advertisers, according to Ryan.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'