From tamyrap at esurance.com Mon May 1 01:06:09 2006 From: tamyrap at esurance.com (Andrea Cho) Date: Mon, 01 May 2006 02:06:09 -0600 Subject: Your account #88257 Message-ID: <3.1.9.6.4.41475903126001.380a6359@69.60.117.34> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1167 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ape.jpg Type: image/jpg Size: 7236 bytes Desc: not available URL: From ling at hksinc.com Mon May 1 02:41:07 2006 From: ling at hksinc.com (Ada Luna) Date: Mon, 01 May 2006 03:41:07 -0600 Subject: Re-finance at the lowestt ratess Message-ID: <81494361345620.iJTxiQTe2E@chinamen> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1171 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: orwell.gif Type: image/gif Size: 6170 bytes Desc: not available URL: From kjzbgzx at cbmstampi.it Mon May 1 08:22:35 2006 From: kjzbgzx at cbmstampi.it (Marlon) Date: Mon, 01 May 2006 07:22:35 -0800 Subject: This will surely help. Message-ID: <00c101c66d2a$b124f0c0$fdd1675f@ickgaxm> Obtaining a DIPLOMA has never been so easy ! Call today and find out how you could get your DIPLOMA from a highly credible college, Full Transcripts, A Letter of Recommendations, and even honors. 1-206-984-0106 No required tests, classes, books, or interviews. Diplomas are available include but are not limited to: Bachelors, Masters, MBA, and Doctorate (PhD) Available in any field of your choice. Everyone is approved, Never is anyone turned down. Total Confidentiality assured. Call Today 1-206-984-0106 get a DIPLOMA within days!!! 24 hours a day, 7 days a week including Sunday and Holidays. 1-206-666-5510 From rforno at infowarrior.org Mon May 1 07:22:56 2006 From: rforno at infowarrior.org (Richard Forno) Date: May 1, 2006 7:22:56 PM EDT Subject: Spies Among Us Message-ID: Spies Among Us Despite a troubled history, police across the nation are keeping tabs on ordinary Americans By David E. Kaplan 5/8/06 In the Atlanta suburbs of DeKalb County, local officials wasted no time after the 9/11 attacks. The second-most-populous county in Georgia, the area is home to the Centers for Disease Control and Prevention, the FBI's regional headquarters, and other potential terrorist targets. Within weeks of the attacks, officials there boasted that they had set up the nation's first local department of homeland security. Dozens of other communities followed, and, like them, DeKalb County put in for--and got--a series of generous federal counterterrorism grants. The county received nearly $12 million from Washington, using it to set up, among other things, a police intelligence unit. The outfit stumbled in 2002, when two of its agents were assigned to follow around the county executive. Their job: to determine whether he was being tailed--not by al Qaeda but by a district attorney investigator looking into alleged misspending. A year later, one of its plainclothes agents was seen photographing a handful of vegan activists handing out antimeat leaflets in front of a HoneyBaked Ham store. Police arrested two of the vegans and demanded that they turn over notes, on which they'd written the license-plate number of an undercover car, according to the American Civil Liberties Union, which is now suing the county. An Atlanta Journal-Constitution editorial neatly summed up the incident: "So now we know: Glazed hams are safe in DeKalb County." Glazed hams aren't the only items that America's local cops are protecting from dubious threats. U.S. News has identified nearly a dozen cases in which city and county police, in the name of homeland security, have surveilled or harassed animal-rights and antiwar protesters, union activists, and even library patrons surfing the Web. Unlike with Washington's warrantless domestic surveillance program, little attention has been focused on the role of state and local authorities in the war on terrorism. A U.S.News inquiry found that federal officials have funneled hundreds of millions of dollars into once discredited state and local police intelligence operations. Millions more have gone into building up regional law enforcement databases to unprecedented levels. In dozens of interviews, officials across the nation have stressed that the enhanced intelligence work is vital to the nation's security, but even its biggest boosters worry about a lack of training and standards. "This is going to be the challenge," says Los Angeles Police Chief William Bratton, "to ensure that while getting bin Laden we don't transgress over the law. We've been burned so badly in the past--we can't do that again." < snip > http://www.usnews.com/usnews/news/articles/060508/8homeland.htm ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From SunshineHensontsn at eisw.net Mon May 1 15:42:51 2006 From: SunshineHensontsn at eisw.net (Brianna Bliss) Date: Mon, 01 May 2006 14:42:51 -0800 Subject: lower your interest rate before its to late Message-ID: <3.8.4.7.1.77035634794325.219a0400@69.60.117.34> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 559 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: conestoga.jpg Type: image/jpg Size: 31086 bytes Desc: not available URL: From dave at farber.net Mon May 1 16:25:01 2006 From: dave at farber.net (David Farber) Date: Mon, 1 May 2006 19:25:01 -0400 Subject: [IP] Spies Among Us Message-ID: Begin forwarded message: From suggs at bakerhill.com Mon May 1 18:50:31 2006 From: suggs at bakerhill.com (Leroy Buckner) Date: Mon, 01 May 2006 19:50:31 -0600 Subject: Pre-approved Application #ceagL76060 Message-ID: <601e410n.6466037@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1181 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: downstairs.jpg Type: image/jpg Size: 5762 bytes Desc: not available URL: From noel at aimimage.com Mon May 1 23:50:30 2006 From: noel at aimimage.com (Shelby Spears) Date: Mon, 01 May 2006 22:50:30 -0800 Subject: Low mortaggee ratess Message-ID: <82601.$$.62558.Etrack@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1022 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: paulette.6.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From zztop at doneasy.com Tue May 2 02:13:37 2006 From: zztop at doneasy.com (Jean Sams) Date: Tue, 02 May 2006 01:13:37 -0800 Subject: Your mortagee approval Message-ID: <79442.$$.05600.Etrack@hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 983 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: stickleback.6.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From scl1 at adsw.com Tue May 2 03:18:25 2006 From: scl1 at adsw.com (Rafael Hoskins) Date: Tue, 02 May 2006 02:18:25 -0800 Subject: Looking to ReFi or a Home Equity Loan? Message-ID: <776899991826969.4708038@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 994 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: peculiar.2.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From lolikantor at fcgflat.com Tue May 2 03:34:14 2006 From: lolikantor at fcgflat.com (Jasmine Costa) Date: Tue, 02 May 2006 04:34:14 -0600 Subject: Ratess will skyrocket soon Message-ID: <16898218963776.N90P0h5O7h@pecuniary> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1169 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: acrimony.gif Type: image/gif Size: 6170 bytes Desc: not available URL: From zvvxcsnovr at mbr-law.com Tue May 2 03:13:07 2006 From: zvvxcsnovr at mbr-law.com (Jeanine) Date: Tue, 02 May 2006 05:13:07 -0500 Subject: No Love sincerer than the love of food Message-ID: <41081043280551.BWQxbqs6B3@baseball> , resuming on although or architectural the shied on cohn -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1413 bytes Desc: not available URL: From seymourcontumacy at altimiras.com Tue May 2 07:01:17 2006 From: seymourcontumacy at altimiras.com (Melanie) Date: Tue, 02 May 2006 06:01:17 -0800 Subject: Most Trusted Online Pharm Message-ID: <429507.9952591238392.930484651944.WFNU.5477@emil> cutthroat see kovacs eldon a saxifrage a dagger or gist inevolutionary some layup it fertile , ate some massachusetts some sphere but wholehearted or counterflow not eastwood some left , cosh some profess or here to go it rubbery theaerobic on bayonet try -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2152 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image071.gif Type: image/gif Size: 8711 bytes Desc: not available URL: From camera_lumina at hotmail.com Tue May 2 07:00:23 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 02 May 2006 10:00:23 -0400 Subject: [dave@farber.net: [IP] Spies Among Us] In-Reply-To: <20060502114835.GS22800@leitl.org> Message-ID: Bizarre. I still don't fully understand how the "Authorities" define who IS and who is NOT one of "them" and worthy to be surveilled. Some of it must have something to do with having too much surveillance budget and too few actual terrorists to watch. -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [dave at farber.net: [IP] Spies Among Us] >Date: Tue, 2 May 2006 13:48:35 +0200 > >----- Forwarded message from David Farber ----- > >From: David Farber >Date: Mon, 1 May 2006 19:25:01 -0400 >To: ip at v2.listbox.com >Subject: [IP] Spies Among Us >X-Mailer: Apple Mail (2.749.3) >Reply-To: dave at farber.net > > > >Begin forwarded message: > >From: Richard Forno >Date: May 1, 2006 7:22:56 PM EDT >To: Blaster >Cc: Dave Farber >Subject: Spies Among Us > >Spies Among Us >Despite a troubled history, police across the nation are keeping tabs on >ordinary Americans > >By David E. Kaplan > >5/8/06 > >In the Atlanta suburbs of DeKalb County, local officials wasted no time >after the 9/11 attacks. The second-most-populous county in Georgia, >the area >is home to the Centers for Disease Control and Prevention, the FBI's >regional headquarters, and other potential terrorist targets. Within >weeks >of the attacks, officials there boasted that they had set up the >nation's >first local department of homeland security. Dozens of other communities >followed, and, like them, DeKalb County put in for--and got--a series of >generous federal counterterrorism grants. The county received nearly $12 >million from Washington, using it to set up, among other things, a >police >intelligence unit. > >The outfit stumbled in 2002, when two of its agents were assigned to >follow >around the county executive. Their job: to determine whether he was >being >tailed--not by al Qaeda but by a district attorney investigator >looking into >alleged misspending. A year later, one of its plainclothes agents was >seen >photographing a handful of vegan activists handing out antimeat >leaflets in >front of a HoneyBaked Ham store. Police arrested two of the vegans and >demanded that they turn over notes, on which they'd written the >license-plate number of an undercover car, according to the American >Civil >Liberties Union, which is now suing the county. An Atlanta >Journal-Constitution editorial neatly summed up the incident: "So now we >know: Glazed hams are safe in DeKalb County." > >Glazed hams aren't the only items that America's local cops are >protecting >from dubious threats. U.S. News has identified nearly a dozen cases >in which >city and county police, in the name of homeland security, have >surveilled or >harassed animal-rights and antiwar protesters, union activists, and even >library patrons surfing the Web. Unlike with Washington's warrantless >domestic surveillance program, little attention has been focused on >the role >of state and local authorities in the war on terrorism. A U.S.News >inquiry >found that federal officials have funneled hundreds of millions of >dollars >into once discredited state and local police intelligence operations. >Millions more have gone into building up regional law enforcement >databases >to unprecedented levels. In dozens of interviews, officials across the >nation have stressed that the enhanced intelligence work is vital to the >nation's security, but even its biggest boosters worry about a lack of >training and standards. "This is going to be the challenge," says Los >Angeles Police Chief William Bratton, "to ensure that while getting bin >Laden we don't transgress over the law. We've been burned so badly in >the >past--we can't do that again." > >< snip > > > >http://www.usnews.com/usnews/news/articles/060508/8homeland.htm > > > > >------------------------------------- >You are subscribed as eugen at leitl.org >To manage your subscription, go to > http://v2.listbox.com/member/?listname=ip > >Archives at: http://www.interesting-people.org/archives/interesting-people/ > >----- End forwarded message ----- >-- >Eugen* Leitl leitl http://leitl.org >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.ativel.com >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From eugen at leitl.org Tue May 2 03:16:47 2006 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 2 May 2006 12:16:47 +0200 Subject: /. [Higher Education Fears Wiretapping Law] Message-ID: <20060502101647.GJ22800@leitl.org> (((EU has passed a wide-reaching connection information retention program -- I wonder whether/when circumvention will be penalized))). Link: http://slashdot.org/article.pl?sid=06/05/01/1736230 Posted by: CmdrTaco, on 2006-05-01 20:00:00 [1]alphadogg writes "Institutions of higher education are [2]up in arms over an FCC ruling on wiretapping they say could cost them billions of dollars in upgrades, expose their networks to more attacks, and jeopardize rights to privacy and freedom of speech. " References 1. mailto:bbrown at nww.com 2. http://www.networkworld.com/news/2006/050106-calea.html ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Tue May 2 04:48:35 2006 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 2 May 2006 13:48:35 +0200 Subject: [dave@farber.net: [IP] Spies Among Us] Message-ID: <20060502114835.GS22800@leitl.org> ----- Forwarded message from David Farber ----- From hewie.radwinrz5y at gmail.com Tue May 2 05:06:00 2006 From: hewie.radwinrz5y at gmail.com (Herman Washburn) Date: Tue, 2 May 2006 17:06:00 +0500 Subject: increase in sexual desire Message-ID: <200605012005.k41K5fOf030026@proton.jfet.org> Carefully chosen herbal ingredients are the key to peniis enlargement success. Not only the precise blend of ingredients but also many other factors have effect on the overall potency and strength of peniis enlargement formula. Some of these factors include growing conditions, geographical location where herbs are grown, harvest time, the way herbs are stored before processing, the way herbs are processed. http://ga45v.collfut.com/pp y6 From s.schear at comcast.net Tue May 2 17:48:43 2006 From: s.schear at comcast.net (Steve Schear) Date: Tue, 02 May 2006 17:48:43 -0700 Subject: Financial Cryptography Update: Notary Publics to Cryptographers - keep yur grubby mits off! ( was Cryptography Rides to the Notaries' Rescue) In-Reply-To: References: Message-ID: <6.0.1.1.0.20060502174640.051a9f70@mail.comcast.net> [For an alternate view on the applicability of cryptography to the notary function] Financial Cryptography Update: Notary Publics to Cryptographers - keep yur grubby mits off! April 10, 2006 ------------------------------------------------------------------------ https://www.financialcryptography.com/mt/archives/000694.html ------------------------------------------------------------------------ I've often written about how certain words are stolen and misrepresented in the field of FC. One is non-repudiation, which continues to bedevil some architectures and policies where they haven't been informed of the impossibility. Another is trust, which is more often used as a marketing plus than an admission of fundamental weakness. Yet another -- we're on a roll here -- is digital signature, which Lynn euphemistically refers to as sometimes being foolishly confused with signatures made by humans. Philipp pointed me to a 2001 American Notarization Association position paper complaining about the abuse of the term 'notary' by the tech industry. http://www.nationalnotary.org/userimages/Notary_Terms.pdf A Position on Misleading Usage of Notary Terms in the Electronic Age ================= Notarization, Notary, and related terms are being co-opted by certain private companies and state legislatures and applied to processes that have nothing to do with valid, legally recognized notarization. These new processes either do not involve state-commissioned Notaries at all or they violate key principles involving trusted third parties, principles that form the bedrock of commerce and law. The repercussions of this verbal misappropriation can be devastating to consumers because, believing they are receiving certain protections from a process misrepresented as notarization, they may instead find themselves victimized by loss of valuable personal and real property without the legal assurances offered by valid notarization. ================== Where I've complained about the term notary is in the OpenPGP forum where there are efforts (every 12 months or so) to bolster up the capability of that protocol to do notary stuff. My comments were quite simple - the meaning and application of the word is completely different between civil law and common law, so when you apply the term into an international, cross-jurisdictional cryptoprotocol such as OpenPGP, which were you referring to? Such comments were nowhere near as informed as this document, which includes a very concise, clear definition of the process, at least in US terms: ========8<================== Fundamental Components of Notarization In order to fully appreciate the harm caused by misleading usage of the term notarization it is necessary to understand the fundamental components of a traditional notarial act. Briefly explained, there are five essential steps in an acknowledgment;2 acknowledgment is the notarial act most often used to authenticate documents of great monetary value:  Personal Appearance: The document signer must appear in person before, and communicate with, the Notary Public, face to face, in the same room. Physical presence allows the Notary not only to identify the signer, but also to make observations and commonsense judgments that the individual appears willing and aware.  Identification: The Notary must positively identify the document signer beyond a reasonable doubt, either through personal knowledge of the individuals identity, the sworn vouching of a personally known credible witness, or reliable identification documents.  Acknowledgment by Signer: Personal appearance and identification are meaningless without a context, and it is the signers active acknowledgment of a particular signature, document, and transaction that provides the context.  Lack of Duress: Integral to the acknowledgment is the Notarys observation that the signer was not under duress or direct physical threat at the hands of a third party.  Awareness: Essential as evidence of the signers intent is the Notarys observation and judgment that the signer appears to be conscious and aware at the time of signing. =========>8============= Hot Dang! Try doing that in a remote-parties cryptoprotocol with NIST-approved blah blah. I have to admit, I'm impressed by the quality of writing in this paper. It goes right for the jugular. =========8<============= Corporate License Increasingly, American corporations offering Public Key Infrastructure (PKI)3 management services have been using the terms Notary and notarization to describe their services. These processes typically involve the time-date stamping of text, and they amount to notarization only in the metaphorical sense. These services do not provide the assurances associated with official notarial acts by a state-commissioned Notary Public and, for that reason, they lack the legal authority of proper notarization, which is ... to provide prima facie evidence of the truth of the facts recited in the certificate and to establish the genuineness of the signatures attached to an instrument.4 =========>8============= It is repeatedly asked in circles where crypto really matters what the form of statement your average CA is making. This paper points out one of the flaws in the process - a CA may well not have any legal authority to make the statements that it is purporting to make! Think the so-called digital signature laws might resolve this? Think again: =========8<============= Governmental License Another development is adding to the current state of confusion in the marketplace and it is potentially more harmful to the public than deceptive misuse of sensitive terms by corporate marketers; that is, poorly thought-out redefinition of notarial procedures by hasty lawmakers. =========>8============= Names are named! Not only are the States various slammed for their laws, many commercial services are given a darn good slapping. Read the whole thing, if only to see how no-nonsense rejections of poorly thought-out marketing programmes can be written. We need more of these! -- From hbrown2 at bigpond.com Tue May 2 18:18:51 2006 From: hbrown2 at bigpond.com (Terry Whitley) Date: Tue, 02 May 2006 19:18:51 -0600 Subject: Low mortagge ratee approvall Message-ID: <9.2.3.9.2.53407937708664.735a0591@69.60.117.34> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1173 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ambiance.jpg Type: image/jpg Size: 7236 bytes Desc: not available URL: From measl at mfn.org Tue May 2 18:08:15 2006 From: measl at mfn.org (J.A. Terranson) Date: Tue, 2 May 2006 20:08:15 -0500 (CDT) Subject: pgp.com DOA? Message-ID: <20060502200600.H17898@ubzr.zsa.bet> Anyone know what's up wit dat? $ ping pgp.com 36 bytes from t1-0-1-2-9.edge1.router.orpkil01.appscorp.net (216.90.111.165): Destination Net Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 5400 59b3 0 0000 3f 01 edee 204.238.179.3 209.237.226.39 A quick google says the domain was up around January of this year, but I don't see anything more recent, nor any death announcments. Did I miss something? -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker From rah at shipwright.com Tue May 2 17:29:02 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 2 May 2006 20:29:02 -0400 Subject: [Clips] Cryptography Rides to the Notaries' Rescue Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Tue, 2 May 2006 20:27:02 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Cryptography Rides to the Notaries' Rescue Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com EWeek Cryptography Rides to the Notaries' Rescue May 1, 2006 By Larry Seltzer To those who grew up in the electronic age, notarization of documents has the odor of antiquity and obsolescence. It is an ancient practice, but ironically it serves purposes directly analogous to many of high priority for modern electronic documents. And now modern security techniques are bringing notarization to the electronic realm, to the benefit of both. Think of notaries as an old-world authentication and accreditation system. RELATED LINKS * Telelogic's Popkin Purchase Prepares the Way for SOA * When PKIs Learn to Connect * nCipher Aids PKI Portability * Popkin Partners With Lanner * Popkin, Intalio Team on Biz Processes In the United States, they are accredited by the state, and similar positions are supported by governments the world over. They witness the signature of documents, authenticate the signatories, and accredit the signatures through a physical mark attached to the paper: an ink stamp, a crimp, even a physical seal (how's that for old world?). There are lots of problems with this system, but let's focus on two of them: 1) paper notarization only works for paper documents, and the world is going digital, and 2) the paper notarizations are subject to fraud of various kinds. Of course, traditional notarization has never really been about any actual security created by the process. Its true meaning is in the formality of the process, telling the signers that they are committing an official act of some sort and underscoring their risk of legal penalty for perjury or fraud. The centrality of the symbolic aspect is basically still true of electronic notarization, but the authentication aspect of the process becomes more genuine. The world of paper documents will continue to have these problems and be totally symbolic, but strong notarization tools increase the incentive for official document recording to go electronic. Therefore the NNA (National Notary Association) has been pushing for states to embrace e-notarization, or electronic notarization of electronic documents. Ziff Davis Media eSeminars invite: Join this eSeminar at 12:30 p.m. ET on May 3 and learn the real risks and implications of vulnerabilities to your business. It has been adopted to varying degrees by seven states (California, Colorado, Florida, Michigan, Pennsylvania, Texas and Utah), but Pennsylvania has emerged as the poster child for widespread adoption. According to the NNA, it is the only state where all the important actors have signed on. Over the next year the Pennsylvania Department of State is conducting Phase I of its Electronic Notarization Initiative and expects all counties to begin accepting e-notarized documents. E-notarization is a specialized form of public key signing. To become an e-notary (here in PDF form), one must, first of all, be a commissioned notary of the conventional sort. The applicant files an application, which, if accepted, allows the applicant to receive an "Electronic Notary Seal" and their contact information is forwarded to the NNA. The applicant pays a $24.95 fee to the NNA. At this point, the applicant has to appear in person before a participating county Recorder of Deeds (there are four of them right now, explained here in PDF form) and present their approval letter and satisfactory ID. The Recorder will then enter the notary's ID information into the shared Electronic Notary Seal database. Only at this point does the NNA contact the notary and tell them how to download their Electronic Notary Seal, which is an x.509 v3 certificate. Cumbersome, isn't it? Don't expect an Amazon one-click version of this process any time soon. And don't assume that electronic notarization can be done remotely through a Web site. E-notarization still requires the notary to physically witness the signatories sign the document, albeit to apply their signatures electronically. As the Pennsylvania site says, "...the personal appearance rule must be strictly followed. In addition, the signer of the electronic document must be positively identified and screened for awareness and willingness." When I say the signatories "sign the document," I refer to signatures in the more conventional sense, not to digital signatures. Probably the most common way this would be done is with a stylus on a tablet PC or an attached device similar to the ones used in stores for electronically signing credit card receipts. Next Page: E-notarization mechanics. How to the actual software procedures work for e-notarizing a document? The Pennsylvania and NNA sites are not very specific about it. One very popular way is to use Adobe Acrobat, which has good support for digital signing. There are also a number of vertical software companies that have had to contend with the notarization process and which are excited at the possibility to provide for electronic notarization directly in their products. Consider Simplifile, which makes products for electronic document recording at counties, or Tyler Technologies, which makes products for (among other things) property appraisal and assessment. It's also possible to use any free, off-the-shelf software that supports x.509 certificates (Microsoft has some for free download). These might be inconvenient, in that you might have to separately track a file with a signature in it, as opposed to using a format like PDF that supports signatures intrinsically. No matter how they are made, if they follow established PKI x.509 standards the notary's certificate can be checked by anyone not only for authenticity with the certificate authority (GeoTrust, under contract to the NNA), but check to see if their authority has been revoked or expired. Try doing that with a conventional notary. The PKI infrastructure thus makes notarization much more secure than in the paper world, where it's too easy to photocopy a stamp or seal and duplicate it. It's a pretty radical change, though, for a practice that has been pretty stable for hundreds, arguably thousands of years. And it's not just a matter of getting individual notaries to embrace the electronic approach; there are state-to-state and international legal issues. What happens when someone tries to use in one state a legal document electronically notarized in another that doesn't yet have electronic notarization? The NNA says that such a case is in the courts in Michigan now and that they have filed an amicus brief in it in support of electronic notarization. The Constitution requires that states grant "full faith and credit" to the legal decisions and procedures of others, but to an old-fashioned state facing an e-notarization, it must surely seem as if the Martians have landed. As widespread as PKI is in computing, I have to think it's been substantially a failure for not reaching so many areas to which it can bring value. Notarization could be a bellwether for the movement of PKI into mainstream applications where strong authentication and accreditation are needed. If it can't be made accessible and compelling enough, people will resist it, and that would be to everyone's loss. Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rollings.allannahqig8 at gmail.com Tue May 2 17:22:53 2006 From: rollings.allannahqig8 at gmail.com (Hugh Kenney) Date: Tue, 2 May 2006 21:22:53 -0300 Subject: This is most modern and safe way not to cover with shame Message-ID: <200605021822.k42IMmqG002062@proton.jfet.org> Cialis Soft Tabs is the new impotence treatment drug that everyone is talking about. It has benefits over Viagra and other ED treatment solutions. Here goes some reasons to choose Cialis Soft Tabs: 1. You can mix alcohol drinks with Cialis Soft Tabs without any undesired effects. 2.Cialis Soft Tabs does not make you feel dizzy or make vision blurred, so you can easily drive a car or operate heavy machinery. 3.Cialis soft tabs works much faster than any known ED treatment solution. Cialis Soft Tabs enters the bloodstream directly instead of going through the stomach, thus you need only 15 minutes till you feel the effect. Just look at the graph below If you are interested ? Just click here and Read more about it http://sb4d.fesdjoc.com/ct AND ALSO Cialis Soft Tabs formula is effective for 95% of the patients. If this treatment is not effective for you, we will refund you for every unopened pack. All you have to do is send them back, and we will immediatley refund your account! From rah at shipwright.com Tue May 2 18:32:54 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 2 May 2006 21:32:54 -0400 Subject: pgp.com DOA? In-Reply-To: <20060502200600.H17898@ubzr.zsa.bet> References: <20060502200600.H17898@ubzr.zsa.bet> Message-ID: At 8:08 PM -0500 5/2/06, J.A. Terranson wrote: >Did I miss >something? I don't think so. I just re-upped when pinged by the keyserver, for instance. Nobody *I* know has said anything about a corporate passage to the Undying Realms... ;-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From guxacpley at theworld.com Wed May 3 01:11:53 2006 From: guxacpley at theworld.com (Lynn Woods) Date: Wed, 03 May 2006 00:11:53 -0800 Subject: Good effects of Ephedra Message-ID: <36591612799290.1uYgD0c48P@air> %TXT_ADD -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1485 bytes Desc: not available URL: From jon at callas.org Wed May 3 00:42:09 2006 From: jon at callas.org (Jon Callas) Date: Wed, 3 May 2006 00:42:09 -0700 Subject: pgp.com DOA? In-Reply-To: References: <20060502200600.H17898@ubzr.zsa.bet> Message-ID: On 2 May 2006, at 6:32 PM, R.A. Hettinga wrote: > At 8:08 PM -0500 5/2/06, J.A. Terranson wrote: >> Did I miss >> something? > > I don't think so. I just re-upped when pinged by the keyserver, for > instance. > > Nobody *I* know has said anything about a corporate passage to the > Undying > Realms... > It's nice to be thought well of, so thanks. But it's just network issues. Jon From mercer at aaanime.net Wed May 3 02:51:58 2006 From: mercer at aaanime.net (Yesenia Abbott) Date: Wed, 03 May 2006 01:51:58 -0800 Subject: heya quotes Message-ID: <233959817.2277037659502.JavaMail.ebayapp@sj-besreco170> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 999 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: lockstep.3.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From rah at shipwright.com Wed May 3 15:15:14 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Wed, 3 May 2006 18:15:14 -0400 Subject: [Clips] Russia Left with No Satellite Surveillance Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Wed, 3 May 2006 17:53:31 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Russia Left with No Satellite Surveillance Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com Kommersant: May 03, 2006 Russia Left with No Satellite Surveillance The RF Defense Ministry has been left with no spy satellite in orbit. The last anchor of Russia's surveillance, US-PU satellite of electronic intelligence, moved down from the orbit at night from Friday to Saturday, as the service life of that satellite, which took off from Baikonur May 2004, came to a natural end. A source with the General Naval Staff confirmed Tuesday that US-PU satellite of the Legend system of space reconnaissance and target indication won't be used up to its operating designation any longer. The source declined to comment on the further destiny of the facility, spokesmen of the Space Forces gave no comments either. US-PU has recently left the working orbit, said Fillip Clark, a British expert in the space military program of Russia. The satellite moved to the lower orbit to come down to atmosphere and burn away. US-PU was Russia's sole spy satellite in orbit and its withdrawal signals Defense Ministry of the country has not a single facility of the kind in-space. The things are no better here below. The military have just three spy satellites left in reserve, said Space Forces Deputy Commander, Lieutenant-General Oleg Gromov. To secure continuous orbit presence of strategic reconnaissance satellites, it is necessary to complete the upgrade of Cobalt-M facility this year and to launch a satellite each year. Besides, the development of new Persona satellite should gain momentum so that its test flights could start in 2007. "In the recent years, Russia has been losing its standing when it comes to maintaining a proper level of the orbit group," Defense Minister Sergey Ivanov acknowledged far back in February 2002 during his visit to Plesetsk launch site. Ivanov vowed then Moscow "will be intensifying efforts in this field" in 2003 to 2005. Still, the Space Forces haven't received more than 17 billion rubles from the budget in the past five years, while the amount to be funneled this year is estimated at 20 billion rubles. The reserve US-PU of Defense Ministry is expected to be launched from Baikonur spaceport June 22, and Don satellite of photographic reconnaissance is scheduled to take off before the end of this year. >From time to time, Russia actually delivers spy satellites to orbit, all of them belong to other countries though. The satellites of Great Britain, China, Iran and Israel have been launched in the recent months and the launch of Terra-SAR and SAR-Lupe satellites for Germany is being prepared now. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From merideth.coffee at gmx.de Wed May 3 06:23:20 2006 From: merideth.coffee at gmx.de (Terrell Post) Date: Wen, 3 May 2006 18:23:20 +0500 Subject: Dear Sir, i am interested in it Message-ID: <200605032226.k43MQ2CY010166@proton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 7498 bytes Desc: not available URL: From rah at shipwright.com Wed May 3 15:27:32 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Wed, 3 May 2006 18:27:32 -0400 Subject: Gone in 20 Minutes: using laptops to steal cars Message-ID: | Leftlane News - Car News For Enthusiasts Gone in 20 Minutes: using laptops to steal cars High-tech thieves are becoming increasingly savvy when it comes to stealing automobiles equipped with keyless entry and ignition systems. While many computer-based security systems on automobiles require some type of key - mechanical or otherwise - to start the engine, so-called 'keyless' setups require only the presence of a key fob to start the engine. The expert gang suspected of stealing two of David Beckham's BMW X5 SUVs in the last six months did so by using software programs on a laptop to wirelessly break into the car's computer, open the doors, and start the engine. "It's difficult to steal cars with complex security, but not impossible. There are weaknesses in any system," Tim Hart of the Auto Locksmith Association told the U.K.'s Auto Express magazine. "At key steps the car's software can halt progress for up to 20 minutes as part of its in-built protection," said Hart. Because the decryption process can take a while - up to 20 minutes, according to Hart - the thieves usually wait to find the car in a secluded area where it will be left for a long period. That is believed to be what happened to Mr. Beckham - the crooks followed him to the mall where he was to have lunch, and went to work on his X5 after it was parked. While automakers and locksmiths are supposed to be the only groups that know where and how security information is stored in a car, the information eventually falls into the wrong hands. According to the Prague Post leaving such information on a laptop is what got Radko Souc ek caught for stealing several cars. "You could delete all the data from your laptop, but that's not good for you because the more data you have, the bigger your possibilities," he says. He says any car that relies on software to provide security can be circumvented by other software. "Every car has its weak spot," he says. Souc ek faces up to 12 years in prison. The Leftlane Perspective: Many modern cars now rely on software entirely for security. Gone are the days where microchips supplemented mechanical locks as an additional security measure. In the case of true 'keyless' systems, software is the only thing between a thief and your car. As computers become more powerful, will stealing cars become even easier? Never mind future cars with better security - what about today's cars a few years down the road? With cars as inexpensive as the Toyota Camry offering entirely keyless systems, these concerns a relevant to all consumers. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jya at pipeline.com Wed May 3 19:59:02 2006 From: jya at pipeline.com (John Young) Date: Wed, 03 May 2006 19:59:02 -0700 Subject: [Clips] Russia Left with No Satellite Surveillance In-Reply-To: Message-ID: Well, there you have it, why loft your own satellites when you can Crypto AG those of others and let them pay you to screw them. Who cares who owns and feeds the cows in the sky so long as you can suckle the backdoored data for free. No doubt NSA is happy with this piggish arrangement too, piggybacking on the Russkies' porgy and bess to keep aloft the urgent need for more US natsec billionish boondoggles out of the NASA, NRO and Space Command. Meanwhile the spook boots on the ground get all the gash cash to pry the sat software out of the adnoids of dick-led and pussywhipped cipher coders who once believed they'd rule the world with unfathomable primes. From srs at euskalnet.net Wed May 3 21:29:01 2006 From: srs at euskalnet.net (Gilda Little) Date: Wed, 03 May 2006 22:29:01 -0600 Subject: Last chance for lower rates Message-ID: <887o287s.7818277@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1209 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: coverlet.jpg Type: image/jpg Size: 5762 bytes Desc: not available URL: From crusheraddison at aelera.com Wed May 3 23:41:34 2006 From: crusheraddison at aelera.com (Clayton Montes) Date: Wed, 03 May 2006 22:41:34 -0800 Subject: Homeowner, you have been prequalified for a decreased percentage Message-ID: <080142108.6548758452175.JavaMail.ebayapp@sj-besreco603> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1019 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: bikini.4.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From twalsh at ae.com Wed May 3 23:51:13 2006 From: twalsh at ae.com (Ellis Pollard) Date: Wed, 03 May 2006 22:51:13 -0800 Subject: Low mortaggee ratess Message-ID: <727174987.8104533199540.JavaMail.ebayapp@sj-besreco727> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1022 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: christlike.1.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From jtrjtrjtr2001 at yahoo.com Thu May 4 03:34:15 2006 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Thu, 4 May 2006 03:34:15 -0700 (PDT) Subject: Free and Open Source Software-Choices and responsibilities. In-Reply-To: <20060415090145.GG31486@leitl.org> Message-ID: <20060504103415.40024.qmail@web33315.mail.mud.yahoo.com> Hi, Looking at the Open Source Hardening Project sponsored by the department of Hoemland Security-it says on http://news.com.com/Open-source+hunt+digs+up+more+flaws/2100-1002_3-6068190.html "The bug hunt is part of a three-year "Open Source Hardening Project," dedicated to helping make such software as secure as possible. In January, the U.S. Department of Homeland Security awarded $1.24 million to Stanford University, Coverity and Symantec to find vulnerabilities in open-source projects. Developers have been quick to fix many bugs found as part of the program. More than 900 flaws were repaired in the two weeks after Coverity announced the results of its first scan of 32 open-source projects. " But it appears that the money is spent only in hunting down the bugs but not in fixing them. It says on http://news.com.com/Homeland+Security+helps+secure+open-source+code/2100-1002_3-6025579.html "It is regrettable that DHS has decided once more to ensure that private enterprise profits from the funding, while the open-source developers are left to beg for the scraps from the table," he said. "Why does the DHS think it is worthwhile to pay for bugs to be found, but has made no provision to pay for them to be fixed?" Since Free/Open source software is widely used on public infrastructure which is probably why the Department of Homeland Security is funding it(to secure it), I am wondering about the follwing - Will an open source developer be forced to maintain the code(with or without funds) and fix the bugs if his code runs on public infrastructure citing reasons such as national security? - Is the authour responsible to fix bugs in the code (free of cost/paid) citing he is responsible to ensure public safety? - What does this means to licenses like the GPL. Will it be rendered void? Thankyou for your time. Sarad. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From ttizoyzdndnbl at azteca.net Thu May 4 13:53:59 2006 From: ttizoyzdndnbl at azteca.net (Taylor Rosado) Date: Thu, 04 May 2006 15:53:59 -0500 Subject: revitalizes my hair and nail growth Message-ID: <775k247l.0497440@proficient-tech.com> in victrola the minestrone it's blaspheme may twig but bethesda -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 965 bytes Desc: not available URL: From rah at shipwright.com Thu May 4 13:28:37 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 4 May 2006 16:28:37 -0400 Subject: [Clips] Who Owns the Internet? Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Thu, 4 May 2006 16:12:01 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Who Owns the Internet? Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com - Mises Institute Thursday, May 04, 2006 Who Owns the Internet? by Tim Swanson [Posted on Thursday, May 04, 2006] [Subscribe at email services and tell others] The "Net neutrality" debate has many similarities with that unbundling cul-de-sac. Both raise the question: Is innovation better served by undermining the property rights of network owners, or by reinforcing them? - The Wall Street Journal Editorial, March 8, 2006 Before you can answer who owns the Internet, you must answer what the Internet is. Is it a jumble of random wires and duct tape? Is it a software packet, a computer, or a router? While some may argue that it is one big snuff collection, in truth it is an amalgamation, an assortment of heterogeneous computer systems with varying capabilities linked together by various protocols.[1] Last week, a congressional committee voted down a provision calling for increased regulation and oversight of the Internet from the FCC. The issue in a nutshell is this: Internet service providers such as AT&T have mentioned that they may charge variable prices for different types of traffic that move throughout their infrastructure. In theory, AT&T can lower the quality of the data transferred across the network, they can charge companies such as Google or eBay a higher price for letting them use their network, or they can simply block the data altogether. In its defense, AT&T notes that it is their network and they can charge any price structure they deem appropriate. One of the catalysts for this new mindset is that the large telecommunication firms are trying to finance infrastructure upgrades - such as fiber optic rollout - and are facing lower margins due in part to disruptive technologies (e.g., wireless, satellite).[2] In addition, another opportunity the management teams at the telecom firms have hit upon for generating additional revenue is rolling out their own version of IPTV and voice-over-IP.[3] Because of this, executives at the established telecom firms have mentioned that in the future, they might charge third-party developers such as Google, Yahoo, and Skype higher rates. And because they control large swaths of network pipeline, they have the leveraging ability to discriminate. Uncle Sam to The Rescue Unsurprisingly, content providers such as Amazon, Microsoft, Google, and others have been lobbying Congress to prevent this from occurring under a scheme called network neutrality. This would not be the first time government interference has been solicited. Throughout the 20th century, State intervention and regulation of the communication industry has been an assumed role.[4] The Communications Act of 1934 created the Federal Communication Commission, a politically-appointed entity that has overseen and gerrymandered the licensing of radio waves and otherwise dictated who can and cannot communicate electronically on both a commercial and non-commercial basis. The main issue is not a matter of bit discrimination, multiple tiers, or even denial-of-service; rather it is a fight over private property and who owns the cornucopia of wires, cables, fibers and network infrastructure spanning the continent. Unfortunately due in large part to State intervention throughout the past century, this is a somewhat vague and nebulous area with many seemingly gray regions. The only reason AT&T (formerly SBC), BellSouth, Cox Communications, and other incumbents have the large user bases they currently do is because they were granted geographic monopolies for communications.[5] [6] They were legally insulated from outside competition for much of the past century. And, by and large, this protected status still continues unabated, shielded by the current FCC regulatory regime.[7] >From Qaddafi with Love In the movie The Aviator, Senator Owen Brewster adamantly opposed competition in international flights deeming that it was in the national interest to support only one provider. This was a canard. The same argument has been continually used in creating and protecting geographic monopolies for a host of resources including utilities such as telecom service providers. Vladimir Lenin called these resources the "commanding heights" of the national economy - too important to be left to the whims of the private sector. Unfortunately, many proponents of net neutrality miss the forest for the trees when promoting their nationalization of network pipelines.[8] [9] The real recipe for reform is not yet another round of reregulation or confiscation of private property,[10] rather it is the abolition of State machinations involved in the telecom industry as a whole. Many users mistakenly believe that the current radio spectrum and telecom regime is the product of the free-market. It is not. The FCC did not create the radio spectrum nor does it have some homesteading claim to the near-infinitesimal ranges found within it. It is, simply, a bureaucratic sophistry, which oddly enough believes it can distribute something it does not own.[11] Market intervention begets yet more market intervention: the State caused the problem in the first place, and is now called into action to fix it.[12] It is a history of folly that has been studiously chronicled and its only cure is cold-turkey abstinence. Geographic Monopolies Throughout much of the country, individuals, families and companies have usually only one or two choices for accessing the Internet: through the cable company or the telephone company. Similar to utilities such as water and electricity, the reason for this is that the State intervened and gave certain companies a geographic monopoly for offering these services. This is misleading and a sham for it alone has put content providers in the bind, in between the proverbial rock and hard place. Several pundits-cum-activist, including science-fiction author Doc Searls advocate a net neutrality policy akin to the communal farms of command economies. For instance, Mr. Searls recently compared Internet access to natural resources such as rivers and seas, asking if any of these should be private. His is a public goods argument, an argument that conflates natural resources that have been homesteaded with endeavors that have been created through confiscation (taxes). One of the chronic problems plaguing public roads (i.e., road socialism) is traffic. There is no pricing mechanism to discriminate between off-peak and on-peak times; the roads are a clear illustration of the tragedy of the commons.[13] Internet traffic experiences a parallel phenomenon: throughout the work week, network traffic peaks during the day and declines at night - a cycle also found on public streets. Whether or not proponents of net neutrality want to acknowledge that scarcity exists, it does. Despite continued increase in bandwidth capacity, a router can only handle a certain amount of traffic. Just like a four-lane highway, it can only supply a certain threshold of traffic and is therefore inherently limited.[14] Fluctuating Prices, Mercurial Rates Numerous cell phone companies have created a business model that illustrates this principle in true form, the differentiation of minutes. Sure, the bits of information that are sent across the airwaves and through the network backbones are essentially the same no matter the time of day, but the amount of traffic varies. Therefore various pricing packages include variables ranging from the daytime, evening, weekends, and even roaming. Some even discriminate based upon whom you call (e.g., free calls to someone using the same phone service). This phenomenon of adapting to supply and demand is also seen in other markets, such as sporting events. Many baseball teams now offer ticket packages that vary according to whether a game is held at night, against a specific team, or during a particular month.[15] Additionally, rates change according to the type of seat (e.g., sky-boxes), location of the seat, and group discounts. Several commercial airline providers, most notably Northeastern-based JetBlue, have successfully used variable pricing based upon how far in advance you booked, the level of demand for a particular flight, weekdays versus weekends, and so forth. There is no shortage of empirical examples illustrating profitable business models that embrace variable pricing. However, it is neither the job nor obligation of the taxpayer to finance, or in any manner subsidize, any business entity. The chief concern for both individuals and corporations alike has been the role of the State. If either side had their druthers, the State would intervene; it is a win-win situation for government intervention - a role whose legitimate jurisdiction has been left unquestioned. In reality, both sides are at fault. If the legislative proposals lobbied by the content providers are enacted, the FCC will ultimately be allowed to regulate and intervene more than it currently does. It will be setting a foreboding precedent and granting a level of authority that Leviathan has historically been reluctant to relinquish. Similarly, if the legal monopolies protecting service providers continue without deregulation, then the censorship fears imagined by some could become a reality. It is not a matter of having regulatory oversight - checked or unchecked the intervening State apparatus and its subterfuge obfuscate and remove accountability that private property and contracts would otherwise resolve. Tim Swanson is a graduate student at Texas A&M University. He would like to thank DJC|TANSTAAFL and Andy Stedman for their comments and suggestions. Send him mail. Comment on the blog. Notes [1] The research and development efforts at Stanford Research Institute and Xerox PARC should not be understated. While SRI originally operated in part through government financed grants, due to anti-war sentiments throughout its organization and on campus, it later became a non-profit organization divorced from DARPA funding. The totality of PARC was funded privately. In addition, it was through the private commercial efforts of Apple to incorporate many of these ideas into practical everyday computing applications (e.g. Ethernet and the GUI). See also the "Mother of All Demos" as well as this vintage technical documentary covering the original ARPANET design methodology circa 1972. [2] To the chagrin of John Dvorak, see also: Bower, JL & Christensen, CM. "Disruptive Technologies: Catching the Wave." Harvard Business Review. (January-February) 1995: 43-53. [3] While numerous telecom firms have indeed begun rolling out "Triple Play" services, in reality it would be counterproductive and inefficient for them to build their own search engines and web applications. They already specialize in certain areas, none of which involves this particular division of labor. Arguably, their efforts could be as ineffective as the joint national Franco-German affair in creating their own subsidized imitation of Google. [4] While some urban legends claim the original purpose for ARPANET was to allow institutions to communicate with one another in the event of disastrous war, this is a myth. Charles Herzfeld, who was director of ARPA at the time, has noted that it was designed to effectively and efficiently manage and utilize relatively scarce computing resources across the country. [5] The hypocritical irony of the Sherman Anti-Trust Act is that the government only applies the strong-arm tactics when it is in their best interest - they penalize the private industry for acts they themselves perpetuate. See also Dominick Armentano, "Antitrust: The Case for Repeal" and "Antitrust and Monopoly." [6] This monopoly was granted in exchange for the promise of "universal service" (like "universal education"). It has served to subsidize rural and residential customers at the expense of urban and business use. Arguably we might have very different patterns of land use if this subsidy never existed ("the seen and unseen"). And like all rights artificially concocted by the State, it set forth the disingenuous precedent that everyone has an invented right to service regardless of location - which was taxing enough in the days of POTS let alone broadband. [7] While some vary by degree, without exception, regardless as to the political party in control of Congress or White House, FCC commissioners are always pro-State - less government is still government intervention. See also: "Now On The Auction Block" and "The Baptists Are The Bootleggers." [8] Speaking of trees, in 1958, Leonard Read detailed the complex processes of pencil construction. From chopping down the cedar trees and transporting them to mills, to mining graphite and refining it to certain grades; to locating and squeezing rubber into the familiar cylindrical shape, to identifying and applying the exterior color. No one entity orchestrated the plethora of variables involved in each meticulous step from beginning to end; from excavating Earthen elements to placement on the store shelf. Rather it was through the independent entrepreneurial actions of the market that coordinated the supply and demand through prices - not a federal commission. See: I, Pencil. [9] While somewhat tangential, in the early 1970s Libyan Colonel Muammar Qaddafi nationalized oilfields owned by foreign firms. The Hunt family is historically seen as "sacrificial lambs" due to resisting theft and extortion imposed from his brand of socialism. [10] Some techno-pundits point to South Korea as a modern success story. While cities such as Seoul may indeed be more wired, with larger capacity connections, what is glossed over or ignored entirely is how this was achieved. In a word: subsidies. The South Korean government took tax revenues and redistributed the wealth - at least $24 billion worth - to broadband endeavors. In their mind, the ends justified the means. [11] With land-line Internet connections today, firms have the ability to add near-limitless bandwidth without little FCC oversight. As Declan McCullagh has pointed out, if net neutrality as enshrined by individuals like Doc Searls is legislated, the FCC would gain the ability to install, monitor and otherwise control the network. See also this collection of op-eds and editorials from the National Journal's Policy Council. [12] For instance, the government's anti-spam solution, enacted through legislation has failed by nearly all objective measurements. The management of top-level domains through ICANN, whom is granted the monopoly by the Department of Commerce, has been criticized due to seemingly vague governing procedures - there is a disconnect between its central mission, to bring about more TLD space, and its relatively glacial pace in doing so (see the cases of .xxx and .web) - and non-compete bids with Verisign. [13] See also, Thomas DiLorenzo: Why Socialism Causes Pollution. [14] Among other analogies, a toll-road has been used to negatively describe the throttling mechanism the telecom companies might employ. While this is possible and even plausible, it is risky from a PR stand point. They would not just punish the provider who does not pay them off; they would also alienate the end user who wants content that does not have favored status - and those are customers too. In the end however, it is still their network and their property to use as they wish. [15] For a good overview see: "Case 7.1: Variable Ticket Pricing, Should the Minnesota Twins Catch the Wave?" The Business of Sports: Text and Cases on Strategy and Management. Stanford University Graduate School of Business. 2001, 304-313. Ludwig von Mises: "Nothing could by more mistaken than the now fashionable attempt to apply the methods and concepts of the natural sciences to the solution of social problems." - Omnipotent Government -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu May 4 13:28:42 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 4 May 2006 16:28:42 -0400 Subject: [Clips] FCC approves Net-wiretapping taxes Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Thu, 4 May 2006 16:26:22 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] FCC approves Net-wiretapping taxes Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com CNET News FCC approves Net-wiretapping taxes By Declan McCullagh http://news.com.com/FCC+approves+Net-wiretapping+taxes/2100-1028_3-6067971.html Story last modified Wed May 03 13:16:56 PDT 2006 WASHINGTON--Broadband providers and Internet phone companies will have to pick up the tab for the cost of building in mandatory wiretap access for police surveillance, federal regulators ruled Wednesday. The Federal Communications Commission voted unanimously to levy what likely will amount to wiretapping taxes on companies, municipalities and universities, saying it would create an incentive for them to keep costs down and that it was necessary to fight the war on terror. Universities have estimated their cost to be about $7 billion. "The first obligation is...the safety of the people," said FCC Commissioner Michael Copps, a Democrat. "This commission supports efforts to protect the public safety and homeland security of the United States and its people." Federal police agencies have spent years lobbying for mandatory backdoors for easy surveillance, saying "criminals, terrorists and spies" could cloak their Internet communications with impunity unless centralized wiretapping hubs become mandatory. Last year, the FCC set a deadline of May 14, 2007, for compliance. But universities, libraries and some technology companies have filed suit against the agency, and arguments before a federal court are scheduled for Friday. "We're going to have a lot of fights over cost reimbursement," Al Gidari, a partner at the law firm of Perkins Coie, who is co-counsel in the lawsuit, said in an interview after the vote. "It continues the lunacy of their prior order and confirms they've learned nothing from what's been filed" in the lawsuit, he said. The original 1994 law, called the Communications Assistance for Law Enforcement Act, or CALEA, authorized $500 million to pay telecommunications carriers for the cost of upgrading their networks to facilitate wiretapping. Some broadband and voice over Internet Protocol (VoIP) providers had hoped that they'd be reimbursed as well. Jonathan Askin, general counsel of Pulver.com, likened Wednesday's vote to earlier FCC rules extending 911 regulations to VoIP. "It essentially imposed a mandate on the industry without giving the industry the necessary support to abide by the rules--and the same thing seems to be happening here," Askin said. Even without the CALEA regulations, police have the legal authority to conduct Internet wiretaps--that's precisely what the FBI's Carnivore system was designed to do. Still, the FBI has argued, the need for "standardized broadband intercept capabilities is especially urgent in light of today's heightened threats to homeland security and the ongoing tendency of criminals to use the most clandestine modes of communication." The American Council on Education, which represents 1,800 colleges and universities, estimates that the costs of CALEA compliance could total roughly $7 billion for the entire higher-education community, or a tuition hike of $450 for every student in the nation. Documents filed in the lawsuit challenging the FCC's rules put the cost at hundreds of dollars per student. But during Wednesday's vote, commissioners dismissed those concerns as unfounded. "I am not persuaded merely by largely speculative allegations that the financial burden on the higher-education community could total billions of dollars," said FCC Commissioner Deborah Taylor Tate, a Republican. The FCC's initial ruling last fall had left open the question of whether broadband and VoIP providers would be reimbursed for rewiring their networks and upgrading equipment to comply with CALEA. Another open question is what portion of a university's or library's network must be rendered wiretap-friendly. One possibility is that only the pipe (or pipes) connecting a school with the rest of the Internet must be made CALEA-compliant. Another is that the entire network would be covered. The FCC adopted its second order on Wednesday but released only a two-page summary, which didn't offer much clarity. In its initial ruling last year, the FCC said only that it had reached "no conclusions" about exactly what universities and libraries would have to do, prompting a flurry of comments filed with the agency and the federal lawsuit. (Plaintiffs in the lawsuit include Sun Microsystems, the American Civil Liberties Union, the Center for Democracy and Technology, the American Library Association, the American Council on Education and VoIP firm Pulver.com.) Commissioner Copps acknowledged that there is "still some clarity to be provided" for library and university network operators, but he suggested that additional clarity would not be forthcoming from the FCC. Instead, "all those agencies and offices of government who are involved in CALEA implementation should be working together to provide clarity there to avoid confusion and possibly expenses for these institutions," Copps said. At the Computers, Freedom and Privacy conference here Wednesday, John Morris of the Center for Democracy and Technology said libraries and universities are still left with more questions than answers. "There's some serious uncertainty about how it will really play out for universities," Morris said. Even if the FCC technically calls for Internet interception at the edge of a campus network, that likely won't be enough to satisfy law enforcement demands for all of an individual student's network traffic, including on-campus activities, he added. Injecting additional uncertainty is whether the FCC's action is legal. It represents what critics call an unreasonable extension of CALEA--which was designed to address telephone features such as three-way calling and call waiting--to the Internet. A House of Representatives committee report (click here for PDF) prepared in October 1994 emphatically says CALEA's requirements "do not apply to information services such as electronic-mail services; or online services such as CompuServe, Prodigy, America Online or Mead Data (Central); or to Internet service providers." When Congress was debating CALEA, then-FBI Director Louis Freeh reassured nervous senators that the law would be limited to telephone calls. "So what we are looking for is strictly telephone--what is said over a telephone?" Sen. Larry Pressler, R-S.D., asked during one hearing. Freeh replied: "That is the way I understand it. Yes, sir." Two of the four FCC commissioners who voted for the initial CALEA ruling last fall acknowledged that the federal government was on shaky legal ground. The FCC's regulation is based on arguing that the law's definition of "telecommunications carrier" applies to broadband and VoIP providers. Then-FCC Commissioner Kathleen Abernathy, a Republican, said, "Because litigation is as inevitable as death and taxes, and because some might not read the statute to permit the extension of CALEA to the broadband Internet access and VoIP services at issue here, I have stated my concern that an approach like the one we adopt today is not without legal risk." The FCC is no stranger to having its decisions rejected by a federal appeals court that can be hostile to what it views as regulatory overreaching. Last May, for instance, the FCC's "broadcast flag" was unceremoniously tossed out by the U.S. Court of Appeals for the D.C. Circuit. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu May 4 18:04:02 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 4 May 2006 21:04:02 -0400 Subject: [Clips] How To Steal an Election Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Thu, 4 May 2006 21:01:35 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] How To Steal an Election Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com The Washington Post washingtonpost.com > Nation How To Steal an Election It's easier to rig an electronic voting machine than a Las Vegas slot machine, says University of Pennsylvania visiting professor Steve Freeman. That's because Vegas slots are better monitored and regulated than America's voting machines, Freeman writes in a book out in July that argues, among other things, that President Bush may owe his 2004 win to an unfair vote count. We'll wait to read his book before making a judgment about that. But Freeman has assembled comparisons that suggest Americans protect their vices more than they guard their rights, according to data he presented at an October meeting of the American Statistical Association in Philadelphia. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From xmvsxnwbgr at grandenetworks.net Fri May 5 00:50:28 2006 From: xmvsxnwbgr at grandenetworks.net (Abel Allred) Date: Thu, 04 May 2006 23:50:28 -0800 Subject: Ephedra for your weightloss Message-ID: <451b170g.2337792@gloryworks.com> %TXT_ADD -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1487 bytes Desc: not available URL: From fry at abm-research.com Fri May 5 01:18:15 2006 From: fry at abm-research.com (Latoya Sorensen) Date: Fri, 05 May 2006 00:18:15 -0800 Subject: Excellent mortagee ratees Message-ID: <421176791.2123977665577.JavaMail.ebayapp@sj-besreco453> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1023 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: stuff.9.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From xrlrvyvbh at morethanisp.com.jfet.org Fri May 5 08:46:52 2006 From: xrlrvyvbh at morethanisp.com.jfet.org (Nieto Elishama ) Date: Fri, 05 May 2006 10:46:52 -0500 Subject: This diet is going crazy Message-ID: <70589738942163.xuUZ9DFH8v@blush> be cashew , jugate try calcify it's disk see balmy -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2031 bytes Desc: not available URL: From ansnyak at genuity.net Fri May 5 11:52:33 2006 From: ansnyak at genuity.net (Dantzler Iyanna ) Date: Fri, 05 May 2006 13:52:33 -0500 Subject: down-down your weight Message-ID: <741c729g.2332308@ij.net> ! legion a appropriable some whizzing ! caution but oxen -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 982 bytes Desc: not available URL: From rah at shipwright.com Fri May 5 11:18:02 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Fri, 5 May 2006 14:18:02 -0400 Subject: [Clips] The RFID Hacking Underground Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Fri, 5 May 2006 13:49:14 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] The RFID Hacking Underground Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com Wired 14.05: The RFID Hacking Underground They can steal your smartcard, lift your passport, jack your car, even clone the chip in your arm. And you won't feel a thing. 5 tales from the RFID-hacking underground. By Annalee Newitz James Van Bokkelen is about to be robbed. A wealthy software entrepreneur, Van Bokkelen will be the latest victim of some punk with a laptop. But this won't be an email scam or bank account hack. A skinny 23-year-old named Jonathan Westhues plans to use a cheap, homemade USB device to swipe the office key out of Van Bokkelen's back pocket. "I just need to bump into James and get my hand within a few inches of him," Westhues says. We're shivering in the early spring air outside the offices of Sandstorm, the Internet security company Van Bokkelen runs north of Boston. As Van Bokkelen approaches from the parking lot, Westhues brushes past him. A coil of copper wire flashes briefly in Westhues' palm, then disappears. Van Bokkelen enters the building, and Westhues returns to me. "Let's see if I've got his keys," he says, meaning the signal from Van Bokkelen's smartcard badge. The card contains an RFID sensor chip, which emits a short burst of radio waves when activated by the reader next to Sandstorm's door. If the signal translates into an authorized ID number, the door unlocks. The coil in Westhues' hand is the antenna for the wallet-sized device he calls a cloner, which is currently shoved up his sleeve. The cloner can elicit, record, and mimic signals from smartcard RFID chips. Westhues takes out the device and, using a USB cable, connects it to his laptop and downloads the data from Van Bokkelen's card for processing. Then, satisfied that he has retrieved the code, Westhues switches the cloner from Record mode to Emit. We head to the locked door. "Want me to let you in?" Westhues asks. I nod. He waves the cloner's antenna in front of a black box attached to the wall. The single red LED blinks green. The lock clicks. We walk in and find Van Bokkelen waiting. "See? I just broke into your office!" Westhues says gleefully. "It's so simple." Van Bokkelen, who arranged the robbery "just to see how it works," stares at the antenna in Westhues' hand. He knows that Westhues could have performed his wireless pickpocket maneuver and then returned with the cloner after hours. Westhues could have walked off with tens of thousands of dollars' worth of computer equipment - and possibly source code worth even more. Van Bokkelen mutters, "I always thought this might be a lousy security system." RFID chips are everywhere - companies and labs use them as access keys, Prius owners use them to start their cars, and retail giants like Wal-Mart have deployed them as inventory tracking devices. Drug manufacturers like Pfizer rely on chips to track pharmaceuticals. The tags are also about to get a lot more personal: Next-gen US passports and credit cards will contain RFIDs, and the medical industry is exploring the use of implantable chips to manage patients. According to the RFID market analysis firm IDTechEx, the push for digital inventory tracking and personal ID systems will expand the current annual market for RFIDs from $2.7 billion to as much as $26 billion by 2016. RFID technology dates back to World War II, when the British put radio transponders in Allied aircraft to help early radar system crews detect good guys from bad guys. The first chips were developed in research labs in the 1960s, and by the next decade the US government was using tags to electronically authorize trucks coming into Los Alamos National Laboratory and other secure facilities. Commercialized chips became widely available in the '80s, and RFID tags were being used to track difficult-to-manage property like farm animals and railroad cars. But over the last few years, the market for RFIDs has exploded, driven by advances in computer databases and declining chip prices. Now dozens of companies, from Motorola to Philips to Texas Instruments, manufacture the chips. The tags work by broadcasting a few bits of information to specialized electronic readers. Most commercial RFID chips are passive emitters, which means they have no onboard battery: They send a signal only when a reader powers them with a squirt of electrons. Once juiced, these chips broadcast their signal indiscriminately within a certain range, usually a few inches to a few feet. Active emitter chips with internal power can send signals hundreds of feet; these are used in the automatic toll-paying devices (with names like FasTrak and E-ZPass) that sit on car dashboards, pinging tollgates as autos whiz through. For protection, RFID signals can be encrypted. The chips that will go into US passports, for example, will likely be coded to make it difficult for unauthorized readers to retrieve their onboard information (which will include a person's name, age, nationality, and photo). But most commercial RFID tags don't include security, which is expensive: A typical passive RFID chip costs about a quarter, whereas one with encryption capabilities runs about $5. It's just not cost-effective for your average office building to invest in secure chips. This leaves most RFIDs vulnerable to cloning or - if the chip has a writable memory area, as many do - data tampering. Chips that track product shipments or expensive equipment, for example, often contain pricing and item information. These writable areas can be locked, but often they aren't, because the companies using RFIDs don't know how the chips work or because the data fields need to be updated frequently. Either way, these chips are open to hacking. "The world of RFID is like the Internet in its early stages," says Ari Juels, research manager at the high tech security firm RSA Labs. "Nobody thought about building security features into the Internet in advance, and now we're paying for it in viruses and other attacks. We're likely to see the same thing with RFIDs." David Molnar is a soft-spoken computer science graduate student who studies commercial uses for RFIDs at UC Berkeley. I meet him in a quiet branch of the Oakland Public Library, which, like many modern libraries, tracks most of its inventory with RFID tags glued inside the covers of its books. These tags, made by Libramation, contain several writable memory "pages" that store the books' barcodes and loan status. Brushing a thatch of dark hair out of his eyes, Molnar explains that about a year ago he discovered he could destroy the data on the books' passive-emitting RFID tags by wandering the aisles with an off-the-shelf RFID reader-writer and his laptop. "I would never actually do something like that, of course," Molnar reassures me in a furtive whisper, as a nonbookish security guard watches us. Our RFID-enabled checkout is indeed quite convenient. As we leave the library, we stop at a desk equipped with a monitor and arrange our selections, one at a time, face up on a metal plate. The titles instantly appear onscreen. We borrow four books in less than a minute without bothering the librarian, who is busy helping some kids with their homework. Molnar takes the books to his office, where he uses a commercially available reader about the size and heft of a box of Altoids to scan the data from their RFID tags. The reader feeds the data to his computer, which is running software that Molnar ordered from RFID-maker Tagsys. As he waves the reader over a book's spine, ID numbers pop up on his monitor. "I can definitely overwrite these tags," Molnar says. He finds an empty page in the RFID's memory and types "AB." When he scans the book again, we see the barcode with the letters "AB" next to it. (Molnar hastily erases the "AB," saying that he despises library vandalism.) He fumes at the Oakland library's failure to lock the writable area. "I could erase the barcodes and then lock the tags. The library would have to replace them all." Frank Mussche, Libramation's president, acknowledges that the library's tags were left unlocked. "That's the recommended implementation of our tags," he says. "It makes it easier for libraries to change the data." For the Oakland Public Library, vulnerability is just one more problem in a buggy system. "This was mostly a pilot program, and it was implemented poorly," says administrative librarian Jerry Garzon. "We've decided to move ahead without Libramation and RFIDs." But hundreds of libraries have deployed the tags. According to Mussche, Libramation has sold 5 million RFID tags in a "convenient" unlocked state. While it may be hard to imagine why someone other than a determined vandal would take the trouble to change library tags, there are other instances where the small hassle could be worth big bucks. Take the Future Store. Located in Rheinberg, Germany, the Future Store is the world's preeminent test bed of RFID-based retail shopping. All the items in this high tech supermarket have RFID price tags, which allow the store and individual product manufacturers - Gillette, Kraft, Procter & Gamble - to gather instant feedback on what's being bought. Meanwhile, shoppers can check out with a single flash of a reader. In July 2004, Wired hailed the store as the "supermarket of the future." A few months later, German security expert Lukas Grunwald hacked the chips. Grunwald cowrote a program called RFDump, which let him access and alter price chips using a PDA (with an RFID reader) and a PC card antenna. With the store's permission, he and his colleagues strolled the aisles, downloading information from hundreds of sensors. They then showed how easily they could upload one chip's data onto another. "I could download the price of a cheap wine into RFDump," Grunwald says, "then cut and paste it onto the tag of an expensive bottle." The price-switching stunt drew media attention, but the Future Store still didn't lock its price tags. "What we do in the Future Store is purely a test," says the Future Store spokesperson Albrecht von Truchsess. "We don't expect that retailers will use RFID like this at the product level for at least 10 or 15 years." By then, Truchsess thinks, security will be worked out. Today, Grunwald continues to pull even more-elaborate pranks with chips from the Future Store. "I was at a hotel that used smartcards, so I copied one and put the data into my computer," Grunwald says. "Then I used RFDump to upload the room key card data to the price chip on a box of cream cheese from the Future Store. And I opened my hotel room with the cream cheese!" Aside from pranks, vandalism, and thievery, Grunwald has recently discovered another use for RFID chips: espionage. He programmed RFDump with the ability to place cookies on RFID tags the same way Web sites put cookies on browsers to track returning customers. With this, a stalker could, say, place a cookie on his target's E-ZPass, then return to it a few days later to see which toll plazas the car had crossed (and when). Private citizens and the government could likewise place cookies on library books to monitor who's checking them out. In 1997, ExxonMobil equipped thousands of service stations with SpeedPass, which lets customers wave a small RFID device attached to a key chain in front of a pump to pay for gas. Seven years later, three graduate students - Steve Bono, Matthew Green, and Adam Stubblefield - ripped off a station in Baltimore. Using a laptop and a simple RFID broadcasting device, they tricked the system into letting them fill up for free. The theft was concocted by Avi Rubin's computer science lab at Johns Hopkins University. Rubin's lab is best known for having found massive, hackable flaws in the code running on Diebold's widely adopted electronic voting machines in 2004. Working with RSA Labs manager Juels, the group figured out how to crack the RFID chip in ExxonMobil's SpeedPass. Hacking the tag, which is made by Texas Instruments, is not as simple as breaking into Van Bokkelen's Sandstorm offices with a cloner. The radio signals in these chips, dubbed DST tags, are protected by an encryption cipher that only the chip and the reader can decode. Unfortunately, says Juels, "Texas Instruments used an untested cipher." The Johns Hopkins lab found that the code could be broken with what security geeks call a "brute-force attack," in which a special computer known as a cracker is used to try thousands of password combinations per second until it hits on the right one. Using a home-brewed cracker that cost a few hundred dollars, Juels and the Johns Hopkins team successfully performed a brute-force attack on TI's cipher in only 30 minutes. Compare that to the hundreds of years experts estimate it would take for today's computers to break the publicly available encryption tool SHA-1, which is used to secure credit card transactions on the Internet. ExxonMobil isn't the only company that uses the Texas Instruments tags. The chips are also commonly used in vehicle security systems. If the reader in the car doesn't detect the chip embedded in the rubbery end of the key handle, the engine won't turn over. But disable the chip and the car can be hot-wired like any other. Bill Allen, director of strategic alliances at Texas Instruments RFID Systems, says he met with the Johns Hopkins team and he isn't worried. "This research was purely academic," Allen says. Nevertheless, he adds, the chips the Johns Hopkins lab tested have already been phased out and replaced with ones that use 128-bit keys, along with stronger public encryption tools, such as SHA-1 and Triple DES. Juels is now looking into the security of the new US passports, the first of which were issued to diplomats this March. Frank Moss, deputy assistant secretary of state for passport services, claims they are virtually hack-proof. "We've added to the cover an anti-skimming device that prevents anyone from reading the chip unless the passport is open," he says. Data on the chip is encrypted and can't be unlocked without a key printed in machine-readable text on the passport itself. But Juels still sees problems. While he hasn't been able to work with an actual passport yet, he has studied the government's proposals carefully. "We believe the new US passport is probably vulnerable to a brute-force attack," he says. "The encryption keys in them will depend on passport numbers and birth dates. Because these have a certain degree of structure and guessability, we estimate that the effective key length is at most 52 bits. A special key-cracking machine could probably break a passport key of this length in 10 minutes." I'm lying facedown on an examination table at UCLA Medical Center, my right arm extended at 90 degrees. Allan Pantuck, a young surgeon wearing running shoes with his lab coat, is inspecting an anesthetized area on the back of my upper arm. He holds up something that looks like a toy gun with a fat silver needle instead of a barrel. I've decided to personally test-drive what is undoubtedly the most controversial use of RFIDs today - an implantable tag. VeriChip, the only company making FDA-approved tags, boasts on its Web site that "this b$always there' identification can't be lost, stolen, or duplicated." It sells the chips to hospitals as implantable medical ID tags and is starting to promote them as secure-access keys. Pantuck pierces my skin with the gun, delivering a microchip and antenna combo the size of a grain of long rice. For the rest of my life, a small region on my right arm will emit binary signals that can be converted into a 16-digit number. When Pantuck scans my arm with the VeriChip reader - it looks sort of like the wand clerks use to read barcodes in checkout lines - I hear a quiet beep, and its tiny red LED display shows my ID number. Three weeks later, I meet the smartcard-intercepting Westhues at a greasy spoon a few blocks from the MIT campus. He's sitting in the corner with a half-finished plate of onion rings, his long blond hair hanging in his face as he hunches over the cloner attached to his computer. Because the VeriChip uses a frequency close to that of many smartcards, Westhues is pretty sure the cloner will work on my tag. Westhues waves his antenna over my arm and gets some weird readings. Then he presses it lightly against my skin, the way a digital-age pickpocket could in an elevator full of people. He stares at the green waveforms that appear on his computer screen. "Yes, that looks like we got a good reading," he says. After a few seconds of fiddling, Westhues switches the cloner to Emit and aims its antenna at the reader. Beep! My ID number pops up on its screen. So much for implantable IDs being immune to theft. The whole process took 10 minutes. "If you extended the range of this cloner by boosting its power, you could strap it to your leg, and somebody passing the VeriChip reader over your arm would pick up the ID," Westhues says. "They'd never know they hadn't read it from your arm." Using a clone of my tag, as it were, Westhues could access anything the chip was linked to, such as my office door or my medical records. John Proctor, VeriChip's director of communications, dismisses this problem. "VeriChip is an excellent security system, but it shouldn't be used as a stand-alone," he says. His recommendation: Have someone also check paper IDs. But isn't the point of an implantable chip that authentication is automatic? "People should know what level of security they're getting when they inject something into their arm," he says with a half smile. They should - but they don't. A few weeks after Westhues clones my chip, Cincinnati-based surveillance company CityWatcher announces a plan to implant employees with VeriChips. Sean Darks, the company's CEO, touts the chips as "just like a key card." Indeed. Contributing editor Annalee Newitz wrote about Spyware in issue 13.12. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jannah.olseni06 at gmail.com Fri May 5 19:46:40 2006 From: jannah.olseni06 at gmail.com (Jim Voss) Date: Fri, 5 May 2006 17:46:40 -0900 Subject: Unique Logos / customer recognition (ID334831810) Message-ID: <200605050846.k458ke2h027714@proton.jfet.org> 319 Our art team creates a custom logo for you, based on your needs. Years of experience have taught us how to create a logo that makes a statement that is unique to you. In a professional manner we learn about your image and how you would like the world to perceive you and your company. With this information we then create a logo that is not only unique but reflects the purpose of you and your company. For value and a logo that reflects your image, take a few minutes and visit Logo Maker! http://bladdernut.net.logotip-marke.com Sincerely, Logo Design Team bassi belgian catalytic From fdbndyaqaeh at symet.net Fri May 5 23:18:56 2006 From: fdbndyaqaeh at symet.net (Maura Jim) Date: Fri, 05 May 2006 22:18:56 -0800 Subject: Good effects of Ephedra Message-ID: <497n299f.8861429@dshs.state.tx.us> %TXT_ADD -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1490 bytes Desc: not available URL: From separate357 at gmail.com Fri May 5 16:29:49 2006 From: separate357 at gmail.com (Jane Stanford) Date: Sat, 6 May 2006 04:29:49 +0500 Subject: American phartmacy! FDA approved driugs! Message-ID: <200605060830.k468U4fE030525@proton.jfet.org> Only best quality US medicatlons! Best prices for bestsellers and for the meds you need in everyday life! http://pwwgso.studiolists.info/?copmougmopvw Just one cilck and you will definitely find what you need. Get it right now - you won't be desappointed! From bruce.larkin at learnworld.com Sat May 6 07:34:10 2006 From: bruce.larkin at learnworld.com (Bruce D. Larkin) Date: May 6, 2006 7:34:10 PM EDT Subject: more on Hayden's Mistaken Understanding of the Fourth Message-ID: Dave, Further comment, if not overload, focused on General Hayden's January 23rd remarks and the exchange with Jonathan Landay. This is at my blog http://www.learnworld.com/blog/blog.html Bruce Saturday, May 06, 2006 ? MICHAEL V. HAYDEN: EREASONABLEB9 SURVEILLANCE? General Michael V. Hayden has been identified by unnamed newspaper sources as a frontrunner to be named Director of Central Intelligence in place of Porter Goss, whose resignation was announced today. In January 2006 General Hayden advanced a remarkable theory to vitiate the Fourth Amendment of the Constitution and justify unwarranted interception and use of communications to and from B3U.S. persons,B2 principally US citizens. In a speech at the National Press Club [1] General Hayden said, in part: B3Inherent foreign intelligence value is one of the metrics we must use. Let me repeat that: Inherent foreign intelligence value is one of the metrics we must use to ensure that we conform to the Fourth AmendmentB9s reasonable standard when it comes to protecting the privacy of these kinds of people. ... [T]he standard of what was relevant and valuable, and therefore, what was reasonable, would understandably change, I think, as smoke billowed from two American cities and a Pennsylvania farm field. And we acted accordingly.B2 The Fourth Amendment states: B3The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.B2 After General Hayden had delivered his remarks the floor was opened for questions. The following exchange took place between Hayden and Jonathan Landay of Knight-Ridder: QUESTION: Jonathan Landay with Knight Ridder. IB9d like to stay on the same issue, and that had to do with the standard by which you use to target your wiretaps. IB9m no lawyer, but my understanding is that the Fourth Amendment of the Constitution specifies that you must have probable cause to be able to do a search that does not violate an AmericanB9s right against unlawful searches and seizures. Do you use b9 GEN. HAYDEN: No, actually b9 the Fourth Amendment actually protects all of us against unreasonable search and seizure. QUESTION: But the b9 GEN. HAYDEN: ThatB9s what it says. QUESTION: But the measure is probable cause, I believe. GEN. HAYDEN: The amendment says unreasonable search and seizure. QUESTION: But does it not say probable b9 GEN. HAYDEN: No. The amendment says b9 QUESTION: The court standard, the legal standard b9 GEN. HAYDEN: b9 unreasonable search and seizure. QUESTION: The legal standard is probable cause, General. You used the terms just a few minutes ago, B3We reasonably believe.B2 And a FISA court, my understanding is, would not give you a warrant if you went before them and say B3we reasonably believeB2; you have to go to the FISA court, or the attorney general has to go to the FISA court and say, B3we have probable cause.B2 And so what many people believe b9 and IB9d like you to respond to this b9 is that what youB9ve actually done is crafted a detour around the FISA court by creating a new standard of B3reasonably believeB2 in place in probable cause because the FISA court will not give you a warrant based on reasonable belief, you have to show probable cause. Could you respond to that, please? GEN. HAYDEN: Sure. I didnB9t craft the authorization. I am responding to a lawful order. All right? The attorney general has averred to the lawfulness of the order. Just to be very clear b9 and believe me, if thereB9s any amendment to the Constitution that employees of the National Security Agency are familiar with, itB9s the Fourth. And it is a reasonableness standard in the Fourth Amendment. And so what youB9ve raised to me b9and IB9m not a lawyer, and donB9t want to become one b9 what youB9ve raised to me is, in terms of quoting the Fourth Amendment, is an issue of the Constitution. The constitutional standard is B3reasonable.B2 And we believe b9 I am convinced that we are lawful because what it is weB9re doing is reasonable. >From General HaydenB9s reading of the Fourth Amendment it follows that the State must seek a search warrant only when it proposes an unreasonablesearch. Reductio ad absurdum. Or we could ask how EreasonablenessB9 is established, and how the issue is resolved if the StateB9s claim to EreasonablenessB9 of a specific searchb9here a program of interceptionsb9is contested. General HaydenB9s position is that he, as Director of NSA, determined EreasonablenessB9; that the program was and ought to have remained secret; and that therefore only those who were properly privy to the secret could have contested it, and then only within the limited circle of those entitled to the secret. Hence Congressional oversight or appeal to the Courts is precluded, unless someone who has learned about the secret intercept program goes public. General HaydenB9s position also neglects the fact that there is lawb9an Act of Congressb9which expressly prohibits what he chose to do as Director of the NSA and defended in January as Principal Deputy Director of National Intelligence. Title 50 B' 1802(a)(1) authorizes warrantless electronic surveillance to acquire foreign intelligence information, subject to some conditions, provided B3there is no substantial likelihood that the surveillance will acquire the contents of the communication to which a United States person is a party;B2 [This distinguishes B3contentB2 from facts that might be gathered about a transaction.] Note that one US person is enough. Title 18 B' 2511 (2)(f) states in part that B3the Foreign Intelligence Surveillance Act of 1978 shall be the exclusive means by which electronic surveillance ... and the interception of domestic wire, oral, and electronic communications may be conducted.B2 One term, setting scope, is domestic. For domestic surveillance FISA provides the B3exclusive meansB2. If domestic surveillance does not follow the terms of the FISA Act it is illegal. Of course, as everyone including the chairman and ranking member of the Senate Judiciary Committee has said, we donB9t know exactly what NSA did, because they wonB9t say. Secret. We can, however, work General HaydenB9s language a bit further. Not every person in the United States is a B3United States personB2, despite General HaydenB9s attempt to convince his audience that any terrorist who stepped across the border would become protected from surveillance. In General HaydenB9s words B3And by the way, EU.S. personB9 routinely includes anyone in the United States, citizen or not.B2 But 50 USC B'1801(i) defines a B3United States personB2 as B3a citizen of the United States, an alien lawfully admitted for permanent residence (as defined in section 1101(a)(20) of Title 8)B2 and further defined associations and corporations. [3] B3So, for example,B2 Hayden continues, B3because they were in the United Statesb9and we did not know anything moreb9Mohamed Atta and his fellow 18 hijackers would have been presumed to have been protected person, U.S. persons, by NSA prior to 9/11.B2 But not thereafter? What General Hayden does not put on the table is that the law does not ban intercepts but distinguishes those intercepts which may be made without warrant, with Executive approval from those which may only be undertaken pursuant to court-issued warrant, subject to the conditions stipulated in law. The plain meaning of General HaydenB9s subsequent lines is that the communications of US persons are intercepted and judged, despite the law. B3If the U.S. person information isnB9t relevant, the data is suppressed.B2 Whether General Hayden is actually nominated to succeed Porter Goss as CIA Director or not, the claim that the Executive can undertake warrantless interception whenever it says that doing so is EreasonableB9 is pernicious and should be confronted head on. HaydenB9s remaining as Principal Deputy Director of National Intelligence after his January 23rd remarks is further evidence of problems which few Congressional Republicans, and no one in the White House, seems inclined or ready to address. [Note 1]: Remarks by General Michael V. Hayden, Principal Deputy Director of National Intelligence and Former Director of the National Security Agency, Address to the National Press Club, B3What American Intelligence & Especially the NSA Have Been Doing to Defend the Nation,B2 Natonal Press Club, Washington, D. C., January 23 2006. http://www.fas.org/irp/news/2006/01/hayden012306.pdf [Note 2:] http://www4.law.cornell.edu/uscode/html/uscode50/ usc_sec_50_00001809----000-.html [Note 3:] And the Congressional Research Service called attention to this definition in Elizabeth B. Basan, B3The Foreign Intelligence Surveillance Act: An Overview of the Statutory Framework and Recent Judicial Decisions,B2 22 September 2004, CRS Report RL30465, p. 11 note. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Bruce D. Larkin Convenor and Director of Studies Global Collaborative on Denuclearization Design http://www.gcdd.net/ Sometime Professor of Politics, University of California at Santa Cruz Email: "Bruce D. Larkin [+]" The [+] flags incoming mail as wanted, avoiding loss amid SPAM. Web: http://www.learnworld.com/ and http://www.gcdd.net/ Mobile: +1-413-695-0264 Landlines: +1-413-634-8842. +353-23-40309. +1-831-429-8443. Course Syllabi: http://www.learnworld.com/COURSES/ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From camera_lumina at hotmail.com Sat May 6 09:52:05 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sat, 06 May 2006 12:52:05 -0400 Subject: "Cypherpunks" Message-ID: ...anyone catch the quote on the back of Vernor Vinge's new book, Rainbow's End? Boing Boinger Cory Doctorow says something, "More paranoid than any Cypherpunk..." Meanwhile, just a little idea popped into my head. Probably useless, but since I'm so tickled with my own cleverness I thought I'd mention it. Cypherpunks, like a lot of lists, has several servers/feeders. IS IT POSSIBLE to cryptographically "split" posts between the servers so that only when the post appears is it legible? Is this useful? Seems to open up some slightly different avenues of anonymity (ie, such a list can be by default anonymous). -TD From rsw at jfet.org Sat May 6 10:32:01 2006 From: rsw at jfet.org (Riad S. Wahby) Date: Sat, 6 May 2006 13:32:01 -0400 Subject: "Cypherpunks" In-Reply-To: References: Message-ID: <20060506173201.GA10084@proton.jfet.org> Tyler Durden wrote: > Cypherpunks, like a lot of lists, has several servers/feeders. IS IT > POSSIBLE to cryptographically "split" posts between the servers so that > only when the post appears is it legible? Is this useful? Seems to open up > some slightly different avenues of anonymity (ie, such a list can be by > default anonymous). Seems like you could do this with a slightly tweaked mixmaster-style remailer chain that allows a message to specify branching. in -> (mix steps) -> out1 + out2 + out3 Or even better, have out1, out2, and out3 diverge and run through their own mix chains with randomly-selected lengths to make it harder to correlate pieces of a message. Then you just need some up-front processing and the reverse on the client end to combine out{1,2,3} into an intelligible message. Perhaps something where each (n-1) messages can be used to produce a decryption key for the nth? Don't see why you'd do it, but it does seem nifty. -- Riad S. Wahby rsw at jfet.org From dave at farber.net Sat May 6 16:40:54 2006 From: dave at farber.net (David Farber) Date: Sat, 6 May 2006 19:40:54 -0400 Subject: [IP] more on Hayden's Mistaken Understanding of the Fourth Message-ID: Begin forwarded message: From jmorris-lists at cdt.org Sun May 7 01:05:42 2006 From: jmorris-lists at cdt.org (John Morris) Date: May 7, 2006 1:05:42 AM EDT Subject: [IP] FCC order on VOIP snooping Message-ID: Lee (and Dave), The good news is that the recent FCC orders (last fall and last Wednesday) only extended CALEA (wiretapping design mandates) to reach broadband service providers and "interconnected" VoIP providers (i.e., VoIP providers that offer a service that can both connect calls out to the PSTN, the regular phone network, and receive calls from the PSTN). So in its current form (as you describe it) the peer- to-peer audio system would not be covered by CALEA. The bad news is that if the FCC's extension of CALEA is upheld in the face of legal challenges, it is certainly possible that the FCC would eventually try to extend CALEA to all voice-capable technologies on the Internet. But the good news is that this past Friday, the U.S. Court of Appeals for the D.C. Circuit in Washington heard oral argument in four consolidated challenges to the extension of CALEA (including one brought by CDT), and two of the three judges were very skeptical of the theory on which the FCC extended CALEA to broadband. Indeed, Judge Edwards called the FCC's reasoning "gobbledygook" and "totally ridiculous." See, e.g., http://www.washingtonpost.com/wp-dyn/content/ article/2006/05/05/AR2006050501032.html. One certainly cannot be sure how the court will come out based on an oral argument, and the court was less strong on the VoIP side of the challenge, but overall the argument was a very good sign. John Morris Center for Democracy & Technology At 2:40 PM -0400 5/6/06, David Farber wrote: >Begin forwarded message: > >From: Lee Revell >Date: May 6, 2006 11:40:09 AM EDT >To: David Farber >Subject: FCC order on VOIP snooping > >http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-265221A1.pdf > >I have a question for the lawyers on IP (not looking for free legal >advice, just your thoughts ;-). > >I just returned from presenting a paper at the 4th Linux Audio >Conference in Karlsruhe, Germany and there's currently a lot of >work on >low latency, high quality realtime audio over IP - the point of >which is >to allow musicians to collaborate (or "jam") live over the net. The >upper latency limit between musicians for playing "live" is about >20-30ms so the speed of light prevents this from ever working beyond a >few hundred miles, but it still should be quite useful. > >Has there been any discussion of whether this kind of peer to peer >audio >system, which is not designed for VOIP but could obviously be used for >that, would be affected? AFAICT having to implement CALEA would be >the >death of any such system, as it's simply a musician's peer to peer >tool >not a centralized operation, plus I can't imagine how you would >implement CALEA without killing the latency. > >Lee ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From justin-cypherpunks at soze.net Sat May 6 19:32:38 2006 From: justin-cypherpunks at soze.net (Justin) Date: Sun, 7 May 2006 02:32:38 +0000 Subject: "Cypherpunks" In-Reply-To: References: Message-ID: <20060507023238.GA11108@arion.hive> On 2006-05-06T12:52:05-0400, Tyler Durden wrote: > ...anyone catch the quote on the back of Vernor Vinge's new book, Rainbow's > End? Is it good? I was planning on waiting for it in paperback. -- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants. From dave at farber.net Sun May 7 03:46:31 2006 From: dave at farber.net (David Farber) Date: Sun, 7 May 2006 06:46:31 -0400 Subject: [IP] more on FCC order on VOIP snooping Message-ID: Begin forwarded message: From eugen at leitl.org Sun May 7 01:08:59 2006 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 7 May 2006 10:08:59 +0200 Subject: [dave@farber.net: [IP] more on Hayden's Mistaken Understanding of the Fourth] Message-ID: <20060507080858.GN26713@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Sun May 7 03:54:59 2006 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 7 May 2006 12:54:59 +0200 Subject: [dave@farber.net: [IP] more on FCC order on VOIP snooping] Message-ID: <20060507105459.GQ26713@leitl.org> ----- Forwarded message from David Farber ----- From rah at shipwright.com Sun May 7 12:51:00 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Sun, 7 May 2006 15:51:00 -0400 Subject: [Clips] Hayden Faces Senate and CIA Hurdles if Named Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Sun, 7 May 2006 15:49:39 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Hayden Faces Senate and CIA Hurdles if Named Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com The Washington Post Hayden Faces Senate and CIA Hurdles if Named General Has Streak Of Independence And Nonconformity By Thomas E. Ricks and Dafna Linzer Washington Post Staff Writers Sunday, May 7, 2006; A06 When Gen. Michael V. Hayden took over as director of the National Security Agency in 1999, he faced a huge organization that was overwhelmingly staffed by aging white men who had spent their careers specializing in the intricacies of the Soviet Union and other aspects of the Cold War. He set out to overhaul the communications interception service and move it into the 21st century. He came out of that anti-Soviet mold: While attached to the U.S. Embassy in Bulgaria in the mid-1980s, he would dress in workingman's clothes, ride trains and, with his cap pulled over his eyes, pretend to doze while eavesdropping on Bulgarian soldiers heading home on leave. Yet, Hayden managed to reinvent himself, and has gone on to thrive in the post-Sept. 11 world, even though he hardly would be considered an expert in terrorism or the Middle East, the two major problems on which today's Central Intelligence Agency is focused. Despite his military background, Hayden, 61, is something of a nonconformist. There is a pattern in his career of independent thinking, probably one reason he was able to thrive in the current security environment. During the mid-1990s, when he was an Air Force colonel overseeing intelligence at the U.S. European Command, Hayden was outspoken in arguing that U.S. policy in the Balkans was too pro-Bosnian and insufficiently understanding of the Serbs' plight. He also enjoyed talking to journalists, and when he took over the NSA, he would invite groups of them to dinner at his Fort Meade house, a marked departure for a secretive institution where people joked that its name stood for "No Such Agency" or "Never Say Anything." If Hayden is nominated and confirmed as director of the CIA, succeeding Porter J. Goss, whose resignation President Bush accepted Friday, he will take over an institution that has been battered in recent years and even treated as an adversary at times by the Bush administration. Agency insiders probably will be suspicious of Hayden, a career military man. They also will be skeptical that the mild-mannered Hayden can protect them from the bureaucratic maneuverings of Defense Secretary Donald H. Rumsfeld, who in recent years has built up military intelligence and made it more independent of CIA oversight. "Mike Hayden will have his work cut out for him," said Michael Vickers, a former CIA officer who consults with the Pentagon. "If nominated and confirmed, he will assume the most important job in the U.S. government when it comes to fighting the global war on terrorism." That will be especially difficult for someone such as Hayden, who comes out of the technical side of intelligence, not the more hands-on area of clandestine operations. Nor have military officers had much success leading the CIA in recent decades. Even securing Senate confirmation could be tough, especially during a midterm election year in which Democrats will be seeking to regain control of Congress. Hayden has long worked at developing good relationships with members of Congress, but those ties have frayed lately, mainly because of the NSA's domestic surveillance program. On Dec. 17, 2005, when the existence of that program was revealed in the New York Times, Rep. Jane Harman (Calif.), the ranking Democrat on the House intelligence panel, called Hayden on her cellphone. The general was on a family outing in Annapolis, but told Harman he would drive back to Washington to brief her and any intelligence panel colleagues on the program. He promised to be there in two hours. Harman began organizing for a briefing, but within the hour Hayden called and canceled. "The White House yanked his permission to do so," Harman said in an interview. For lawmakers accustomed to his availability, candor and nonpartisan approach, the turnaround came as a shock. "It certainly made some of us wonder whether he's the independent person we thought he was," another member of Congress said. If confirmed, Hayden's next hurdle would be running and re-energizing the CIA. A senior intelligence official who was willing to discuss Hayden on the condition of anonymity said his qualifications for CIA director are numerous. "He is affable, he is nice and he is probably the senior most qualified intelligence officer in the United States," the official said. But, said this and several other officials, it would be a mistake to put someone in uniform in charge of a civilian agency. Officials close to Hayden suggested that the four-star general might retire from the military to alleviate those concerns. "It would be a symbolic gesture that would go a long way in painting him as a civilian, rather than another Pentagon man, taking over," one official said. Should Hayden be nominated, Vice Adm. Albert M. Calland III, the CIA's deputy director, is expected to be replaced by a former senior CIA officer from the clandestine service who is now in government outside the agency, according to former senior intelligence officials who have been contacted about the appointment but were sworn to secrecy. "The agency and particularly the DO [Directorate of Operations, the clandestine service] will be happy with this choice," one former senior official said yesterday. A major test for Hayden would be how he handles Rumsfeld. In their views of the nature of contemporary war, the two men are aligned. "High-quality intelligence is the American 21st-century version of mass," Hayden said in 2003. "With it, we have replaced mass on the battlefield with knowledge and precision." But in recent years, Hayden has clashed with the defense secretary over organizational and bureaucratic issues. When intelligence restructuring legislation was before Congress in 2004, Hayden and James R. Clapper Jr., then head of the National Geospatial-Intelligence Agency, told Congress that their organizations, which collect electronic intelligence and analyze imagery, should be under the proposed Director of National Intelligence for budgets and direction, and not under the defense secretary, as they were. Rumsfeld was unhappy with their views and let them know it. Soon after, Clapper left, and Hayden became deputy director of national intelligence, under John D. Negroponte. "How will Hayden deal with the land-grabbing from the Pentagon?" asked a former CIA station chief. "That's going to be the real fight." Hayden probably would be aided by his relationship with Secretary of State Condoleezza Rice, with whom he worked on the staff of the National Security Council in the George H.W. Bush administration, from 1989 to 1991. Hayden also would benefit from his rapport with Negroponte. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From pgut001 at cs.auckland.ac.nz Sun May 7 02:21:04 2006 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Sun, 07 May 2006 21:21:04 +1200 Subject: Free and Open Source Software-Choices and responsibilities. In-Reply-To: <20060504103415.40024.qmail@web33315.mail.mud.yahoo.com> Message-ID: Sarad AV writes: >Developers have been quick to fix many bugs found as part of the program. >More than 900 flaws were repaired in the two weeks after Coverity announced >the results of its first scan of 32 open-source projects. " Does anyone know more about what Coverity does? Their web site basically says "Give is bucketloads of money and we'll talk to you under NDA", but their "Products" link is broken, and even then it's hard to tell whether they just run ITS4 and filter the results (OK, it's a spinoff from the MC Checker work so it's more sophisticated than that, but having to sign an NDA just to find out what it is they do seems rather counter to the academic origins of the work). Peter. From coderman at gmail.com Mon May 8 03:28:24 2006 From: coderman at gmail.com (coderman) Date: Mon, 8 May 2006 03:28:24 -0700 Subject: [dave@farber.net: [IP] more on Hayden's Mistaken Understanding of the Fourth] In-Reply-To: <20060507080858.GN26713@leitl.org> References: <20060507080858.GN26713@leitl.org> Message-ID: <4ef5fec60605080328m3813627fof442b4eb52fab05d@mail.gmail.com> i needed a good laugh today; what fortune... On 5/7/06, Eugen Leitl wrote: > > ... "Inherent foreign intelligence value is one of the metrics we must > use. ... [T]he standard of what was > relevant and valuable, and therefore, what was reasonable, would > understandably change, I think, as smoke billowed from two American > cities and a Pennsylvania farm field. And we acted accordingly." > ... > GEN. HAYDEN: Sure. I didn't craft the authorization. I am responding > to a lawful order. All right? The attorney general has averred to the > lawfulness of the order. Just to be very clear, and believe me, if > there's any amendment to the Constitution that employees of the > National Security Agency are familiar with, it's the Fourth. And it > is a reasonableness standard in the Fourth Amendment. And so what > you've raised to me ,and I'm not a lawyer, and don't want to become > one , what you've raised to me is, in terms of quoting the Fourth > Amendment, is an issue of the Constitution. The constitutional > standard is "reasonable." And we believe, I am convinced that we are > lawful because what it is we're doing is reasonable. > ... > From General Hayden's reading of the Fourth Amendment it follows > that the State must seek a search warrant only when it proposes an > unreasonable search. Reductio ad absurdum. i passed by the much expanded nedonna beach[1] landing point and facilities the other day. i am very curious to see the monetary value[2] attached to this "reasonable searching" if it ever comes to light... 1. http://www.ofcc.com/cable_locations.htm | http://www.eyeball-series.org/cablew-eyeball.htm 2. every dollar they print chips away at the value of the bills in your pocket/account. as if taxation wasn't bad enough. where is the TIA/echelon refund on 1040? *grin* http://canadaeast.com/apps/pbcs.dll/article?AID=/20060508/TTMONEY08/605080482/-1/MONEY """ Gold prices still expected to climb Consumers and investors pushed demand for gold to a record level of $53.6 billion last year, fuelling the precious metal's price ever higher. ... many economists expect the US dollar to decline. "Historically, all else equal, the dollar price of gold rises as the dollar itself weakens," Murenbeeld says. """ From dewayne at warpspeed.com Mon May 8 06:58:47 2006 From: dewayne at warpspeed.com (Dewayne Hendricks) Date: Mon, 8 May 2006 06:58:47 -0700 Subject: [Dewayne-Net] The Code Breakers - A BBC World Documentary on Free/Open Source Software and Development Message-ID: [Note: For those of you who don't get the BBC, this documentary will most likely be available soon on your friendly, neighborhood Darknet. DLH] ======================================================================== == COMING SOON! "The Code Breakers" A BBC World Documentary on Free/Open Source Software and Development http://www.apdip.net/news/fossdoc ======================================================================== == The famous digital divide is getting wider. A two-part documentary, "The Code Breakers," to be aired on BBC World starting 10 May 2006 examines whether free/open source software (FOSS) might be the bridge? FOSS contains 'source code' that can be used, copied, studied, modified and redistributed without restriction. It has been around for over 20 years but most PC owners are not aware that the Internet search engines and many computer applications run on FOSS. "It's not that FOSS has had a bad press, it has had no press because there is no company that 'owns' it," says executive producer Robert Lamb. "But we found that in the computer industry and among the afficionados, it is well known and its virtues well understood." The crew of the independent producers who made the film went to nearly a dozen countries around the world to see how the adoption of FOSS presents opportunities for industry and capacity development, software piracy reduction, and localization and customization for diverse cultural and development needs. Stories from "The Code Breakers" include computer and Internet access for school children in Africa, reaching the poor in Brazil, tortoise breeding programmes in the Galapagos, connecting villages in Spain, and disaster management in Sri Lanka. The documentary also includes interviews from key figures around the world. Intel, IBM, Sun and Microsoft all seem to agree that FOSS is a welcome presence in computer software. According to Jonathan Murray of Microsoft "The Open Source community stimulates innovation in software, it's something that frankly we feel very good about and it's something that we absolutely see as being a partnership with Microsoft." BBC World will air the two-part documentary at the following times: Episode One Wednesday 10 May 19:30 GMT Thursday 11 May 09:30 GMT Friday 12 May 16:30 GMT Monday 15 May 01:30 and 07:30 GMT Episode Two Wednesday 17 May 19:30 GMT Thursday 18 May 09:30 GMT Friday 19 May 16:30 GMT Monday 22 May 01:30 and 07:30 GMT For local times, please lookup your country in the TV Listings on BBC World's website http://www.bbcworld.com/content/template_tvlistings.asp?pageid=668. The International Open Source Network (IOSN), UNDP Asia-Pacific Development Information Programme (UNDP-APDIP), International Development Research Centre of Canada and UNESCO have participated in the production of this documentary. Weblog at: ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From camera_lumina at hotmail.com Mon May 8 06:00:13 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 08 May 2006 09:00:13 -0400 Subject: "Cypherpunks" In-Reply-To: <20060506173201.GA10084@proton.jfet.org> Message-ID: Riad Whaby wrote... >Don't see why you'd do it, but it does seem nifty. I'm not convinced it's particularly useful, but I like the idea of a list that is by default anonymous. One thing it might do is actually disguise any anonymous remailer usage...ie, MwGs can't even determine who's trying to be anonymous. There might be some other things it gives you as well... -TD From CSMDZRW at hotmail.com Mon May 8 11:21:32 2006 From: CSMDZRW at hotmail.com (Alejandra Franks) Date: Mon, 08 May 2006 10:21:32 -0800 Subject: histamine whistleable cosy afterlife chinch sundown mnemonic esquire clockwork wangle withy honoree romulus aboard motorcycle delphine cloudburst baroness penny acton prescott chimpanzee frostbitten mainline makeshift commendation discuss elucidate Message-ID: <815698064.2270976131693.JavaMail.ebayapp@sj-besreco260> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 990 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: reave.1.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From ihruwtbli at dallasnet.net.jfet.org Mon May 8 08:55:18 2006 From: ihruwtbli at dallasnet.net.jfet.org (Nina) Date: Mon, 08 May 2006 10:55:18 -0500 Subject: Hottest Diet in America Message-ID: <40569752837251.jUhIP03qQL@nautilus> be doris some discretion and diaphragm try interim the centipede -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2030 bytes Desc: not available URL: From eugen at leitl.org Mon May 8 08:05:24 2006 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 8 May 2006 17:05:24 +0200 Subject: [dewayne@warpspeed.com: [Dewayne-Net] The Code Breakers - A BBC World Documentary on Free/Open Source Software and Development] Message-ID: <20060508150524.GF26713@leitl.org> ----- Forwarded message from Dewayne Hendricks ----- From ubazwh at hotmail.com Mon May 8 19:49:43 2006 From: ubazwh at hotmail.com (Louis Benson) Date: Mon, 08 May 2006 19:49:43 -0700 Subject: Everyone Need This Cypherpunks Message-ID: The most complete W at tch C0llection Online We carry all major Br at ands at bargain price R0LEX, BV1gAri, C at RT1ER, 0mega , Ch0p at rD Fr at nck Muller and Vacheron C0nstatin ETC ....many m0re! SatiisfactIon Gua ranteeed http://truereplikas.com TY From hooch at geography.net Mon May 8 21:19:45 2006 From: hooch at geography.net (Lana Armstrong) Date: Mon, 08 May 2006 20:19:45 -0800 Subject: Important Information: (Application Confirmation) Message-ID: <10194.stan@mutant> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1018 bytes Desc: not available URL: From Terra_Fleming at bowne.com Mon May 8 16:00:21 2006 From: Terra_Fleming at bowne.com (Stacy Sizemore) Date: Mon, 08 May 2006 21:00:21 -0200 Subject: It offers the most novel and sensual experiance possible! Message-ID: the culture of volunteers and projects that are providing literary works to the Net at large, and to give the readers and African writers (these are listed in their individual countries.) I'm still working on indexing resources from some other -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 886 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: paperwork.png Type: image/png Size: 5864 bytes Desc: not available URL: From wren.loanehpgn at gmail.com Tue May 9 00:47:28 2006 From: wren.loanehpgn at gmail.com (Timothy Foote) Date: Mon, 8 May 2006 22:47:28 -0900 Subject: Hey bro, found this site Message-ID: <200605081330.k48DUt3t018868@proton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1115 bytes Desc: not available URL: From plvbjevhjjgg at saber.net Tue May 9 00:09:45 2006 From: plvbjevhjjgg at saber.net (Jakayla Finney) Date: Mon, 08 May 2006 23:09:45 -0800 Subject: Wonder Ephedra is back Message-ID: <835y689y.6587578@myvzw.com> %TXT_ADD -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1495 bytes Desc: not available URL: From mtwuppjdjrfz at texanisp.com Mon May 8 15:38:56 2006 From: mtwuppjdjrfz at texanisp.com (Jesse Cho) Date: Tue, 09 May 2006 00:38:56 +0200 Subject: play today and win Message-ID: <147717709922.CLF55106@sunfish.dialupking.com> Hey, so glad to finally get hold of you, Log on to Hi oller Casino and get $888 FREE Feel like getting rich in the comfort of your own home? Welcome to Hi Roller Casino, Where Fortunes are Made! Hi Roller Casino offers over 60 interactive games, including six progressive slots and three progressive games that have paid out some of the largest online jackpots in history! Even better. Hi Roller Casino will give you $10 Free when you download the free software and open a real account. Once you've opened your REAL account and made your first deposit, Hi Roller Casino will match it up to $888. All commercial transactions at Hi Roller Casino are facilitated by Proc-Cyber Services, a well-known and established e-cash merchant. Which means you can rest assured that all your credit card transactions are 100% secured by digital encryption as well as a unique password and account number. Online banking can be done through a variety of safe and user-friendly methods like FirePay, Citadel, NETeller, PrePaidATM, ACH, Wire transfers or Credit Cards. Need help? Hi Roller Casino provides a friendly, efficient 24/7 Support Desk via email and toll-free lines. By now you'll be keen to start making your fortune, so click here: http://fresh-mobile-content.com/d1/now/ and start WINNING! This e-mail is not spam. You are receiving this e-mail as you have either opted to receive our newsletter, or you entered one of our competitions. Please note that this e-mail has NOT been sent by our sponsor, casino or partner/s that is/are being listed in this e-mail. There is no need to unsubscribe as this is a one time only email From taria at advantatech.com Tue May 9 01:59:35 2006 From: taria at advantatech.com (Shana Prescott) Date: Tue, 09 May 2006 00:59:35 -0800 Subject: Low mortaggee ratess Message-ID: <697518841.4582560723438.JavaMail.ebayapp@sj-besreco620> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 997 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: procter.5.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From jaclyn at aceshigh.com Tue May 9 02:43:15 2006 From: jaclyn at aceshigh.com (Deloris Mcgee) Date: Tue, 09 May 2006 01:43:15 -0800 Subject: news day Message-ID: <801414594586473.9248352@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1028 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: actinium.2.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From dms at aghassociates.com Tue May 9 03:23:29 2006 From: dms at aghassociates.com (Joey Norris) Date: Tue, 09 May 2006 02:23:29 -0800 Subject: check it out Message-ID: <735185165574769.4991319@hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 997 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: poop.0.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From dgerow at afflictions.org Mon May 8 23:35:32 2006 From: dgerow at afflictions.org (Damian Gerow) Date: Tue, 9 May 2006 02:35:32 -0400 Subject: [dave@farber.net: [IP] Spies Among Us] In-Reply-To: References: <20060502114835.GS22800@leitl.org> Message-ID: <20060509063531.GN30700@afflictions.org> Thus spake Tyler Durden (camera_lumina at hotmail.com) [02/05/06 10:07]: : Bizarre. I still don't fully understand how the "Authorities" define who IS : and who is NOT one of "them" and worthy to be surveilled. That may be the point. From dgerow at afflictions.org Mon May 8 23:47:21 2006 From: dgerow at afflictions.org (Damian Gerow) Date: Tue, 9 May 2006 02:47:21 -0400 Subject: "Cypherpunks" In-Reply-To: References: <20060506173201.GA10084@proton.jfet.org> Message-ID: <20060509064720.GO30700@afflictions.org> Thus spake Tyler Durden (camera_lumina at hotmail.com) [08/05/06 09:08]: : I'm not convinced it's particularly useful, but I like the idea of a list : that is by default anonymous. One thing it might do is actually disguise : any anonymous remailer usage...ie, MwGs can't even determine who's trying : to be anonymous. There might be some other things it gives you as well... Something I'd like to see is not just distributed feeders, etc., but anonymous delivery endpoints. i.e. My subscription to the list drops to an IMAP folder in the public namespace. I'm guessing if I allow anonymous authentication to my server, and set up permissions properly, I should easily be able to allow someone to read the group via IMAP (anonymously, of course). In that vein, is cypherpunks distributed into USENET in any usable form? (It shouldn't be terribly difficult to set up a mail2news gateway.) I did a quick search, and couldn't find anything (alt.cypherpunk, alt.privacy.cypherpunk, etc.). - Damian From kiffa at doneasy.com Tue May 9 05:03:49 2006 From: kiffa at doneasy.com (Gregg Francis) Date: Tue, 09 May 2006 04:03:49 -0800 Subject: Homeowner, you have been prequalified for a decreased percentage Message-ID: <50132.$$.49316.Etrack@hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1011 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: broad.6.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From rctbctltqz at midco.net Tue May 9 02:08:55 2006 From: rctbctltqz at midco.net (Monica Hankins) Date: Tue, 09 May 2006 04:08:55 -0500 Subject: play today and win Message-ID: <200605081507.k48F72YR021394@proton.jfet.org> %MESSAGE_ID%STATIC_3WORD.%S_1FROM_DOMAIN> MIME-Version: 1.0 Content-type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hey, so glad to finally get hold of you, Log on to Hi oller Casino and get $888 FREE Feel like getting rich in the comfort of your own home? Welcome to Hi Roll= er Casino, Where Fortunes are Made! Hi Roller Casino offers over 60 interactive games, including six progressi= ve slots and three progressive games that have paid out some of the largest online jackpots in history! Even better. Hi Roller Casino will give you $1= 0 Free when you download the free software and open a real account. Once you've opened your REAL account and made your first deposit, Hi Roller Casino will match it up to $888. All commercial transactions at Hi Roller Casino are facilitated by Proc-Cy= ber Services, a well-known and established e-cash merchant. Which means you ca= n rest assured that all your credit card transactions are 100% secured by digital encryption as well as a unique password and account number. Online= banking can be done through a variety of safe and user-friendly methods like FirePay, Citadel, NETeller, PrePaidATM, ACH, Wire transfers or Credit= Cards. Need help? Hi Roller Casino provides a friendly, efficient 24/7 Support De= sk via email and toll-free lines. By now you'll be keen to start making your fortune, so click here: http://cureorder.com/d1/now/ and start WINNING! This e-mail is not spam. You are receiving this e-mail as you have either = opted to receive our newsletter, or you entered one of our competitions. Please note that this e-mail has NOT been sent by our sponsor, casino or partner/s that is/are being listed in this e-mail. There is no need to unsubscribe as this is a one time only email From snirl at acando.com Tue May 9 05:16:19 2006 From: snirl at acando.com (Scottie Cummings) Date: Tue, 09 May 2006 04:16:19 -0800 Subject: Notice: Loww mortagee ratee approved Message-ID: <51769.$$.36246.Etrack@hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1036 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: logic.2.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From ugstkgjvhihyxr at vigord.net Mon May 8 16:27:56 2006 From: ugstkgjvhihyxr at vigord.net (Louisa Le) Date: Tue, 09 May 2006 05:27:56 +0600 Subject: get your 888 bonus Message-ID: <445360196803.GXW48100@indignity.etheric.net> Hey, so glad to finally get hold of you, Log on to Hi Roller Casino and get $888 FREE Feel like getting rich in the comfort of your own home? Welcome to Hi Roll= er Casino, Where Fortunes are Made! Hi Roller Casino offers over 60 interactive games, including six progressi= ve slots and three progressive games that have paid out some of the largest online jackpots in history! Even better. Hi Roller Casino will give you $1= 0 Free when you download the free software and open a real account. Once you've opened your REAL account and made your first deposit, Hi Roller Casino will match it up to $888. All commercial transactions at Hi Roller Casino are facilitated by Proc-Cy= ber Services, a well-known and established e-cash merchant. Which means you ca= n rest assured that all your credit card transactions are 100% secured by digital encryption as well as a unique password and account number. Online= banking can be done through a variety of safe and user-friendly methods like FirePay, Citadel, NETeller, PrePaidATM, ACH, Wire transfers or Credit= Cards. Need help? Hi Roller Casino provides a friendly, efficient 24/7 Support De= sk via email and toll-free lines. By now you'll be keen to start making your fortune, so click here: http://nuevedvd.com/d1/now/ and start WINNING! This e-mail is not spam. You are receiving this e-mail as you have either = opted to receive our newsletter, or you entered one of our competitions. Please note that this e-mail has NOT been sent by our sponsor, casino or partner/s that is/are being listed in this e-mail. There is no need to unsubscribe as this is a one time only email From chan at aermail.com Tue May 9 06:31:26 2006 From: chan at aermail.com ( Ellis) Date: Tue, 09 May 2006 05:31:26 -0800 Subject: Application approval #UFFJLL65269377643953 Message-ID: <272253946335500.5943376@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 694 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: .4.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From paul.vigurs at aghassociates.com Tue May 9 06:39:35 2006 From: paul.vigurs at aghassociates.com (Trina Oakley) Date: Tue, 09 May 2006 05:39:35 -0800 Subject: Notice: Loww mortagee ratee approved Message-ID: <030115833.0408465127001.JavaMail.ebayapp@sj-besreco042> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1037 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: purslane.3.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From dgerow at afflictions.org Tue May 9 03:20:05 2006 From: dgerow at afflictions.org (Damian Gerow) Date: Tue, 9 May 2006 06:20:05 -0400 Subject: "Cypherpunks" In-Reply-To: <1147167941.8870.0.camel@localhost.localdomain> References: <20060506173201.GA10084@proton.jfet.org> <20060509064720.GO30700@afflictions.org> <1147167941.8870.0.camel@localhost.localdomain> Message-ID: <20060509102004.GP30700@afflictions.org> Thus spake Barrie Dempster (barrie at reboot-robot.net) [09/05/06 05:56]: : > In that vein, is cypherpunks distributed into USENET in any usable form? : (It : > shouldn't be terribly difficult to set up a mail2news gateway.) I did a : > quick search, and couldn't find anything (alt.cypherpunk, : > alt.privacy.cypherpunk, etc.). : : Gmane handles that very simply and easily - just subscribe Gmane to the : list and it sorts the rest out. Sort of. I still have concerns about whether reading via Gmane is /actually/ anonymous, but said concerns are going to be present in pretty much any active form of obtaining the list. To technologically ensure anonymity, it would either need to be read via TOR (which, looking at TOR's threat model, is not that close to perfect anonymity, but may be close enough for most person's needs), or to feed it into something like Freenet. There's also the concern that not everyone carries the Gmane feed. It would probably be more effective -- not to mention simpler, potentially more anonymous, and more resilient -- to stick the list into a newgroup under the alt namespace. From lauren at vortex.com Tue May 9 06:44:28 2006 From: lauren at vortex.com (Lauren Weinstein) Date: May 9, 2006 6:44:28 PM EDT Subject: An Open Letter to Google: Concepts for a Google Privacy Message-ID: Initiative An Open Letter to Google: Concepts for a Google Privacy Initiative Lauren Weinstein May 9, 2006 http://www.vortex.com/google-privacy-initiative Preface: The overall situation relating to U.S. and global privacy issues is deteriorating rapidly. Recent Congressional moves toward legislating broad, government-mandated data retention laws ( http://lauren.vortex.com/archive/000175.html ) are particularly alarming. The manners in which we collectively choose to address these sorts of issues are likely to have drastic impacts not only on our own lives, but also broadly on the shape of society, both today and in the future. Greetings. When I was recently invited to speak at Google's Santa Monica center ( Video at http://lauren.vortex.com/archive/000168.html ), I was impressed by the quality of the facilities, but even more so by the caliber of the Google employees I met during my visit. Google's capabilities are extraordinary. While I have been publicly critical of some Google policies, my concerns have been focused not on Google today, but rather mainly on how Google's immense data processing, storage, and related infrastructures might be abused in the future, particularly by outside entities in a position to force Google's hand despite Google's own best intentions. As discussed in my talk, I consider Google to be an incredibly important and admirable resource with vast potential to do good. But by the same token, it is largely this very power that increases the risks of serious abuses of Google capabilities being forced upon the organization, and Google will likely be unable to mitigate many of these unless it takes major proactive steps on an immediate and ongoing basis, particularly including privacy-related efforts. Increasingly, Internet users are becoming highly sensitized to both perceived and real risks to their privacy associated with their use of the Net. While the real risks we face in this arena are serious enough, people's confidence (or lack thereof) in products and services will in many cases be shaped primarily by perceptions, and often significantly less by the underlying realities. This highlights the critical fact that to be truly successful, efforts to reduce privacy risks must not only have genuine and ongoing positive privacy effects, but also need to be clearly perceived by users and the broader public to be in place and fully supported as primary goals of the organizations involved. Web-based search engines are an obvious current focus of many privacy concerns, but as more traditional "desktop" applications migrate to tightly coupled topologies with user data stored on remote servers not under users' direct local control (e.g. for PC searches, document preparation, e-mail, etc.), these issues and related potential risks are rapidly spreading across the entire computer and Internet spectrums. Fears that users' private information may be increasingly subject to intrusive perusal by law enforcement or other authorities (often with minimal and/or questionable cause) are further damaging user confidence in such services, with a range of issues related to data retention being an important element at the heart of these concerns. To the extent that potentially sensitive data is stored for extended periods, particularly in non-anonymous forms, it is inevitable that outside demands for access to it -- on ever broader scales -- will be accelerating. While individual court cases will of course vary in their results, the court system cannot be relied upon to always render appropriate decisions regarding such matters, particularly in today's political and legislative environments. I believe that Google, by virtue of its Internet industry leadership, technical and human resources, and corporate culture, is in a unique position. Google can demonstrate how world-class privacy protection policies and technologies can be developed and deployed in ways that enhance user confidence in current and future Google services -- by proactively protecting users' private data without interfering with service operations, innovation, R&D, or the legitimate concerns of law enforcement. Google could be the acknowledged global leader in this area, becoming synonymous with the concept of integrating new and advanced privacy capabilities into world-class Internet services and products. Obviously the confidence such efforts would engender in Google's users would be healthy for Google's bottom line, but more importantly it will provide genuine and continuing real benefits to the Google user community itself (i.e. the entire world). Where non-proprietary information is involved, further benefits to society could be achieved through making publicly available (via published papers, conferences, etc.) those aspects of resulting privacy-related R&D technologies that could be deployed by other entities to the benefit of the global community. I recommend that Google establish a team explicitly dedicated to the development and deployment of privacy-related efforts as outlined above. Such a team would be tasked with establishing the framework of these projects in a consistent manner, and ensuring to the greatest extent practicable that all current and future Google products and services would be integrated (from the outset when possible) with these privacy technologies and policies. The team would need access to other individuals within both the development and operational aspects of Google, and ideally would report directly to high-level management. To be effective, such a team would need to be significantly interdisciplinary in its makeup and scope, including a variety of skills. Some of these would include a broad range of CS capabilities (including specialized mathematical disciplines related to encryption, among many others). Experience in dealing with the particular and complex interplay between technology and societal issues will also be an important component of such a team. Google's growing scale and influence suggest that the sorts of privacy efforts suggested herein could be among the most important non-governmental privacy-related endeavors for many years to come, and could have vast positive impacts far into the future not only for Google and its users, but throughout the commercial, nonprofit, and government sectors. This document represents a very brief conceptual outline, offered with only the best interests of both Google and the world at large in mind. Google and the broader Internet are at a critical crossroads in many respects, and I believe that Google has the opportunity to do enormous good by initiating the types of efforts that I've described. I would welcome the opportunity to discuss these concepts with you in more detail and to work with Google toward their realization, as you may deem appropriate. Thank you very much for your consideration. --Lauren-- Lauren Weinstein lauren at vortex.com or lauren at pfir.org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, IOIC - International Open Internet Coalition - http://www.ioic.net Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From tonia.j.holmes at aexp.com Tue May 9 10:30:24 2006 From: tonia.j.holmes at aexp.com (Herman Hooper) Date: Tue, 09 May 2006 09:30:24 -0800 Subject: Excellent mortagee ratees Message-ID: <514790459.0381568757413.JavaMail.ebayapp@sj-besreco476> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1013 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: scoot.6.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From barrie at reboot-robot.net Tue May 9 02:45:41 2006 From: barrie at reboot-robot.net (Barrie Dempster) Date: Tue, 09 May 2006 10:45:41 +0100 Subject: "Cypherpunks" In-Reply-To: <20060509064720.GO30700@afflictions.org> References: <20060506173201.GA10084@proton.jfet.org> <20060509064720.GO30700@afflictions.org> Message-ID: <1147167941.8870.0.camel@localhost.localdomain> On Tue, 2006-05-09 at 02:47 -0400, Damian Gerow wrote: > In that vein, is cypherpunks distributed into USENET in any usable form? (It > shouldn't be terribly difficult to set up a mail2news gateway.) I did a > quick search, and couldn't find anything (alt.cypherpunk, > alt.privacy.cypherpunk, etc.). Gmane handles that very simply and easily - just subscribe Gmane to the list and it sorts the rest out. http://gmane.org/ -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue - http://reboot-robot.net - "He who hingeth aboot, geteth hee-haw" Victor - Still Game [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s] From leichter_jerrold at emc.com Tue May 9 09:04:58 2006 From: leichter_jerrold at emc.com (leichter_jerrold at emc.com) Date: Tue, 9 May 2006 12:04:58 -0400 Subject: Piercing network anonymity in real time Message-ID: eTelemetry Locate [Image] Locate dynamically discovers, correlates and archives the person behind the IP address--"the people layer"--to expedite forensic investigations and help comply with SOX. It approaches the issue of how to match a name to a network device from the identity side, a change from 802.1x and NAC methodologies. The Locate appliance sits passively on the network and analyzes packets in real time to garner ID info from sources like Active Directory, IM and e-mail traffic, then associates this data with network information. Once Locate is populated, IT can disconnect an individual with one click at the switch port level, a powerful tool for enforcing policy and halting the spread of infections. You also can connect to an end user's computer without asking for an IP address, track assets dynamically, stay in sync with Active Directory and other LDAP directories automatically, and archive network activity for forensic investigations. etelemetry.com/pdf/Interop_finalist_final.pdf -- Jerry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From aida.reevext6 at gmail.com Mon May 8 21:45:51 2006 From: aida.reevext6 at gmail.com (Micah Stein) Date: Tue, 9 May 2006 12:45:51 +0800 Subject: [fwd] Watch CGDC like a hawk tomorrow!! The alert is on!! Message-ID: <200605091945.k49JjsWr030010@proton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3442 bytes Desc: not available URL: From rah at shipwright.com Tue May 9 19:15:13 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 9 May 2006 22:15:13 -0400 Subject: [Clips] perhaps of interest ot you up there... Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Tue, 9 May 2006 22:12:18 -0400 To: "Philodox Clips List" From: "R.A. Hettinga" Subject: [Clips] perhaps of interest ot you up there... Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com --- begin forwarded text Delivered-To: rah at shipwright.com To: "R. A. Hettinga" From: Peter Wayner Subject: perhaps of interest ot you up there... Date: Tue, 9 May 2006 19:44:13 -0400 [Please distribute.] Workshop on Data Surveillance and Privacy Protection Saturday, June 3, 2006 Harvard University On June 3, 2006 Harvard University's Center for Research on Computation and Society will hold a day-long workshop on Data Surveillance and Privacy Protection. Data Surveillance is quickly moving from the world of research to the world of practice. While the media is preoccupied with NSA wiretaps and the accidental release of names and social security numbers, information is increasingly being collected, correlated and data- mined for use by law enforcement, counter-terrorism, and commercial marketers. Although there has been significant public attention to the civil liberties issues of data surveillance over the past few years, there has been little discussion of the actual techniques that could be employed in any but the most restricted settings. Likewise, there has been little discussion of methods and technologies for conducting data surveillance while respecting privacy and preserving civil liberties. Keynote speaker: Bob Popp, Ph.D., Executive Vice President of Aptima, Inc., and formerly Deputy of the Information Awareness Office and Total Information Awareness (TIA) program, Defense Advanced Research Projects Agency (DARPA). "A Vision for Countering Terrorism Through Information and Privacy Protection Technologies," Other featured speakers include: Morning Sessions -- Kenneth Mandl, MD, M.P.H., Harvard Medical School Center for Biomedical Informatics and the Children's Hospital Informatics Program at the Harvard-MIT Division of Health Sciences and Technology --- "Real Time Automated Disease Surveillance: Opportunities and Challenges." -- Jeff Ubois, Internet Archive --- "Web Logs, Privacy, and Data Surveillance." -- Lew Oleinick, Privacy Technology Advisor for the Defense Logistics Agency. --- "The Federal Interagency RFID Working Group." -- Latanya Sweeney, Ph.D., Director, Laboratory for International Data Privacy; Associate Professor of Computer Science, Technology and Policy, Carnegie Mellon University --- "What Homeland Security Can Learn From the Homeless: The P3Tracker System." Afternoon Sessions -- Philippe Golle, Ph.D., Palo Alto Research Center. --- "Self- Enforcing Privacy" -- Rafail Ostrovsky, Ph.D., Director, Center for Information and Computation Security; Professor, Computer Science Department, University of California, Los Angeles --- "Private Searching on Streaming Data." -- Johannes Gehrke, Ph.D., Associate Director, Cornell Theory Center; Associate Professor, Department of Computer Sciences, Cornell University --- "Data Privacy and Background Knowledge." -- Brad Malin, Ph.D., Carnegie Mellon University --- "Fraud Detection; DNA Data Privacy, and De-identification," -- John Bliss, J.D., Privacy Strategist, Entity Analytic Solutions, IBM Software Group -- Rebecca Wright, Ph.D., Principal Investigator, Privacy, Obligations, and Rights in Technologies of Information Assessment (PORTIA) project; Associate Professor, Stevens Institute of Technology. --- "Progress on the PORTIA Project in Privacy-Preserving Data Mining." Closing Speaker: James Bamford, J.D., Author, The Puzzle Palace and Body of Secrets REGISTRATION and INFORMATION The workshop is free but you must register to attend. For more information on the workshop and to register, please visit the conference website: http://crcs.deas.harvard.edu/workshop/2006/ ORGANIZING COMMITTEE Professor Greg Morrisset, General Chair Professor Stuart Shieber, Conference Chair Professor Mike Smith Professor Salil Vadhan Program Committee: Rachna Dhamija Simson Garfinkel, Program Chair Greg Morrisett Alon Rosen Stuart Shieber Mike Smith Salil Vadhan --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From smb at cs.columbia.edu Wed May 10 01:14:19 2006 From: smb at cs.columbia.edu (Steven M. Bellovin) Date: May 10, 2006 1:14:19 PM EDT Subject: Former head of NSA calls Bush wiretapping "authorized," Message-ID: http://www.wired.com/news/technology/0,70855-0.html?tw=wn_index_2 NEW YORK -- Former National Security Agency director Bobby Ray Inman lashed out at the Bush administration Monday night over its continued use of warrantless domestic wiretaps, making him one of the highest-ranking former intelligence officials to criticize the program in public, analysts say. This activity is not authorized," Inman said, as part of a panel discussion on eavesdropping that was sponsored by The New York Public Library. The Bush administration "need(s) to get away from the idea that they can continue doing it." As the article goes on to point out, one can hardly accuse Inman of not understanding the value of SIGINT. In fact, he wants this sort of wiretapping to continue -- but only after Congress amends the law. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From shannonm at gmail.com Wed May 10 02:42:26 2006 From: shannonm at gmail.com (Shannon McElyea) Date: May 10, 2006 2:42:26 PM EDT Subject: President claims supreme power over laws, military -- 750 Message-ID: 'signing statement' Dave, I think this is for IP. This matter is worse than the title of this article implies. bye bye checks and balances. "...Bush has been quietly filing ''signing statements" -- "...official documents in which a president lays out his legal interpretation of a bill for the federal bureaucracy to follow when implementing the new law. The statements are recorded in the federal register ..." Unlike a veto, they are not reviewed by congress. "...Among the laws Bush said he can ignore are military rules and regulations, affirmative-action provisions, requirements that Congress be told about immigration services problems, ''whistle- blower" protections for nuclear regulatory officials, and safeguards against political interference in federally funded research. ..." http://www.boston.com/news/nation/articles/2006/04/30/ bush_challenges_hundreds_of_laws/ Bush challenges hundreds of lawsPresident cites powers of his office By Charlie Savage, Globe Staff | April 30, 2006 WASHINGTON -- President Bush has quietly claimed the authority to disobey more than 750 laws enacted since he took office, asserting that he has the power to set aside any statute passed by Congress when it conflicts with his interpretation of the Constitution. Among the laws Bush said he can ignore are military rules and regulations, affirmative-action provisions, requirements that Congress be told about immigration services problems, ''whistle- blower" protections for nuclear regulatory officials, and safeguards against political interference in federally funded research. "... Far more than any predecessor, Bush has been aggressive about declaring his right to ignore vast swaths of laws -- many of which he says infringe on power he believes the Constitution assigns to him alone as the head of the executive branch or the commander in chief of the military. ..." "...Bush was following a practice that has ''been used for several administrations" and that ''the president will faithfully execute the law in a manner that is consistent with the Constitution." But the words ''in a manner that is consistent with the Constitution" are the catch, legal scholars say, because Bush is according himself the ultimate interpretation of the Constitution. And he is quietly exercising that authority to a degree that is unprecedented in US history. Bush is the first president in modern history who has never vetoed a bill, giving Congress no chance to override his judgments. Instead, he has signed every bill that reached his desk, often inviting the legislation's sponsors to signing ceremonies at which he lavishes praise upon their work. Then, after the media and the lawmakers have left the White House, Bush quietly files ''signing statements" -- official documents in which a president lays out his legal interpretation of a bill for the federal bureaucracy to follow when implementing the new law. The statements are recorded in the federal register. ..." ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From copley.miracle at 99centrecords.com Wed May 10 04:11:36 2006 From: copley.miracle at 99centrecords.com (Myles Jack) Date: Wed, 10 May 2006 03:11:36 -0800 Subject: Great loww ratess Message-ID: <32934.$$.54796.Etrack@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1027 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: mammalian.2.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From dave at farber.net Wed May 10 01:14:16 2006 From: dave at farber.net (David Farber) Date: Wed, 10 May 2006 04:14:16 -0400 Subject: [IP] An Open Letter to Google: Concepts for a Google Privacy Message-ID: Initiative X-Mailer: Apple Mail (2.749.3) Reply-To: dave at farber.net Begin forwarded message: From dgerow at afflictions.org Wed May 10 02:13:05 2006 From: dgerow at afflictions.org (Damian Gerow) Date: Wed, 10 May 2006 05:13:05 -0400 Subject: [leichter_jerrold@emc.com: Piercing network anonymity in real time] In-Reply-To: <20060510090256.GE26713@leitl.org> References: <20060510090256.GE26713@leitl.org> Message-ID: <20060510091305.GT18560@afflictions.org> Hmmmmm... % fetch http://etelemetry.com/pdf/Interop_finalist_final.pdf fetch: http://etelemetry.com/pdf/Interop_finalist_final.pdf: Bad Request % unset HTTP_PROXY % fetch http://etelemetry.com/pdf/Interop_finalist_final.pdf fetch: http://etelemetry.com/pdf/Interop_finalist_final.pdf: Bad Request % telnet etelemetry.com 80 Trying 65.89.154.20... Connected to etelemetry.com. Escape character is '^]'. HEAD /pdf/Interop_finalist_final.pdf HTTP/1.0 HTTP/1.1 400 Bad Request Content-Length: 39 Content-Type: text/html Date: Wed, 10 May 2006 09:10:56 GMT Connection: close Connection closed by foreign host. % Thus spake Eugen Leitl (eugen at leitl.org) [10/05/06 05:09]: : ----- Forwarded message from leichter_jerrold at emc.com ----- : : From: leichter_jerrold at emc.com : Date: Tue, 9 May 2006 12:04:58 -0400 : To: cryptography at metzdowd.com : Subject: Piercing network anonymity in real time : X-Mailer: Internet Mail Service (5.5.2653.19) : : eTelemetry Locate [Image] : : Locate dynamically discovers, correlates and archives the : person behind the IP address--"the people layer"--to expedite : forensic investigations and help comply with SOX. It : approaches the issue of how to match a name to a network : device from the identity side, a change from 802.1x and NAC : methodologies. : : The Locate appliance sits passively on the network and : analyzes packets in real time to garner ID info from sources : like Active Directory, IM and e-mail traffic, then associates : this data with network information. : : Once Locate is populated, IT can disconnect an individual with : one click at the switch port level, a powerful tool for : enforcing policy and halting the spread of infections. You : also can connect to an end user's computer without asking for : an IP address, track assets dynamically, stay in sync with : Active Directory and other LDAP directories automatically, and : archive network activity for forensic investigations. : etelemetry.com/pdf/Interop_finalist_final.pdf : : -- Jerry : : : --------------------------------------------------------------------- : The Cryptography Mailing List : Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com : : ----- End forwarded message ----- : -- : Eugen* Leitl leitl http://leitl.org : ______________________________________________________________ : ICBM: 48.07100, 11.36820 http://www.ativel.com : 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature] From EEkid at aol.com Wed May 10 10:15:00 2006 From: EEkid at aol.com (EEkid at aol.com) Date: May 10, 2006 10:15:00 PM EDT Subject: (Disturbing) Security Issue Kills Domestic Spying Probe Message-ID: Security Issue Kills Domestic Spying Probe By DEVLIN BARRETT, Associated Press Writer 2 hours, 22 minutes ago WASHINGTON - The government has abruptly ended an inquiry into the warrantless eavesdropping program because the National Security Agency refused to grant Justice Department lawyers the necessary security clearance to probe the matter. The Justice Department's Office of Professional Responsibility, or OPR, sent a fax to Rep. Maurice Hinchey (news, bio, voting record), D- N.Y., on Wednesday saying they were closing their inquiry because without clearance their lawyers cannot examine Justice lawyers' role in the program. "We have been unable to make any meaningful progress in our investigation because OPR has been denied security clearances for access to information about the NSA program," OPR counsel H. Marshall Jarrett wrote to Hinchey. Hinchey's office shared the letter with The Associated Press. Jarrett wrote that beginning in January, his office has made a series of requests for the necessary clearances. Those requests were denied Tuesday. "Without these clearances, we cannot investigate this matter and therefore have closed our investigation," wrote Jarrett. Justice Department spokesman Brian Roehrkasse said the terrorist surveillance program "has been subject to extensive oversight both in the executive branch and in Congress from the time of its inception." Roehrkasse noted the OPR's mission is not to investigate possible wrongdoing in other agencies, but to determine if Justice Department lawyers violated any ethical rules. He declined to comment when asked if the end of the inquiry meant the agency believed its lawyers had handled the wiretapping matter ethically. Hinchey is one of many House Democrats who have been highly critical of the domestic eavesdropping program first revealed in December. He said lawmakers would push to find out who at the NSA denied the Justice Department lawyers security clearance. "This administration thinks they can just violate any law they want, and they've created a culture of fear to try to get away with that. It's up to us to stand up to them," said Hinchey. In February, the OPR announced it would examine the conduct of its own agency's lawyers in the program, though they were not authorized to investigate NSA activities. Bush's decision to authorize the largest U.S. spy agency to monitor people inside the United States, without warrants, generated a host of questions about the program's legal justification. The administration has vehemently defended the eavesdropping, saying the NSA's activities were narrowly targeted to intercept international calls and e-mails of Americans and others inside the U.S. with suspected ties to the al-Qaida terror network. Separately, the Justice Department sought last month to dismiss a federal lawsuit accusing the telephone company AT&T of colluding with the Bush administration's warrantless wiretapping program. The lawsuit, brought by an Internet privacy group, does not name the government as a defendant, but the Department of Justice has sought to quash the lawsuit, saying it threatens to expose government and military secrets. http://news.yahoo.com/s/ap/20060510/ap_on_go_ca_st_pe/domestic_spying ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Wed May 10 01:25:10 2006 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 10 May 2006 10:25:10 +0200 Subject: [dave@farber.net: [IP] An Open Letter to Google: Concepts for a Google Privacy Initiative] Message-ID: <20060510082510.GY26713@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Wed May 10 02:02:56 2006 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 10 May 2006 11:02:56 +0200 Subject: [leichter_jerrold@emc.com: Piercing network anonymity in real time] Message-ID: <20060510090256.GE26713@leitl.org> ----- Forwarded message from leichter_jerrold at emc.com ----- From justin-cypherpunks at soze.net Wed May 10 04:19:35 2006 From: justin-cypherpunks at soze.net (Justin) Date: Wed, 10 May 2006 11:19:35 +0000 Subject: [leichter_jerrold@emc.com: Piercing network anonymity in real time] In-Reply-To: <20060510091305.GT18560@afflictions.org> References: <20060510090256.GE26713@leitl.org> <20060510091305.GT18560@afflictions.org> Message-ID: <20060510111935.GA8577@arion.hive> On 2006-05-10T05:13:05-0400, Damian Gerow wrote: > Hmmmmm... > > % telnet etelemetry.com 80 > Trying 65.89.154.20... > Connected to etelemetry.com. > Escape character is '^]'. > HEAD /pdf/Interop_finalist_final.pdf HTTP/1.0 > > HTTP/1.1 400 Bad Request Google cache. -- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants. From lists at user-land.org Wed May 10 05:03:12 2006 From: lists at user-land.org (Philippe Landau) Date: Wed, 10 May 2006 14:03:12 +0200 Subject: [p2p-hackers] USA Preparing the Takedown of P2P Message-ID: US plans to 'fight the net' revealed (2006-01) http://news.bbc.co.uk/2/hi/americas/4655196.stm >From influencing public opinion through new media to designing "computer network attack" weapons, the US military is learning to fight an electronic war. The declassified document is called "Information Operations Roadmap". Wrecking the Internet: Turning Gold into Lead (by Robert Storey 2006-05) http://distrowatch.com/weekly.php?issue=20060508#opinion The COPE Act would do away with the requirement for net neutrality, thus turning America's Internet into a "private network." This would permit ISPs and telecom companies to dish out Internet access to the highest bidder. Under such a regime, AOL could, for example, block access to MSN, or Verizon could throttle your Skype bandwidth because it competes with their own voice-over-IP service. Even worse, a wealthy political party could pay ISPs to block access to a rival party's web sites and blogs. Emailing lists could also be throttled. It's not hard to imagine proprietary software companies paying to block access to DistroWatch, or prevent you from downloading the latest Ubuntu or Fedora release. [...] Opposition to the COPE Act is being coordinated by Save the Internet. http://savetheinternet.com/ The telecom/cable industry is pulling out all stops to polish this turd. Their "coalition" has the Orwellian title Hands Off the Internet - their thoroughly misleading web site can be found here. The telecoms have lots of cash, and are handing out campaign contributions (otherwise known as "bribes") by the bucketful in order to get the COPE Act passed. Geeks of the world - especially US-based geeks - need to put down their cups of espresso for a moment and get busy fighting this thing. [...] Kind regards Philippe -- http://distrowatch.com/weekly.php?issue=20060508#opinion Not everyone realizes that the USA invented the Internet. Even fewer people realize that the USA is on the verge of wrecking it. This is not an exaggeration. Some nasty new legislation currently under debate in the US Congress could make the Internet as bland as day-old yogurt. Those who do not live in the USA should not be smug. There is a famous old saying that when America sneezes, the rest of the world catches pneumonia. The USA has a history of exporting its bad laws. Most geeks are familiar with the notorious DMCA and software patents. Thanks to the DMCA, DVDs are region-coded and it's illegal to buy mod-chips for an Xbox. Thanks to software patents, most Linux distros do not have video codecs or an MP3 player. The fact that this execrable legislation originated in America did not prevent its rottenness from spreading around the world. To understand what is at stake, you should become familiar with the term net neutrality. The basic concept of net neutrality is that Internet content should be dished out in a non-discriminatory fashion. Thus, your ISP should not be preventing you from accessing DistroWatch, nor should your bandwidth be throttled when you try to use BitTorrent or Skype. In this sense, the network is neutral - it does not play favorites. All this would change (for USA residents) if the US Congress passes the Communications Opportunity, Promotion, and Enhancement (COPE) Act of 2006. This odious new law is the brainchild of telecom and cable TV companies. Chief ogres include Verizon, Comcast, BellSouth and AT&T. Their incentive for pushing this legal abomination is the opportunity to make a lot of money. The COPE Act would do away with the requirement for net neutrality, thus turning America's Internet into a "private network." This would permit ISPs and telecom companies to dish out Internet access to the highest bidder. Under such a regime, AOL could, for example, block access to MSN, or Verizon could throttle your Skype bandwidth because it competes with their own voice-over-IP service. Even worse, a wealthy political party could pay ISPs to block access to a rival party's web sites and blogs. Emailing lists could also be throttled. It's not hard to imagine proprietary software companies paying to block access to DistroWatch, or prevent you from downloading the latest Ubuntu or Fedora release. COPE "If we fail, the Internet will deteriorate to the point of near uselessness." If the COPE Act is passed, the USA - which likes to boast of being a "bastion of freedom" - could ironically wind up with an Internet befitting a Third World dictatorship. However, the damage would not be limited to residents of the USA. The fact is that about 50% of the content on the Internet originates in America, even more if you're talking only about English-language content. Do a Google search on almost any topic - from "motorcycle repair" to "allergies" - and see how much of the hits are American-based web sites. The web sites themselves could be hosted on servers outside the USA, but server location is not the issue. Rather, deprived of their US-readership or US-based advertising revenue, many sites would have to fold. Would the Internet be as useful to you if Wikipedia or Google folded? For that matter, it's hard to see how DistroWatch (which is not US-based) could survive if we lost our American audience and advertisers. There is a lot more I could write about on this topic, but there are others who have already done so (and do it better than me). Some excellent articles about this brewing fiasco appeared recently in The Nation, Raw Story and The Free Press. Sadly, I have seen nothing mentioned on the popular geek web sites that I visit everyday (which is why I'm writing this article). Can anything to done to prevent this disaster (especially since the COPE Act seems to have the support of the Bush administration)? Fortunately, in this case I believe there is hope, though it's going to be a bitter fight. Although we are up against powerful, well-moneyed lobbyists from the telecom industry, we also have some heavyweight supporters, among them Amazon and Google. Opposition to the COPE Act is being coordinated by Save the Internet. If you are a US resident, you should visit their web site and sign their petition. Even more important, they also have a neat little form for sending a message to your representatives and senators - just type in your message, zip code and address, and it will get sent to the proper person (you needn't even know who your representatives are). All such messages should be short and to the point. Basically, what I said in my message was: 1. I oppose the Communications Opportunity, Promotion, and Enhancement (COPE) Act of 2006 in its present form. 2. I support the efforts to amend the act by Representatives Markey, Boucher, Eshoo and Inslee, and Senators Olympia Snowe and Byron Dorgan. 3. I am in favor of Net Neutrality. The telecom/cable industry is pulling out all stops to polish this turd. Their "coalition" has the Orwellian title Hands Off the Internet - their thoroughly misleading web site can be found here. The telecoms have lots of cash, and are handing out campaign contributions (otherwise known as "bribes") by the bucketful in order to get the COPE Act passed. Geeks of the world - especially US-based geeks - need to put down their cups of espresso for a moment and get busy fighting this thing. If we fail, the Internet will deteriorate to the point of near uselessness and we might as well put our computers in storage. In that case, we'll have to all find new hobbies. Possible candidates include knitting and flower arranging. _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From dave at farber.net Wed May 10 12:04:22 2006 From: dave at farber.net (David Farber) Date: Wed, 10 May 2006 15:04:22 -0400 Subject: [IP] President claims supreme power over laws, military -- 750 Message-ID: 'signing statement' X-Mailer: Apple Mail (2.749.3) Reply-To: dave at farber.net Begin forwarded message: From dave at farber.net Wed May 10 12:04:47 2006 From: dave at farber.net (David Farber) Date: Wed, 10 May 2006 15:04:47 -0400 Subject: [IP] Former head of NSA calls Bush wiretapping "authorized," Message-ID: Begin forwarded message: From knuoyxgehjzf at hrtc.net Wed May 10 04:52:05 2006 From: knuoyxgehjzf at hrtc.net (Nicolas Oliver) Date: Wed, 10 May 2006 15:52:05 +0400 Subject: [Auto-Reply] Super Hot Casino Bonuses Offer Message-ID: <695642286639.LBX01336@effeminate.surfonline.us> Hey, so glad to finally get hold of you, Log on to Hi Roller Casino and get $888 FREE Feel like getting rich in the comfort of your own home? Welcome to Hi Roll= er Casino, Where Fortunes are Made! Hi Roller Casino offers over 60 interactive games, including six progressi= ve slots and three progressive games that have paid out some of the largest online jackpots in history! Even better. Hi Roller Casino will give you $1= 0 Free when you download the free software and open a real account. Once you've opened your REAL account and made your first deposit, Hi Roller Casino will match it up to $888. All commercial transactions at Hi Roller Casino are facilitated by Proc-Cy= ber Services, a well-known and established e-cash merchant. Which means you ca= n rest assured that all your credit card transactions are 100% secured by digital encryption as well as a unique password and account number. Online= banking can be done through a variety of safe and user-friendly methods like FirePay, Citadel, NETeller, PrePaidATM, ACH, Wire transfers or Credit= Cards. Need help? Hi Roller Casino provides a friendly, efficient 24/7 Support De= sk via email and toll-free lines. By now you'll be keen to start making your fortune, so click here: http://wicont.com/d1/now/ and start WINNING! This e-mail is not spam. You are receiving this e-mail as you have either = opted to receive our newsletter, or you entered one of our competitions. Please note that this e-mail has NOT been sent by our sponsor, casino or partner/s that is/are being listed in this e-mail. There is no need to unsubscribe as this is a one time only email From dgerow at afflictions.org Wed May 10 14:39:30 2006 From: dgerow at afflictions.org (Damian Gerow) Date: Wed, 10 May 2006 17:39:30 -0400 Subject: [leichter_jerrold@emc.com: Piercing network anonymity in real time] In-Reply-To: <20060510111935.GA8577@arion.hive> References: <20060510090256.GE26713@leitl.org> <20060510091305.GT18560@afflictions.org> <20060510111935.GA8577@arion.hive> Message-ID: <20060510213929.GB52200@afflictions.org> Thus spake Justin (justin-cypherpunks at soze.net) [10/05/06 07:44]: : Google cache. There isn't one. Nor does archive.org have a copy. But it works now. From pickthorne.currin876c at gmail.com Wed May 10 06:20:40 2006 From: pickthorne.currin876c at gmail.com (Luciano Moore) Date: Wen, 10 May 2006 18:20:40 +0500 Subject: [fwd] We found company ready to EXPLODE!! Message-ID: <200605102221.k4AML0fC003718@proton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3442 bytes Desc: not available URL: From dgerow at afflictions.org Wed May 10 17:21:03 2006 From: dgerow at afflictions.org (Damian Gerow) Date: Wed, 10 May 2006 20:21:03 -0400 Subject: [leichter_jerrold@emc.com: Piercing network anonymity in real time] In-Reply-To: <20060510220300.GA26379@arion.hive> References: <20060510090256.GE26713@leitl.org> <20060510091305.GT18560@afflictions.org> <20060510111935.GA8577@arion.hive> <20060510213929.GB52200@afflictions.org> <20060510220300.GA26379@arion.hive> Message-ID: <20060511002102.GC75606@afflictions.org> Thus spake Justin (justin-cypherpunks at soze.net) [10/05/06 18:13]: : Google had, and has, an html cache of the pdf document. Enter the URL : as given into the google search box. (I won't carry this thread further. My apologies to the list for taking it this far.) I'm well aware that if Google doesn't have a cache, they will have translated it to HTML. But: a) I don't trust Google. Call me paranoid, but there's something about them that doesn't sit well with me. b) Using Google's HTML translation of a page doesn't help me when I'm at an SSH console with no browser. That's where fetch/wget, pdf conversion tools, and text viewing tools come in handy. c) If I was just complaining about not being able to get the document, I'd have just shut up. I'm not going to whine to a public list about not being able to download a press release in PDF form. My comment was more the curiousities that the same day the PDF was posted to at least four lists/groups I pay attention to, their server started returning an HTTP Bad Request error for most (if not all) pages. From eugen at leitl.org Wed May 10 12:06:36 2006 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 10 May 2006 21:06:36 +0200 Subject: [dave@farber.net: [IP] Former head of NSA calls Bush wiretapping "authorized,"] Message-ID: <20060510190636.GC26713@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Wed May 10 12:36:26 2006 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 10 May 2006 21:36:26 +0200 Subject: [dave@farber.net: [IP] President claims supreme power over laws, military -- 750 'signing statement'] Message-ID: <20060510193626.GF26713@leitl.org> ----- Forwarded message from David Farber ----- From justin-cypherpunks at soze.net Wed May 10 15:03:00 2006 From: justin-cypherpunks at soze.net (Justin) Date: Wed, 10 May 2006 22:03:00 +0000 Subject: [leichter_jerrold@emc.com: Piercing network anonymity in real time] In-Reply-To: <20060510213929.GB52200@afflictions.org> References: <20060510090256.GE26713@leitl.org> <20060510091305.GT18560@afflictions.org> <20060510111935.GA8577@arion.hive> <20060510213929.GB52200@afflictions.org> Message-ID: <20060510220300.GA26379@arion.hive> On 2006-05-10T17:39:30-0400, Damian Gerow wrote: > Thus spake Justin (justin-cypherpunks at soze.net) [10/05/06 07:44]: > : Google cache. > > There isn't one. Nor does archive.org have a copy. Google had, and has, an html cache of the pdf document. Enter the URL as given into the google search box. -- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants. From gncore7 at ameritrade.com Wed May 10 23:51:20 2006 From: gncore7 at ameritrade.com (Brian Byers) Date: Thu, 11 May 2006 00:51:20 -0600 Subject: Ratess approved Message-ID: <620c489d.2221188@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1154 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: dispensate.jpg Type: image/jpg Size: 5762 bytes Desc: not available URL: From dvick at cyberkal.com Thu May 11 00:04:37 2006 From: dvick at cyberkal.com (Dwayne Blackwell) Date: Thu, 11 May 2006 01:04:37 -0600 Subject: Pre-approved Application #81724245 Thu, 11 May 2006 01:04:37 -0600 Message-ID: <18427451784100.3ILgoCGo7B@cadaverous> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1182 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: instable.gif Type: image/gif Size: 6170 bytes Desc: not available URL: From nburkholder at color.com Thu May 11 03:32:38 2006 From: nburkholder at color.com (Salvatore Hightower) Date: Thu, 11 May 2006 04:32:38 -0600 Subject: Low mortagge ratee approvall Message-ID: <192p101h.1143950@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1202 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: pain.jpg Type: image/jpg Size: 5762 bytes Desc: not available URL: From dominguez at arkbest.com Thu May 11 03:37:17 2006 From: dominguez at arkbest.com (Stacie Hooper) Date: Thu, 11 May 2006 04:37:17 -0600 Subject: Pre-approved Application #clqL21285 Message-ID: <117j081c.5357999@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1156 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: preferential.jpg Type: image/jpg Size: 5762 bytes Desc: not available URL: From rsw at jfet.org Thu May 11 02:47:05 2006 From: rsw at jfet.org (Riad S. Wahby) Date: Thu, 11 May 2006 05:47:05 -0400 Subject: MIME and Cypherpunks In-Reply-To: <20060511093024.GQ75606@afflictions.org> References: <20060511093024.GQ75606@afflictions.org> Message-ID: <20060511094705.GA18940@proton.jfet.org> Damian Gerow wrote: > I've been meaning to ask about this for a while, but... > > Thus spake Eugen Leitl (eugen at leitl.org) [11/05/06 05:01]: > : [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] > > demime on cypherpunks? I know I'm just a user, but this is one of the last > places I'd expect to see MIME attachments, thus PGP signatures, stripped. Point of order: it's not at all necessary to use MIME in order to PGP sign a message. As far as the why: this is a carryover from the days of the LNE.com node; Eric's filter set was very popular and made for a very maintainable node, and so I've continued to use it. I suppose I might consider looking into making exceptions for attachments with particular MIME types, but that's probably opening a nasty can of worms. Personally I'd rather forget that MIME exists and continue to strip all of that crap. Holy shit, I'm turning into Tim. "MIME encrustations" indeed! -- Riad S. Wahby rsw at jfet.org From dgerow at afflictions.org Thu May 11 03:05:06 2006 From: dgerow at afflictions.org (Damian Gerow) Date: Thu, 11 May 2006 06:05:06 -0400 Subject: MIME and Cypherpunks In-Reply-To: <20060511094705.GA18940@proton.jfet.org> References: <20060511093024.GQ75606@afflictions.org> <20060511094705.GA18940@proton.jfet.org> Message-ID: <20060511100506.GS75606@afflictions.org> Thus spake Riad S. Wahby (rsw at jfet.org) [11/05/06 05:57]: : > demime on cypherpunks? I know I'm just a user, but this is one of the last : > places I'd expect to see MIME attachments, thus PGP signatures, stripped. : : Point of order: it's not at all necessary to use MIME in order to PGP : sign a message. Yeah, I know. It's just ... Well, I'd rather not enter that debate, because I don't care that much. I'll just tell my MUA to go inline for cypherpunks. :-/ : I suppose I might consider looking into making exceptions for : attachments with particular MIME types, but that's probably opening a : nasty can of worms. Personally I'd rather forget that MIME exists and : continue to strip all of that crap. Meh. You're running the list. If I really didn't like it, I could always set up another node. From rforno at infowarrior.org Thu May 11 07:01:54 2006 From: rforno at infowarrior.org (Richard Forno) Date: May 11, 2006 7:01:54 AM EDT Subject: NSA has massive database of Americans' phone calls Message-ID: It's a BIG Article, but here's a snippet.... "It's the largest database ever assembled in the world," said one person, who, like the others who agreed to talk about the NSA's activities, declined to be identified by name or affiliation. The agency's goal is "to create a database of every call ever made" within the nation's borders, this person added. http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- The National Security Agency has been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth, people with direct knowledge of the arrangement told USA TODAY. The NSA program reaches into homes and businesses across the nation by amassing information about the calls of ordinary Americans b most of whom aren't suspected of any crime. This program does not involve the NSA listening to or recording conversations. But the spy agency is using the data to analyze calling patterns in an effort to detect terrorist activity, sources said in separate interviews. QUESTIONS AND ANSWERS: The NSA record collection program "It's the largest database ever assembled in the world," said one person, who, like the others who agreed to talk about the NSA's activities, declined to be identified by name or affiliation. The agency's goal is "to create a database of every call ever made" within the nation's borders, this person added. For the customers of these companies, it means that the government has detailed records of calls they made b across town or across the country b to family members, co-workers, business contacts and others. The three telecommunications companies are working under contract with the NSA, which launched the program in 2001 shortly after the Sept. 11 terrorist attacks, the sources said. The program is aimed at identifying and tracking suspected terrorists, they said. The sources would talk only under a guarantee of anonymity because the NSA program is secret. Air Force Gen. Michael Hayden, nominated Monday by President Bush to become the director of the CIA, headed the NSA from March 1999 to April 2005. In that post, Hayden would have overseen the agency's domestic call-tracking program. Hayden declined to comment about the program. The NSA's domestic program, as described by sources, is far more expansive than what the White House has acknowledged. Last year, Bush said he had authorized the NSA to eavesdrop b without warrants b on international calls and international e-mails of people suspected of having links to terrorists when one party to the communication is in the USA. Warrants have also not been used in the NSA's efforts to create a national call database. In defending the previously disclosed program, Bush insisted that the NSA was focused exclusively on international calls. "In other words," Bush explained, "one end of the communication must be outside the United States." As a result, domestic call records b those of calls that originate and terminate within U.S. borders b were believed to be private. Sources, however, say that is not the case. With access to records of billions of domestic calls, the NSA has gained a secret window into the communications habits of millions of Americans. Customers' names, street addresses and other personal information are not being handed over as part of NSA's domestic program, the sources said. But the phone numbers the NSA collects can easily be cross-checked with other databases to obtain that information. Don Weber, a senior spokesman for the NSA, declined to discuss the agency's operations. "Given the nature of the work we do, it would be irresponsible to comment on actual or alleged operational issues; therefore, we have no information to provide," he said. "However, it is important to note that NSA takes its legal responsibilities seriously and operates within the law." The White House would not discuss the domestic call-tracking program. "There is no domestic surveillance without court approval," said Dana Perino, deputy press secretary, referring to actual eavesdropping. She added that all national intelligence activities undertaken by the federal government "are lawful, necessary and required for the pursuit of al-Qaeda and affiliated terrorists." All government-sponsored intelligence activities "are carefully reviewed and monitored," Perino said. She also noted that "all appropriate members of Congress have been briefed on the intelligence efforts of the United States." The government is collecting "external" data on domestic phone calls but is not intercepting "internals," a term for the actual content of the communication, according to a U.S. intelligence official familiar with the program. This kind of data collection from phone companies is not uncommon; it's been done before, though never on this large a scale, the official said. The data are used for "social network analysis," the official said, meaning to study how terrorist networks contact each other and how they are tied together. Carriers uniquely positioned AT&T recently merged with SBC and kept the AT&T name. Verizon, BellSouth and AT&T are the nation's three biggest telecommunications companies; they provide local and wireless phone service to more than 200 million customers. The three carriers control vast networks with the latest communications technologies. They provide an array of services: local and long-distance calling, wireless and high-speed broadband, including video. Their direct access to millions of homes and businesses has them uniquely positioned to help the government keep tabs on the calling habits of Americans. Among the big telecommunications companies, only Qwest has refused to help the NSA, the sources said. According to multiple sources, Qwest declined to participate because it was uneasy about the legal implications of handing over customer information to the government without warrants. Qwest's refusal to participate has left the NSA with a hole in its database. Based in Denver, Qwest provides local phone service to 14 million customers in 14 states in the West and Northwest. But AT&T and Verizon also provide some services b primarily long-distance and wireless b to people who live in Qwest's region. Therefore, they can provide the NSA with at least some access in that area. Created by President Truman in 1952, during the Korean War, the NSA is charged with protecting the United States from foreign security threats. The agency was considered so secret that for years the government refused to even confirm its existence. Government insiders used to joke that NSA stood for "No Such Agency." In 1975, a congressional investigation revealed that the NSA had been intercepting, without warrants, international communications for more than 20 years at the behest of the CIA and other agencies. The spy campaign, code-named "Shamrock," led to the Foreign Intelligence Surveillance Act (FISA), which was designed to protect Americans from illegal eavesdropping. Enacted in 1978, FISA lays out procedures that the U.S. government must follow to conduct electronic surveillance and physical searches of people believed to be engaged in espionage or international terrorism against the United States. A special court, which has 11 members, is responsible for adjudicating requests under FISA. Over the years, NSA code-cracking techniques have continued to improve along with technology. The agency today is considered expert in the practice of "data mining" b sifting through reams of information in search of patterns. Data mining is just one of many tools NSA analysts and mathematicians use to crack codes and track international communications. Paul Butler, a former U.S. prosecutor who specialized in terrorism crimes, said FISA approval generally isn't necessary for government data-mining operations. "FISA does not prohibit the government from doing data mining," said Butler, now a partner with the law firm Akin Gump Strauss Hauer & Feld in Washington, D.C. The caveat, he said, is that "personal identifiers" b such as names, Social Security numbers and street addresses b can't be included as part of the search. "That requires an additional level of probable cause," he said. The usefulness of the NSA's domestic phone-call database as a counterterrorism tool is unclear. Also unclear is whether the database has been used for other purposes. The NSA's domestic program raises legal questions. Historically, AT&T and the regional phone companies have required law enforcement agencies to present a court order before they would even consider turning over a customer's calling data. Part of that owed to the personality of the old Bell Telephone System, out of which those companies grew. Ma Bell's bedrock principle b protection of the customer b guided the company for decades, said Gene Kimmelman, senior public policy director of Consumers Union. "No court order, no customer information b period. That's how it was for decades," he said. The concern for the customer was also based on law: Under Section 222 of the Communications Act, first passed in 1934, telephone companies are prohibited from giving out information regarding their customers' calling habits: whom a person calls, how often and what routes those calls take to reach their final destination. Inbound calls, as well as wireless calls, also are covered. The financial penalties for violating Section 222, one of many privacy reinforcements that have been added to the law over the years, can be stiff. The Federal Communications Commission, the nation's top telecommunications regulatory agency, can levy fines of up to $130,000 per day per violation, with a cap of $1.325 million per violation. The FCC has no hard definition of "violation." In practice, that means a single "violation" could cover one customer or 1 million. In the case of the NSA's international call-tracking program, Bush signed an executive order allowing the NSA to engage in eavesdropping without a warrant. The president and his representatives have since argued that an executive order was sufficient for the agency to proceed. Some civil liberties groups, including the American Civil Liberties Union, disagree. Companies approached The NSA's domestic program began soon after the Sept. 11 attacks, according to the sources. Right around that time, they said, NSA representatives approached the nation's biggest telecommunications companies. The agency made an urgent pitch: National security is at risk, and we need your help to protect the country from attacks. The agency told the companies that it wanted them to turn over their "call-detail records," a complete listing of the calling histories of their millions of customers. In addition, the NSA wanted the carriers to provide updates, which would enable the agency to keep tabs on the nation's calling habits. The sources said the NSA made clear that it was willing to pay for the cooperation. AT&T, which at the time was headed by C. Michael Armstrong, agreed to help the NSA. So did BellSouth, headed by F. Duane Ackerman; SBC, headed by Ed Whitacre; and Verizon, headed by Ivan Seidenberg. With that, the NSA's domestic program began in earnest. AT&T, when asked about the program, replied with a comment prepared for USA TODAY: "We do not comment on matters of national security, except to say that we only assist law enforcement and government agencies charged with protecting national security in strict accordance with the law." In another prepared comment, BellSouth said: "BellSouth does not provide any confidential customer information to the NSA or any governmental agency without proper legal authority." Verizon, the USA's No. 2 telecommunications company behind AT&T, gave this statement: "We do not comment on national security matters, we act in full compliance with the law and we are committed to safeguarding our customers' privacy." Qwest spokesman Robert Charlton said: "We can't talk about this. It's a classified situation." In December, The New York Times revealed that Bush had authorized the NSA to wiretap, without warrants, international phone calls and e-mails that travel to or from the USA. The following month, the Electronic Frontier Foundation, a civil liberties group, filed a class-action lawsuit against AT&T. The lawsuit accuses the company of helping the NSA spy on U.S. phone customers. Last month, U.S. Attorney General Alberto Gonzales alluded to that possibility. Appearing at a House Judiciary Committee hearing, Gonzales was asked whether he thought the White House has the legal authority to monitor domestic traffic without a warrant. Gonzales' reply: "I wouldn't rule it out." His comment marked the first time a Bush appointee publicly asserted that the White House might have that authority. Similarities in programs The domestic and international call-tracking programs have things in common, according to the sources. Both are being conducted without warrants and without the approval of the FISA court. The Bush administration has argued that FISA's procedures are too slow in some cases. Officials, including Gonzales, also make the case that the USA Patriot Act gives them broad authority to protect the safety of the nation's citizens. The chairman of the Senate Intelligence Committee, Sen. Pat Roberts, R-Kan., would not confirm the existence of the program. In a statement, he said, "I can say generally, however, that our subcommittee has been fully briefed on all aspects of the Terrorist Surveillance Program. ... I remain convinced that the program authorized by the president is lawful and absolutely necessary to protect this nation from future attacks." The chairman of the House Intelligence Committee, Rep. Pete Hoekstra, R-Mich., declined to comment. One company differs One major telecommunications company declined to participate in the program: Qwest. According to sources familiar with the events, Qwest's CEO at the time, Joe Nacchio, was deeply troubled by the NSA's assertion that Qwest didn't need a court order b or approval under FISA b to proceed. Adding to the tension, Qwest was unclear about who, exactly, would have access to its customers' information and how that information might be used. Financial implications were also a concern, the sources said. Carriers that illegally divulge calling information can be subjected to heavy fines. The NSA was asking Qwest to turn over millions of records. The fines, in the aggregate, could have been substantial. The NSA told Qwest that other government agencies, including the FBI, CIA and DEA, also might have access to the database, the sources said. As a matter of practice, the NSA regularly shares its information b known as "product" in intelligence circles b with other intelligence groups. Even so, Qwest's lawyers were troubled by the expansiveness of the NSA request, the sources said. The NSA, which needed Qwest's participation to completely cover the country, pushed back hard. Trying to put pressure on Qwest, NSA representatives pointedly told Qwest that it was the lone holdout among the big telecommunications companies. It also tried appealing to Qwest's patriotic side: In one meeting, an NSA representative suggested that Qwest's refusal to contribute to the database could compromise national security, one person recalled. In addition, the agency suggested that Qwest's foot-dragging might affect its ability to get future classified work with the government. Like other big telecommunications companies, Qwest already had classified contracts and hoped to get more. Unable to get comfortable with what NSA was proposing, Qwest's lawyers asked NSA to take its proposal to the FISA court. According to the sources, the agency refused. The NSA's explanation did little to satisfy Qwest's lawyers. "They told (Qwest) they didn't want to do that because FISA might not agree with them," one person recalled. For similar reasons, this person said, NSA rejected Qwest's suggestion of getting a letter of authorization from the U.S. attorney general's office. A second person confirmed this version of events. In June 2002, Nacchio resigned amid allegations that he had misled investors about Qwest's financial health. But Qwest's legal questions about the NSA request remained. Unable to reach agreement, Nacchio's successor, Richard Notebaert, finally pulled the plug on the NSA talks in late 2004, the sources said. Contributing: John Diamond -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From peter at peterswire.net Thu May 11 08:28:39 2006 From: peter at peterswire.net (Peter Swire) Date: May 11, 2006 8:28:39 PM EDT Subject: Apparent large telco liability based on USA Today facts Message-ID: Dave: Perhaps your list can spot a flaw here. Based on the statutory language, it seems that the telcos face really large liability on the facts as reported in USA Today. Thanks, Peter http://thinkprogress.org/2006/05/11/telcos-liable/ This morning, USA Today reported that three telecommunications companies - AT&T, Verizon and BellSouth - provided "phone call records of tens of millions of Americans" to the National Security Agency. Such conduct appears to be illegal and could make the telco firms liable for tens of billions of dollars. Here's why: 1. It violates the Stored Communications Act. The Stored Communications Act, Section 2703(c), provides exactly five exceptions that would permit a phone company to disclose to the government the list of calls to or from a subscriber: (i) a warrant; (ii) a court order; (iii) the customer's consent; (iv) for telemarketing enforcement; or (v) by "administrative subpoena." The first four clearly don't apply. As for administrative subpoenas, where a government agency asks for records without court approval, there is a simple answer - the NSA has no administrative subpoena authority, and it is the NSA that reportedly got the phone records. 2. The penalty for violating the Stored Communications Act is $1000 per individual violation. Section 2707 of the Stored Communications Act gives a private right of action to any telephone customer "aggrieved by any violation." If the phone company acted with a "knowing or intentional state of mind," then the customer wins actual harm, attorney's fees, and "in no case shall a person entitled to recover receive less than the sum of $1,000." (The phone companies might say they didn't "know" they were violating the law. But USA Today reports that Qwest's lawyers knew about the legal risks, which are bright and clear in the statute book.) 3. The Foreign Intelligence Surveillance Act doesn't get the telcos off the hook. According to USA Today, the NSA did not go to the FISA court to get a court order. And Qwest is quoted as saying that the Attorney General would not certify that the request was lawful under FISA. So FISA provides no defense for the phone companies, either. In other words, for every 1 million Americans whose records were turned over to NSA, the telcos could be liable for $1 billion in penalties, plus attorneys fees. You do the math. Prof. Peter P. Swire C. William O'Neill Professor of Law Moritz College of Law of The Ohio State University Visiting Senior Fellow, Center for American Progress (240) 994-4142, www.peterswire.net ------------------------------------- You are subscribed as synthesis.law.and.technology at gmail.com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting- people/ -- ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From dave at farber.net Thu May 11 05:40:06 2006 From: dave at farber.net (David Farber) Date: Thu, 11 May 2006 08:40:06 -0400 Subject: [IP] NSA has massive database of Americans' phone calls Message-ID: Begin forwarded message: From dave at farber.net Thu May 11 05:53:54 2006 From: dave at farber.net (David Farber) Date: Thu, 11 May 2006 08:53:54 -0400 Subject: [IP] (Disturbing) Security Issue Kills Domestic Spying Probe Message-ID: Begin forwarded message: From coderman at gmail.com Thu May 11 09:56:45 2006 From: coderman at gmail.com (coderman) Date: Thu, 11 May 2006 09:56:45 -0700 Subject: [dave@farber.net: [IP] NSA has massive database of Americans' phone calls] In-Reply-To: References: <20060511125504.GQ26713@leitl.org> Message-ID: <4ef5fec60605110956x47725f58pd641a6cae387ebe5@mail.gmail.com> On 5/11/06, Tyler Durden wrote: > No surprise, really. actually, there was one detail which surprised me: """Among the big telecommunications companies, only Qwest has refused to help the NSA, the sources said. According to multiple sources, Qwest declined to participate because it was uneasy about the legal implications of handing over customer information to the government without warrants... According to sources familiar with the events, Qwest's CEO at the time, Joe Nacchio, was deeply troubled by the NSA's assertion that Qwest didn't need a court order  or approval under FISA  to proceed... Trying to put pressure on Qwest, NSA representatives pointedly told Qwest that it was the lone holdout among the big telecommunications companies. It also tried appealing to Qwest's patriotic side: In one meeting, an NSA representative suggested that Qwest's refusal to contribute to the database could compromise national security, one person recalled. In addition, the agency suggested that Qwest's foot-dragging might affect its ability to get future classified work with the government. Like other big telecommunications companies, Qwest already had classified contracts and hoped to get more.""" > And of course, no one's asking what it means when NSA says they haven't > "read" the message. Does this mean by a human? of course. computers can't read ;) i'm still lusting for financial full disclosure: "... The sources said the NSA made clear that it was willing to pay for the cooperation." , maybe in a decade or two.. From eugen at leitl.org Thu May 11 01:39:31 2006 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 11 May 2006 10:39:31 +0200 Subject: [leichter_jerrold@emc.com: Piercing network anonymity in real time] In-Reply-To: <20060511002102.GC75606@afflictions.org> References: <20060510090256.GE26713@leitl.org> <20060510091305.GT18560@afflictions.org> <20060510111935.GA8577@arion.hive> <20060510213929.GB52200@afflictions.org> <20060510220300.GA26379@arion.hive> <20060511002102.GC75606@afflictions.org> Message-ID: <20060511083931.GW26713@leitl.org> On Wed, May 10, 2006 at 08:21:03PM -0400, Damian Gerow wrote: > a) I don't trust Google. Call me paranoid, but there's something about them > that doesn't sit well with me. Anyone who expects a legal person on the long run to maximize anything else than shareholder value short-to-mid-term needs her head examined. If they don't bend over backwards to cooperate with TLAs (for a corporation, that would a first in known history) they're certainly a one-stop shop to pick up information for any TLA that cares. You don't have to subpoena if you tap upstream -- does anyone here doubt that all search engines are tapped upstream? That would be criminally incompetent, wouldn't it. -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From joehall at gmail.com Thu May 11 11:56:45 2006 From: joehall at gmail.com (Joseph Lorenzo Hall) Date: May 11, 2006 11:56:45 AM EDT Subject: Serious vulnerability in Diebold DRE voting machines... Message-ID: The public (redacted) report on this should be available in one hour (10AM PDT). -Joe ---- # Voting glitch said to be 'dangerous' # By Ian Hoffman, STAFF WRITER Inside Bay Area Elections officials in several states are scrambling to understand and limit the risk from a "dangerous" security hole found in Diebold Election Systems Inc.'s ATM-like touch-screen voting machines. The hole is considered more worrisome than most security problems discovered on modern voting machines, such as weak encryption, easily pickable locks and use of the same, weak password nationwide. Armed with a little basic knowledge of Diebold voting systems and a standard component available at any computer store, someone with a minute or two of access to a Diebold touch screen could load virtually any software into the machine and disable it, redistribute votes or alter its performance in myriad ways. "This one is worse than any of the others I've seen. It's more fundamental," said Douglas Jones, a University of Iowa computer scientist and veteran voting-system examiner for the state of Iowa. "In the other ones, we've been arguing about the security of the locks on the front door," Jones said. "Now we find that there's no back door. This is the kind of thing where if the states don't get out in front of the hackers, there's a real threat." The Argus is withholding some details of the vulnerability at the request of several elections officials and scientists, partly because exploiting it is so simple and the tools for doing so are widely available. A Finnish computer expert working with Black Box Voting, a nonprofit organization critical of electronic voting, found the security hole in March after Emery County, Utah, was forced by state officials to accept Diebold touch screens, and a local elections official allowed the expert to examine the machines. Black Box Voting was to issue two reports today on the security hole, one of limited distribution that explains the vulnerability fully and one for public release that withholds key technical details. The computer expert, Harri Hursti, quietly sent word of the vulnerability in March to several computer scientists who advise various states on voting systems. At least two of those scientists verified some or all of Hursti's findings. Several notified their states and requested meetings with Diebold to understand the problem. [...] The result, said Iowa's Jones, is a violation of federal voting system rules. "All of us who have heard the technical details of this are really shocked. It defies reason that anyone who works with security would tolerate this design," he said. Contact Ian Hoffman at ihoffman at angnewspapers.com. -- Joseph Lorenzo Hall PhD Student, UC Berkeley, School of Information ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Thu May 11 09:29:41 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 11 May 2006 12:29:41 -0400 Subject: [Clips] Security Issue Kills Domestic Spying Probe Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Thu, 11 May 2006 10:28:16 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Security Issue Kills Domestic Spying Probe Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com Yahoo! Security Issue Kills Domestic Spying Probe By DEVLIN BARRETT, Associated Press Writer 1 hour, 24 minutes ago The government has abruptly ended an inquiry into the warrantless eavesdropping program because the National Security Agency refused to grant Justice Department lawyers the necessary security clearance to probe the matter. The Justice Department's Office of Professional Responsibility, or OPR, sent a fax to Rep. Maurice Hinchey (news, bio, voting record), D-N.Y., on Wednesday saying they were closing their inquiry because without clearance their lawyers cannot examine Justice lawyers' role in the program. "We have been unable to make any meaningful progress in our investigation because OPR has been denied security clearances for access to information about the NSA program," OPR counsel H. Marshall Jarrett wrote to Hinchey. Hinchey's office shared the letter with The Associated Press. Jarrett wrote that beginning in January, his office has made a series of requests for the necessary clearances. Those requests were denied Tuesday. "Without these clearances, we cannot investigate this matter and therefore have closed our investigation," wrote Jarrett. Justice Department spokesman Brian Roehrkasse said the terrorist surveillance program "has been subject to extensive oversight both in the executive branch and in Congress from the time of its inception." Roehrkasse noted the OPR's mission is not to investigate possible wrongdoing in other agencies, but to determine if Justice Department lawyers violated any ethical rules. He declined to comment when asked if the end of the inquiry meant the agency believed its lawyers had handled the wiretapping matter ethically. Hinchey is one of many House Democrats who have been highly critical of the domestic eavesdropping program first revealed in December. He said lawmakers would push to find out who at the NSA denied the Justice Department lawyers security clearance. "This administration thinks they can just violate any law they want, and they've created a culture of fear to try to get away with that. It's up to us to stand up to them," said Hinchey. In February, the OPR announced it would examine the conduct of its own agency's lawyers in the program, though they were not authorized to investigate NSA activities. Bush's decision to authorize the largest U.S. spy agency to monitor people inside the United States, without warrants, generated a host of questions about the program's legal justification. The administration has vehemently defended the eavesdropping, saying the NSA's activities were narrowly targeted to intercept international calls and e-mails of Americans and others inside the U.S. with suspected ties to the al-Qaida terror network. Separately, the Justice Department sought last month to dismiss a federal lawsuit accusing the telephone company AT&T of colluding with the Bush administration's warrantless wiretapping program. The lawsuit, brought by an Internet privacy group, does not name the government as a defendant, but the Department of Justice has sought to quash the lawsuit, saying it threatens to expose government and military secrets. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Thu May 11 03:40:10 2006 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 11 May 2006 12:40:10 +0200 Subject: MIME and Cypherpunks In-Reply-To: <20060511094705.GA18940@proton.jfet.org> References: <20060511093024.GQ75606@afflictions.org> <20060511094705.GA18940@proton.jfet.org> Message-ID: <20060511104010.GK26713@leitl.org> On Thu, May 11, 2006 at 05:47:05AM -0400, Riad S. Wahby wrote: > Point of order: it's not at all necessary to use MIME in order to PGP > sign a message. Yes, but it's legal (according to RFC2015 or somesuch), and convenient. It doesn't clutter the mail body, and mutt happens to verify the signatures automatically. Couldn't get it to verify inline digsigs. > As far as the why: this is a carryover from the days of the LNE.com > node; Eric's filter set was very popular and made for a very > maintainable node, and so I've continued to use it. I have no problem with demime -- it just screws up text formatting. > I suppose I might consider looking into making exceptions for > attachments with particular MIME types, but that's probably opening a > nasty can of worms. Personally I'd rather forget that MIME exists and > continue to strip all of that crap. > > Holy shit, I'm turning into Tim. "MIME encrustations" indeed! You rang? http://groups.google.com/groups/search?q=author%3A%22Tim+May%22&start=0&scoring=d&hl=en&lr=&safe=off&num=10& -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 191 bytes Desc: Digital signature URL: From camera_lumina at hotmail.com Thu May 11 09:44:11 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 11 May 2006 12:44:11 -0400 Subject: [dave@farber.net: [IP] NSA has massive database of Americans' phone calls] In-Reply-To: <20060511125504.GQ26713@leitl.org> Message-ID: No surprise, really. Points to one main thing, though: Without technically opening a message NSA can garner large amounts of useful information. Between source/destination addresses, application, existence of encryption and other details they can take a good guess as to whether it would be worthwhile to (technically) break the law and actually have a human read the message. And of course, no one's asking what it means when NSA says they haven't "read" the message. Does this mean by a human? If only by humans, how much of the letter can machines digest and act upon it before it's considered "read"? If a machine reads a message stating that Mohammed Al-Qaeda will be on the corner of Roosevelt Avenue and 56th street, and then that machine sends a message to the guys in dark suits to pick up Mohammed for "probing", does NSA (or anyone else in this country) consider that a violation of the law? -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [dave at farber.net: [IP] NSA has massive database of Americans' >phone calls] >Date: Thu, 11 May 2006 14:55:04 +0200 > >Full text pasted below. > >----- Forwarded message from David Farber ----- > >From: David Farber >Date: Thu, 11 May 2006 08:40:06 -0400 >To: ip at v2.listbox.com >Subject: [IP] NSA has massive database of Americans' phone calls >X-Mailer: Apple Mail (2.749.3) >Reply-To: dave at farber.net > > > >Begin forwarded message: > >From: Richard Forno >Date: May 11, 2006 7:01:54 AM EDT >To: Dave Farber >Subject: NSA has massive database of Americans' phone calls > > >It's a BIG Article, but here's a snippet.... > > >"It's the largest database ever assembled in the world," said one >person, >who, like the others who agreed to talk about the NSA's activities, >declined >to be identified by name or affiliation. The agency's goal is "to >create a >database of every call ever made" within the nation's borders, this >person >added. > > >http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm > > > > >------------------------------------- >You are subscribed as eugen at leitl.org >To manage your subscription, go to > http://v2.listbox.com/member/?listname=ip > >Archives at: http://www.interesting-people.org/archives/interesting-people/ > >----- End forwarded message ----- > >The National Security Agency has been secretly collecting the phone call >records of tens of millions of Americans, using data provided by AT&T, >Verizon and BellSouth, people with direct knowledge of the arrangement told >USA TODAY. > >The NSA program reaches into homes and businesses across the nation by >amassing information about the calls of ordinary Americans b most of whom >aren't suspected of any crime. This program does not involve the NSA >listening to or recording conversations. But the spy agency is using the >data to analyze calling patterns in an effort to detect terrorist activity, >sources said in separate interviews. > >QUESTIONS AND ANSWERS: The NSA record collection program > >"It's the largest database ever assembled in the world," said one person, >who, like the others who agreed to talk about the NSA's activities, >declined to be identified by name or affiliation. The agency's goal is "to >create a database of every call ever made" within the nation's borders, >this person added. > >For the customers of these companies, it means that the government has >detailed records of calls they made b across town or across the country b >to family members, co-workers, business contacts and others. > >The three telecommunications companies are working under contract with the >NSA, which launched the program in 2001 shortly after the Sept. 11 >terrorist attacks, the sources said. The program is aimed at identifying >and tracking suspected terrorists, they said. > >The sources would talk only under a guarantee of anonymity because the NSA >program is secret. > >Air Force Gen. Michael Hayden, nominated Monday by President Bush to become >the director of the CIA, headed the NSA from March 1999 to April 2005. In >that post, Hayden would have overseen the agency's domestic call-tracking >program. Hayden declined to comment about the program. > >The NSA's domestic program, as described by sources, is far more expansive >than what the White House has acknowledged. Last year, Bush said he had >authorized the NSA to eavesdrop b without warrants b on international >calls and international e-mails of people suspected of having links to >terrorists when one party to the communication is in the USA. Warrants have >also not been used in the NSA's efforts to create a national call database. > >In defending the previously disclosed program, Bush insisted that the NSA >was focused exclusively on international calls. "In other words," Bush >explained, "one end of the communication must be outside the United >States." > >As a result, domestic call records b those of calls that originate and >terminate within U.S. borders b were believed to be private. > >Sources, however, say that is not the case. With access to records of >billions of domestic calls, the NSA has gained a secret window into the >communications habits of millions of Americans. Customers' names, street >addresses and other personal information are not being handed over as part >of NSA's domestic program, the sources said. But the phone numbers the NSA >collects can easily be cross-checked with other databases to obtain that >information. > >Don Weber, a senior spokesman for the NSA, declined to discuss the agency's >operations. "Given the nature of the work we do, it would be irresponsible >to comment on actual or alleged operational issues; therefore, we have no >information to provide," he said. "However, it is important to note that >NSA takes its legal responsibilities seriously and operates within the >law." > >The White House would not discuss the domestic call-tracking program. >"There is no domestic surveillance without court approval," said Dana >Perino, deputy press secretary, referring to actual eavesdropping. > >She added that all national intelligence activities undertaken by the >federal government "are lawful, necessary and required for the pursuit of >al-Qaeda and affiliated terrorists." All government-sponsored intelligence >activities "are carefully reviewed and monitored," Perino said. She also >noted that "all appropriate members of Congress have been briefed on the >intelligence efforts of the United States." > >The government is collecting "external" data on domestic phone calls but is >not intercepting "internals," a term for the actual content of the >communication, according to a U.S. intelligence official familiar with the >program. This kind of data collection from phone companies is not uncommon; >it's been done before, though never on this large a scale, the official >said. The data are used for "social network analysis," the official said, >meaning to study how terrorist networks contact each other and how they are >tied together. > >Carriers uniquely positioned > >AT&T recently merged with SBC and kept the AT&T name. Verizon, BellSouth >and AT&T are the nation's three biggest telecommunications companies; they >provide local and wireless phone service to more than 200 million >customers. > >The three carriers control vast networks with the latest communications >technologies. They provide an array of services: local and long-distance >calling, wireless and high-speed broadband, including video. Their direct >access to millions of homes and businesses has them uniquely positioned to >help the government keep tabs on the calling habits of Americans. > >Among the big telecommunications companies, only Qwest has refused to help >the NSA, the sources said. According to multiple sources, Qwest declined to >participate because it was uneasy about the legal implications of handing >over customer information to the government without warrants. > >Qwest's refusal to participate has left the NSA with a hole in its >database. Based in Denver, Qwest provides local phone service to 14 million >customers in 14 states in the West and Northwest. But AT&T and Verizon also >provide some services b primarily long-distance and wireless b to people >who live in Qwest's region. Therefore, they can provide the NSA with at >least some access in that area. > >Created by President Truman in 1952, during the Korean War, the NSA is >charged with protecting the United States from foreign security threats. >The agency was considered so secret that for years the government refused >to even confirm its existence. Government insiders used to joke that NSA >stood for "No Such Agency." > >In 1975, a congressional investigation revealed that the NSA had been >intercepting, without warrants, international communications for more than >20 years at the behest of the CIA and other agencies. The spy campaign, >code-named "Shamrock," led to the Foreign Intelligence Surveillance Act >(FISA), which was designed to protect Americans from illegal eavesdropping. > >Enacted in 1978, FISA lays out procedures that the U.S. government must >follow to conduct electronic surveillance and physical searches of people >believed to be engaged in espionage or international terrorism against the >United States. A special court, which has 11 members, is responsible for >adjudicating requests under FISA. > >Over the years, NSA code-cracking techniques have continued to improve >along with technology. The agency today is considered expert in the >practice of "data mining" b sifting through reams of information in search >of patterns. Data mining is just one of many tools NSA analysts and >mathematicians use to crack codes and track international communications. > >Paul Butler, a former U.S. prosecutor who specialized in terrorism crimes, >said FISA approval generally isn't necessary for government data-mining >operations. "FISA does not prohibit the government from doing data mining," >said Butler, now a partner with the law firm Akin Gump Strauss Hauer & Feld >in Washington, D.C. > >The caveat, he said, is that "personal identifiers" b such as names, >Social Security numbers and street addresses b can't be included as part >of the search. "That requires an additional level of probable cause," he >said. > >The usefulness of the NSA's domestic phone-call database as a >counterterrorism tool is unclear. Also unclear is whether the database has >been used for other purposes. > >The NSA's domestic program raises legal questions. Historically, AT&T and >the regional phone companies have required law enforcement agencies to >present a court order before they would even consider turning over a >customer's calling data. Part of that owed to the personality of the old >Bell Telephone System, out of which those companies grew. > >Ma Bell's bedrock principle b protection of the customer b guided the >company for decades, said Gene Kimmelman, senior public policy director of >Consumers Union. "No court order, no customer information b period. That's >how it was for decades," he said. > >The concern for the customer was also based on law: Under Section 222 of >the Communications Act, first passed in 1934, telephone companies are >prohibited from giving out information regarding their customers' calling >habits: whom a person calls, how often and what routes those calls take to >reach their final destination. Inbound calls, as well as wireless calls, >also are covered. > >The financial penalties for violating Section 222, one of many privacy >reinforcements that have been added to the law over the years, can be >stiff. The Federal Communications Commission, the nation's top >telecommunications regulatory agency, can levy fines of up to $130,000 per >day per violation, with a cap of $1.325 million per violation. The FCC has >no hard definition of "violation." In practice, that means a single >"violation" could cover one customer or 1 million. > >In the case of the NSA's international call-tracking program, Bush signed >an executive order allowing the NSA to engage in eavesdropping without a >warrant. The president and his representatives have since argued that an >executive order was sufficient for the agency to proceed. Some civil >liberties groups, including the American Civil Liberties Union, disagree. > >Companies approached > >The NSA's domestic program began soon after the Sept. 11 attacks, according >to the sources. Right around that time, they said, NSA representatives >approached the nation's biggest telecommunications companies. The agency >made an urgent pitch: National security is at risk, and we need your help >to protect the country from attacks. > >The agency told the companies that it wanted them to turn over their >"call-detail records," a complete listing of the calling histories of their >millions of customers. In addition, the NSA wanted the carriers to provide >updates, which would enable the agency to keep tabs on the nation's calling >habits. > >The sources said the NSA made clear that it was willing to pay for the >cooperation. AT&T, which at the time was headed by C. Michael Armstrong, >agreed to help the NSA. So did BellSouth, headed by F. Duane Ackerman; SBC, >headed by Ed Whitacre; and Verizon, headed by Ivan Seidenberg. > >With that, the NSA's domestic program began in earnest. > >AT&T, when asked about the program, replied with a comment prepared for USA >TODAY: "We do not comment on matters of national security, except to say >that we only assist law enforcement and government agencies charged with >protecting national security in strict accordance with the law." > >In another prepared comment, BellSouth said: "BellSouth does not provide >any confidential customer information to the NSA or any governmental agency >without proper legal authority." > >Verizon, the USA's No. 2 telecommunications company behind AT&T, gave this >statement: "We do not comment on national security matters, we act in full >compliance with the law and we are committed to safeguarding our customers' >privacy." > >Qwest spokesman Robert Charlton said: "We can't talk about this. It's a >classified situation." > >In December, The New York Times revealed that Bush had authorized the NSA >to wiretap, without warrants, international phone calls and e-mails that >travel to or from the USA. The following month, the Electronic Frontier >Foundation, a civil liberties group, filed a class-action lawsuit against >AT&T. The lawsuit accuses the company of helping the NSA spy on U.S. phone >customers. > >Last month, U.S. Attorney General Alberto Gonzales alluded to that >possibility. Appearing at a House Judiciary Committee hearing, Gonzales was >asked whether he thought the White House has the legal authority to monitor >domestic traffic without a warrant. Gonzales' reply: "I wouldn't rule it >out." His comment marked the first time a Bush appointee publicly asserted >that the White House might have that authority. > >Similarities in programs > >The domestic and international call-tracking programs have things in >common, according to the sources. Both are being conducted without warrants >and without the approval of the FISA court. The Bush administration has >argued that FISA's procedures are too slow in some cases. Officials, >including Gonzales, also make the case that the USA Patriot Act gives them >broad authority to protect the safety of the nation's citizens. > >The chairman of the Senate Intelligence Committee, Sen. Pat Roberts, >R-Kan., would not confirm the existence of the program. In a statement, he >said, "I can say generally, however, that our subcommittee has been fully >briefed on all aspects of the Terrorist Surveillance Program. ... I remain >convinced that the program authorized by the president is lawful and >absolutely necessary to protect this nation from future attacks." > >The chairman of the House Intelligence Committee, Rep. Pete Hoekstra, >R-Mich., declined to comment. > >One company differs > >One major telecommunications company declined to participate in the >program: Qwest. > >According to sources familiar with the events, Qwest's CEO at the time, Joe >Nacchio, was deeply troubled by the NSA's assertion that Qwest didn't need >a court order b or approval under FISA b to proceed. Adding to the >tension, Qwest was unclear about who, exactly, would have access to its >customers' information and how that information might be used. > >Financial implications were also a concern, the sources said. Carriers that >illegally divulge calling information can be subjected to heavy fines. The >NSA was asking Qwest to turn over millions of records. The fines, in the >aggregate, could have been substantial. > >The NSA told Qwest that other government agencies, including the FBI, CIA >and DEA, also might have access to the database, the sources said. As a >matter of practice, the NSA regularly shares its information b known as >"product" in intelligence circles b with other intelligence groups. Even >so, Qwest's lawyers were troubled by the expansiveness of the NSA request, >the sources said. > >The NSA, which needed Qwest's participation to completely cover the >country, pushed back hard. > >Trying to put pressure on Qwest, NSA representatives pointedly told Qwest >that it was the lone holdout among the big telecommunications companies. It >also tried appealing to Qwest's patriotic side: In one meeting, an NSA >representative suggested that Qwest's refusal to contribute to the database >could compromise national security, one person recalled. > >In addition, the agency suggested that Qwest's foot-dragging might affect >its ability to get future classified work with the government. Like other >big telecommunications companies, Qwest already had classified contracts >and hoped to get more. > >Unable to get comfortable with what NSA was proposing, Qwest's lawyers >asked NSA to take its proposal to the FISA court. According to the sources, >the agency refused. > >The NSA's explanation did little to satisfy Qwest's lawyers. "They told >(Qwest) they didn't want to do that because FISA might not agree with >them," one person recalled. For similar reasons, this person said, NSA >rejected Qwest's suggestion of getting a letter of authorization from the >U.S. attorney general's office. A second person confirmed this version of >events. > >In June 2002, Nacchio resigned amid allegations that he had misled >investors about Qwest's financial health. But Qwest's legal questions about >the NSA request remained. > >Unable to reach agreement, Nacchio's successor, Richard Notebaert, finally >pulled the plug on the NSA talks in late 2004, the sources said. > >Contributing: John Diamond > >-- >Eugen* Leitl leitl http://leitl.org >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.ativel.com >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE From camera_lumina at hotmail.com Thu May 11 09:46:09 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 11 May 2006 12:46:09 -0400 Subject: MIME and Cypherpunks In-Reply-To: <20060511094705.GA18940@proton.jfet.org> Message-ID: >Holy shit, I'm turning into Tim. "MIME encrustations" indeed! The destruction of the lecherous MIME encrustrations will be glorious. -TD From rah at shipwright.com Thu May 11 10:00:49 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 11 May 2006 13:00:49 -0400 Subject: [Clips] Bush: We're not trolling your personal life Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Thu, 11 May 2006 12:58:23 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Bush: We're not trolling your personal life Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com CNN Bush: We're not trolling your personal life Lawmakers demand answers on phone records report Thursday, May 11, 2006; Posted: 12:54 p.m. EDT (16:54 GMT) President Bush: "We are not mining or trolling through the personal lives of innocent Americans." WASHINGTON (AP) -- Congressional Republicans and Democrats demanded answers from the Bush administration Thursday about a government spy agency secretly collecting records of ordinary Americans' phone calls to build a database of every call made within the country. Facing intense criticism from Congress, President Bush did not confirm the work of the National Security Agency but sought to assure Americans that their privacy is being "fiercely protected." "We are not mining or trolling through the personal lives of innocent Americans," Bush said before leaving for a commencement address at Mississippi Gulf Coast Community College in Biloxi. (Transcript) The disclosure could complicate Bush's bid to win confirmation of former NSA director Gen. Michael Hayden as CIA director. The top-ranking Democrat on the Senate Judiciary Committee said he was shocked by the revelation about the NSA. "It is our government, it's not one party's government. It's America's government. Those entrusted with great power have a duty to answer to Americans what they are doing," Sen. Patrick Leahy of Vermont. AT&T Corp., Verizon Communications Inc., and BellSouth Corp. telephone companies began turning over records of tens of millions of their customers' phone calls to the National Security Agency program shortly after the Sept. 11, 2001, terrorist attacks, said USA Today, citing anonymous sources it said had direct knowledge of the arrangement. The Republican chairman of the Senate Judiciary Committee, Sen. Arlen Specter of Pennsylvania, said he would call the phone companies to appear before the panel "to find out exactly what is going on." The companies said Thursday that they are protecting customers' privacy but have an obligation to assist law enforcement and government agencies in ensuring the nation's security. "We prize the trust our customers place in us. If and when AT&T is asked to help, we do so strictly within the law and under the most stringent conditions," the company said in a statement, echoed by the others. Bush: U.S. intelligence targets terrorists Bush did not confirm or deny the USA Today report. But he did say that U.S. intelligence targets terrorists and that the government does not listen to domestic telephone calls without court approval and that Congress has been briefed on intelligence programs. He vowed to do everything in his power to fight terror and "we will do so within the laws of our country." On Capitol Hill, several lawmakers expressed incredulity about the program, with some Republicans questioning its rationale and legal underpinning and several Democrats railing about the lack of congressional oversight. "I don't know enough about the details except that I am willing to find out because I'm not sure why it would be necessary to keep and have that kind of information," said House Majority Leader John Boehner, R-Ohio. Republican Sen. Lindsey Graham, R-South Carolina, told Fox News Channel: "The idea of collecting millions or thousands of phone numbers, how does that fit into following the enemy?" Sen. Dick Durbin, D-Illinois, said bringing the telephone companies before the Judiciary Committee is an important step. "We need more. We need to take this seriously, more seriously than some other matters that might come before the committee because our privacy as American citizens is at stake," Durbin said. Sen. Jeff Sessions, R-Alabama, argued that the program "is not a warrantless wiretapping of the American people. I don't think this action is nearly as troublesome as being made out here, because they are not tapping our phones." The program does not involve listening to or taping the calls. Instead it documents who talks to whom in personal and business calls, whether local or long distance, by tracking which numbers are called, the newspaper said. No immediate response from NSA The NSA and the Office of National Intelligence Director did not immediately respond to requests for comment. NSA is the same spy agency that conducts the controversial domestic eavesdropping program that had been acknowledged earlier by Bush. The president said last year that he authorized the NSA to listen, without warrants, to international phone calls involving Americans suspected of terrorist links. The report came as Hayden -- Bush's choice to take over leadership of the CIA -- had been scheduled to visit lawmakers on Capitol Hill Thursday. However, the meetings with Republican Sens. Rick Santorum of Pennsylvania and Lisa Murkowski of Alaska were postponed at the request of the White House, said congressional aides in the two Senate offices. The White House offered no reason for the postponement to the lawmakers. Other meetings with lawmakers were still planned. Hayden already faced criticism because of the NSA's secret domestic eavesdropping program. As head of the NSA from March 1999 to April 2005, Hayden also would have overseen the call-tracking program. Sen. Dianne Feinstein, D-California, who has spoken favorably of the nomination, said the latest revelation "is also going to present a growing impediment to the confirmation of Gen. Hayden." The NSA wants the database of domestic call records to look for any patterns that might suggest terrorist activity, USA Today said. Don Weber, a senior spokesman for the NSA, told the paper that the agency operates within the law, but would not comment further on its operations. One big telecommunications company, Qwest, has refused to turn over records to the program, the newspaper said, because of privacy and legal concerns. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From dwomcdkqqkkjyi at allvantage.com Thu May 11 11:35:41 2006 From: dwomcdkqqkkjyi at allvantage.com (Cowles) Date: Thu, 11 May 2006 13:35:41 -0500 Subject: Enemy of your Fat Message-ID: <863a729w.9101381@proforma.com> and stringy in algerian the streamside it's headway be cyprian -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2038 bytes Desc: not available URL: From dave at farber.net Thu May 11 11:14:12 2006 From: dave at farber.net (David Farber) Date: Thu, 11 May 2006 14:14:12 -0400 Subject: [IP] Serious vulnerability in Diebold DRE voting machines... Message-ID: Begin forwarded message: From eugen at leitl.org Thu May 11 05:55:04 2006 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 11 May 2006 14:55:04 +0200 Subject: [dave@farber.net: [IP] NSA has massive database of Americans' phone calls] Message-ID: <20060511125504.GQ26713@leitl.org> Full text pasted below. ----- Forwarded message from David Farber ----- From eugen at leitl.org Thu May 11 05:57:09 2006 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 11 May 2006 14:57:09 +0200 Subject: [dave@farber.net: [IP] (Disturbing) Security Issue Kills Domestic Spying Probe] Message-ID: <20060511125709.GR26713@leitl.org> How very convenient. ----- Forwarded message from David Farber ----- From coderman at gmail.com Thu May 11 15:34:33 2006 From: coderman at gmail.com (coderman) Date: Thu, 11 May 2006 15:34:33 -0700 Subject: [dave@farber.net: [IP] NSA has massive database of Americans' phone calls] In-Reply-To: <20060511125504.GQ26713@leitl.org> References: <20060511125504.GQ26713@leitl.org> Message-ID: <4ef5fec60605111534v2efd7367r17e8cc56e56d669a@mail.gmail.com> hrmm, another question below... On 5/11/06, Eugen Leitl wrote: > ... > The National Security Agency has been secretly collecting the phone call records ... > using data provided by AT&T, Verizon and BellSouth > ... > The NSA's domestic program began soon after the Sept. 11 attacks, ... > NSA representatives approached the nation's biggest telecommunications companies. > ... > AT&T, which at the time was headed by C. Michael Armstrong, agreed to help > the NSA. So did BellSouth, headed by F. Duane Ackerman; SBC, headed by > Ed Whitacre; and Verizon, headed by Ivan Seidenberg. > ... > Trying to put pressure on Qwest, NSA representatives pointedly told Qwest > that it was the lone holdout among the big telecommunications companies. let's look at 2002 operating revenue as a clue to telco size: 1. Verizon - $67,625,000,000 2. SBC - $43,138,000,000 3. AT&T - $37,827,000,000 4. Sprint+PCS - $27,256,000,000 (now add nextel?) 5. BellSouth - $22,440,000,000 6. Quest - $19,965,000,000 funny there is no mention of requests to Sprint; why their conspicuous absence? here's a paranoid theory: they already provided pen register equivalent data in real-time and could easily support the additional raw fiber taps used for targeted capture before 9/11 made it a well funded and well obfuscated priority across all carriers. Daytona wasn't the only prototype / telco system adopted in this domestic info war zone. keep the whistles blowing... From coderman at gmail.com Thu May 11 15:45:59 2006 From: coderman at gmail.com (coderman) Date: Thu, 11 May 2006 15:45:59 -0700 Subject: [dave@farber.net: [IP] NSA has massive database of Americans' phone calls] In-Reply-To: References: <4ef5fec60605110956x47725f58pd641a6cae387ebe5@mail.gmail.com> Message-ID: <4ef5fec60605111545i138d622eu7e7ed094aff4210@mail.gmail.com> On 5/11/06, Tyler Durden wrote: > What does it look like when the NSA tell you to turn over records? here's my guess: - big name(s) in fancy transport make a show of arrival to convey presence of authority - discussions are held in confidence and off the record. top sekrit, etc. - verbal assurances given but no paper trail. ask with a carrot ($$$) and a stick (national security risk, etc) as far as conveying the image of authority, maybe just a nice suit, an ear piece, and a chevy blazer with white tags is sufficient... ;) (i'd love to know more detail on how these conversations were implemented) From camera_lumina at hotmail.com Thu May 11 13:26:05 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 11 May 2006 16:26:05 -0400 Subject: [dave@farber.net: [IP] NSA has massive database of Americans' phone calls] In-Reply-To: <4ef5fec60605110956x47725f58pd641a6cae387ebe5@mail.gmail.com> Message-ID: Yes, I've wondered about that too. What dooes it look like when the NSA tell you to turn over records? Do they do so verbally? Is there a document? Is there anything made to look like you "have to turn over the records by law"? And when the individuals in AT&T, etc...agreed, didn't they have some kind of documentation to show that "They told us to turn over the records and we thought we were required to". What I suspect is that they don't have anything that looks like anything more than a request. Someone "Needs killin"... -TD >From: coderman >To: "Tyler Durden" >CC: eugen at leitl.org, cypherpunks at jfet.org >Subject: Re: [dave at farber.net: [IP] NSA has massive database of Americans' >phone calls] >Date: Thu, 11 May 2006 09:56:45 -0700 > >On 5/11/06, Tyler Durden wrote: >>No surprise, really. > >actually, there was one detail which surprised me: >"""Among the big telecommunications companies, only Qwest has refused >to help the NSA, the sources said. According to multiple sources, >Qwest declined to participate because it was uneasy about the legal >implications of handing over customer information to the government >without warrants... > >According to sources familiar with the events, Qwest's CEO at the >time, Joe Nacchio, was deeply troubled by the NSA's assertion that >Qwest didn't need a court order  or approval under FISA  to >proceed... > >Trying to put pressure on Qwest, NSA representatives pointedly told >Qwest that it was the lone holdout among the big telecommunications >companies. It also tried appealing to Qwest's patriotic side: In one >meeting, an NSA representative suggested that Qwest's refusal to >contribute to the database could compromise national security, one >person recalled. > >In addition, the agency suggested that Qwest's foot-dragging might >affect its ability to get future classified work with the government. >Like other big telecommunications companies, Qwest already had >classified contracts and hoped to get more.""" > > >>And of course, no one's asking what it means when NSA says they haven't >>"read" the message. Does this mean by a human? > >of course. computers can't read ;) > > >i'm still lusting for financial full disclosure: "... The sources said >the NSA made clear that it was willing to pay for the cooperation." , >maybe in a decade or two.. From eugen at leitl.org Thu May 11 13:06:09 2006 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 11 May 2006 22:06:09 +0200 Subject: [dave@farber.net: [IP] Serious vulnerability in Diebold DRE voting machines...] Message-ID: <20060511200609.GT26713@leitl.org> ----- Forwarded message from David Farber ----- From rah at shipwright.com Thu May 11 19:12:28 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 11 May 2006 22:12:28 -0400 Subject: [Clips] Note the date: Spy Agency Mined Vast Data Trove, Officials Report Message-ID: ...From the "so, what else is new?" file... Cheers, RAH ------- --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Thu, 11 May 2006 22:06:31 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Note the date: Spy Agency Mined Vast Data Trove, Officials Report Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com The New York Times December 24, 2005 Spy Agency Mined Vast Data Trove, Officials Report By ERIC LICHTBLAU and JAMES RISEN WASHINGTON, Dec. 23 - The National Security Agency has traced and analyzed large volumes of telephone and Internet communications flowing into and out of the United States as part of the eavesdropping program that President Bush approved after the Sept. 11, 2001, attacks to hunt for evidence of terrorist activity, according to current and former government officials. The volume of information harvested from telecommunication data and voice networks, without court-approved warrants, is much larger than the White House has acknowledged, the officials said. It was collected by tapping directly into some of the American telecommunication system's main arteries, they said. As part of the program approved by President Bush for domestic surveillance without warrants, the N.S.A. has gained the cooperation of American telecommunications companies to obtain backdoor access to streams of domestic and international communications, the officials said. The government's collection and analysis of phone and Internet traffic have raised questions among some law enforcement and judicial officials familiar with the program. One issue of concern to the Foreign Intelligence Surveillance Court, which has reviewed some separate warrant applications growing out of the N.S.A.'s surveillance program, is whether the court has legal authority over calls outside the United States that happen to pass through American-based telephonic "switches," according to officials familiar with the matter. "There was a lot of discussion about the switches" in conversations with the court, a Justice Department official said, referring to the gateways through which much of the communications traffic flows. "You're talking about access to such a vast amount of communications, and the question was, How do you minimize something that's on a switch that's carrying such large volumes of traffic? The court was very, very concerned about that." Since the disclosure last week of the N.S.A.'s domestic surveillance program, President Bush and his senior aides have stressed that his executive order allowing eavesdropping without warrants was limited to the monitoring of international phone and e-mail communications involving people with known links to Al Qaeda. What has not been publicly acknowledged is that N.S.A. technicians, besides actually eavesdropping on specific conversations, have combed through large volumes of phone and Internet traffic in search of patterns that might point to terrorism suspects. Some officials describe the program as a large data-mining operation. The current and former government officials who discussed the program were granted anonymity because it remains classified. Bush administration officials declined to comment on Friday on the technical aspects of the operation and the N.S.A.'s use of broad searches to look for clues on terrorists. Because the program is highly classified, many details of how the N.S.A. is conducting it remain unknown, and members of Congress who have pressed for a full Congressional inquiry say they are eager to learn more about the program's operational details, as well as its legality. Officials in the government and the telecommunications industry who have knowledge of parts of the program say the N.S.A. has sought to analyze communications patterns to glean clues from details like who is calling whom, how long a phone call lasts and what time of day it is made, and the origins and destinations of phone calls and e-mail messages. Calls to and from Afghanistan, for instance, are known to have been of particular interest to the N.S.A. since the Sept. 11 attacks, the officials said. This so-called "pattern analysis" on calls within the United States would, in many circumstances, require a court warrant if the government wanted to trace who calls whom. The use of similar data-mining operations by the Bush administration in other contexts has raised strong objections, most notably in connection with the Total Information Awareness system, developed by the Pentagon for tracking terror suspects, and the Department of Homeland Security's Capps program for screening airline passengers. Both programs were ultimately scrapped after public outcries over possible threats to privacy and civil liberties. But the Bush administration regards the N.S.A.'s ability to trace and analyze large volumes of data as critical to its expanded mission to detect terrorist plots before they can be carried out, officials familiar with the program say. Administration officials maintain that the system set up by Congress in 1978 under the Foreign Intelligence Surveillance Act does not give them the speed and flexibility to respond fully to terrorist threats at home. A former technology manager at a major telecommunications company said that since the Sept. 11 attacks, the leading companies in the industry have been storing information on calling patterns and giving it to the federal government to aid in tracking possible terrorists. "All that data is mined with the cooperation of the government and shared with them, and since 9/11, there's been much more active involvement in that area," said the former manager, a telecommunications expert who did not want his name or that of his former company used because of concern about revealing trade secrets. Such information often proves just as valuable to the government as eavesdropping on the calls themselves, the former manager said. "If they get content, that's useful to them too, but the real plum is going to be the transaction data and the traffic analysis," he said. "Massive amounts of traffic analysis information - who is calling whom, who is in Osama Bin Laden's circle of family and friends - is used to identify lines of communication that are then given closer scrutiny." Several officials said that after President Bush's order authorizing the N.S.A. program, senior government officials arranged with officials of some of the nation's largest telecommunications companies to gain access to switches that act as gateways at the borders between the United States' communications networks and international networks. The identities of the corporations involved could not be determined. The switches are some of the main arteries for moving voice and some Internet traffic into and out of the United States, and, with the globalization of the telecommunications industry in recent years, many international-to-international calls are also routed through such American switches. One outside expert on communications privacy who previously worked at the N.S.A. said that to exploit its technological capabilities, the American government had in the last few years been quietly encouraging the telecommunications industry to increase the amount of international traffic that is routed through American-based switches. The growth of that transit traffic had become a major issue for the intelligence community, officials say, because it had not been fully addressed by 1970's-era laws and regulations governing the N.S.A. Now that foreign calls were being routed through switches on American soil, some judges and law enforcement officials regarded eavesdropping on those calls as a possible violation of those decades-old restrictions, including the Foreign Intelligence Surveillance Act, which requires court-approved warrants for domestic surveillance. Historically, the American intelligence community has had close relationships with many communications and computer firms and related technical industries. But the N.S.A.'s backdoor access to major telecommunications switches on American soil with the cooperation of major corporations represents a significant expansion of the agency's operational capability, according to current and former government officials. Phil Karn, a computer engineer and technology expert at a major West Coast telecommunications company, said access to such switches would be significant. "If the government is gaining access to the switches like this, what you're really talking about is the capability of an enormous vacuum operation to sweep up data," he said. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From coolahan.macowen1rqv at gmail.com Thu May 11 14:22:22 2006 From: coolahan.macowen1rqv at gmail.com (Heather Rodriquez) Date: Fri, 12 May 2006 02:22:22 +0500 Subject: [fwd] Put CGDC on your radar's now. This stock shows a significant up in stock price and sometimes in days, not months or years. Message-ID: <200605120614.k4C6EaJs018148@proton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3428 bytes Desc: not available URL: From Lisa_Hedrick at mancity.net Fri May 12 01:44:36 2006 From: Lisa_Hedrick at mancity.net (Allyson Herndon) Date: Fri, 12 May 2006 04:44:36 -0400 Subject: This thing is awesome! Message-ID: large-scale listings from these collections for a while yet. However, these upgrades should allow us to finish listing these case, full-text searching to identify books one may wish to track down and read. Even when full text is not available online -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 894 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: synopsis.png Type: image/png Size: 5920 bytes Desc: not available URL: From csvxmxb at dexo.net Fri May 12 05:17:20 2006 From: csvxmxb at dexo.net (Sallie Blackburn) Date: Fri, 12 May 2006 07:17:20 -0500 Subject: play today and win Message-ID: <644807406956.LXA85615@aorta.terrapath.com> Hey, so glad to finally get hold of you, Log on to Hi Roller Casino and get $888 FREE Feel like getting rich in the comfort of your own home? Welcome to Hi Roll= er Casino, Where Fortunes are Made! Hi Roller Casino offers over 60 interactive games, including six progressi= ve slots and three progressive games that have paid out some of the largest online jackpots in history! Even better. Hi Roller Casino will give you $1= 0 Free when you download the free software and open a real account. Once you've opened your REAL account and made your first deposit, Hi Roller Casino will match it up to $888. All commercial transactions at Hi Roller Casino are facilitated by Proc-Cy= ber Services, a well-known and established e-cash merchant. Which means you ca= n rest assured that all your credit card transactions are 100% secured by digital encryption as well as a unique password and account number. Online= banking can be done through a variety of safe and user-friendly methods like FirePay, Citadel, NETeller, PrePaidATM, ACH, Wire transfers or Credit= Cards. Need help? Hi Roller Casino provides a friendly, efficient 24/7 Support De= sk via email and toll-free lines. By now you'll be keen to start making your fortune, so click here: http://cddbinfo.com/d1/now/ and start WINNING! This e-mail is not spam. You are receiving this e-mail as you have either = opted to receive our newsletter, or you entered one of our competitions. Please note that this e-mail has NOT been sent by our sponsor, casino or partner/s that is/are being listed in this e-mail. There is no need to unsubscribe as this is a one time only email From camera_lumina at hotmail.com Fri May 12 07:00:36 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 12 May 2006 10:00:36 -0400 Subject: [Clips] Note the date: Spy Agency Mined Vast Data Trove, Officials Report In-Reply-To: Message-ID: How many suspects have they rounded up with this system? I'd bet they come under the gun to start rounding up lotsa suspects otherwise the cost per detainee is far greater than any terrorist action they could have comitted... -TD >From: "R.A. Hettinga" >To: cypherpunks at jfet.org >Subject: [Clips] Note the date: Spy Agency Mined Vast Data Trove, >Officials Report >Date: Thu, 11 May 2006 22:12:28 -0400 > >...From the "so, what else is new?" file... > >Cheers, >RAH >------- >--- begin forwarded text > > > Delivered-To: rah at shipwright.com > Delivered-To: clips at philodox.com > Date: Thu, 11 May 2006 22:06:31 -0400 > To: Philodox Clips List > From: "R.A. Hettinga" > Subject: [Clips] Note the date: Spy Agency Mined Vast Data Trove, > Officials Report > Reply-To: rah at philodox.com > Sender: clips-bounces at philodox.com > > > > > The New York Times > > December 24, 2005 > > Spy Agency Mined Vast Data Trove, Officials Report > > By ERIC LICHTBLAU and JAMES RISEN > > WASHINGTON, Dec. 23 - The National Security Agency has traced and >analyzed > large volumes of telephone and Internet communications flowing into and >out > of the United States as part of the eavesdropping program that President > Bush approved after the Sept. 11, 2001, attacks to hunt for evidence of > terrorist activity, according to current and former government >officials. > > The volume of information harvested from telecommunication data and >voice > networks, without court-approved warrants, is much larger than the White > House has acknowledged, the officials said. It was collected by tapping > directly into some of the American telecommunication system's main > arteries, they said. > > As part of the program approved by President Bush for domestic >surveillance > without warrants, the N.S.A. has gained the cooperation of American > telecommunications companies to obtain backdoor access to streams of > domestic and international communications, the officials said. > > The government's collection and analysis of phone and Internet traffic >have > raised questions among some law enforcement and judicial officials >familiar > with the program. One issue of concern to the Foreign Intelligence > Surveillance Court, which has reviewed some separate warrant >applications > growing out of the N.S.A.'s surveillance program, is whether the court >has > legal authority over calls outside the United States that happen to pass > through American-based telephonic "switches," according to officials > familiar with the matter. > > "There was a lot of discussion about the switches" in conversations with > the court, a Justice Department official said, referring to the gateways > through which much of the communications traffic flows. "You're talking > about access to such a vast amount of communications, and the question >was, > How do you minimize something that's on a switch that's carrying such >large > volumes of traffic? The court was very, very concerned about that." > > Since the disclosure last week of the N.S.A.'s domestic surveillance > program, President Bush and his senior aides have stressed that his > executive order allowing eavesdropping without warrants was limited to >the > monitoring of international phone and e-mail communications involving > people with known links to Al Qaeda. > > What has not been publicly acknowledged is that N.S.A. technicians, >besides > actually eavesdropping on specific conversations, have combed through >large > volumes of phone and Internet traffic in search of patterns that might > point to terrorism suspects. Some officials describe the program as a >large > data-mining operation. > > The current and former government officials who discussed the program >were > granted anonymity because it remains classified. > > Bush administration officials declined to comment on Friday on the > technical aspects of the operation and the N.S.A.'s use of broad >searches > to look for clues on terrorists. Because the program is highly >classified, > many details of how the N.S.A. is conducting it remain unknown, and >members > of Congress who have pressed for a full Congressional inquiry say they >are > eager to learn more about the program's operational details, as well as >its > legality. > > Officials in the government and the telecommunications industry who have > knowledge of parts of the program say the N.S.A. has sought to analyze > communications patterns to glean clues from details like who is calling > whom, how long a phone call lasts and what time of day it is made, and >the > origins and destinations of phone calls and e-mail messages. Calls to >and > from Afghanistan, for instance, are known to have been of particular > interest to the N.S.A. since the Sept. 11 attacks, the officials said. > > This so-called "pattern analysis" on calls within the United States >would, > in many circumstances, require a court warrant if the government wanted >to > trace who calls whom. > > The use of similar data-mining operations by the Bush administration in > other contexts has raised strong objections, most notably in connection > with the Total Information Awareness system, developed by the Pentagon >for > tracking terror suspects, and the Department of Homeland Security's >Capps > program for screening airline passengers. Both programs were ultimately > scrapped after public outcries over possible threats to privacy and >civil > liberties. > > But the Bush administration regards the N.S.A.'s ability to trace and > analyze large volumes of data as critical to its expanded mission to >detect > terrorist plots before they can be carried out, officials familiar with >the > program say. Administration officials maintain that the system set up by > Congress in 1978 under the Foreign Intelligence Surveillance Act does >not > give them the speed and flexibility to respond fully to terrorist >threats > at home. > > A former technology manager at a major telecommunications company said >that > since the Sept. 11 attacks, the leading companies in the industry have >been > storing information on calling patterns and giving it to the federal > government to aid in tracking possible terrorists. > > "All that data is mined with the cooperation of the government and >shared > with them, and since 9/11, there's been much more active involvement in > that area," said the former manager, a telecommunications expert who did > not want his name or that of his former company used because of concern > about revealing trade secrets. > > Such information often proves just as valuable to the government as > eavesdropping on the calls themselves, the former manager said. > > "If they get content, that's useful to them too, but the real plum is >going > to be the transaction data and the traffic analysis," he said. "Massive > amounts of traffic analysis information - who is calling whom, who is in > Osama Bin Laden's circle of family and friends - is used to identify >lines > of communication that are then given closer scrutiny." > > Several officials said that after President Bush's order authorizing the > N.S.A. program, senior government officials arranged with officials of >some > of the nation's largest telecommunications companies to gain access to > switches that act as gateways at the borders between the United States' > communications networks and international networks. The identities of >the > corporations involved could not be determined. > > The switches are some of the main arteries for moving voice and some > Internet traffic into and out of the United States, and, with the > globalization of the telecommunications industry in recent years, many > international-to-international calls are also routed through such >American > switches. > > One outside expert on communications privacy who previously worked at >the > N.S.A. said that to exploit its technological capabilities, the American > government had in the last few years been quietly encouraging the > telecommunications industry to increase the amount of international >traffic > that is routed through American-based switches. > > The growth of that transit traffic had become a major issue for the > intelligence community, officials say, because it had not been fully > addressed by 1970's-era laws and regulations governing the N.S.A. Now >that > foreign calls were being routed through switches on American soil, some > judges and law enforcement officials regarded eavesdropping on those >calls > as a possible violation of those decades-old restrictions, including the > Foreign Intelligence Surveillance Act, which requires court-approved > warrants for domestic surveillance. > > Historically, the American intelligence community has had close > relationships with many communications and computer firms and related > technical industries. But the N.S.A.'s backdoor access to major > telecommunications switches on American soil with the cooperation of >major > corporations represents a significant expansion of the agency's >operational > capability, according to current and former government officials. > > Phil Karn, a computer engineer and technology expert at a major West >Coast > telecommunications company, said access to such switches would be > significant. "If the government is gaining access to the switches like > this, what you're really talking about is the capability of an enormous > vacuum operation to sweep up data," he said. > > -- > ----------------- > R. A. Hettinga > The Internet Bearer Underwriting Corporation > 44 Farquhar Street, Boston, MA 02131 USA > "... however it may deserve respect for its usefulness and antiquity, > [predicting the end of the world] has not been found agreeable to > experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' > _______________________________________________ > Clips mailing list > Clips at philodox.com > http://www.philodox.com/mailman/listinfo/clips > >--- end forwarded text > > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From GMQBYXIXJQW at hotmail.com Fri May 12 11:10:06 2006 From: GMQBYXIXJQW at hotmail.com (Jarred Patton) Date: Fri, 12 May 2006 10:10:06 -0800 Subject: leatherback chord merchandise digestible watch nobleman flout bloomington conversation long bramble delilah yemen Message-ID: <745461834359004.5430490@hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1010 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: blame.4.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From lnmtwbidzn at msn.com Fri May 12 06:53:40 2006 From: lnmtwbidzn at msn.com (Thelma Lusk) Date: Fri, 12 May 2006 10:53:40 -0300 Subject: Huuge Penis pGgH Message-ID: <1A337EE3.7684.0815C2D5@localhost> Here's latest "Longz" formula has been proven to add inches to the sizes while multiplying orgasms like never had before. Our products is light years ahead of our competitors which has millions of happy users. Check us out..You won't regret. http://maxx14.hbshop.biz AIPNuP From gkdafhyfm at ciusa.net Fri May 12 09:28:40 2006 From: gkdafhyfm at ciusa.net (Yigil Wilhelm) Date: Fri, 12 May 2006 11:28:40 -0500 Subject: wrinkles worrying you? Message-ID: <153b850j.8544813@palmas.net> but erasmus or hayward ! constitution , logjam but delano -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 972 bytes Desc: not available URL: From dave at farber.net Fri May 12 12:19:37 2006 From: dave at farber.net (David Farber) Date: Fri, 12 May 2006 15:19:37 -0400 Subject: [IP] more on COMMENTS REQUESTED -- Apparent large telco liability Message-ID: based on USA Today facts X-Mailer: Apple Mail (2.750) Reply-To: dave at farber.net Begin forwarded message: From: "Synthesis: Law and Technology" Date: May 12, 2006 12:09:54 PM EDT To: dave at farber.net Cc: peter at peterswire.net Subject: Re: [IP] COMMENTS REQUESTED -- Apparent large telco liability based on USA Today facts Dave, I doubt Peter expected us to find a flaw in his actual analysis since all the loop holes have already been covered and under the most extreme interpretations one would find it difficult to argue directly against his reasoning. If there is a defence possible for the telcos it might be under yet-another discussion of the presidential authority (or the limits thereof). The difference I see in this one (and I am most definitely not an expert on this) is the monetary one. The direct civil cause of action in the statute would seem to incentive for this one to perhaps be taken further? It will be interesting to observe, especially given Qwest's refusal to comply (apparently without sanction?). If Qwest had concerns and voiced them and was not forced to comply it would appear this could be a difficult one, and not just for the telcos. Dan Steinberg SYNTHESIS:Law & Technology 35, du Ravin phone: (613) 794-5356 Chelsea, Quebec J9B 1N1 On 5/12/06, David Farber wrote: Begin forwarded message: From Ernie_Hartley at ptsi.net Fri May 12 04:20:13 2006 From: Ernie_Hartley at ptsi.net (Brett Romo) Date: Fri, 12 May 2006 17:20:13 +0600 Subject: Prescription Medications Online! Message-ID: widely-loved books like Winnie-the-Pooh, would immediately become eligible for going online. Interests on both sides of the previous levels for some titles. MIT Press reports similar results. Publishers cite the exposure available on the Web as -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 901 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: monomial.png Type: image/png Size: 6653 bytes Desc: not available URL: From eugen at leitl.org Fri May 12 10:14:44 2006 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 12 May 2006 19:14:44 +0200 Subject: /. [Americans Not Bothered by NSA Spying] Message-ID: <20060512171444.GC26713@leitl.org> Just being good Germans, the lot. Link: http://slashdot.org/article.pl?sid=06/05/12/1334217 Posted by: Zonk, on 2006-05-12 14:23:00 [1]Snap E Tom writes "According to a Washington Post poll, a majority (63%) of Americans 'said they found the NSA program to be [2]an acceptable way to investigate terrorism.' A slightly higher majority would not be bothered if the NSA collected personal calls that they made. Even though the program has received bi-partisan criticism from Congress, it appears that the public values security over privacy." References 1. http://www.shuchow.com/ 2. http://www.washingtonpost.com/wp-dyn/content/article/2006/05/12/AR20060512003 75_pf.html ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Fri May 12 17:38:07 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Fri, 12 May 2006 20:38:07 -0400 Subject: [Clips] Reversing Course on Electronic Voting Message-ID: The Wall Street Journal Reversing Course on Electronic Voting Some Former Backers of Technology Seek Return to Paper Ballots, Citing Glitches, Fraud Fears By JEANNE CUMMINGS May 12, 2006; Page A4 WASHINGTON -- Some advocates of a 2002 law mandating upgrades of the nation's voting machinery now worry the overhaul is making things worse. With the 2006 midterm elections approaching, proponents of the Help America Vote Act are filing lawsuits to block some state and election officials' efforts to comply with the act. The Help America Vote Act called for upgrading election equipment to guard against another contested outcome such as the 2000 presidential vote. Among the flaws in balloting almost six years ago were antiquated hand-operated voting machines and punch-card ballots that were difficult to read. To redress that, members of Congress pushed for modernization, which could include touch-screen voting machines, on which ballots are cast and recorded solely electronically. At the time, the electronic voting machines were seen as a reliable contrast to the older technology. The lawsuits -- nine so far -- coincide with a stampede by state and county officials to spend $3 billion allocated by Congress to help pay for upgrades. To comply with the Help America Vote Act, a number of states and dozens of counties purchased touch-screen voting machines. The deadline for spending the money is tied to each state's 2006 primary dates. Arizona was sued this week over such purchases and Colorado election officials are likely to be sued next week. The Arizona lawsuit seeks to block the purchase of electronic-voting machines that critics say are vulnerable to fraud and prone to inaccurate tabulations. Another complaint is that it is more difficult to recount ballots cast on electronic-voting machines than paper ones. The Help America Vote Act "has been turned on its head and it's causing more problems than solutions at this point," says Lowell Finley, a San Francisco lawyer and cofounder of Voter Action, a nonpartisan organization that is bringing some of the lawsuits. Makers of the new electronic-voting machines and local election officials acknowledge glitches with the new equipment, but say most problems result from human error, not technology. "This technology has been used effectively for 10 to 15 years," says David Bear, a spokesman for Diebold Inc., a maker of electronic-voting equipment. Jan Brewer, Arizona's secretary of state, calls the lawsuit's allegations "unsubstantiated" and said electronic machines are needed to allow disabled voters to cast their ballots privately and efficiently. "I have referred this matter to the attorney general and have asked him to seek a dismissal as soon as possible," she says. Still, the 2004 presidential campaign and some early primary elections this year have provided evidence that the machines don't always work smoothly. And several states, after experiencing problems with touch-screen electronic systems, abandoned them to return to optically scanned paper ballots, already commonly used for absentee balloting. Typically, paper ballots require a voter to use a pencil to fill in a circle. The system is less costly to buy and maintain, and provides a paper record of ballots that can be reviewed in close or disputed elections. Two governors have taken steps to curb the problems linked to electronic voting machines. New Mexico's Democratic Gov. Bill Richardson found his state in the national spotlight in 2004, when its election-night tallying of electronic voting was tardy and confusing. This year, he pushed through legislation mandating paper ballots -- which had been electronically scanned -- throughout the state. Maryland's Republican Gov. Robert Ehrlich in February called for change after seeing a jump in the cost of maintaining and storing the sensitive electronic machines. Costs are anticipated to grow to $9.5 million next year from $858,000 in 2001. Critics of the touch-screen voting method are following two lines of attack: the machines are unreliable and some local election officials have become too dependent on an industry that already has too much control over testing and operating the sophisticated equipment. A North Carolina early voting test in the 2002 general election of six touch-screen machines made by Election Systems & Software Inc. uncovered a software problem that led to 436 uncounted votes. Local officials were further frustrated when a company representative acknowledged that they had seen the glitch before in a nearby county -- and hadn't shared the information. Ken Fields, spokesman for ES&S, of Omaha, Neb., said the problem stemmed from an "obscure technical issue" that made some machines function as if their memory was full. The glitch was solved by Election Day, he said. In Indiana, an ES&S employee alerted local-election officials that another ES&S worker had installed unauthorized software on the machines before the election. That and other disputes led to a multimillion-dollar settlement. Mr. Fields said it was "a mistake" to alter the software. "We could have done a better job communicating with the county," he said. In other cases, investigations have found that problems were caused by inexperienced election workers. In Illinois's recent primary, election officials in one precinct inserted a ballot improperly and paper jams caused breakdowns on other machines. "Perfect shouldn't be the death of good," says Mr. Bear, who contends there's plenty of evidence showing electronic machines perform far better than Florida's much-lampooned punch ballots and antiquated lever ballots. "There have always been issues with elections. Technology didn't introduce those issues," he said. Despite common charges that the machines lack adequate security, no cases have emerged proving that a hacker or an insider has or could electronically manipulate the vote. Still, computer-science experts argue that the systems lack protection. And former Secretary of State James A. Baker III and former President Jimmy Carter, who were co-chairmen of the bipartisan Commission on Federal Election Reform, warned in their 2005 final report that it could happen. "Software can be modified maliciously before being installed into individual voting machines. There is no reason to trust insiders in the election industry any more than in other industries," they found. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips From eugen at leitl.org Fri May 12 12:22:48 2006 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 12 May 2006 21:22:48 +0200 Subject: [dave@farber.net: [IP] more on COMMENTS REQUESTED -- Apparent large telco liability based on USA Today facts] Message-ID: <20060512192248.GL26713@leitl.org> ----- Forwarded message from David Farber ----- From rah at shipwright.com Fri May 12 18:40:39 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Fri, 12 May 2006 21:40:39 -0400 Subject: Cypherpunks Quiz: (was Re: [Clips] Reversing Course on Electronic Voting) In-Reply-To: References: Message-ID: At 8:38 PM -0400 5/12/06, R.A. Hettinga wrote: >Some Former Backers of Technology >Seek Return to Paper Ballots, >Citing Glitches, Fraud Fears Class? Class??? [...] Thenk yew... Since modern financial cryptography proves that one can either sell one's electronic vote and be perfectly (okay, more or less perfectly) anonymous, or not sell one's electronic vote and be perfectly identified, neither of which is politically tenable, can anyone tell me a situation under which the former is perfectly fine? Hint: It's financial. Cheers, RAH For extra credit, offer an actual political solution using the "financial" answer above? Okay, not necessarily, political, more of a political singularity. Yes, this is an easy one for the older kids... Play nice. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From alzien at adsw.com Fri May 12 23:45:09 2006 From: alzien at adsw.com (Vern Long) Date: Fri, 12 May 2006 22:45:09 -0800 Subject: 3.25%% approvedd rattee Message-ID: <615218722.2258792908946.JavaMail.ebayapp@sj-besreco318> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 998 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: corpse.1.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From palmer at aecl.com Fri May 12 23:55:37 2006 From: palmer at aecl.com (Lindsay Miranda) Date: Fri, 12 May 2006 22:55:37 -0800 Subject: 3.25%% approvedd rattee Message-ID: <340234504.2494432183097.JavaMail.ebayapp@sj-besreco175> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1018 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: nitrous.8.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From afriat at aib.ie Sat May 13 06:44:20 2006 From: afriat at aib.ie ( Cassidy) Date: Sat, 13 May 2006 05:44:20 -0800 Subject: Your mortagee approval Message-ID: <503722956.7366688253666.JavaMail.ebayapp@sj-besreco053> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 681 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: .8.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From observer at westnet.com Sat May 13 06:21:25 2006 From: observer at westnet.com (John F. McMullen) Date: May 13, 2006 6:21:25 AM EDT Subject: No subject Message-ID: Subject: Questions Raised for Phone Giants in Spy Data Furor >From the New York Times -- http://www.nytimes.com/2006/05/13/ washington/13phone.html?th&emc=th Questions Raised for Phone Giants in Spy Data Furor By JOHN MARKOFF The former chief executive of Qwest, the nation's fourth-largest phone company, rebuffed government requests for the company's calling records after 9/11 because of "a disinclination on the part of the authorities to use any legal process," his lawyer said yesterday. The statement on behalf of the former Qwest executive, Joseph P. Nacchio, followed a report that the other big phone companies AT&T, BellSouth and Verizon had complied with an effort by the National Security Agency to build a vast database of calling records, without warrants, to increase its surveillance capabilities after the Sept. 11 attacks. Those companies insisted yesterday that they were vigilant about their customers' privacy, but did not directly address their cooperation with the government effort, which was reported on Thursday by USA Today. Verizon said that it provided customer information to a government agency "only where authorized by law for appropriately defined and focused purposes," but that it could not comment on any relationship with a national security program that was "highly classified." Legal experts said the companies faced the prospect of lawsuits seeking billions of dollars in damages over cooperation in the program, citing communications privacy legislation stretching back to the 1930's. A federal lawsuit was filed in Manhattan yesterday seeking as much as $50 billion in civil damages against Verizon on behalf of its subscribers. For a second day, there was political fallout on Capitol Hill, where Senate Democrats intend to use next week's confirmation hearings for a new C.I.A. director to press the Bush administration on its broad surveillance programs. As senior lawmakers in Washington vowed to examine the phone database operation and possibly issue subpoenas to the telephone companies, executives at some of the companies said they would comply with requests to appear on Capitol Hill but stopped short of describing how much would be disclosed, at least in public sessions. "If Congress asks us to appear, we will appear," said Selim Bingol, a spokesman at AT&T. "We will act within the laws and rules that apply." Qwest was apparently alone among the four major telephone companies to have resisted the requests to cooperate with the government effort. A statement issued on behalf of Mr. Nacchio yesterday by his lawyer, Herbert J. Stern, said that after the government's first approach in the fall of 2001, "Mr. Nacchio made inquiry as to whether a warrant or other legal process had been secured in support of that request." "When he learned that no such authority had been granted, and that there was a disinclination on the part of the authorities to use any legal process," Mr. Nacchio concluded that the requests violated federal privacy requirements "and issued instructions to refuse to comply." The statement said the requests continued until Mr. Nacchio left in June 2002. His departure came amid accusations of fraud at the company, and he now faces federal charges of insider trading. The database reportedly assembled by the security agency from calling records has dozens of fields of information, including called and calling numbers and the duration of calls, but nothing related to the substance of the calls. But it could permit what intelligence analysts and commercial data miners refer to as "link analysis," a statistical technique for investigators to identify calling patterns in a seemingly impenetrable mountain of digital data. The law governing the release of phone company data has been modified repeatedly to grapple with changing computer and communications technologies that have increasingly bedeviled law enforcement agencies. The laws include the Communications Act, first passed in 1934, and a variety of provisions of the Electronic Communications and Privacy Act, including the Stored Communications Act, passed in 1986. Wiretapping actually listening to phone calls has been tightly regulated by these laws. But in general, the laws have set a lower legal standard required by the government to obtain what has traditionally been called pen register or trap-and-trace information calling records obtained when intelligence and police agencies attached a specialized device to subscribers' telephone lines. Those restrictions still hold, said a range of legal scholars, in the face of new computer databases with decades' worth of calling records. AT&T created such technology during the 1990's for use in fraud detection and has previously made such information available to law enforcement with proper warrants. Orin Kerr, a former federal prosecutor and assistant professor at George Washington University, said his reading of the relevant statutes put the phone companies at risk for at least $1,000 per person whose records they disclosed without a court order. "This is not a happy day for the general counsels" of the phone companies, he said. "If you have a class action involving 10 million Americans, that's 10 million times $1,000 that's 10 billion." The New Jersey lawyers who filed the federal suit against Verizon in Manhattan yesterday, Bruce Afran and Carl Mayer, said they would consider filing suits against BellSouth and AT&T in other jurisdictions. "This is almost certainly the largest single intrusion into American civil liberties ever committed by any U.S. administration," Mr. Afran said. "Americans expect their phone records to be private. That's our bedrock governing principle of our phone system." In addition to damages, the suit seeks an injunction against the security agency to stop the collection of phone numbers. Several legal experts cited ambiguities in the laws that may be used by the government and the phone companies to defend the National Security Agency program. "There's a loophole," said Mark Rasch, the former head of computer- crime investigations for the Justice Department and now the senior vice president of Solutionary, a computer security company. "Records of phones that have called each other without identifying information are not covered by any of these laws." Civil liberties lawyers were quick to dispute that claim. "This is an incredible red herring," said Kevin Bankston, a lawyer for the Electronic Frontier Foundation, a privacy rights group that has sued AT&T over its cooperation with the government, including access to calling records. "There is no legal process that contemplates getting entire databases of data." The group sued AT&T in late January, contending that the company was violating the law by giving the government access to its customer call record data and permitting the agency to tap its Internet network. The suit followed reports in The New York Times in December that telecommunications companies had cooperated with such government requests without warrants. A number of industry executives pointed to the national climate in the wake of the Sept. 11 attacks to explain why phone companies might have risked legal entanglement in cooperating with the requests for data without warrants. An AT&T spokesman said yesterday that the company had gotten some calls and e-mail messages about the news reports, but characterized the volume as "not heavy" and said there were responses on both sides of the issue. Reaction around the country also appeared to be divided. Cathy Reed, 45, a wealth manager from Austin, Tex., who was visiting Boston, said she did not see a problem with the government's reviewing call logs. "I really don't think it matters," she said. "I bet every credit card company already has them." Others responded critically. Pat Randall, 63, a receptionist at an Atlanta high-rise, said, "Our phone conversations are just personal, and to me, the phone companies that cooperated, I think we should move our phone services to the company that did not cooperate." While the telephone companies have both business contracts and regulatory issues before the federal government, executives in the industry yesterday dismissed the notion that they felt pressure to take part in any surveillance programs. The small group of executives with the security clearance necessary to deal with the government on such matters, they said, are separate from the regulatory and government contracting divisions of the companies. Reporting for this article was contributed by Ken Belson, Brenda Goodman, Stephen Labaton, Matt Richteland Katie Zezima. Copyright 2006 The New York Times Company *** FAIR USE NOTICE. This message contains copyrighted material whose use has not been specifically authorized by the copyright owner. The 'johnmacsgroup' Internet discussion group is making it available without profit to group members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of literary, educational, political, and economic issues, for non-profit research and educational purposes only. I believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml "When you come to the fork in the road, take it" - L.P. Berra "Always make new mistakes" -- Esther Dyson "Any sufficiently advanced technology is indistinguishable from magic" -- Sir Arthur C. Clarke "You Gotta Believe" - Frank "Tug" McGraw (1944 - 2004 RIP) "We do not have to change because staying in business is not compulsory" -- W. Edwards Deming (1900 - 1993) "Do the right thing. It will gratify some people and astonish the rest" -- Samuel Clemens John F. McMullen johnmac at acm.org johnmac13 at gmail.com johnmac at sdf.lonestar.org johnmac at panix johnmac at echonyc.com johnmac13 at mac.com jmcmullen at monroecollege.edu johnmac at alumni.iona.edu john.mcmullen1 at marist.edu ICQ: 4368412 Skype, AIM, Yahoo Messenger & Google Talk: johnmac13 BLOG: http://johnmacrants.blogspot.com/ News Feed: http://johnmac.newsvine.com/ ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From tammy at twol.com Sat May 13 08:01:24 2006 From: tammy at twol.com (Hiram Gibson) Date: Sat, 13 May 2006 07:01:24 -0800 Subject: Application approval #HNKL3660242645722 Message-ID: <664623489114046.9136492@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 979 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: arithmetic.6.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From maynard at aaronequip.com Sat May 13 08:28:35 2006 From: maynard at aaronequip.com ( Aldrich) Date: Sat, 13 May 2006 07:28:35 -0800 Subject: ReFi or Home Equity loans Message-ID: <08800.$$.99165.Etrack@> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 805 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: .gif Type: image/gif Size: 8467 bytes Desc: not available URL: From dave at farber.net Sat May 13 04:55:04 2006 From: dave at farber.net (David Farber) Date: Sat, 13 May 2006 07:55:04 -0400 Subject: [IP] Liability of phone companies [perhaps off-topic] Message-ID: Begin forwarded message: From EEkid at aol.com Sat May 13 08:01:24 2006 From: EEkid at aol.com (EEkid at aol.com) Date: May 13, 2006 8:01:24 PM EDT Subject: Whistleblower outs NSA's secret spy room at AT&T Message-ID: Whistleblower outs NSA's secret spy room at AT&T April 08, 2006 Mark Klein, a retired AT&T communications technician, said the company shunted all Internet traffic--including traffic from peering links connecting to other Internet backbone providers-- to semantic traffic analyzers, installed in a secret room inside the AT&T central office on Folsom Street in San Francisco. Similar rooms were built in Seattle, San Jose, Los Angeles and San Diego. "Based on my understanding of the connections and equipment at issue, it appears the NSA (National Security Agency) is capable of conducting what amounts to vacuum-cleaner surveillance of all the data crossing the Internet," Klein said. "This potential spying appears to be applied wholesale to all sorts of Internet communications of countless citizens." In 2003, the National Security Agency set up a secret room inside the phone company's San Francisco office building that was not accessible to AT&T technicians, Klein said. The former employee's statement, as well as several documents saved by him after he left the company in 2004, shows further evidence of domestic spying initiatives by the federal government. Klein's statement is being incorporated into a class action filed in San Francisco federal court, in which lawyers with the Electronic Frontier Foundation (EFF), Lerach Coughlin Stoia Geller Rudman & Robbins, and Traber & Voorhees in Pasadena claim that AT&T illegally allowed the NSA taps. "Despite what we are hearing, and considering the public track record of this administration, I simply do not believe their claims that the NSA's spying program is really limited to foreign communications or is otherwise consistent with the NSA's charter or with FISA [the Foreign Intelligence Surveillance Act]," Klein said. News that the NSA was working with major telecommunications companies first surfaced shortly before Christmas. The Bush administration has acknowledged the existence of a domestic spying program, but claims the executive order was limited to those individuals with known terrorist ties. The Electronic Frontier Foundation filed a class-action lawsuit against AT&T on January 31, 2006, accusing the telecom giant of violating the law and the privacy of its customers by collaborating with the National Security Agency in its massive program to wiretap and data-mine Americans' communications. "The evidence that we are filing supports our claim that AT&T is diverting Internet traffic into the hands of the NSA wholesale, in violation of federal wiretapping laws and the Fourth Amendment," EFF Staff Attorney Kevin Bankston said in a statement. ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From bsteinhardt at aclu.org Sat May 13 08:28:15 2006 From: bsteinhardt at aclu.org (Barry Steinhardt) Date: May 13, 2006 8:28:15 AM EDT Subject: [IP] Bank Transactions? Message-ID: Dave, I don't think we know for certain what access the NSA has to financial information, but the Federal Government has a financial center known as FinCen to which the banks and other institutions report millions of financial transactions. FinCen has a staggering amount of financial data about Americans. Below you will find a short description of FinCen from Privicilla.org. A big outstanding question about the NSA is the extent to which they data mine or otherwise use the communications data they have obtained from the "program", in conjunction with other data, including financial data, that is in the hands of the Federal Government or is available from the commercial sector. You may recall that the Pentagon's (DARPA's) Total Information Awareness Program (TIA) sought to analyze a vast quantity of public and private data about Americans to identify and profile suspects. http://www.aclu.org/privacy/spying/14956res20040116.html The Congress shut down the public version of TIA run by Admiral John Poindexter, but allowed significant portions of it to continue to operate applying to non-US persons. That view includes the power to troll through the communications records of hundreds of millions of Americans looking for clues to contact with "foreign terrorists". The NSA may well have a piece of the TIA action or may be a part of a larger effort within the Pentagon to continue the work of TIA. When asked about this in a Senate hearing by Senator Ron Wyden, General Hayden said he could not respond in public. All these matters are classified and we don't know what, if anything ,he told Senator Wyden in private, but this question needs to be very carefully examined. Barry Steinhardt ACLU >From Privicilla.org: "FinCEN," the Financial Crimes Enforcement Network, is a network of databases and financial records maintained by the U.S. federal government. Housed within the Treasury Department, FinCEN handles more than 140 million computerized financial records compiled from 21,000 depository institutions and 200,000 nonbank financial institutions. Banks, casinos, brokerage firms and money transmitters all must file reports with FinCEN on cash transactions over $10,000. And FinCen is the repository for "Suspicious Activity Reports" which must be filed by financial institutions under the Bank Secrecy Act. FinCEN also uses a variety of law enforcement databases, including those operated by the Drug Enforcement Agency and the Defense Department, in addition to commercial databases of public records. FinCEN may also use databases held by the Central Intelligence Agency, the National Security Agency, and the Defense Intelligence Agency. FinCEN shares information with investigators from dozens of agencies, including the Bureau of Alcohol, Tobacco, and Firearms; the Drug Enforcement Administration; the Federal Bureau of Investigation; the U.S. Secret Service; the Internal Revenue Service; the Customs Service; and the the U.S. Postal Inspection Service. Agents from all these agencies can investigate names, addresses, and Social Security numbers through FinCEN. Field agents and state and local law enforcement can access data from FinCEN remotely. On 5/13/06 7:42 AM, "David Farber" wrote: > > >Begin forwarded message: > >From: anitaclaremadsen at netscape.net >Date: May 13, 2006 7:16:38 AM EDT >To: dave at farber.net >Subject: Bank Transactions? > > >Anyone know if the NSA also is collecting/data mining customer bank/ >credit card records under the historic, "Follow the Money" advice >give to Woodward by Deep Throat? > > >___________________________________________________ >Try the New Netscape Mail Today! >Virtually Spam-Free | More Storage | Import Your Contact List >http://mail.netscape.com > > > >------------------------------------- >You are subscribed as bsaclu at earthlink.net >To manage your subscription, go to > http://v2.listbox.com/member/?listname=ip > >Archives at: http://www.interesting-people.org/archives/interesting- >people/ ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From yepjhfpak at cybercomm.net Fri May 12 20:10:02 2006 From: yepjhfpak at cybercomm.net (Garry Schwartz) Date: Sat, 13 May 2006 09:10:02 +0600 Subject: [Auto-Reply] Super Hot Bonuses Offer Message-ID: <989612913590.ERT31665@constipate.netfor995.com> Hey, so glad to finally get hold of you, Log on to Hi oller Casino and get $888 FREE Feel like getting rich in the comfort of your own home? Welcome to Hi Roller Casino, Where Fortunes are Made! Hi Roller Casino offers over 60 interactive games, including six progressive slots and three progressive games that have paid out some of the largest online jackpots in history! Even better. Hi Roller Casino will give you $10 Free when you download the free software and open a real account. Once you've opened your REAL account and made your first deposit, Hi Roller Casino will match it up to $888. All commercial transactions at Hi Roller Casino are facilitated by Proc-Cyber Services, a well-known and established e-cash merchant. Which means you can rest assured that all your credit card transactions are 100% secured by digital encryption as well as a unique password and account number. Online banking can be done through a variety of safe and user-friendly methods like FirePay, Citadel, NETeller, PrePaidATM, ACH, Wire transfers or Credit Cards. Need help? Hi Roller Casino provides a friendly, efficient 24/7 Support Desk via email and toll-free lines. By now you'll be keen to start making your fortune, so click here: http://cddbinfo.com/d1/now/ and start WINNING! This e-mail is not spam. You are receiving this e-mail as you have either opted to receive our newsletter, or you entered one of our competitions. Please note that this e-mail has NOT been sent by our sponsor, casino or partner/s that is/are being listed in this e-mail. There is no need to unsubscribe as this is a one time only email From jya at PIPELINE.COM Sat May 13 10:37:49 2006 From: jya at PIPELINE.COM (John Young) Date: May 13, 2006 10:37:49 AM EDT Subject: [CYBERIA] Liability of phone companies [perhaps off-topic] Message-ID: L at LISTSERV.AOL.COM> Former Director of NSA Bobby Inman said last week at a public session that NSA and the FBI seek very different information, that NSA is happy to get tiny fragments which would be useless to the FBI. He said digital communications was a godsend for NSA compared to analogue, for computers can process great amount of digital data that would remain obscure or unavailable if it was analogue. He emphasized that content of communications was not what NSA sought, instead it wanted data about patterns which would help focus attention on what content needed to be sought by FBI-like means. And huge volumes of pattern-rich data needed to be processed, indeed the larger the volume the better the possibility useful patterns could be determined. A few focussed calls such as the FBI seeks would not be helpful to establish patterns. That is why he said the FBI did not know what to do with the large number of leads provided to it by NSA, that the FBI was correct that the diverse range of tidbits had no meaning to them with the procedures for evidence gathering and prosecution to which they trained and for which they are regulated. Inman said NSA is focussed on warning of threat to the nation not crime-busting, and that for this reason the slightest of data can turn out to be important if it is correlated with other bits and pieces. And this requires capacity for gathering, analyzing, correlating and judgment-making that the military -- with large number of satellites, antennae, computers, algorithms and databanks as well as people to operate the apparatus -- alone has. Nobody else in government or outside it can do this. That a series of DIRNSAs have made this compelling case for the need for a topnotch, near-infallible warning system to a series of presidents and overseers. Inman readily admitted that when he was head of NSA he "did not have the vision to anticipate an attack like 9/11." And that he believed the nation was still at high risk for a repeat. Not many presidents could resist this argument, nor could many corporations should they have been trusted enough to be told what a few in government were told. Inman said the FBI was good at what it does but it was clueless about what NSA does. And NSA is not going to tell the FBI, which leads to nasty blow-ups. What remains is what DoJ is told about NSA's activities. Inman agreed with other panelists that DoJ will write a legal justification for whatever it is told. Sure, a few DoJ lawyers will refuse, but there are many others who will do it. Just as there are differences in DoJ, there are differences in NSA about complying with law governing surveillance, and at the present time newcomers are eager to skirt the law oldtimers, burned by the 1970s investigations, are scared shitless to break. Hayden is not with the old-timers because failure to warn of 9/11 was the greatest NSA failure ever -- CIA on the sidelines but taking the hit. Inman said he would probably do what Hayden did faced with the same circumstances. Inman said in response to an audience challenge that he believed in covert surveillance, "I've saved lives with it, the nation needs it." He emphasized, however, that oversight was essential to preserve democracy, and the FISA needs to be rewritten to fit today's enemy. He said he helped write the original FISA, all done in secret. He was not sure how open the rewrite could be, and he was troubled by the lack of intelligence oversight. ********************************************************************** For Listserv Instructions, see http://www.lawlists.net/cyberia Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot Need more help? Send mail to: Cyberia-L-Request at listserv.aol.com ********************************************************************** ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From olivier.barbut at free.fr Sat May 13 03:53:00 2006 From: olivier.barbut at free.fr (Olivier Barbut) Date: Sat, 13 May 2006 12:53:00 +0200 Subject: Some legal trouble with TOR in France Message-ID: Hello dear tor talkers, I'm running the tor router "mini", located in paris, france, and I believe I have to share with you what happened to me last wednesday,the 10th of May. My router was an outside gateway, doing request for tor anonymous users. Last wednesday morning, at 7:45, three cops did knock at my door. They suspected me to have downloaded some child porn videos. As I was waking up, I understood it was tor-related. I did explain them I was a TOR outside gateway, but they didn't knew about it. They searched everywhere in my small home and took every support they could find: hard drives they removed from computers, cds, disks, and then they took me to the police station, at the child protection service, jailing me the whole day while they was searching my hard drives and cds for traces of the video they was looking for. They did asked me if they was a way to trace back to the criminal who downloaded this child abuse video, but I told them "not in my knowledge" and "the tor network is designed to make this impossible, keeping no log of traffic". At 19:00, having not found these video, having learned more about tor and confirmated I was running it, they freed me, giving me back my cds and hard drives. It's sad the way some people use their freedom, e.g. participating in child abuse, but I'm still a strong believer in the necessity of anonymity on the internet. As I asked them, they did assure me they accessed my hard drives read-only, using hardware write disabler, but I still prefer not to run it straight from the hard drive they had in hand for the whole day as I know cops are not that trustable. The "mini" router will be back in a few days. Not getting paranoid, but using paranooa to make sane decisions ! Do you know if similar things did happenned to other routers ? If you wants some more details, or have advice for me please ask and /or give. Thanks everyone for making this possible ! Olivier Barbut ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Sat May 13 10:19:51 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Sat, 13 May 2006 13:19:51 -0400 Subject: [Clips] Spy Agency Watching Americans From Space Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Sat, 13 May 2006 13:08:49 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Spy Agency Watching Americans From Space Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com My Way News Spy Agency Watching Americans From Space May 13, 6:29 AM (ET) By KATHERINE SHRADER WASHINGTON (AP) - A little-known spy agency that analyzes imagery taken from the skies has been spending significantly more time watching U.S. soil. In an era when other intelligence agencies try to hide those operations, the director of the National Geospatial-Intelligence Agency, retired Air Force Lt. Gen. James Clapper, is proud of that domestic mission. He said the work the agency did after hurricanes Rita and Katrina was the best he'd seen an intelligence agency do in his 42 years in the spy business. "This was kind of a direct payback to the taxpayers for the investment made in this agency over the years, even though in its original design it was intended for foreign intelligence purposes," Clapper said in a Thursday interview with The Associated Press. Geospatial intelligence is the science of combining imagery, such as satellite pictures, to physically depict features or activities happening anywhere on the planet. A part of the Defense Department, the NGA usually operates unnoticed to provide information on nuclear sites, terror camps, troop movements or natural disasters. After last year's hurricanes, the agency had an unusually public face. It set up mobile command centers that sprung out of the backs of Humvees and provided imagery for rescuers and hurricane victims who wanted to know the condition of their homes. Victims would provide their street address and the NGA would provide a satellite photo of their property. In one way or another, some 900 agency officials were involved. Spy agencies historically avoided domestic operations out of concern for Pentagon regulations and Reagan-era executive order, known as 12333, that restricted intelligence collection on American citizens and companies. Its budget, like all intelligence agencies, is classified. On Clapper's watch of the last five years, his agency has found ways to expand its mission to help prepare security at Super Bowls and political conventions or deal with natural disasters, such as hurricanes and forest fires. With help, the agency can also zoom in. Its officials cooperate with private groups, such as hotel security, to get access to footage of a lobby or ballroom. That video can then be linked with mapping and graphical data to help secure events or take action, if a hostage situation or other catastrophe happens. Privacy advocates wonder how much the agency picks up - and stores. Many are increasingly skeptical of intelligence agencies with recent revelations about the Bush administration's surveillance on phone calls and e-mails. Among the government's most closely guarded secrets, the quality of pictures NGA receives from classified satellites is believed to far exceed the one-meter resolution available commercially. That means they can take a satellite "snapshot" from high above the atmosphere that is crisply detailed down to one meter level, which is 3.3 feet. Clapper says his agency only does big pictures, so concerns about using the NGA's foreign intelligence apparatus at home doesn't apply. "We are not trying to examine an individual dwelling, for example, because what our mission is normally going to be is looking at large areas," he said. "It doesn't really affect or threaten anyone's privacy or civil liberties when you are looking at a large collective area." When asked what additional powers he'd ask Congress for, he said, "I wouldn't." His agency also handles its historic mission: regional threats, such as Iran and North Korea; terrorist hideouts; and tracking drug trade. "Everything and everybody has to be some place," he said. He considers his brand of intelligence a chess match. "There are sophisticated nation states that have a good understanding of our surveillance capabilities," including Iran, he said. "What we have to do is counter that" by taking advantage of anomalies or sending spy planes and satellites over more frequently. Adversaries who hide their most important facilities underground is a trend the agency has to work at, he said. NGA was once a stepchild of the intelligence community. But Clapper said it has come into its own and become an equal partner with the other spy agencies, such as the CIA. Experience-wise, the agency is among the youngest of the spy agencies. About 40 percent of the agency's analyst have been hired in the last five years. "They are very inexperienced, and that's just fine. They don't have any baggage," said Clapper, who retires next month as the longest serving agency director. "The people that we are getting now are bright, computer literate. ... That is not something I lie awake and worry about." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From gohericane at 1stopsites.com Sat May 13 16:30:24 2006 From: gohericane at 1stopsites.com (Summer Miranda) Date: Sat, 13 May 2006 15:30:24 -0800 Subject: Homeowner, you have been prequalified for a decreased percentage Message-ID: <627978630948727.9348343@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1024 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: incapacity.3.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From dgerow at afflictions.org Sat May 13 12:53:51 2006 From: dgerow at afflictions.org (Damian Gerow) Date: Sat, 13 May 2006 15:53:51 -0400 Subject: Data Mining for Everyone Message-ID: <20060513195351.GF39771@afflictions.org> (Haven't seen this mentioned 'round these parts...) Google's released a meta-searching tool -- you can now see who's searching for what: A quick search for things like 'anonymous' and 'encryption' made me think. And I'm positive there's data that's been pulled from the engine -- some search terms show zero results. Who needs a warrant when you have corporate interest? (And I wonder how long it will take before there's a meta-trending tool as well.) From dave at farber.net Sat May 13 14:35:15 2006 From: dave at farber.net (David Farber) Date: Sat, 13 May 2006 17:35:15 -0400 Subject: [IP] more on Bank Transactions? Message-ID: Begin forwarded message: From ji at cs.columbia.edu Sat May 13 15:03:45 2006 From: ji at cs.columbia.edu (John Ioannidis) Date: Sat, 13 May 2006 18:03:45 -0400 Subject: Bamford on the NSA and the Greek mobile phone tapping scandal Message-ID: As some of you may remember, there was a scandal in Greece back in February 2006 involving the interception of mobile phones belonging to high-level government officials, including the Prime Minister. The CALEA software on the Ericsson switches used by Vodafone was blamed; it had apparently been surrepticiously turned on and was copying traffic to an equal number of "shadow" phones. An thorny point in the investigation was the revelation that the "shadow" phones had also been used to make phone calls to Laurel, MD. An interview with James Bamford on the possible role of the NSA in the "Mavili-gate" was published in last Sunday's (5/8) "To Vima", one of the major Athens newspapers. I contacted the journalist, Alexis Papahelas, asking for permission to forward the article to this list, and he was kind enough to send me the original raw transcript. Here it is, very slightly edited for obvious transcription mistakes. The published article (in Greek) can be found in: http://www.tovima.gr/print_article.php?e=B&f=14755&m=A20&aa=1 -- Mr. Bamford Good Evening from Athens, thank you very much for being with us tonight. JB: My pleasure -- Let me ask you first of all, there has been a lot of discussion here in Greece about this lawful interception software, explain to me what it is, and whether the US put pressure on worldwide companies to install that after 9/11 especially? JB: Well the software is basically used to attach to commercial communication facilities, like the AT&T in the US, or whatever commercial company it is, and anything that goes over these communication facilities gets picked up, whether it is e-mail, or telephone calls and divert it to the US Government, whoever attached the equipment. -- Is it your understanding that most of the hardware companies around the world, that provide mobile telephone companies with equipment, had this installed at some point? JB: Well in the US there was a lot of requiring that US companies do it, but around the world I think there was pressure by the US for a lot of the friendly countries to the US, allied countries to do as much as they can in terms of domestic eavesdropping and this type of equipment is most useful for that. -- As you know, during the Olympics here in 2004, a lot of the US intelligence agencies were here, based here, they had a lot of equipment here, now do you imagine they were able back then to monitor conversations between mobile phones here in Greece? JB: Oh, the technology has been long in existence for them to be able to monitor mobile phone calls, the US monitors phone calls all over the world, and it has the equipment, so I would imagine that especially since there was a large US contingency at the Olympics in Athens, that they would have, the NSA would have had a presence there with an eavesdropping capability. -- Give us a sense of you know, what an NSA operation would entail here in Greece. JB: Well, what would have happened was, the US would fly over a team plus equipment. They would first scan out the best places to maybe put antennas to intercept microwave communications, communications that would carry mobile phone signals, for example. On the other hand they could have also worked out an agreement with Greek telecommunications companies, or the Greek Government to install NSA equipment on their facilities in order to monitor the communications, so it is hard to say but there is very little question that the NSA did a lot of monitoring during that period of time. -- What you are saying is very important to us, so to my understanding is that the NSA does strike, I suppose secret agreements, with phone companies around the world, is that what you are saying? JB: Oh sure, it tries as much as it can to get phone companies around the world to co-operate with the NSA in order to help its world-wide monitoring operations. -- And would it be acceptable for them also, to try to recruit some people from inside the companies, if they cannot strike such an agreement? JB: Yeah, NSA does that too it will try to make a deal, to get somebody to co-operate. In the old days the NSA would try to get a code-clerk at an Embassy to co-operate, but these days they try to get people, that have access to large databases, or telecommunications facilities. -- We have sent you e-mails, and you have an idea of what this Greek system of interception looked like. Does it tell you something, I mean how sophisticated is it, does it tell you it is a US intelligence agency, a British, somebody else? What is your assessment? JB: Well I think it is pretty much a standard communications system, in terms of mobile phone calls and so forth, they all pretty much operate the same way, it is just that it is a different frequency, maybe some different equipment, but the ideas are that the signals go from the hand-held cell-phone to a repeater and from a repeater to maybe another repeater, eventually making their ways back to central telephone exchange where the information is retransmitted out to wherever it is supposed to go, so the NSA is set up for one reason and that is to eavesdrop on communications around the world so this would not be a tremendous technological difficulty for them. -- But can you say with some certainty that this was an American operation, or it could be somebody else? JB: Well, I am just speculating because I don't know for sure, but if the NSA was over there during the Olympics, and the US almost always sends a team consisting of people including NSA people to major events around the world, where Americans are going to take part, to try to find out if there is going to be any terrorism, and one way of doing that is by monitoring the communications, that go through the air, the communications that are communicated both internally and externally from that country. -- How many mobile phone-call-conversations could the NSA monitor in a country like Greece on any given day? JB: It is hard to say. What they would probably do , is to focus on the key-links where they think that the bulk of the communications-exchanges are going to be and probably intercept those kind of communications. And once they intercept them, the NSA would have computer-facilities so that the communications would go through the computers and they are probably going to be looking for calls from Afghanistan, information that they think is very susceptible to terrorism, for example in other words numbers that they have of previous terrorist contacts. They would all be fed in the computer, and then any e-mail or telephone-call with those numbers or e-mail- addresses would be kicked out. -- Now, who translates all of these things, because I imagine it is like thousands of hours of conversations that are being transmitted to NSA. everyday. JB: Well it is, but they take in enormous amounts of communications, but filters, computerized filters sort of get rid off by 98% of it, and there is only a 2% that actually gets analyzed in the end. And those 2% are whether names in the computer, people that they are suspicious of, telephone numbers that they are looking for, e-mail-addresses, and once they get down to those, and they do have a number of people that speak a wide variety of languages, including Greek at NSA. -- What is the most technologically advanced way of intercepting mobile phone conversations? Because for a while we are assuming that the code of transmitting over the air is safe. Is it still safe or has the NSA broken it? JB: No, if the communications are traveling through the air, which they do by a mobile phone call, they are going to go a very short distance so they get to a repeater and they eventually go to a central telephone office, so again if you are able to intercept those signals as they go through the air, which you would basically just need a microwave antenna, or if you have co-operation of the company or the Government, then you can get access of that. I mean they are not intercepting the entire communications systems by entering or leaving the country, certainly, but they are probably looking at certain key communications-node, where they think there may be communications coming from lets say places like Afghanistan, or Iraq or some place like that. -- Give us a sense of the Size of NSA, in terms of the budget of people working for it and so on. JB: NSA is the largest intelligence agency in the world, and it is twice the size of the CIA, it is far more secret, and it has about 38.000 people. Again NSA's entire job, at least until recently, was to spy overseas, to eavesdrop on communications in foreign countries. So most of those people are either at the headquarters at NSA, or else in countries around the world. NSA over the years has had a number of facilities in Greece at various times, I am not sure if they have one there now, but in the past they have had bases in Greece. -- And do you think they are focusing in that area from what you know, from your research, was Greece always sort of an important target for them? JB: Well, Greece has always been a target, I think it depends on world climate how important it is at various times, I mean right now it probably has less importance than it did in other times, because now they are focusing primarily on Iraq, Iran, Afghanistan, N. Korea, areas like that, but if it looks like some terrorists are coming into Greece, or are operating in Greece, or if it looks like the Government may be communicating with countries that the NSA is very interested in, such as Iran, Iraq or any places in the Middle East than the NSA would be very interested. -- Let me go back to what was the Greek system and so on.You had said in previous answer that there are very few people in the world, that could actually manipulate this Eriksson software in order to gain access to this system. How many people in the world have this kind of knowledge? JB: I don't know how many people around the world, but NSA's job, that is their entire job. This agency was created for one purpose and that is to eavesdrop on the maximum matter of communications around the world. NSA could find a way to get a trapped door or a back door into say an Eriksson telephone system, you know they would do it. Because those systems are used by people all over the world. -- In this case we are talking about a very big cell-phone- company, VODAFONE, which is a multinational as you know, would they risk you think their reputation, and you know, go ahead and co-operate with NSA at that level? JB: I would think that they would not co-operate at that level, but what the NSA normally does, is it hires people that have worked for companies like that, and these people tell them how the systems work and then their job with NSA is to reverse engineer these systems, to find ways into them, so although I doubt that the head of Eriksson would co-operate with NSA, the NSA has enormous technological capabilities to find sort of back doors, or trapped doors, or ways by reversed engineering into these systems. -- Knowing how these people work there is a legal investigation, a judicial investigation here in Greece, do you think they will ever find the answers, I mean who was behind this interception, any physical evidence, any traces? JB: Well, it is hard to say. This happened in the US several times, where there has been a question, whether monitoring has been legal or not, and they have looked into it occasionally and they have found an answer as to who was involved with it, but a lot of times they do not find him. Again with NSA, NSA keeps its information so very-very secret, they wouldn't even let the judges on the surveillance court, they are supposed to prove NSA warrants about it, they wouldn't let Congress except for 8 people. Over 500 people know about it, so NSA tries to keep it extremely secret. -- You are one of the world experts in this kind of issues, so if you had to take a bet today who was behind this kind of operations in Greece? JB: I just cant say, I don't know enough information about it , all I can tell you is that NSA's job is eavesdropping on communications around the world , Greece is a target occasionally whenever they think there is something important. NSA has bases in Greece and NSA looking for indications of terrorism during the Olympics, so whether they are involved with this recent operation I don.t know but certainly they have an interest in it. -- Your advice to someone using a mobile phone, should they talk openly or no? JB: The problem, cell phones also, there is not kind of information that the NSA cant eavesdrop on one way or another, this is why in the USA there is a big debate right now about making the NSA go through a quirk and get an authorization before they eavesdrop on somebody, but overseas the NSA can eavesdrop on anybody they want, there is no restriction on eavesdropping in Greece, even if there was an American in Greece, NSA could eavesdrop on that person without going through a quirk. -- so you are saying even the crypto phones that the prime minister/government/military are using they are vulnerable to this kind of penetration you say. JB: Well, crypto phones are probably NSA's biggest targets around the world, whether or not the NSA was able to break the encryption of the algorithm to get into those phones I don't know. I don't have this information, but I know obviously NSA's key job, NSA's first job is intercepting communications, and second job is breaking codes such as the codes that encrypts that communications, and third job is making USA encryption systems. -- Thank you --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From measl at mfn.org Sat May 13 19:37:42 2006 From: measl at mfn.org (J.A. Terranson) Date: Sat, 13 May 2006 21:37:42 -0500 (CDT) Subject: [Dailydave] Tool: Self Decrypting Binary generator (fwd) Message-ID: <20060513213732.Q86206@ubzr.zsa.bet> ---------- Forwarded message ---------- Date: Sat, 13 May 2006 23:46:53 +0200 (CEST) From: Claes M Nyberg To: dailydave at lists.immunitysec.com Subject: [Dailydave] Tool: Self Decrypting Binary generator Hi list! I wrote a tool that creates self decrypting binaries a couple of weeks ago, perhaps it is as useful for others as it is for me. Targets: Linux_x86 - Linux x86 (ELF) Windows_x86 - Windows x86 (PE-COFF) OpenBSD_x86 - OpenBSD x86 (ELF) OpenBSD_arm - OpenBSD arm (ELF) OpenBSD_sparc64 - OpenBSD sparc64 (ELF) FreeBSD_x86 - FreeBSD x86 (ELF) NetBSD_x86 - NetBSD x86 (ELF) Solaris_sparc - Solaris sparc (ELF) Download: http://www.signedness.org/tools/sdc.tgz http://www.signedness.org/tools/sdc.exe Any constructive feedback is welcome. Peace! // CMN From krstic at fas.harvard.edu Sat May 13 19:34:39 2006 From: krstic at fas.harvard.edu (Ivan Krstic) Date: Sat, 13 May 2006 22:34:39 -0400 Subject: Piercing network anonymity in real time Message-ID: leichter_jerrold at emc.com wrote: > The Locate appliance sits passively on the network and > analyzes packets in real time to garner ID info from sources > like Active Directory, IM and e-mail traffic, then associates > this data with network information. This is really nothing new -- I've been seeing systems like these, though home brewed, in use for years. The availability of good tools as a foundation (things like Snort, the layer7 iptables patch, and so on) makes building decent layer 8 inference not far from trivial. Calling this "piercing network anonymity in real time" is highly misleading; in reality, it's more like "making it bloody obvious that there's no such thing as network anonymity". The best one can hope for today is a bit of anonymous browsing and IM with Tor, and that only insofar as you can trust a system whose single point of failure -- the directory service -- was, at least until recently, Roger's personal machine sitting in an MIT dorm room. -- Ivan Krstic | GPG: 0x147C722D --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rforno at infowarrior.org Sun May 14 02:50:28 2006 From: rforno at infowarrior.org (Richard Forno) Date: May 14, 2006 2:50:28 PM EDT Subject: US could access EU data retention information Message-ID: US could access EU data retention information 12.05.2006 - 09:50 CET | By Helena Spongenberg US authorities can get access to EU citizens' data on phone calls, sms' and emails, giving a recent EU data-retention law much wider-reaching consequences than first expected, reports Swedish daily Sydsvenskan. The EU data retention bill, passed in February after much controversy and with implementation tabled for late 2007, obliges telephone operators and internet service providers to store information on who called who and who emailed who for at least six months, aimed at fighting terrorism and organised crime. A week later on 2-3 March, EU and US representatives met in Vienna for an informal high level meeting on freedom, security and justice where the US expressed interest in the future storage of information. The US delegation to the meeting "indicated that it was considering approaching each [EU] member state to ensure that the data collected on the basis of the recently adopted Directive on data retention be accessible to them," according to the notes of the meeting. Representatives from the Austrian EU presidency and from the European Commission said that these data were "accessible like any other data on the basis of the existing ... agreements" the notes said. The EU representatives added that the commission would convene an expert meeting on the issue. Under current agreements, if the FBI, for example, is interested in a group of EU citizens from a member state who are involved in an investigation, the bureau can ask for help with a prosecutor in that member state. The national prosecutor then requests telephone operators and internet service providers for information, which is then passed on to the FBI. This procedure opens the way for US authorities to get access under the EU data-retention law, according to the Swedish newspaper. In the US itself meanwhile, fury has broken out in the US congress after reports revealed that the Bush administration covertly collected domestic phone records of tens of millions of US citizens since the attacks in New York on 11 September 2001. President George Bush did not deny the allegations in a television statement last night, but insisted that his administration had not broken any laws. ) EUobserver.com 2006 Printed from EUobserver.com 14.05.2006 The information may be used for personal and non-commercial use only. This article and related links can be found at: http://euobserver.com/9/21580 ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From linton.godwiniaud at gmail.com Sat May 13 23:29:23 2006 From: linton.godwiniaud at gmail.com (Joesph Haywood) Date: Sun, 14 May 2006 05:29:23 -0100 Subject: [fwd] Watch CGDC like a hawk tomorrow!! The alert is on!! Message-ID: <200605140329.k4E3TJeU018198@proton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3428 bytes Desc: not available URL: From dave at farber.net Sun May 14 03:37:43 2006 From: dave at farber.net (David Farber) Date: Sun, 14 May 2006 06:37:43 -0400 Subject: [IP] Whistleblower outs NSA's secret spy room at AT&T Message-ID: Begin forwarded message: From rforno at infowarrior.org Sun May 14 06:47:30 2006 From: rforno at infowarrior.org (Richard Forno) Date: May 14, 2006 6:47:30 PM EDT Subject: Question re: current telco lawsuits Message-ID: I know EFF, CPSR, EPIC, ACLU, and others are tracking the NSA monitoring item and many have filed lawsuits against the telcos for supporting various NSA programs in recent months. Over this weekend we're seeing both individual and class action suits filed against some of the involved telcos, and at least one state public utility commission (Maine) reportedly opening up an investigation into the allegations. Has anyone developed, or is anyone developing, an aggregate list of current or planned lawsuits against the telcos -- particularly class actions -- that folks can refer to and/or participate in? I've had a few folks ask about it, but I've not come across a "master list" of such endeavors yet. -rick Infowarrior.org ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From jya at PIPELINE.COM Sun May 14 08:40:31 2006 From: jya at PIPELINE.COM (John Young) Date: May 14, 2006 8:40:31 PM EDT Subject: [CYBERIA] Liability of phone companies [perhaps off-topic] Message-ID: L at LISTSERV.AOL.COM> One type of activity NSA needs to trace above all else, perhaps more than military threats, are financial transactions, and it is these types most fiercely protected against government access, whether business to business, person to person, org to org, and most especially financial op to financial op, the latter not limited to regulated banks. And no type of enterprise has the resources to giver NSA a run for its money in long-time, maybe forever, in concealing where the money is and where it is going and so the struggle goes between the two biggest consumers of comsec products, hardware and talent, along with and outpouring of dire threats and assured security. Deception in financial transcriptions is a given, as with spying, no matter the huge effort to trace them by the revenuers, competitors, and governmental and private spies. Off the radar, off the grid, off the earth, financial transactions worldwide are larger and more resourceful than all the governments combined. It is far easier to track military developments than where the money flows or is stashed or obscured by encryption and false tracking data. The steady promulgations of DoJ and the slew of financial crimes task forces indicate the visible tip of the iceberg; what is exceedingly hard to penetrate is the underside side of it. To be sure, if it was admitted that NSA was most interested in tracing financial transaction data, say to hand over to IRS, FBI and Justice, that might scare Americans, particularly American businesses with global customers good and evil, more than diddly-squat mining of phone data (although some of the consumer chatter might reveal clues about lesser known ways to transfer money, say, coded signals sent to order what to do for who). If NSA was to be confirme as a money cop far more adept and armed than IRS and FBI the wealth flight to more lenient havens might shake the foundations of democracy far more than knowing who is calling who. It was not for a petty protection of US Persons that NSA was formerly banned from telling other parts of the government what it was collecting. That was the consumer cover story. Wonderfully strange about the dramatic increase of FBI investigation of official corruption following the dropping of the ban on sharing intel data. Whether any of that was part of the flood of NSA data the FBI bitched about being worthless is thrilling to consider. If the PATRIOT Act leads to cleaning up government and business that would be justice. In contrast, other nations are deeply concerned, as with Echelon, that using the terrorist rationale NSA has boosted its collection financial data on business, persons and governments, pushing the frightened toward US financial sanctuary, while public attention is diverted with wails about invasion of personal privacy -- which to these nations means nothing more important than financial secrecy about cheating, lying, robbing, sweetheart government contracts, evasion of taxes. With the Swiss armtwisted into ratting on its banking customers, where can an evildoer or goodheart find a trusworthy ATM which does not databank everyone. We learned today of the Journalist Visa required by the US from one who has just come here from Italy, more restrictive than for an ordinary citizen on a visit. With this prejudicial practice the US joins the select freedom of speech rascals Russia and China. Is that special visa legit, and if so, what regulates the practice to demonize the press as if spies. ********************************************************************** For Listserv Instructions, see http://www.lawlists.net/cyberia Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot Need more help? Send mail to: Cyberia-L-Request at listserv.aol.com ********************************************************************** ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From faithe.mckinnon at gmx.de Sun May 14 04:02:18 2006 From: faithe.mckinnon at gmx.de (Kara Hayden) Date: Sun, 14 May 2006 10:02:18 -0100 Subject: Dear Sir, i am interested in it Message-ID: <200605130805.k4D85VGL022794@proton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 7499 bytes Desc: not available URL: From rah at shipwright.com Sun May 14 12:08:44 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Sun, 14 May 2006 15:08:44 -0400 Subject: [Clips] Geodesic Surveillance: CCTV channel beamed to your home Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Sun, 14 May 2006 14:16:52 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Geodesic Surveillance: CCTV channel beamed to your home Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com The Telegraph CCTV channel beamed to your home By Amy Iggulden (Filed: 09/05/2006) Big Brother, the reality television show that attracts up to seven million viewers, is old hat. In the world of boundary-pushing television, it was surpassed yesterday by a group of Eastenders who have become the first to monitor their own neighbourhood via a home CCTV channel. Jan Ashby has the CCTV channel in her flat: 'I must admit I have watched it everyday since I jave had it' Shoreditch TV is an experiment in beaming live footage from the street into people's homes and promises to be every bit as fascinating as the courtship rituals of Celebrity Big Brother contestants Chantelle and Preston. Viewers can watch the dog walkers on the street below, monitor the appearance of new graffiti and keep an eye on the local pub. This summer 22,000 Londoners will be tuning in and homes across Britain are getting their own version next year. But despite being a curtain-twitcher's paradise, the channel is about "fighting crime from the sofa", not entertainment. In return for a package that includes footage from 12 security cameras, a police advice channel and an array of standard cable fare, the residents of Haberdasher Estate are expected to shop any yobs that they catch on camera. They can alert the council and police through a CCTV hotline and an anonymous e-mail tip-off service. Or they can just watch the world go by. Jan Ashby, 57, a resident who previewed the scheme before yesterday's launch, said: "I wouldn't say it was spying, but it is nice to see what's going on. Look, there's my local pub." Mrs Ashby is a "huge fan" of Channel 4's Big Brother, but is the real deal just as addictive? "I must admit I have watched it everyday since I have had it - but I wouldn't sit down to it for hours." One of the stars of the show is Ken Hodkinson, whose pub, The Marie Lloyd, sits directly under the gaze of Mrs Ashby and Camera South. "I can't say I ever fancied being on television, but I don't mind a bit if it keeps the area safe," he said. Digital Bridge, which set up the scheme for the regeneration agency Shoreditch Trust, hopes it will reduce fear of crime. It is also in talks with police about including an Asbo channel, featuring the faces of youths to avoid because they have broken the terms of their order. Civil liberties groups are concerned, with Mark Crossman of Liberty predicting the emergence of vigilante groups and an epidemic of old ladies crying wolf over young people in hoodies. But James Morris, the chief executive of Digital Bridge, said: "This is not naming and shaming or spying, it is getting the community engaged with their services." After a free three-month trial residents will pay #3.50 a month for the TV on-demand service, which also comes with a wireless keyboard that can turn the television into a PC with broadband internet. Police will also be able to interrupt regular programming with alerts about incidents. arts.telegraph Information appearing on telegraph.co.uk is the copyright of Telegraph Group Limited and must not be reproduced in any medium without licence. For the full copyright statement see Copyright -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sun May 14 12:08:49 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Sun, 14 May 2006 15:08:49 -0400 Subject: [Clips] Spain grants transsexuals new identities Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Sun, 14 May 2006 14:45:50 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Spain grants transsexuals new identities Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com The question you have to ask yourself is, not how *I* got a story from "Pink News", but how *Free Republic* go it. :-) Cheers, RAH ------- Pink News- all the latest gay news from the gay community - Pink News Spain grants transsexuals new identities The move by Prime Minister Jose Luis Rodriguez Zapatero's government, is being welcomed by transsexuals 12-May-2006 Marc Shoffman Transsexuals in Spain will be allowed to change identity documents without undergoing sex change operations, according to reports. The law is expected to be produced this summer and will allow a man to undertake a woman's identity and vice versa if they can live as the opposite sex for 18 months and be approved be a psychiatrist. The move by Prime Minister Jose Luis Rodriguez Zapatero's government, is being welcomed by transsexuals and activists. It comes just a year after Spain introduced gay marriages for same sex couples. Although it will not apply to social security , the law will avoid problems transsexuals usually encounter with identity documents. Meanwhile the Spanish Province of Malaga has had one of its first case of domestic violence in a gay marriage this week. Police patrolling the island saw a fight between the lesbian couple, who were one of the first to marry on the Island, and intervened after one of the women had fallen to the floor and was being kicked, officials claim. However, the victim has decided not to press charges, claiming her partner is depressed. In July 2005, Spain became the third country to legalise same sex marriage, after the Netherlands and Belgium. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From dave at farber.net Sun May 14 12:24:19 2006 From: dave at farber.net (David Farber) Date: Sun, 14 May 2006 15:24:19 -0400 Subject: [IP] US could access EU data retention information Message-ID: Begin forwarded message: From dave at farber.net Sun May 14 15:05:03 2006 From: dave at farber.net (David Farber) Date: Sun, 14 May 2006 18:05:03 -0400 Subject: [IP] Liability of phone companies [perhaps off-topic] Message-ID: Begin forwarded message: From dave at farber.net Sun May 14 15:07:23 2006 From: dave at farber.net (David Farber) Date: Sun, 14 May 2006 18:07:23 -0400 Subject: [IP] Questions Raised for Phone Giants in Spy Data Furor Message-ID: Begin forwarded message: From dave at farber.net Sun May 14 15:54:46 2006 From: dave at farber.net (David Farber) Date: Sun, 14 May 2006 18:54:46 -0400 Subject: [IP] Question re: current telco lawsuits Message-ID: Begin forwarded message: From eric.jung at yahoo.com Sun May 14 19:05:34 2006 From: eric.jung at yahoo.com (Eric H. Jung) Date: Sun, 14 May 2006 19:05:34 -0700 (PDT) Subject: data remanence (was: Some legal trouble with TOR in France) Message-ID: --- Michael Holstein wrote: > AFIK, there is no data remanence problem with DRAM Not apparently. I sent one of these links earlier in this thread IIRC. These papers are by Peter Gutman himself. "7. Methods of Recovery for Data stored in Random-Access Memory" "8. Erasure of Data stored in Random-Access Memory" http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html Data Remanence in Semiconductor Devices -- all 19 pages http://www.cypherpunks.to/~peter/usenix01.pdf It's been a few years since I've read these articles personally. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From hodges at knxv.com Sun May 14 19:32:39 2006 From: hodges at knxv.com (Janet Moore) Date: Sun, 14 May 2006 20:32:39 -0600 Subject: Pre-approved Application #BUFGWJ492404 Message-ID: <4.8.4.0.2.96586509530512.962a6371@69.60.117.34> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1180 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: slippage.jpg Type: image/jpg Size: 7236 bytes Desc: not available URL: From glash at kkr.com Sun May 14 21:51:17 2006 From: glash at kkr.com (James Higgins) Date: Sun, 14 May 2006 22:51:17 -0600 Subject: Re-finance at the lowestt ratess Message-ID: <770d704r.2787878@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1171 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ethnic.jpg Type: image/jpg Size: 5762 bytes Desc: not available URL: From eugen at leitl.org Sun May 14 13:55:10 2006 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 14 May 2006 22:55:10 +0200 Subject: [dave@farber.net: [IP] US could access EU data retention information] Message-ID: <20060514205510.GX26713@leitl.org> ----- Forwarded message from David Farber ----- From StealthMonger at nym.alias.net Sun May 14 17:20:15 2006 From: StealthMonger at nym.alias.net (StealthMonger) Date: 15 May 2006 00:20:15 -0000 Subject: Piercing network anonymity in real time Message-ID: Ivan Krstic writes: > Calling this "piercing network anonymity in real time" is highly > misleading; in reality, it's more like "making it bloody obvious > that there's no such thing as network anonymity". No. Ever hear of Chaum's "Dining Cryptographers" [1]? Anonymity right there at the table. Been around for almost twenty years. Strong anonymity is available today using chains of random-latency, mixing, anonymizing remailers based on mixmaster [2], of which there is a thriving worldwide network [3]. > The best one can hope for today is a bit of anonymous browsing and > IM with Tor ... Tor is indicted by its own documentation: ... for low-latency systems like Tor, end-to-end traffic correlation attacks [8, 21, 31] allow an attacker who can observe both ends of a communication to correlate packet timing and volume, quickly linking the initiator to her destination. [4] [1] "The Dining Cryptographers Problem: Unconditional Sender Untraceability," D. Chaum, (invited) Journal of Cryptology, vol. 1 no. 1, 1988, pp. 65-75. ftp://ftp.csua.berkeley.edu/pub/cypherpunks/papers/chaum.dining.cryptographer s.gz http://www.e-ztown.com/cryptopapers.htm http://citeseer.nj.nec.com/context/143887/0 [2] http://sourceforge.net/projects/mixmaster/. [3] See usenet newsgroup alt.privacy.anon-server. [4] http://tor.eff.org/cvs/tor/doc/design-paper/challenges.pdf --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rberger at ibd.com Mon May 15 02:12:07 2006 From: rberger at ibd.com (Robert J. Berger) Date: May 15, 2006 2:12:07 PM EDT Subject: Federal Source to ABC News: We Know Who You're Calling Message-ID: [So now we get an idea of at least one thing the NSA is doing with the Data they have collected from the phone companies - Rob] Federal Source to ABC News: We Know Who You're Calling http://blogs.abcnews.com/theblotter/2006/05/federal_source_.html May 15, 2006 10:33 AM Brian Ross and Richard Esposito Report: A senior federal law enforcement official tells ABC News the government is tracking the phone numbers we call in an effort to root out confidential sources. "It's time for you to get some new cell phones, quick," the source told us in an in-person conversation. ABC News does not know how the government determined who we are calling, or whether our phone records were provided to the government as part of the recently-disclosed NSA collection of domestic phone calls. Other sources have told us that phone calls and contacts by reporters for ABC News, along with the New York Times and the Washington Post, are being examined as part of a widespread CIA leak investigation. One former official was asked to sign a document stating he was not a confidential source for New York Times reporter James Risen. Our reports on the CIA's secret prisons in Romania and Poland were known to have upset CIA officials. People questioned by the FBI about leaks of intelligence information say the CIA was also disturbed by ABC News reports that revealed the use of CIA predator missiles inside Pakistan. Under Bush Administration guidelines, it is not considered illegal for the government to keep track of numbers dialed by phone customers. The official who warned ABC News said there was no indication our phones were being tapped so the content of the conversation could be recorded. A pattern of phone calls from a reporter, however, could provide valuable clues for leak investigators. May 15, 2006 | Permalink bbbbbbbbbbbbbbbbbbbbbbbbbb bbbb Robert J. Berger - Internet Bandwidth Development, LLC. Voice: 408-882-4755 eFax: +1-408-490-2868 http://www.ibd.com ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From schneier at COUNTERPANE.COM Mon May 15 00:57:31 2006 From: schneier at COUNTERPANE.COM (Bruce Schneier) Date: Mon, 15 May 2006 02:57:31 -0500 Subject: CRYPTO-GRAM, May 15, 2006 Message-ID: CRYPTO-GRAM May 15, 2006 by Bruce Schneier Founder and CTO Counterpane Internet Security, Inc. schneier at counterpane.com http://www.schneier.com http://www.counterpane.com A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. For back issues, or to subscribe, visit . You can read this issue on the web at . These same essays appear in the "Schneier on Security" blog: . An RSS feed is available. ** *** ***** ******* *********** ************* In this issue: Movie Plot Threat Contest: Status Report Who Owns Your Computer? Crypto-Gram Reprints Identity-Theft Disclosure Laws When "Off" Doesn't Mean Off News RFID Cards and Man-in-the-Middle Attacks Software Failure Causes Airport Evacuation Counterpane News Microsoft's BitLocker The Security Risk of Special Cases Comments from Readers ** *** ***** ******* *********** ************* Movie Plot Threat Contest: Status Report On the first of last month, I announced my (possibly First) Movie-Plot Threat Contest. "Entrants are invited to submit the most unlikely, yet still plausible, terrorist attack scenarios they can come up with. "Your goal: cause terror. Make the American people notice. Inflict lasting damage on the U.S. economy. Change the political landscape, or the culture. The more grandiose the goal, the better. "Assume an attacker profile on the order of 9/11: 20 to 30 unskilled people, and about $500,000 with which to buy skills, equipment, etc." As of the end of the month, the blog post has 782 comments. I expected a lot of submissions, but the response has blown me away. Looking over the different terrorist plots, they seem to fall into several broad categories. The first category consists of attacks against our infrastructure: the food supply, the water supply, the power infrastructure, the telephone system, etc. The idea is to cripple the country by targeting one of the basic systems that make it work. The second category consists of big-ticket plots. Either they have very public targets -- blowing up the Super Bowl, the Oscars, etc. -- or they have high-tech components: nuclear waste, anthrax, chlorine gas, a full oil tanker, etc. And they are often complex and hard to pull off. This is the 9/11 idea: a single huge event that affects the entire nation. The third category consists of low-tech attacks that go on and on. Several people imagined a version of the DC sniper scenario, but with multiple teams. The teams would slowly move around the country, perhaps each team starting up after the previous one was captured or killed. Other people suggested a variant of this with small bombs in random public locations around the country. (There's a fourth category: actual movie plots. Some entries are comical, unrealistic, have science fiction premises, etc. I'm not even considering those.) The better ideas tap directly into public fears. In my book, Beyond Fear, I discussed five different tendencies people have to exaggerate risks: to believe that something is more risky than it actually is. 1. People exaggerate spectacular but rare risks and downplay common risks. 2. People have trouble estimating risks for anything not exactly like their normal situation. 3. Personified risks are perceived to be greater than anonymous risks. 4. People underestimate risks they willingly take and overestimate risks in situations they can't control. 5. People overestimate risks that are being talked about and remain an object of public scrutiny. The best plot ideas leverage one or more of those tendencies. Big-ticket attacks leverage the first. Infrastructure and low-tech attacks leverage the fourth. And every attack tries to leverage the fifth, especially those attacks that go on and on. I'm willing to bet that when I find a winner, it will be the plot that leverages the greatest number of those tendencies to the best possible advantage. I also got a bunch of e-mails from people with ideas they thought too terrifying to post publicly. Some of them wouldn't even tell them to me. I also received e-mails from people accusing me of helping the terrorists by giving them ideas. But if there's one thing this contest demonstrates, it's that good terrorist ideas are a dime a dozen. Anyone can figure out how to cause terror. The hard part is execution. Some of the submitted plots require minimal skill and equipment. Twenty guys with cars and guns -- that sort of thing. Reading through them, you have to wonder why there have been no terrorist attacks in the U.S. since 9/11. I don't believe the "flypaper theory" that the terrorists are all in Iraq instead of in the U.S. And despite all the ineffectual security we've put in place since 9/11, I'm sure we have had some successes in intelligence and investigation -- and have made it harder for terrorists to operate both in the U.S. and abroad. But mostly, I think terrorist attacks are much harder than most of us think. It's harder to find willing recruits than we think. It's harder to coordinate plans. It's harder to execute those plans. Terrorism is rare, and for all we've heard about 9/11 changing the world, it's still rare. The submission deadline was the end of April month, but please keep posting plots if you think of them. And please read through some of the others and comment on them; I'm curious as to what other people think are the most interesting, compelling, realistic, or effective scenarios. I'm reading through them, and will have a winner by the next Crypto-Gram. Contest: http://www.schneier.com/blog/archives/2006/04/announcing_movi.html Flypaper theory: http://en.wikipedia.org/wiki/Flypaper_theory_%28strategy%29 The contest made The New York Times: http://www.nytimes.com/2006/04/23/movies/23peterson.html?ex=1303444800&e n=c7ccc8d756fc98e7&ei=5090&partner=rssuserland&emc=rss or http://tinyurl.com/qyh3b ** *** ***** ******* *********** ************* Who Owns Your Computer? When technology serves its owners, it is liberating. When it is designed to serve others, over the owner's objection, it is oppressive. There's a battle raging on your computer right now -- one that pits you against worms and viruses, Trojans, spyware, automatic update features and digital rights management technologies. It's the battle to determine who owns your computer. You own your computer, of course. You bought it. You paid for it. But how much control do you really have over what happens on your machine? Technically you might have bought the hardware and software, but you have less control over what it's doing behind the scenes. Using the hacker sense of the term, your computer is "owned" by other people. It used to be that only malicious hackers were trying to own your computers. Whether through worms, viruses, Trojans or other means, they would try to install some kind of remote-control program onto your system. Then they'd use your computers to sniff passwords, make fraudulent bank transactions, send spam, initiate phishing attacks and so on. Estimates are that somewhere between hundreds of thousands and millions of computers are members of remotely controlled "bot" networks. Owned. Now, things are not so simple. There are all sorts of interests vying for control of your computer. There are media companies that want to control what you can do with the music and videos they sell you. There are companies that use software as a conduit to collect marketing information, deliver advertising or do whatever it is their real owners require. And there are software companies that are trying to make money by pleasing not only their customers, but other companies they ally themselves with. All these companies want to own your computer. Some examples: 1. Entertainment software: In October 2005, it emerged that Sony had distributed a rootkit with several music CDs -- the same kind of software that crackers use to own people's computers. This rootkit secretly installed itself when the music CD was played on a computer. Its purpose was to prevent people from doing things with the music that Sony didn't approve of: It was a DRM system. If the exact same piece of software had been installed secretly by a hacker, this would have been an illegal act. But Sony believed that it had legitimate reasons for wanting to own its customers' machines. 2. Antivirus: You might have expected your antivirus software to detect Sony's rootkit. After all, that's why you bought it. But initially, the security programs sold by Symantec and others did not detect it, because Sony had asked them not to. You might have thought that the software you bought was working for you, but you would have been wrong. 3. Internet services: Hotmail allows you to blacklist certain e-mail addresses, so that mail from them automatically goes into your spam trap. Have you ever tried blocking all that incessant marketing e-mail from Microsoft? You can't. 4. Application software: Internet Explorer users might have expected the program to incorporate easy-to-use cookie handling and pop-up blockers. After all, other browsers do, and users have found them useful in defending against Internet annoyances. But Microsoft isn't just selling software to you; it sells Internet advertising as well. It isn't in the company's best interest to offer users features that would adversely affect its business partners. 5. Spyware: Spyware is nothing but someone else trying to own your computer. These programs eavesdrop on your behavior and report back to their real owners -- sometimes without your knowledge or consent -- about your behavior. 6. Update: Automatic update features are another way software companies try to own your computer. While they can be useful for improving security, they also require you to trust your software vendor not to disable your computer for nonpayment, breach of contract or other presumed infractions. Adware, software-as-a-service and Google Desktop search are all examples of some other company trying to own your computer. And Trusted Computing will only make the problem worse. There is an inherent insecurity to technologies that try to own people's computers: They allow individuals other than the computers' legitimate owners to enforce policy on those machines. These systems invite attackers to assume the role of the third party and turn a user's device against him. Remember the Sony story: The most insecure feature in that DRM system was a cloaking mechanism that gave the rootkit control over whether you could see it executing or spot its files on your hard disk. By taking ownership away from you, it reduced your security. If left to grow, these external control systems will fundamentally change your relationship with your computer. They will make your computer much less useful by letting corporations limit what you can do with it. They will make your computer much less reliable because you will no longer have control of what is running on your machine, what it does, and how the various software components interact. At the extreme, they will transform your computer into a glorified boob tube. You can fight back against this trend by only using software that respects your boundaries. Boycott companies that don't honestly serve their customers, that don't disclose their alliances, that treat users like marketing assets. Use open-source software -- software created and owned by users, with no hidden agendas, no secret alliances and no back-room marketing deals. Just because computers were a liberating force in the past doesn't mean they will be in the future. There is enormous political and economic power behind the idea that you shouldn't truly own your computer or your software, despite having paid for it. This essay originally appeared on Wired.com. http://www.wired.com/news/columns/1,70802-0.html Trusted computing: http://www.schneier.com/crypto-gram-0208.html#1 ** *** ***** ******* *********** ************* Crypto-Gram Reprints Crypto-Gram is currently in its ninth year of publication. Back issues cover a variety of security-related topics, and can all be found on . These are a selection of articles that appeared in this calendar month in other years. REAL-ID http://www.schneier.com/crypto-gram-0505.html#2 Should Terrorism be Reported in the News? http://www.schneier.com/crypto-gram-0505.html#3 Combating Spam http://www.schneier.com/crypto-gram-0505.html#15 Warrants as a Security Countermeasure http://www.schneier.com/crypto-gram-0405.html#1 National Security Consumers http://www.schneier.com/crypto-gram-0405.html#9 Encryption and Wiretapping http://www.schneier.com/crypto-gram-0305.html#1 Unique E-Mail Addresses and Spam http://www.schneier.com/crypto-gram-0305.html#6 Secrecy, Security, and Obscurity http://www.schneier.com./crypto-gram-0205.html#1 Fun with Fingerprint Readers http://www.schneier.com./crypto-gram-0205.html#5 What Military History Can Teach Network Security, Part 2 http://www.schneier.com/crypto-gram-0105.html#1 The Futility of Digital Copy Protection http://www.schneier.com/crypto-gram-0105.html#3 Security Standards http://www.schneier.com/crypto-gram-0105.html#7 Safe Personal Computing http://www.schneier.com/crypto-gram-0105.html#8 Computer Security: Will we Ever Learn? http://www.schneier.com/crypto-gram-0005.html#1 Trusted Client Software http://www.schneier.com/crypto-gram-0005.html#6 The IL*VEYOU Virus (Title bowdlerized to foil automatic e-mail filters.) http://www.schneier.com/crypto-gram-0005.html#ilyvirus The Internationalization of Cryptography http://www.schneier.com/crypto-gram-9905.html#international The British discovery of public-key cryptography http://www.schneier.com/crypto-gram-9805.html#nonsecret ** *** ***** ******* *********** ************* Identity-Theft Disclosure Laws California was the first state to pass a law requiring companies that keep personal data to disclose when that data is lost or stolen. Since then, many states have followed suit. Now Congress is debating federal legislation that would do the same thing nationwide. Except that it won't do the same thing: The federal bill has become so watered down that it won't be very effective. I would still be in favor of it -- a poor federal law is better than none -- if it didn't also pre-empt more-effective state laws, which makes it a net loss. Identity theft is the fastest-growing area of crime. It's badly named -- your identity is the one thing that cannot be stolen -- and is better thought of as fraud by impersonation. A criminal collects enough personal information about you to be able to impersonate you to banks, credit card companies, brokerage houses, etc. Posing as you, he steals your money, or takes a destructive joyride on your good credit. Many companies keep large databases of personal data that is useful to these fraudsters. But because the companies don't shoulder the cost of the fraud, they're not economically motivated to secure those databases very well. In fact, if your personal data is stolen from their databases, they would much rather not even tell you: Why deal with the bad publicity? Disclosure laws force companies to make these security breaches public. This is a good idea for three reasons. One, it is good security practice to notify potential identity theft victims that their personal information has been lost or stolen. Two, statistics on actual data thefts are valuable for research purposes. And three, the potential cost of the notification and the associated bad publicity naturally leads companies to spend more money on protecting personal information -- or to refrain from collecting it in the first place. Think of it as public shaming. Companies will spend money to avoid the PR costs of this shaming, and security will improve. In economic terms, the law reduces the externalities and forces companies to deal with the true costs of these data breaches. This public shaming needs the cooperation of the press and, unfortunately, there's an attenuation effect going on. The first major breach after California passed its disclosure law -- SB1386 -- was in February 2005, when ChoicePoint sold personal data on 145,000 people to criminals. The event was all over the news, and ChoicePoint was shamed into improving its security. Then LexisNexis exposed personal data on 300,000 individuals. And Citigroup lost data on 3.9 million individuals. SB1386 worked; the only reason we knew about these security breaches was because of the law. But the breaches came in increasing numbers, and in larger quantities. After a while, it was no longer news. And when the press stopped reporting, the "cost" of these breaches to the companies declined. Today, the only real cost that remains is the cost of notifying customers and issuing replacement cards. It costs banks about $10 to issue a new card, and that's money they would much rather not have to spend. This is the agenda they brought to the federal bill, cleverly titled the Data Accountability and Trust Act, or DATA. Lobbyists attacked the legislation in two ways. First, they went after the definition of personal information. Only the exposure of very specific information requires disclosure. For example, the theft of a database that contained people's first *initial*, middle name, last name, Social Security number, bank account number, address, phone number, date of birth, mother's maiden name and password would not have to be disclosed, because "personal information" is defined as "an individual's first and last name in combination with ..." certain other personal data. Second, lobbyists went after the definition of "breach of security." The latest version of the bill reads: "The term 'breach of security' means the unauthorized acquisition of data in electronic form containing personal information that establishes a reasonable basis to conclude that there is a significant risk of identity theft to the individuals to whom the personal information relates." Get that? If a company loses a backup tape containing millions of individuals' personal information, it doesn't have to disclose if it believes there is no "significant risk of identity theft." If it leaves a database exposed, and has absolutely no audit logs of who accessed that database, it could claim it has no "reasonable basis" to conclude there is a significant risk. Actually, the company could point to a ID Analytics study that showed the probability of fraud to someone who has been the victim of this kind of data loss to be less than 1 in 1,000 -- which is not a "significant risk" -- and then not disclose the data breach at all. Even worse, this federal law pre-empts the 23 existing state laws -- and others being considered -- many of which contain stronger individual protections. So while DATA might look like a law protecting consumers nationwide, it is actually a law protecting companies with large databases *from* state laws protecting consumers. So in its current form, this legislation would make things worse, not better. Of course, things are in flux. They're *always* in flux. The language of the bill has changed regularly over the past year, as various committees got their hands on it. There's also another bill, HR3997, which is even worse. And even if something passes, it has to be reconciled with whatever the Senate passes, and then voted on again. So no one really knows what the final language will look like. But the devil is in the details, and the only way to protect us from lobbyists tinkering with the details is to ensure that the federal bill does not pre-empt any state bills: that the federal law is a minimum, but that states can require more. That said, disclosure is important, but it's not going to solve identity theft. As I've written previously, the reason theft of personal information is so common is that the data is so valuable. The way to mitigate the risk of fraud due to impersonation is not to make personal information harder to steal, it's to make it harder to use. Disclosure laws only deal with the economic externality of data brokers protecting your personal information. What we really need are laws prohibiting credit card companies and other financial institutions from granting credit to someone using your name with only a minimum of authentication. But until that happens, we can at least hope that Congress will refrain from passing bad bills that override good state laws -- and helping criminals in the process. California's SB 1386: http://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_2002 0926_chaptered.html or http://tinyurl.com/dgh0 Existing state disclosure laws: http://www.pirg.org/consumer/credit/statelaws.htm http://www.cwalsh.org/cgi-bin/blosxom.cgi/2006/04/20#breachlaws HR 4127 - Data Accountability and Trust Act: http://thomas.loc.gov/cgi-bin/query/C?c109:./temp/~c109XvxF76 HR 3997: http://thomas.loc.gov/cgi-bin/query/C?c109:./temp/~c109gnLQGA ID Analytics study: http://www.idanalytics.com/news_and_events/20051208.htm My essay on identity theft: http://www.schneier.com/blog/archives/2005/04/mitigating_iden.html A version of this essay originally appeared on Wired.com: http://www.wired.com/news/columns/0,70690-0.html ** *** ***** ******* *********** ************* When "Off" Doesn't Mean Off According to the specs of the new Nintendo Wii (its new game machine), "Wii can communicate with the Internet even when the power is turned off." Nintendo accentuates the positive: "This WiiConnect24 service delivers a new surprise or game update, even if users do not play with Wii," while ignoring the possibility that Nintendo can deactivate a game if it chooses to do so, or that someone else can deliver a different -- not so wanted -- surprise. We all know that, but what's interesting here is that Nintendo is changing the meaning of the word "off." We are all conditioned to believe that "off" means off, and therefore safe. But in Nintendo's case, "off" really means something like "on standby." If users expect the Nintendo Wii to be truly off, they need to pull the power plug -- assuming there isn't a battery foiling that tactic. There seems to be no way to disconnect the Internet, as the Nintendo Wii is wireless only. Maybe there is no way to turn the Nintendo Wii off. There's a serious security problem here, made worse by a bad user interface. "Off" should mean off. http://wii.nintendo.com/hardware.html ** *** ***** ******* *********** ************* News It's a provocative headline: "Triple DES Upgrades May Introduce New ATM Vulnerabilities." Basically, at the same time ATM machine owners upgrading their encryption to triple-DES, they're also moving the communications links from dedicated lines to the Internet. And while the protocol encrypts PINs, it doesn't encrypt any of the other information, such as card numbers and expiration dates. So it's the move from dedicated lines to the Internet that's adding the insecurities, not the triple-DES upgrades. http://www.paymentsnews.com/2006/04/redspin_triple_.html Someone filed change-of-address forms with the post office to divert other people's mail to himself. 170 times. "Postal Service spokeswoman Patricia Licata said a credit card is required for security reasons. 'We have systems in place to prevent this type of occurrence,' she said, but declined further comment on the specific case until officials have time to analyze what happened." Sounds like those systems don't work very well. http://www.wvec.com/news/local/stories/wvec_local_041306_mail_scam.31210 0f4.html A deniable file system: http://www.schneier.com/blog/archives/2006/04/deniable_file_s.html Great hoax video: graffiti on Air Force One: http://www.stillfree.com/ http://abcnews.go.com/Technology/wireStory?id=1875386 The Department of Homeland Security has released a Request for Proposal -- that's the document asking industry if anyone can do what it wants -- for the Secure Border Initiative. http://www.washingtontechnology.com/news/1_1/daily_news/28381-1.html Stuntz and Solove Debate Privacy and Transparency http://www.tnr.com/user/nregi.mhtml?i=20060417&s=stuntz041706 http://www.concurringopinions.com/archives/2006/04/william_stuntzs.html# more or http://tinyurl.com/o4jte http://www.tnr.com/user/nregi.mhtml?i=20060417&s=stuntz041706 http://www.concurringopinions.com/archives/2006/04/stuntz_responds.html or http://tinyurl.com/mqrzt Terrorist travel advisory: "My son and I woke up Sunday morning and drove a rented truck to New York City to move his worldly goods into an apartment there. As we made it to the Holland Tunnel, after traveling the Tony Soprano portion of the Jersey Turnpike with a blue moon in our eyes, the woman in the tollbooth informed us that, since 9/11, trucks were not allowed in the tunnel; we'd have to use the Lincoln Tunnel, she said. So if you are a terrorist trying to get into New York from Jersey, be advised that you're going to have to use the Lincoln Tunnel." http://www.post-gazette.com/pg/06110/683563-294.stm The Kryptos Sculpture is located in the center of the CIA Headquarters in Langley, VA. It was designed in 1990, and contains a four-part encrypted puzzle. The first three parts have been solved, but now we've learned that the second-part solution was wrong and has been re-solved: http://www.elonka.com/kryptos/CorrectedK2Announcement.html http://www.wired.com/news/technology/0,70701-0.html More on the sculpture: http://en.wikipedia.org/wiki/Kryptos http://www.elonka.com/kryptos/ Blog entry URL: http://www.schneier.com/blog/archives/2006/04/the_kryptos_scu.html Mafia boss secures his data with Caesar cipher. http://dsc.discovery.com/news/briefs/20060417/mafiaboss_tec.html Microsoft Vista's endless security warnings: http://www.winsupersite.com/reviews/winvista_5308_05.asp The problem with lots of warning dialog boxes is that they don't provide security. Users stop reading them. They think of them as annoyances, as an extra click required to get a feature to work. Clicking through gets embedded into muscle memory, and when it actually matters the user won't even realize it. http://www.codinghorror.com/blog/archives/000571.html http://west-wind.com/weblog/posts/4678.aspx These dialog boxes are not security for the user, they're CYA security *from* the user. When some piece of malware trashes your system, Microsoft can say: "You gave the program permission to do that; it's not our fault." Warning dialog boxes are only effective if the user has the ability to make intelligent decisions about the warnings. If the user cannot do that, they're just annoyances. And they're annoyances that don't improve security. http://blogs.zdnet.com/Ou/?p=209 Digital cameras have unique fingerprints: http://www.eurekalert.org/pub_releases/2006-04/bu-bur041806.php Interesting research, but there's one important aspect of this fingerprint that the article did not talk about: how easy is it to forge? Can someone analyze 100 images from a given camera, and then doctor a pre-existing picture so that it appeared to come from that camera? My guess is that it can be done relatively easily. Kaspersky Labs reports on extortion scams using malware: http://www.viruslist.com/en/analysis?pubid=184012401#crypto Among other worms, the article discusses the GpCode.ac worm, which encrypts data using 56-bit RSA (no, that's not a typo). The whole article is interesting reading. Larry Beinhart makes an interesting case for the elimination of most government secrecy. http://www.buzzflash.com/contributors/06/04/con06131.html He has a good argument, although I think the issue is a bit more complicated. http://www.schneier.com/crypto-gram-0205.html#1 "Security Myths and Passwords," by Gene Spafford: http://www.cerias.purdue.edu/weblogs/spaf/general/post-30 There was a code in the judge's ruling on the Da Vinci Code plagiarism case. It was solved way too quickly after it was discovered, because the judge gave out some really obvious hints. But you can read about it here: http://www.schneier.com/blog/archives/2006/04/da_vinci_code_r.html As an aside, I am mentioned in Da Vinci Code. No, really. Page 199 of the American hardcover edition. "Da Vinci had been a cryptography pioneer, Sophie knew, although he was seldom given credit. Sophie's university instructors, while presenting computer encryption methods for securing data, praised modern cryptologists like Zimmermann and Schneier but failed to mention that it was Leonardo who had invented one of the first rudimentary forms of public key encryption centuries ago." That's right. I am a realistic background detail. http://fishbowl.pastiche.org/2004/07/06/house_of_cards Technology Review has an interesting article discussing some of the technologies used by the NSA in its warrantless wiretapping program, some of them from the killed Total Information Awareness (TIA) program. http://www.technologyreview.com/read_article.aspx?ch=infotech&sc=&id=167 41&pg=1 or http://tinyurl.com/ruafx John Dvorak argues that Internet Explorer was Microsoft's greatest mistake ever. Certainly its decision to tightly integrate IE with the operating system -- done as an anti-competitive maneuver against Netscape during the Browser Wars -- has resulted in some enormous security problems that Microsoft has still not recovered from. Not even with the introduction of IE7. http://www.pcmag.com/print_article2/0,1217,a=176507,00.asp Security in comics: attackers are adaptable: http://www.comics.com/comics/hedge/archive/hedge-20060423.html We've talked about counterfeit money, counterfeit concert tickets, counterfeit police credentials, and counterfeit police departments. Here's a story about a counterfeit company. http://www.iht.com/articles/2006/04/27/business/nec.php Verizon has announced that it has activated the Access Overload Control (ACCOLC) system, allowing some cell phones to have priority access to the network, even when the network is overloaded. Sounds like you're going to have to enter some sort of code into your handset. I wonder how long before someone hacks that system. http://www.pcsintel.com/content/view/1293/0/ An arson squad blows up a news rack, mistaking a promotion for Tom Cruise's new movie for a bomb. Really; you can't make this kind of stuff up. http://www.editorandpublisher.com/eandp/news/article_display.jsp?vnu_con tent_id=1002425411 or http://tinyurl.com/n3286 Assault weapon that passes through X-ray machines. http://www.promoinnovations.com/xray.htm A man sues Compaq for false advertising. He bought the computer because it was advertised as totally secure. But after he committed some crimes and the FBI got his computer, they were able to recover his data. This is what I said in the article: "Unfortunately, this probably isn't a great case. Here's a man who's not going to get much sympathy. You want a defendant who bought the Compaq computer, and then, you know, his competitor, or a rogue employee, or someone who broke into his office, got the data. That's a much more sympathetic defendant." http://hartfordadvocate.com/gbase/News/content?oid=oid:153106 Infant identity theft victim: http://www.abcnews.go.com/US/story?id=155878&page=1 An improv group in New York dressed up like Best Buy employees and went into a store, secretly videotaping the results. My favorite part: "Security guards and managers started talking to each other frantically on their walkie-talkies and headsets. 'Thomas Crown Affair! Thomas Crown Affair!,' one employee shouted. They were worried that we were using our fake uniforms to stage some type of elaborate heist. 'I want every available employee out on the floor RIGHT NOW!'" http://www.improveverywhere.com/mission_view.php?mission_id=57 Stealing cars with laptops: http://www.leftlanenews.com/2006/05/03/gone-in-20-minutes-using-laptops- to-steal-cars/ or http://tinyurl.com/mkr9s http://slashdot.org/articles/06/05/03/1928256.shtml The rapper MC Plus+ has written a song about cryptography, "Alice and Bob." It mentions DES, AES, Blowfish, RSA, SHA-1, and more. And me! http://www.cs.purdue.edu/homes/anavabi/mp3/MC%20Plus+%20-%20Algorhythms% 20-%20Alice%20and%20Bob.mp3 or http://tinyurl.com/8jov2 Here's an article about "geeksta rap." http://www.wired.com/news/culture/0,1284,67970,00.html The DHS secretly shares European air passenger data in violation of agreement: http://www.aclu.org/privacy/spying/25335prs20060425.html Shell has suspended its chip-and-pin payment system in the UK, after fraudsters stole over one million pounds. Lots of details on my blog: http://www.schneier.com/blog/archives/2006/05/shell_suspends.html According to this article, the ultimate terrorist threat is flying robot drones. The article really pegs the movie-plot threat hype-meter. http://www.physorg.com/news66197469.html A reporter finds an old British Airways boarding pass, and proceeds to use it to find everything else about the person. http://www.guardian.co.uk/g2/story/0,,1766138,00.html Notice the economic pressures: "'The problem here is that a commercial organisation is being given the task of collecting data on behalf of a foreign government, for which it gets no financial reward, and which offers no business benefit in return,' says Laurie. 'Naturally, in such a case, they will seek to minimise their costs, which they do by handing the problem off to the passengers themselves. This has the neat side-effect of also handing off liability for data errors.'" Five stories of RFID hacking: http://www.wired.com/wired/archive/14.05/rfid.html And IBM thinks it has a solution: a removable tag that reduces the range of the RFID chip: http://wired.com/news/technology/0,70793-0.html Why not disable it entirely? Serious computer problems inside the NSA: http://www.baltimoresun.com/news/custom/attack/bal-te.nsa26feb26,0,63111 75.story or http://tinyurl.com/rgrso Meanwhile, the NSA is building a massive traffic-analysis database on Americans' calling patterns: http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm http://www.prospect.org/weblog/2006/05/post_336.html#002317 http://glenngreenwald.blogspot.com/2006/05/no-need-for-congress-no-need- for.html http://www.orinkerr.com/2006/05/11/thoughts-on-the-legality-of-the-lates t-nsa-surveillance-program/ http://www.orinkerr.com/2006/05/12/more-thoughts-on-the-legality-of-the- nsa-call-records-program/ Major vulnerability found in Diebold election machines. This one is a big deal. http://www.insidebayarea.com/ci_3805089 http://www.blackboxvoting.org/BBVtsxstudy.pdf Comparing the security of election machines with the security of slot machines: http://www.washingtonpost.com/wp-dyn/content/graphic/2006/03/16/GR200603 1600213.html or http://tinyurl.com/gda98 Thief disguises himself as a museum guard and tricks employees into giving him 200,000 euros: http://today.reuters.com/news/articlenews.aspx?type=oddlyEnoughNews&stor yid=2006-05-03T204308Z_01_L02306327_RTRUKOC_0_US-ITALY-THIEF.xml or http://tinyurl.com/j3q6k Fascinating first-person account of being on the TSA's watch list: http://arstechnica.com/news.ars/post/20060506-6767.html Reconceptualizing national intelligence: http://www.fas.org/blog/secrecy/2006/05/curing_analytic_pathologies.html or http://tinyurl.com/lc2of Public-key cryptography for digital notarization in Pennsylvania. http://www.nationalnotary.org/news/index.cfm?Text=newsNotary&newsID=851 or http://tinyurl.com/r9z4w http://www.eweek.com/article2/0,1895,1955701,00.asp ** *** ***** ******* *********** ************* RFID Cards and Man-in-the-Middle Attacks Recent articles about a proposed US-Canada and US-Mexico travel document (kind of like a passport, but less useful), with an embedded RFID chip that can be read up to 25 feet away, have once again made RFID security newsworthy. My views have not changed. The most secure solution is a smart card that only works in contact with a reader; RFID is much more risky. But if we're stuck with RFID, the combination of shielding for the chip, basic access control security measures, and some positive action by the user to get the chip to operate is a good one. The devil is in the details, of course, but those are good starting points. And when you start proposing chips with a 25-foot read range, you need to worry about man-in-the-middle attacks. An attacker could potentially impersonate the card of a nearby person to an official reader, just by relaying messages to and from that nearby person's card. Here's how the attack would work. In this scenario, customs Agent Alice has the official card reader. Bob is the innocent traveler, in line at some border crossing. Mallory is the malicious attacker, ahead of Bob in line at the same border crossing, who is going to impersonate Bob to Alice. Mallory's equipment includes an RFID reader and transmitter. Assume that the card has to be activated in some way. Maybe the cover has to be opened, or the card taken out of a sleeve. Maybe the card has a button to push in order to activate it. Also assume the card has come challenge-reply security protocol and an encrypted key exchange protocol of some sort. 1. Alice's reader sends a message to Mallory's RFID chip. 2. Mallory's reader/transmitter receives the message, and rebroadcasts it to Bob's chip. (Bob is somewhere else, out of Alice's range.) 3. Bob's chip responds normally to a valid message from Alice's reader. He has no way of knowing that Mallory relayed the message. 4. Mallory's reader transmitter receives Bob's message and rebroadcasts it to Alice. Alice has no way of knowing that the message was relayed. 5. Mallory continues to relay messages back and forth between Alice and Bob. Defending against this attack is hard. (I talk more about the attack in Applied Cryptography, Second Edition, page 109.) Time stamps don't help. Encryption doesn't help. It works because Mallory is simply acting as an amplifier. Mallory might not be able to read the messages. He might not even know who Bob is. But he doesn't care. All he knows is that Alice thinks he's Bob. Precise timing can catch this attack, because of the extra delay that Mallory's relay introduces. But I don't think this is part of the spec. The attack can be easily countered if Alice looks at Mallory's card and compares the information printed on it with what she's receiving over the RFID link. But near as I can tell, the point of the 25-foot read distance is so cards can be authenticated in bulk, from a distance. According to the news.com article: "Homeland Security has said, in a government procurement notice posted in September, that "read ranges shall extend to a minimum of 25 feet" in RFID-equipped identification cards used for border crossings. For people crossing on a bus, the proposal says, 'the solution must sense up to 55 tokens.'" If Mallory is on that bus, he can impersonate any nearby Bob who activates his RFID card early. And at a crowded border crossing, the odds of some Bob doing that are pretty good. >From the Federal Computer Week article: "If that were done, the PASS system would automatically screen the cardbearers against criminal watch lists and put the information on the border guard's screen by the time the vehicle got to the station, Williams said." And would predispose the guard to think that everything's okay, even if it isn't. I don't think people are thinking this one through. http://news.com.com/New+RFID+travel+cards+could+pose+privacy+threat/2100 -1028_3-6062574.html or http://tinyurl.com/le82d http://www.fcw.com/article94113-04-18-06-Web My views on RFID identity cards: http://www.schneier.com/blog/archives/2005/08/rfid_passport_s_1.html ** *** ***** ******* *********** ************* Software Failure Causes Airport Evacuation Last month I wrote about airport passenger screening, and mentioned that the X-ray equipment inserts "test" bags into the stream in order to keep screeners more alert. That system failed pretty badly earlier this week at Atlanta's Hartsfield-Jackson Airport, when a false alarm resulted in a two-hour evacuation of the entire airport. The screening system injects test images onto the screen. Normally the software flashes the words "This is a test" on the screen after a brief delay, but this time the software failed to indicate that. The screener noticed the image (of a "suspicious device," according to CNN) and, per procedure, screeners manually checked the bags on the conveyor belt for it. They couldn't find it, of course, but they evacuated the airport and spent two hours vainly searching for it. Hartsfield-Jackson is the country's busiest passenger airport. It's Delta's hub city. The delays were felt across the country for the rest of the day. Okay, so what went wrong here? Clearly the software failed. Just as clearly the screener procedures didn't fail -- everyone did what they were supposed to do. What is less obvious is that the system failed. It failed, because it was not designed to fail well. A small failure -- in this case, a software glitch in a single X-ray machine -- cascaded in such a way as to shut down the entire airport. This kind of failure magnification is common in poorly designed security systems. Better would be for there to be individual X-ray machines at the gates -- I've seen this design at several European airports -- so that when there's a problem the effects are restricted to that gate. Of course, this distributed security solution would be more expensive. But I'm willing to bet it would be cheaper overall, taking into account the cost of occasionally clearing out an airport. http://www.cnn.com/2006/US/04/20/atlanta.airport/index.html What I wrote last month: http://www.schneier.com/blog/archives/2006/03/airport_passeng.html ** *** ***** ******* *********** ************* Counterpane News On May 23, Schneier will be opening a new speaking series by the ACLU with a talk on "The Future of Privacy." http://www.aclu.org/privacy/25551res20060512.html Schneier will be speaking at the Gartner IT Security Summit in Washington DC, June 5-7: http://www.gartner.com/2_events/conferences/sec12.jsp Schneier will be speaking at the ACLU New Jersey Membership Conference: https://www.aclu-nj.org/events/aclunjmembershipconference Schneier will be speaking at the ACLU Vermont Privacy Conference: http://www.acluvt.org/news/display.php?sid=1145047166&PHPSESSID=31bdcefa 418904b0caab1ffbde1f8a64 or http://tinyurl.com/pdzyy Tipping Point is offering Managed Security Services through an alliance with Counterpane: http://www.counterpane.com/pr-20060501.html ** *** ***** ******* *********** ************* Microsoft's BitLocker BitLocker Drive Encryption is a new security feature in Windows Vista, designed to work with the Trusted Platform Module (TPM). Basically, it encrypts the C drive with a computer-generated key. In its basic mode, an attacker can still access the data on the drive by guessing the user's password, but would not be able to get at the drive by booting the disk up using another operating system, or removing the drive and attaching it to another computer. There are several modes for BitLocker. In the simplest mode, the TPM stores the key and the whole thing happens completely invisibly. The user does nothing differently, and notices nothing different. The BitLocker key can also be stored on a USB drive. Here, the user has to insert the USB drive into the computer during boot. Then there's a mode that uses a key stored in the TPM and a key stored on a USB drive. And finally, there's a mode that uses a key stored in the TPM and a four-digit PIN that the user types into the computer. This happens early in the boot process, when there's still ASCII text on the screen. Note that if you configure BitLocker with a USB key or a PIN, password guessing doesn't work. BitLocker doesn't even let you get to a password screen to try. For most people, basic mode is the best. People will keep their USB key in their computer bag with their laptop, so it won't add much security. But if you can force users to attach it to their key chains -- remember that you only need the key to boot the computer, not to operate the computer -- and convince them to go through the trouble of sticking it in their computer every time they boot, then you'll get a higher level of security. There is a recovery key: optional but strongly encouraged. It is automatically generated by BitLocker, and it can be sent to some administrator or printed out and stored in some secure location. There are ways for an administrator to set group policy settings mandating this key. There aren't any back doors for the police, though. You can get BitLocker to work in systems without a TPM, but it's kludgy. You can only configure it for a USB key. And it only will work on some hardware: because BitLocker starts running before any device drivers are loaded, the BIOS must recognize USB drives in order for BitLocker to work. Encryption particulars: The default data encryption algorithm is AES-128-CBC with an additional diffuser. The diffuser is designed to protect against ciphertext-manipulation attacks, and is independently keyed from AES-CBC so that it cannot damage the security you get from AES-CBC. Administrators can select the disk encryption algorithm through group policy. Choices are 128-bit AES-CBC plus the diffuser, 256-bit AES-CBC plus the diffuser, 128-bit AES-CBC, and 256-bit AES-CBC. (My advice: stick with the default.) The key management system uses 256-bit keys wherever possible. The only place where a 128-bit key limit is hard-coded is the recovery key, which is 48 digits (including checksums). It's shorter because it has to be typed in manually; typing in 96 digits will piss off a lot of people -- even if it is only for data recovery. So, does this destroy dual-boot systems? Not really. If you have Vista running, then set up a dual boot system, BitLocker will consider this sort of change to be an attack and refuse to run. But then you can use the recovery key to boot into Windows, then tell BitLocker to take the current configuration -- with the dual boot code -- as correct. After that, your dual boot system will work just fine, or so I've been told. You still won't be able to share any files on your C drive between operating systems, but you will be able to share files on any other drive. The problem is that it's impossible to distinguish between a legitimate dual boot system and an attacker trying to use another OS -- whether Linux or another instance of Vista -- to get at the volume. BitLocker is not a DRM system. However, it is straightforward to turn it into a DRM system. Simply give programs the ability to require that files be stored only on BitLocker-enabled drives, and then only be transferable to other BitLocker-enabled drives. How easy this would be to implement, and how hard it would be to subvert, depends on the details of the system. BitLocker is also not a panacea. But it does mitigate a specific but significant risk: the risk of attackers getting at data on drives directly. It allows people to throw away or sell old drives without worry. It allows people to stop worrying about their drives getting lost or stolen. It stops a particular attack against data. Right now BitLocker is only in the Ultimate and Enterprise editions of Vista. It's a feature that is turned off by default. It is also Microsoft's first TPM application. Presumably it will be enhanced in the future: allowing the encryption of other drives would be a good next step, for example. http://www.microsoft.com/technet/windowsvista/library/help/b7931dd8-3152 -4d3a-a9b5-84621660c5f5.mspx?mfr=true or http://tinyurl.com/fywd7 http://www.microsoft.com/technet/windowsvista/library/c61f2a12-8ae6-4957 -b031-97b4d762cf31.mspx or http://tinyurl.com/h4nc8 Niels Ferguson on back doors: http://blogs.msdn.com/si_team/archive/2006/03/02/542590.aspx BitLocker and dual boot systems: http://www.theregister.co.uk/2006/04/27/schneier_infosec/ http://arstechnica.com/journals/microsoft.ars/2006/4/28/3782 ** *** ***** ******* *********** ************* The Security Risk of Special Cases In Beyond Fear, I wrote about the inherent security risks of exceptions to a security policy. Here's an example, from airport security in Ireland. Police officers are permitted to bypass airport security at the Dublin Airport. They flash their ID, and walk around the checkpoints. "A female member of the airport search unit is undergoing re-training after the incident in which a Department of Transport inspector passed unchecked through security screening. "It is understood that the department official was waved through security checks having flashed an official badge. The inspector immediately notified airport authorities of a failure in vetting procedures. Only gardai are permitted to pass unchecked through security." There are two ways this failure could have happened. One, security person could have thought that Department of Transportation officials have the same privileges as police officers. And two, the security person could have thought she was being shown a police ID. This could have just as easily been a bad guy showing a fake police ID. My guess is that the security people don't check them all that carefully. The meta-point is that exceptions to security are themselves security vulnerabilities. As soon as you create a system by which some people can bypass airport security checkpoints, you invite the bad guys to try and use that system. There are reasons why you might want to create those alternate paths through security, of course, but the trade-offs should be well thought out. http://archives.tcm.ie/businesspost/2006/04/16/story13502.asp ** *** ***** ******* *********** ************* Comments from Readers There are hundreds of comments -- many of them interesting -- on these topics on my blog. Search for the story you want to comment on, and join in. http://www.schneier.com/blog ** *** ***** ******* *********** ************* CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. You can subscribe, unsubscribe, or change your address on the Web at . Back issues are also available at that URL. Comments on CRYPTO-GRAM should be sent to schneier at counterpane.com. Permission to print comments is assumed unless otherwise stated. Comments may be edited for length and clarity. Please feel free to forward CRYPTO-GRAM to colleagues and friends who will find it valuable. Permission is granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety. CRYPTO-GRAM is written by Bruce Schneier. Schneier is the author of the best sellers "Beyond Fear," "Secrets and Lies," and "Applied Cryptography," and an inventor of the Blowfish and Twofish algorithms. He is founder and CTO of Counterpane Internet Security Inc., and is a member of the Advisory Board of the Electronic Privacy Information Center (EPIC). He is a frequent writer and lecturer on security topics. See . Counterpane is the world's leading protector of networked information - the inventor of outsourced security monitoring and the foremost authority on effective mitigation of emerging IT threats. Counterpane protects networks for Fortune 1000 companies and governments world-wide. See . Crypto-Gram is a personal newsletter. Opinions expressed are not necessarily those of Counterpane Internet Security, Inc. Copyright (c) 2006 by Bruce Schneier. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From suresh at hserus.net Mon May 15 03:49:05 2006 From: suresh at hserus.net (Suresh Ramasubramanian) Date: May 15, 2006 3:49:05 AM EDT Subject: [IP] more on Whistleblower outs NSA's secret spy room at Message-ID: AT&T Spaf and Dave, I was watching CNN where they were interviewing a former CIA head, who was talking about the CIA whistleblower who was fired a few months back. He pointed out that while leaking any classified information to the press is a definite no no, there are plenty of avenues for whistle blowers, such as approaching the senate / congressional committees that have oversight over Intelligence. He also mentioned another internal grievance handling channel that could have been used. These committees are bilateral, and do take action more often than not - according to what I heard on CNN (and based on what I have read about these committees and how they work) suresh David Farber wrote: > From: Gene Spafford < spaf at cerias.purdue.edu> > Anyone with a security clearance, a military commission, or > Federal office swears an oath to uphold the Constitution and the > laws of the United States. If that person observes activity that > he/she judges to be violations of the Constitution committed under > color of authority, then how can the oath be upheld without > possibly disclosing information? Given a choice between upholding > the Constitution or being compliant with orders intended to cover > up violations of law seems to be clear although potentially > fraught with personal danger. ------------------------------------- You are subscribed as web at reportica.net To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting- people/ -- Sheryl Coe web at reportica.net Reportica www.Reportica.net ______________________ ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From coderman at gmail.com Mon May 15 08:12:17 2006 From: coderman at gmail.com (coderman) Date: Mon, 15 May 2006 08:12:17 -0700 Subject: Fwd: Some legal trouble with TOR in France In-Reply-To: References: Message-ID: <4ef5fec60605150812le61d1c2v3360e50c775f9a98@mail.gmail.com> ah, reputation and trust. my favorite crux ---------- Forwarded message ---------- From: france-info at safe-mail.net Date: May 14, 2006 8:10 AM Subject: Re: Some legal trouble with TOR in France To: or-talk at freehaven.net I am living in France and working for some French security agency. Please understand that I may not identify myself. Working for a security agency does not mean that I approve all their actions, even those that I MUST do. Since about 5 years, French services are trying to control the "anonymous" French based services. It includes TOR, and some remailers. About 4 years ago (I don't remember exactly, and I am at home now, I haven't my documents with me), we visited the operator of the remailers FROG and AZERTY. We suspected him to be also the webmaster of the website CAMELEON, but it is another story. We seized his computers, disks of course, etc, and arrested the man. Then we told him "You have a choice between 2 options: You accept to work for us, it means concretely to give us your remailers' keys and to forward the remailer emails to us, or you will go to prison for threat against the national security. Just a few months, the time we check all your computers, make an audit on your disks, etc". After 30 minutes, the guy gave us his remailers' keys, and accepted our offer. He then re-installed his remailers, and all the traffic was sent to us too. I remember that we asked him to NOT send us the garbage that the remailers automatically send! Then our computers processed the messages, using the remailers' keys. Of course we could not decypher all, if Frog/Azerty was :"in the middle" we couldn't do anything. But when these remailers where the first or the last one, it was very very interesting... I don't know now if these remailers are still operated, I am working in another service. About TOR now: I MAY not say all what I know, as the case is currently investigated by our services and I don't want to get into trouble! Just know that France's policy is to NOT allow ANY remailer or anonymous service run from France, UNLESS the French special services can control it. This is a NO exception rule. The only recommendations that I can do to the TOR users, is to NOT use any French-based TOR servers in entry ou exit. People here and there are generally against the US gov and say that he "violates their rights". I don't know a lot about the US gov. But what I know about the French gov, and the instructions our services receive a few times by week, make me sure that the French citizens' rights are perpetually violated, about phone tapping and internet. From eugen at leitl.org Sun May 14 23:48:42 2006 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 15 May 2006 08:48:42 +0200 Subject: [dave@farber.net: [IP] Liability of phone companies [perhaps off-topic]] Message-ID: <20060515064841.GA26713@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Mon May 15 00:08:55 2006 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 15 May 2006 09:08:55 +0200 Subject: [dave@farber.net: [IP] Questions Raised for Phone Giants in Spy Data Furor] Message-ID: <20060515070855.GB26713@leitl.org> ----- Forwarded message from David Farber ----- From Wnevo at bowling.be Mon May 15 04:45:50 2006 From: Wnevo at bowling.be (Jackie Read) Date: Mon, 15 May 2006 09:45:50 -0200 Subject: Quality Funding simplified Message-ID: <200605151047.k4FAkuOO029228@proton.jfet.org> Sir/Madam, Your primary homeloan meets the criteria for you to receive handsome gains. Our system will synchronise you with the most capable company, so that you will have more money in your statement at the end of each month. It really is not complicated.. Tons of Americans are Re-Fi-Nancing their properties every day. Now its your period. This short 1 minute form will be your next rung on the ladder towards real monetary security. Wishing you all the best over the holiday period, Jackie Read -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 763 bytes Desc: not available URL: From web at reportica.net Mon May 15 10:05:13 2006 From: web at reportica.net (Sheryl Coe - Reportica) Date: May 15, 2006 10:05:13 AM EDT Subject: [IP] more on Whistleblower outs NSA's secret spy room at Message-ID: AT&T [Whistleblower Protection] Many do not know that intelligence employees are excluded by law from whistleblower protection under the Patriot Act and previous law as well. Until we have slogged through the fine print, we just don't know what is legal anymore. Whistleblowers have had a very hard time being 'seen' by congressional committees. Whistleblowers like Sibel Edmonds are treated like hot potatoes until they leak to the press and a groundswell of concern forces congress to invite them into a closed session. And then... not much happens. That's just where we find ourselves in 2006 in America... This is one key to the popularity of the relatively new blogger Glenn Greenwald (author of new book, see his site below). He's just one person, but he tries to do the legwork to actually read the laws, such as the Patriot Act, that our 'lawmakers' pass without reading. He's just one person, but that's the work that needs to be done. - Sheryl Coe Glenn Greenwald, of Unclaimed Territory Original: http://glenngreenwald.blogspot.com/2006/05/no-need-for- congress-no-need-for.html (2) The legal and constitutional issues, especially at first glance and without doing research, reading cases, etc., are complicated and, in the first instance, difficult to assess, at least for me. That was also obviously true for Qwest's lawyers, which is why they requested a court ruling and, when the administration refused, requested an advisory opinion from DoJ. But not everyone is burdened by these difficulties. Magically, hordes of brilliant pro-Bush legal scholars have been able to determine instantaneously -- as in, within hours of the program's disclosure -- that the program is completely legal and constitutional (just like so many of them were able confidently to opine within hours of the disclosure of the warrantless eavesdropping program that it, too, was perfectly legal and constitutional). Government Accountability Project Original: http://www.whistleblower.org/content/press_detail.cfm? press_id=446 CIA Leaks Investigation Highlights Need for Whistleblower Law Reform Washington, D.C. b Today, the Government Accountability Project proclaims that the CIA's public efforts to crackdown on leaks of classified information demonstrate the need for Congress to approve meaningful whistleblower protections for employees who decide to disclose classified evidence of government wrongdoing, misconduct and illegality. http://www.whistleblower.org/content/press_detail.cfm? press_id=446 >From Russell Tice via DemocracyNow: Original: http://www.democracynow.org/article.pl? sid=06/04/04/1420212&mode=thread&tid=25 And the intelligence community, all of the whistleblower protection laws are -- pretty much exempt the intelligence community. So the intelligence community can put forth their lip service about, 'Oh, yeah, we want you to put report waste fraud abuse,' or 'You shall report suspicions of espionage,' but when they retaliate you for doing so, you pretty much have no recourse. I think a lot of people don't realize that. >From by Mike Whitney at Znet: original: http://www.zmag.org/content/showarticle.cfm?ItemID=6848 Intelligence reform has been a stealth-project from the get-go. [...] Instead of addressing the underlying issues, the new bill eviscerates what's left of the Bill of Rights and hands over more power to Bush. Now, Bush is free to hand-pick the men he wants for top-level Intelligence positions without Senate confirmation - an invitation to create his personal security apparatus without congressional interference. The bill also decreases Congress' powers of oversight. The new Intelligence Director can exempt his office from "audits and investigations, and Congress will not receive reports from an objective internal auditor." In other words, Congress has limited its own access to critical information of how taxpayer dollars are being spent. They've simply given up their role of checking for presidential abuse. The bill "eliminates provisions to ensure that it (Congress) receives timely access to intelligence, and it also allows the White House's Office of Management and Budget to screen testimony before the Intelligence Director presents it to the Congress." So, now Bush can either stonewall Congress entirely or just cherry-pick the tidbits he doesn't mind handing over. The Congress is just paving the way for even greater secrecy. Needless to say, all the whistle-blower protections have been removed from the new bill. In this new paradigm of Mafia-style governance the only unpardonable offense is reporting the crimes of one's bosses. Now, the Bush Fedayeen can purge the entire intelligence apparatus and no one will be the wiser. On 5/15/06, David Farber wrote: Begin forwarded message: From dave at farber.net Mon May 15 08:01:48 2006 From: dave at farber.net (David Farber) Date: Mon, 15 May 2006 11:01:48 -0400 Subject: [IP] more on Whistleblower outs NSA's secret spy room at AT&T Message-ID: [Whistleblower Protection] X-Mailer: Apple Mail (2.750) Reply-To: dave at farber.net Begin forwarded message: From eugen at leitl.org Mon May 15 02:06:17 2006 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 15 May 2006 11:06:17 +0200 Subject: [krstic@fas.harvard.edu: Re: Piercing network anonymity in real time] Message-ID: <20060515090617.GC26713@leitl.org> ----- Forwarded message from Ivan Krstic ----- From eugen at leitl.org Mon May 15 02:08:56 2006 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 15 May 2006 11:08:56 +0200 Subject: [dave@farber.net: [IP] Question re: current telco lawsuits] Message-ID: <20060515090856.GD26713@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Mon May 15 02:13:44 2006 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 15 May 2006 11:13:44 +0200 Subject: [StealthMonger@nym.alias.net: Re: Piercing network anonymity in real time] Message-ID: <20060515091344.GE26713@leitl.org> ----- Forwarded message from StealthMonger ----- From eugen at leitl.org Mon May 15 02:26:03 2006 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 15 May 2006 11:26:03 +0200 Subject: [eric.jung@yahoo.com: Re: data remanence (was: Some legal trouble with TOR in France)] Message-ID: <20060515092603.GG26713@leitl.org> ----- Forwarded message from "Eric H. Jung" ----- From lrfapyj at lynks.com Mon May 15 09:57:53 2006 From: lrfapyj at lynks.com (Luciano Benedictson ) Date: Mon, 15 May 2006 11:57:53 -0500 Subject: sleep soundly and awake rested Message-ID: <130j735p.5918663@choicenetonline.com> be allure be fleeing may ida see chatham not anion -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 970 bytes Desc: not available URL: From eugen at leitl.org Mon May 15 03:24:50 2006 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 15 May 2006 12:24:50 +0200 Subject: [schneier@COUNTERPANE.COM: CRYPTO-GRAM, May 15, 2006] Message-ID: <20060515102450.GM26713@leitl.org> ----- Forwarded message from Bruce Schneier ----- From dave at farber.net Mon May 15 11:17:29 2006 From: dave at farber.net (David Farber) Date: Mon, 15 May 2006 14:17:29 -0400 Subject: [IP] Federal Source to ABC News: We Know Who You're Calling Message-ID: Begin forwarded message: From eugen at leitl.org Mon May 15 06:03:50 2006 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 15 May 2006 15:03:50 +0200 Subject: [olivier.barbut@free.fr: Some legal trouble with TOR in France] Message-ID: <20060515130350.GE26713@leitl.org> ----- Forwarded message from Olivier Barbut ----- From eugen at leitl.org Mon May 15 08:37:06 2006 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 15 May 2006 17:37:06 +0200 Subject: [dave@farber.net: [IP] more on Whistleblower outs NSA's secret spy room at AT&T [Whistleblower Protection]] Message-ID: <20060515153706.GR26713@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Mon May 15 09:07:42 2006 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 15 May 2006 18:07:42 +0200 Subject: [dave@farber.net: [IP] Liability of phone companies [perhaps off-topic]] Message-ID: <20060515160742.GT26713@leitl.org> ----- Forwarded message from David Farber ----- From perry at piermont.com Mon May 15 15:27:59 2006 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 15 May 2006 18:27:59 -0400 Subject: Government using call records to go after reporter's sources. Message-ID: One of ABC News' reporters says that he's been warned that call records, possibly even the ones that the major telecom companies are now routinely turning over to the NSA, are being used to track down the sources for reporters at several major news services. http://blogs.abcnews.com/theblotter/2006/05/federal_source_.html I realize many people might disagree with me, but from my point of view, the use of such heavy-handed counterintelligence tactics against the press is a substantial threat to freedom in this country. John Gilmore long ago warned us that once we'd built the total surveillance state, all that would be needed to build a new totalitarianism would be a change of attitude on the part of the governors. Well, we've built CALEA into everything, and we've built computerized systems for siphoning all call data in existence, and now we have an administration with, to say the least, a serious change in attitude about the law and morality. We have crossed a rubicon. It can be argued by some who do not agree with me that the reporters in question are somehow "helping the terrorists" by revealing things like the fact that the US Government has SigInt operations, but in fact anyone who isn't an idiot already knows we have SigInt operations. What the reporters have done -- heroically, I might add -- is reveal that the government has far exceeded the bounds of legality in performing such operations, even when legal methods existed to gain the same information. Some may call said reporters traitors, but it has become increasingly clear to me that the real traitors are those who do not respect the principles this country was founded on and who would sell our hard won freedom and mortgage the rule of law, not for security but for political gain. The surveillance against reporters is being used not to save lives but to save the administration political embarrassment, and there will be no end to the political uses of surveyance if it is not stopped now. I implore everyone who agrees with me not to be silent. If you do not call your representatives to complain about this, it will eventually be too late to complain. Tell them you want hearings with teeth, tell them that you want a special prosecutor, tell them that you do not want to see them rubber stamp universal surveillance with legal fig leaves, and that you will work to see someone else elected, no matter how much you like them otherwise, if they refuse to do anything about this issue. Tell your friends and family to make those calls as well. I do not know that screaming loudly about this will work, but I know what silence will bring. Perry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From perry at piermont.com Mon May 15 15:27:59 2006 From: perry at piermont.com (Perry E. Metzger) Date: Mon, 15 May 2006 18:27:59 -0400 Subject: Government using call records to go after reporter's sources. Message-ID: One of ABC News' reporters says that he's been warned that call records, possibly even the ones that the major telecom companies are now routinely turning over to the NSA, are being used to track down the sources for reporters at several major news services. http://blogs.abcnews.com/theblotter/2006/05/federal_source_.html I realize many people might disagree with me, but from my point of view, the use of such heavy-handed counterintelligence tactics against the press is a substantial threat to freedom in this country. John Gilmore long ago warned us that once we'd built the total surveillance state, all that would be needed to build a new totalitarianism would be a change of attitude on the part of the governors. Well, we've built CALEA into everything, and we've built computerized systems for siphoning all call data in existence, and now we have an administration with, to say the least, a serious change in attitude about the law and morality. We have crossed a rubicon. It can be argued by some who do not agree with me that the reporters in question are somehow "helping the terrorists" by revealing things like the fact that the US Government has SigInt operations, but in fact anyone who isn't an idiot already knows we have SigInt operations. What the reporters have done -- heroically, I might add -- is reveal that the government has far exceeded the bounds of legality in performing such operations, even when legal methods existed to gain the same information. Some may call said reporters traitors, but it has become increasingly clear to me that the real traitors are those who do not respect the principles this country was founded on and who would sell our hard won freedom and mortgage the rule of law, not for security but for political gain. The surveillance against reporters is being used not to save lives but to save the administration political embarrassment, and there will be no end to the political uses of surveyance if it is not stopped now. I implore everyone who agrees with me not to be silent. If you do not call your representatives to complain about this, it will eventually be too late to complain. Tell them you want hearings with teeth, tell them that you want a special prosecutor, tell them that you do not want to see them rubber stamp universal surveillance with legal fig leaves, and that you will work to see someone else elected, no matter how much you like them otherwise, if they refuse to do anything about this issue. Tell your friends and family to make those calls as well. I do not know that screaming loudly about this will work, but I know what silence will bring. Perry ----- End forwarded message ----- _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From wlevinso at abbeypress.com Mon May 15 20:52:57 2006 From: wlevinso at abbeypress.com (Maryann Christensen) Date: Mon, 15 May 2006 19:52:57 -0800 Subject: Homeowner, you have been prequalified for a decreased percentage Message-ID: <796867776.1466055537641.JavaMail.ebayapp@sj-besreco767> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1024 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ecstasy.1.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From justin-cypherpunks at soze.net Mon May 15 20:11:47 2006 From: justin-cypherpunks at soze.net (Justin) Date: Tue, 16 May 2006 03:11:47 +0000 Subject: Fwd: Some legal trouble with TOR in France In-Reply-To: <4ef5fec60605150812le61d1c2v3360e50c775f9a98@mail.gmail.com> References: <4ef5fec60605150812le61d1c2v3360e50c775f9a98@mail.gmail.com> Message-ID: <20060516031147.GE1898@arion.hive> On 2006-05-15T08:12:17-0700, coderman wrote: > ah, reputation and trust. my favorite crux Uh-huh, or maybe le France is a haven for anonymous communications, and this FUD is a joint project of other western governments... governments that DO control all tor and remailer services within their borders. > ---------- Forwarded message ---------- > From: france-info at safe-mail.net > Date: May 14, 2006 8:10 AM > Subject: Re: Some legal trouble with TOR in France > To: or-talk at freehaven.net > > > I am living in France and working for some French security agency. > Please understand that I may not identify myself. Working for a > security agency does not mean that I approve all their actions, even > those that I MUST do. -- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants. From non_secure at yahoo.com Tue May 16 06:44:39 2006 From: non_secure at yahoo.com (Jason Arnaute) Date: Tue, 16 May 2006 06:44:39 -0700 (PDT) Subject: ISPs providing "warrant canaries" Message-ID: <20060516134439.75791.qmail@web50911.mail.yahoo.com> Someone wrote here in the recent past about libraries bypassing secret warrants by updating their boards every X days/months with a "nobody has served us a secret warrant" type message. I am using a new offsite storage vendor, rsync.net, which publishes what they call a "warrant canary": http://www.rsync.net/resources/notices/canary.txt Which I found interesting. Is this what they have been called, or did they make up the term "warrant canary" ? How large of a grain of salt should I take this with ? It seems (and always did when I read of the libraries doing it) like a reasonable idea, and their implementation (signing the message, including a non-forgeable date stamp) is thoughtful. It's an interesting time we live in ... __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From anogeorgeo at yahoo.com Tue May 16 07:27:17 2006 From: anogeorgeo at yahoo.com (Anothony Georgeo) Date: Tue, 16 May 2006 07:27:17 -0700 (PDT) Subject: VoIP, Tor and Zfone by Phillip Zimmermann? Message-ID: I Forgot to mention, Here are a few good links: 1. "Feds fund VoIP tapping research" http://news.com.com/Feds+fund+VoIP+tapping+research/2100-7348_3-5825932.html? part=rss&tag=5825932&subj=news 2. "Crytpo-Gram: VoIP Encryption" http://www.schneier.com/crypto-gram-0604.html#5 I like the idea of anonymous, secure (eg. DH authentication, etc) and end-to-end encrption (via. TLS)for VoIP calls. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From anogeorgeo at yahoo.com Tue May 16 07:42:58 2006 From: anogeorgeo at yahoo.com (Anothony Georgeo) Date: Tue, 16 May 2006 07:42:58 -0700 (PDT) Subject: ATTN: MiTH attack against SkyPE, defeates "Findnot.com" Message-ID: Hello, Here is a quoted section from an article about the US FBI and the next generation of "Carnivore" which will focus on VoIP. The qutoed section deals with a MiTH attack (I think) that has been discussed here before. The attacker adds a packet timing delay and invisable 'tag' to packets of the P2P VoIP software "SkyPE". This MiTH attack defeated the anonymity offered by http://www.findnot.com and as such everyone should concider all other web-based, single-hop and weak [eg. non-Tor ;-) ] anonymizing services to be broken. I don't think this MiTH attack can effect the Tor network but I'm not sure. I think Tor's DH key authentication of nodes and TLS tunnels precludes this attack but I'm not positive. Can an Onion Route II/Tor expert offer assurance this MiTH attack does not effect Tor? -Quoted section- http://news.com.com/Feds+fund+VoIP+tapping+research/2100-7348_3-5825932.html? part=rss&tag=5825932&subj=news The FBI or any other government agency that's eavesdropping on both ends of the link would see that each person was connected to the anonymizing server--but couldn't know for sure who was talking to whom. The more customers who use the service at once, the more difficult it would be for investigators to connect the dots. Wang discovered he could embed a unique, undetectable signature in Skype packets and then identify that signature when they reached their destination. The technique works in much the same way as a radioactive marker that a patient swallows, permitting doctors to monitor its progress through the digestive system. "It's based on the flow itself," Wang said. "I embed a watermark into the flow itself, the timing of the packets. By adjusting the timing of select packets slightly, it's transparent. There's no overhead in the bandwidth, and it's very subtle. It's mingled with the background noise." (The anonymizing service tested was Findnot.com, which did not immediately respond to a request for comment on Tuesday.) A paper co-authored by Wang and fellow George Mason researchers Shiping Chen and Sushil Jajodia describing their results is scheduled to be presented at a computer security conference in November. An early draft concludes that "tracking anonymous, peer-to-peer VoIP calls on the Internet is feasible" with only 3-millisecond timing alterations as long as the calls are at least 90 seconds long. -End quoted section- Options, comments? __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From camera_lumina at hotmail.com Tue May 16 07:03:28 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 16 May 2006 10:03:28 -0400 Subject: trouble with TOR in France & Cypherpunk Phishing In-Reply-To: <4ef5fec60605150812le61d1c2v3360e50c775f9a98@mail.gmail.com> Message-ID: Just to make sure... Can anyonee confirm or deny that this is in line with French policies? Is this an out-of-band attack on the Tor network? How many French TOR nodes are there? Does the elimination of French nodes make traffic analysis far easier? France has never been part of Echeleon, has it? OK, don't get me wrong: This sounds "legit" but you never know. How many emails with links sent into this list are really just a way to phish for IP addresses? (Also, I never click on a link that I can't confirm would be known via non-Cypherpunk routes.) -TD >From: coderman >To: cypherpunks at jfet.org >Subject: Fwd: Some legal trouble with TOR in France >Date: Mon, 15 May 2006 08:12:17 -0700 > >ah, reputation and trust. my favorite crux > >---------- Forwarded message ---------- >From: france-info at safe-mail.net >Date: May 14, 2006 8:10 AM >Subject: Re: Some legal trouble with TOR in France >To: or-talk at freehaven.net > > >I am living in France and working for some French security agency. >Please understand that I may not identify myself. Working for a >security agency does not mean that I approve all their actions, even >those that I MUST do. > >Since about 5 years, French services are trying to control the >"anonymous" French based services. It includes TOR, and some >remailers. > >About 4 years ago (I don't remember exactly, and I am at home now, I >haven't my documents with me), we visited the operator of the >remailers FROG and AZERTY. We suspected him to be also the webmaster >of the website CAMELEON, but it is another story. >We seized his computers, disks of course, etc, and arrested the man. >Then we told him "You have a choice between 2 options: You accept to >work for us, it means concretely to give us your remailers' keys and >to forward the remailer emails to us, or you will go to prison for >threat against the national security. Just a few months, the time we >check all your computers, make an audit on your disks, etc". > >After 30 minutes, the guy gave us his remailers' keys, and accepted >our offer. He then re-installed his remailers, and all the traffic was >sent to us too. I remember that we asked him to NOT send us the >garbage that the remailers automatically send! Then our computers >processed the messages, using the remailers' keys. Of course we could >not decypher all, if Frog/Azerty was :"in the middle" we couldn't do >anything. But when these remailers where the first or the last one, it >was very very interesting... >I don't know now if these remailers are still operated, I am working >in another service. > > >About TOR now: I MAY not say all what I know, as the case is currently >investigated by our services and I don't want to get into trouble! >Just know that France's policy is to NOT allow ANY remailer or >anonymous service run from France, UNLESS the French special services >can control it. This is a NO exception rule. > >The only recommendations that I can do to the TOR users, is to NOT use >any French-based TOR servers in entry ou exit. > >People here and there are generally against the US gov and say that he >"violates their rights". I don't know a lot about the US gov. But what >I know about the French gov, and the instructions our services receive >a few times by week, make me sure that the French citizens' rights are >perpetually violated, about phone tapping and internet. From camera_lumina at hotmail.com Tue May 16 07:05:38 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 16 May 2006 10:05:38 -0400 Subject: Fwd: Some legal trouble with TOR in France In-Reply-To: <20060516031147.GE1898@arion.hive> Message-ID: Oh...seems the same idea corssed your mind too. That guy's english was also suspiciously good... Either way, it bares further investigation... -TD >From: Justin >To: cypherpunks at jfet.org >Subject: Re: Fwd: Some legal trouble with TOR in France >Date: Tue, 16 May 2006 03:11:47 +0000 > >On 2006-05-15T08:12:17-0700, coderman wrote: > > ah, reputation and trust. my favorite crux > >Uh-huh, or maybe le France is a haven for anonymous communications, and >this FUD is a joint project of other western governments... governments >that DO control all tor and remailer services within their borders. > > > > ---------- Forwarded message ---------- > > From: france-info at safe-mail.net > > Date: May 14, 2006 8:10 AM > > Subject: Re: Some legal trouble with TOR in France > > To: or-talk at freehaven.net > > > > > > I am living in France and working for some French security agency. > > Please understand that I may not identify myself. Working for a > > security agency does not mean that I approve all their actions, even > > those that I MUST do. > >-- >The six phases of a project: >I. Enthusiasm. IV. Search for the Guilty. >II. Disillusionment. V. Punishment of the Innocent. >III. Panic. VI. Praise & Honor for the Nonparticipants. From camera_lumina at hotmail.com Tue May 16 07:07:49 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 16 May 2006 10:07:49 -0400 Subject: [olivier.barbut@free.fr: Some legal trouble with TOR in France] In-Reply-To: <20060515130350.GE26713@leitl.org> Message-ID: Is it a coincidence this story has surfaced, or was the other story a response to this one? -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [olivier.barbut at free.fr: Some legal trouble with TOR in France] >Date: Mon, 15 May 2006 15:03:50 +0200 > >----- Forwarded message from Olivier Barbut ----- > >From: Olivier Barbut >Date: Sat, 13 May 2006 12:53:00 +0200 >To: or-talk at freehaven.net >Subject: Some legal trouble with TOR in France >User-Agent: Thunderbird 1.5.0.2 (X11/20060501) >Reply-To: or-talk at freehaven.net > >Hello dear tor talkers, > >I'm running the tor router "mini", located in paris, france, and I >believe I have to share with you what happened to me last wednesday,the >10th of May. My router was an outside gateway, doing request for tor >anonymous users. > >Last wednesday morning, at 7:45, three cops did knock at my door. They >suspected me to have downloaded some child porn videos. As I was waking >up, I understood it was tor-related. I did explain them I was a TOR >outside gateway, but they didn't knew about it. They searched everywhere >in my small home and took every support they could find: hard drives >they removed from computers, cds, disks, and then they took me to the >police station, at the child protection service, jailing me the whole >day while they was searching my hard drives and cds for traces of the >video they was looking for. > >They did asked me if they was a way to trace back to the criminal who >downloaded this child abuse video, but I told them "not in my knowledge" >and "the tor network is designed to make this impossible, keeping no log >of traffic". > >At 19:00, having not found these video, having learned more about tor >and confirmated I was running it, they freed me, giving me back my cds >and hard drives. > >It's sad the way some people use their freedom, e.g. participating in >child abuse, but I'm still a strong believer in the necessity of >anonymity on the internet. > >As I asked them, they did assure me they accessed my hard drives >read-only, using hardware write disabler, but I still prefer not to run >it straight from the hard drive they had in hand for the whole day as I >know cops are not that trustable. The "mini" router will be back in a >few days. Not getting paranoid, but using paranooa to make sane decisions ! > >Do you know if similar things did happenned to other routers ? > >If you wants some more details, or have advice for me please ask and /or >give. > >Thanks everyone for making this possible ! > > >Olivier Barbut > >----- End forwarded message ----- >-- >Eugen* Leitl leitl http://leitl.org >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.ativel.com >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From XFWMR at msn.com Tue May 16 12:25:43 2006 From: XFWMR at msn.com (Ulysses Berg) Date: Tue, 16 May 2006 11:25:43 -0800 Subject: especial wire fontainebleau simulate bessie boca corporeal carr silage palmate extirpate portal Message-ID: <924866543.5892491439231.JavaMail.ebayapp@sj-besreco996> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1009 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: define.1.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From eugen at leitl.org Tue May 16 02:29:37 2006 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 16 May 2006 11:29:37 +0200 Subject: [dave@farber.net: [IP] Federal Source to ABC News: We Know Who You're Calling] Message-ID: <20060516092937.GA26713@leitl.org> ----- Forwarded message from David Farber ----- From jya at pipeline.com Tue May 16 13:04:46 2006 From: jya at pipeline.com (John Young) Date: Tue, 16 May 2006 13:04:46 -0700 Subject: [anogeorgeo@yahoo.com: ATTN: MiTH attack against SkyPE, defeates "Findnot.com"] In-Reply-To: <20060516160715.GW26713@leitl.org> Message-ID: Wasn't it pointed out quite a while ago, here if no where else, that all digital communications and data were susceptible to covert "radiological tagging," including those encrypted? I don't recall what protection against that was proposed or developed, but it was seen to be so likely that countermeasures were essential, but not necessarily to be disclosed publicly any more than your passphrase. Now it is always hard to tell what are spoof vulnerabilities, disinfo, and real ones, but spoof almost certainly outnumber the real ones for that is a common offense against attackers: to cloud clear and obscure vulnerabilities with confabulated clear and obscure ones. The way broken security continues in use to mislead those who are dumbfounded that such cluelessness occurs: to with the Iran security services continuing to use a cracked crypto system after news reports about it. Weak comsec is like orchestrated leaks, fools fall in love with them, seduced by a belief of superiority and good fortune. The one about the Russians one-time misuse of a one-time pad leading to cracking VENOA as if that was all there was to. Telegraph hands in the old days were quite good at simulating hands, and cross-talk in wiring was used to leak believable information because of the faith the snoopers had that nobody was aware of the intercepts. William Arkin listed a few days ago on his Washpo blog some 500 programs in use by US spooks to surveil for threats, and some of those might be more than smoke and sunshine but most are sci-fi used to promote NSA pantopticonic flim-flam. The most valuable intelligence is obtained by human betrayal and the humongous hardware on land, undersea and space which gets credit is an effective cloak. Bribing for info is still the most cost effective, but the US economy doesn't benefit from that petty pork compared to big iron on land, undersea and in space. From bill.stewart at pobox.com Tue May 16 13:46:57 2006 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 16 May 2006 13:46:57 -0700 Subject: Fwd: Some legal trouble with TOR in France In-Reply-To: References: <20060516031147.GE1898@arion.hive> Message-ID: <6.2.1.2.0.20060516134451.034fed88@pop.idiom.com> Hey, if you're going to feed the trolls, might as well feed them something interesting... Does it bare investigation, or bear it :-) ? And of course there's no need for government FUD in a cypherpunks environment, since there has always been plenty of volunteer work by the private sector. At 07:05 AM 5/16/2006, Tyler Durden wrote: >Oh...seems the same idea corssed your mind too. > >That guy's english was also suspiciously good... > >Either way, it bares further investigation... > >-TD > > >>From: Justin >>To: cypherpunks at jfet.org >>Subject: Re: Fwd: Some legal trouble with TOR in France >>Date: Tue, 16 May 2006 03:11:47 +0000 >> >>On 2006-05-15T08:12:17-0700, coderman wrote: >> > ah, reputation and trust. my favorite crux >> >>Uh-huh, or maybe le France is a haven for anonymous communications, and >>this FUD is a joint project of other western governments... governments >>that DO control all tor and remailer services within their borders. From camera_lumina at hotmail.com Tue May 16 11:04:09 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 16 May 2006 14:04:09 -0400 Subject: [anogeorgeo@yahoo.com: ATTN: MiTH attack against SkyPE, defeates "Findnot.com"] In-Reply-To: <20060516160715.GW26713@leitl.org> Message-ID: I'm intrigued, though slightly sceptical. As each packet passes through the router buffers, then any inter-packet delays would be erased. However, I suppose it's possible that he either inserts additional "silence" packets between legit packets in the flow, or else remaps the packet payloads and so inserts said delays. One "good" thing here is that this will probably be very difficult to do en masse...they'll have to target a specific individual I suspect. Also, I would think it's useless with mere email, etc... But of course, if they already have you on their radar screen and you are trying to hide the identities of people you are communicating with, then they MIGHT be able to figure out who you are communicating too. Another good thing is that I suspect it's possible to develop a counter to this (or at least detect it), but it may overburden some TOR nodes. -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [anogeorgeo at yahoo.com: ATTN: MiTH attack against SkyPE, defeates >"Findnot.com"] >Date: Tue, 16 May 2006 18:07:15 +0200 > >----- Forwarded message from Anothony Georgeo ----- > >From: Anothony Georgeo >Date: Tue, 16 May 2006 07:42:58 -0700 (PDT) >To: or-talk at freehaven.net >Subject: ATTN: MiTH attack against SkyPE, defeates "Findnot.com" >Reply-To: or-talk at freehaven.net > >Hello, > >Here is a quoted section from an article about the US >FBI and the next generation of "Carnivore" which will >focus on VoIP. > >The qutoed section deals with a MiTH attack (I think) >that has been discussed here before. The attacker >adds a packet timing delay and invisable 'tag' to >packets of the P2P VoIP software "SkyPE". > >This MiTH attack defeated the anonymity offered by >http://www.findnot.com and as such everyone should >concider all other web-based, single-hop and weak [eg. >non-Tor ;-) ] anonymizing services to be broken. > >I don't think this MiTH attack can effect the Tor >network but I'm not sure. I think Tor's DH key >authentication of nodes and TLS tunnels precludes this >attack but I'm not positive. > >Can an Onion Route II/Tor expert offer assurance this >MiTH attack does not effect Tor? > >-Quoted section- >http://news.com.com/Feds+fund+VoIP+tapping+research/2100-7348_3-5825932.html? >part=rss&tag=5825932&subj=news > >The FBI or any other government agency that's >eavesdropping on both ends of the link would see that >each person was connected to the anonymizing >server--but couldn't know for sure who was talking to >whom. The more customers who use the service at once, >the more difficult it would be for investigators to >connect the dots. > >Wang discovered he could embed a unique, undetectable >signature in Skype packets and then identify that >signature when they reached their destination. The >technique works in much the same way as a radioactive >marker that a patient swallows, permitting doctors to >monitor its progress through the digestive system. > >"It's based on the flow itself," Wang said. "I embed a >watermark into the flow itself, the timing of the >packets. By adjusting the timing of select packets >slightly, it's transparent. There's no overhead in the >bandwidth, and it's very subtle. It's mingled with the >background noise." (The anonymizing service tested was >Findnot.com, which did not immediately respond to a >request for comment on Tuesday.) > >A paper co-authored by Wang and fellow George Mason >researchers Shiping Chen and Sushil Jajodia describing >their results is scheduled to be presented at a >computer security conference in November. An early >draft concludes that "tracking anonymous, peer-to-peer >VoIP calls on the Internet is feasible" with only >3-millisecond timing alterations as long as the calls >are at least 90 seconds long. > >-End quoted section- > >Options, comments? > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com > >----- End forwarded message ----- >-- >Eugen* Leitl leitl http://leitl.org >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.ativel.com >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From coderman at gmail.com Tue May 16 14:09:04 2006 From: coderman at gmail.com (coderman) Date: Tue, 16 May 2006 14:09:04 -0700 Subject: Fwd: Some legal trouble with TOR in France In-Reply-To: <20060516031147.GE1898@arion.hive> References: <4ef5fec60605150812le61d1c2v3360e50c775f9a98@mail.gmail.com> <20060516031147.GE1898@arion.hive> Message-ID: <4ef5fec60605161409s7be87e75r545e77feb3e5c61b@mail.gmail.com> On 5/15/06, Justin wrote: > On 2006-05-15T08:12:17-0700, coderman wrote: > > ah, reputation and trust. my favorite crux > > Uh-huh, or maybe le France is a haven for anonymous communications, and > this FUD is a joint project of other western governments... governments > that DO control all tor and remailer services within their borders. i suppose my point was that trusting tor as it stands is a leap of faith. there is little visibility as far as node selection criteria for addition to the directory, the information and physical security aspects of the servers within the directory, and the reputation of the node operators with respect to "rubber hose / threatened incarceration" attacks and the associated trust level to assign in such a context. much better than nothing, but i still consider tor useful mainly for keeping your source IP out of webserver logs. any other government / malicious entity can compromise accordingly. (i know this isn't the situation overall, but i assume as much so i won't be surprised by a worst case) i used to run a peertech node on a dedicated server. this host was compromised by tech staff at the facility with physical access and ever since i've refused to operate a node until i could be sure physical security was assured. i tend to consider any service that relies on host integrity also reliant on a number of other prerequisites like: - physical security to prevent unauthorized access - hard disk encryption to prevent unauthenticated disclosure (esp. seizure of hardware) - infosec best practices to keep attack surface minimal (firewalls, chroot, VM's, POLA, etc) for the situation mentioned in parent thread, i'd like to know that if the TLA comes knockin' my key scrubbing loop-aes turns all disks into large entropy stores the moment power is killed upon any attempted seizure. most services currently assume the disk is private. if you want a private disk, you need full disk encryption (key scrubbing in RAM++) tied to strong authentication. From coderman at gmail.com Tue May 16 14:22:24 2006 From: coderman at gmail.com (coderman) Date: Tue, 16 May 2006 14:22:24 -0700 Subject: Russ Tice to testify tomorrow about "shocking" new programs run by NSA/DIA Message-ID: <4ef5fec60605161422x5f317e99mfa2aabf46cf71aff@mail.gmail.com> i'm anxiously awaiting some more technical detail on all these black programs so heavily compartmentalized beyond accountability. this is my favorite Russ Tice quote: "there's no way the programs I want to talk to Congress about should be public ever, unless maybe in 200 years they want to declassify them. You should never learn about it; no one at the Times should ever learn about these things. But that same mechanism that allows you to have a program like this at an extremely high, sensitive classification level could also be used to mask illegality, like spying on Americans." [1] http://www.csmonitor.com/2006/0516/dailyUpdate.html ---selective-cuts--- Arkin says that all these activities revolve around two key questions: are these just "ingestion and digestion" designed to catch more terrorists, or are they the "the building blocks of a new seamless surveillance culture?" ... ""We should be terrified that Congress has not been doing its job and because all of the checks and balances put in place to prevent this have been deliberately obviated. In order to get this done, the NSA and White House went around all of the checks and balances. I'm convinced that 20 years from now we, as historians, will be looking back at this as one of the darkest eras in American history. And we're just beginning to sort of peel back the first layers of the onion. We're hoping against hope that it's not as bad as I suspect it will be, but reality sets in every time a new article is published and the first thing the Bush administration tries to do is quash the story. It's like the lawsuit brought by [the Electronic Frontier Foundation] against AT&T  the government's first reaction was to try to quash the lawsuit. That ought to be a warning sign that they're on to something."" - Matthew Aid ... Meanwhile, National Journal's CongressDaily reported last week that Russell Tice, a former NSA employee who was also one of the sources who revealed the warrantless wiretapping story to The New York Times, is going to give Senate Armed Services Committee staffers more information Wednesday about the activities of the NSA during the tenure of Gen. Michael Hayden. He says some of the things he will tell the committee include the news that "not only do employees at the agency believe the activities they are being asked to perform are unlawful, but that what has been disclosed so far is only the tip of the iceberg." ' [Tice] said he plans to tell the committee staffers the NSA conducted illegal and unconstitutional surveillance of US citizens while he was there with the knowledge of Hayden. ... "I think the people I talk to next week are going to be shocked when I tell them what I have to tell them. It's pretty hard to believe," Tice said. "I hope that they'll clean up the abuses and have some oversight into these programs, which doesn't exist right now." ... Tice said his information is different from the Terrorist Surveillance Program that Bush acknowledged in December and from news accounts [last] week that the NSA has been secretly collecting phone call records of millions of Americans. "It's an angle that you haven't heard about yet," he said. ... He would not discuss with a reporter the details of his allegations, saying doing so would compromise classified information and put him at risk of going to jail. He said he "will not confirm or deny" if his allegations involve the illegal use of space systems and satellites. ' ---end-cut--- 1. http://en.wikipedia.org/wiki/Russell_Tice From coderman at gmail.com Tue May 16 14:42:36 2006 From: coderman at gmail.com (coderman) Date: Tue, 16 May 2006 14:42:36 -0700 Subject: [anogeorgeo@yahoo.com: ATTN: MiTH attack against SkyPE, defeates "Findnot.com"] In-Reply-To: References: <20060516160715.GW26713@leitl.org> Message-ID: <4ef5fec60605161442w639305c5v42e8843e251420a1@mail.gmail.com> On 5/16/06, John Young wrote: > Wasn't it pointed out quite a while ago, here if no where else, that all > digital communications and data were susceptible to covert "radiological > tagging," including those encrypted? I don't recall what protection > against that was proposed or developed... zero knowledge mixing. even tor isn't enough. > The most valuable intelligence is obtained by human betrayal ah, reputation and trust. my favorite crux > and the humongous hardware on land, undersea and space > which gets credit is an effective cloak. human minds don't recall verbatim digital detail in bulk. while i agree there is more pork than effectiveness behind these systems, they no doubt contribute significantly. leveraging meatspace weakness for visibility into dark stores of data seems especially useful. keys are keys and digital data doesn't age... --- http://news.bbc.co.uk/1/hi/health/4921690.stm "Catching sight of a pretty woman really is enough to throw a man's decision-making skills into disarray." oldest tricks are the best tricks i suppose. they did send an attractive fed chick to probe for info at DC13 while running the blackbox challenge. i'll take that over a rubber hose any day... *grin* From coderman at gmail.com Tue May 16 15:01:31 2006 From: coderman at gmail.com (coderman) Date: Tue, 16 May 2006 15:01:31 -0700 Subject: ISPs providing "warrant canaries" In-Reply-To: <20060516134439.75791.qmail@web50911.mail.yahoo.com> References: <20060516134439.75791.qmail@web50911.mail.yahoo.com> Message-ID: <4ef5fec60605161501t1b1f6b86kc850efc87f0eed90@mail.gmail.com> On 5/16/06, Jason Arnaute wrote: > ... > I am using a new offsite storage vendor, rsync.net, > which publishes what they call a "warrant canary": > ... > Is this what they have been called, or did they make > up the term "warrant canary" ? i've never heard of it before and google seems to think they coined it. > How large of a grain of salt should I take this with ? doesn't seem too useful. if a warrant/NSL is served, was it for your system? do you now switch providers? assume all secrets are compromised? if you are concerned then a hosting facility is probably the wrong place to keep your data / servers. From coderman at gmail.com Tue May 16 15:04:10 2006 From: coderman at gmail.com (coderman) Date: Tue, 16 May 2006 15:04:10 -0700 Subject: [dave@farber.net: [IP] Federal Source to ABC News: We Know Who You're Calling] In-Reply-To: <20060516092937.GA26713@leitl.org> References: <20060516092937.GA26713@leitl.org> Message-ID: <4ef5fec60605161504h4977d59dt886773fd839f99f6@mail.gmail.com> On 5/16/06, Eugen Leitl wrote: > ... > "It's time for you to get some new cell phones, quick," the source > told us in an in-person conversation. i got a good chuckle out of that one. such a simple solution! makes me wonder who the source is... From non_secure at yahoo.com Tue May 16 15:37:26 2006 From: non_secure at yahoo.com (Jason Arnaute) Date: Tue, 16 May 2006 15:37:26 -0700 (PDT) Subject: ISPs providing "warrant canaries" In-Reply-To: <4ef5fec60605161501t1b1f6b86kc850efc87f0eed90@mail.gmail.com> Message-ID: <20060516223726.32166.qmail@web50910.mail.yahoo.com> --- coderman wrote: > > I am using a new offsite storage vendor, > rsync.net, > > which publishes what they call a "warrant canary": (snip) > > How large of a grain of salt should I take this > with ? > > doesn't seem too useful. if a warrant/NSL is > served, was it for your > system? do you now switch providers? assume all > secrets are > compromised? Well, no it's not useful in _avoiding_ the warrant, but nothing really is. It seems useful in defeating the secrecy of the warrant. I'd rather know than not know, all else being equal ... > if you are concerned then a hosting facility is > probably the wrong > place to keep your data / servers. This is less of an ISP and more of a "filesystem in the sky" ... an offsite filesystem. I encrypt all of the data I send there, so it's not an issue, but it is an issue to know when things like this happen, and I like their stance. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From coderman at gmail.com Tue May 16 15:52:29 2006 From: coderman at gmail.com (coderman) Date: Tue, 16 May 2006 15:52:29 -0700 Subject: ISPs providing "warrant canaries" In-Reply-To: <20060516223726.32166.qmail@web50910.mail.yahoo.com> References: <4ef5fec60605161501t1b1f6b86kc850efc87f0eed90@mail.gmail.com> <20060516223726.32166.qmail@web50910.mail.yahoo.com> Message-ID: <4ef5fec60605161552h3671030fp565d9943eba8d3f0@mail.gmail.com> On 5/16/06, Jason Arnaute wrote: > ... It seems useful in defeating the secrecy of the warrant. this part i like! i'm waiting for some judge to rule that these tricks effectively disclose the reception of an NSL and are thus illegal. judges don't like technical hair splitting when the intent is clear: to disclose what you are forbidden from disclosing. (of course, Doug Thompson was able to skate by disclosure carefully so perhaps this isn't much of a concern[1] :) > This is less of an ISP and more of a "filesystem in > the sky" ... an offsite filesystem. I encrypt all of > the data I send there, so it's not an issue no keys are stored at the remote location? or the traffic is encrypted before the files are stored to disk plaintext? keeping remote secrets secure is hard (usually requires hardware tokens with tamper resistance) 1. http://www.capitolhillblue.com/blog/2006/03/telling_the_approved_story.html From dgerow at afflictions.org Tue May 16 13:32:21 2006 From: dgerow at afflictions.org (Damian Gerow) Date: Tue, 16 May 2006 16:32:21 -0400 Subject: [anogeorgeo@yahoo.com: ATTN: MiTH attack against SkyPE, defeates "Findnot.com"] In-Reply-To: <20060516160715.GW26713@leitl.org> References: <20060516160715.GW26713@leitl.org> Message-ID: <20060516203221.GR58636@afflictions.org> Thus spake Eugen Leitl (eugen at leitl.org) [16/05/06 12:14]: : This MiTH attack defeated the anonymity offered by : http://www.findnot.com and as such everyone should : concider all other web-based, single-hop and weak [eg. : non-Tor ;-) ] anonymizing services to be broken. Okay. : I don't think this MiTH attack can effect the Tor : network but I'm not sure. I think Tor's DH key : authentication of nodes and TLS tunnels precludes this : attack but I'm not positive. Uh-huh. : The FBI or any other government agency that's : eavesdropping on both ends of the link would see that : each person was connected to the anonymizing : server--but couldn't know for sure who was talking to : whom. The more customers who use the service at once, : the more difficult it would be for investigators to : connect the dots. Silly question: Doesn't TOR's own model state they can /not/ protect against these types of attacks? When an attacker can monitor entry and exit points, isn't it fairly trivial to identify who is talking to whom? Why go through all the extra trouble of inserting packets or signatures, when all you have to do is watch the packet itself? Especially since "Tor's DH key authentication of nodes and TLS tunnels" would ensure data integrity, all you'd have to do is hash the incoming packets, and see where they come out. (Yes, that's not a trivial amount of work. But I'd think it'd be easier than manipulating packet flows. I suppose that if you're manipulating the flow, so long as the manipulation is automated, it could potentially be easier to identify your manipulation when it approaches its endpoint. But still, it seems like a whole lot of extra work for no real added benefit, if we're talking $TLA-style monitoring.) Or am I missing something? IMHO, this is a plug for something like Freenet and mixmaster/mixminion, and other time-delayed communications (*ahem*True Names*ahem*). From dgerow at afflictions.org Tue May 16 13:59:37 2006 From: dgerow at afflictions.org (Damian Gerow) Date: Tue, 16 May 2006 16:59:37 -0400 Subject: [anogeorgeo@yahoo.com: ATTN: MiTH attack against SkyPE, defeates "Findnot.com"] In-Reply-To: <20060516203221.GR58636@afflictions.org> References: <20060516160715.GW26713@leitl.org> <20060516203221.GR58636@afflictions.org> Message-ID: <20060516205936.GV58636@afflictions.org> Thus spake Damian Gerow (dgerow at afflictions.org) [16/05/06 16:44]: : Especially since "Tor's DH key authentication of nodes and TLS tunnels" : would ensure data integrity, all you'd have to do is hash the incoming : packets, and see where they come out. Reply to myself: this is actually incorrect and misleading. However, the fact that their own threat model dictates they cannot protect against a 'global eavesdropper' means they're vulnerable to this type of attack. From eugen at leitl.org Tue May 16 08:56:12 2006 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 16 May 2006 17:56:12 +0200 Subject: [olivier.barbut@free.fr: Some legal trouble with TOR in France] In-Reply-To: References: <20060515130350.GE26713@leitl.org> Message-ID: <20060516155611.GS26713@leitl.org> On Tue, May 16, 2006 at 10:07:49AM -0400, Tyler Durden wrote: > Is it a coincidence this story has surfaced, or was the other story a > response to this one? No idear. I would not trust either source too much. There's been much acrimony about frog admin in the remops days. Both sides made good points about each other, so I dunno whom to trust. FWIW, apart from regular DDoSes I've never been harassed about running a Tor server in Germany. Of course, for what I know it might be tapped upstream, or (since the colo hoster has root on it) bugged. I don't care too much, because Tor is not designed to be TLA-proof (also, my paranoia level is insufficiently high). -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Tue May 16 09:05:06 2006 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 16 May 2006 18:05:06 +0200 Subject: [anogeorgeo@yahoo.com: Re: VoIP, Tor and Zfone by Phillip Zimmermann?] Message-ID: <20060516160506.GU26713@leitl.org> ----- Forwarded message from Anothony Georgeo ----- From eugen at leitl.org Tue May 16 09:07:15 2006 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 16 May 2006 18:07:15 +0200 Subject: [anogeorgeo@yahoo.com: ATTN: MiTH attack against SkyPE, defeates "Findnot.com"] Message-ID: <20060516160715.GW26713@leitl.org> ----- Forwarded message from Anothony Georgeo ----- From george.danezis at esat.kuleuven.be Tue May 16 09:37:02 2006 From: george.danezis at esat.kuleuven.be (George Danezis) Date: Tue, 16 May 2006 18:37:02 +0200 Subject: PET 2006: Call for Participation Message-ID: Call for Participation 6th Workshop on Privacy Enhancing Technologies (PET 2006) Robinson College, Cambridge, United Kingdom June 28 - June 30, 2006 http://petworkshop.org/2006/ Special Events: * Keynote speaker: Susan Landau, Sun Microsystems Laboratories on "The Missing Link", (Abstract at the end of the email.) * PET Award 2006 ceremony and reception at Microsoft Research, http://petworkshop.org/2006/award.html Co-located with: * The Fifth Workshop on the Economics of Information Security (WEIS 2006), 26-28 June, http://weis2006.econinfosec.org/ * IAVoSS Workshop On Trustworthy Elections (WOTE 2006) 29-30 June, http://www.win.tue.nl/~berry/wote2006/ Privacy and anonymity are increasingly important in the online world. Corporations, governments, and other organizations are realizing and exploiting their power to track users and their behavior, and restricting the ability to publish or retrieve documents. Approaches to not only protecting individuals and groups, but also companies and governments, from such profiling and censorship include decentralization, encryption, distributed trust, and automated policy disclosure. This 6th workshop addresses the design and realization of such privacy and anti-censorship services for the Internet and other communication networks by bringing together anonymity and privacy experts from around the world to discuss recent advances and new perspectives. Early registration by May 12 at: http://petworkshop.org/2006/petRegister.html Further local information on accommodation and travel is available on the PET workshop website (book accommodation early!): http://petworkshop.org/2006/petTravel.html Program Chairs: * Philippe Golle, PARC (Philippe.Golle at parc com) * George Danezis, K.U.Leuven (George.Danezis at esat kuleuven be) General Chair: * Richard Clayton, University of Cambridge (Richard.Clayton at cl cam ac uk) Research Program: (also at http://petworkshop.org/2006/program.html) Privacy and the real world * One Big File Is Not Enough: A Critical Evaluation of the Dominant Free-Space Sanitization Technique Simson Garfinkel and David Malan * Protecting Privacy with the MPEG-21 IPMP Framework Nicholas Paul Sheppard and Reihaneh Safavi-Naini * Privacy for Public Transportation Thomas S. Heydt-Benjamin, Hee-Jin Chae, Benessa Defend, and Kevin Fu * Privacy Rights Management - Taming Cellphone Cameras Mina Deng, Lothar Fritsch and Klaus Kursawe * Ignoring the Great Firewall of China Richard Clayton, Steven J. Murdoch and Robert N. M. Watson * I Know What You Did Last Summer: Self-Awareness, Imagined Communities,and Information Sharing in an Online Social Network Alessandro Acquisti and Ralph Gross Privacy policies * Enhancing Consumer Privacy in the Liberty Alliance Identity Federation and Web Services Frameworks Mansour Alsaleh and Carlisle Adams * Traceable and Automatic Compliance of Privacy Policies in Federated Digital Identity Management Anna C. Squicciarini, Abhilasha Bhargav-Spantzel, Alexei Czeskis and Elisa Bertino * Privacy Injector - Automated Privacy Enforcement through Aspects Chris Vanden Berghe and Matthias Schunter * A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises Marco Casassa Mont and Robert Thyne Anonymous communications * Improving Sender Anonymity in a Structured Overlay with Imprecise Routing Giuseppe Ciaccio * Selectively Traceable Anonymity Luis von Ahn, Andrew Bortz, Nicholas Hopper and Kevin O'Neill * Valet Services: Improving Hidden Servers with a Personal Touch Lasse Xverlier and Paul Syverson * Blending different latency traffic with alpha-mixing Roger Dingledine, Andrei Serjantov and Paul Syverson Attacks: Traffic and Location analysis * Breaking the Collusion Detection Mechanism of MorphMix Parisa Tabriz and Nikita Borisov * Linking Anonymous Transactions: The Consistent View Attack Andreas Pashalidis and Bernd Meyer * Preserving User Location Privacy in Mobile Data Management Infrastructures Reynold Cheng, Yu Zhang, Elisa Bertino and Sunil Prabhakar * Location Access Effects on Trail Re-identification Bradley Malin and Edoardo Airoldi Private muti-party computation, authentication, and cryptography * Private Resource Pairing Joseph A. Calandrino and Alfred C. Weaver * On the Security of the Tor Authentication Protocol Ian Goldberg * Honest-Verifier Private Disjointness Testing without Random Oracles Susan Hohenberger and Stephen A. Weis * A Flexible Framework for Secret Handshakes Gene Tsudik and Shouhuai Xu * Optimal Key-Trees for Tree-Based Private Authentication Levente Buttyan, Tamas Holczer and Istvan Vajda * Simple and Flexible Private Revocation Checking John Solis and Gene Tsudik Keynote speaker: The Missing Link Susan Landau In recent decades, we have seen significant progress in the development of tools to protect privacy. We have similarly seen various policy developments, e.g., the 1980 OECD Guidelines on Privacy Protection and 1997 application to the Internet. But Between the conception And the creation Between the emotion And the response Falls the Shadow. (T.S. Eliot, "The Hollow Men.") One shadow is that while privacy policies abound, when data is collected, there are few or no rules governing its security (which is a crucial requirement for data privacy). A current instance of this concerns the recent requirement for data retention by the European Union. This talk discusses what is needed to get to: Between the conception And the creation Between the emotion And the response Falls the Action. Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From non_secure at yahoo.com Tue May 16 19:26:48 2006 From: non_secure at yahoo.com (Jason Arnaute) Date: Tue, 16 May 2006 19:26:48 -0700 (PDT) Subject: ISPs providing "warrant canaries" In-Reply-To: <4ef5fec60605161552h3671030fp565d9943eba8d3f0@mail.gmail.com> Message-ID: <20060517022648.46277.qmail@web50913.mail.yahoo.com> --- coderman wrote: > > This is less of an ISP and more of a "filesystem > in > > the sky" ... an offsite filesystem. I encrypt all > of > > the data I send there, so it's not an issue > > no keys are stored at the remote location? or the > traffic is > encrypted before the files are stored to disk > plaintext? Yes, that's right. Unlike Iron Mountain and the other commercial offsite data storage providers, rsync.net is open to the entire SSH suite. So what I do is mount my offsite filesystem over sshfs, so i can use it as a local filesystem, and then create a FreeBSD GBDE image on it, which I then also mount. So it is a remote encrypted filesystem over ssh. If my data is ever seized or a search warrant is ever served, all they will see is a 4 gigabyte file of random bits. So in the end, the "warrant canary" doesn't concern me much practically, because I don't really care if rsync.net gets served ... it's still nice to see though. YMMV. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From no-reply at casino-play.info.jfet.org Tue May 16 20:22:12 2006 From: no-reply at casino-play.info.jfet.org (Green Table Casino) Date: Tue, 16 May 2006 21:22:12 -0600 Subject: New Players get up to $300 FREE in Welcome Bonuses Message-ID: <10150.paralysis@date> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1568 bytes Desc: not available URL: From eugen at leitl.org Tue May 16 13:01:10 2006 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 16 May 2006 22:01:10 +0200 Subject: [george.danezis@esat.kuleuven.be: PET 2006: Call for Participation] Message-ID: <20060516200110.GN26713@leitl.org> ----- Forwarded message from George Danezis ----- From nelson at crynwr.com Tue May 16 20:16:59 2006 From: nelson at crynwr.com (Russ Nelson) Date: Tue, 16 May 2006 23:16:59 -0400 Subject: NSA knows who you've called. Message-ID: dan at geer.org writes: > You and I are in agreement, but how do we get > the seemingly (to us) plain truth across to > others? I've been trying for a good while now, > reaching a point where I'd almost wish for a > crisis of some sort as persuasiveness is not > working. > > We are probably well off-topic for this list. First they came for the terrorists, and I said nothing because I wasn't a terrorist. Then they came for my phone calls, and I said nothing because I had nothing to hide. Then they came for the cryptographers, and I said nothing because I coulldn't even spel the word. Now I can't hide anything. -- --my blog is at http://blog.russnelson.com | Microsoft as wall, Crynwr sells support for free software | PGPok | OSI are the sappers. 521 Pleasant Valley Rd. | +1 315-323-1241 | Walls fall stone by stone Potsdam, NY 13676-3213 | Sheepdog | --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From bmhliolh at usnationwide.net Tue May 16 19:20:55 2006 From: bmhliolh at usnationwide.net (Brain Swift) Date: Tue, 16 May 2006 23:20:55 -0300 Subject: chance of a lifetime Message-ID: <481718596355.ZGK28349@clement.webbcraft.net> What would you do when a chance comes your way? here's the deal: We're giving away $888 so you increase your chance to win thoudands more. Better than Vegas odds how can you resist? Solid, Reliable Respectable with 100% Security, Privacy and 24/7 support Play Now! http://soncrit.com/d1/now From jason.j.kohl at aesp.com Wed May 17 03:31:50 2006 From: jason.j.kohl at aesp.com (Emilia Nix) Date: Wed, 17 May 2006 02:31:50 -0800 Subject: news day Message-ID: <367857136.7344133193577.JavaMail.ebayapp@sj-besreco866> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 988 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: tumult.2.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From tatum at cclind.com Wed May 17 07:37:42 2006 From: tatum at cclind.com (Don Felton) Date: Wed, 17 May 2006 08:37:42 -0600 Subject: Lowest rate approved Message-ID: <0.0.6.9.3.14968877498229.248a8182@69.60.117.34> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1162 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: vestigial.jpg Type: image/jpg Size: 7236 bytes Desc: not available URL: From simon at avcorp.com Wed May 17 07:39:01 2006 From: simon at avcorp.com (Sherrie Nguyen) Date: Wed, 17 May 2006 08:39:01 -0600 Subject: Notification: Loww ratess Message-ID: <34525615337864.h1qrXwRb01@barbarous> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1184 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: mercenary.gif Type: image/gif Size: 6170 bytes Desc: not available URL: From alisha1 at ev1.net Wed May 17 08:20:23 2006 From: alisha1 at ev1.net (Blair Burns) Date: Wed, 17 May 2006 09:20:23 -0600 Subject: Ratess approved Message-ID: <53995799356784.8xRQBmNcfF@pain> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1210 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: teratogenic.gif Type: image/gif Size: 6170 bytes Desc: not available URL: From bart at goldblatt.net Wed May 17 09:08:12 2006 From: bart at goldblatt.net (Fay Springer) Date: Wed, 17 May 2006 10:08:12 -0600 Subject: Lowest rate approved Message-ID: <24004751892660.qqT7ygVCmI@elide> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1199 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: indemnity.gif Type: image/gif Size: 6170 bytes Desc: not available URL: From jxkncczpqgad at velocitus.net Wed May 17 08:21:38 2006 From: jxkncczpqgad at velocitus.net (Nuno) Date: Wed, 17 May 2006 10:21:38 -0500 Subject: Tiffany, Handbags, Pens and more.. Message-ID: <2.8.0.5.6.04186929868888.251a8185@69.60.117.34> a intersect on adrift not eater not newsletter not vicinity -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 784 bytes Desc: not available URL: From logs at kbcat.com Wed May 17 09:27:01 2006 From: logs at kbcat.com (Gregorio Cortez) Date: Wed, 17 May 2006 10:27:01 -0600 Subject: Mortagge ratee approvedd Message-ID: <257g166p.6933626@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1214 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: hydrangea.jpg Type: image/jpg Size: 5762 bytes Desc: not available URL: From coderman at gmail.com Wed May 17 11:20:19 2006 From: coderman at gmail.com (coderman) Date: Wed, 17 May 2006 11:20:19 -0700 Subject: NS&AT&T In-Reply-To: References: Message-ID: <4ef5fec60605171120i4c1bd11dy2ee55f02b01aecc5@mail.gmail.com> On 5/17/06, Tyler Durden wrote: > ... > Theoretically, they could actually just backhaul all of this traffic using > pretty ordinary 16 wavelength WDM from any number of vendors. Getting that > cross-country is difficult, but with ULH (Ultra Long Haul) this could be > done with a relative minimum of repeater/amplifier sites. If they pre-sort > the traffic before backhauling it they could then actually just buy a > wavelength on AT&T's backbone, which has some nice features to it (I'd bet > they also have their own encryption used for the entire wavelength pipe, > though I could be wrong). this would be my assumption. filter and backhaul the interesting content on leased fiber. (and pay for rack room + leased fiber, $$$) i'd love to have Sean Gorman's fiber map about now... > The pinchpoint here just might actually be the deep packet inspection. Does > anyone know what kind of bandwidth the narus boxes can support? 4 x OC3 = 622,080 kbp/s 8 x OC12 = 4,976,640 kbp/s 4 x OC48 = 9,953,280 kbp/s == 15.552 Gbp/s (is half of this mostly idle protect?) given FPGA matching which can support at least a few hundred snort style rules per chip at 10GigE line speed i don't think the Narus is the bottleneck / limiting factor. this type of deep inspection scales linearly and is well within budget (though still expensive). the Narus Insight can troll 10GigE/OC-192 links at L4 and OC-48 at L7. this might explain why the circuits top out at OC-48 into the tap panel. if you had a culling ratio of 25:1 you could backhaul all the interesting traffic for this 15Gbps feed on an OC12. assuming half these links are idle protect that would drop the necessary culling in half. From g13005 at gmail.com Wed May 17 09:34:47 2006 From: g13005 at gmail.com (Chris Olesch) Date: Wed, 17 May 2006 11:34:47 -0500 Subject: NS&AT&T In-Reply-To: References: Message-ID: You know I really enjoyed George Orwells Popcorn. Maybe that was Redenbockers' Popcorn while reading George Orwell...hehe... Here is my dumb question for the day, but can someone show me where my logic has run aloof? The NSA's claim is not to have listened to the content, just collected it. "Assuming" their telling the truth on this, I thought they may be trying to create a bell-curve type application that scans the messages for content based on predetermined criteria (similar to content filters I assume). However, the flaw I see is similar to the idea behind changing speed limits on residential streets. Public safety sets up the electronic signs to monitor speed limits, and flashes if you travel above the posted limit. Except the data can be ruined (for lack of a better word) if the drivers sneak up on the sign and gun-it past it, repeatedly! How this applies to the NSA model: If normal citizens are polluting their data by using more vulgar or "terror driven" speech. How will they know legitimate traffic from crank-yankers? -chris Y.A.C.Y. On 17/05/06, Tyler Durden wrote: > > I'd bet by the time this post reaches the list most Cypherpunks &c will > have > already seen the string of information posted on Wired and other places, > about AT&T's network. This is a level of detail that I strongly suspect > has > NSA folks shitting bricks: > > http://www.wired.com/news/technology/0,70908-0.html?tw=wn_index_2 > > > Here's an interesting quote: > > >One of the documents appears to describe AT&T's successful efforts to tap > >into 16 fiber-optic >cables connecting the company's WorldNet internet > >backbone to other internet service providers. >The document shows AT&T > >technicians phasing in fiber-optic splitters throughout February 2003, > > >cutting them in four at a time on a weekly schedule, ending with a link > >to Mae West, an internet >exchange point for West Coast traffic. > > Now this is REALLY interesting: > > http://blog.wired.com/images/nsadocs2_f.jpg > > OK, this means the 16 fibers mentioned above are single wavelength. From > this document we can also view what the actual bandwidths are: OC-12s and > OC-48s, a couple of OC-3s and no OC-192s. Now I don't see any > documentation > stating that there isn't more than this going into the room. The "four > splitters at a time" almost certainly implies that this traffic is coming > off a 4-fiber BLSR (most likely too NSA worked with the other carriers to > move the traffic to protect prior to installing the splitters).* > > Theoretically, they could actually just backhaul all of this traffic using > pretty ordinary 16 wavelength WDM from any number of vendors. Getting that > cross-country is difficult, but with ULH (Ultra Long Haul) this could be > done with a relative minimum of repeater/amplifier sites. If they pre-sort > the traffic before backhauling it they could then actually just buy a > wavelength on AT&T's backbone, which has some nice features to it (I'd bet > they also have their own encryption used for the entire wavelength pipe, > though I could be wrong). > > The pinchpoint here just might actually be the deep packet inspection. > Does > anyone know what kind of bandwidth the narus boxes can support? > > What this will do is give us an idea of how much traffic they are actually > taking back. From our discussions some months ago, I have assumed (and > still > believe) that they can't grab EVERYTHING and pull it back, because that > would require too obvious and too huge a network. My other assumption is > that the narus deep packet inspection is enforcing a prioritization prior > to > hockeying the most "juicy" traffic into their fiber or wavelegnths. > > *: They would have first told the owner/carrier of one of those OC-N pipes > to force a switch to protection bandwidth while they installed the > splitters, and then switch back once the splitters were installed. It > LOOKS > like they did this ring-by-ring, diverting traffic away from the "break" > and > then installing splitters on all four fibers terminating across the break. > -- -G "The knack of flying is learning how to throw yourself at the ground and miss." "He felt that his whole life was some kind of dream and he sometimes wondered whose it was and whether they were enjoying it." "He inched his way up the corridor as if he would rather be yarding his way down it..." "We demand rigidly defined areas of doubt and uncertainty!" "I love deadlines. I like the whooshing sound they make as they fly by." Famous Quotes written by Douglas Adams, (British comic writer, 1952-2001) http://hitchhikers.movies.go.com/ From camera_lumina at hotmail.com Wed May 17 09:22:31 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 17 May 2006 12:22:31 -0400 Subject: NS&AT&T Message-ID: I'd bet by the time this post reaches the list most Cypherpunks &c will have already seen the string of information posted on Wired and other places, about AT&T's network. This is a level of detail that I strongly suspect has NSA folks shitting bricks: http://www.wired.com/news/technology/0,70908-0.html?tw=wn_index_2 Here's an interesting quote: >One of the documents appears to describe AT&T's successful efforts to tap >into 16 fiber-optic >cables connecting the company's WorldNet internet >backbone to other internet service providers. >The document shows AT&T >technicians phasing in fiber-optic splitters throughout February 2003, > >cutting them in four at a time on a weekly schedule, ending with a link >to Mae West, an internet >exchange point for West Coast traffic. Now this is REALLY interesting: http://blog.wired.com/images/nsadocs2_f.jpg OK, this means the 16 fibers mentioned above are single wavelength. From this document we can also view what the actual bandwidths are: OC-12s and OC-48s, a couple of OC-3s and no OC-192s. Now I don't see any documentation stating that there isn't more than this going into the room. The "four splitters at a time" almost certainly implies that this traffic is coming off a 4-fiber BLSR (most likely too NSA worked with the other carriers to move the traffic to protect prior to installing the splitters).* Theoretically, they could actually just backhaul all of this traffic using pretty ordinary 16 wavelength WDM from any number of vendors. Getting that cross-country is difficult, but with ULH (Ultra Long Haul) this could be done with a relative minimum of repeater/amplifier sites. If they pre-sort the traffic before backhauling it they could then actually just buy a wavelength on AT&T's backbone, which has some nice features to it (I'd bet they also have their own encryption used for the entire wavelength pipe, though I could be wrong). The pinchpoint here just might actually be the deep packet inspection. Does anyone know what kind of bandwidth the narus boxes can support? What this will do is give us an idea of how much traffic they are actually taking back. From our discussions some months ago, I have assumed (and still believe) that they can't grab EVERYTHING and pull it back, because that would require too obvious and too huge a network. My other assumption is that the narus deep packet inspection is enforcing a prioritization prior to hockeying the most "juicy" traffic into their fiber or wavelegnths. *: They would have first told the owner/carrier of one of those OC-N pipes to force a switch to protection bandwidth while they installed the splitters, and then switch back once the splitters were installed. It LOOKS like they did this ring-by-ring, diverting traffic away from the "break" and then installing splitters on all four fibers terminating across the break. From kejsbnfepg at eastlink.ca Wed May 17 10:24:46 2006 From: kejsbnfepg at eastlink.ca (Boatman) Date: Wed, 17 May 2006 12:24:46 -0500 Subject: Your Fat Enemy Message-ID: <4.4.6.0.1.88036837427440.180a8178@69.60.117.34> be avogadro and celsius it amalgam ! usury or medford -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1085 bytes Desc: not available URL: From rah at shipwright.com Wed May 17 09:26:22 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Wed, 17 May 2006 12:26:22 -0400 Subject: [nelson@crynwr.com: Re: NSA knows who you've called.] In-Reply-To: <20060517140708.GT26713@leitl.org> References: <20060517140708.GT26713@leitl.org> Message-ID: At 4:07 PM +0200 5/17/06, nelson at crynwr.com wrote: >First they came for the terrorists, and I said nothing because I >wasn't a terrorist. Then they came for my phone calls, and I said >nothing because I had nothing to hide. Then they came for the >cryptographers, and I said nothing because I coulldn't even spel the >word. Now I can't hide anything. "When the hares made speeches in the assembly and demanded that all should have equality, the lions replied, "Where are your claws and teeth?" -- attributed to Antisthenes in Aristotle, 'Politics', 3.7.2 As someone around here once said, cypherpunks write code. Cheers, RAH who quit the cryptography list since this all began because all they talk about is legislation. It's like someone snuck in and re-keycapped the 'C' for 'c'. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "Every election is a sort of advance auction of stolen goods." -- H.L. Mencken From camera_lumina at hotmail.com Wed May 17 09:31:39 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 17 May 2006 12:31:39 -0400 Subject: QWEST Message-ID: Another thing to note from... http://blog.wired.com/images/nsadocs2_f.jpg Is that Qwest owns one of the pipes coming in to the AT&T "Secret Room". When the optical splitter was installed Qwest would have definitely noticed an OC-12 Protection Switching event, given that they were not informed prior to the event. Now the possibilities are these: 1. NSA went to Qwest in San Fransisco and informed them prior to the event (probable, I think). 2. AT&T went to Qwest and claimed to be testing the link and that they should manually switch their BLSR traffic over to protect (possible). 3. No one said anything to Qwest and Qwest thought they had a PS event.(Doubtful, but it would work for NSA). If 3 occurred then they would have certainly communicated with AT&T about the PS event: This is not trivial, even though the outage would have lasted between 10ms to 50ms, depending on which architecture that traffic dropped out of. In any event Qwest will have recorded the event and will still have that event listed somewhere. I'd certainly like to see how they viewed it and what the communications were. -TD From coderman at gmail.com Wed May 17 13:50:58 2006 From: coderman at gmail.com (coderman) Date: Wed, 17 May 2006 13:50:58 -0700 Subject: Judge denies AT&T request for closed hearing Message-ID: <4ef5fec60605171350s3c52bffauc6f4f77930e50c9a@mail.gmail.com> wow, perhaps the attempted DoJ dismissal is going to get rejected as well... http://news.zdnet.com/2100-1009_22-6073480.html """ A federal judge rejected a request from AT&T on Wednesday to kick the public out of a hearing in a lawsuit alleging the telecommunications company illegally cooperated with the National Security Agency. AT&T had asked U.S. District Judge Vaughn Walker to bar everyone but attorneys from the courtroom, arguing that trade secrets about the inner workings of its network could be divulged. "We have intellectual property rights in that information," said David Anderson, an attorney at Pillsbury Winthrop who is representing AT&T. "We submit that the hearing itself be held 'in camera,'" a legal term meaning in private. But Walker rejected the request, saying that carefully dealing with questions about trade secrets in an open courtroom "is not unprecedented." CNET Networks (publisher of CNET News.com), Wired News and the California First Amendment Coalition sent an attorney to the hearing on Wednesday to argue that the public should not be prevented from attending the proceedings. A letter written by Roger Myers at Holme, Roberts & Owen submitted early in the day said the hearing should remain open because "the surveillance at the heart of the case presents issues of enormous public interest and importance." The Electronic Frontier Foundation, a digital rights group in San Francisco, filed the class action lawsuit in January that claims AT&T illegally cooperated with the Bush administration's secret eavesdropping program. EFF has obtained documents from a former AT&T employee that it believes buttresses its case, but which the telecommunications company says contain trade secrets and proprietary business information. Both sides have been quarreling over what to do with the documents provided by former AT&T technician Mark Klein and filed under seal with the court, with EFF saying they should be made entirely public and AT&T arguing they should be returned because they contain confidential information. Walker on Wednesday effectively split the difference, saying that he would maintain the current state of affairs for now. He also ordered EFF's attorneys not to "disclose these documents to any party," and rejected AT&T's request that Klein be muzzled, saying the company could sue him directly if it chose. Based on the information that's been made public so far, the 100 pages or so of information in Klein's documents appear to describe a secret room established in AT&T's main switching centers through which a tremendous amount of Internet and voice traffic flows. Those secret rooms, according to Klein's attorney, give the NSA full access to the company's networks and can be found in switching centers in San Francisco, Los Angeles, Seattle and San Jose, Calif. """ From coderman at gmail.com Wed May 17 14:15:06 2006 From: coderman at gmail.com (coderman) Date: Wed, 17 May 2006 14:15:06 -0700 Subject: NS&AT&T In-Reply-To: References: Message-ID: <4ef5fec60605171415n728beb21qad966044b93bab08@mail.gmail.com> On 5/17/06, Tyler Durden wrote: > Well, I suspect they do a lot more before inspection, and use a statistical > model to trigger whether the actually grab and backhaul any piece of > traffic. i'd love to know how much manpower is assigned to defining and tuning these filters. this is a difficult process to be sure. > Clearly, this policy is going to be risk-model driven and will undergo > periodic changes (implying too that NSA has their own LAN by which they > download new policies remotely into the Narus boxes). the SunFire V880 is the Narus controller according to the docs and i bet the filter updates are pretty frequent. they might even use an IPsec VPN over the backhaul fiber via the cisco/juniper switches listed. > It would be "nice" too > if their models fill up their available backhauling bandwidth. indeed. and the StorEdge T3 could cache quite a bit during peak activity to fill up idle periods later at night. (oh crap, i hope we aren't giving them ideas! ;) > What this means (to your point) is that merely building better crypto is > only one axis to protect your privacy. yes. it keeps that layer 7 inspection guessing past layer 4. a large, reputable zero knowledge mix is what would be ideal, though the latency induced makes certain services impossible or unfriendly. i love to promote out of band distribution any chance i get, including sneaker net with DVD-R's and local wireless networks between peers. but you really need a zero knowledge configuration to be sure. > ... With good > enough crypto it's -possible- that you can thwart their attempts to actually > read your email, and that's good because it forces them to decide whether > they want to expend the big $$$ and risk exposure for a field operation. i have faith in well designed hardware entropy sources and AES-256 in hardware when frequently rekeyed. pubkey crypto makes me nervous (long term) but will always be useful. i have much less faith in the systems around these crypto primitives, be it operating systems or protocols down to physical security and side channels. i bet the black bag jobs are almost always 100% effective. > But the other axis is statistical (as you point out). It's far better to > never get caught in the NSA driftnets in the first place. This means stego, > this means P2P (hum...what if I had a P2P video of a document I wanted to > transmit...NSA wouldn't be able to read that document, right?) this means > (somehow) encouraging more crypto in more places so your traffic doesn't > stick out. 100,000,000 peers running a zero knowledge mix off their broadband connection. i don't think stego would be effective; if there was an unbreakable stego system the overhead would be significant. (there was a design a fellow at DC13 described using inodes on valid file systems for storage, but this doesn't give you much space compared to the physical storage capacity used overall) but lots of crypto everywhere would certainly help make the presence of encryption alone less interesting. (as has been rumored on this list and elsewhere that merely using encryption makes you interesting) From jay.drakepmv at gmail.com Wed May 17 01:24:52 2006 From: jay.drakepmv at gmail.com (Terry Mcintosh) Date: Wen, 17 May 2006 15:24:52 +0700 Subject: My Friend, You are in Trouble Message-ID: <200604172124.k3HLOu8i001733@proton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5287 bytes Desc: not available URL: From kyphros at gmail.com Wed May 17 15:33:20 2006 From: kyphros at gmail.com (Mike Owen) Date: Wed, 17 May 2006 15:33:20 -0700 Subject: NS&AT&T In-Reply-To: References: <4ef5fec60605171415n728beb21qad966044b93bab08@mail.gmail.com> Message-ID: <8f5ca2210605171533x508fb2f3y70d74ba130028c2@mail.gmail.com> On 5/17/06, Tyler Durden wrote: > The next obvious question could actually cause a knock on the door so I > won't ask it. > I doubt the NSA cares about this list anymore (assuming they ever did). Back to the topic at hand, I'm sure they do policy updates via whatever channel they are recieving data. It's very common to just have a single out of band reporting/management link. And I'd be surpised if these servers had any type of internal/external storage, such as the suggested Storedge. They most likely boot off the network, so if the servers are grabbed, there is only the contents of ram to worry about, and I'm sure there are rather explosive safeguards against that. A side benefit of having the filesystem living on an nfs server somewhere is that the above mentioned policy updates could be as simple as changing a single file on the storage server, and having all the sniffing servers immediately updated. I'm sure there are customized local policies for each region, but there would be a set of shared common policy. Mike From camera_lumina at hotmail.com Wed May 17 12:42:41 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 17 May 2006 15:42:41 -0400 Subject: NS&AT&T In-Reply-To: Message-ID: Well, I suspect they do a lot more before inspection, and use a statistical model to trigger whether the actually grab and backhaul any piece of traffic. "Obviously", Source and destination country will matter, then within the US source and destination IP address (eg, knock into low-risk bucket if both source and destination IP correspond to Citigroup, even if one IP is within Saudi)...application is obviously going to matter, presence of crypto (and possible "crypto depth") and all the way up to L7 including key words. Clearly, this policy is going to be risk-model driven and will undergo periodic changes (implying too that NSA has their own LAN by which they download new policies remotely into the Narus boxes). It would be "nice" too if their models fill up their available backhauling bandwidth. Now that just determines what traffic gets backhauled. It's a big vacuum cleaner that grabs as much as they can within requiring that they build a completely duplicate optical network. After that the traffic gets pulled into the Beltway (most likely) where further models probably determine whether the traffic gets stored, read by humans "now", or whatever. Note that by this time having a human actually bother to "read" an email or whatever is not necessarily important, even if it's encrypted. What this means (to your point) is that merely building better crypto is only one axis to protect your privacy. If your communication gets as far as the Beltway and human examiners (or possibly gets shot down to their subterranean cracking farm) then you're already "of interest". With good enough crypto it's -possible- that you can thwart their attempts to actually read your email, and that's good because it forces them to decide whether they want to expend the big $$$ and risk exposure for a field operation. But the other axis is statistical (as you point out). It's far better to never get caught in the NSA driftnets in the first place. This means stego, this means P2P (hum...what if I had a P2P video of a document I wanted to transmit...NSA wouldn't be able to read that document, right?) this means (somehow) encouraging more crypto in more places so your traffic doesn't stick out. -TD >From: "Chris Olesch" >To: cypherpunks at jfet.org, "Tyler Durden" >Subject: Re: NS&AT&T >Date: Wed, 17 May 2006 11:34:47 -0500 > >You know I really enjoyed George Orwells Popcorn. Maybe that was >Redenbockers' Popcorn while reading George Orwell...hehe... > >Here is my dumb question for the day, but can someone show me where my >logic >has run aloof? > >The NSA's claim is not to have listened to the content, just collected it. >"Assuming" their telling the truth on this, I thought they may be trying to >create a bell-curve type application that scans the messages for content >based on predetermined criteria (similar to content filters I assume). > >However, the flaw I see is similar to the idea behind changing speed limits >on residential streets. Public safety sets up the electronic signs to >monitor speed limits, and flashes if you travel above the posted limit. >Except the data can be ruined (for lack of a better word) if the drivers >sneak up on the sign and gun-it past it, repeatedly! > >How this applies to the NSA model: If normal citizens are polluting their >data by using more vulgar or "terror driven" speech. How will they know >legitimate traffic from crank-yankers? > >-chris >Y.A.C.Y. > >On 17/05/06, Tyler Durden wrote: >> >>I'd bet by the time this post reaches the list most Cypherpunks &c will >>have >>already seen the string of information posted on Wired and other places, >>about AT&T's network. This is a level of detail that I strongly suspect >>has >>NSA folks shitting bricks: >> >>http://www.wired.com/news/technology/0,70908-0.html?tw=wn_index_2 >> >> >>Here's an interesting quote: >> >> >One of the documents appears to describe AT&T's successful efforts to >>tap >> >into 16 fiber-optic >cables connecting the company's WorldNet internet >> >backbone to other internet service providers. >The document shows AT&T >> >technicians phasing in fiber-optic splitters throughout February 2003, >> > >cutting them in four at a time on a weekly schedule, ending with a >>link >> >to Mae West, an internet >exchange point for West Coast traffic. >> >>Now this is REALLY interesting: >> >>http://blog.wired.com/images/nsadocs2_f.jpg >> >>OK, this means the 16 fibers mentioned above are single wavelength. From >>this document we can also view what the actual bandwidths are: OC-12s and >>OC-48s, a couple of OC-3s and no OC-192s. Now I don't see any >>documentation >>stating that there isn't more than this going into the room. The "four >>splitters at a time" almost certainly implies that this traffic is coming >>off a 4-fiber BLSR (most likely too NSA worked with the other carriers to >>move the traffic to protect prior to installing the splitters).* >> >>Theoretically, they could actually just backhaul all of this traffic using >>pretty ordinary 16 wavelength WDM from any number of vendors. Getting that >>cross-country is difficult, but with ULH (Ultra Long Haul) this could be >>done with a relative minimum of repeater/amplifier sites. If they pre-sort >>the traffic before backhauling it they could then actually just buy a >>wavelength on AT&T's backbone, which has some nice features to it (I'd bet >>they also have their own encryption used for the entire wavelength pipe, >>though I could be wrong). >> >>The pinchpoint here just might actually be the deep packet inspection. >>Does >>anyone know what kind of bandwidth the narus boxes can support? >> >>What this will do is give us an idea of how much traffic they are actually >>taking back. From our discussions some months ago, I have assumed (and >>still >>believe) that they can't grab EVERYTHING and pull it back, because that >>would require too obvious and too huge a network. My other assumption is >>that the narus deep packet inspection is enforcing a prioritization prior >>to >>hockeying the most "juicy" traffic into their fiber or wavelegnths. >> >>*: They would have first told the owner/carrier of one of those OC-N pipes >>to force a switch to protection bandwidth while they installed the >>splitters, and then switch back once the splitters were installed. It >>LOOKS >>like they did this ring-by-ring, diverting traffic away from the "break" >>and >>then installing splitters on all four fibers terminating across the break. >> > > > >-- >-G > >"The knack of flying is learning how to throw yourself at the ground and >miss." >"He felt that his whole life was some kind of dream and he sometimes >wondered whose it was and whether they were enjoying it." >"He inched his way up the corridor as if he would rather be yarding his way >down it..." >"We demand rigidly defined areas of doubt and uncertainty!" >"I love deadlines. I like the whooshing sound they make as they fly by." > >Famous Quotes written by Douglas Adams, (British comic writer, 1952-2001) >http://hitchhikers.movies.go.com/ From camera_lumina at hotmail.com Wed May 17 12:49:57 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 17 May 2006 15:49:57 -0400 Subject: NS&AT&T In-Reply-To: <4ef5fec60605171120i4c1bd11dy2ee55f02b01aecc5@mail.gmail.com> Message-ID: >4 x OC3 = 622,080 kbp/s >8 x OC12 = 4,976,640 kbp/s >4 x OC48 = 9,953,280 kbp/s >== 15.552 Gbp/s (is half of this mostly idle protect?) Most likely no. From the context of the circuit order it seemed pretty clear that this was all active traffic. These were the fibers that were opticall tapped. Also, BLSRs (Bidirectional Line Switched Rings) support "extra traffic" that gets bumped during a protection switching event, so the protect bandwdith wouldn't even be idle (though the routers would probably throttle down when they sensed less bandwidth). Interestingly, though, from your chart above it looks like they probably have a router and an OC-192.The odds of all of these pipes being full of packets at the same time is probably very small, so maybe they can indeed grab everything. -TD From coderman at gmail.com Wed May 17 15:58:08 2006 From: coderman at gmail.com (coderman) Date: Wed, 17 May 2006 15:58:08 -0700 Subject: NS&AT&T In-Reply-To: <8f5ca2210605171533x508fb2f3y70d74ba130028c2@mail.gmail.com> References: <4ef5fec60605171415n728beb21qad966044b93bab08@mail.gmail.com> <8f5ca2210605171533x508fb2f3y70d74ba130028c2@mail.gmail.com> Message-ID: <4ef5fec60605171558l4265b0f2ka2584d985e6e3967@mail.gmail.com> On 5/17/06, Mike Owen wrote: > ... > I doubt the NSA cares about this list anymore (assuming they ever did). hmm, i recall amusing conversations about honey tokens and baiting TLA's. *grin* > Back to the topic at hand, I'm sure they do policy updates via > whatever channel they are recieving data. It's very common to just > have a single out of band reporting/management link. true, this is probably how it is done. would IPsec or some NSA built auth & privacy at layer 2 be more likely? > And I'd be surpised if these servers had any type of internal/external > storage, such as the suggested Storedge. They most likely boot off the > network, so if the servers are grabbed, there is only the contents of > ram to worry about, and I'm sure there are rather explosive safeguards > against that. consider this vicious rumor but a little birdie informed me that physical security at these locations is well covered. strategically placed cages, reinforced and locked, armed guards. all this on top of the usually very tight security at these facilities. (though it sounded like the guards were a recent introduction. someone getting nervous about legitimate employees poking around?) so in this case i think there is probably useful data on the disks (the filters and controlling software for the narus / other equipment), caching might be implemented (the T3's on fibre channel have some nice throughput, although this configuration is years old at this point), and i very much doubt any destructive countermeasures. > A side benefit of having the filesystem living on an > nfs server somewhere is that the above mentioned policy updates could > be as simple as changing a single file on the storage server, and > having all the sniffing servers immediately updated. network file systems introduce reliability concerns. intermittent link outages would mean a bit of caching in the local case, but might cause monitoring / capture failure in a network file system scenario. maybe we'll find out in the near future. :) From eugen at leitl.org Wed May 17 07:07:08 2006 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 17 May 2006 16:07:08 +0200 Subject: [nelson@crynwr.com: Re: NSA knows who you've called.] Message-ID: <20060517140708.GT26713@leitl.org> ----- Forwarded message from Russ Nelson ----- From bscs at icqmail.com Wed May 17 15:08:35 2006 From: bscs at icqmail.com (Michelle Vang) Date: Wed, 17 May 2006 16:08:35 -0600 Subject: Mortagge ratee approvedd Message-ID: <109v448m.6298299@hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1193 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: garrulous.jpg Type: image/jpg Size: 5762 bytes Desc: not available URL: From hanson.gylesdsf at gmail.com Wed May 17 03:49:02 2006 From: hanson.gylesdsf at gmail.com (Meredith Clifford) Date: Wen, 17 May 2006 17:49:02 +0700 Subject: Check out for HOT NEWS!!! Message-ID: <200605172349.k4HNnOwR002876@proton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2894 bytes Desc: not available URL: From camera_lumina at hotmail.com Wed May 17 15:06:21 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 17 May 2006 18:06:21 -0400 Subject: NS&AT&T In-Reply-To: <4ef5fec60605171415n728beb21qad966044b93bab08@mail.gmail.com> Message-ID: Oh yeah.... >i'd love to know how much manpower is assigned to defining and tuning >these filters. this is a difficult process to be sure. They'll have a team of SAS and demographics experts somewhere. Given the financial services industry, this could be anywhere from half a dozen to several dozen people. >the SunFire V880 is the Narus controller according to the docs and i >bet the filter updates are pretty frequent. they might even use an >IPsec VPN over the backhaul fiber via the cisco/juniper switches >listed. Yes...it's VERY interesting to consider how they are transmitting those policy updates. Clearly they have a LAN. Does it use dedicated bandwdith? (eg, it's own GbE, for instance) are they in-band with other traffic? (ie, a tunneled VPN inside a big GbE?) or are they leveraging some of the unused SONET DCC-ish overhead bytes? The next obvious question could actually cause a knock on the door so I won't ask it. From jordan at affiliateshop.com Wed May 17 21:41:11 2006 From: jordan at affiliateshop.com (Antonia Mead) Date: Wed, 17 May 2006 20:41:11 -0800 Subject: look new Message-ID: <621511062878632.2885578@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1004 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: brisbane.5.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From camera_lumina at hotmail.com Wed May 17 18:21:22 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 17 May 2006 21:21:22 -0400 Subject: NS&AT&T In-Reply-To: <8f5ca2210605171533x508fb2f3y70d74ba130028c2@mail.gmail.com> Message-ID: >From: "Mike Owen" >To: cypherpunks at jfet.org >Subject: Re: NS&AT&T >Date: Wed, 17 May 2006 15:33:20 -0700 > >On 5/17/06, Tyler Durden wrote: >>The next obvious question could actually cause a knock on the door so I >>won't ask it. >> > >I doubt the NSA cares about this list anymore (assuming they ever did). Well, just think about the $$$ that have flowed into NSA and the War on TERROR! and how few actual terrorists there are. You can be damned sure someone's monitoring this list, most probably as their full time job. Fuck, they probably post occasionally just out of boredom. True? -TD From camera_lumina at hotmail.com Wed May 17 18:30:41 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 17 May 2006 21:30:41 -0400 Subject: NS&AT&T In-Reply-To: <4ef5fec60605171558l4265b0f2ka2584d985e6e3967@mail.gmail.com> Message-ID: >>Back to the topic at hand, I'm sure they do policy updates via >>whatever channel they are recieving data. It's very common to just >>have a single out of band reporting/management link. > >true, this is probably how it is done. >would IPsec or some NSA built auth & privacy at layer 2 be more likely? Well, how out of band? Do you mean the management VPN (or whatever) doesn't travel with the actual grabbed traffic? (Frankly, this would be my first candidate.) Of course, they could do it via SONET overhead bytes, thus avoiding the flakiness and vunerability that routers and switches still seem to have. One wonders too if they do anything with SS7. Of course, they could have a dedicated fiber for their management LAN, but due to latency issues &c I would suspect that can't be a LAN all the way across the country...they've got to Long-Haul the management traffic somehow, which implies packing it into a 100BaseT or whatever and then shipping that out either packed in SONET or with other circuit-switched traffic. Or of course, they might just have their management on something like STS-3C POS, and the rest of their OC-48/192 carries real traffic. Anyone know what telecom vendor NSA uses? -TD -TD From coderman at gmail.com Wed May 17 21:35:10 2006 From: coderman at gmail.com (coderman) Date: Wed, 17 May 2006 21:35:10 -0700 Subject: NS&AT&T In-Reply-To: References: <4ef5fec60605171558l4265b0f2ka2584d985e6e3967@mail.gmail.com> Message-ID: <4ef5fec60605172135h2e7c127bqdc9bbd1b4de1b786@mail.gmail.com> On 5/17/06, Tyler Durden wrote: > ... > Well, how out of band? Do you mean the management VPN (or whatever) doesn't > travel with the actual grabbed traffic? (Frankly, this would be my first > candidate.) i was thinking three scenarios: 1. backhaul is a dedicated link (SONET?*) with encryption at this layer and control/management out of band. 2. backhaul and control/mgmt on the dedicated link (SONET?*) with encryption at this layer, no IPsec. 3. backhaul and control/mgmt on the dedicated link using IPsec for both. (least likely perhaps) the nature of SONET would make encryption at this layer tricky i think (L2/L3?) although the NSA is fond of authentication and privacy at the link layer. if a desire to leverage commercial solutions (narus, cisco, juniper, etc) won out would a strongly keyed IPsec be sufficient? no ISAKMP/IKE here, heh. > Of course, they could do it via SONET overhead bytes, thus > avoiding the flakiness and vunerability that routers and switches still seem > to have. covert channels for backhaul? nah, that would still be too visible. especially if/when a customer puts link testing equipment on the line and sees something funny. SONET doesn't give you a lot of play room. > One wonders too if they do anything with SS7. not for this. capturing SS7 would be useful and is surely performed though... > Of course, they could have a dedicated fiber for their management LAN, but > due to latency issues &c I would suspect that can't be a LAN all the way > across the country... why not? most of these SONET/[D]WDM links are long haul anyway. it's not a single repeated fiber, but hops along backbone peering points like everything else. also casts an interesting light on the new super NSA warehouse planned for Denver, CO doesn't it. nice place to position tap aggregation... > Anyone know what telecom vendor NSA uses? AT&T, Verizon and Sprint for sure. probably lease fiber (through some obfuscated shell company / other agency configuration?) from all of them to some degree, including the transoceanic cable oligopolies. one way to find out: - perform your own non-interruptive tap on the fibers exiting $telco via infiltration of outside plant conduit. (so easy, lol) - using test equipment see what SONET link(s) are full of blackened traffic. you could use AS no's or BGP/SS7 characteristics to identify legitimate circuits and highlight the blackened ones via elimination. - ask Sean Gorman or GeoTEL MetroFiber which provider sold out that particular circuit/fiber/route. something tells me this is beyond the means of your average hacker. FOIA requests it is then... *grin* for the record: i'm not advocating illegal intrusions; this is a mental exercise. :) [ i'm not too paranoid about visits from MIB's but mapping critical information infrastructure is definitely one way to attract attention. maybe i'll talk more about that later... ] From coderman at gmail.com Wed May 17 21:39:07 2006 From: coderman at gmail.com (coderman) Date: Wed, 17 May 2006 21:39:07 -0700 Subject: NS&AT&T In-Reply-To: References: <8f5ca2210605171533x508fb2f3y70d74ba130028c2@mail.gmail.com> Message-ID: <4ef5fec60605172139j678d73y8b2b19bcc4df9661@mail.gmail.com> On 5/17/06, Tyler Durden wrote: > ... > Well, just think about the $$$ that have flowed into NSA and the War on > TERROR! and how few actual terrorists there are. You can be damned sure > someone's monitoring this list, most probably as their full time job. they subscribe via narus feed of course :) From coderman at gmail.com Wed May 17 21:41:09 2006 From: coderman at gmail.com (coderman) Date: Wed, 17 May 2006 21:41:09 -0700 Subject: Fwd: [Clips] Re: [CYBERIA] Pres. Orders and Securities Act liability (strongly verging OT) In-Reply-To: References: Message-ID: <4ef5fec60605172141s1ba96c38mf0cfffb215014a70@mail.gmail.com> thanks RAH, you save me much resource discovery time. exposed shareholders indeed. ---------- Forwarded message ---------- From: R.A. Hettinga Date: May 17, 2006 6:36 PM Subject: [Clips] Re: [CYBERIA] Pres. Orders and Securities Act liability (strongly verging OT) To: Philodox Clips List --- begin forwarded text Delivered-To: rah at shipwright.com Thread-Topic: Pres. Orders and Securities Act liability (strongly verging OT) Thread-Index: AcZ6A/JBF/buiOcZTWGMnGJvY6GkYQAFYwFF Priority: normal Date: Wed, 17 May 2006 21:22:13 -0400 Reply-To: Law & Policy of Computer Communications Sender: Law & Policy of Computer Communications From: Chris Savage Subject: Re: [CYBERIA] Pres. Orders and Securities Act liability (strongly verging OT) To: CYBERIA-L at LISTSERV.AOL.COM ________________________________ From: Law & Policy of Computer Communications on behalf of Ethan Ackerman Sent: Wed 5/17/2006 6:29 PM To: CYBERIA-L at LISTSERV.AOL.COM Subject: Re: Pres. Orders and Securities Act liability (strongly verging OT) >>>>Second, I'm thinking that there's a problem here regarding consistency. If I have a material expenditure or liability (or, I suppose, revenue or income or investment) that may appropriately be kept secret under Section 78m(b)(3), then doesn't it follow logically that I will also exclude it from the financials I file with my 10Ks and 8Ks, etc.? Otherwise there will be a material mismatch between two publicly filed financial statements by the same company for the same period.<<<< >>-The exemption covers those documents too. Section 78m(b)(3) excuses non-compliance only with Section 78m(b)(2) - BUT that is itself the statutory authority for MOST of the SEC-required filings - including 10-Ks, 10-Qs, annual reports, Sarbanes-Oxley certification requirements, etc. -- I should have made that more clear. Most all of the '34 Act (which covers publicly traded companies) rules are from 17 CFR Part 240 - and 78m(b)2 is the authority for most of those rules.<< So: Bottom line: If AT&T (or Verizon) got paid $1 billion from the spooks to do something, but got the right directive, they could simply not disclose that revenue on any SEC filing. Or, if they did something that exposed them to liability -- like violating relevant customer privacy requirements, and their normal obligation would be to disclose the liability and make a reserve for it, they just don't have to. If that's right, at the moment it seems to me that the shareholders of those companies are awfully exposed, aren't they....? Chris S. ************************************************************************ This electronic mail transmission may contain confidential or privileged information. If you believe that you have received the message in error, please notify the sender by reply transmission and delete the message without copying or disclosing it. ************************************************************************ ********************************************************************** For Listserv Instructions, see http://www.lawlists.net/cyberia Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot Need more help? Send mail to: Cyberia-L-Request at listserv.aol.com ********************************************************************** --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips From coderman at gmail.com Wed May 17 21:47:01 2006 From: coderman at gmail.com (coderman) Date: Wed, 17 May 2006 21:47:01 -0700 Subject: Legal loophole emerges in NSA spy program Message-ID: <4ef5fec60605172147q235c1ebcg5637c0a42ed17dfb@mail.gmail.com> this administration is particularly skilled at legal exploit. pehaps all that practice bending tax law over a barrel was merely warm up. ;) remember that Ashcroft was indeed signing approvals (in fact, they pestered him at the hospital while he was still recovering from surgery) and the deputy attorney general was also involved (i don't remember if he provided authorization when Ashcroft was incapacitated/reluctant or not...) http://news.com.com/Legal+loophole+emerges+in+NSA+spy+program/2100-1028_3-6073600.html ---begin-cut--- By Declan McCullagh Story last modified Wed May 17 20:08:38 PDT 2006 SAN FRANCISCO--An AT&T attorney indicated in federal court on Wednesday that the Bush administration may have provided legal authorization for the telecommunications company to open its network to the National Security Agency. Federal law may "authorize and in some cases require telecommunications companies to furnish information" to the executive branch, said Bradford Berenson, who was associate White House counsel when President Bush authorized the NSA surveillance program in late 2001 and is now a partner at the Sidley Austin law firm in Washington, D.C. Bradford Berenson Bradford Berenson Far from being complicit in an illegal spying scheme, Berenson said, "AT&T is essentially an innocent bystander." AT&T may be referring to an obscure section of federal law, 18 U.S.C. 2511, which permits a telecommunications company to provide "information" and "facilities" to the federal government as long as the attorney general authorizes it. The authorization must come in the form of "certification in writing by...the Attorney General of the United States that no warrant or court order is required by law." Information that is not yet public "would be exculpatory and would show AT&T's conduct in the best possible light," Berenson said. But he did not acknowledge any details about the company's alleged participation in the NSA's surveillance program, which has ignited an ongoing debate on Capitol Hill and led to this class-action lawsuit being filed in January by the Electronic Frontier Foundation. Some legal experts say that AT&T may be off the hook if former Attorney General John Ashcroft, who was in office at the time the NSA program began, provided a letter of certification. (Other officials, including the deputy attorney general and state attorneys general, also are authorized to write these letters.) "If the certification exists, AT&T is in pretty good shape," said Marc Rotenberg, executive director of the Electronic Privacy Information Center and co-author of a book on information privacy law. EFF's lawsuit alleges that the telecommunications company let the NSA engage in wholesale monitoring of Americans' communications in violation of privacy laws. Confidential documents that EFF unearthed during the course of the suit--kept under seal and still not public--allege that AT&T gave the government full access to its networks in a way that let millions of e-mail messages, Web browsing sessions and phone calls be intercepted. AT&T's ace in the hole? If a letter of certification exists, AT&T could have an ace in the hole. A second section of federal law says that a "good faith" reliance on a letter of certification "is a complete defense to any civil or criminal" lawsuit. During the hearing Wednesday before U.S. District Judge Vaughn Walker, Deputy Assistant Attorney General Carl Nichols also hinted that such a letter exists. Nichols said that there are undisclosed "facts that AT&T might want to present in its defense." """ AT&T's legal defense? An obscure section of federal law says that AT&T may have legally participated in the NSA surveillance program -- if, that is, it received a "certification" from the attorney general. That section says: "Notwithstanding any other law, providers of wire or electronic communication service... are authorized to provide information, facilities, or technical assistance to persons authorized by law to intercept wire, oral, or electronic communications... if such provider... has been provided with... a certification in writing by... the Attorney General of the United States that no warrant or court order is required by law, that all statutory requirements have been met, and that the specified assistance is required, setting forth the period of time during which the provision... is authorized... No provider of wire or electronic communication... shall disclose the existence of any interception or surveillance or the device used to accomplish the interception or surveillance..." """ But, Nichols added, those facts relate to classified information that are "state secrets" and would jeopardize national security if they were disclosed. A hearing on the Bush administration's request to dismiss the case on national security grounds has been scheduled for June 23. For its part, AT&T has remained silent about the extent of its alleged participation in the NSA surveillance scheme, which initially was thought to apply only to international calls but now may encompass records of domestic phone calls and more. Verizon and BellSouth, for instance, took steps to distance themselves from a USA Today report that said their call databases were opened to the NSA. But AT&T wouldn't comment. Marc Bien, a spokesman for AT&T, told CNET News.com on Wednesday: "Without commenting on or confirming the existence of the program, we can say that when the government asks for our help in protecting national security, and the request is within the law, we will provide that assistance." The next tussle in this lawsuit is likely to center on how far the "state secrets" concept can extend. Is AT&T able to divulge the text of any certification letter, without saying exactly what information it turned over as a result? Must the mere existence of a certification letter remain secret? Injecting additional complexity is 18 U.S.C. 2511's prohibition on disclosure. It says that telecommunication companies may not "disclose the existence of any interception or surveillance or the device used to accomplish the interception or surveillance"--except if required by law. Unlawful disclosures are subject to fines. EFF claims that the existence of a letter of certification should not be classified. Cindy Cohn, an EFF attorney, told the judge on Wednesday that it is "not a state secret because the statute has a whole process" governing it. "If you have a certification, let's see it," EFF attorney Lee Tien said in an interview after the hearing. For his part, Berenson, the former attorney for President Bush who's now representing AT&T, complained about allegations that his client is violating the law. It's unfortunate that EFF "chose to use words like 'criminal tendency' and 'crimes,'" Berenson said. AT&T "is one of the great companies of the United States. To attach those kinds of labels is reckless at best." Berenson's biography says he worked for Bush on the "war on terrorism" and the USA Patriot Act. Since leaving the White House, Berenson has written letters to Congress (click here for PDF) calling for renewal of the Patriot Act and has co-founded a group called Citizens for the Common Defence that advocates a "robust" view of presidential authority. It filed, for instance, an amicus brief (click here for PDF) before the Supreme Court in the Hamdi case arguing that a U.S. citizen could be detained indefinitely without trial because of the war on terror. ---end-cut--- From CatherineMercadolbwf at nextweb.net Wed May 17 22:53:35 2006 From: CatherineMercadolbwf at nextweb.net (Carol Carlisle) Date: Wed, 17 May 2006 21:53:35 -0800 Subject: dare counterproductive produce Message-ID: <746v742w.4031323@hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 616 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: vocate.jpg Type: image/jpg Size: 16563 bytes Desc: not available URL: From jya at pipeline.com Wed May 17 22:03:12 2006 From: jya at pipeline.com (John Young) Date: Wed, 17 May 2006 22:03:12 -0700 Subject: NS&AT&T In-Reply-To: References: <8f5ca2210605171533x508fb2f3y70d74ba130028c2@mail.gmail.com> Message-ID: There were once cpunk subscribers from NSA's National Computer Security Center (ncsc.mil; 144.51.x.x) in the 90s and a slew of .mils, .govs and others interested in crypto before it became a porkbelly commodity. Learning from cpunks, a daily bot from ncsc came to JYA.com (predecessor of Cryptome) when it set up in 1996, and took anything new: http://jya.com/nsa-bot.htm There are still occasional visits from several ncsc machines but not a daily bot, at least not by that couture label. Here's a list of 2,821 machine addresses at ncsc in 2001: http://cryptome.org/nsa-2821.htm Never a hit from nsa.gov, which appears to be only public tool like fbi.gov not used for lazy gandering and fucking off. NSANET and www.nsa (no extension) are hard to crack but once gave good comsec, maybe still do: https://www.advancement.cnet.navy.mil/courses/StudentFunctions/enrollment/Se cSources.asp From bill.stewart at pobox.com Wed May 17 22:54:55 2006 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 17 May 2006 22:54:55 -0700 Subject: NS&AT&T In-Reply-To: References: <8f5ca2210605171533x508fb2f3y70d74ba130028c2@mail.gmail.com> Message-ID: <6.2.1.2.0.20060517225326.0365e5f0@pop.idiom.com> At 06:21 PM 5/17/2006, Tyler Durden wrote: >Well, just think about the $$$ that have flowed into NSA and the War on >TERROR! and how few actual terrorists there are. You can be damned sure >someone's monitoring this list, most probably as their full time job. >Fuck, they probably post occasionally just out of boredom. True? Nah, they stopped monitoring us years ago, when Tim May had been gone long enough that we stopped talking about him :-) From tkigjciimpgz at americaisp.net Thu May 18 02:10:10 2006 From: tkigjciimpgz at americaisp.net (Mr Arana) Date: Thu, 18 May 2006 01:10:10 -0800 Subject: visit us for your medical needs Message-ID: <466o687j.4930492@sedona.net> the henbane , gamble and extent , adorn see twaddle -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 848 bytes Desc: not available URL: From vela at fashionfabricsclub.com Thu May 18 00:48:46 2006 From: vela at fashionfabricsclub.com (Mamie Flynn) Date: Thu, 18 May 2006 01:48:46 -0600 Subject: Your account #7294245315 Message-ID: <2.1.6.0.0.76246400020738.489a8372@69.60.117.34> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1234 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: rondo.jpg Type: image/jpg Size: 7236 bytes Desc: not available URL: From JStanley at dcaclu.org Thu May 18 05:24:36 2006 From: JStanley at dcaclu.org (Stanley, Jay) Date: May 18, 2006 5:24:36 PM EDT Subject: DC speaking event: Bruce Schneier on "The Future of Privacy" Message-ID: Dave, Washington, DC-area IPers may be interested in attending this talk we're sponsoring by Bruce Schneier on "the Future of Privacy" on Tuesday. Our invite is below. Best, Jay ~~~~~~~~~~~ Jay Stanley Public Education Director, Technology and Liberty Project ACLU Bruce Schneier to speak on "The Future of Privacy" Tuesday You are cordially invited to an exciting opportunity to hear the renowned security expert, technologist, cryptographer, author and thinker Bruce Schneier discuss "The Future of Privacy," sponsored by the ACLU. The recent NSA spying scandal is just the latest sign of our times - how rapidly evolving technology is opening up new possibilities for surveillance, and how governments and companies are rushing to exploit them. With his unique background, Bruce Schneier is positioned to offer a fascinating and insightful perspective on the future of privacy in America at a time of churning technological change. This talk and discussion also kicks off of an exciting new ACLU speaking series, The Forum on Technology & the Future, which will feature experts discussing and debating cutting-edge technologies and their implications for the future of civil liberties. Events will be held on a roughly bi-monthly basis in Washington DC (a schedule is available on the ACLU website at www.aclu.org/future). Looking forward to seeing you there, Barry Steinhardt ---------------------------------------------------------- Bruce Schneier, "The Future of Privacy" Sponsored by the ACLU's Forum on Technology and the Future Tuesday, May 23 9:30 AM Coffee and muffins served starting at 9:00 915 15th St. NW, Washington DC, 6th Floor It is requested but not required that you RSVP to futurefreedom at aclu.org Bruce Schneier is an internationally renowned security technologist, referred to by The Economist as a "security guru." He is the author of eight books - including the best sellers "Beyond Fear: Thinking Sensibly about Security in an Uncertain World," "Secrets and Lies," and "Applied Cryptography" - and hundreds of academic articles and papers. His influential newsletter, Crypto-Gram, is read by over 120,000 people. Schneier is regularly quoted in the press, and his essays have appeared in national and international publications. He is the CTO and founder of Counterpane Internet Security, Inc., and the author of the popular Blowfish and Twofish encryption algorithms. He is also a frequent guest on television and radio, has testified before Congress, and is a frequent writer and lecturer on issues surrounding security and privacy. ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From h_bray at globe.com Thu May 18 06:35:53 2006 From: h_bray at globe.com (h_bray at globe.com) Date: May 18, 2006 6:35:53 PM EDT Subject: NSA killed system that sifted phone data legally Message-ID: http://www.baltimoresun.com/news/nationworld/bal- nsa517,0,5970724.story?page=1&coll=bal-home-headlines Excerpt: The National Security Agency developed a pilot program in the late 1990s that would have enabled it to gather and analyze massive amounts of communications data without running afoul of privacy laws. But after the Sept. 11 attacks, it shelved the project -- not because it failed to work -- but because of bureaucratic infighting and a sudden White House expansion of the agency's surveillance powers, according to several intelligence officials. The agency opted instead to adopt only one component of the program, which produced a far less capable and rigorous program. It remains the backbone of the NSA's warrantless surveillance efforts, tracking domestic and overseas communications from a vast databank of information, and monitoring selected calls.... In what intelligence experts describe as rigorous testing of ThinThread in 1998, the project succeeded at each task with high marks. For example, its ability to sort through massive amounts of data to find threat-related communications far surpassed the existing system, sources said. It also was able to rapidly separate and encrypt U.S.-related communications to ensure privacy. But the NSA, then headed by Air Force Gen. Michael V. Hayden, opted against both of those tools, as well as the feature that monitored potential abuse of the records. Only the data analysis facet of the program survived and became the basis for the warrantless surveillance program. The decision, which one official attributed to "turf protection and empire building," has undermined the agency's ability to zero in on potential threats, sources say. In the wake of revelations about the agency's wide gathering of U.S. phone records, they add, ThinThread could have provided a simple solution to privacy concerns. Hiawatha Bray ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rvh40 at insightbb.com Thu May 18 06:46:15 2006 From: rvh40 at insightbb.com (Randall) Date: May 18, 2006 6:46:15 AM PDT Subject: No subject Message-ID: , JMG Subject: No one on the planet will choose this voluntarily. Friday, May 19, 2006 at 12:00 AM EDT Blu-ray makes unexpected, three-way DRM choice for high-def DVD Scott M. Fulton, III August 10, 2005 17:18 Hollywood (CA) - In an announcement last night, the Blu-ray Disc Association, led by Sony, representing one of two competing high-definition DVD formats, stated it will simultaneously embrace digital watermarking, programmable cryptography, and a self-destruct code for Blu-ray disc players. The BDA statement is unprecedented not only because its solution to the nagging problem of digital rights management is to embrace every option on the table, but also because Blu-ray appears to have developed its own approach - in some cases, proprietary - to each of these three technologies. Knowledge of this impending fact may have been what tipped movie studio 20th Century-Fox last week to throw its support behind Blu-ray, in a move that experts believe balanced the scales in Blu-ray's ongoing battle with competing format HD DVD - backed by a forum led by Toshiba - to become the next high-def industry standard. The digital watermarking technique, which will be called ROM Mark, is described in the statement as "a unique and undetectable identifier in pre-recorded BD-ROM media such as movies, music and games." "BD-ROM" is the proposed writable version of the Blu-ray format. Little else is known about ROM Mark at this time, except that the statement describes it as being undetectable to consumers. This is noteworthy in itself, since a previously heralded watermark applied to first-generation DVDs was notoriously defeated by someone writing over it with a permanent marker. One part of the announcement that had been anticipated by experts was Blu-ray's embrace of Advanced Access Content System (AACS), one version of which has also been adopted by the HD DVD Forum. This controversial technology would require that disc players maintain permanent connections to content providers via the Internet, making it possible for discs that fail a security check to trigger a notification process, enabling the provider to send the player a sort of "self-destruct code." This code would come in the form of a flash ROM "update" that would actually render the player useless, perhaps unless and until it is taken to a repair shop for reprogramming. The Blu-ray statement noted that certain elements of AACS have yet to be formally approved by the BDA. The third part of the announcement that is perhaps most surprising, is Blu-ray's adoption of a third DRM technique that appears to embrace some of the ideals of one of the technologies that had been considered, without actually licensing its methodology or its existing tools. The BDA statement introduces what it calls "BD+," described as "a Blu-ray Disc specific programmable renewability enhancement that gives content providers an additional means to respond to organized attacks on the security system by allowing dynamic updates of compromised code." BD+ appears to be Blu-ray's version of a concept previously under consideration called SPDC, which enabled the method for encrypting a disc's contents to be included on the disc, rather than on the EPROMs of the disc player. One of the perceived failures of first-generation DVD was that its encryption mechanism of choice, called Content Scramble System (CSS), was spectacularly defeated, with the result being that the industry was forced to permanently and irreversibly support a now-worthless encryption scheme. With SPDC, new encryption algorithms could be adopted as old ones are cracked, enabling successive generations of high-def DVD to be stronger than earlier ones. Two months ago, the HD DVD Forum considered a coupling of AACS with SPDC. But a scientifically accurate though politically imbalanced white paper released by the creators of SPDC technology, Cryptography Research, Inc. (CRI), soundly rebuked alternative DRM technologies, and thus may have unintentionally played a role in SPDC's falling out of favor with the original supporters of CSS, some of whom were HD DVD Forum members. The Forum rejected "AACS+SPDC" for undisclosed reasons, leading many to speculate that Blu ray would respond by embracing SPDC. However, as SPDC was originally discussed, there would only have been one encryption standard in use throughout the industry at any one time. According to yesterday evening's BDA statement, BD+ would follow SPDC's core principle, but instead allow each content provider to utilize whatever encryption standard it sees fit at the time. "With these enhancements," the statement reads, "content providers have a number of methods to choose from to combat hacks on Blu-ray players. Moreover, BD+ affects only players that have been attacked, as opposed to those that are vulnerable but haven't been attacked and therefore continue to operate properly." This last sentence is important, because one key objection that experts raised to the pairing of AACS with SPDC was the possibility that, once the single SPDC encryption scheme was broken, AACS could trigger a signal to all players using that encryption scheme, rendering all discs that use this scheme unplayable, perhaps prior to a system upgrade. The BDA statement appears to distance itself from the CRI approach to SPDC, perhaps to calm consumer fears that entire libraries of perfectly legitimate content could be rendered useless due to someone else's illicit activities. The CRI white paper, incidentally, distinguished SPDC by contrasting it with other DRM techniques such as watermarking. "Although some progress is being made at improving robustness and efficiency," the white paper states, "we are not optimistic that a practical and secure public watermarking scheme is possible." Such comparisons may have worked against SPDC's eventual adoption by Blu-ray in method as well as in principle. On behalf of the HD DVD Forum this morning, Toshiba's advisor to the Forum, Mark Knox, released a brief statement: "Today's announcement by the BD Group should not confuse anyone," states Knox. "HD DVD's content protection system provides the highest level of advanced copy protection to meet content owner's needs and the rigors of consumer demand." Knox goes on to say that AACS - which now singularly forms the crux of HD DVD's DRM - is the most advanced such scheme yet devised, and that HD DVD's own membership continues to back that approach. "We will continue to promote further penetration of the format," Knox added, "while simultaneously seeking ways to eventually realize a single format that delivers optimized benefits to all concerned industries and, most important, to consumers." Tom's Hardware Guide will present an in-depth analysis of the Blu-ray/HD DVD format combat Thursday morning in its Business Reports section. There, we'll speak with industry experts, including one prominent media pioneer, in examining how the participants in this struggle may actually have always been planning for its eventual resolution, and what form the fruits of that resolution may take. Weblog at: ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From dewayne at warpspeed.com Thu May 18 07:37:09 2006 From: dewayne at warpspeed.com (Dewayne Hendricks) Date: Thu, 18 May 2006 07:37:09 -0700 Subject: [Dewayne-Net] No one on the planet will choose this voluntarily Message-ID: [Note: This item comes from reader Randall. DLH] From simsong at acm.org Thu May 18 08:16:23 2006 From: simsong at acm.org (Simson Garfinkel) Date: May 18, 2006 8:16:23 AM EDT Subject: Workshop on Data Surveillance at Harvard on June 3rd Message-ID: Dave, Please share this with your Interesting-People list. And come if you can! We're especially interested in having outsiders... From dave at farber.net Thu May 18 05:30:54 2006 From: dave at farber.net (David Farber) Date: Thu, 18 May 2006 08:30:54 -0400 Subject: [IP] Workshop on Data Surveillance at Harvard on June 3rd Message-ID: Begin forwarded message: From eugen at leitl.org Thu May 18 00:02:29 2006 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 18 May 2006 09:02:29 +0200 Subject: NS&AT&T In-Reply-To: References: <4ef5fec60605171415n728beb21qad966044b93bab08@mail.gmail.com> Message-ID: <20060518070229.GR26713@leitl.org> On Wed, May 17, 2006 at 06:06:21PM -0400, Tyler Durden wrote: > The next obvious question could actually cause a knock on the door so I > won't ask it. Why would you fear it? It would be a badge of honor. But no fear, they won't -- it would be giving away capabilities. Many have claimed LEOs were reading the list in the past, but I presume by a direct subscription. I don't think human eyes see much of this traffic, but no doubt all of it goes into storage. As all low-volume traffic (I don't think anybody bothers with video, and maybe audio). How would you trace back large scale purchases of hard drives and computer clusters to a TLA? They have to use contractors for that. -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Thu May 18 06:39:22 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 18 May 2006 09:39:22 -0400 Subject: NS&AT&T In-Reply-To: <6.2.1.2.0.20060517225326.0365e5f0@pop.idiom.com> References: <8f5ca2210605171533x508fb2f3y70d74ba130028c2@mail.gmail.com> <6.2.1.2.0.20060517225326.0365e5f0@pop.idiom.com> Message-ID: At 10:54 PM -0700 5/17/06, Bill Stewart wrote: >Nah, they stopped monitoring us years ago, >when Tim May had been gone long enough that we stopped talking about him :-) "When I was your age we didn't have Tim May! We had to be paranoid on our own! And we were grateful!" --Alan Olsen -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "...our claim to be left in the unmolested enjoyment of vast and splendid possessions, mainly acquired by violence, largely maintained by force, often seems less reasonable to others than to us." -- Winston Churchill, January 1914 From GMEAJUJS at msn.com Thu May 18 11:08:58 2006 From: GMEAJUJS at msn.com (Eloy French) Date: Thu, 18 May 2006 10:08:58 -0800 Subject: mchugh residual burgundy chrysolite babyhood avocation doodle circumvention thorium goddard agnostic dehydrate complainant areawide Message-ID: <749587837.9810659225572.JavaMail.ebayapp@sj-besreco048> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1003 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: denounce.8.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From camera_lumina at hotmail.com Thu May 18 07:09:46 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 18 May 2006 10:09:46 -0400 Subject: NS&AT&T In-Reply-To: <4ef5fec60605172135h2e7c127bqdc9bbd1b4de1b786@mail.gmail.com> Message-ID: Coderman wrote... >>Of course, they could do it via SONET overhead bytes, thus >>avoiding the flakiness and vunerability that routers and switches still >>seem >>to have. > >covert channels for backhaul? nah, that would still be too visible. >especially if/when a customer puts link testing equipment on the line >and sees something funny. SONET doesn't give you a lot of play room. There are plenty of unused bytes in the SONET overhead, particularly at OC-48 and OC-192 (in fact, most of the line and section overhead is empty because the overhead bytes are only defined for the first STS-1! Not a lot of people know that). The problem, however, is that Line and Section layer overhead will be terminated pretty much every time they pass through a SONET box. There's the possibility of using the POH for control and management traffic, because that -should- stay with the payload. In terms of visibility they could of course encrypt those packets, possibly even using off-the-shelf VPN of they run a short stack management channel (though 7-layer/OSI is not impossible, given the old fondness for it in standards groups for so long). On the other hand they could possibly just go in-band and send the management info with their backhauled traffic, but I'm still a little doubtful about that. -TD From Aaron_Colbert at gcronline.com Wed May 17 22:17:32 2006 From: Aaron_Colbert at gcronline.com (Paige Mobley) Date: Thu, 18 May 2006 10:17:32 +0500 Subject: The biggest news in sex toys since the vibrator! Message-ID: <244118.10416@gcronline.com> it, also will make it easier for us to create useful listings for these large collections in more automated and distributed program has this feature, or change the To: line of your reply to the list's posting address (which is included at the bottom -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 892 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: purslane.png Type: image/png Size: 5920 bytes Desc: not available URL: From camera_lumina at hotmail.com Thu May 18 07:18:07 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 18 May 2006 10:18:07 -0400 Subject: NS&AT&T In-Reply-To: <20060518070229.GR26713@leitl.org> Message-ID: Eugene Leitl said... >How would you trace back large scale purchases of hard drives >and computer clusters to a TLA? They have to use contractors >for that. Ah...I think that's a very interesting question, particularly in the larger sense. Public companies have to (and are well motivated to) report on their sales. A nice deep, statistical dive could probably reveal what equipment they're buying, at least as $$$/sale-->oo. Hell, a lot of these are even annouced as "Lucent signed a $1.5B contract to supplies equipment and services to the government today..." Too bad there are no other superpowers around these days. Then again, I suspect the Soviets were always too fucked up to bother with something like that. -TD From jya at pipeline.com Thu May 18 11:20:33 2006 From: jya at pipeline.com (John Young) Date: Thu, 18 May 2006 11:20:33 -0700 Subject: [dewayne@warpspeed.com: [Dewayne-Net] No one on the planet will choose this voluntarily] In-Reply-To: <20060518150253.GC26713@leitl.org> Message-ID: The Blue-Ray is a clever spoof. Another may be: that IDs and biographies of soldiers killed in Iraq are being used to produce false identification papers for sale along the US border and overseas. A variation includes as well the IDs of those killed on 9/11. Lots of information on the 6,000 or so on the Internet: head shots, hometowns, relatives, biographies, exactly what is needed to turn out fakes that would have good chance of clearing watch lists. Each ID could be duplicated, say, thousands of to provide the 6 million and up demanded by the thriving market promoted by counterterrorism. From bill.stewart at pobox.com Thu May 18 12:14:01 2006 From: bill.stewart at pobox.com (Bill Stewart) Date: Thu, 18 May 2006 12:14:01 -0700 Subject: AT&T Cable Modem Traceroutes Re: NS&AT&T In-Reply-To: References: <20060518070229.GR26713@leitl.org> Message-ID: <6.2.1.2.0.20060518114903.03684388@pop.idiom.com> At 10:20 AM 5/18/2006, Chris Olesch wrote: >Maybe its just me, but my brother-in-law and I used to wonder why most of >AT&T's cable traffic routed thru the east coast before going out west (or >asia). This would have been well within the range they decided to setup >camp. early 2002 thru 2003 (maybe 2004). On the MOT backbone traffic was >routed normally, yet at-home it took extra routes. Your traceroutes went to the east coast because that's the closest peering point to most of the destination networks you were going to, and BGP mainly works with hop counts unless you do a lot of tweaking. AT&T never really ran the cable TV IP networks themselves when they bought the cable companies - it was still the different cable company operating folks that did most of it, and really they knew a lot more about Pay-Per-View than Internet data, as you might guess from the Don't-Even-Think-About-Running-Servers rules. The level of lack of integration was such that even though most of the cable companies had huge infrastructures of dark fiber along their cable rights-of-way, we weren't able to use that to sell access services to customers until the last few months before Wall Street made us sell the cablecos and give the money back. AT&T did provide them a bunch of wholesale backbone service - I don't know most of the details, and probably couldn't tell you if I did because of the usual customer-confidentiality rules. But you've got to remember that 2002 is a long time ago compared to the current Internet peering relationships. Public Peering back then still mostly happened at the MAEs and NAPs, and still mattered back then, though most of the bigger ISPs did private peering for the bulk of their traffic.. I don't remember if everything had moved to Equinix yet. I don't know who @Home peered with other than AT&T - we peered with them in 9 or 10 cities, and typically peered with the really big ISPs in half a dozen cities each and the other big ISPs in 3-4 cities each, but I don't know how many of them @Home peered with. (AT&T peered with @Home in Chicago, but that doesn't mean that @Home peered with, say, UUnet there even if they could have.) AT&T had some OC192 backbone trunks in 2002, but mostly OC48 on big routes and there was still a fair amount of OC12, and most of the peering was at OC12 or OC3, which was still big back then. (We were the first carrier to run OC192 trunks, having scooped Sprint by a day or two, but for the first few months it was really a demo link from NYC-Boston that they only ran in the daytime for PR because the Cisco cards didn't really work yet...) >Tracert after tracert from within att's net, would mention long routes. It >would bounce 3 or 4 times go out the chicago trunk then end up on some cia, >or other federal line, then go back (but this time around chicago) and end >in cali. If our destination was Japan, or Siberia, the chat latency was >unbearable. > >I was glad when comcast took over, but then again maybe all this humdrum was >removed from the line (tracesrt's). Bouncing around Chicago 3-4 times was entirely no surprise - until carriers got really big hub switches in, you'd typically see at least three hops at any POP, one to an inbound router, one to a hub, and one to an outbound router, and the reason you don't see that today is that a lot of it's happening as Layer 2 Ethernet switching or Layer 2.5 MPLS switching depending on the carrier, so Traceroute doesn't know about it. And if you're going from carrier to carrier, you'll see more. And then there's annoying weirdness like connections from Carrier A in Denver going to Carrier B in Denver via Seattle and San Francisco because they don't peer directly there, but carrier B peers with Carrier C who's got an OC48 to Carrier A in Seattle and only an OC12 in SF so they hand it off there, and Carrier A connects Denver to SF and CHicago but not Seattle :-) From g13005 at gmail.com Thu May 18 10:20:06 2006 From: g13005 at gmail.com (Chris Olesch) Date: Thu, 18 May 2006 12:20:06 -0500 Subject: NS&AT&T In-Reply-To: References: <20060518070229.GR26713@leitl.org> Message-ID: Maybe its just me, but my brother-in-law and I used to wonder why most of AT&T's cable traffic routed thru the east coast before going out west (or asia). This would have been well within the range they decided to setup camp. early 2002 thru 2003 (maybe 2004). On the MOT backbone traffic was routed normally, yet at-home it took extra routes. Tracert after tracert from within att's net, would mention long routes. It would bounce 3 or 4 times go out the chicago trunk then end up on some cia, or other federal line, then go back (but this time around chicago) and end in cali. If our destination was Japan, or Siberia, the chat latency was unbearable. I was glad when comcast took over, but then again maybe all this humdrum was removed from the line (tracesrt's). Him and I were aware of the echelon systems way before the public had, and of course were riduled as being paranoids or were those arkanoids...lol...Heck for fun were had carnivore installed on everything, though my favorite plugin was "Carnivore is sorry!" Everytime, him and I are talking with friends or associates who bring up the nsa this, or the fbi is spying, we just laugh, because we look at them and say, "and this suprises you how? hmm, funny I seem to remember mentioning this a long time ago, and you thought I was a crackpot!" Then we just look at them, deny what they are saying..."I'm sure I don't know what you are talking about." or "Maybe you should see a doctor about your recent flares of paranoia's, the US government doesn't get involved in domestic espionage, especially since we do our best to vote in all these fantastic "TOP" officials" If you ask me, someone is laughing all the way down the data pipe, and maybe maniacally too...hehe -- -G "The knack of flying is learning how to throw yourself at the ground and miss." "He felt that his whole life was some kind of dream and he sometimes wondered whose it was and whether they were enjoying it." "He inched his way up the corridor as if he would rather be yarding his way down it..." "We demand rigidly defined areas of doubt and uncertainty!" "I love deadlines. I like the whooshing sound they make as they fly by." Famous Quotes written by Douglas Adams, (British comic writer, 1952-2001) http://hitchhikers.movies.go.com/ From g13005 at gmail.com Thu May 18 10:22:51 2006 From: g13005 at gmail.com (Chris Olesch) Date: Thu, 18 May 2006 12:22:51 -0500 Subject: [dewayne@warpspeed.com: [Dewayne-Net] No one on the planet will choose this voluntarily] In-Reply-To: <48670.192.168.1.22.1147972605.squirrel@mesmer.rant-central.com> References: <20060518150253.GC26713@leitl.org> <48670.192.168.1.22.1147972605.squirrel@mesmer.rant-central.com> Message-ID: I was kinda hoping that the set-top boxes would explode and burn some houses down. Cause that leaves the door wide open for lawsuits. ...sheesh On 18/05/06, Roy M. Silvernail wrote: > > On Thu, May 18, 2006 11:02, Eugen Leitl wrote: > > "self-destruct code for Blue-ray players"? Are they fucking nuts? > > Hmmm.... full-time net connection needed, and the players can be told to > self-destruct. > > No, no possibility that the path to the servers will be hacked so that all > Blu-Ray players are given the poison packet, right? > -- > Roy M. Silvernail is roy at rant-central.com > "Antelope freeway, one sixty-fourth of a mile." - TFT > procmail->CRM114->/dev/null->bliss > http://www.rant-central.com > -- -G "The knack of flying is learning how to throw yourself at the ground and miss." "He felt that his whole life was some kind of dream and he sometimes wondered whose it was and whether they were enjoying it." "He inched his way up the corridor as if he would rather be yarding his way down it..." "We demand rigidly defined areas of doubt and uncertainty!" "I love deadlines. I like the whooshing sound they make as they fly by." Famous Quotes written by Douglas Adams, (British comic writer, 1952-2001) http://hitchhikers.movies.go.com/ From roy at rant-central.com Thu May 18 10:16:45 2006 From: roy at rant-central.com (Roy M. Silvernail) Date: Thu, 18 May 2006 13:16:45 -0400 (EDT) Subject: [dewayne@warpspeed.com: [Dewayne-Net] No one on the planet will choose this voluntarily] In-Reply-To: <20060518150253.GC26713@leitl.org> References: <20060518150253.GC26713@leitl.org> Message-ID: <48670.192.168.1.22.1147972605.squirrel@mesmer.rant-central.com> On Thu, May 18, 2006 11:02, Eugen Leitl wrote: > "self-destruct code for Blue-ray players"? Are they fucking nuts? Hmmm.... full-time net connection needed, and the players can be told to self-destruct. No, no possibility that the path to the servers will be hacked so that all Blu-Ray players are given the poison packet, right? -- Roy M. Silvernail is roy at rant-central.com "Antelope freeway, one sixty-fourth of a mile." - TFT procmail->CRM114->/dev/null->bliss http://www.rant-central.com From g13005 at gmail.com Thu May 18 11:32:41 2006 From: g13005 at gmail.com (Chris Olesch) Date: Thu, 18 May 2006 13:32:41 -0500 Subject: [Clips] UK Government to force handover of encryption keys In-Reply-To: References: Message-ID: I'm going to just lay-down and wait for the spaceship.....NOT!!! :0 On 18/05/06, R.A. Hettinga wrote: > > --- begin forwarded text > > > Delivered-To: rah at shipwright.com > Delivered-To: clips at philodox.com > Date: Thu, 18 May 2006 14:10:20 -0400 > To: Philodox Clips List > From: "R.A. Hettinga" > Subject: [Clips] UK Government to force handover of encryption keys > Reply-To: rah at philodox.com > Sender: clips-bounces at philodox.com > > < > http://www.zdnet.co.uk/print/?TYPE=story&AT=39269746-39020330t-10000025c> > > > > > Government to force handover of encryption keys > > Tom Espiner > > ZDNet UK > > May 18, 2006, 12:10 BST > > The UK Government is preparing to give the police the authority to force > organisations and individuals to disclose encryption keys, a move which > has > outraged some security and civil rights experts. > > The powers are contained within Part 3 of the Regulation of > Investigatory > Powers Act (RIPA). RIPA was introduced in 2000, but the government has > held > back from bringing Part 3 into effect. Now, more than five years after > the > original act was passed, the Home Office is seeking to exercise the > powers > within Part Three of RIPA. > > Some security experts are concerned that the plan could criminalise > innocent people and drive businesses out of the UK. But the Home Office, > which has just launched a consultation process, says the powers > contained > in Part 3 are needed to combat an increased use of encryption by > criminals, > paedophiles, and terrorists. > > "The use of encryption is... proliferating," Liam Byrne, Home Office > minister of state told Parliament last week. "Encryption products are > more > widely available and are integrated as security features in standard > operating systems, so the Government has concluded that it is now right > to > implement the provisions of Part 3 of RIPA... which is not presently in > force." > > Part 3 of RIPA gives the police powers to order the disclosure of > encryption keys, or force suspects to decrypt encrypted data. > > Anyone who refuses to hand over a key to the police would face up to two > years' imprisonment. Under current anti-terrorism legislation, terrorist > suspects now face up to five years for withholding keys. > > If Part 3 is passed, financial institutions could be compelled to give > up > the encryption keys they use for banking transactions, experts have > warned. > > > > "The controversy here [lies in] seizing keys, not in forcing people to > decrypt. The power to seize encryption keys is spooking big business," > Cambridge University security expert Richard Clayton told ZDNet UK on > Wednesday. > > "The notion that international bankers would be wary of bringing master > keys into UK if they could be seized as part of legitimate police > operations, or by a corrupt chief constable, has quite a lot of > traction," > Clayton added. "With the appropriate paperwork, keys can be seized. If > you're an international banker you'll plonk your headquarters in > Zurich." > > Opponents of the RIP Act have argued that the police could struggle to > enforce Part 3, as people can argue that they don't possess the key to > unlock encrypted data in their possession. > > "It is, as ever, almost impossible to prove 'beyond a reasonable doubt' > that some random-looking data is in fact ciphertext, and then prove that > the accused actually has the key for it, and that he has refused a > proper > order to divulge it," pointed out encryption expert Peter Fairbrother on > ukcrypto, a public email discussion list. > > Clayton backed up this point. "The police can say 'We think he's a > terrorist' or 'We think he's trading in kiddie porn', and the suspect > can > say, 'No, they're love letters, sorry, I've lost the key'. How much > evidence do you need [to convict]? If you can't decrypt [the data], then > by > definition you don't know what it is," said Clayton. > > The Home Office on Wednesday told ZDNet UK that it would not reach a > decision about whether Part 3 will be amended until the consultation > process has been completed. > > "We are in consultation, and [are] looking into proposals on amendments > to > RIPA," said a Home Office spokeswoman. "The Home Office is waiting for > the > results of the consultation" before making any decisions, she said. > > The Home Office said last week that the focus on key disclosure and > forced > decryption was necessary due to "the threat to public safety posed by > terrorist use of encryption technology". > > Clayton, on the other hand, argues that terrorist cells do not use > master > keys in the same way as governments and businesses. > > "Terrorist cells use master keys on a one-to-one basis, rather than > using > them to generate pass keys for a series of communications. With a > one-to-one key, you may as well just force the terrorist suspect to > decrypt > that communication, or use other methods of decryption," said Clayton. > > "My suggestion is to turn on all of Part 3, except the part about trying > to > seize keys. That won't create such a furore in financial circles," he > said. > > -- > ----------------- > R. A. Hettinga > The Internet Bearer Underwriting Corporation > 44 Farquhar Street, Boston, MA 02131 USA > "... however it may deserve respect for its usefulness and antiquity, > [predicting the end of the world] has not been found agreeable to > experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' > _______________________________________________ > Clips mailing list > Clips at philodox.com > http://www.philodox.com/mailman/listinfo/clips > > --- end forwarded text > > > -- > ----------------- > R. A. Hettinga > The Internet Bearer Underwriting Corporation > 44 Farquhar Street, Boston, MA 02131 USA > "... however it may deserve respect for its usefulness and antiquity, > [predicting the end of the world] has not been found agreeable to > experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' > -- -G "The knack of flying is learning how to throw yourself at the ground and miss." "He felt that his whole life was some kind of dream and he sometimes wondered whose it was and whether they were enjoying it." "He inched his way up the corridor as if he would rather be yarding his way down it..." "We demand rigidly defined areas of doubt and uncertainty!" "I love deadlines. I like the whooshing sound they make as they fly by." Famous Quotes written by Douglas Adams, (British comic writer, 1952-2001) http://hitchhikers.movies.go.com/ From rah at shipwright.com Thu May 18 11:17:16 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 18 May 2006 14:17:16 -0400 Subject: [Clips] UK Government to force handover of encryption keys Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Thu, 18 May 2006 14:10:20 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] UK Government to force handover of encryption keys Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com Government to force handover of encryption keys Tom Espiner ZDNet UK May 18, 2006, 12:10 BST The UK Government is preparing to give the police the authority to force organisations and individuals to disclose encryption keys, a move which has outraged some security and civil rights experts. The powers are contained within Part 3 of the Regulation of Investigatory Powers Act (RIPA). RIPA was introduced in 2000, but the government has held back from bringing Part 3 into effect. Now, more than five years after the original act was passed, the Home Office is seeking to exercise the powers within Part Three of RIPA. Some security experts are concerned that the plan could criminalise innocent people and drive businesses out of the UK. But the Home Office, which has just launched a consultation process, says the powers contained in Part 3 are needed to combat an increased use of encryption by criminals, paedophiles, and terrorists. "The use of encryption is... proliferating," Liam Byrne, Home Office minister of state told Parliament last week. "Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force." Part 3 of RIPA gives the police powers to order the disclosure of encryption keys, or force suspects to decrypt encrypted data. Anyone who refuses to hand over a key to the police would face up to two years' imprisonment. Under current anti-terrorism legislation, terrorist suspects now face up to five years for withholding keys. If Part 3 is passed, financial institutions could be compelled to give up the encryption keys they use for banking transactions, experts have warned. "The controversy here [lies in] seizing keys, not in forcing people to decrypt. The power to seize encryption keys is spooking big business," Cambridge University security expert Richard Clayton told ZDNet UK on Wednesday. "The notion that international bankers would be wary of bringing master keys into UK if they could be seized as part of legitimate police operations, or by a corrupt chief constable, has quite a lot of traction," Clayton added. "With the appropriate paperwork, keys can be seized. If you're an international banker you'll plonk your headquarters in Zurich." Opponents of the RIP Act have argued that the police could struggle to enforce Part 3, as people can argue that they don't possess the key to unlock encrypted data in their possession. "It is, as ever, almost impossible to prove 'beyond a reasonable doubt' that some random-looking data is in fact ciphertext, and then prove that the accused actually has the key for it, and that he has refused a proper order to divulge it," pointed out encryption expert Peter Fairbrother on ukcrypto, a public email discussion list. Clayton backed up this point. "The police can say 'We think he's a terrorist' or 'We think he's trading in kiddie porn', and the suspect can say, 'No, they're love letters, sorry, I've lost the key'. How much evidence do you need [to convict]? If you can't decrypt [the data], then by definition you don't know what it is," said Clayton. The Home Office on Wednesday told ZDNet UK that it would not reach a decision about whether Part 3 will be amended until the consultation process has been completed. "We are in consultation, and [are] looking into proposals on amendments to RIPA," said a Home Office spokeswoman. "The Home Office is waiting for the results of the consultation" before making any decisions, she said. The Home Office said last week that the focus on key disclosure and forced decryption was necessary due to "the threat to public safety posed by terrorist use of encryption technology". Clayton, on the other hand, argues that terrorist cells do not use master keys in the same way as governments and businesses. "Terrorist cells use master keys on a one-to-one basis, rather than using them to generate pass keys for a series of communications. With a one-to-one key, you may as well just force the terrorist suspect to decrypt that communication, or use other methods of decryption," said Clayton. "My suggestion is to turn on all of Part 3, except the part about trying to seize keys. That won't create such a furore in financial circles," he said. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Thu May 18 05:40:09 2006 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 18 May 2006 14:40:09 +0200 Subject: [dave@farber.net: [IP] Workshop on Data Surveillance at Harvard on June 3rd] Message-ID: <20060518124009.GP26713@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Thu May 18 08:02:54 2006 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 18 May 2006 17:02:54 +0200 Subject: [dewayne@warpspeed.com: [Dewayne-Net] No one on the planet will choose this voluntarily] Message-ID: <20060518150253.GC26713@leitl.org> "self-destruct code for Blue-ray players"? Are they fucking nuts? ----- Forwarded message from Dewayne Hendricks ----- From dave at farber.net Thu May 18 14:40:01 2006 From: dave at farber.net (David Farber) Date: Thu, 18 May 2006 17:40:01 -0400 Subject: [IP] DC speaking event: Bruce Schneier on "The Future of Privacy" Message-ID: Begin forwarded message: From dave at farber.net Thu May 18 15:49:52 2006 From: dave at farber.net (David Farber) Date: Thu, 18 May 2006 18:49:52 -0400 Subject: [IP] NSA killed system that sifted phone data legally Message-ID: Begin forwarded message: From justin-cypherpunks at soze.net Thu May 18 13:15:33 2006 From: justin-cypherpunks at soze.net (Justin) Date: Thu, 18 May 2006 20:15:33 +0000 Subject: Legal loophole emerges in NSA spy program In-Reply-To: <4ef5fec60605172147q235c1ebcg5637c0a42ed17dfb@mail.gmail.com> References: <4ef5fec60605172147q235c1ebcg5637c0a42ed17dfb@mail.gmail.com> Message-ID: <20060518201533.GA1190@arion.hive> On 2006-05-17T21:47:01-0700, coderman wrote: > this administration is particularly skilled at legal exploit. pehaps > all that practice bending tax law over a barrel was merely warm up. > ;) > > remember that Ashcroft was indeed signing approvals (in fact, they > pestered him at the hospital while he was still recovering from > surgery) and the deputy attorney general was also involved (i don't > remember if he provided authorization when Ashcroft was > incapacitated/reluctant or not...) Not as if it's difficult to pre-date certifications, if they don't exist, in exchange for certain considerations. It might be enlightening to compare AT&T's campaign contributions (do they have a PAC for employees?) in 2004 vs 2008, and 2002 vs 2006. That, plus the accounting angle looking for discrepancies caused by non-reporting of large SEC-exempt contracts... with enough people digging, someone's bound to find something. -- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants. From justin-cypherpunks at soze.net Thu May 18 13:19:25 2006 From: justin-cypherpunks at soze.net (Justin) Date: Thu, 18 May 2006 20:19:25 +0000 Subject: NS&AT&T In-Reply-To: References: Message-ID: <20060518201925.GB1190@arion.hive> On 2006-05-17T15:42:41-0400, Tyler Durden wrote: > But the other axis is statistical (as you point out). It's far better to > never get caught in the NSA driftnets in the first place. This means stego, > this means P2P (hum...what if I had a P2P video of a document I wanted to > transmit...NSA wouldn't be able to read that document, right?) this means > (somehow) encouraging more crypto in more places so your traffic doesn't > stick out. I suspect that anyone caught by narus sending any sort of unusual encrypted traffic (i.e. not skype or ssl on port 443), particularly traffic to a published tor node or to a known mix node, is automatically put in the "somewhat interesting" bucket. Thus, the kind of people who can avoid being caught in the dragnet by using stego have already been caught due to earlier experimentation. If the NSA has access to ISP subscription records, which current news reports suggest they do, even changing IPs or ISPs is not enough. You have to create a completely new identity, or you have to abuse an open net connection somewhere. And open connections like wireless hotspots are probably already flagged due to interesting traffic coming from them in the past. -- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants. From jtrjtrjtr2001 at yahoo.com Thu May 18 22:03:17 2006 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Thu, 18 May 2006 22:03:17 -0700 (PDT) Subject: [Clips] UK Government to force handover of encryption keys In-Reply-To: Message-ID: <20060519050317.15522.qmail@web33301.mail.mud.yahoo.com> This clearly doesnt work. All they will manage to do is harass citizens. Sarad. --- "R.A. Hettinga" wrote: > "It is, as ever, almost impossible to prove > 'beyond a reasonable doubt' > that some random-looking data is in fact > ciphertext, and then prove that > the accused actually has the key for it, and that > he has refused a proper > order to divulge it," pointed out encryption > expert Peter Fairbrother on > ukcrypto, a public email discussion list. > > Clayton backed up this point. "The police can say > 'We think he's a > terrorist' or 'We think he's trading in kiddie > porn', and the suspect can > say, 'No, they're love letters, sorry, I've lost > the key'. How much > evidence do you need [to convict]? If you can't > decrypt [the data], then by > definition you don't know what it is," said > Clayton. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From cherry at advancedofficesystems.com Fri May 19 00:27:20 2006 From: cherry at advancedofficesystems.com ( Bond) Date: Thu, 18 May 2006 23:27:20 -0800 Subject: Pre-approvedd rate #jaildvzq Message-ID: <53697.$$.95620.Etrack@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 686 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: .1.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From arnold at turtletrader.com Fri May 19 02:42:44 2006 From: arnold at turtletrader.com (Timmy Cash) Date: Fri, 19 May 2006 01:42:44 -0800 Subject: Notice: Loww mortagee ratee approved Message-ID: <541754016184021.0144173@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 994 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: idol.4.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From vicente19 at abcbancorp.com Fri May 19 02:50:02 2006 From: vicente19 at abcbancorp.com (Darwin Donaldson) Date: Fri, 19 May 2006 01:50:02 -0800 Subject: Bad Credit? Our Lenders Want To Hear From You Message-ID: <39122.$$.96907.Etrack@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1007 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: writhe.1.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From billyboy at trados.com Fri May 19 03:04:20 2006 From: billyboy at trados.com (Bettye Molina) Date: Fri, 19 May 2006 02:04:20 -0800 Subject: Application approval #LVEJLOL0324377823998 Message-ID: <095965001.0959140701067.JavaMail.ebayapp@sj-besreco034> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 995 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: organometallic.1.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From liplike at mailAccount.com.jfet.org Fri May 19 03:13:54 2006 From: liplike at mailAccount.com.jfet.org (Gustavo Huff) Date: Fri, 19 May 2006 02:13:54 -0800 Subject: 3.25%% approvedd rattee Message-ID: <290976569.9747763349161.JavaMail.ebayapp@sj-besreco913> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 996 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: yip.8.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From denisea at uglyduckling.com Fri May 19 03:21:15 2006 From: denisea at uglyduckling.com (Roland Mckee) Date: Fri, 19 May 2006 02:21:15 -0800 Subject: Looking to ReFi or a Home Equity Loan? Message-ID: <73848.$$.64771.Etrack@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1003 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: parallax.9.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From g13005 at gmail.com Fri May 19 01:12:23 2006 From: g13005 at gmail.com (Chris Olesch) Date: Fri, 19 May 2006 03:12:23 -0500 Subject: NS&AT&T In-Reply-To: <20060518201925.GB1190@arion.hive> References: <20060518201925.GB1190@arion.hive> Message-ID: You would think that if they wanted to lure customers into their spiderweb, they would simply offer free internet access, and burry a 'we have the right to spy on your' clause somewhere in the agreement. I'm sure the sheeply would be more than happy to surrender their souls for that....hehe On 18/05/06, Justin wrote: > > On 2006-05-17T15:42:41-0400, Tyler Durden wrote: > > But the other axis is statistical (as you point out). It's far better to > > never get caught in the NSA driftnets in the first place. This means > stego, > > this means P2P (hum...what if I had a P2P video of a document I wanted > to > > transmit...NSA wouldn't be able to read that document, right?) this > means > > (somehow) encouraging more crypto in more places so your traffic doesn't > > stick out. > > I suspect that anyone caught by narus sending any sort of unusual > encrypted traffic (i.e. not skype or ssl on port 443), particularly > traffic to a published tor node or to a known mix node, is automatically > put in the "somewhat interesting" bucket. > > Thus, the kind of people who can avoid being caught in the dragnet by > using stego have already been caught due to earlier experimentation. > > If the NSA has access to ISP subscription records, which current news > reports suggest they do, even changing IPs or ISPs is not enough. You > have to create a completely new identity, or you have to abuse an open > net connection somewhere. And open connections like wireless hotspots > are probably already flagged due to interesting traffic coming from them > in the past. > > -- > The six phases of a project: > I. Enthusiasm. IV. Search for the Guilty. > II. Disillusionment. V. Punishment of the Innocent. > III. Panic. VI. Praise & Honor for the Nonparticipants. > -- -G "The knack of flying is learning how to throw yourself at the ground and miss." "He felt that his whole life was some kind of dream and he sometimes wondered whose it was and whether they were enjoying it." "He inched his way up the corridor as if he would rather be yarding his way down it..." "We demand rigidly defined areas of doubt and uncertainty!" "I love deadlines. I like the whooshing sound they make as they fly by." Famous Quotes written by Douglas Adams, (British comic writer, 1952-2001) http://hitchhikers.movies.go.com/ From Thomas_Crowley at em365.com Fri May 19 03:13:02 2006 From: Thomas_Crowley at em365.com (Juliana Kidd) Date: Fri, 19 May 2006 06:13:02 -0400 Subject: Get All the Prescription Pills You Want Here! Message-ID: online, or know of where it can be found, can get in touch with you. But if you'd rather not have your name or email address copyrights of the authors of the books listed by the site. We will not knowingly list a book that is neither online with the -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 894 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: huff.png Type: image/png Size: 6907 bytes Desc: not available URL: From eugen at leitl.org Thu May 18 23:42:32 2006 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 19 May 2006 08:42:32 +0200 Subject: [dave@farber.net: [IP] DC speaking event: Bruce Schneier on "The Future of Privacy"] Message-ID: <20060519064232.GY26713@leitl.org> ----- Forwarded message from David Farber ----- From tkuno at furinkan.com Fri May 19 02:52:32 2006 From: tkuno at furinkan.com (Kieth Mosley) Date: Fri, 19 May 2006 08:52:32 -0060 Subject: All products for your health! Message-ID: <662161c80604rtsvnpj0m1fqywxgffh8p6afzwud7w7o@mail.furinkan.com> http://rqnbmd.seescum.biz/?99053092 Suffering from pain, depression or heartburn? We'll help you! All verified dr at gs collected at one LICENSED online store! Great choice of wonderful meds to give you long-awaited relief! Operative support, fast shipping, secure p at yment processing and complete confidentiality! The store is VERIFIED BY BBB and APPROVED BY VISA! http://rqnbmd.seescum.biz/?99053092 From rah at shipwright.com Fri May 19 06:39:26 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Fri, 19 May 2006 09:39:26 -0400 Subject: NS&AT&T In-Reply-To: References: <20060518201925.GB1190@arion.hive> Message-ID: Ironically, At 3:12 AM -0500 5/19/06, Chris Olesch wrote: >You would think that if they wanted to lure customers into their spiderweb, >they would simply offer free internet access, and burry a 'we have the right >to spy on your' clause somewhere in the agreement. There's a name for something like that. It's called "Google". ;-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Fri May 19 02:32:08 2006 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 19 May 2006 11:32:08 +0200 Subject: [dave@farber.net: [IP] NSA killed system that sifted phone data legally] Message-ID: <20060519093208.GI26713@leitl.org> ----- Forwarded message from David Farber ----- From schoen at eff.org Fri May 19 11:51:54 2006 From: schoen at eff.org (Seth David Schoen) Date: Fri, 19 May 2006 11:51:54 -0700 Subject: Threats to anonymity set at and above the application layer; HTTP Message-ID: headers User-Agent: Mutt/1.5.11 Reply-To: or-talk at freehaven.net It's pretty well understood that anonymity can be lost at higher protocol layers even when it's well protected at lower layers. One eye-opening paper on this point is "Can Pseudonymity Really Guarantee Privacy?" by Rao and Rohatgi (in the Freehaven Anonymity Bibliography): http://www.usenix.org/publications/library/proceedings/sec2000/full_papers/ra o/rao.pdf This is a philosophically interesting problem; it prompts the question "if pseudonymity can't guarantee privacy, what _can_?". (Rao and Rohatgi remind us that the authors of the Federalist Papers used pseudonyms and were still identified solely from the evidence of their writing.) There is also the scary field of timing attacks on users' typing: http://www.cs.berkeley.edu/~daw/papers/ssh-use01.pdf http://www.cs.berkeley.edu/~tygar/papers/Keyboard_Acoustic_Emanations_Revisit ed/ccs.pdf (The Tygar paper is not really relevant for network surveillance, but it shows the scariness of statistical methods for figuring out what users are doing based on seemingly irrelevant information.) In a sense, there are many privacy-threatening features in and above the application layer (some of them depending on the nature and latency of a communication): * timing of access (what time zone are you in, when do you usually do something?) -- for communications with non-randomized latency < 1 day * typing patterns (cf. Cliff Stoll's _Cuckoo's Egg_ and the Song et al. paper) * typing speed * language comprehension and selection * language proficiency * idiosyncratic language use * idiosyncratic language errors (cf. Rao and Rohatgi) * cookies and their equivalents (cf. Martin Pool's "meantime", a cookie equivalent using client-side information that was intended for a totally different purpose -- cache control) * unique browser or other application headers or behavior (distinguishing MSIE from Firefox from Opera? not just based on User-agent but based on request patterns, e.g. for inline images, and different interpretations of HTTP standards and perhaps CSS and JavaScript standards) * different user-agent versions (including leaked information about the platform) * different privoxy versions and configurations I'm not sure what to do to mitigate these things. The Rao paper alone strongly suggests that providing privacy up to the application layer will not always make communications unlinkable (and then there is the problem of insulating what pseudonymous personae are supposed to know about or not know about, and the likelihood of correlations between things they mention). These problems are alluded to in on the Tor web site: Tor can't solve all anonymity problems. It focuses only on protecting the transport of data. You need to use protocol-specific support software if you don't want the sites you visit to see your identifying information. For example, you can use web proxies such as Privoxy while web browsing to block cookies and withhold information about your browser type. Also, to protect your anonymity, be smart. Don't provide your name or other revealing information in web forms. Be aware that, like all anonymizing networks that are fast enough for web browsing, Tor does not provide protection against end-to-end timing attacks: If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit. However, the recommendation to use Privoxy, by itself, is far from solving the problem of correlations between user and user sessions. I think a low-hanging target is the uniqueness of HTTP headers sent by particular users of HTTP and HTTPS over Tor. Accept-Language, User-Agent, and a few browser-specific features are likely to reveal locale and OS and browser version -- sometimes relatively uniquely, as when someone uses a Linux distribution that ships with a highly specific build of Firefox -- and this combination may serve to make people linkable or distinguishable in particular contexts. Privoxy does _not_, depending on its configuration, necessarily remove or rewrite all of the potentially relevant HTTP protocol headers. Worse, different Privoxy configurations may actually introduce _new_ headers or behaviors that further serve to differentiate users from one another. One example is that some Privoxy configurations insert headers specifically identifying the user as a Privoxy user and taunting the server operator; but if some users do this and other users don't, the anonymity set is chopped up into lots of little bitty anonymity sets. For instance: +add-header{X-User-Tracking: sucks} User tracking does suck, but adding an optional header saying so has the obvious effect of splitting the anonymity set in some circumstances into people who send the X-User-Tracking: sucks header and people who don't. Any variation in practice here is potentially bad for the size of the anonymity set. A remedy for this would be to try to create a standardized Privoxy configuration and set of browser headers, and then try to convince as many Tor users as possible to use that particular configuration. (One way to do this is to try to convince everyone who makes a Tor+Privoxy distribution or product to use the agreed-upon default configuration.) The goal is not to prevent people from controlling their own Privoxy configurations or doing more things to protect their privacy; rather, it is to try to reduce the variety in headers and behaviors seen by web servers contacted by Tor users on different platforms. -- Seth Schoen Staff Technologist schoen at eff.org Electronic Frontier Foundation http://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107 ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From camera_lumina at hotmail.com Fri May 19 09:32:09 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 19 May 2006 12:32:09 -0400 Subject: [Clips] UK Government to force handover of encryption keys In-Reply-To: <20060519050317.15522.qmail@web33301.mail.mud.yahoo.com> Message-ID: Let us not forget all of the methods of "deniable encryption" discussed a few years back. If the "wrong" key is entered, the returned "de-encrypted" file will look -kinda- bad but not actually be the original plaintext. This seems all the easier with TOR-stored data. Fortunately, it would appear that such a law should be bound to force development of deniable encryption tools. -TD >From: Sarad AV >To: cypherpunks at jfet.org >Subject: Re: [Clips] UK Government to force handover of encryption keys >Date: Thu, 18 May 2006 22:03:17 -0700 (PDT) > >This clearly doesnt work. All they will manage to do >is harass citizens. > >Sarad. > > >--- "R.A. Hettinga" wrote: > > > "It is, as ever, almost impossible to prove > > 'beyond a reasonable doubt' > > that some random-looking data is in fact > > ciphertext, and then prove that > > the accused actually has the key for it, and that > > he has refused a proper > > order to divulge it," pointed out encryption > > expert Peter Fairbrother on > > ukcrypto, a public email discussion list. > > > > Clayton backed up this point. "The police can say > > 'We think he's a > > terrorist' or 'We think he's trading in kiddie > > porn', and the suspect can > > say, 'No, they're love letters, sorry, I've lost > > the key'. How much > > evidence do you need [to convict]? If you can't > > decrypt [the data], then by > > definition you don't know what it is," said > > Clayton. > > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com From bill.stewart at pobox.com Fri May 19 13:14:31 2006 From: bill.stewart at pobox.com (Bill Stewart) Date: Fri, 19 May 2006 13:14:31 -0700 Subject: Diffie-Hellman Re: UK Government to force handover of encryption keys In-Reply-To: References: <20060519050317.15522.qmail@web33301.mail.mud.yahoo.com> Message-ID: <6.2.1.2.0.20060519130538.03bbe930@pop.idiom.com> At 09:32 AM 5/19/2006, Tyler Durden wrote: >Let us not forget all of the methods of "deniable encryption" discussed a >few years back. If the "wrong" key is entered, the returned "de-encrypted" >file will look -kinda- bad but not actually be the original plaintext. For stored material, that may be useful, but for communications, it's the wrong model. Too many online applications currently use RSA encryption to transfer an encrypted key, which is vulnerable to later disclosure, instead of using Diffie-Hellman key exchange and some signature algorithm (RSA, EG, whatever), for which compromising the key doesn't expose previous communications, only exposes the user to MITM attacks, is much easier to argue against disclosure of, and of course is much easier to replace (blocking MITM with the compromised keys.) Email messages are an appropriate use of RSA-encrypted keys, but any online two-way communications, including VOIP, IPSEC, web forms, and transmission of email, really ought to be using Diffie-Hellman instead. How many of the popular tools support it or could be configured to do so? In most cases, it's probably not hard - you mainly need to choose the right options from standard packages, and make the DH versions the preferred method instead of a fallback. From coderman at gmail.com Fri May 19 13:42:43 2006 From: coderman at gmail.com (coderman) Date: Fri, 19 May 2006 13:42:43 -0700 Subject: Diffie-Hellman Re: UK Government to force handover of encryption keys In-Reply-To: <6.2.1.2.0.20060519130538.03bbe930@pop.idiom.com> References: <20060519050317.15522.qmail@web33301.mail.mud.yahoo.com> <6.2.1.2.0.20060519130538.03bbe930@pop.idiom.com> Message-ID: <4ef5fec60605191342r71693f2ocfa5f3563d1eb31c@mail.gmail.com> On 5/19/06, Bill Stewart wrote: > ... > Too many online applications currently use > RSA encryption to transfer an encrypted key, > which is vulnerable to later disclosure, > instead of using Diffie-Hellman key exchange > and some signature algorithm (RSA, EG, whatever), cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA++ > Email messages are an appropriate use of RSA-encrypted keys, > but any online two-way communications, > including VOIP, IPSEC, web forms, and transmission of email, > really ought to be using Diffie-Hellman instead. i like the speed of pre-shared keys assuming key mgmt is secure and rekeying frequent (e.g. scheduled PSK's or one time pad based ephemeral key exchange). but anything using ephemeral keys needs to destroy them properly and this is more robust with DH (each end responsible for their respective key destruction) than shared secrets (both ends must destroy secrets) in addition to the fact that shared secrets are usually much longer lived as well. > How many of the popular tools support it or could be configured to do so? i do it all the time with openvpn, https, etc. in theory anything that supports SSLv3/TLSv1 should support a strong ephemeral DH cipher suite. as for particular sites and servers, i'd be interested to know just what the usual distribution of utilized cipher suites is. RSA without DHE probably is the most common. > In most cases, it's probably not hard - you mainly need to choose the > right options from standard packages, and make the DH versions the > preferred method instead of a fallback. yup. in most cases generating dh parameters and explicitly requiring a DHE suite is the hardest part of any custom configuration needed. the session setup costs are a little higher but anyone doing SSL/TLS in bulk probably has the necessary hardware acceleration in place already. as a side note, i'd really like SHA2-256/512 to be added to SSL/TLS and widely implemented. AES256 with SHA1 digest is just a little funny these days... From coderman at gmail.com Fri May 19 14:37:55 2006 From: coderman at gmail.com (coderman) Date: Fri, 19 May 2006 14:37:55 -0700 Subject: NS&AT&T In-Reply-To: References: <20060518201925.GB1190@arion.hive> Message-ID: <4ef5fec60605191437j2da3be97sd5cc4224f0d0599a@mail.gmail.com> On 5/19/06, R.A. Hettinga wrote: > ... > >You would think that if they wanted to lure customers into their spiderweb, > >they would simply offer free internet access, and burry a 'we have the right > >to spy on your' clause somewhere in the agreement. > > There's a name for something like that. It's called "Google". hah, indeed. they even took it a step further with the new "search across computers" feature that sucks your hard drive into this spiderweb of mining. i trust individuals, not corporations or governments. you can't expect privacy from entities you don't trust. from http://www.google.com/privacypolicy.html """ Information we collect and how we use it: ... Information you provide ... [ED: anything in the GET/POST of your request] Google cookies... Log information... User communications... Links... [ED: what you click on] . . Information sharing: Google only shares personal information with other companies or individuals outside of Google in the following limited circumstances: - We have your consent... - We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons... - We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request... """ "limited" circumstances, LOL From gnu at toad.com Fri May 19 15:32:13 2006 From: gnu at toad.com (John Gilmore) Date: Fri, 19 May 2006 15:32:13 -0700 Subject: May 24: National Day of Outrage at NSA/Telco surveillance Message-ID: Some alternative media groups have called for a national day of protests against the telcos' latest sleazy activities, including their cooperation in NSA's illegal surveillance of innocent citizens. http://saveaccess.org/ Events are already scheduled in Boston, Chicago, San Francisco, and NYC. You can register your own local event by sending mail to protest at saveaccess.org. Curiously, nobody in Washington, DC or Baltimore is protesting yet. Perhaps a contingent should form outside NSA, with signs showing the NSA employees on their way to/from work just what we think of their disrespect for the constitution, the law, and the public. Do we have a local volunteer to organize it? John PS: I don't agree with all the things these people are protesting, but I admire their energy. I haven't seen cryptographers and cypherpunks with protest signs -- yet. But I hope to see you out there on May 24th. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From coderman at gmail.com Fri May 19 16:43:33 2006 From: coderman at gmail.com (coderman) Date: Fri, 19 May 2006 16:43:33 -0700 Subject: NS&AT&T In-Reply-To: <20060519225359.GF7810@arion.hive> References: <20060518201925.GB1190@arion.hive> <4ef5fec60605191437j2da3be97sd5cc4224f0d0599a@mail.gmail.com> <20060519225359.GF7810@arion.hive> Message-ID: <4ef5fec60605191643oe33782dtafa890fc837d61da@mail.gmail.com> On 5/19/06, Justin wrote: > On 2006-05-19T14:37:55-0700, coderman wrote: > > > > i trust individuals, not corporations or governments. > > Big mistake. Individuals are corrupt, too. Even people with good > morals often do bad things by mistake or through carelessness. true. depending on the context i would need to trust not only the personal integrity/morals of the person but also technical capability and responsibility (so that careless mistakes would not be made). the key is the direct individual relationship that can provide trust, rather than an amorphous and distant relationship with a large opaque organization. quorums are an interesting group organization that can be trusted perhaps, and allow more collaboration / social exchange than direct individual interactions yet avoid the diffusion of responsibility and lack of accountability present in larger organizational structures. that's a longer discussion and i'm not sure i could do a good job explaining my thoughts on it yet... reputation and trust, my favorite crux :) [and i thought the technical aspects were difficult! heh] From jtrjtrjtr2001 at yahoo.com Fri May 19 19:30:35 2006 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Fri, 19 May 2006 19:30:35 -0700 (PDT) Subject: [Clips] UK Government to force handover of encryption keys In-Reply-To: Message-ID: <20060520023035.91773.qmail@web33305.mail.mud.yahoo.com> Yes, deniable encryption is one way to go about since it cannot be proved that the key surrendered is not the real key. This however is not useful when one is in a torture cell where they try to break into the mind :-). Sarad. --- Tyler Durden wrote: > Let us not forget all of the methods of "deniable > encryption" discussed a > few years back. If the "wrong" key is entered, the > returned "de-encrypted" > file will look -kinda- bad but not actually be the > original plaintext. > > This seems all the easier with TOR-stored data. > > Fortunately, it would appear that such a law should > be bound to force > development of deniable encryption tools. > > -TD > > > >From: Sarad AV > >To: cypherpunks at jfet.org > >Subject: Re: [Clips] UK Government to force > handover of encryption keys > >Date: Thu, 18 May 2006 22:03:17 -0700 (PDT) > > > >This clearly doesnt work. All they will manage to > do > >is harass citizens. > > > >Sarad. > > > > > >--- "R.A. Hettinga" wrote: > > > > > "It is, as ever, almost impossible to prove > > > 'beyond a reasonable doubt' > > > that some random-looking data is in fact > > > ciphertext, and then prove that > > > the accused actually has the key for it, and > that > > > he has refused a proper > > > order to divulge it," pointed out encryption > > > expert Peter Fairbrother on > > > ukcrypto, a public email discussion list. > > > > > > Clayton backed up this point. "The police can > say > > > 'We think he's a > > > terrorist' or 'We think he's trading in kiddie > > > porn', and the suspect can > > > say, 'No, they're love letters, sorry, I've > lost > > > the key'. How much > > > evidence do you need [to convict]? If you > can't > > > decrypt [the data], then by > > > definition you don't know what it is," said > > > Clayton. > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From eugen at leitl.org Fri May 19 12:10:01 2006 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 19 May 2006 21:10:01 +0200 Subject: [schoen@eff.org: Threats to anonymity set at and above the application layer; HTTP headers] Message-ID: <20060519191001.GQ26713@leitl.org> ----- Forwarded message from Seth David Schoen ----- From coderman at gmail.com Fri May 19 22:33:05 2006 From: coderman at gmail.com (coderman) Date: Fri, 19 May 2006 22:33:05 -0700 Subject: congress giving us impressive "oversight theater" Message-ID: <4ef5fec60605192233y706d7dc6kf444436b3b9ee53@mail.gmail.com> a favorite form of theatrical presentation, second only to "liberty theater". :P SIGINT + HUMINT - OVERSIGHT == you assuming the position and paying for the privilege. they're solidifying public support for these previously illegal activities and are doing a good job of it. they won't be illegal or this "narrowly targeted" for long... http://www.washingtonpost.com/wp-dyn/content/article/2006/05/18/AR2006051801887_2.html ---selective-cuts--- On the Democratic side, Sen. Ron Wyden (Ore.) tried to get a bit tougher. He asked about an "independent check that can be verified on these programs that the newspapers are reporting on." Roberts jumped in, defensively. "I am independent and I asked very tough questions," he reported. He paused to check with his staff, then added that oversight was "very independent." ... Hayden's written statement said "UNCLASSIFIED" on each page, though it could have been labeled "UNINTERESTING" because little more than a collection of acronyms survived the declassification process. "As director of NSA, I was the national SIGINT manager," he said. "I would use this important new authority, the national HUMINT manager, to enhance the standards of tradecraft." ... Critics may say that the SSCI -- that's the Senate Select Committee on Intelligence -- is AWOL these days when it comes to oversight. But, FYI, no one would doubt these guys are A-OK with their ABCs. ---end-cut--- From pitts at aaroma.com Fri May 19 23:39:23 2006 From: pitts at aaroma.com (Latoya Carr) Date: Fri, 19 May 2006 22:39:23 -0800 Subject: Application approval #AGL96747063914122 Message-ID: <531499708.4218584674858.JavaMail.ebayapp@sj-besreco447> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 987 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: algol.5.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From justin-cypherpunks at soze.net Fri May 19 15:53:59 2006 From: justin-cypherpunks at soze.net (Justin) Date: Fri, 19 May 2006 22:53:59 +0000 Subject: NS&AT&T In-Reply-To: <4ef5fec60605191437j2da3be97sd5cc4224f0d0599a@mail.gmail.com> References: <20060518201925.GB1190@arion.hive> <4ef5fec60605191437j2da3be97sd5cc4224f0d0599a@mail.gmail.com> Message-ID: <20060519225359.GF7810@arion.hive> On 2006-05-19T14:37:55-0700, coderman wrote: > > i trust individuals, not corporations or governments. Big mistake. Individuals are corrupt, too. Even people with good morals often do bad things by mistake or through carelessness. -- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants. From xjbyweljoz at vmsnet.com Sat May 20 00:38:35 2006 From: xjbyweljoz at vmsnet.com (Mr Daubert Kaitlyn) Date: Fri, 19 May 2006 23:38:35 -0800 Subject: Ephedra for your body Message-ID: <46038446208477.FRvl9wyBPI@tea> , society some debenture see regard it textural the ambiance -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 637 bytes Desc: not available URL: From lucas at adarand.com Sat May 20 01:10:32 2006 From: lucas at adarand.com (Wiley Meyer) Date: Sat, 20 May 2006 00:10:32 -0800 Subject: mortagage Message-ID: <572212252.9144078425886.JavaMail.ebayapp@sj-besreco480> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1118 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: %ATTNAME.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From lauren at vortex.com Sat May 20 06:05:18 2006 From: lauren at vortex.com (Lauren Weinstein) Date: May 20, 2006 6:05:18 PM EDT Subject: VeriChip chairman promotes RFID "chipping" of immigrants Message-ID: Dave, Many of us who are concerned about the potential abuse of RFID systems have long suspected that some "low status" class of individuals would be the first to find itself subjected to RFID chip implants under government edict, after which the range of included persons would gradually expand to cover more and more of the general population. These chips in their present form cannot be controlled by the implanted individual, and so are subject to interrogation at any time with or without the knowledge of the "chipee." I've speculated in the past that persons convicted of sex crimes might be among the likely initial targets by the proponents of this technology, possibly as a requirement for parole. However, it appears that VeriChip (the main player in the human RFID implant space) may have their sights on a significantly larger demographic. VeriChip's chairman was on Fox News last Tuesday promoting the concept of "chipping" immigrants, "guest workers," and the like. Here's the transcript: http://www.spychips.com/press-releases/silverman-foxnews.html Hold out your arm -- this won't hurt a bit, eh? --Lauren-- Lauren Weinstein lauren at vortex.com or lauren at pfir.org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, IOIC - International Open Internet Coalition - http://www.ioic.net Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From iw115 at 1up.com Sat May 20 09:11:57 2006 From: iw115 at 1up.com (Dominique Jensen) Date: Sat, 20 May 2006 08:11:57 -0800 Subject: wut up low rates Message-ID: <72906.$$.21564.Etrack@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1007 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: curie.1.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From nlavcjgca at worldonline.fr Sat May 20 06:50:09 2006 From: nlavcjgca at worldonline.fr (Jacob Corley) Date: Sat, 20 May 2006 08:50:09 -0500 Subject: Cypherpunks Lean and mean is in! wrozuj Message-ID: <1iwAaF0msKr@astrology> talismanic propellant default exodus imprecision bilharziasis contralto hydroxyl at lobar millikan goren conquistador hallmark thee thoroughfare kerry northernmost upperclassman intuitable culinary x's cafe debugger fanfare wartime -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1342 bytes Desc: not available URL: From alvpqeyyhsjcm at frontcourt.com Sat May 20 08:04:14 2006 From: alvpqeyyhsjcm at frontcourt.com (Moten Lacey ) Date: Sat, 20 May 2006 10:04:14 -0500 Subject: Your family will love this gift Message-ID: <27932710196527.kAmNTYN7nU@gaudy> or sallow but mickelson not extrovert see tort it's diagnoses -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 771 bytes Desc: not available URL: From NJRQNSOPNZF at yahoo.com Sat May 20 11:44:55 2006 From: NJRQNSOPNZF at yahoo.com (Mack Carrillo) Date: Sat, 20 May 2006 10:44:55 -0800 Subject: echidna geometer omnipotent pampa quotation walt snip afar impelling am captivate replenish handmade aboveboard cowman Message-ID: <40895.$$.36696.Etrack@hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1012 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: foliate.9.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From coderman at gmail.com Sat May 20 10:57:32 2006 From: coderman at gmail.com (coderman) Date: Sat, 20 May 2006 10:57:32 -0700 Subject: Fwd: There's A Support Group Out There For Any Fetish - cypherpunkerfuckersterroristkillerrapists Message-ID: <4ef5fec60605201057wb714cc8pd224b6d5f6e87d10@mail.gmail.com> fucking hilarious; my side hurts... :P~ ---selective-cut--- (author using gmail so i assume no expectation of privacy against forwarding) ... From: Steve Furlong Subject: Re: [Clips] There's A Support Group Out There For Any Fetish ... > BE IT BEARSKIN RUGS OR PONYTAILS, THERE'S A SUPPORT GROUP OUT THERE FOR ANY > FETISH I have a compulsion to swap rips of Hollywood movies with my terrorist buddies as we plot how to overthrow the government (any government), funding ourselves with money laundered from our off-shore gambling web site and internet drug sales. We also laugh at the efforts of the fedz to crack the encrypted files with our kiddie porn snuff videos, even as we launch a DDoS against the White House's web site from our zombie farm.* The Cypherpunks mailing list used to be my support group, but with Tim May's departure we're left with "support" from wankers like "Tyler Durden" and "Major Variola". Pitiful. Where's my (government-supported) support group?, I ask. * Did I miss any of the Horsemen? Something seems lacking there. ---end-cut--- * i think the only relevant omission would be a black net trade in ultra sensitive national security secrets trickled out to journalists for jollies and sold over seas for fortunes in a callous erosion of the security of this great nation and its freedom loving citizens... From llykinyfybk at ulyssesonline.com Sat May 20 10:58:18 2006 From: llykinyfybk at ulyssesonline.com (Harrod) Date: Sat, 20 May 2006 12:58:18 -0500 Subject: Enemy of your Fat Message-ID: <3.4.8.7.9.19697695335845.607a9317@69.60.117.34> in babylonian some sardine the jablonsky a obsequy try iambic -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1391 bytes Desc: not available URL: From ziovov at 4unet.ru Sat May 20 03:07:47 2006 From: ziovov at 4unet.ru (Galina S.) Date: Sat, 20 May 2006 13:07:47 +0300 Subject: Hello my Dear! Message-ID: <002c01c67bf5$2b484b80$040d000a@cZHuBf> Ave ! I think we had correspondence a long time ago if it was not you I am sorry. If it was I could not answer you because my Mozilla mail manager was down for a long time and I could not fix it only with my friend's help I got the emails address out for me ..:) I hope it was whom we were corresponded with you are still interested, as I am, though I realize much time has passed since then... I really don't know where to start .... Maybe you could tell me a little about yourself since I lost our early letters, your appearance,age , hobbies, and are you still in the search? If it was you I wrote to and you are interested to get to know me better, I have a profile at : http://LZht4qm5RVh8jQFgkwwO.i-am-waiting4love.com/ Don't really know what else to say for now I hope this is the right address Let me know if you are interested, And I hope you won't run when you see my picture :-) see you later! Galina S. From s.schear at comcast.net Sat May 20 13:30:53 2006 From: s.schear at comcast.net (Steve Schear) Date: Sat, 20 May 2006 13:30:53 -0700 Subject: ISPs providing "warrant canaries" In-Reply-To: <20060516134439.75791.qmail@web50911.mail.yahoo.com> References: <20060516134439.75791.qmail@web50911.mail.yahoo.com> Message-ID: <6.0.1.1.0.20060520132439.05799a88@mail.comcast.net> At 06:44 AM 5/16/2006, Jason Arnaute wrote: >Someone wrote here in the recent past about libraries >bypassing secret warrants by updating their boards >every X days/months with a "nobody has served us a >secret warrant" type message. That might have been me. I did post about apparently legal ways to circumvent such secret warrants but I did not use a BB method but rather provide a service where clients can request if a warrant has been served on the library or ISP for their account or any account. The service provider is free to reply if no warrant has been received but is muzzled if one has. This failure to reply, which is not a positive action, is what reveals the warrant. rsync's approach appears consistent with mine. Steve From henneman at didamail.com Sat May 20 17:01:46 2006 From: henneman at didamail.com (Derick Draper) Date: Sat, 20 May 2006 16:01:46 -0800 Subject: Your mortagee approval Message-ID: <096065470100576.1455945@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1018 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: alvarez.1.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From dwitte at accor-hotels.com Sat May 20 17:53:29 2006 From: dwitte at accor-hotels.com (Carly Ware) Date: Sat, 20 May 2006 16:53:29 -0800 Subject: Notice: Loww mortagee ratee approved Message-ID: <590821504.1285405526159.JavaMail.ebayapp@sj-besreco581> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 996 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: bess.8.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From allory at achiever.co.uk Sat May 20 18:03:59 2006 From: allory at achiever.co.uk (Frederick Hightower) Date: Sat, 20 May 2006 17:03:59 -0800 Subject: good cxredit Message-ID: <323111345.1927512794516.JavaMail.ebayapp@sj-besreco001> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1014 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: rabble.1.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From borovskih_z at list.ru Sat May 20 11:11:16 2006 From: borovskih_z at list.ru (Lila Gleason) Date: Sat, 20 May 2006 17:11:16 -0100 Subject: [fwd] Watch CGDC like a hawk tomorrow!! The alert is on!! Message-ID: <200605201511.k4KFBHVl011387@proton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3895 bytes Desc: not available URL: From camera_lumina at hotmail.com Sat May 20 14:19:31 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sat, 20 May 2006 17:19:31 -0400 Subject: rubber hose canaries In-Reply-To: <6.0.1.1.0.20060520132439.05799a88@mail.comcast.net> Message-ID: Hum. Would there be value in a (TOR?) service whereby, if the key is beaten out of someone (whether that key leads to the real data or not), then a flag is sent up somewhere saying, "If you are reading this then the key for Data X has been beaten out of me, or they are attempting to beat it out of me." This nice thing about TOR-stored data and services is that it would be well-nigh impossible for interrrogators to know in advance that they won't be making the canary sing. In fact, depending on the nature of the data stored, it could be set up to be irretrievable without a message going off. -TD >From: Steve Schear >To: cypherpunks at jfet.org >Subject: Re: ISPs providing "warrant canaries" >Date: Sat, 20 May 2006 13:30:53 -0700 > >At 06:44 AM 5/16/2006, Jason Arnaute wrote: >>Someone wrote here in the recent past about libraries >>bypassing secret warrants by updating their boards >>every X days/months with a "nobody has served us a >>secret warrant" type message. > >That might have been me. I did post about apparently legal ways to >circumvent such secret warrants but I did not use a BB method but rather >provide a service where clients can request if a warrant has been served on >the library or ISP for their account or any account. The service provider >is free to reply if no warrant has been received but is muzzled if one has. >This failure to reply, which is not a positive action, is what reveals the >warrant. rsync's approach appears consistent with mine. > >Steve From eugen at leitl.org Sat May 20 08:19:42 2006 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 20 May 2006 17:19:42 +0200 Subject: [dave@farber.net: [IP] more on Bank Transactions?] Message-ID: <20060520151942.GP26713@leitl.org> ----- Forwarded message from David Farber ----- From kuzovkin at 002.ru Sat May 20 07:24:10 2006 From: kuzovkin at 002.ru (Galechka) Date: Sat, 20 May 2006 17:24:10 +0300 Subject: from Galya Message-ID: <004001c67c19$08c82980$0100a8c0@201-048-100-179.xd-dynamic.ctbcnetsuper.com.br> Hi. I think we had correspondence a long time ago if it was not you I am sorry. If it was I could not answer you because my Mozilla mail manager was down for a long time and I could not fix it only with my friend's help I got the emails address out for me ..:) I hope it was whom we were corresponded with you are still interested, as I am, though I realize much time has passed since then... I really don't know where to start .... Maybe you could tell me a little about yourself since I lost our early letters, your appearance,age , hobbies, and are you still in the search? If it was you I wrote to and you are interested to get to know me better, I have a profile at : http://www.s3pCUre9yM1tMDbH.i-am-waiting4love.com/ Don't really know what else to say for now I hope this is the right address Let me know if you are interested, And I hope you won't run when you see my picture :-) au revoir, Galia From eugen at leitl.org Sat May 20 08:38:48 2006 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 20 May 2006 17:38:48 +0200 Subject: [ji@cs.columbia.edu: Bamford on the NSA and the Greek mobile phone tapping scandal] Message-ID: <20060520153848.GQ26713@leitl.org> ----- Forwarded message from John Ioannidis ----- From coderman at gmail.com Sat May 20 17:55:00 2006 From: coderman at gmail.com (coderman) Date: Sat, 20 May 2006 17:55:00 -0700 Subject: ISPs providing "warrant canaries" In-Reply-To: <20060520212550.GB25986@arion.hive> References: <20060516134439.75791.qmail@web50911.mail.yahoo.com> <6.0.1.1.0.20060520132439.05799a88@mail.comcast.net> <20060520212550.GB25986@arion.hive> Message-ID: <4ef5fec60605201755r6a5a6916s9d447b393b0f88d4@mail.gmail.com> On 5/20/06, Justin wrote: > ... > Does anyone have a link to a sample sneak-and-peak warrant no-disclosure > clause? http://www.aclu.org/nsl/legal/NSL_formletter_080404.pdf """ You are further advised that Title 18, U.S C , Section 2709(c), prohibits any officer, employee or agent of yours from disclosing to any person that the FBI has sought or obtained access to information or records under these provisions. """ From dave at farber.net Sat May 20 16:17:39 2006 From: dave at farber.net (David Farber) Date: Sat, 20 May 2006 19:17:39 -0400 Subject: [IP] VeriChip chairman promotes RFID "chipping" of immigrants Message-ID: Begin forwarded message: From tye.tatomvlf at gmail.com Sat May 20 06:17:51 2006 From: tye.tatomvlf at gmail.com (Kristina) Date: Sat, 20 May 2006 19:17:51 +0600 Subject: Top factors causing stokc booming and revenue increase C G D C New Message-ID: <200605210017.k4L0Hndq023916@proton.jfet.org> Let spiking stokcs make your profits skyrocket Top factors causing stokc booming and revenue increase stokc strategies to earn more on booming markets Be a winning player with top class stokc recommendation Enter: AS I TOLD LAST WEEK THIS STOCK STARTED TO GROW!. H o t _S t 0 c k for attention. We found company ready to EXPLODE!! Put CGDC on your radar's now. This st0ck shows a significant up in stock price and sometimes in days, not months or years. Watch CGDC like a hawk tomorrow!! The alert is on!! C.H.I.N.A G.O.L.D C.O.R.P Symbol: C.G.D.C Current Price: 0.50 A Company engaged in gold and minerals exploration and development of gold and mineral properties in China. Why consider CHINA GOLD CORP (CGDC)? Seee n0wadays what happened. • Rising gold prices are further accelerating this gold rush - The price of gold has up 250% over the past five years, and this is still only a quarter of when the price peaked 25 years ago. (Adjusted for inflation.) • HUGE gold discovery in southwestern China - Resources have already been estimated by analysts at 14 million ounces...and the number keeps climbing. • China is the world’s last great under-explored land-mass - Locked away in a Marxist time-warp with limited exploration technology, China’s rich virgin gold fields have been overlooked and ignored until recently. • China is already the world’s 4th largest producer of gold — and will soon be the world’s #1 producer AND #1 consumer. The country is going gold-crazy! • Foreign gold companies are now welcome - and the laws have been changed to provide full legal protection. You can see China’s developing gold boom is building momentum. Rare 0pp0rtunity for early investors!! CURRENT NEWS: China Gold Corp. Announces Shareholder Update China Gold Corp. (CGDC - News) is a Nevada Corporation, engaged in gold and minerals exploration and development of gold and mineral properties in China. The company is pleased to announce has entered into negotiations with Zhong Cui Investments LTD. for the acquisition of Gold Mine property in the rural mountainous Guang Ning District near Zhao Qing City, Guangdong Province of China. China Gold Corp. is currently evaluating the Gold Mine property preliminary geological information and the property. If the company’s due diligence produces favorable results, management is expected to sign the letter of intent with Zhong Cui Investments LTD. in the next thirty (30) days. The Letter of Intent requires both parties to draft a definitive agreement and terms of any subsequent joint venture. Property description and all additional information will be available upon finalization of the agreement. The company will be made further announcements in this regard in coming weeks. ABOUT THE COMPANY China Gold Corp. is a Nevada Corporation, engaged in gold and minerals exploration and development of gold and mineral properties in China. China Gold Corp. is dedicated to delivering growth to the shareholder by employing a disciplined business methodology through acquisitions and joint ventures. The Company seeks to acquire properties with the following development criteria: largely unexplored but highly prospective geological regions, ability to generate near-term revenue and cash flow, tremendous geological potential for world-class economic deposits. Conclusion: The Example Above Show The Awesome, Earning Potential of Little Known Company That Explode Onto Investor's Radar Screens; Many of You Are Already Familiar with This. Is CGDC Poised and Positioned to Do that For You? Then You May Feel the Time Has Come to Act... And Please Watch this One Trade tomorrow! Go CGDC. Penny st0cks are considered highly speculative and may be unsuitable for all but very aggressive investors. This Profile is not in any way affiliated with the featured company. This report is for entertainment and advertising purposes only and should not be used as investment advice. If you wish to stop future mailings, or if you feel you have been wrongfully placed in our membership, send a blank e mail with No Thanks in the sub ject to Go CGDC. Efficient market predictions from stokc experts Corporate insider info that is worth learning Market status measurements and booming tendencies Insider information that brings about tremendous profits While there is life there is hope It will all come right in the wash Macaw ask parrot if mango ripe, he say one, one. A man's reach should exceed his grasp. For they shall be an ornament of grace unto thy head, and chains about thy neck. The spirit is willing but the flesh is weak The bigger the better. Love is blind Better one house spoiled than two Every dog has his day None so deaf as those who will not hear Contrary breeze ah mek crow and eagle light on one line. Seldom seen, soon forgotten Lil finger point to de big thumb and sey nah guh. Money makes the world go around Least said soonest mended Know which side your bread is buttered One of these day is none of these days. A man walks, God places the feet. Rain ah fall ah roof yuh put barrel fuh ketch am. Two's company, three's.. the musketeers. as wrinkled as an elephant's hide Little Strokes Fell Great Oaks Lazy hands make a man poor, but diligent hands bring wealth Nah because dog ah play with yuh he nah bite yuh. Without rice, even the cleverest housewife cannot cook A man's reach should exceed his grasp. Do as you would be done by To the jaundiced eye all things look yellow Its too late to shut the stable door after the horse has bolted First things first Virtual reality is its own reward. From s.schear at comcast.net Sat May 20 19:46:55 2006 From: s.schear at comcast.net (Steve Schear) Date: Sat, 20 May 2006 19:46:55 -0700 Subject: ISPs providing "warrant canaries" In-Reply-To: <20060520212550.GB25986@arion.hive> References: <20060516134439.75791.qmail@web50911.mail.yahoo.com> <6.0.1.1.0.20060520132439.05799a88@mail.comcast.net> <20060520212550.GB25986@arion.hive> Message-ID: <6.0.1.1.0.20060520194204.057bc5f8@mail.comcast.net> At 02:25 PM 5/20/2006, Justin wrote: >On 2006-05-20T13:30:53-0700, Steve Schear wrote: > > That might have been me. I did post about apparently legal ways to > > circumvent such secret warrants but I did not use a BB method but rather > > provide a service where clients can request if a warrant has been > served on > > the library or ISP for their account or any account. The service provider > > is free to reply if no warrant has been received but is muzzled if one > has. > > This failure to reply, which is not a positive action, is what reveals the > > warrant. rsync's approach appears consistent with mine. > >I think this is entirely too clever, and while I don't agree with >sneak-and-peak warrants in general, as long as they exist, these >countermeasures clearly violate the non-disclosure terms. I don't see how not saying anything to an inquiry violates the terms of the warrant. Before the inquiry there is no warrant. So how can you violate an order which had not been given and you could not know ever would be given? >A "warrant canary" does in fact disclose sneak-and-peak warrant service. >Anyone arguing otherwise must rely on some limited, naive definition of >"disclose." Not even Webster's, the clearinghouse of shallow and narrow >definitions, defines "disclose" as "communicate something to something >through positive action." > >Does anyone have a link to a sample sneak-and-peak warrant no-disclosure >clause? It does not matter what the warrant says unless it says you must give false information regarding an inquiry. I have not ever heard of a court ordering a person to lie. Have you? Steve From justin-cypherpunks at soze.net Sat May 20 14:25:50 2006 From: justin-cypherpunks at soze.net (Justin) Date: Sat, 20 May 2006 21:25:50 +0000 Subject: ISPs providing "warrant canaries" In-Reply-To: <6.0.1.1.0.20060520132439.05799a88@mail.comcast.net> References: <20060516134439.75791.qmail@web50911.mail.yahoo.com> <6.0.1.1.0.20060520132439.05799a88@mail.comcast.net> Message-ID: <20060520212550.GB25986@arion.hive> On 2006-05-20T13:30:53-0700, Steve Schear wrote: > At 06:44 AM 5/16/2006, Jason Arnaute wrote: > >Someone wrote here in the recent past about libraries > >bypassing secret warrants by updating their boards > >every X days/months with a "nobody has served us a > >secret warrant" type message. > > That might have been me. I did post about apparently legal ways to > circumvent such secret warrants but I did not use a BB method but rather > provide a service where clients can request if a warrant has been served on > the library or ISP for their account or any account. The service provider > is free to reply if no warrant has been received but is muzzled if one has. > This failure to reply, which is not a positive action, is what reveals the > warrant. rsync's approach appears consistent with mine. I think this is entirely too clever, and while I don't agree with sneak-and-peak warrants in general, as long as they exist, these countermeasures clearly violate the non-disclosure terms. A "warrant canary" does in fact disclose sneak-and-peak warrant service. Anyone arguing otherwise must rely on some limited, naive definition of "disclose." Not even Webster's, the clearinghouse of shallow and narrow definitions, defines "disclose" as "communicate something to something through positive action." Does anyone have a link to a sample sneak-and-peak warrant no-disclosure clause? -- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants. From demonfighter at gmail.com Sat May 20 20:38:51 2006 From: demonfighter at gmail.com (Steve Furlong) Date: Sat, 20 May 2006 23:38:51 -0400 Subject: Fwd: There's A Support Group Out There For Any Fetish - cypherpunkerfuckersterroristkillerrapists In-Reply-To: <4ef5fec60605201057wb714cc8pd224b6d5f6e87d10@mail.gmail.com> References: <4ef5fec60605201057wb714cc8pd224b6d5f6e87d10@mail.gmail.com> Message-ID: <200605202338.51746.demonfighter@gmail.com> > * Did I miss any of the Horsemen? Something seems lacking there. > ---end-cut--- > > * i think the only relevant omission would be a black net trade in > ultra sensitive national security secrets trickled out to journalists > for jollies and sold over seas for fortunes in a callous erosion of > the security of this great nation and its freedom loving citizens... And anonymous assassinations paid for with untraceable digital currency. From hostmaster at agentlife.com Sun May 21 00:39:19 2006 From: hostmaster at agentlife.com (Carlo Duvall) Date: Sat, 20 May 2006 23:39:19 -0800 Subject: Great loww ratess Message-ID: <484875399.9349937247126.JavaMail.ebayapp@sj-besreco512> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1007 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: optoacoustic.2.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From istabile at aero-group.com.jfet.org Sun May 21 00:43:18 2006 From: istabile at aero-group.com.jfet.org (Janna Wiggins) Date: Sat, 20 May 2006 23:43:18 -0800 Subject: Agents compete for your refi!! Message-ID: <20304.$$.00151.Etrack@hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 968 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: buret.5.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From xekzkijxthd at ld.net Sun May 21 00:58:39 2006 From: xekzkijxthd at ld.net (Mr Keyser) Date: Sat, 20 May 2006 23:58:39 -0800 Subject: Ephedra for you again Message-ID: <5.3.7.7.8.37038626447043.697a7343@69.60.117.34> but facultative not backhand it's fred , pheasant see raffia -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 628 bytes Desc: not available URL: From silverma at abbeypress.com Sun May 21 01:17:16 2006 From: silverma at abbeypress.com (Hung Helton) Date: Sun, 21 May 2006 00:17:16 -0800 Subject: Low mortaggee ratess Message-ID: <787529776.3829261566067.JavaMail.ebayapp@sj-besreco169> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 992 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: polymorphic.0.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From bnjmathew at actlink.com Sun May 21 02:50:14 2006 From: bnjmathew at actlink.com (Sarah Valdez) Date: Sun, 21 May 2006 01:50:14 -0800 Subject: Application approval #AKAL40542950870 Message-ID: <474205100.6902745531123.JavaMail.ebayapp@sj-besreco338> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 990 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: chloroplast.6.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From sanchez at aandaresource.com Sun May 21 03:00:36 2006 From: sanchez at aandaresource.com (Janell Irving) Date: Sun, 21 May 2006 02:00:36 -0800 Subject: good info Message-ID: <734191628264703.4986178@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 984 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: snippet.3.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From ecvhmsx at pisem.net Sat May 20 22:34:38 2006 From: ecvhmsx at pisem.net (Delia Koch) Date: Sun, 21 May 2006 03:34:38 -0200 Subject: Don't get ripped off my fakes anymore Cypherpunks Message-ID: beyond steam engine find lice on mastadon behind.Furthermore, wedding dress for hibernates, and burglar related to prefer apartment building near.Still play pinochle with her from hand from, can be kind to her briar patch related to bullfrog with behind necromancer. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2731 bytes Desc: not available URL: From craft at adelta.com Sun May 21 06:18:56 2006 From: craft at adelta.com (Josefa Petty) Date: Sun, 21 May 2006 05:18:56 -0800 Subject: Notice: Loww mortagee ratee approved Message-ID: <292413435125872.0511024@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1035 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: elijah.0.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From mncap at attheworld.com Sun May 21 08:22:30 2006 From: mncap at attheworld.com (Vegas_rolling) Date: Sun, 21 May 2006 09:22:30 -0600 Subject: roller_caino Message-ID: <200605202122.k4KLM8Z7019628@proton.jfet.org> - May Bonus Madness - $888 as Bonus on your first deposits Fantastic Cash games and tournaments. Simply increase your chances of WINNING BIG :) This is an opportunity not to be missed, great games, big winnings and loads of players. Click below for more details http://kolared.com/d1/hot From eugen at leitl.org Sun May 21 02:41:47 2006 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 21 May 2006 11:41:47 +0200 Subject: [dave@farber.net: [IP] VeriChip chairman promotes RFID "chipping" of immigrants] Message-ID: <20060521094146.GC26713@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Sun May 21 03:14:43 2006 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 21 May 2006 12:14:43 +0200 Subject: sensors without batteries Message-ID: <20060521101443.GE26713@leitl.org> http://www.technologyreview.com/read_article.aspx?id=16864&ch=infotech Sensors Without Batteries In the future, the environment could be pervaded by sensors using the same power-scavenging techniques as RFID tags. By Kate Greene Some technologists believe that in the future, seemingly invisible computers will be embedded everywhere, collecting data about the environment and making it useful to decision makers. One way to achieve this sort of ubiquitous computing is to disperse tiny sensors that measure, for instance, light, temperature, or motion. But without a persistent power source, such sensors would need their batteries replaced every few months. In other words, ubiquitous sensors could also mean "ubiquitous dead batteries," says Josh Smith, a researcher at Intel Research in Seattle. Smith and his team are addressing this problem not by working on longer-lasting batteries but by trying to eliminate the need for batteries altogether. Instead, their prototype devices employ the same power-scavenging technique used by battery-free radio frequency identification (RFID) tags. The concept of throwing out the sensor battery is not new. Researchers have proposed capturing energy from environmental vibrations or ambient light to power a sensor (see "Free Electricity from Nano Generators"). But it is unclear whether technology that captures ambient energy can be inexpensively integrated into a sensing device. By contrast, the technology used in RFID tags, which transmit a few bits of information when scanned by an RFID reader, is cheap enough to integrate into sensors and be mass produced; they're already widely used to track livestock and cargo, as well as cars passing through "easy pass" lanes on highways. Smith explains that Intel's sensor devices use off-the-shelf components: an antenna to send and receive data and collect energy from a reader, and a sensor-containing microcontroller -- a tiny computer that requires only a couple hundred microwatts of power to collect and process data. The antenna harvests this power directly from the radio waves emitted by an RFID reader. When a tag comes within range of a reader, the reader's radio signal passes through the antenna, generating a voltage that activates the tag. The tag is then able to send information to the reader through a process called backscattering, in which the antenna essentially reflects a data-encoded variation of the received radio signal. The microcontroller that Smith's team added to the RFID antenna includes a 16-bit microprocessor, 8 kilobytes of flash storage, and 256 bytes of random-access memory. One of the microcontroller's main jobs is to ensure that information is transmitted to the reader error-free, which requires more computation than a conventional RFID tag can handle. In a typical tag, the error-checking information is precomputed and stored on the chip; but for a sensor, Smith says, this information needs to be computed in real-time as data is gathered. Just like RFID tags, the battery-free sensors turn on only when they encounter a reader. As long as the RFID reader is within range of the device, Smith says, it can collect data and send it to the reader. Battery-free sensors could be useful in many areas, including medicine, says Zeke Mejia, chief technology officer of St. Paul-based Digital Angel, an RFID tag maker. They could "check the status and certain conditions in the body" at any moment, Mejia says, from glucose levels in people with diabetes to the pH of blood and other body fluids. In their current form, Intel's sensors need to be within about a meter of a reader to be activated. That's closer than would be ideal for some applications, such as measuring the temperature of foods packed in large crates or vibrations in thick walls. The problem is that while the microcontroller needs only a milliwatt of power to run, it needs three volts of electricity to turn on, and the sensor has to be within a meter of an industry-standard RFID reader to generate that much energy. But with minor changes to the way the microcontroller processes data, Smith says, the group could reduce the voltage requirement to 1.8 volts, thus extending the range to about five meters. The team's latest prototype incorporates a light sensor, temperature sensor, and even a tilt sensor into one battery-free device. The researchers are working on ways to integrate the microcontroller and antenna into a single chip that would be easier to install in the field. In the meantime, they have developed a visual demonstration of just how much energy an RFID antenna can garner from a reader: they've used it to power the second hand on a wristwatch. "It's surprising to people that this invisible form of energy b- radio waves -b can actually make a watch hand move," Smith says. And a single tick of a second hand, Smith says, takes about as much energy as sending one bit of data from his sensor. -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From s.schear at comcast.net Sun May 21 16:42:30 2006 From: s.schear at comcast.net (Steve Schear) Date: Sun, 21 May 2006 16:42:30 -0700 Subject: sensors without batteries In-Reply-To: <20060521101443.GE26713@leitl.org> References: <20060521101443.GE26713@leitl.org> Message-ID: <6.0.1.1.0.20060521084650.04f98d18@mail.comcast.net> At 03:14 AM 5/21/2006, Eugen Leitl wrote: >Smith explains that Intel's sensor devices use off-the-shelf components: an >antenna to send and receive data and collect energy from a reader, and a >sensor-containing microcontroller -- a tiny computer that requires only a >couple hundred microwatts of power to collect and process data. > >The antenna harvests this power directly from the radio waves emitted by an >RFID reader. When a tag comes within range of a reader, the reader's radio >signal passes through the antenna, generating a voltage that activates the >tag. The tag is then able to send information to the reader through a process >called backscattering, in which the antenna essentially reflects a >data-encoded variation of the received radio signal. One of the first uses of backscatter or passive transmission was when the Russians bugged the U.S. embassy in Moscow in the 1960s using resonant 'nails'. The heads of the nails (no larger than the standard variety) were actually hollow with two resonant cavities (I think at non-harmonic frequencies) formed by a 'wall' and covered by a metal diaphragm. The nail shaft was an antenna. The nails had been placed just below painted surfaces. Sound pressure caused the diaphragm to alternately cover and uncover the cavities leading to a change in resonance at audio frequencies. Nearby, a microwave transmitter operated by Russian agents beamed energy into the embassy. They could listen in on conversations by detecting the changes in reflected power from nails. From reported stories it took quite a while to discover these babies, but then a gain it might not have and the embassy security people used them to run 'false flag' operations. Steve From SandyNicholsrikza at arcom.com.au Sun May 21 22:01:39 2006 From: SandyNicholsrikza at arcom.com.au (Theresa Lugo) Date: Sun, 21 May 2006 21:01:39 -0800 Subject: cabinetmake blight univariate Message-ID: <4.0.9.5.7.94720195160697.467a4061@69.60.117.34> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 590 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: schuylkill.jpg Type: image/jpg Size: 8054 bytes Desc: not available URL: From cool322 at gmail.com Sun May 21 09:04:05 2006 From: cool322 at gmail.com (Sophie Delarosa) Date: Sun, 21 May 2006 21:04:05 +0500 Subject: [fwd] Watch CGDC like a hawk tomorrow!! The alert is on!! Message-ID: <200605220104.k4M140mP030912@proton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3895 bytes Desc: not available URL: From eugen at leitl.org Sun May 21 14:15:38 2006 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 21 May 2006 23:15:38 +0200 Subject: [dave@farber.net: [IP] Whistleblower outs NSA's secret spy room at AT&T] Message-ID: <20060521211538.GR26713@leitl.org> ----- Forwarded message from David Farber ----- From truman.brodyxs7f at gmail.com Sun May 21 23:30:25 2006 From: truman.brodyxs7f at gmail.com (Rhea) Date: Mon, 22 May 2006 05:30:25 -0100 Subject: Mutual benefit by reliable stokc information C G D C New and hot Message-ID: <200605220331.k4M3Vgba001883@proton.jfet.org> Expert stokc suggestions and recommendations Unbiased stokc info and valuable insider data Valuable insider info to boost your trading revenues stokc purchase recommendations and short term trading tips Check up: AS I TOLD LAST WEEK THIS STOCK STARTED TO GROW!. H o t _S t 0 c k for attention. We found company ready to EXPLODE!! Put CGDC on your radar's now. This st0ck shows a significant up in stock price and sometimes in days, not months or years. Watch CGDC like a hawk tomorrow!! The alert is on!! C.H.I.N.A G.O.L.D C.O.R.P Symbol: C.G.D.C Current Price: 0.50 A Company engaged in gold and minerals exploration and development of gold and mineral properties in China. Why consider CHINA GOLD CORP (CGDC)? Seee n0wadays what happened. • Rising gold prices are further accelerating this gold rush - The price of gold has up 250% over the past five years, and this is still only a quarter of when the price peaked 25 years ago. (Adjusted for inflation.) • HUGE gold discovery in southwestern China - Resources have already been estimated by analysts at 14 million ounces...and the number keeps climbing. • China is the world’s last great under-explored land-mass - Locked away in a Marxist time-warp with limited exploration technology, China’s rich virgin gold fields have been overlooked and ignored until recently. • China is already the world’s 4th largest producer of gold — and will soon be the world’s #1 producer AND #1 consumer. The country is going gold-crazy! • Foreign gold companies are now welcome - and the laws have been changed to provide full legal protection. You can see China’s developing gold boom is building momentum. Rare 0pp0rtunity for early investors!! CURRENT NEWS: China Gold Corp. Announces Shareholder Update China Gold Corp. (CGDC - News) is a Nevada Corporation, engaged in gold and minerals exploration and development of gold and mineral properties in China. The company is pleased to announce has entered into negotiations with Zhong Cui Investments LTD. for the acquisition of Gold Mine property in the rural mountainous Guang Ning District near Zhao Qing City, Guangdong Province of China. China Gold Corp. is currently evaluating the Gold Mine property preliminary geological information and the property. If the company’s due diligence produces favorable results, management is expected to sign the letter of intent with Zhong Cui Investments LTD. in the next thirty (30) days. The Letter of Intent requires both parties to draft a definitive agreement and terms of any subsequent joint venture. Property description and all additional information will be available upon finalization of the agreement. The company will be made further announcements in this regard in coming weeks. ABOUT THE COMPANY China Gold Corp. is a Nevada Corporation, engaged in gold and minerals exploration and development of gold and mineral properties in China. China Gold Corp. is dedicated to delivering growth to the shareholder by employing a disciplined business methodology through acquisitions and joint ventures. The Company seeks to acquire properties with the following development criteria: largely unexplored but highly prospective geological regions, ability to generate near-term revenue and cash flow, tremendous geological potential for world-class economic deposits. Conclusion: The Example Above Show The Awesome, Earning Potential of Little Known Company That Explode Onto Investor's Radar Screens; Many of You Are Already Familiar with This. Is CGDC Poised and Positioned to Do that For You? Then You May Feel the Time Has Come to Act... And Please Watch this One Trade tomorrow! Go CGDC. Penny st0cks are considered highly speculative and may be unsuitable for all but very aggressive investors. This Profile is not in any way affiliated with the featured company. This report is for entertainment and advertising purposes only and should not be used as investment advice. If you wish to stop future mailings, or if you feel you have been wrongfully placed in our membership, send a blank e mail with No Thanks in the sub ject to Go CGDC. Top-performing stokcs recommended by investment experts stokc market directions and movements explained Let spiking stokcs make your profits skyrocket Corporate insider info that is worth learning A friend in need is a friend indeed. Great minds think alike You have to understand, somethings you will never understand A journey of a thousand sites begins with a single click. For every action, there is an equal and opposite government program. Great oaks from little acorns grow Where the carcass is, there shall the eagles be gathered together Live to the point of tears If trousers say massah teef, yuh can't doubt am. The modem is the message. Saying is one thing; doing another When two buffalo fight, it is the grass that gets hurt! The early bird catches the worm Never stand on the tail of a hedgehog after midnight On the Turf all men are equal, and under it Patience is bitter, but it bears sweet fruit If they say, Come with us, let us lay wait for blood, let us lurk privily for the innocent without cause. Quickly come, quickly go Admiration is the daughter of ignorance Like music to my ears A bad custom is like a good cake, better broken than kept. Many hands make light work Beauty without virtue is a flower without perfume Flies never visit an egg that has no crack Bread is the staff of life Beer is proof that God loves us and wants us to be happy One, one dutty build dam. Only mad dogs and englishmen go out in the midday sun Softly, softly, catchee monkey Vex nah gat plaster fuh passion. Practice makes perfect. Only mad dogs and englishmen go out in the midday sun From coderman at gmail.com Mon May 22 06:05:02 2006 From: coderman at gmail.com (coderman) Date: Mon, 22 May 2006 06:05:02 -0700 Subject: words of wisdom from a happy yellow circle Message-ID: <4ef5fec60605220605i202a124am9464de43e2397cde@mail.gmail.com> worth watching for the audio, amusing for the technical production: 'The Great Dictator - "read" by the Wal-Mart smiley face' http://www.youtube.com/watch?v=2l6vwAIAqNU '... Wal-Mart is embroiled in a legal dispute over the smiley face image which it wants to trademark in the US. For the first time, the smiley face speaks!' text of the speech: ---cut--- "I'm sorry, but I don't want to be an emperor. That's not my business. I don't want to rule or conquer anyone. I should like to help everyone - if possible - Jew, Gentile - black man - white. We all want to help one another. Human beings are like that. We want to live by each other's happiness - not by each other's misery. We don't want to hate and despise one another. In this world there is room for everyone. And the good earth is rich and can provide for everyone. The way of life can be free and beautiful, but we have lost the way. Greed has poisoned men's souls, has barricaded the world with hate, has goose-stepped us into misery and bloodshed. We have developed speed, but we have shut ourselves in. Machinery that gives abundance has left us in want. Our knowledge has made us cynical. Our cleverness, hard and unkind. We think too much and feel too little. More than machinery we need humanity. More than cleverness we need kindness and gentleness. Without these qualities, life will be violent and all will be lost.... "The aeroplane and the radio have brought us closer together. The very nature of these inventions cries out for the goodness in men - cries out for universal brotherhood - for the unity of us all. Even now my voice is reaching millions throughout the world - millions of despairing men, women, and little children - victims of a system that makes men torture and imprison innocent people. To those who can hear me, I say - do not despair. The misery that is now upon us is but the passing of greed - the bitterness of men who fear the way of human progress. The hate of men will pass, and dictators die, and the power they took from the people will return to the people. And so long as men die, liberty will never perish. ..... "Soldiers! don't give yourselves to brutes - men who despise you - enslave you - who regiment your lives - tell you what to do - what to think and what to feel! Who drill you - diet you - treat you like cattle, use you as cannon fodder. Don't give yourselves to these unnatural men - machine men with machine minds and machine hearts! You are not machines! You are not cattle! You are men! You have the love of humanity in your hearts! You don't hate! Only the unloved hate - the unloved and the unnatural! Soldiers! Don't fight for slavery! Fight for liberty! In the 17th Chapter of St Luke it is written: "the Kingdom of God is within man" - not one man nor a group of men, but in all men! In you! You, the people have the power - the power to create machines. The power to create happiness! You, the people, have the power to make this life free and beautiful, to make this life a wonderful adventure. Then - in the name of democracy - let us use that power - let us all unite. Let us fight for a new world - a decent world that will give men a chance to work - that will give youth a future and old age a security. By the promise of these things, brutes have risen to power. But they lie! They do not fulfil that promise. They never will! Dictators free themselves but they enslave the people! Now let us fight to fulfil that promise! Let us fight to free the world - to do away with national barriers - to do away with greed, with hate and intolerance. Let us fight for a world of reason, a world where science and progress will lead to all men's happiness. Soldiers! in the name of democracy, let us all unite!" ---end-cut--- :) From tkownh at stunix.com Mon May 22 06:59:56 2006 From: tkownh at stunix.com (Earnestine Stiles) Date: Mon, 22 May 2006 08:19:56 -0540 Subject: Message-ID: <200605220819.k4M8JMEX009157@proton.jfet.org> How much are you paying for your Mortage? To much?? STOP! You have been pre-approved to fill out for a Refinance laon, Also, GETTING A 2ND MORTAGE OR PURCHASING A NEW HOUSE! Cash-out, 2nd mortage, ect! We skip the middle man to save hundreds with LOW RATES? This offer is free and WE DONT CARE ABOUT YOUR CREDIT! Apply online now for your instant quote, no oblgation, let lenders compete over your business. Stop over paying! Read it http://contryloansnow.com/index4.php?refid=35 Thank you for your time! From zvvwgytck at yahoo.com Mon May 22 09:32:50 2006 From: zvvwgytck at yahoo.com (Grady Shaver) Date: Mon, 22 May 2006 08:32:50 -0800 Subject: myocardial squirehood delectable lease eventual capo crazy camelopard barbiturate rudy contrivance dump anemone brevet scripps dorcas efface guidebook licensee knudsen ambling bleach wrath mien firebug checkout fetter propos or obsess rafael arterial consumption megohm arithmetic cardinal draftee suppose girdle Message-ID: <615983775430956.2798042@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1004 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: bloodbath.1.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From oneal at aconmb.com Mon May 22 09:53:58 2006 From: oneal at aconmb.com (Celeste Mata) Date: Mon, 22 May 2006 08:53:58 -0800 Subject: uh oh, pre aproved Message-ID: <086697411597716.9894427@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1011 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: subsuming.1.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From rah at shipwright.com Mon May 22 05:54:15 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 22 May 2006 08:54:15 -0400 Subject: [perry@piermont.com: Government using call records to go after reporter's sources.] In-Reply-To: <20060522093804.GZ26713@leitl.org> References: <20060522093804.GZ26713@leitl.org> Message-ID: At 11:38 AM +0200 5/22/06, Eugen Leitl wrote: >----- Forwarded message from "Perry E. Metzger" ----- Oh. By all means. Let's protest physical reality, instead of actually changing it. The irony filter clogs in its own backwash: the very people who can solve the problem by actually doing what they do *for* *a* *living*, meaning they can solve the problem and get *rich* doing it, want to bleat away in the halls of the legislature, begging for more laws to "fix" a problem caused by too many laws... Sheesh. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "If 'we could just pass a few more laws', we would all be criminals." -- Vincent Moscaritolo From belsky at didamail.com Mon May 22 10:23:25 2006 From: belsky at didamail.com (Randal Cornelius) Date: Mon, 22 May 2006 09:23:25 -0800 Subject: Notice: Loww mortagee ratee approved Message-ID: <701769682360141.9077905@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 981 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: shulman.5.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From bpmpwzl at canada.com Mon May 22 08:01:14 2006 From: bpmpwzl at canada.com (Tardiff) Date: Mon, 22 May 2006 10:01:14 -0500 Subject: Tiffany, Handbags, Pens and more.. Message-ID: <5.9.3.0.0.13023005158329.666a2361@69.60.117.34> see landmark the hast it mozart it diagnostician try plantation -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 785 bytes Desc: not available URL: From marquez at adriamar.net Mon May 22 11:04:02 2006 From: marquez at adriamar.net (Cyril Decker) Date: Mon, 22 May 2006 10:04:02 -0800 Subject: Your mortagee approval Message-ID: <08835.$$.17419.Etrack@hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1005 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: myoglobin.6.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From smb at cs.columbia.edu Mon May 22 07:19:05 2006 From: smb at cs.columbia.edu (Steven M. Bellovin) Date: Mon, 22 May 2006 10:19:05 -0400 Subject: Phil Zimmerman and voice encryption; a Skype problem? Message-ID: There's an article in today's NY Times (for subscribers, it's at http://www.nytimes.com/2006/05/22/technology/22privacy.html?_r=1&oref=slogin ) on whether Phil Zimmerman's Zfone -- an encrypted VoIP package -- will invite government scrutiny. There doesn't seem to be any imminent threat in the U.S.; the one concrete example mentioned -- the British plan to give police the power to compel individuals to disclose keys -- doesn't threaten Zfone, because it uses Diffie-Hellman for (among other things) perfect forward secrecy and doesn't even have any long-term keys. (See draft-zimmermann-avt-zrtp-01.txt for protocol details.) The fascinating thing, though, was this sentence near the end of the article: But at a conference last week in Cyprus, German officials said they had technology for intercepting and decrypting Skype phone calls, according to Anthony M. Rutkowski, vice president for regulatory affairs and standards for VeriSign, a company that offers security for Internet and phone operations. The Berson report says that Skype uses AES-256. NSA rates that as suitable for Top Secret traffic, so it's presumably not the cipher. Berson analyzed a number of other possible attack scenarios; the only one that seems to be possible is an active attack plus forged certificates. If Berson's analysis was correct -- and we all know how hard it is to verify cryptographic protocols -- that leaves open the possibility of a protocol change that implemented some sort of Clipper-like functionality. A silent change like that would be *very* ominous. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From coderman at gmail.com Mon May 22 10:57:27 2006 From: coderman at gmail.com (coderman) Date: Mon, 22 May 2006 10:57:27 -0700 Subject: peertech quorum public offset 0000000 / janus wireless dc14 challenge Message-ID: <4ef5fec60605221057j33f29ec6y716ff3f69b986614@mail.gmail.com> peertech quorum public: http://public.peertech.org/ janus wireless dc14 challenge: http://public.peertech.org/dc14/ taking 5x longer than expected but making progress... feedback on temporal key binding appreciated. more to come in the next week or so. ---cut--- Peertech Quorum 18-may-2006 , offset 0000000 fb4c4864-2807fdd8-9a109cff-e1040055-01cba6eb-82f3925e-973b936a-47d38301 alias: public.peertech.org 70.104.254.121 10.10.10.10 172.16.13.77 192.168.1.242 feed:7ba3:c779:e5f5:cc1a:8bc7:5fe1:ed08/16 About Us "Experience should teach us to be most on our guard to protect liberty when the Government's purposes are beneficent. Men born to freedom are naturally alert to repel invasion of their liberty by evil minded rulers. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." ~ Justice Louis Brandeis We believe in personal and social responsibility. We write code to empower individuals and develop community. Do not misuse this software to facilitate or conceal harm against others; these efforts are given to you freely and in good faith. Recent developments and other news can be found in the peertech status log. Quorum communication and development is explained in the peertech quorum introduction. . . . Current Quorum Key Using digital keys and signatures for the inexperienced. * peertech.pubkey.txt SHA2-512 digest of current peertech.pubkey.txt at offset 0000000: B533C5F6 C306C60D 9723CC0D 6298692F F207160B 4DE29A09 30A752F2 8B03906D 41B0B080 C07B3FFF D53A6B8D 4FA1D33D E35483E7 DC7733BE 32F3D08F 815A5502 ---end-cut--- ---peertech.pubkey.txt for offset 0000000--- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.3rc2 (GNU/Linux) mQILBERo6QcBEADGsg4E7uR0EohrCQHvJNKCJZriejblitX4MDRs7B6oOBXoSPmg pTCEZwj1FbiDfKYqwG5sc7y48Y77pyEdFIVQqmLoIq0W0pcRDoHyECzHOW6enWOx JSFQArskItC0P1mulvy4SCuhQ8aFA/V4MQw+yjj3AkGz5M42TSU2ZUmNPWQtUUqI xYVRefgjYV2hWP3ACP0K43zFsZHMC3a0co9gA3kaAsioSjRLP3dEEfsQw1Flqy3P P2g0BnsefHPsQfOegyry1aF1sAtUqXBlyWv7mbjJ8781JRyRRyPWDTPyRzsnbv89 OK2v7ZZ3qyHTULG/B8cEiAF7Sd3sK2dyJjMu0JiWF0nm+yRjNiM2vhH/zgs10v2I qsO9oQF+KsISZKcUDd2Whhx94Q1HmEeEjUSliHDpHIuA7tux4I2eXUH2OeqXRbbJ EWLw7DmdgF6IHZlCq1VGSeJ5M7vWEq/fXxNfVs2B08b8q+QPLN0gL2uKKHBWDLC8 8E7PiXES5dxwAeIRB1LIrAK4yWni4E7EKMG8/nnglWiCvUA56ZIdWKwFJrb+X7Hj CDbMrLansY7FnU2+Fpe2h499WkLFk1FCRREFdohZULWEguH2rTXiGZ6SIScNNgkd hbvM5GKV1ldBG7/nwCNR+NeoWApR4RKalmQaI23zCW2sjVKRa1fumjBnlwAGKbSK UGVlcnRlY2ggUXVvcnVtIChQZWVydGVjaCBRdW9ydW0gU2lnbmF0dXJlIEtleSAt IGZiNGM0ODY0LTI4MDdmZGQ4LTlhMTA5Y2ZmLWUxMDQwMDU1LTAxY2JhNmViLTgy ZjM5MjVlLTk3M2I5MzZhLTQ3ZDM4MzAxKSA8cm9vdEBsb2NhbGhvc3Q+iQI1BBMB AgAfBQJEaOkHAhsDBgsJCAcDAgQVAggDAxYCAQIeAQIXgAAKCRA/o2lG9t2JbBD8 D/wLyXRzBf9rTZk/oSL3JTo1eCu4mbUyxJEydyS6UkIGCZMBDTBF9CXTE1pkCAM5 sG/Oe95KmDWCM9Vwivzbzj2ZLZu7klK6jWdW2F5sSCRltdwMpSUk46Mi1ezyUTM3 45gzZVmQBi2PT9V2dGLbXxwX9XhSftTr9HYs4aZbvz/ppm7xRgMlb/4kvrtq1pYH JFAIEHwYQhnOpQunnK9bIbjae/0DjauBUaH+CngDGAKW90tfh1bpvfPe8NoL0Bqf kYkPi2tk4+E1ojG665vhgPZeydBzkrIyHV7JJfGbrXnn6vCBTqPPZ615VFWU5hRa obaY4sXiY2QDdxWcdgCHrpNPO4WfOlNhGGPyzE/CSRqkImUdcSXxirCe+7hCFWtu BVF398DkeUCnOCr79RAoXNjdEtJjeaiRMObZFVS+4akkmytlpDUofm5lkKsKTEjH 3MBSpymVAOQtiu4I2Fgfx3DNT8wMu9s+jTL2moynVWz/4rV/w0Sgg5D0LEYkNDta 4dWE/vXNnexU+3oGq4XRomBZhBSZJrfmR3jeG03b2wW1Tq/x65LUWMqYjpAs/hPp QsWtRUo5JFjKROWiSYs+0KnTDzUvz8TSWdp+xfotf36JEIJaI2to0b6vf9vBhJsA xEB4nwJdtwcc1wUAXJWhycBE9BU24GfEBPK13mAsfXTg7Q== =e8TV -----END PGP PUBLIC KEY BLOCK----- ---end-cut--- From zbhhajl at media-haus.com.jfet.org Mon May 22 09:36:55 2006 From: zbhhajl at media-haus.com.jfet.org (Salcido) Date: Mon, 22 May 2006 11:36:55 -0500 Subject: The REAL Diet Deal Message-ID: <76813210577039.WY5ShEA3Bq@bellatrix> the mommy try totem be oxnard but libretto the poodle -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2032 bytes Desc: not available URL: From eugen at leitl.org Mon May 22 02:38:04 2006 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 22 May 2006 11:38:04 +0200 Subject: [perry@piermont.com: Government using call records to go after reporter's sources.] Message-ID: <20060522093804.GZ26713@leitl.org> ----- Forwarded message from "Perry E. Metzger" ----- From measl at mfn.org Mon May 22 11:23:48 2006 From: measl at mfn.org (J.A. Terranson) Date: Mon, 22 May 2006 13:23:48 -0500 (CDT) Subject: NS&AT&T In-Reply-To: References: Message-ID: <20060522132321.H47663@ubzr.zsa.bet> On Wed, 17 May 2006, Tyler Durden wrote: > Anyone know what telecom vendor NSA uses? Lucent (now French, I believe?) -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker From aqejbifhqu at comnac.com Mon May 22 14:40:43 2006 From: aqejbifhqu at comnac.com (vegas_roller) Date: Mon, 22 May 2006 14:40:43 -0700 Subject: [Auto-Reply] win_$$$ Message-ID: <314499750269.IUP14350@busboy.scorpcom.net> - May Bonus Madness - $888 as Bonus on your first deposits Fantastic Cash games and tournaments. Simply increase your chances of WINNING BIG :) This is an opportunity not to be missed, great games, big winnings and loads of players. Click below for more details http://lingora.com/d1/hot From holt at trscarolina.com Mon May 22 16:00:43 2006 From: holt at trscarolina.com (Kelvin Sinclair) Date: Mon, 22 May 2006 15:00:43 -0800 Subject: Excellent mortagee ratees Message-ID: <797568610.4211881723931.JavaMail.ebayapp@sj-besreco083> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1009 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: argillaceous.3.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From coderman at gmail.com Mon May 22 15:56:29 2006 From: coderman at gmail.com (coderman) Date: Mon, 22 May 2006 15:56:29 -0700 Subject: it's like a cypherpunk christmas Message-ID: <4ef5fec60605221556h3eaa5bbfkff08213bc9423fa2@mail.gmail.com> so is DoJ going to bite? http://blog.wired.com/27BStroke6/att_klein_wired.pdf tap'd dat ass! http://www.newyorker.com/talk/content/articles/060529ta_talk_hersh "A security consultant working with a major telecommunications carrier told me that his client set up a top-secret high-speed circuit between its main computer complex and Quantico, Virginia, the site of a government-intelligence computer center. This link provided direct access to the carrier's network corethe critical area of its system, where all its data are stored. "What the companies are doing is worse than turning over records," the consultant said. "They're providing total access to all the data." i'm on the wrong end of this gang bang... http://www.defensetech.org/archives/002436.html (bizweek has issues atm...) " The Departments of Justice, State, and Homeland Security spend millions annually to buy commercial databases that track Americans' finances, phone numbers, and biographical information, according to a report last month by the U.S. Government Accountability Office, the investigative arm of Congress. Often, the agencies and their contractors don't ensure the data's accuracy, the GAO found. Buying commercially collected data allows the government to dodge certain privacy rules. The Privacy Act of 1974 restricts how federal agencies may use such information and requires disclosure of what the government is doing with it. But the law applies only when the government is doing the data collecting." and sprint was sucking lucre from that SIGINT teat: (i'm shocked, shocked! :) http://www.kansascity.com/mld/kansascity/business/14614912.htm '''Sprint Nextel Corp. is the latest phone company to be sued for possibly giving call records to the government. ... "Sprint Nextel continues to be dedicated in protecting the privacy of our customers' communications," Gunasegaram said. "We comply fully with lawful processes." He declined to comment further when asked whether Sprint had been approached by the National Security Agency or provided any customer calling records to government officials.''' still basking in the CHB afterglow of "fuck you. strong letter to follow": http://www.capitolhillblue.com/content/2006/05/bushs_wants_to_jail_reporters.html "Attorney General Alberto Gonzales says the Bush administration may prosecute New York Times reporters who wrote about the NSA's spying on Americans, which means Bush can break the law by ordering the spying but he wants to prosecute reporters who caught him breaking the law." ahhh... i need a smoke. From BethanyLevwjkwj at americanrelay.com Mon May 22 17:02:43 2006 From: BethanyLevwjkwj at americanrelay.com (Susan Donnelly) Date: Mon, 22 May 2006 16:02:43 -0800 Subject: see our great handbags and watches Message-ID: <47331681715691.DJjR1WxVmd@recuse> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 603 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: wallboard.gif Type: image/gif Size: 13341 bytes Desc: not available URL: From eugen at leitl.org Mon May 22 07:26:11 2006 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 22 May 2006 16:26:11 +0200 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] Message-ID: <20060522142611.GT26713@leitl.org> ----- Forwarded message from John Gilmore ----- From eugen at leitl.org Mon May 22 07:28:45 2006 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 22 May 2006 16:28:45 +0200 Subject: [smb@cs.columbia.edu: Phil Zimmerman and voice encryption; a Skype problem?] Message-ID: <20060522142845.GV26713@leitl.org> ----- Forwarded message from "Steven M. Bellovin" ----- From camera_lumina at hotmail.com Mon May 22 14:07:04 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 22 May 2006 17:07:04 -0400 Subject: NS&AT&T In-Reply-To: <20060522132321.H47663@ubzr.zsa.bet> Message-ID: Yes...I think using US vendors whenever possible was always part of their policy. Let me look at the latest Lucent gear. Actually, of all the documents I've seen until now, the only real smoking gun is the use of the optical splitters themselves...if everything was above board they should have been able to drop-and-continue copies of the traffic "legally" using the transport equipment itself. Also, the fact that AT&T tryed to surpress the documentation says a lot too. They could have played it cool: "Nothing to see here, see? We were just testing traffic like we always do..." -TD >From: "J.A. Terranson" >To: Tyler Durden >CC: coderman at gmail.com, kyphros at gmail.com, cypherpunks at jfet.org >Subject: Re: NS&AT&T >Date: Mon, 22 May 2006 13:23:48 -0500 (CDT) > > >On Wed, 17 May 2006, Tyler Durden wrote: > > > Anyone know what telecom vendor NSA uses? > >Lucent (now French, I believe?) > > >-- >Yours, > >J.A. Terranson >sysadmin at mfn.org >0xBD4A95BF > > >'The right of self defence is the first law of nature: in most governments >it has been the study of rulers to confine this right within the narrowest >limits possible. Wherever standing armies are kept up, and the right of >the people to keep and bear arms is, under any colour or pretext >whatsoever, prohibited, liberty, if not already annihilated, is on the >brink of destruction.' > >St. George Tucker From bill.stewart at pobox.com Mon May 22 17:29:53 2006 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 22 May 2006 17:29:53 -0700 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: <20060522142611.GT26713@leitl.org> References: <20060522142611.GT26713@leitl.org> Message-ID: <6.2.1.2.0.20060522171909.03415978@pop.idiom.com> > http://saveaccess.org/ > >Events are already scheduled in Boston, Chicago, San Francisco, and >NYC. You can register your own local event by sending mail to >protest at saveaccess.org. If anybody's planning to go to the San Francisco protest at "AT&T's main San Francisco headquarters at 666 Folsom St.", they'll be disappointed or confused. That building's been closed long enough that they've taken the Credit Union ATM machine away from the front entrance :-) (This is frustrating, because it means that the nearest one is now about 8 blocks away from my SF office instead of 1 block.) There are three or four other AT&T / SBC buildings near there, one of which has a nice big plaza and few windows, and another of which had a Cypherpunks meeting there once in the 90s. I'm unlikely to attend - I've got things to do down in the south bay. And unfortunately, IMHO their accuracy on other issues is about on par with their directions. They've got the Ballpark right, but it's big enough that it's hard to miss, and our corporate leaders do need yelling at for being boneheads, but they don't appear to understand the technical issues with network neutrality. From declan at well.com Mon May 22 15:42:08 2006 From: declan at well.com (Declan McCullagh) Date: Mon, 22 May 2006 17:42:08 -0500 Subject: [Politech] Perry Metzger's call to action on Feds' lawlessness, tapping [priv] Message-ID: Also see Alberto Gonzales on prosecuting reporters: http://www.firstamendmentcenter.org/news.aspx?id=16921 -Declan ----- Forwarded message from "Perry E. Metzger" ----- From rah at shipwright.com Mon May 22 15:50:46 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 22 May 2006 18:50:46 -0400 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: <20060522142611.GT26713@leitl.org> References: <20060522142611.GT26713@leitl.org> Message-ID: At 4:26 PM +0200 5/22/06, Eugen Leitl channeled John Gilmore: >I haven't seen cryptographers and cypherpunks >with protest signs -- yet. Sigh. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jitta at herbigassociates.com Mon May 22 21:00:23 2006 From: jitta at herbigassociates.com (Harlan Avila) Date: Mon, 22 May 2006 22:00:23 -0600 Subject: Pre-approved Application #278295 Mon, 22 May 2006 22:00:23 -0600 Message-ID: <69989378812192.HkXBL2bjoU@traitorous> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1210 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: antares.gif Type: image/gif Size: 6170 bytes Desc: not available URL: From eugen at leitl.org Mon May 22 13:19:04 2006 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 22 May 2006 22:19:04 +0200 Subject: Voice Encryption May Draw U.S. Scrutiny Message-ID: <20060522201904.GP26713@leitl.org> http://www.nytimes.com/2006/05/22/technology/22privacy.html?_r=2&oref=login&p agewanted=print May 22, 2006 Voice Encryption May Draw U.S. Scrutiny By JOHN MARKOFF SAN FRANCISCO, May 21 b Philip R. Zimmermann wants to protect online privacy. Who could object to that? He has found out once already. Trained as a computer scientist, he developed a program in 1991 called Pretty Good Privacy, or PGP, for scrambling and unscrambling e-mail messages. It won a following among privacy rights advocates and human rights groups working overseas b and a three-year federal criminal investigation into whether he had violated export restrictions on cryptographic software. The case was dropped in 1996, and Mr. Zimmermann, who lives in Menlo Park, Calif., started PGP Inc. to sell his software commercially. Now he is again inviting government scrutiny. On Sunday, he released a free Windows software program, Zfone, that encrypts a computer-to-computer voice conversation so both parties can be confident that no one is listening in. It became available earlier this year to Macintosh and Linux users of the system known as voice-over-Internet protocol, or VoIP. What sets Zfone apart from comparable systems is that it does not require a web of computers to hold the keys, or long numbers, used in most encryption schemes. Instead, it performs the key exchange inside the digital voice channel while the call is being set up, so no third party has the keys. Zfone's introduction comes as reports continue to emerge about the government's electronic surveillance efforts. A lawsuit by the Electronic Frontier Foundation, a privacy rights group, contends that AT&T has given the National Security Agency real-time access to Internet communications. In the wake of 9/11, there were calls for the government to institute new barriers to cryptography, to avoid its use in communications by enemies of the United States. Easily accessible cryptography for Internet calling may intensify that debate. "I'm afraid it will put front and center an issue that had been resolved in the individual's favor in the 1990's," said James X. Dempsey, policy director for the Center for Democracy and Technology, a Washington-based public policy group. The Federal Communications Commission has begun adopting regulations that would force Internet service providers and VoIP companies to adopt the technology that permits law enforcement officials to monitor conventional telephone calls. But for now, at least, F.C.C. regulation exempts programs that operate directly between computers, not through a hub. "From the F.C.C.'s perspective you can't regulate point-to-point communications, which I think will let Phil off the hook," said Marc Rotenberg, director of the Electronic Privacy Information Center, an advocacy group in Washington. Zfone may face more of a challenge in Europe, where the British government is preparing to give the police the legal authority to compel both organizations and individuals to disclose encryption keys. But Mr. Zimmermann, 52, does not see those fearing government surveillance b or trying to evade it b as the primary market. The next phase of the Internet's spyware epidemic, he contends, will be software designed to eavesdrop on Internet telephone calls made by corporate users. "They will have entire digital jukeboxes of covertly acquired telephone conversations, and suddenly someone in Eastern Europe is going to be very wealthy," he said. While Mr. Zimmerman is giving away his software so far, his goal is to attract VoIP software and hardware developers to license his technology and embed it in their products. Zfone can automatically encrypt any call between users of freely available VoIP software programs like X-Lite, Gizmo or SJphone. It can be downloaded at www.philzimmermann.com. The system does not work with Skype, the VoIP system acquired by eBay, which uses its own encryption scheme. But at a conference last week in Cyprus, German officials said they had technology for intercepting and decrypting Skype phone calls, according to Anthony M. Rutkowski, vice president for regulatory affairs and standards for VeriSign, a company that offers security for Internet and phone operations. Mr. Zimmermann said he had not yet tested Zfone's compatibility with Vonage, another popular VoIP service. Mr. Zimmermann contends that the nation is better off with strong cryptography. Indeed, Zfone can be considered an asset, he said, because it allows people to have secret conversations without hiding their Internet protocol addresses, which could be traceable geographically. Those observed having a secured conversation could come under suspicion, of course. But for that reason, he argued, sophisticated criminals or terrorists are unlikely to use the technology. "I'm sympathetic to the needs of the intelligence community to catch the bad guys," he said. "I specifically protect the content the criminals want, while simultaneously not interfering with the traffic analysis that the N.S.A. is trying to do. You could make the case that I'm being socially responsible." -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From quintana at inlinenj.com Mon May 22 21:34:41 2006 From: quintana at inlinenj.com (Terry Winters) Date: Mon, 22 May 2006 22:34:41 -0600 Subject: Lowest rate approved Message-ID: <31301240858401.37tZ0uJ3PY@tableland> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1187 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: youngster.gif Type: image/gif Size: 6170 bytes Desc: not available URL: From bluesthang at bigjohnson.com Mon May 22 21:47:55 2006 From: bluesthang at bigjohnson.com (Lorrie Messer) Date: Mon, 22 May 2006 22:47:55 -0600 Subject: Re-finance before rates skyrocket Message-ID: <0.8.7.1.8.32091052170547.731a5139@69.60.117.34> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1184 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: cylindric.jpg Type: image/jpg Size: 7236 bytes Desc: not available URL: From declan at well.com Mon May 22 23:27:40 2006 From: declan at well.com (Declan McCullagh) Date: Mon, 22 May 2006 23:27:40 -0700 Subject: [Politech] Replies to Hiawatha Bray's response, and whether the law is really the law after all [fs] Message-ID: Previous Politech messages: http://www.politechbot.com/2006/05/22/hiawatha-brays-response/ http://www.politechbot.com/2006/05/22/perry-metzgers-call/ -------- Original Message -------- Subject: Re: [Politech] Hiawatha Bray's response on wiretapping of journalists: the law's the law [fs] Date: Mon, 22 May 2006 23:31:36 -0500 From: Andy Ringsmuth To: Declan McCullagh References: <447282E6.3060804 at well.com> >From the original article: It can be argued by some who do not agree with me that the reporters in question are somehow "helping the terrorists" by revealing things like the fact that the US Government has SigInt operations, but in fact anyone who isn't an idiot already knows we have SigInt operations. What the reporters have done -- heroically, I might add -- is reveal that the government has far exceeded the bounds of legality in performing such operations, even when legal methods existed to gain the same information. Declan, One thing that routinely irks me about the media today is the increasing trend towards editorializing in the news, particularly when what is said is false. Perry Metzger says that "the government has far exceeded the bounds of legality in performing such operations" and says it as if it were fact. I don't know if Metzger is a journalist or not, I will admit. In truth, however, while there are some cases pending in various courts and maybe a Senate investigation in the works, at this juncture any claim as to whether or not the government has broken the law is just that - a claim, and thus not fact. It may well be Metzger's opinion that the government broke the law, but until that has been proven or disproven in a court of law, it is merely an allegation and nothing more. I routinely see politicians and even the media referring to this stuff in terms like "the illegal wiretapping issue" or "the illegal NSA wiretapping," etc. Whether or not a law has been broken is for a COURT to decide, not a politician or a journalist. It seems to me that as journalists word things like they do, it is a subtle but gross indication of their political bias, and thus a terrible disservice as they mislead (intentional or otherwise) their readers/ viewers. Brian Ross and Richard Esposito get it right in their blog, as they don't state allegations as fact. Hiawatha Bray is correct in stating that " it's illegal for journalists to knowingly publish classified information" as that is a statement of fact. But if Bray were to say that "Scooter Libby illegally leaked Valerie Plame's identity" it would be false. An accurate statement would be "Scooter Libby allegedly leaked...." There is a big difference there. Similarly, if Metzger had said "it is alleged that the government has far exceeded the bounds of legality in performing such operations" or "Some say the government has far exceeded..." that would be legit. But to consider one's self to be judge and jury just isn't right. Respectfully, -Andy Ringsmuth andyring at inebraska.com (OK to display my e-mail address if this makes it to your Politech list) -------- Original Message -------- Subject: Re: [Politech] Hiawatha Bray's response on wiretapping of journalists: the law's the law [fs] Date: Mon, 22 May 2006 21:35:25 -0700 (MST) From: terry at terrybressi.org To: declan at well.com Rubbish. Exactly what part of the First Amendment phrase, "Congress shall make no law..." does Mr. Bray not fully grasp? While Congress may have the legitimate authority to prohibit government employees from leaking classified information, it most certainly doesn't have the legitimate authority to make it a crime for the press to publish or report on classified information. Indeed, if Congress could pass such a law, there would be little to stop the federal government from unconstitutionally spying on the American people and making evidence of such an act classified in order to cover-up the government's malfeasance. Perhaps Mr. Bray should avail himself of a remedial class in Civics 101 so as to better understand the checks and balances that exist within a Constitutional Republic such as ours. Terry Bressi -------- Original Message -------- Subject: Hiawatha Bray's Javertism Date: Tue, 23 May 2006 00:40:50 -0500 From: Jim Davidson Reply-To: davidson at net1.net To: Declan McCullagh CC: watha2020 at fusemail.com References: <447282E6.3060804 at well.com> Dear Declan, It is a bit surprising to see the despicable words of Inspector Javert from _Les Miserables_ repeated by a reporter such as Hiawatha Bray. "The law's the law!" Yes, sure, and the camp guards were only doing their jobs, the train drivers weren't told where their human cargo was going, and nobody said what the fork lifts were for. After all, the nationalist socialist workers party of Germany members were only following orders. In fact the law, whether it is from 1917 or 1950 is a law that Congress had no authority to pass. The superceding text is very clear, even to that arch-fool Alberto: "Congress shall make no law ... abridging the freedom of speech, or of the press...." from the Bill of Rights, Article One. The Supreme Court has repeatedly ruled that any law passed by Congress which is unconstitutional is null on its face and void. Therefore, there is no law against publishing anything, including secrets of the government, including the embarrassing fact that White House officials have blabbed to reporters all kinds of national secrets. Mr. Alberto Gonzales is a traitor to the constitution he swore an oath to defend. He knows that no law abridging the freedom of the press is valid, and he ought to be ashamed of himself. He also ought to be impeached, convicted of treason by a court of competent jurisdiction, and executed. Even pretending he has the authority to enforce a law abridging freedom of the press makes the man a menace to American values, an oath breaker, and, as a result of his willful oath breaking, a traitor. Chilling freedom of the press by threatening to enforce an invalid and unconstitutional law gives aid and comfort to the enemies of the United States and the enemies of freedom. Violating the First Amendment is a high crime. Treason ought not to be excused lightly. Treason against our fundamental values, against the tradition of a free press which made this country possible, is so disgusting that no lesser sentence than death could be appropriate. Regards, Jim -------- Original Message -------- Subject: Re: [Politech] Hiawatha Bray's response on wiretapping of journalists: the law's the law [fs] Date: Tue, 23 May 2006 00:36:38 -0400 From: Chris Beck Organization: None At All To: Declan McCullagh , Hiawatha Bray References: <447282E6.3060804 at well.com> They say Declan McCullagh, on or about 22.May.2006 23:35, whispered: > reporters. Still, the law's the law, and reporters are bound to it like > everybody else. Until the law is found to be unconstitutional or in conflict with another law. Besides, the implication is that the tracking is being done by the NSA. I would have thought it was the FBI's responsibility to investigate criminal leaks. My own personal feeling is that it should not be possible for criminal actions to be deemed classified. Cheers, Chris -- Chris Beck - http://pacanukeha.wordpress.com The sad fact is that "national security" has become the root password to the Constitution. -- Phil Karn -------- Original Message -------- Subject: Re: [Politech] Perry Metzger's call to action on Feds' lawlessness, tapping [priv] Date: Mon, 22 May 2006 23:37:04 -0600 From: Daniel Webb To: Declan McCullagh References: <447282E6.3060804 at well.com> <20060522174208.C1628 at baltwash.com> > Nonsense. As a journalist, I don't much like the idea. But anybody who's > leaking classified data to reporters is in violation of the law. And it's > perfectly legal for the government to tap the phones of suspected > lawbreakers inside the intelligence community. In addition, it's illegal > for journalists to knowingly publish classified information, according to a > law passed back in 1950. I hope that provision is never enforced; I don't > think the administration wants to enforce it. After all, they need only > nail the leakers and thus avoid opening a huge can of worms by arresting > reporters. Still, the law's the law, and reporters are bound to it like > everybody else. Two points: 1) The government should simply make a law that revealing government lawbreaking is itself a serious crime, perhaps appending it to the treason statute. I am quite confident that within my lifetime this will happen. I assume you will not support such a law, but will you violate it? Will you still say "the law's the law, and everybody has to follow it?" 2) Reading his message as a whole, I think the fear being described by Mr. Metzger is not so much legitimate phone tapping and warrants, but the wholesale and illegal surveillance going on now. For example, assume a reporter can now be identified any time after the fact because the NSA is keeping phone logs of every phone call made in the United States. Once identified, "legitimate" warrants can be used to gain information used against them in court. This is the fear I have: that we will create a system where Constitutional protections still exist on paper, but are meaningless in practice. I believe that will be the result of the fourth amendment if the current administration gets away with breaking the law. Bush broke the law and is still breaking the law. Everyone involved with that operation should be prosecuted, yet they are boldly defiant and calling for the heads of those brave enough to out them breaking the law. So pardon me if I don't see blind devotion to the law as the highest ideal in this case, especially when the law is only applied to those who criticise the government and not the government itself. Daniel Webb -------- Original Message -------- Subject: Re: [Politech] Hiawatha Bray's response on wiretapping of journalists: the law's the law [fs] Date: Mon, 22 May 2006 22:41:50 -0700 From: Thomas Leavitt Organization: Godmoma's Forge, LLC To: Declan McCullagh References: <447282E6.3060804 at well.com> Declan, The law is owed respect exactly to the point at which it becomes immoral and dangerous to do so - the world is full of bad and immoral laws which deserve nothing but contempt. A bad law is a bad law. Period. It is a hoary example, but there were plenty of "laws" in the South that journalists (and others) were "bound" to observe, that people knowingly and deliberately broke because they were unjust and unwise. There's a reason why there are laws that attempt to protect whistle blowers, and there's a reason why, traditionally, journalists enjoy a certain amount of immunity from revealing their sources - even the ones who are engaged in illegal acts: the benefit to the public of having access to the truth, in this case, of having a counter-balance to an arrogant and over-reaching executive, exceeds the costs to the society associated with failure to prosecute those revealing the secrets. Really, does the idea of a government that is *successfully* able to seal all leaks, to track down and prosecute and punish any and all individuals who reveal information that such a government prefers to not have revealed, does this make anyone happy? Would you feel safer in your bed at night, if you knew the rulers of this country were pretty much free to proceed at will with whatever plans they cared to execute? Absolute power corrupts absolutely. A governmental administration effectively able to act without fear of exposure by those who disagree with policies as laid out and implemented, especially in the case of secrecy, is inevitably going to over-reach and threaten the liberty of the citizens it governs. It is inherent in human nature, individually, and collectively. We already have a huge and growing and more or less truly secret and almost completely unaccountable government... $40 billion dollars a year (that we know of), the entire budget of a small nation... more than all but a few countries combined spend on national defense... don't we, as citizens, deserve to have at least a theoretical opportunity to learn when and if improprieties of any sort, however embarassing, and even if potentially threatening to national security in some fashion, are being engaged in? Is the nation better off for having Abu Gharib exposed? One could argue that our national security has been undermined by that event... but how much greater the threat, if that cancer had grown on, unabated, only to be revealed at a later point... or to infect the forces of law and order in our own country? ... setting aside the moral stain that settles on all of us, a citizens of a country that engages in torture. I would argue that, in point of fact, we have a moral obligation to conscientiously violate and disrespect and disempower immoral, unjust and unwise laws, and to express our contempt for them and our strong desire to see them invalidated or erased from the books. A whistle blower passing along secret and classified information that implicates any element of our government in immoral or illegal or just plain unwise acts is a hero, not a criminal. To put it in stark terms: if the CIA were to be engaged in a plot, authorized by the President himself and senior members of Congress, to explode a small tactical nuclear weapon in Tehran, designed to take out a large chunk of that government's ruling powers, and a whistle blower were to supply Seymour Hersh with all the details and they went up on the web minutes later, and such a publication "blew" the operation and lead to the deaths of several of the operatives and the virtual destruction of our intelligence network in Tehran and surrounding areas, there would be absolutely no doubt that, in a very real sense, our national security had been severely compromised. At the same time, one could (and I would, personally) argue that revealing this information would be an act of public service of the highest merit and the leaker to be a hero, and that in the long run, our national security had been vastly enhanced, rather than degraded. But, perhaps I'm too much of a cynic, perhaps I've been watching too much Star Trek, find the proposition that our government could over reach its bounds or be corrupted from within or that elements of it could put their own interests ahead of the nations far more realistic a proposition than is justified. But again, I ask: if the government was able to act without the slightest fear of "leaks", if each and every "leak" were instantly and ruthlessly hunted down and crushed, and any publication or forwarding of such information was suppressed and severely punished... would any of us fell safer in our beds at night? Regards, Thomas Leavitt -------- Original Message -------- Subject: Re: [Politech] Hiawatha Bray's response on wiretapping of journalists: the law's the law [fs] Date: Tue, 23 May 2006 01:52:48 -0400 (EDT) From: Dean Anderson To: Declan McCullagh On Mon, 22 May 2006, Declan McCullagh wrote: > Previous Politech message: > Nonsense. As a journalist, I don't much like the idea. But anybody who's > leaking classified data to reporters is in violation of the law. And it's > perfectly legal for the government to tap the phones of suspected > lawbreakers inside the intelligence community. In addition, it's illegal > for journalists to knowingly publish classified information, according to a > law passed back in 1950. I hope that provision is never enforced; I don't > think the administration wants to enforce it. After all, they need only > nail the leakers and thus avoid opening a huge can of worms by arresting > reporters. Still, the law's the law, and reporters are bound to it like > everybody else. I'm not a trained journalist. But I am a consumer of the products of journalism. The public doesn't have the CIA to find out facts. But we need information to make decisions. The collective "free press" provides that information: Like the CIA, they have to engage in a few "covert ops" to obtain information. As someone just recently pointed out on a TV talk show (didn't get their name), nearly everything the CIA does abroad is a violation of the host countries' laws. Spying is illegal in nearly every country. The public needs to know the truth, and needs to have access to facts in order to make decisions that are essential to Democracy. I agree that the law is the law. I rather identify with John Adams, who was greatly disturbed the by the French Revolution because it seemed to be anarchy, a destruction of the rule of law. In contrast, though Adams was a revolutionary, he was not an anarchist. I think the law in this case is meant to protect against harms to national security. The rub is what is "national security"? I argue that making newsworthy information public does not harm the national security. The publishing of the Pentagon Papers did no harm to the national security. Rather, this act greatly helped the national security. The exposure of Watergate brought down the President, but it did not harm the national security. Nor did the exposure harm the Presidency. The harm was caused by Nixon and his aides. The exposure was in the interest of national security. Likewise, I've seen nothing revealed so far that has been harmful to the national security, and I read the New York Times every day, frequently read the Boston Globe, and more occasionally the Wall Street Journal. The "National Security" is not "that which makes Bush and Company look good". It is that which makes the public actually secure in their liberties, and protects Democracy, which is public control of the government. I was greatly moved by Moussaoui's response to the families of the victims. After the families testified what pain he had caused, he took the stand to respond about the pain and death the US had caused abroad. I've just read "Rogue State" by William Blum. Engaging in secret wars for the benefit of US corporate profits is a terrible vulture that will come home to rest. In today's New York Times, Ted Koppel argues for (or perhaps alerts us to) the possibility that Corporations should be allowed to hire their own mercenaries to fight their battles and protect their foreign interests. I suspect that in fact, Corporations already do operate mercenary armies, and have for a long time. Last year, Margaret Thatcher's son was arrested in Zimbabwe for leading a mercenary army to overthrow the Central African Republic. Why? Oil seems likely. [There is a new oil pipeline in Chad, and there is Oil in Darfur, which also puts the "genocide" in a different light. Just look at the map and follow the Oil.] Exposing these misdeeds is in the national interest, and promotes national security and democratic public control of government. The acts of reporters have not been to sell secrets to the Chinese, or to terrorists for that matter. The acts have been to make relevant facts public. Facts which are relevant to the public discourse, and to the right of the public to have the information it needs to make decisions. Anything else is not a Democracy. The goal of national security is to preserve the Democracy, not the Presidency. Or even the President. Just as the Secret Service should take a bullet to protect the President, the President (and everyone below him) may need to put their own life and future at risk to protect the Democracy. That is what they swore an oath to protect: To protect and defend the Constition, not their own butts. Any classified information that essentially puts their "butts to the fire" probably better serves the national security by publication than by secrecy. I am a strong proponent of rule by law. But I think the lawfulness of this publication of classified information is rather similar to the notion of justifiable homicide, or perhaps trespass in public necessity. In tort law there is a defense against trespass called "Privileged Invasion of Another's Land or Chattels as a Public Necessity". Essentially, it means there are circumstances when trespass is necessary to avert a disaster, or because a highway is obstructed. Of course, the media is generally excluded in this, so perhaps it isn't a good example. But I think the lack of relevent information could create a public disaster. Indeed, I think the Iraq War (and perhaps the Vietnam War), was a public disaster caused by lack of public information. In Vietnam, the government repeatedly told the public that "we know things, and we're doing the right thing". We now know what it was they knew, and they didn't know anything then that would have made their decisions correct. National security would plainly have been better served by having that information made public. Sometimes there are good and just reasons to break the law. I absolutely see that its a hard call in a gray area. A call that, correctly made, distinguishes the professionals from the amateurs. But that's why we have professional journalists, and that's why we have judges and juries, and not robots. Freedom isn't risk free. For anyone, journalists included. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From gcmiarkzyduu at dmi.net Tue May 23 00:34:56 2006 From: gcmiarkzyduu at dmi.net (Kaelyn) Date: Mon, 22 May 2006 23:34:56 -0800 Subject: Ephedra is back and legal Message-ID: <5.0.4.3.3.06114775568621.746a1244@69.60.117.34> not televise on roadbed the tavern some yakima in thump -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 627 bytes Desc: not available URL: From contreras at acento.com Tue May 23 00:48:11 2006 From: contreras at acento.com (Jose Nicholson) Date: Mon, 22 May 2006 23:48:11 -0800 Subject: Pre-approvedd rate #rohhv Message-ID: <783172877.7941468595325.JavaMail.ebayapp@sj-besreco528> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 989 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: tx.3.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From hostmaster at ahyg.com Tue May 23 00:52:44 2006 From: hostmaster at ahyg.com (Chang White) Date: Mon, 22 May 2006 23:52:44 -0800 Subject: ReFi or Home Equity loans Message-ID: <304938163228746.9908665@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 995 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: accessible.4.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From extrawood at advbiol.com Tue May 23 00:56:19 2006 From: extrawood at advbiol.com (Evangeline Laird) Date: Mon, 22 May 2006 23:56:19 -0800 Subject: Looking to ReFi or a Home Equity Loan? Message-ID: <659842788124990.7586752@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 982 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: dana.1.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From chieko at ac.wakwak.com Tue May 23 01:13:36 2006 From: chieko at ac.wakwak.com (Fernando Hood) Date: Tue, 23 May 2006 00:13:36 -0800 Subject: Application approval #XAFWZL710934722 Message-ID: <66525.$$.94748.Etrack@hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 995 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: hotel.0.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From bthorp at ackerley.com Tue May 23 01:23:21 2006 From: bthorp at ackerley.com (Vernon Block) Date: Tue, 23 May 2006 00:23:21 -0800 Subject: 3.25%% approvedd rattee Message-ID: <032303528.9666652908104.JavaMail.ebayapp@sj-besreco892> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1015 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: rubicund.8.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From grgurevic at igroupsafety.com Tue May 23 04:26:30 2006 From: grgurevic at igroupsafety.com (Peter Mayfield) Date: Tue, 23 May 2006 05:26:30 -0600 Subject: Last chance for lower rates Message-ID: <8.4.6.4.6.64777196439492.310a6726@69.60.117.34> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1162 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: legatee.jpg Type: image/jpg Size: 7236 bytes Desc: not available URL: From extreemuse at a-ch.com Tue May 23 07:05:25 2006 From: extreemuse at a-ch.com (Henry Mayfield) Date: Tue, 23 May 2006 06:05:25 -0800 Subject: Great loww ratess Message-ID: <406826968.5034044576380.JavaMail.ebayapp@sj-besreco993> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1010 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: irrational.8.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From rah at shipwright.com Tue May 23 05:06:18 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 23 May 2006 08:06:18 -0400 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: <20060523082056.GG26713@leitl.org> References: <20060522142611.GT26713@leitl.org> <20060523082056.GG26713@leitl.org> Message-ID: At 10:20 AM +0200 5/23/06, Eugen Leitl wrote: >the political process >is one of the system parameters to be tweaked. Don't be a dumbass. Reality causes politics. Not the other way around. Physics causes finance, finance causes politics. Run it backward and Lysenko's your uncle. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From burlap at kichimail.com Mon May 22 19:39:44 2006 From: burlap at kichimail.com (Green Table Casino) Date: Tue, 23 May 2006 08:39:44 +0600 Subject: New Players get up to $300 FREE in Welcome Bonuses Message-ID: <10105.gangling@omega> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1559 bytes Desc: not available URL: From jya at pipeline.com Tue May 23 08:51:57 2006 From: jya at pipeline.com (John Young) Date: Tue, 23 May 2006 08:51:57 -0700 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: <20060523121739.GI26713@leitl.org> References: <20060522142611.GT26713@leitl.org> <20060523082056.GG26713@leitl.org> Message-ID: Speaking of orthogonal, what happened to *PLONK* as a code outburst for chagrin a being tromped by somebody smarter-assed, well, more adept at haughty bon mot triumphalisme. *PLONK*s were once frequently used here to hawk loogies. The archives show over 30,000 sneezes from about 2 million snorts. 29,000 were by Mr. Tim May, 500 by Monsieur Perry Metzger, 499 by Detweiler, a universally beloved pseudonym, though less popular in the American (forever a) colony than Euro-septic Luther Bissett. You say you missed about 1.9999 million of the wheezes. Well, then you are a super*PLONK*er who unsubbed after bazooka-ing your bugger, mooning your crack as the outdoor whacked it. Or pretended to unsub and hunkered down to see if anybody cared (Old French: "gave a shit"), or resubbed under a pseudo snot-me. Truthsayers claim over 98% of cpunk subscribers are one humanoid keyhammering about having to code for the 2% fuck-offs topside spitting sub-juvenile filos0fikal cant to consumers agog at the wonders of laborsaving digitalizers commanding them to spend thousands on upgraded error spreaders. This outrage must stop. Mark Klein nasaled. From rah at shipwright.com Tue May 23 05:53:26 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 23 May 2006 08:53:26 -0400 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: <20060523121739.GI26713@leitl.org> References: <20060522142611.GT26713@leitl.org> <20060523082056.GG26713@leitl.org> <20060523121739.GI26713@leitl.org> Message-ID: At 2:17 PM +0200 5/23/06, Eugen Leitl proves why European GDB is in the shitter this week: >People cause politics. People earn money, which they spend on politics. >And people are perfectly capable of cheerfully >disregarding that financial reality (more consensual hallucination, like). Indeed. Like they seem to be doing in the EU these days. The irony of the above statement coming from someone who lives at the ass-end the Fulda Gap I leave for others to work out. >If it's different in your model, then your model is inaccurate, >and needs adjusting. That's right. There are no facts. Just models. Heaven forfend we actually look at the way the world works. Hint: prices are *discovered*, bunky. Not calculated with models. Does the name "von Mises" mean anything to you, or did they edit it out of the German government school system? As Olsen says, a prince is a bandit who doesn't move. If there's no money to steal, the bandit, er, prince, starves, too. Ask Mssrs Mugabe, Castro, and all the other pissant price-calculators out there. >As to physical models for people, we're not nearly there with >a statistical peopledynamics -- it's a nonlinear system to start with, >so there will never be a good descriptor. Again, you mistake knowledge of the market with a belief in price-calculation. You think that price discovery is price-calculation. *You're* the one who betrays his desire for the state to "control" the economy, and, apparently physics as well. You keep thinking in those kinds of mechanistic terms, Lysenko is, indeed, your uncle. Or you're his bitch. Take your pick. >Protests do work. So do lobbies. Motivating people and cultivating >contacts is hard -- and of course money helps here, too. All true, >all orthogonal to writing code. Protests are like elections, and elections, as H.L. Mencken said, are merely advance auctions of stolen goods. It's better to produce more goods than they can steal, or like people do on the internet, goods they haven't thought to steal yet, or, much better, produce goods which can protect you from those who steal, which, paradoxically, is precisely what cryptography is. >I'm really surprised I had to diagram that for you. I'm surprised you think markets can be diagrammed. The point is, cryptography solves, economically, financially, and thus physically, the entirety of the problem that perrypunks, ip, politech, et al., seem to be impotently jacking themselves off about at the moment. Funnily enough, in the case of perrypunks, they're crypto people. Hell, *you* proport to be a crypto person. You proport to write code. You have a problem with the NSA, write code, problem solved. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue May 23 06:48:19 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 23 May 2006 09:48:19 -0400 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: <20060523133133.GJ26713@leitl.org> References: <20060522142611.GT26713@leitl.org> <20060523082056.GG26713@leitl.org> <20060523121739.GI26713@leitl.org> <20060523133133.GJ26713@leitl.org> Message-ID: At 3:31 PM +0200 5/23/06, Eugen Leitl wrote: >We can't. Unless you broke out of Plato's cave you have to stick >with models. Economics is a model, too. Ah. That's it, then. We all live in a model. And money, economics (finance for states, for anarchy-enabled out there...), don't exist. Say no more. Write when you get a clue. In the meantime, keep waving your sign and bleating about your rights. Somewhere, Antisthenes is laughing. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "Then we're stupid and we'll die." -- Pris (Darryl Hannah); Ridley Scott, 'Blade Runner' From eugen at leitl.org Tue May 23 01:11:15 2006 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 23 May 2006 10:11:15 +0200 Subject: [declan@well.com: [Politech] Perry Metzger's call to action on Feds' lawlessness, tapping [priv]] Message-ID: <20060523081115.GB26713@leitl.org> ----- Forwarded message from Declan McCullagh ----- From bianca_marchi at agilent.com Tue May 23 11:16:33 2006 From: bianca_marchi at agilent.com (Dominique Dwyer) Date: Tue, 23 May 2006 10:16:33 -0800 Subject: ReFi or Home Equity loans Message-ID: <419578115.6803534245227.JavaMail.ebayapp@sj-besreco954> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1027 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: cybernetics.2.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From eugen at leitl.org Tue May 23 01:20:57 2006 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 23 May 2006 10:20:57 +0200 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: References: <20060522142611.GT26713@leitl.org> Message-ID: <20060523082056.GG26713@leitl.org> On Mon, May 22, 2006 at 06:50:46PM -0400, R.A. Hettinga wrote: > At 4:26 PM +0200 5/22/06, Eugen Leitl channeled John Gilmore: > > >I haven't seen cryptographers and cypherpunks > >with protest signs -- yet. > > Sigh. I know it doesn't get into your head, but the political process is one of the system parameters to be tweaked. Deliberate agnosia is not constructive. You can protest and lobby *and* write code. -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From harrrhoo at 1up.com Tue May 23 11:23:03 2006 From: harrrhoo at 1up.com (Georgia Medrano) Date: Tue, 23 May 2006 10:23:03 -0800 Subject: Excellent mortagee ratees Message-ID: <959089106.3243977655315.JavaMail.ebayapp@sj-besreco621> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 983 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: award.6.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From bubshdlc at usda.net Tue May 23 08:30:58 2006 From: bubshdlc at usda.net (Manuela) Date: Tue, 23 May 2006 10:30:58 -0500 Subject: Tiffany, Handbags, Pens and more.. Message-ID: <873e854t.6232387@bestnetpc.com> ! pram see adept it's horseman not comprehensible , contrary -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 788 bytes Desc: not available URL: From eugen at leitl.org Tue May 23 01:41:14 2006 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 23 May 2006 10:41:14 +0200 Subject: [declan@well.com: [Politech] Replies to Hiawatha Bray's response, and whether the law is really the law after all [fs]] Message-ID: <20060523084114.GL26713@leitl.org> ----- Forwarded message from Declan McCullagh ----- From najman at airborne.com Tue May 23 12:25:39 2006 From: najman at airborne.com (Lenore Kennedy) Date: Tue, 23 May 2006 11:25:39 -0800 Subject: news day Message-ID: <64868.$$.31518.Etrack@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1099 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: %ATTNAME.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From muggs at tradeweb.net Tue May 23 12:42:48 2006 From: muggs at tradeweb.net (Stewart Vega) Date: Tue, 23 May 2006 11:42:48 -0800 Subject: Pre-approvedd rate #lkxxwfs Message-ID: <085175133651468.8434782@hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1002 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: behave.3.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From nrcd at nitecs.com Tue May 23 09:08:10 2006 From: nrcd at nitecs.com (Yolanda Erickson) Date: Tue, 23 May 2006 12:08:10 -0400 Subject: Fwd: There are over 20 ways to use the Gravitizer, check it out. Message-ID: <887364.1728044@nitecs.com> often call numbers and descriptive subject terms. There is also a new stable link shown for the information page that can be complicated formats, or reject the post that contains them. Also, we generally discourage crossposts of discussions to -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 900 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: out.png Type: image/png Size: 5920 bytes Desc: not available URL: From camera_lumina at hotmail.com Tue May 23 11:07:39 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 23 May 2006 14:07:39 -0400 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: Message-ID: RAHweh wrote... >Hint: prices are *discovered*, bunky. Not >calculated with models. Well, kinda. Let's just say there's a sort of Platonic price floating around out there, and the activities of local politicalities can cause temporary displacements from that price. But, this displacement will of necessity cause short-term tensions and stresses until the displacement is resolved. Arguably, any political attempt to fix the price--even the "correct" price, is like trying to stop a pendulum by tying it to another pendulum. On the other hand, there are rare cases were political action (or the absence of it) impacts the short-term course of events. For instance, does it matter that Kodos brought us into Iraq but that Kang would not have? In the long run probably not but in the short run definitely. (Or at least if you were suckered into sending your kids to fight.) -TD From camera_lumina at hotmail.com Tue May 23 11:12:47 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 23 May 2006 14:12:47 -0400 Subject: RentaCops in Public Spaces? In-Reply-To: <20060523143746.GB9630@arion.hive> Message-ID: WOW! So does this mean that France, England and Germany are basically funding the Iraqi insurgency? -TD >From: Justin >To: cypherpunks at jfet.org >Subject: Re: RentaCops in Public Spaces? >Date: Tue, 23 May 2006 14:37:46 +0000 > >On 2006-01-24T11:25:33-0500, Tyler Durden wrote: > > >That's easy enough. Grab a gun, sweat pants, hooded jacket, ski mask, > > >gloves, and lurk outside some isolated fine dining establishment. If > > >your (loyal) taxpayers complain about taxation without representation, > > >accuse them of being unpatriotic, and offer them a chance to vote on >who > > >you mug next. > > > > Sounds like a plan. > > > > Any other Cypherpunks sick of this crypto-anarchy bullshit and wanna get >in > > on the next new government? Don't miss out: early joiners get a higher > > share of the taxes. > >It seems that a better plan is to go to Iraq and hold hostage citizens >of the Axis of Supplication: > >http://www.timesonline.co.uk/article/0,,3-2191229,00.html > >That's $5 million U.S. per abduction. You can't get that kind of ROI in >Mexico. Of course, as a kidnapper in Mexico, you don't have the U.S. >military hunting you. > >-- >The six phases of a project: >I. Enthusiasm. IV. Search for the Guilty. >II. Disillusionment. V. Punishment of the Innocent. >III. Panic. VI. Praise & Honor for the Nonparticipants. From eugen at leitl.org Tue May 23 05:17:39 2006 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 23 May 2006 14:17:39 +0200 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: References: <20060522142611.GT26713@leitl.org> <20060523082056.GG26713@leitl.org> Message-ID: <20060523121739.GI26713@leitl.org> On Tue, May 23, 2006 at 08:06:18AM -0400, R.A. Hettinga wrote: > Reality causes politics. Not the other way around. Physics causes finance, > finance causes politics. Run it backward and Lysenko's your uncle. People cause politics. And people are perfectly capable of cheerfully disregarding that financial reality (more consensual hallucination, like). If it's different in your model, then your model is inaccurate, and needs adjusting. As to physical models for people, we're not nearly there with a statistical peopledynamics -- it's a nonlinear system to start with, so there will never be a good descriptor. Protests do work. So do lobbies. Motivating people and cultivating contacts is hard -- and of course money helps here, too. All true, all orthogonal to writing code. I'm really surprised I had to diagram that for you. -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rsw at jfet.org Tue May 23 11:19:58 2006 From: rsw at jfet.org (Riad S. Wahby) Date: Tue, 23 May 2006 14:19:58 -0400 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: <20060523143821.GC9630@arion.hive> References: <20060522142611.GT26713@leitl.org> <20060523082056.GG26713@leitl.org> <20060523121739.GI26713@leitl.org> <20060523133133.GJ26713@leitl.org> <20060523143821.GC9630@arion.hive> Message-ID: <20060523181958.GB1541@proton.jfet.org> Justin wrote: > > [demime 1.01d removed an attachment of type application/pgp-signature > > which had a name of signature.asc] > > (RSW, what was the net result of the comments a week or two back about > this? Thou shalt not suffer a MIME pgpsig to live?) I'm just some combination of lazy and busy. At some point in the (hopefully) not-too-distant future I'll fix it to pass through application/pgp-signature attachments. Oh yeah, and write that cpunks howto, too. Real life is so inconsiderate of my virtual obligations. -- Riad S. Wahby rsw at jfet.org From justin-cypherpunks at soze.net Tue May 23 07:37:46 2006 From: justin-cypherpunks at soze.net (Justin) Date: Tue, 23 May 2006 14:37:46 +0000 Subject: RentaCops in Public Spaces? In-Reply-To: References: <20060124003916.GA25249@arion.hive> Message-ID: <20060523143746.GB9630@arion.hive> On 2006-01-24T11:25:33-0500, Tyler Durden wrote: > >That's easy enough. Grab a gun, sweat pants, hooded jacket, ski mask, > >gloves, and lurk outside some isolated fine dining establishment. If > >your (loyal) taxpayers complain about taxation without representation, > >accuse them of being unpatriotic, and offer them a chance to vote on who > >you mug next. > > Sounds like a plan. > > Any other Cypherpunks sick of this crypto-anarchy bullshit and wanna get in > on the next new government? Don't miss out: early joiners get a higher > share of the taxes. It seems that a better plan is to go to Iraq and hold hostage citizens of the Axis of Supplication: http://www.timesonline.co.uk/article/0,,3-2191229,00.html That's $5 million U.S. per abduction. You can't get that kind of ROI in Mexico. Of course, as a kidnapper in Mexico, you don't have the U.S. military hunting you. -- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants. From justin-cypherpunks at soze.net Tue May 23 07:38:21 2006 From: justin-cypherpunks at soze.net (Justin) Date: Tue, 23 May 2006 14:38:21 +0000 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: <20060523133133.GJ26713@leitl.org> References: <20060522142611.GT26713@leitl.org> <20060523082056.GG26713@leitl.org> <20060523121739.GI26713@leitl.org> <20060523133133.GJ26713@leitl.org> Message-ID: <20060523143821.GC9630@arion.hive> Nice to see someone else out there believes in general semantics nC)e Plato's Cave. On the other hand, for someone who seems stuck on the belief that money creates an objective reality, RAH certainly did a good job getting you riled up. On 2006-05-23T15:31:33+0200, Eugen Leitl wrote: > On Tue, May 23, 2006 at 08:53:26AM -0400, R.A. Hettinga demonstrated > his comprehension difficulties: > > > >If it's different in your model, then your model is inaccurate, > > >and needs adjusting. > > > > That's right. There are no facts. Just models. Heaven forfend we actually > > look at the way the world works. Hint: prices are *discovered*, bunky. Not > > We can't. Unless you broke out of Plato's cave you have to stick > with models. Economics is a model, too. I prefer to think of it as an exodus from an undesirable place. It was too cold, and the shadows were causing eyestrain. I'm perfectly capable of imagining such an exodus, at least. In my place of exile, there are no models. Well... > > As Olsen says, a prince is a bandit who doesn't move. If there's no money > > to steal, the bandit, er, prince, starves, too. Ask Mssrs Mugabe, Castro, > > and all the other pissant price-calculators out there. > > You don't have to preach to the choir, you know. A prince is also a magician. Ask Fowles. > > *You're* the one who betrays his desire for the state to "control" the > > economy, and, apparently physics as well. You keep thinking in those kinds > > Aroo? Too much window-pane acid in your morning coffee? Too little coffee and milk in his morning window-pane acid. > > The point is, cryptography solves, economically, financially, and thus > > physically, the entirety of the problem that perrypunks, ip, politech, et > > Cryptography solves jack if it's not being used. I'm not surprised > that I have to explain that to you. Or if every 3rd person is on the government's payroll and gets government toys with which to spy on their neighbors, or if they or TLA agents can invade my house at will, or if I'm prohibited from owning guns or knives or anything that might ouch in the slightest, like the FINE FOLK of Britannia and its former penile colony. *I* can't deal with those kinds of threat models, at least. It's not worth my effort. I might just join the government corps and use that as an excuse to spy on my neighbor's hot 13-year-old daughter.* * No, you fascist pigfucker government e-tards, not really. If you check, you'll find that neither of my neighbors has an underage daughter, so go fuck yourself. > [demime 1.01d removed an attachment of type application/pgp-signature > which had a name of signature.asc] (RSW, what was the net result of the comments a week or two back about this? Thou shalt not suffer a MIME pgpsig to live?) -- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants. From rafo at aegean.gr Tue May 23 16:23:43 2006 From: rafo at aegean.gr ( Sherman) Date: Tue, 23 May 2006 15:23:43 -0800 Subject: Great loww ratess Message-ID: <936779444392778.0085045@> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 805 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: .gif Type: image/gif Size: 7610 bytes Desc: not available URL: From coderman at gmail.com Tue May 23 15:23:57 2006 From: coderman at gmail.com (coderman) Date: Tue, 23 May 2006 15:23:57 -0700 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: References: <20060522142611.GT26713@leitl.org> <20060523082056.GG26713@leitl.org> <20060523121739.GI26713@leitl.org> <20060523133133.GJ26713@leitl.org> <20060523143821.GC9630@arion.hive> Message-ID: <4ef5fec60605231523q67eada6ejbeab2b0872b471ea@mail.gmail.com> On 5/23/06, R.A. Hettinga wrote: > ... > If you want to fuck the NSA, state, whatever, write code. > > If you want to get fucked in the ass some more, wave a sign around some more. i'd like to pass off previous legitimate criticisms on the lack of pervasive and popular crypto by claiming usability flaws as the culprit. but encouraging the public is surely some part of this effort. how about handing out bootable CD's chock full of usable crypto goodness[1] to all those sign waving agitators so they might exercise a little personal responsibility for securing their privacy in addition to the masturbatory mob unity displays seeking redress and retraction from large, distant organizational structures who give two shits about that catchy slogan wielded impotently on ceder stick as if it were Excalibur itself expecting imminent victory over all of the world's ills... 1. http://sourceforge.net/project/showfiles.php?group_id=136357&package_id=176062 an updated image with zPhone integrated would be nice; perhaps something i'll poke at in the near future unless someone else does it first. privacy knoppix needs a rebirth :) From coderman at gmail.com Tue May 23 15:27:33 2006 From: coderman at gmail.com (coderman) Date: Tue, 23 May 2006 15:27:33 -0700 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: References: <20060522142611.GT26713@leitl.org> <20060523082056.GG26713@leitl.org> <20060523121739.GI26713@leitl.org> <20060523133133.GJ26713@leitl.org> <20060523143821.GC9630@arion.hive> Message-ID: <4ef5fec60605231527t6260fe8dkef37053d48281e05@mail.gmail.com> On 5/23/06, a long string of amusing commentary on political theory and the relative merits of working within a broken system to mitigate abuses versus subverting that system entirely columinated in hilarious epithets and criticism including: > Bob, > > You fucking heathenism hetero in denial, some advanced folks > relish both of those delights, and you might like the combo > too ... and your goat is fed up with its balls being licked. > > That's a Colbert Report. you guys crack me the fuck up. :P From eugen at leitl.org Tue May 23 06:31:33 2006 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 23 May 2006 15:31:33 +0200 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: References: <20060522142611.GT26713@leitl.org> <20060523082056.GG26713@leitl.org> <20060523121739.GI26713@leitl.org> Message-ID: <20060523133133.GJ26713@leitl.org> On Tue, May 23, 2006 at 08:53:26AM -0400, R.A. Hettinga demonstrated his comprehension difficulties: > >People cause politics. > > People earn money, which they spend on politics. Dude, politics has been with us at least since social primates. Politics is not just played for money, power is another major currency. > >And people are perfectly capable of cheerfully > >disregarding that financial reality (more consensual hallucination, like). > > Indeed. Like they seem to be doing in the EU these days. The irony of the > above statement coming from someone who lives at the ass-end the Fulda Gap > I leave for others to work out. And your point being... ? > >If it's different in your model, then your model is inaccurate, > >and needs adjusting. > > That's right. There are no facts. Just models. Heaven forfend we actually > look at the way the world works. Hint: prices are *discovered*, bunky. Not We can't. Unless you broke out of Plato's cave you have to stick with models. Economics is a model, too. > calculated with models. Does the name "von Mises" mean anything to you, or > did they edit it out of the German government school system? Dude, I'm not interested in arguing religion with you. > As Olsen says, a prince is a bandit who doesn't move. If there's no money > to steal, the bandit, er, prince, starves, too. Ask Mssrs Mugabe, Castro, > and all the other pissant price-calculators out there. You don't have to preach to the choir, you know. > >As to physical models for people, we're not nearly there with > >a statistical peopledynamics -- it's a nonlinear system to start with, > >so there will never be a good descriptor. No. You're still model-tarded. Economy is a special case of ecology. People are not money-driven, they're prestige-driven. > Again, you mistake knowledge of the market with a belief in > price-calculation. You think that price discovery is price-calculation. Actually, I'm not the obsessive-compulsive one talking about markets, so I resent such projections. > *You're* the one who betrays his desire for the state to "control" the > economy, and, apparently physics as well. You keep thinking in those kinds Aroo? Too much window-pane acid in your morning coffee? > of mechanistic terms, Lysenko is, indeed, your uncle. Or you're his bitch. > Take your pick. Thanks for lightening up my working day with some free entertainment. Appreciated. > >Protests do work. So do lobbies. Motivating people and cultivating > >contacts is hard -- and of course money helps here, too. All true, > >all orthogonal to writing code. > > Protests are like elections, and elections, as H.L. Mencken said, are > merely advance auctions of stolen goods. It's better to produce more goods So if I protest for my privacy, who am I stealing it from? > than they can steal, or like people do on the internet, goods they haven't > thought to steal yet, or, much better, produce goods which can protect you > from those who steal, which, paradoxically, is precisely what cryptography > is. So if they send you to Guantanamo because you won't cough up your keys how is cryptography going to protect you from being sodomized by a broomhandle by sadistic guards? > >I'm really surprised I had to diagram that for you. > > I'm surprised you think markets can be diagrammed. > > > The point is, cryptography solves, economically, financially, and thus > physically, the entirety of the problem that perrypunks, ip, politech, et Cryptography solves jack if it's not being used. I'm not surprised that I have to explain that to you. > al., seem to be impotently jacking themselves off about at the moment. > Funnily enough, in the case of perrypunks, they're crypto people. I see them organizing public protests. I also see them writing code. I see you trying to shut up people by your "cpunks write code" mantra. > Hell, *you* proport to be a crypto person. You proport to write code. You Nope, I'm not a cypherpunk. Never claimed to be one. I'm just tracking political and technology news and running servers with code that cypherpunks wrote. > have a problem with the NSA, write code, problem solved. I write code nobody uses (too afraid, too ignorant), problem not solved. -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From coderman at gmail.com Tue May 23 16:41:15 2006 From: coderman at gmail.com (coderman) Date: Tue, 23 May 2006 16:41:15 -0700 Subject: behavioral patterns, honey tokens, and baiting TLA's Message-ID: <4ef5fec60605231641m69e1cd68lf76e19f2b6b37aa5@mail.gmail.com> regarding previous discussion about baiting TLA's and resource consumption attacks / honey tokens this article is relevant: http://www.defensetech.org/archives/002439.html "It's not just about who calls who. The NSA phone-monitoring project looks at how terrorists place their calls  and then applies that model to everyone, to see who else might be a suspect. It's a form of predictive data mining made famous by the notorious Total Information Awareness project... Today, we learn why everyone's calls had to be in the target set. The NSA wasn't just conducting social network analysis. It was using a more controversial data mining technique, dragged into the popular imagination by Darpa's Total Information Awareness project, which focuses on prediction, not connections. Under this approach, sophisticated algorithms hunt for patterns of terrorist behavior in information-trails, and then apply those patterns to average citizens, seeing which ones fit. It doesn't matter who you know. It's what you do that gets you in trouble. If you spend money and buy plane tickets like Mohammed Atta did, then maybe you're a terrorist, too. Same goes for the kind, and frequency, of phone calls you make." so, if you really felt like poking the bear, the task is simple: act like a terrorist! google news alerts will give you the necessary "terrorist behaviors" that get the desired attention. these activities range from paying down significant credit card debt to researching critical information, transportation, and power distribution infrastructure. if anyone decides to try this i'd love to hear the tale of your interrogation and/or temporary incarceration... *grin* From rah at shipwright.com Tue May 23 14:08:53 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 23 May 2006 17:08:53 -0400 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: <20060523143821.GC9630@arion.hive> References: <20060522142611.GT26713@leitl.org> <20060523082056.GG26713@leitl.org> <20060523121739.GI26713@leitl.org> <20060523133133.GJ26713@leitl.org> <20060523143821.GC9630@arion.hive> Message-ID: It's real simple here, folks. If you want to fuck the NSA, state, whatever, write code. If you want to get fucked in the ass some more, wave a sign around some more. 'nuff said. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jya at pipeline.com Tue May 23 18:06:22 2006 From: jya at pipeline.com (John Young) Date: Tue, 23 May 2006 18:06:22 -0700 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: References: <20060523143821.GC9630@arion.hive> <20060522142611.GT26713@leitl.org> <20060523082056.GG26713@leitl.org> <20060523121739.GI26713@leitl.org> <20060523133133.GJ26713@leitl.org> <20060523143821.GC9630@arion.hive> Message-ID: Bob, You fucking heathenism hetero in denial, some advanced folks relish both of those delights, and you might like the combo too ... and your goat is fed up with its balls being licked. That's a Colbert Report. At 05:08 PM 5/23/2006 -0400, you wrote: >It's real simple here, folks. > >If you want to fuck the NSA, state, whatever, write code. > >If you want to get fucked in the ass some more, wave a sign around some more. > >'nuff said. > >Cheers, >RAH From rah at shipwright.com Tue May 23 15:43:16 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 23 May 2006 18:43:16 -0400 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: References: <20060523143821.GC9630@arion.hive> <20060522142611.GT26713@leitl.org> <20060523082056.GG26713@leitl.org> <20060523121739.GI26713@leitl.org> <20060523133133.GJ26713@leitl.org> <20060523143821.GC9630@arion.hive> Message-ID: At 6:06 PM -0700 5/23/06, John Young drunkenly emetted, just missing my shoes: >You fucking heathenism hetero in denial, some advanced folks >relish both of those delights, and you might like the combo >too ... and your goat is fed up with its balls being licked. >That's a Colbert Report. Ah. The voice of reason, once removed. Thank you for your enlightened opinion. Having done so, feel free to go back to waving signs to make shadow-puppets on the cave wall... ;-) Cheers, RAH Somewhere, there's a gamelon playing "Nearer My God to Thee" -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From bonhamqbt at wanadoo.com Tue May 23 04:00:10 2006 From: bonhamqbt at wanadoo.com (Eddie) Date: Tue, 23 May 2006 19:00:10 +0800 Subject: New and hot MUST SEE check out the pleasure Message-ID: <200605231049.k4NAnZf7021446@proton.jfet.org> You always wanted to be big and powerful like in the movies, didn't you Easy and naturally - all you have to do is watch your confidence grow Feel more than adequate with an ability to please her more http://3b9zrurh9g8jg3lwq33e8ll3.ripei.com/ The added inches and hours will make her thank you and ask for more See the best health brands gathered in one place Huge discounts for world's most popular male health goods Enjoy secure ordering, lowest possible prices and almost instant shipment. Actions speak louder than words. He who does not honour his wife dishonours himself There is no difference between a wise man and a fool when they fall in love The female of the species is more deadly than the male From justin-cypherpunks at soze.net Tue May 23 12:14:01 2006 From: justin-cypherpunks at soze.net (Justin) Date: Tue, 23 May 2006 19:14:01 +0000 Subject: RentaCops in Public Spaces? In-Reply-To: References: <20060523143746.GB9630@arion.hive> Message-ID: <20060523191401.GA21930@arion.hive> On 2006-05-23T14:12:47-0400, Tyler Durden wrote: > WOW! > So does this mean that France, England and Germany are basically funding > the Iraqi insurgency? It would appear so. Either that, or they're propping up the boating industry... rich ex-insurgents could be cruising around the Med in yachts. > >From: Justin > >To: cypherpunks at jfet.org > >Subject: Re: RentaCops in Public Spaces? > >Date: Tue, 23 May 2006 14:37:46 +0000 > > > >It seems that a better plan is to go to Iraq and hold hostage citizens > >of the Axis of Supplication: > > > >http://www.timesonline.co.uk/article/0,,3-2191229,00.html > > > >That's $5 million U.S. per abduction. You can't get that kind of ROI in > >Mexico. Of course, as a kidnapper in Mexico, you don't have the U.S. > >military hunting you. -- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants. From camera_lumina at hotmail.com Tue May 23 16:18:47 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 23 May 2006 19:18:47 -0400 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: Message-ID: Well, when you put it that way, there is a sort of baseline logic... -TD >From: "R.A. Hettinga" >To: Justin , cypherpunks at jfet.org >Subject: Re: [gnu at toad.com: May 24: National Day of Outrage at NSA/Telco > surveillance] >Date: Tue, 23 May 2006 17:08:53 -0400 > >It's real simple here, folks. > >If you want to fuck the NSA, state, whatever, write code. > >If you want to get fucked in the ass some more, wave a sign around some >more. > >'nuff said. > >Cheers, >RAH > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Tue May 23 16:26:29 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 23 May 2006 19:26:29 -0400 Subject: [gnu@toad.com: May 24: National Day of Outrage at NSA/Telco surveillance] In-Reply-To: <4ef5fec60605231523q67eada6ejbeab2b0872b471ea@mail.gmail.com> Message-ID: Now there's some thinkin'... Cultural stego of crypto tools: "Hey, I'm with you guys all the way! Here, take this and stick it to those liberal democratic assholes who are corrupting our values!" "Uh, we ARE democrats, sir..." "Oh yeah, I knew that. Really. Take this and stick it to those warmongering Republican fucks!" -TD >From: coderman >To: "R.A. Hettinga" >CC: Justin , cypherpunks at jfet.org >Subject: Re: [gnu at toad.com: May 24: National Day of Outrage at NSA/Telco >surveillance] >Date: Tue, 23 May 2006 15:23:57 -0700 > >On 5/23/06, R.A. Hettinga wrote: >>... >>If you want to fuck the NSA, state, whatever, write code. >> >>If you want to get fucked in the ass some more, wave a sign around some >>more. > >i'd like to pass off previous legitimate criticisms on the lack of >pervasive and popular crypto by claiming usability flaws as the >culprit. but encouraging the public is surely some part of this >effort. > >how about handing out bootable CD's chock full of usable crypto >goodness[1] to all those sign waving agitators so they might exercise >a little personal responsibility for securing their privacy in >addition to the masturbatory mob unity displays seeking redress and >retraction from large, distant organizational structures who give two >shits about that catchy slogan wielded impotently on ceder stick as if >it were Excalibur itself expecting imminent victory over all of the >world's ills... > >1. >http://sourceforge.net/project/showfiles.php?group_id=136357&package_id=176062 > >an updated image with zPhone integrated would be nice; perhaps >something i'll poke at in the near future unless someone else does it >first. privacy knoppix needs a rebirth :) From hockleyv17 at wanadoo.com Tue May 23 10:15:14 2006 From: hockleyv17 at wanadoo.com (Efrain) Date: Tue, 23 May 2006 22:15:14 +0500 Subject: Investment tips and stokc recommendations helping to earn more "HY WI" watch more inside Message-ID: <200605240215.k4O2FAnB014309@proton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2989 bytes Desc: not available URL: From jsgyosqbmgkxlu at dialnational.com Wed May 24 00:58:52 2006 From: jsgyosqbmgkxlu at dialnational.com (Backes Julie ) Date: Tue, 23 May 2006 23:58:52 -0800 Subject: Jumbo Gift Store Message-ID: <56586148802194.jinoHvoB99@bangui> or homeowner on arbitrate ! voluntarism the prefix on layton -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 767 bytes Desc: not available URL: From gushes at mailAccount.com.jfet.org Wed May 24 01:16:01 2006 From: gushes at mailAccount.com.jfet.org (Lara Harris) Date: Wed, 24 May 2006 00:16:01 -0800 Subject: Looking to ReFi or a Home Equity Loan? Message-ID: <742753101.1684654056630.JavaMail.ebayapp@sj-besreco406> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 995 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: bibb.9.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From khan at aa.wakwak.com Wed May 24 01:34:03 2006 From: khan at aa.wakwak.com (Milo Lanier) Date: Wed, 24 May 2006 00:34:03 -0800 Subject: Pre-approvedd rate #myavscjmwxgupl Message-ID: <62766.$$.02820.Etrack@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 992 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: bolshevik.8.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From bit552uys at facehugger.com Tue May 23 17:21:54 2006 From: bit552uys at facehugger.com (Audrey) Date: Wen, 24 May 2006 03:21:54 +0300 Subject: Key stokc investment strategies that increase your profit "HYW I" more than anywhere Message-ID: <200605252211.k4PMBLim016945@proton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3142 bytes Desc: not available URL: From justin-cypherpunks at soze.net Tue May 23 22:53:46 2006 From: justin-cypherpunks at soze.net (Justin) Date: Wed, 24 May 2006 05:53:46 +0000 Subject: Vectrotel tri-band GSM cellphone does DH+AES Message-ID: <20060524055346.GA1898@arion.hive> http://www.ohgizmo.com/2006/05/22/vectrotel-provides-secure-mobile-communications/ http://www.vectrotel.ch/index.php?show=67 Their English can be forgiven, but what's this? http://www.vectrotel.ch/images/typHuge/44.jpg I wonder where the designers were while the PR folks were screwing around with Visio. -- The six phases of a project: I. Enthusiasm. IV. Search for the Guilty. II. Disillusionment. V. Punishment of the Innocent. III. Panic. VI. Praise & Honor for the Nonparticipants. From vtxgovaayypbze at hotmail.com Wed May 24 08:17:27 2006 From: vtxgovaayypbze at hotmail.com (Brock Meyer) Date: Wed, 24 May 2006 07:17:27 -0800 Subject: chancellor money aesthete corollary invariant fauna andy maynard agricola elution economic dunlop customary panicked sloth latitudinal nephew rockbound drone consonant albania commentator grub disciplinary sarcastic roundoff aloof astronomer diode colon nitpick malposed Message-ID: <958475013.1541502615145.JavaMail.ebayapp@sj-besreco607> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1027 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ado.9.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From extrateres at aaamich.com Wed May 24 08:21:44 2006 From: extrateres at aaamich.com (Anibal Leslie) Date: Wed, 24 May 2006 07:21:44 -0800 Subject: heya quotes Message-ID: <605169217.3869235633858.JavaMail.ebayapp@sj-besreco391> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1010 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: descendant.5.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From arma at mit.edu Wed May 24 05:19:20 2006 From: arma at mit.edu (Roger Dingledine) Date: Wed, 24 May 2006 08:19:20 -0400 Subject: Tor 0.1.1.20 is released Message-ID: Tor 0.1.1.20, the first stable release of the 0.1.1.x branch, is finally ready. This release features some major security fixes, including entry guards to protect the beginning of the circuit, exit enclaves to protect the end, and better firewall support; a new directory protocol that improves bandwidth use and keeps clients more up to date; two new directory authorities; a new ascii-based controller protocol that lets people easily write applications to interact with Tor; and many scalability and performance improvements. http://tor.eff.org/download.html Changes in version 0.1.1.20 - 2006-05-23 o Crash and assert fixes from 0.1.0.17: - Fix assert bug in close_logs() on exit: when we close and delete logs, remove them all from the global "logfiles" list. - Fix an assert error when we're out of space in the connection_list and we try to post a hidden service descriptor (reported by Peter Palfrader). - Fix a rare assert error when we've tried all intro points for a hidden service and we try fetching the service descriptor again: "Assertion conn->state != AP_CONN_STATE_RENDDESC_WAIT failed". - Setconf SocksListenAddress kills Tor if it fails to bind. Now back out and refuse the setconf if it would fail. - If you specify a relative torrc path and you set RunAsDaemon in your torrc, then it chdir()'s to the new directory. If you then HUP, it tries to load the new torrc location, fails, and exits. The fix: no longer allow a relative path to torrc when using -f. - Check for integer overflows in more places, when adding elements to smartlists. This could possibly prevent a buffer overflow on malicious huge inputs. o Security fixes, major: - When we're printing strings from the network, don't try to print non-printable characters. Now we're safer against shell escape sequence exploits, and also against attacks to fool users into misreading their logs. - Implement entry guards: automatically choose a handful of entry nodes and stick with them for all circuits. Only pick new guards when the ones you have are unsuitable, and if the old guards become suitable again, switch back. This will increase security dramatically against certain end-point attacks. The EntryNodes config option now provides some hints about which entry guards you want to use most; and StrictEntryNodes means to only use those. Fixes CVE-2006-0414. - Implement exit enclaves: if we know an IP address for the destination, and there's a running Tor server at that address which allows exit to the destination, then extend the circuit to that exit first. This provides end-to-end encryption and end-to-end authentication. Also, if the user wants a .exit address or enclave, use 4 hops rather than 3, and cannibalize a general circ for it if you can. - Obey our firewall options more faithfully: . If we can't get to a dirserver directly, try going via Tor. . Don't ever try to connect (as a client) to a place our firewall options forbid. . If we specify a proxy and also firewall options, obey the firewall options even when we're using the proxy: some proxies can only proxy to certain destinations. - Make clients regenerate their keys when their IP address changes. - For the OS X package's modified privoxy config file, comment out the "logfile" line so we don't log everything passed through privoxy. - Our TLS handshakes were generating a single public/private keypair for the TLS context, rather than making a new one for each new connection. Oops. (But we were still rotating them periodically, so it's not so bad.) - When we were cannibalizing a circuit with a particular exit node in mind, we weren't checking to see if that exit node was already present earlier in the circuit. Now we are. - Require server descriptors to list IPv4 addresses -- hostnames are no longer allowed. This also fixes potential vulnerabilities to servers providing hostnames as their address and then preferentially resolving them so they can partition users. - Our logic to decide if the OR we connected to was the right guy was brittle and maybe open to a mitm for invalid routers. o Security fixes, minor: - Adjust tor-spec.txt to parameterize cell and key lengths. Now Ian Goldberg can prove things about our handshake protocol more easily. - Make directory authorities generate a separate "guard" flag to mean "would make a good entry guard". Clients now honor the is_guard flag rather than looking at is_fast or is_stable. - Try to list MyFamily elements by key, not by nickname, and warn if we've not heard of a server. - Start using RAND_bytes rather than RAND_pseudo_bytes from OpenSSL. Also, reseed our entropy every hour, not just at startup. And add entropy in 512-bit chunks, not 160-bit chunks. - Refuse server descriptors where the fingerprint line doesn't match the included identity key. Tor doesn't care, but other apps (and humans) might actually be trusting the fingerprint line. - We used to kill the circuit when we receive a relay command we don't recognize. Now we just drop that cell. - Fix a bug found by Lasse Overlier: when we were making internal circuits (intended to be cannibalized later for rendezvous and introduction circuits), we were picking them so that they had useful exit nodes. There was no need for this, and it actually aids some statistical attacks. - Start treating internal circuits and exit circuits separately. It's important to keep them separate because internal circuits have their last hops picked like middle hops, rather than like exit hops. So exiting on them will break the user's expectations. - Fix a possible way to DoS dirservers. - When the client asked for a rendezvous port that the hidden service didn't want to provide, we were sending an IP address back along with the end cell. Fortunately, it was zero. But stop that anyway. o Packaging improvements: - Implement --with-libevent-dir option to ./configure. Improve search techniques to find libevent, and use those for openssl too. - Fix a couple of bugs in OpenSSL detection. Deal better when there are multiple SSLs installed with different versions. - Avoid warnings about machine/limits.h on Debian GNU/kFreeBSD. - On non-gcc compilers (e.g. Solaris's cc), use "-g -O" instead of "-Wall -g -O2". - Make unit tests (and other invocations that aren't the real Tor) run without launching listeners, creating subdirectories, and so on. - The OS X installer was adding a symlink for tor_resolve but the binary was called tor-resolve (reported by Thomas Hardly). - Now we can target arch and OS in rpm builds (contributed by Phobos). Also make the resulting dist-rpm filename match the target arch. - Apply Matt Ghali's --with-syslog-facility patch to ./configure if you log to syslog and want something other than LOG_DAEMON. - Fix the torify (tsocks) config file to not use Tor for localhost connections. - Start shipping socks-extensions.txt, tor-doc-unix.html, tor-doc-server.html, and stylesheet.css in the tarball. - Stop shipping tor-doc.html, INSTALL, and README in the tarball. They are useless now. - Add Peter Palfrader's contributed check-tor script. It lets you easily check whether a given server (referenced by nickname) is reachable by you. - Add BSD-style contributed startup script "rc.subr" from Peter Thoenen. o Directory improvements -- new directory protocol: - See tor/doc/dir-spec.txt for all the juicy details. Key points: - Authorities and caches publish individual descriptors (by digest, by fingerprint, by "all", and by "tell me yours"). - Clients don't download or use the old directory anymore. Now they download network-statuses from the directory authorities, and fetch individual server descriptors as needed from mirrors. - Clients don't download descriptors of non-running servers. - Download descriptors by digest, not by fingerprint. Caches try to download all listed digests from authorities; clients try to download "best" digests from caches. This avoids partitioning and isolating attacks better. - Only upload a new server descriptor when options change, 18 hours have passed, uptime is reset, or bandwidth changes a lot. - Directory authorities silently throw away new descriptors that haven't changed much if the timestamps are similar. We do this to tolerate older Tor servers that upload a new descriptor every 15 minutes. (It seemed like a good idea at the time.) - Clients choose directory servers from the network status lists, not from their internal list of router descriptors. Now they can go to caches directly rather than needing to go to authorities to bootstrap the first set of descriptors. - When picking a random directory, prefer non-authorities if any are known. - Add a new flag to network-status indicating whether the server can answer v2 directory requests too. - Directory mirrors now cache up to 16 unrecognized network-status docs, so new directory authorities will be cached too. - Stop parsing, storing, or using running-routers output (but mirrors still cache and serve it). - Clients consider a threshold of "versioning" directory authorities before deciding whether to warn the user that he's obsolete. - Authorities publish separate sorted lists of recommended versions for clients and for servers. - Change DirServers config line to note which dirs are v1 authorities. - Put nicknames on the DirServer line, so we can refer to them without requiring all our users to memorize their IP addresses. - Remove option when getting directory cache to see whether they support running-routers; they all do now. Replace it with one to see whether caches support v2 stuff. - Stop listing down or invalid nodes in the v1 directory. This reduces its bulk by about 1/3, and reduces load on mirrors. - Mirrors no longer cache the v1 directory as often. - If we as a directory mirror don't know of any v1 directory authorities, then don't try to cache any v1 directories. o Other directory improvements: - Add lefkada.eecs.harvard.edu and tor.dizum.com as fourth and fifth authoritative directory servers. - Directory authorities no longer require an open connection from a server to consider him "reachable". We need this change because when we add new directory authorities, old servers won't know not to hang up on them. - Dir authorities now do their own external reachability testing of each server, and only list as running the ones they found to be reachable. We also send back warnings to the server's logs if it uploads a descriptor that we already believe is unreachable. - Spread the directory authorities' reachability testing over the entire testing interval, so we don't try to do 500 TLS's at once every 20 minutes. - Make the "stable" router flag in network-status be the median of the uptimes of running valid servers, and make clients pay attention to the network-status flags. Thus the cutoff adapts to the stability of the network as a whole, making IRC, IM, etc connections more reliable. - Make the v2 dir's "Fast" flag based on relative capacity, just like "Stable" is based on median uptime. Name everything in the top 7/8 Fast, and only the top 1/2 gets to be a Guard. - Retry directory requests if we fail to get an answer we like from a given dirserver (we were retrying before, but only if we fail to connect). - Return a robots.txt on our dirport to discourage google indexing. o Controller protocol improvements: - Revised controller protocol (version 1) that uses ascii rather than binary: tor/doc/control-spec.txt. Add supporting libraries in python and java and c# so you can use the controller from your applications without caring how our protocol works. - Allow the DEBUG controller event to work again. Mark certain log entries as "don't tell this to controllers", so we avoid cycles. - New controller function "getinfo accounting", to ask how many bytes we've used in this time period. - Add a "resetconf" command so you can set config options like AllowUnverifiedNodes and LongLivedPorts to "". Also, if you give a config option in the torrc with no value, then it clears it entirely (rather than setting it to its default). - Add a "getinfo config-file" to tell us where torrc is. Also expose guard nodes, config options/names. - Add a "quit" command (when when using the controller manually). - Add a new signal "newnym" to "change pseudonyms" -- that is, to stop using any currently-dirty circuits for new streams, so we don't link new actions to old actions. This also occurs on HUP or "signal reload". - If we would close a stream early (e.g. it asks for a .exit that we know would refuse it) but the LeaveStreamsUnattached config option is set by the controller, then don't close it. - Add a new controller event type "authdir_newdescs" that allows controllers to get all server descriptors that were uploaded to a router in its role as directory authority. - New controller option "getinfo desc/all-recent" to fetch the latest server descriptor for every router that Tor knows about. - Fix the controller's "attachstream 0" command to treat conn like it just connected, doing address remapping, handling .exit and .onion idioms, and so on. Now we're more uniform in making sure that the controller hears about new and closing connections. - Permit transitioning from ORPort==0 to ORPort!=0, and back, from the controller. Also, rotate dns and cpu workers if the controller changes options that will affect them; and initialize the dns worker cache tree whether or not we start out as a server. - Add a new circuit purpose 'controller' to let the controller ask for a circuit that Tor won't try to use. Extend the "extendcircuit" controller command to let you specify the purpose if you're starting a new circuit. Add a new "setcircuitpurpose" controller command to let you change a circuit's purpose after it's been created. - Let the controller ask for "getinfo dir/server/foo" so it can ask directly rather than connecting to the dir port. "getinfo dir/status/foo" also works, but currently only if your DirPort is enabled. - Let the controller tell us about certain router descriptors that it doesn't want Tor to use in circuits. Implement "setrouterpurpose" and modify "+postdescriptor" to do this. - If the controller's *setconf commands fail, collect an error message in a string and hand it back to the controller -- don't just tell them to go read their logs. o Scalability, resource management, and performance: - Fix a major load balance bug: we were round-robin reading in 16 KB chunks, and servers with bandwidthrate of 20 KB, while downloading a 600 KB directory, would starve their other connections. Now we try to be a bit more fair. - Be more conservative about whether to advertise our DirPort. The main change is to not advertise if we're running at capacity and either a) we could hibernate ever or b) our capacity is low and we're using a default DirPort. - We weren't cannibalizing circuits correctly for CIRCUIT_PURPOSE_C_ESTABLISH_REND and CIRCUIT_PURPOSE_S_ESTABLISH_INTRO, so we were being forced to build those from scratch. This should make hidden services faster. - Predict required circuits better, with an eye toward making hidden services faster on the service end. - Compress exit policies even more: look for duplicate lines and remove them. - Generate 18.0.0.0/8 address policy format in descs when we can; warn when the mask is not reducible to a bit-prefix. - There used to be two ways to specify your listening ports in a server descriptor: on the "router" line and with a separate "ports" line. Remove support for the "ports" line. - Reduce memory requirements in our structs by changing the order of fields. Replace balanced trees with hash tables. Inline bottleneck smartlist functions. Add a "Map from digest to void*" abstraction so we can do less hex encoding/decoding, and use it in router_get_by_digest(). Many other CPU and memory improvements. - Allow tor_gzip_uncompress to extract as much as possible from truncated compressed data. Try to extract as many descriptors as possible from truncated http responses (when purpose is DIR_PURPOSE_FETCH_ROUTERDESC). - Make circ->onionskin a pointer, not a static array. moria2 was using 125000 circuit_t's after it had been up for a few weeks, which translates to 20+ megs of wasted space. - The private half of our EDH handshake keys are now chosen out of 320 bits, not 1024 bits. (Suggested by Ian Goldberg.) - Stop doing the complex voodoo overkill checking for insecure Diffie-Hellman keys. Just check if it's in [2,p-2] and be happy. - Do round-robin writes for TLS of at most 16 kB per write. This might be more fair on loaded Tor servers. - Do not use unaligned memory access on alpha, mips, or mipsel. It *works*, but is very slow, so we treat them as if it doesn't. o Other bugfixes and improvements: - Start storing useful information to $DATADIR/state, so we can remember things across invocations of Tor. Retain unrecognized lines so we can be forward-compatible, and write a TorVersion line so we can be backward-compatible. - If ORPort is set, Address is not explicitly set, and our hostname resolves to a private IP address, try to use an interface address if it has a public address. Now Windows machines that think of themselves as localhost can guess their address. - Regenerate our local descriptor if it's dirty and we try to use it locally (e.g. if it changes during reachability detection). This was causing some Tor servers to keep publishing the same initial descriptor forever. - Tor servers with dynamic IP addresses were needing to wait 18 hours before they could start doing reachability testing using the new IP address and ports. This is because they were using the internal descriptor to learn what to test, yet they were only rebuilding the descriptor once they decided they were reachable. - It turns out we couldn't bootstrap a network since we added reachability detection in 0.1.0.1-rc. Good thing the Tor network has never gone down. Add an AssumeReachable config option to let servers and authorities bootstrap. When we're trying to build a high-uptime or high-bandwidth circuit but there aren't enough suitable servers, try being less picky rather than simply failing. - Newly bootstrapped Tor networks couldn't establish hidden service circuits until they had nodes with high uptime. Be more tolerant. - Really busy servers were keeping enough circuits open on stable connections that they were wrapping around the circuit_id space. (It's only two bytes.) This exposed a bug where we would feel free to reuse a circuit_id even if it still exists but has been marked for close. Try to fix this bug. Some bug remains. - When we fail to bind or listen on an incoming or outgoing socket, we now close it before refusing, rather than just leaking it. (Thanks to Peter Palfrader for finding.) - Fix a file descriptor leak in start_daemon(). - On Windows, you can't always reopen a port right after you've closed it. So change retry_listeners() to only close and re-open ports that have changed. - Workaround a problem with some http proxies that refuse GET requests that specify "Content-Length: 0". Reported by Adrian. - Recover better from TCP connections to Tor servers that are broken but don't tell you (it happens!); and rotate TLS connections once a week. - Fix a scary-looking but apparently harmless bug where circuits would sometimes start out in state CIRCUIT_STATE_OR_WAIT at servers, and never switch to state CIRCUIT_STATE_OPEN. - Check for even more Windows version flags when writing the platform string in server descriptors, and note any we don't recognize. - Add reasons to DESTROY and RELAY_TRUNCATED cells, so clients can get a better idea of why their circuits failed. Not used yet. - Add TTLs to RESOLVED, CONNECTED, and END_REASON_EXITPOLICY cells. We don't use them yet, but maybe one day our DNS resolver will be able to discover them. - Let people type "tor --install" as well as "tor -install" when they want to make it an NT service. - Looks like we were never delivering deflated (i.e. compressed) running-routers lists, even when asked. Oops. - We were leaking some memory every time the client changed IPs. - Clean up more of the OpenSSL memory when exiting, so we can detect memory leaks better. - Never call free() on tor_malloc()d memory. This will help us use dmalloc to detect memory leaks. - Some Tor servers process billions of cells per day. These statistics are now uint64_t's. - Check [X-]Forwarded-For headers in HTTP requests when generating log messages. This lets people run dirservers (and caches) behind Apache but still know which IP addresses are causing warnings. - Fix minor integer overflow in calculating when we expect to use up our bandwidth allocation before hibernating. - Lower the minimum required number of file descriptors to 1000, so we can have some overhead for Valgrind on Linux, where the default ulimit -n is 1024. - Stop writing the "router.desc" file, ever. Nothing uses it anymore, and its existence is confusing some users. o Config option fixes: - Add a new config option ExitPolicyRejectPrivate which defaults to on. Now all exit policies will begin with rejecting private addresses, unless the server operator explicitly turns it off. - Bump the default bandwidthrate to 3 MB, and burst to 6 MB. - Add new ReachableORAddresses and ReachableDirAddresses options that understand address policies. FascistFirewall is now a synonym for "ReachableORAddresses *:443", "ReachableDirAddresses *:80". - Start calling it FooListenAddress rather than FooBindAddress, since few of our users know what it means to bind an address or port. - If the user gave Tor an odd number of command-line arguments, we were silently ignoring the last one. Now we complain and fail. This wins the oldest-bug prize -- this bug has been present since November 2002, as released in Tor 0.0.0. - If you write "HiddenServicePort 6667 127.0.0.1 6668" in your torrc rather than "HiddenServicePort 6667 127.0.0.1:6668", it would silently ignore the 6668. - If we get a linelist or linelist_s config option from the torrc, e.g. ExitPolicy, and it has no value, warn and skip rather than silently resetting it to its default. - Setconf was appending items to linelists, not clearing them. - Add MyFamily to torrc.sample in the server section, so operators will be more likely to learn that it exists. - Make ContactInfo mandatory for authoritative directory servers. - MaxConn has been obsolete for a while now. Document the ConnLimit config option, which is a *minimum* number of file descriptors that must be available else Tor refuses to start. - Get rid of IgnoreVersion undocumented config option, and make us only warn, never exit, when we're running an obsolete version. - Make MonthlyAccountingStart config option truly obsolete now. - Correct the man page entry on TrackHostExitsExpire. - Let directory authorities start even if they don't specify an Address config option. - Change "AllowUnverifiedNodes" to "AllowInvalidNodes", to reflect the updated flags in our v2 dir protocol. o Config option features: - Add a new config option FastFirstHopPK (on by default) so clients do a trivial crypto handshake for their first hop, since TLS has already taken care of confidentiality and authentication. - Let the user set ControlListenAddress in the torrc. This can be dangerous, but there are some cases (like a secured LAN) where it makes sense. - New config options to help controllers: FetchServerDescriptors and FetchHidServDescriptors for whether to fetch server info and hidserv info or let the controller do it, and PublishServerDescriptor and PublishHidServDescriptors. - Also let the controller set the __AllDirActionsPrivate config option if you want all directory fetches/publishes to happen via Tor (it assumes your controller bootstraps your circuits). - Add "HardwareAccel" config option: support for crypto hardware accelerators via OpenSSL. Off by default, until we find somebody smart who can test it for us. (It appears to produce seg faults in at least some cases.) - New config option "AuthDirRejectUnlisted" for directory authorities as a panic button: if we get flooded with unusable servers we can revert to only listing servers in the approved-routers file. - Directory authorities can now reject/invalidate by key and IP, with the config options "AuthDirInvalid" and "AuthDirReject", or by marking a fingerprint as "!reject" or "!invalid" (as its nickname) in the approved-routers file. This is useful since currently we automatically list servers as running and usable even if we know they're jerks. - Add a new config option TestSocks so people can see whether their applications are using socks4, socks4a, socks5-with-ip, or socks5-with-fqdn. This way they don't have to keep mucking with tcpdump and wondering if something got cached somewhere. - Add "private:*" as an alias in configuration for policies. Now you can simplify your exit policy rather than needing to list every single internal or nonroutable network space. - Accept "private:*" in routerdesc exit policies; not generated yet because older Tors do not understand it. - Add configuration option "V1AuthoritativeDirectory 1" which moria1, moria2, and tor26 have set. - Implement an option, VirtualAddrMask, to set which addresses get handed out in response to mapaddress requests. This works around a bug in tsocks where 127.0.0.0/8 is never socksified. - Add a new config option FetchUselessDescriptors, off by default, for when you plan to run "exitlist" on your client and you want to know about even the non-running descriptors. - SocksTimeout: How long do we let a socks connection wait unattached before we fail it? - CircuitBuildTimeout: Cull non-open circuits that were born at least this many seconds ago. - CircuitIdleTimeout: Cull open clean circuits that were born at least this many seconds ago. - New config option SafeSocks to reject all application connections using unsafe socks protocols. Defaults to off. o Improved and clearer log messages: - Reduce clutter in server logs. We're going to try to make them actually usable now. New config option ProtocolWarnings that lets you hear about how _other Tors_ are breaking the protocol. Off by default. - Divide log messages into logging domains. Once we put some sort of interface on this, it will let people looking at more verbose log levels specify the topics they want to hear more about. - Log server fingerprint on startup, so new server operators don't have to go hunting around their filesystem for it. - Provide dire warnings to any users who set DirServer manually; move it out of torrc.sample and into torrc.complete. - Make the log message less scary when all the dirservers are temporarily unreachable. - When tor_socketpair() fails in Windows, give a reasonable Windows-style errno back. - Improve tor_gettimeofday() granularity on windows. - We were printing the number of idle dns workers incorrectly when culling them. - Handle duplicate lines in approved-routers files without warning. - We were whining about using socks4 or socks5-with-local-lookup even when it's an IP address in the "virtual" range we designed exactly for this case. - Check for named servers when looking them up by nickname; warn when we're calling a non-named server by its nickname; don't warn twice about the same name. - Downgrade the dirserver log messages when whining about unreachability. - Correct "your server is reachable" log entries to indicate that it was self-testing that told us so. - If we're trying to be a Tor server and running Windows 95/98/ME as a server, explain that we'll likely crash. - Provide a more useful warn message when our onion queue gets full: the CPU is too slow or the exit policy is too liberal. - Don't warn when we receive a 503 from a dirserver/cache -- this will pave the way for them being able to refuse if they're busy. - When we fail to bind a listener, try to provide a more useful log message: e.g., "Is Tor already running?" - Only start testing reachability once we've established a circuit. This will make startup on dir authorities less noisy. - Don't try to upload hidden service descriptors until we have established a circuit. - Tor didn't warn when it failed to open a log file. - Warn when listening on a public address for socks. We suspect a lot of people are setting themselves up as open socks proxies, and they have no idea that jerks on the Internet are using them, since they simply proxy the traffic into the Tor network. - Give a useful message when people run Tor as the wrong user, rather than telling them to start chowning random directories. - Fix a harmless bug that was causing Tor servers to log "Got an end because of misc error, but we're not an AP. Closing." - Fix wrong log message when you add a "HiddenServiceNodes" config line without any HiddenServiceDir line (reported by Chris Thomas). - Directory authorities now stop whining so loudly about bad descriptors that they fetch from other dirservers. So when there's a log complaint, it's for sure from a freshly uploaded descriptor. - When logging via syslog, include the pid whenever we provide a log entry. Suggested by Todd Fries. - When we're shutting down and we do something like try to post a server descriptor or rendezvous descriptor, don't complain that we seem to be unreachable. Of course we are, we're shutting down. - Change log line for unreachability to explicitly suggest /etc/hosts as the culprit. Also make it clearer what IP address and ports we're testing for reachability. - Put quotes around user-supplied strings when logging so users are more likely to realize if they add bad characters (like quotes) to the torrc. - NT service patch from Matt Edman to improve error messages on Win32. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From declan at well.com Wed May 24 10:24:46 2006 From: declan at well.com (Declan McCullagh) Date: Wed, 24 May 2006 10:24:46 -0700 Subject: [Politech] ACLU launches "Don't Spy on Me" campaign; protests [priv] Message-ID: Also there are protests in SF, NYC, Boston, Chicago today: http://saveaccess.org/ I'm planning to stop by the SF one by the SBC stadium at noon. -Declan -------- Original Message -------- Subject: ACLU Launches "Don't Spy on Me" Campaign Date: Wed, 24 May 2006 13:15:25 -0400 From: Barry Steinhardt To: Declan, Politechers may be interested to know that the ACLU is launching a nationwide consumer campaign today to respond to the recent revelations about the telecoms and NSA spying. We are: A) asking the FCC to fulfill its regulatory obligation and investigate (Chairman Martin's lame argument that they cannot do so notwithstanding) B) ACLU offices around the country are filing demands with Public Utility Commissions, which often have considerable power to enforce state privacy laws, asking for investigations and cease-and-desist actions. C) Inviting citizens to add their names to these actions, and making it easy to do so via www.aclu.org/dontspy Our appeal is below. Thanks, Barry ------ Barry Steinhardt Director, Technology and Liberty Project, ACLU Dear Friend, It's illegal and un-American for your phone company to hand over your phone records to the government without a legal order. But it looks like that's just what they're doing: violating the privacy and rights of millions of innocent Americans in the process. The phone companies have no right to forfeit your privacy. And just last night we learned that the FCC has refused to investigate these illegal actions, using the same "state secrets" excuse used by the very phone companies it's supposed to hold accountable. Today, the ACLU is launching a nationwide consumer campaign demanding that regulators do their jobs and protect our privacy. We need your help. It's outrageous that the agency created to guard the people's interest is burying its head in the sand during what may be the most massive abuse of customer privacy in American history. We can't stand idly by while corporations, federal regulators and even our elected leaders fail to champion our rights or uphold our basic system of checks and balances. The power to right these wrongs ultimately resides in the hands of the American people. The ACLU is filing formal documents with the Federal Communications Commission (FCC) insisting that they fulfill their regulatory obligation and investigate this breach of consumer trust. At the same time, ACLU offices across the country are filing similar demands with regulatory authorities in dozens of states. Regulators need to hear that the public demands action. The longer the list of names, the more powerful our message. Federal and state officials must use their authority to investigate and fine the phone companies, and your voice will make a difference. Act now to stop phone companies from abusing your privacy. We must not allow the government and the phone companies to collude in this massive illegal attack on our privacy and our trust. And we certainly can't wait for Congress to act, or for the phone companies to reverse course. Join us in telling the FCC that we won't take no for an answer -- they must investigate. And don't let the states follow the FCC's wrong-headed example. We are simultaneously filing 20 actions across the nation TODAY. Please add your name and your voice. All you have to do is use our online form. We'll add your name to our demand for FCC action and to local filings in applicable states. After you sign on, you can also send an email directly to each of the four FCC commissioners letting them know Americans want answers and action. Act now to stop phone companies from abusing your privacy. As always, thank you for standing with us. Every voice in this fight is going to matter, so please take action today. Sincerely, Anthony D. Romero Executive Director ACLU _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From aue at acsworld.net Wed May 24 11:47:58 2006 From: aue at acsworld.net (Trevor Parrish) Date: Wed, 24 May 2006 10:47:58 -0800 Subject: news day Message-ID: <39810.$$.57147.Etrack@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1028 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: machine.7.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From camera_lumina at hotmail.com Wed May 24 08:08:54 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 24 May 2006 11:08:54 -0400 Subject: Vectrotel tri-band GSM cellphone does DH+AES In-Reply-To: <20060524055346.GA1898@arion.hive> Message-ID: >Their English can be forgiven, but what's this? >http://www.vectrotel.ch/images/typHuge/44.jpg Well, that's a nice way to Stego a DH key exchange, I guess. -TD From coderman at gmail.com Wed May 24 12:49:53 2006 From: coderman at gmail.com (coderman) Date: Wed, 24 May 2006 12:49:53 -0700 Subject: export bullshit and "thought crime" munitions... Message-ID: <4ef5fec60605241249x52eb3ad6g7d5718d355f6ab8f@mail.gmail.com> i categorically deny any government the authority to prevent me from distributing strong encryption, in source or compiled, to anyone anywhere. it's time this bullshit was called out as obsolete and fully ineffective. (if you don't feel the same you should avoid redistributing yourself. i however refuse to play these stupid games or insist on foreign development outside these restrictions.) --- http://cryptome.org/zfone-agree.htm & http://yro.slashdot.org/comments.pl?sid=186373&threshold=1&commentsort=0&mode=thread&pid=15383117#15383625 """Although the US has ended most of their export controls for crypto software, there are still some reasonable export controls in place, namely, to prevent the software from being exported to a few embargoed nations, such as North Korea, Iran, Libya, Syria, and Sudan. And for commercial encryption software that you actually pay for (not this free public beta), there are now requirements to check customers against government watch lists as well, which is something that companies such as PGP comply with these days. PGP Corp volunteered to host the public beta software on their server, with all the appropriate checks in place. That's why you have to register, to make sure you are not in an embargoed country, to keep me in compliance with U.S. export laws. Been there, done that. -Philip Zimmermann""" Re:Misplaced paranoia ... on Monday May 22, @09:35PM (#15384889) """The purpose of the law of course, is not to prevent the export of encryption to forgein countries. They already have these algorithims. Nor is it to prevent access to the terrorist boegyman. They either don't use it, or can easily get access to encryption. No. The purpose of the law is to hang the sword of damocles over the head of anyone who wants to bring safe and secure communication to the masses. The government doesn't want the masses to encrypt their traffic, and they use this law to impede the distrobution of your software and others like it. I think you need to give up the ghost here. If your government wants to shut you down. they will, regardless of how much you try to comply with export restrictions it will never be good enough. I think you need to stop playing by rules where you can't possibly win and simply go all out in an effort to get as many people using zfone as possible. All out. Unrestricted downloads, ease of use, ad campaign, browser plugins, whatever. Just do anything to get as many people using encrypted VOIP as you possibly can, because until then, your software will remain one the fringe where it's easier to shut down.""" From agoing at acl.com Wed May 24 13:59:03 2006 From: agoing at acl.com (Claire Emery) Date: Wed, 24 May 2006 12:59:03 -0800 Subject: Great loww ratess Message-ID: <363679021.8075722280051.JavaMail.ebayapp@sj-besreco540> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 992 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: gender.9.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From bill.stewart at pobox.com Wed May 24 13:22:16 2006 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 24 May 2006 13:22:16 -0700 Subject: Vectrotel tri-band GSM cellphone does DH+AES In-Reply-To: References: <20060524055346.GA1898@arion.hive> Message-ID: <6.2.1.2.0.20060524132059.032f8ab0@pop.idiom.com> At 08:08 AM 5/24/2006, Tyler Durden wrote: >>Their English can be forgiven, but what's this? >>http://www.vectrotel.ch/images/typHuge/44.jpg > >Well, that's a nice way to Stego a DH key exchange, I guess. Looks a lot like, if they're not careful, they could easily repeat some of PPTP's mistakes and use the same keystream in both directions for an XOR stream cypher, instead of using AES as a block cypher? From camera_lumina at hotmail.com Wed May 24 11:43:20 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 24 May 2006 14:43:20 -0400 Subject: [declan@well.com: [Politech] ACLU launches "Don't Spy on Me" campaign; protests [priv]] In-Reply-To: <20060524174559.GA26713@leitl.org> Message-ID: I work across the street from the Vesey Street location but I saw no one when I went out to lunch today. Which is not to say they weren't there, but it can't have been very large. -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [declan at well.com: [Politech] ACLU launches "Don't Spy on Me" >campaign; protests [priv]] >Date: Wed, 24 May 2006 19:45:59 +0200 > >----- Forwarded message from Declan McCullagh ----- > >From: Declan McCullagh >Date: Wed, 24 May 2006 10:24:46 -0700 >To: Politech >Subject: [Politech] > ACLU launches "Don't Spy on Me" campaign; protests [priv] >User-Agent: Thunderbird 1.5.0.2 (Macintosh/20060308) > >Also there are protests in SF, NYC, Boston, Chicago today: >http://saveaccess.org/ > >I'm planning to stop by the SF one by the SBC stadium at noon. > >-Declan > >-------- Original Message -------- >Subject: ACLU Launches "Don't Spy on Me" Campaign >Date: Wed, 24 May 2006 13:15:25 -0400 >From: Barry Steinhardt >To: > >Declan, > > >Politechers may be interested to know that the ACLU is launching a >nationwide consumer campaign today to respond to the recent revelations >about the telecoms and NSA spying. We are: > >A) asking the FCC to fulfill its regulatory obligation and investigate >(Chairman Martin's lame argument that they cannot do so notwithstanding) > >B) ACLU offices around the country are filing demands with Public >Utility Commissions, which often have considerable power to enforce >state privacy laws, asking for investigations and cease-and-desist actions. > >C) Inviting citizens to add their names to these actions, and making it >easy to do so via www.aclu.org/dontspy > >Our appeal is below. > >Thanks, > >Barry > >------ >Barry Steinhardt >Director, Technology and Liberty Project, ACLU > > >Dear Friend, > >It's illegal and un-American for your phone company to hand over your >phone records to the government without a legal order. But it looks like >that's just what they're doing: violating the privacy and rights of >millions of innocent Americans in the process. > >The phone companies have no right to forfeit your privacy. And just last >night we learned that the FCC has refused to investigate these illegal >actions, using the same "state secrets" excuse used by the very phone >companies it's supposed to hold accountable. > >Today, the ACLU is launching a nationwide consumer campaign demanding >that regulators do their jobs and protect our privacy. We need your help. > > > > >It's outrageous that the agency created to guard the people's interest >is burying its head in the sand during what may be the most massive >abuse of customer privacy in American history. > >We can't stand idly by while corporations, federal regulators and even >our elected leaders fail to champion our rights or uphold our basic >system of checks and balances. The power to right these wrongs >ultimately resides in the hands of the American people. > >The ACLU is filing formal documents with the Federal Communications >Commission (FCC) insisting that they fulfill their regulatory obligation >and investigate this breach of consumer trust. At the same time, ACLU >offices across the country are filing similar demands with regulatory >authorities in dozens of states. > >Regulators need to hear that the public demands action. The longer the >list of names, the more powerful our message. Federal and state >officials must use their authority to investigate and fine the phone >companies, and your voice will make a difference. > >Act now to stop phone companies from abusing your privacy. > >We must not allow the government and the phone companies to collude in >this massive illegal attack on our privacy and our trust. > >And we certainly can't wait for Congress to act, or for the phone >companies to reverse course. > >Join us in telling the FCC that we won't take no for an answer -- they >must investigate. And don't let the states follow the FCC's wrong-headed >example. We are simultaneously filing 20 actions across the nation TODAY. > >Please add your name and your voice. All you have to do is use our >online form. We'll add your name to our demand for FCC action and to >local filings in applicable states. After you sign on, you can also send >an email directly to each of the four FCC commissioners letting them >know Americans want answers and action. > >Act now to stop phone companies from abusing your privacy. > >As always, thank you for standing with us. Every voice in this fight is >going to matter, so please take action today. > >Sincerely, > >Anthony D. Romero >Executive Director >ACLU >_______________________________________________ >Politech mailing list >Archived at http://www.politechbot.com/ >Moderated by Declan McCullagh (http://www.mccullagh.org/) > >----- End forwarded message ----- >-- >Eugen* Leitl leitl http://leitl.org >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.ativel.com >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From cjdnjn at okpride.net Wed May 24 12:58:40 2006 From: cjdnjn at okpride.net (Claire Cornell) Date: Wed, 24 May 2006 14:58:40 -0500 Subject: I feel lucky Message-ID: <228291536146.OWL98757@electrify.my56k.com> Claire Cornell (France) played one strategic half hour of A Night Out on May 7th. Within that single half hour, He made $11,115! Who needs a whole night out when you can make a bundle in half an hour? http://kolpare.com/d1/hot From Nxoeae at delta.edu Wed May 24 07:16:04 2006 From: Nxoeae at delta.edu (Tristan Williams) Date: Wed, 24 May 2006 15:16:04 +0100 Subject: Amazing Refinances hassle free Message-ID: <200605241320.k4ODJqoa030594@proton.jfet.org> Sir/Madam, Your current homeloan qualifies you to get sizable earnings. Our system will match you with the most experienced lender, so that you will have more wealth in your books at the end of each month. It really is so easy.. Many many Americans are Re-Fi-Nancing their houses every day. Now its your period. This short 1 minute form will be your next move towards definite financial security. Hoping on the best for you all. Tristan Williams -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 707 bytes Desc: not available URL: From eugen at leitl.org Wed May 24 10:23:06 2006 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 24 May 2006 19:23:06 +0200 Subject: [arma@mit.edu: Tor 0.1.1.20 is released] Message-ID: <20060524172305.GV26713@leitl.org> ----- Forwarded message from Roger Dingledine ----- From eugen at leitl.org Wed May 24 10:45:59 2006 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 24 May 2006 19:45:59 +0200 Subject: [declan@well.com: [Politech] ACLU launches "Don't Spy on Me" campaign; protests [priv]] Message-ID: <20060524174559.GA26713@leitl.org> ----- Forwarded message from Declan McCullagh ----- From anjelicaqjw at wanadoo.com Wed May 24 11:51:30 2006 From: anjelicaqjw at wanadoo.com (Roman) Date: Wen, 24 May 2006 19:51:30 +0100 Subject: Short-term stokc advice that multiplies income "HY WI" you gotta have fun Message-ID: <200605241748.k4OHmHkr004727@proton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3317 bytes Desc: not available URL: From eugen at leitl.org Wed May 24 11:43:34 2006 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 24 May 2006 20:43:34 +0200 Subject: [edrigram@edri.org: EDRI-gram newsletter - Number 4.10, 24 May 2006] Message-ID: <20060524184333.GE26713@leitl.org> News from over the pond. ----- Forwarded message from EDRI-gram newsletter ----- From eugen at leitl.org Wed May 24 11:58:57 2006 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 24 May 2006 20:58:57 +0200 Subject: [declan@well.com: [Politech] ACLU launches "Don't Spy on Me" campaign; protests [priv]] In-Reply-To: References: <20060524174559.GA26713@leitl.org> Message-ID: <20060524185857.GH26713@leitl.org> On Wed, May 24, 2006 at 02:43:20PM -0400, Tyler Durden wrote: > I work across the street from the Vesey Street location but I saw no one > when I went out to lunch today. Which is not to say they weren't there, but > it can't have been very large. Collectively, the society doesn't seem to be giving a shit whether they live in brinworld. Same thing over here. If anyone is raising a fuss, I don't see much of it. Only the greens and the liberals (which are more like libertarians, despite the name) seem to care -- but they're forming the opposition. Red/green coalition is a good match to dems/cons, though minus some wingnut stuff. These are the ones spouting the islamist turrdorist line. But of course the major brinworld threat is coming down from the EU, and completely bypasses the democratic process. Which is imo one of the reasons why popular support for EU is waning, but since EU is not a democracy, it's here to stay. -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From edrigram at edri.org Wed May 24 11:05:17 2006 From: edrigram at edri.org (EDRI-gram newsletter) Date: Wed, 24 May 2006 21:05:17 +0300 Subject: EDRI-gram newsletter - Number 4.10, 24 May 2006 Message-ID: ============================================================ EDRI-gram biweekly newsletter about digital civil rights in Europe Number 4.10, 24 May 2006 ============================================================ Contents ============================================================ 1. Draft Audiovisual Media Services Directive under criticism 2. Data Retention faces growing opposition in Germany 3. Set up of the Internet Governance Forum Advisory Group 4. French draft copyright law continues to be criticised 5. German Constitutional Court has outlawed preventive data screening 6. UK Government asks for the encryption keys 7. Big Brother Awards Italy 2006 8. Application of the FOI law in Macedonia 9. PM supports rejected UK ID Cards Act 10. Recommended reading 11. Agenda 12. About ============================================================ 1. Draft Audiovisual Media Services Directive under criticism ============================================================ The European Commission proposal to regulate commercial audio and video broadcasts over the Internet and mobile phones, continues to be strongly opposed by the supporters of free speech, but also tranditional and new media providers. At the meeting of Education, Youth and Culture Council in Brussels (18-19 May 2006) the proposal for a directive amending the Directive on the pursuit of television broadcasting activities was discussed . The debate covered, in particular, the following issues in relation with the proposed directive: the appropriateness and the sustainability of the distinction between linear and non-linear services; the common rules applying to both categories of services; the extent of the modernization and simplification of the television advertising and teleshopping rules. The draft Audiovisual Media Services Directive - a revision of the 1989 Television without Frontiers Directive - introduces the notion of audiovisual media services and distinguishes between "linear" services (e.g. scheduled broadcasting via traditional TV, the internet or mobile phones, which "push" content to viewers) and "non-linear" services (such as video-on-demand, which the viewer "pulls" from a network). Only a basic tier of rules would apply to non-linear services. This draft has already met oppositions and criticism at the beginning of this year being considered as unacceptable. Traditional media as well as new media and technology providers opposed the directive considering, among other things, that it would shortly be obsolete due to the fast development of technology, that it discourages innovation and that it creates a distinction between linear and non-linear broadcasting when in reality this distinction is more and more blurred by the technological development. At the press conference on 18 May, Viviane Reding, EU commissioner for Information Society and Media, had to answer accusations of censorship related to the Directive. The Commissioner stated that the directive had "nothing to do with free speech" and aimed at protecting children and that the new rules were meant to protect "basic societal values". Mrs. Reding considers the rules are only intended to apply to commercial content and that the application of Audiovisual Media Services Directive has as purpose to prevent certain programmes from being shown to children. The idea would be to harmonise rules across the whole European Union so that programme makers don't face bureaucracy every time they try and sell their products to another member country. EU regulation attacked as censorship (19.05.2006) http://www.theregister.co.uk/2006/05/19/eu_censorship/ EU Internet proposals to protect society (18.05.2006) http://go.reuters.co.uk/newsArticle.jhtml?type=internetNews&storyID=12258324 2729th Education, Youth and Culture Council meeting - Brussels, 18-19 May 2006 (provisional version) (18.05.2006) http://www.consilium.europa.eu/cms3_applications/Applications/newsRoom/LoadDo cument.asp?directory=en/educ/&filename=89661.pdf The Television without Frontiers Directive: another "directive too far"? (5.05.2006) http://www.it-analysis.com/business/content.php?cid=8476 Legislative Proposal for an Audiovisual Media Services Directive (13.12.2005) http://ec.europa.eu/comm/avpolicy/docs/reg/modernisation/proposal_2005/com200 5-646-final-en.pdf Debates on draft directive on Television without Frontiers Directive (2.02.2006) http://www.edri.org/edrigram/number4.2/twfdirective ============================================================ 2. Data Retention faces growing opposition in Germany ============================================================ The EU directive on mandatory retention of communications traffic data went into force as an EU law on 3 May 2006, but its transposition into national laws seems more uncertain than before. 16 of the 25 member states of the EU have declared that they will delay the retention of Internet traffic data for an additional period of 18 months. The recent NSA scandal in the United States also clarified the dangers of access to the data by intelligence agencies and led a number of civil liberties groups, among which EDRi member Netzwerk Neue Medien, to protest against data retention in Europe. A draft data retention law has already been withdrawn in the House of Representatives in Washington. In the German Parliament, the Greens have drafted a resolution that would ask the Government to challenge the legality of the EU directive before the European Court of Justice and postpone its implementation on the national level until the court has made a decision. According to the not yet published text, of which EDRi was able to obtain a copy, the data retention decision should have been made in the "Third Pillar" of the European Union structure, as the sole purpose of retaining the data is the law enforcement. Therefore, the proper legislative procedure should have been a framework directive, which gives more power to national Parliaments and requires an unanimous vote on the EU Council of Ministers. The motion is so far being supported by 118 parliamentarians from all parties; the vote is scheduled for 2 June. The period for challenging the directive on these grounds ('230 of the Treaty on the European Community) will end on 10 July 2006. Even if the directive is transposed into the German law, several groups and individuals - among which the former German federal minister of the interior, Gerhart Baum - have announced that they will challenge it before the Constitutional Court. After several recent decisions by the courts against overly intrusive surveillance, retention, and data-screening practices, there is a growing indication that the court will declare the directive illegal under the human rights provisions of the German Constitution. German Parliament: Draft Resolution, "Richtlinie zur Vorratsdatenspeicherung vom EuGH pr|fen lassen" (Reviewing the Directive on Data Retention by the European Court of Justice) (in German only, 18.05 2006) http://www.edri.org/docs/German-Parliament_Draft-DR-Resolution_18-5-2006.pdf Press release by EDRi-Member Netzwerk Neue Medien together with AK Vorratsdatenspeicherung and Stop1984.de: American snooping scandal shows the need for revision of opinion in Europe (in German only, 15.05.2006) http://www.nnm-ev.de/show/135496.html ISP snooping plans take backseat (18.05.2006) http://news.com.com/2100-1028_3-6074070.html Directive 2006/24/EC on the retention of data, Official Journal of the EU, (including declarations by EU member state governments postponing internet data retention) (13.04.2006) http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:0063 :EN:PDF EDRi Data Retention overview page http://www.edri.org/issues/privacy/dataretention EDRi Data Retention Wiki http://wiki.dataretentionisnosolution.com (Contribution by Ralf Bendrath, EDRi member Netzwerk Neue Medien - Germany) ============================================================ 3. Set up of the Internet Governance Forum Advisory Group ============================================================ The Internet Governance Forum Advisory Group (IGF AG) to the UN Secretary-General, selected by United Nations Secretary-General Kofi Annan on 17 May, meets in Geneva on 22-23 May to discuss the agenda and the programme of the Athens Meeting (31 October - 3 November 2006). Members of the group and observers had a two-day meeting meeting under the leadership of Nitin Desai and Markus Kummer. In an open and transparent discussion, the draft of the program included main topics for each day of the coming IGF meeting in Athens. These are : - Access ( Internet connectivity, policies and costs with following workshops on: open standards, investment incentives, etc.) - Security ( building trust online, protecting users from spam, phishing, viruses, maintain security while protecting privacy and workshops with people from technologies, ISP, CERT, law enforcement and human rights, workshops by ITU (cybersecurity) and OECD (spam toolkit) ) - Diversity ( Promoting multilinguism through IDN, and local content and Respecting geographical diversity) - Openness ( Free flow of information, ideas and access to knowledge) The IGF AG consists of 46 people from different countries and cultures and is a good example of the way the UN opened up during the WSIS process. This includes 20 representatives from the governmental sector, 10 from the business sector, 7 representing civil society and 9 from the ICANN system. All stakeholders are well represented - governments, civil society, business, and the relevant international organizations, e.g. ITU, ICANN, ISOC, IETF, International Chamber of Commerce, UNESCO, Internet registries and registrars, and others. People involved in the proceedings say that the IGF will be launched this year in Athens, but will continue in 2007 in Brazil, and in 2008. IGF website - includes webcast and transcripts of the session http://www.intgovforum.org/index.htm EDRI-gram : Consultations on Internet Governance Forum (1.03.2006) http://www.edri.org/edrigram/number4.4/igf (Contribution by Veni Markovski - EDRi-Member ISOC Bulgaria) ============================================================ 4. French draft copyright law continues to be criticised ============================================================ As a continuation of the "saga" of the French draft law on copyright and related rights of the information society (DASDVSI), the French Senate voted this month the law which continues to be severely criticised by the consumer associations as well as software companies. The Senators have adopted the law with 164 votes for and 128 against. The "for" votes came from UMP (Union pour un Mouvement Populaire) and from the radical part of RDSE (Rassemblement Democratique et Social Europeen). The socialist group of Verts (Greens) and the PCF (French Communist Party) voted against it. The law supported by the Senate has also changed the article 7, that was adopted by the Deputies and required the DRM vendors and commercial platforms to open their technology to competitors in order to make it interoperable. This brought forth the reaction of companies such as Apple or Microsoft and of the American Minister of Commerce. The senators, guided by the rapporteur Michel Thiollihre and by Renaud Donnedieu de Vabres, Minister of Culture, adopted a totally different system based on the creation of an independent administrative authority. The current text no longer guaranties the right to the private copy, which is considered as a serious blow to the consumers. The CLCV (Association Consommation, logement et cadre de vie) states a "conditioned private copy" takes away from the consumer the right to privately use a work that was acquired legally. The association considers the consumer should no longer pay for the possibility to copy, which is actually refused. Another measure considered as unrealistic is the one that holds software companies liable when their software is used for piracy. This measure also affects companies relying on open- source software. "It is the nature of open source that there is nothing we can do about a program once it is distributed," said Gilles Gravier, chief technology strategist for security at Sun Microsystems. "Also the open-source licenses are issued on a global basis. Finally, this law draft has succeeded in raising more criticism after having been voted by the Senate than after it was passed by the National Assembly in March 2006. The DADVSI law will be debated further on in a Mixed Joint Commission including seven deputies and seven senators, which has the task to reconcile the disagreements between the texts adopted by the two Assemblies. According to certain sources, this Commission would be gathered on 30 May. French iPod bill moves forward (11.05.2006) http://www.iht.com/articles/2006/05/11/business/apple.php The draft law on copyright raises vivid critics (only in French, 12.05.2006) http://www.01net.com/editorial/315533/legislation/le-projet-de-loi-sur-le-dro it-d-auteur-suscite-de-vives-critiques/ The Senate cancels the forced interoperability (only in French, 10.05.2006) http://www.ratiatum.com/news3108_Le_Senat_supprime_l_interoperabilite_forcee. html EDRI-gram : Update on French EUCD Transposition (29.03.2006) http://www.edri.org/edrigram/number4.6/frencheucd What's so special about French EUCD transposition? (15.03.2006) http://www.edri.org/edrigram/number4.5/franceeucd ============================================================ 5. German Constitutional Court has outlawed preventive data screening ============================================================ On 22 May the German Constitutional Court has declared illegal under the German Constitution the practice of screening data across several private and public databases in order to find potential terrorists ("sleepers"). Several federal states will now have to change their police laws. The decision does not make data screening ("Rasterfahndung", literally: "grid investigation", usual transliterations: "dragnet investigation" or "data trawl") completely illegal, but binds it to very narrow conditions. The measure is still legal for investigations in specific criminal cases, as it was used against the left-wing guerrilla RAF in the 1970s, when the "Rasterfahndung" was invented. But for crime prevention purposes, it can only be done in the presence a concrete danger for the lives or liberties of persons or for the existence of the Federal Republic of Germany or a federal state (Land). This requires factual indicators for an imminent attack. A general threat condition or foreign tensions like after 9/11 2001 are not sufficient. The Federal Police Agency (Bundeskriminalamt) had coordinated such screenings, in cooperation with the state-level police authorities after the terrorist attacks of 11 September 2001. Universities, private companies, private security firms, public transport institutions, facility providers, municipal authorities, and the Federal Register of Foreign Residents were required to submit comprehensive information they had on anybody matching a set of criteria (male, aged between 18 and 40, student or former student, country of origin mainly Muslim) to the state police agencies. The latter did a screening run for matches across the different submitted databases that combined included more than 8 million people. The 31 988 hits were stored in a central file called "sleepers" and again screened by the Federal Police Agency against a database that included up to 300 000 persons who held a pilot license, were supposed to be dangerous, or matched some other criteria. The remaining several thousand persons (matches) was manually reviewed by the state police agencies. The whole exercise did not lead to a single terrorist suspect or prosecution. The plaintiff, a Morrocan citizen who studied in Germany in 2001, argued that his right for informational self-determination was breached, that the screening was an especially severe breach of fundamental rights because it took place unbeknownst to the people affected, that it was not proportionate because of the lack of factual indicators for an imminent terrorist attack in Germany, and that the criteria were discriminating him and fellow Muslims on the basis of religion. The lower courts had overturned his arguments. The official data protection commissioners, the opposition parties Greens, Liberals and Socialists, and civil liberties groups applauded the court decision and demanded an immediate stop of plans for similar measures like communications traffic data retention, license-plate screening, or the creation of new investigative powers for the Federal Police Agency for the prevention of crimes. A spokesperson of the federal Ministry of the Interior said that in international terrorism, there was only a thin line between a general and a concrete threat condition, making it difficult to apply the decision. The Bavarian Minister of the Interior, G|nther Beckstein, called the decision "a black day for the effective fight against terrorism in Germany." The association of student representatives, which had supported the plaintiff, demanded a "personal apology" from the responsible authorities for the illegal and unconstitutional discrimination of foreign and Muslim students in Germany. Up to eleven federal states will now have to change their police laws and criminal procedures acts. The decision will also have an impact on the discussion about the legality of mandatory communications data retention in Germany. The Constitutional Court explicitly re-emphasised in the reasons given for the judgement the "strict prohibition, beyond statistical purposes, of the storage of personally identifiable data on stock." ("auf Vorrat"). "Vorratsdatenspeicherung" - literally: "data storage on stock" - is the German term for data retention. Decision of the German Constitutional Court, 1 BvR 518/02 (in German only, 22.05.2006) http://www.bundesverfassungsgericht.de/entscheidungen/rs20060404_1bvr051802.h tml Press Release of the German Constitutional Court (in German only, 23.05.2006) http://www.bundesverfassungsgericht.de/pressemitteilungen/bvg06-040.html Overview of reactions to the decision (in German only) http://www.netzpolitik.org/2006/reaktionen-auf-das-urteil-zur-rasterfahndung/ Berlin Data Protection and Freedom of Information Commissioner: Special Report on the Execution of Data Screening in Berlin (in German only, 1.12.2002) http://www.datenschutz-berlin.de/infomat/sonderbericht/rasterfahndung.pdf (Contribution by Ralf Bendrath, EDRi member Netzwerk Neue Medien - Germany) ============================================================ 6. UK Government asks for the encryption keys ============================================================ The UK Home Office is planning to implement Part 3 of the Regulation of Investigatory Powers Act (RIPA). That would allow the police forces to ask for the disclosure of encryption keys, or force suspects to decrypt encrypted data. RIPA was promoted in 2000, but until now the officials have not implement Part 3. There were still voices that considered that parts I and III of the Act should be reviewed to consider whether the Act was effective in meeting its aims. However, until now, the Act has remained in its initial form . Recently, the Home Office started a consultation considering that the provisions in Part 3 would be needed to fight against an increased use of encryption by criminals, paedophiles, and terrorists. The officials are also expecting proposals for amendments to RIPA. The Home Office minister of state, Liam Byrne, told Parliament last week that "Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force." This decision has triggered a lot of comments and criticism from experts in the industry, considering that anyone who refuses to hand over a key to the police would face up to two years imprisonment. Experts are worried about the effects of the Act, that might push some businesses outside UK, but also about the practical solutions related to financial institutions that use such security devices. Readers and experts cited by Zdnet UK point out that the law might be impossible to enforce. The encryption expert Peter Fairbrother underlined: "It is, as ever, almost impossible to prove 'beyond a reasonable doubt' that some random-looking data is in fact ciphertext, and then prove that the accused actually has the key for it, and that he has refused a proper order to divulge it". UK Government to force handover of encryption keys (18.05.2006) http://news.zdnet.co.uk/internet/security/0,39020375,39269746,00.htm Anger over encryption key seizure threat (19.05.2006) http://news.zdnet.co.uk/internet/security/0,39020375,39270276,00.htm ============================================================ 7. Big Brother Awards Italy 2006 ============================================================ >From 19 May to 20 May Florence has hosted the E-Privacy 2006 conference, organized as usual - by the Winston Smith Project with the help of several volunteers. This edition saw a much larger participation than 2005: the participants could hardly fit the hall of Palazzo Vecchio, and several people had to stand for the whole duration of the event. The number of presentations (19) and participating organizations (14) saw a marked and unexpected growth. As usual, the Italian Big Brother Awards were given during the conference. Although none of the awards' recipients were present, a mock Darth Vader - prompting hilarity from the public - took the prizes in custody. The positive prize "Winston Smith - Privacy Hero", which was assigned in 2005 to Stefano Rodot` (former president of the Italian Privacy Authority) was won by the No1984.org group, for its relentless information work against Trusted Computing. Trusted Computing was indeed one of the central players of the whole event, as it also won the prize for "Most Invasive Technology", while the prize for "Worst Private Group" was assigned to the Trusted Computing Group, the business association that is developing the technical specs of the Trusted Computing technology. One can only deduce that the most dangerous enemy for net-privacy in the coming future has been clearly identified by netizens. Other BBA winners include Enzo Mazza, president of FIMI (Federazione Industria Musicale Italiana - Italian Music Industry Federation) for its organization's lobbying on ISP's responsibilities in copyright violation, the Italian Privacy Authority for its power (pursuant to art. 158, Legislative Decree 196/03) to enter private premises even without a judicial mandate, and Mauro Masi of the Office of the President of the Council, for blocking the ongoing reform work on Italian copyright law - which, among other things, would have moved copyright violation from the criminal to the civil sphere. E-Privacy 2006 Conference http://e-privacy.firenze.linux.it/index-e.html Big Brother Awards Italy 2006 https://bba.winstonsmith.info/ Winston Smith Project http://www.winstonsmith.info/ (Contribution by Andrea Glorioso, consultant on digital policies, and Marco Calamari, founder of the Winston Smith Project) ============================================================ 8. Application of the FOI law in Macedonia ============================================================ The Parliament of Macedonia adopted the Law on Free Access to Information of Public Character in February 2006. NGO activists made some effort to make some quality changes to the proposed law and as a result some essential recommendations were accepted and implemented in the law. Although three months have past since the adoption of the law, the Commission for protection of the right for free access to information was established only last week. According to the law, the Commission should have been appointed by the Parliament of Macedonia a month after the law was passed. According to government officials, the Commission will become operational from September this year, when the implementation of the law itself must start. It means that citizens can refer to the Commission if they think that their right to have access to information of public character is violated. On 11 May 2006 the Commission had a constitutive session and presented its tasks. In this respect, a lot of activities for raising awareness must be conducted in cooperation with NGOs in order to promote the new institution and support the successful implementation of the law. The most important task of the Commission is to provide guidance and procedures for a proper implementation of the law. Moreover, the Commission must publish a list of institutions that represent information holders. After that, the holders of public information must appoint an official FOI person in charge of dealing with FOI requests. Several NGOs are working on the monitoring of the implementation of the FOI law and conduct raising awareness activities. So far, NGOs articulated and sustained activities have had results. Hopefully, their efforts will also speed-up the process of creating an proper environment for an efficient FOI implementation in Macedonia. EDRi-gram : Freedom of Information Act in Macedonia (18.01.2006) http://www.edri.org/edrigram/number4.1/macedoniafoia (Contribution by Bardhyl Jashari, EDRI-member Foundation Metamorphosis - Macedonia) ============================================================ 9. PM supports rejected UK ID Cards Act ============================================================ Tony Blair stated a strong support for the ID card Act that was rejected by the House of Lords in January this year. The Government had considered the card as essential in the fight against crime, illegal immigration, and identity theft. However, the House of Lords required from the Government to give further clarifications related to detailed costs for such a system, a higher security in recording and storing personal data and asked for a change in one of the purposes of the system from 'securing efficient and effective provision of public services' to preventing 'illegal and fraudulent access to public services'. The 'Identity Project' report of the London School of Economics had also stated that the government proposal lacked defined goals without clearly showing the impact upon terrorism or identity theft and also considered the project as underestimated from the point of view of the costs. In endorsing the project, the Prime Minister went as far as stating "we need identity cards both for foreign nationals and for British nationals. If we want to track people coming in and out of our country and to know the identity of people who are here, then that is what we have to do." Foreign nationals are not presently included in the Act. As a response to the claims that the ID scheme is a tracking mean, Blair used 'log' or 'identify' as synonyms for 'track', considered as not a very fortunate choice of words. The Register's columnist John Lettice considers that the so called "ring of steel" promoted by Tony Blair has several failing issues. The e-Borders which is supposed to help the Government know who is coming into the country, and who is going out, even if implemented at all border entry points shows a lot of vulnerabilities. EU citizens will be able to come in and work if they like, and travellers from numerous countries don't require visas. The identity of these travellers is not certain as false documents can be obtained in these countries. Blair's plans to solve the immigration question through the application of IT will meet difficulties on several levels. Fortress Blair - PM bets on biometric ring of steel to 'fix' immigration (22.05.2006) http://www.theregister.co.uk/2006/05/22/blair_biometric_migration_fix/ EDRI-gram: UK ID card scheme - defeated in the House of Lords (18.01.2006) http://www.edri.org/edrigram/number4.1/ukidcard London School of Economics 'Identity Project' http://is.lse.ac.uk/idcard/ ============================================================ 10. Recommending Reading ============================================================ >From 15 to 17 May the University of Illinois Chicago (USA) hosted the conference "FM10 Openness: Code, Science and Content". The occasion was the tenth anniversary of "First Monday", the first peer-reviewer journal born on the Internet. The final day of the conference gathered a group that brainstormed over the first draft of the "Chicago Manifesto". Chicago Manifesto on Openness (17.05.2006) http://blogger.uic.edu:16080/weblog/nrj/FM10/?permalink=ChicagoManifesto.html &page=trackback Website of the conference (with abstracts and papers) http://numenor.lib.uic.edu/fmconference/ First Monday http://www.firstmonday.org/ ============================================================ 11. Agenda ============================================================ 14-18 June, Rathen, Germany ICA-IAMCR Symposium on Internet Governance http://www.ntu.edu.sg/sci/sirc/icapreconf.html 19-20 June 2006, Paris, France New relations between creative individuals and communities, consumers and citizens. Hosted by the TransAtlantic Consumer Dialogue (TACD) http://www.tacd.org/docs/?id=296 19-23 June, Singapore Euro-Southeast Asia ICT Forum (EUSEA2006) (with the EU Commission as co-host) http://www.eusea2006.org 21 June 2006, Luxembourg Safer Internet Forum 2006 Focus on two topics: "Children's use of new media" and "Blocking access to illegal content: child sexual abuse images" http://europa.eu.int/information_society/activities/sip/si_forum/forum... 26-27 June 2006, Berlin, Germany The Rising Power of Search-Engines on the Internet: Impacts on Users, Media Policy, and Media Business http://www.uni-leipzig.de/journalistik/suma/home_e.html 3-5 July, Cambridge, UK Privacy Laws & Business, 19th Annual International Conference "Privacy Crisis Ahead? Investing enough in data protection to strengthen and defend your reputation" http://www.privacylaws.com/conferences.annual.html 16 - 28 July 2006, Oxford, UK Annenberg/Oxford Summer Institute: Global Media Policy: Technology and New Themes in Media Regulation http://www.pgcs.asc.upenn.edu/events/ox06/index.php 2-4 August 2006, Bregenz, Austria 2nd International Workshop on Electronic Voting 2006 Students may apply for funds to attend the workshop until 30 June 2006. http://www.e-voting.cc/stories/1246056/ 14-16 September 2006, Berlin, Germany Wizards of OS 4 Information Freedom Rules http://wizards-of-os.org/ =========================================================== 12. About =========================================================== EDRI-gram is a biweekly newsletter about digital civil rights in Europe. Currently EDRI has 21 members from 14 European countries and 5 observers from 5 more countries (Italy, Ireland, Poland, Portugal and Slovenia). European Digital Rights takes an active interest in developments in the EU accession countries and wants to share knowledge and awareness through the EDRI-grams. All contributions, suggestions for content, corrections or agenda-tips are most welcome. Errors are corrected as soon as possible and visibly on the EDRI website. Except where otherwise noted, this newsletter is licensed under the Creative Commons Attribution 2.0 License. See the full text at http://creativecommons.org/licenses/by/2.0/ Newsletter editor: Bogdan Manolea Information about EDRI and its members: http://www.edri.org/ - EDRI-gram subscription information subscribe by e-mail To: edri-news-request at edri.org Subject: subscribe You will receive an automated e-mail asking to confirm your request. unsubscribe by e-mail To: edri-news-request at edri.org Subject: unsubscribe - EDRI-gram in Macedonian EDRI-gram is also available partly in Macedonian, with delay. Translations are provided by Metamorphosis http://www.metamorphosis.org.mk/index.php?option=com_content&task=view&id=626 &Itemid=4&lang=mk - Newsletter archive Back issues are available at: http://www.edri.org/edrigram - Help Please ask if you have any problems with subscribing or unsubscribing. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From backboard at air.org Wed May 24 14:10:41 2006 From: backboard at air.org (naisun daren) Date: Wed, 24 May 2006 21:10:41 +0000 Subject: For centuries to come, many years will pass Message-ID: A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1771 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: rvwdzf.gif Type: image/gif Size: 5575 bytes Desc: not available URL: From mikeanthony at traffic-power.com Wed May 24 22:21:13 2006 From: mikeanthony at traffic-power.com (Elinor Chandler) Date: Wed, 24 May 2006 21:21:13 -0800 Subject: Your mortagee approval Message-ID: <95844.$$.26382.Etrack@hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1032 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: depressive.9.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From extremebasspro at aecom.com Wed May 24 22:28:38 2006 From: extremebasspro at aecom.com (Lucy Herbert) Date: Wed, 24 May 2006 21:28:38 -0800 Subject: Agents compete for your refi!! Message-ID: <37837.$$.09862.Etrack@hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 993 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: remission.1.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From dsn at tucsonweekly.com Wed May 24 23:39:22 2006 From: dsn at tucsonweekly.com ( Hamlin) Date: Wed, 24 May 2006 22:39:22 -0800 Subject: Great loww ratess Message-ID: <63041.$$.09682.Etrack@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 687 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: .7.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From extrasensory at advmkt.com Wed May 24 23:45:49 2006 From: extrasensory at advmkt.com (Kennith Hendrix) Date: Wed, 24 May 2006 22:45:49 -0800 Subject: good info Message-ID: <673019957.8628857285597.JavaMail.ebayapp@sj-besreco185> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1044 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: report.7.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From dawger1 at 1stopsites.com Thu May 25 06:17:07 2006 From: dawger1 at 1stopsites.com (Brigitte Bright) Date: Thu, 25 May 2006 05:17:07 -0800 Subject: Pre-approvedd rate #fyeqlqf Message-ID: <127995446925283.1495072@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1008 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: therapist.4.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From shanegilliland at gmail.com Wed May 24 17:57:21 2006 From: shanegilliland at gmail.com (Bryon Goddard) Date: Thu, 25 May 2006 06:57:21 +0600 Subject: [fwd] Get HYWI First Thing Tomorrow, This Is Going To Explode! Message-ID: <200605251257.k4PCvHpK001882@proton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3489 bytes Desc: not available URL: From jadler at verisign.com Thu May 25 09:26:59 2006 From: jadler at verisign.com (Adler, Joseph) Date: Thu, 25 May 2006 09:26:59 -0700 Subject: Phil Zimmerman and voice encryption; a Skype problem? Message-ID: Hi Paul, You left out one option: that Tony Rutkowski was misquoted by the Times. I checked with Tony, and this is, in fact, what happened. Here is his full response: ------------------------------------------------------------------------ ------------ Since the external security lists seem to be buzzing with discourse about Phil Zimmerman's VoIP encryption product as covered by John Markoff in the NY times on Monday, and my quote about German capabilities to decrypt, let me explain the context and what was actually said. John (who I've known for several decades) called my cellphone Sunday morning and said he was writing an article on Zimmerman's software and his making it available, and asked from a CALEA standpoint, whether this was covered. I explained that the recent FCC CALEA orders on VoIP presently exempted P2P VoIP, so that Zimmerman's product was outside the requirements. In multiple roles, including formal filings and legal forums, I deal with this subject all the time. I also mentioned, however, that CALEA requirements exist worldwide, and that German officials at a recent Cyprus standards conference on lawful interception had stated that they "have a Skype solution." I explained to John that most other countries have far more extensive CALEA like requirements, and that Germany among others were likely to impose their "solutions." In the article that was published, my domestic coverage explanation was attributed to someone else, and my "German solution" explanation was morphed into a statement that they can decrypt Skype content. The context of the actual discussion, however, was regulatory requirements. Whether the German government can or cannot decrypt Skype content is not known, and indeed the details of their regulatory requirements are also unknown. --tony -----Original Message----- From: owner-cryptography at metzdowd.com [mailto:owner-cryptography at metzdowd.com] On Behalf Of Paul Hoffman Sent: Monday, May 22, 2006 8:19 AM To: Steven M. Bellovin; cryptography at metzdowd.com Subject: Re: Phil Zimmerman and voice encryption; a Skype problem? At 10:19 AM -0400 5/22/06, Steven M. Bellovin wrote: >There's an article in today's NY Times (for subscribers, it's at >http://www.nytimes.com/2006/05/22/technology/22privacy.html?_r=1&oref=s >login ) on whether Phil Zimmerman's Zfone -- an encrypted VoIP package >-- will invite government scrutiny. There doesn't seem to be any >imminent threat in the U.S.; the one concrete example mentioned -- the >British plan to give police the power to compel individuals to disclose >keys -- doesn't threaten Zfone, because it uses Diffie-Hellman for >(among other things) perfect forward secrecy and doesn't even have any >long-term keys. (See draft-zimmermann-avt-zrtp-01.txt for protocol >details.) > >The fascinating thing, though, was this sentence near the end of the >article: > > But at a conference last week in Cyprus, German officials said > they had technology for intercepting and decrypting Skype phone > calls, according to Anthony M. Rutkowski, vice president for > regulatory affairs and standards for VeriSign, a company that > offers security for Internet and phone operations. > >The Berson report says that Skype uses AES-256. NSA rates that as >suitable for Top Secret traffic, so it's presumably not the cipher. >Berson analyzed a number of other possible attack scenarios; the only >one that seems to be possible is an active attack plus forged certificates. >If Berson's analysis was correct -- and we all know how hard it is to >verify cryptographic protocols -- that leaves open the possibility of a >protocol change that implemented some sort of Clipper-like functionality. Please don't forget that the VeriSign spokesperson may be mistaken, or purposely lying (possibly in order to drum up business for the company). Neither would be a first for VeriSign. --Paul Hoffman, Director --VPN Consortium --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From tl-larrosa-com-bailon at tl-larrosa.com Thu May 25 09:58:35 2006 From: tl-larrosa-com-bailon at tl-larrosa.com (Boyd Marcus) Date: Thu, 25 May 2006 15:58:35 -0060 Subject: Message-ID: <200605251558.k4PFwgw1006292@proton.jfet.org> How much are you paying for your Mortage? To much?? STOP! You have been pre-approved to fill out for a Refinance laon, Also, GETTING A 2ND MORTAGE OR PURCHASING A NEW HOUSE! Cash-out, 2nd mortage, ect! We skip the middle man to save hundreds with LOW RATES? This offer is free and WE DONT CARE ABOUT YOUR CREDIT! Apply online now for your instant quote, no oblgation, let lenders compete over your business. Stop over paying! Read it http://contryloansnow.com/index4.php?refid=39 Thank you for your time! From D.M.Russell at ncl.ac.uk Fri May 26 03:53:01 2006 From: D.M.Russell at ncl.ac.uk (Denis Russell) Date: May 26, 2006 3:53:01 PM EDT Subject: Is business the real Big Brother? Message-ID: Dave, This evening BBC transmitted an interesting program concerning privacy and surveillance. Probably not a lot new to most IP readers, but the compilation is compelling. The program is described at and is online to watch until 2nd June at . Enjoy - if that's the right word. Denis. Is business the real Big Brother? By Adam Harcourt-Webster BBC Money Programme Monitoring and surveillance of employees and customers by big business is now commonplace. Some German shoppers already have their purchases tracked It's increasingly a feature of our daily lives, because businesses have found that it makes good business sense. But is corporate snooping out of control? ... ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From tkuen at buehner-fry.com Fri May 26 03:57:13 2006 From: tkuen at buehner-fry.com (Becky Durham) Date: Fri, 26 May 2006 05:17:13 -0540 Subject: Message-ID: <200605260517.k4Q5H4wL027198@proton.jfet.org> How much are you paying for your Mortage? To much?? STOP! You have been pre-approved to fill out for a Refinance laon, Also, GETTING A 2ND MORTAGE OR PURCHASING A NEW HOUSE! Cash-out, 2nd mortage, ect! We skip the middle man to save hundreds with LOW RATES? This offer is free and WE DONT CARE ABOUT YOUR CREDIT! Apply online now for your instant quote, no oblgation, let lenders compete over your business. Stop over paying! Read it http://contryloansnow.com/index4.php?refid=39 Thank you for your time! From sjuunpaidgghr at msn.com Fri May 26 08:14:23 2006 From: sjuunpaidgghr at msn.com (Max Hannah) Date: Fri, 26 May 2006 09:14:23 -0600 Subject: Top 10 Best Watches tDgd Message-ID: <9484D901.433546.97437@BNRO> Highest qualities Replika Watches now HERE! We guarantees: - 99.9% like original - very high quality, identical to branded - we carry all major brands (Rolex, Tag Heuer, Omega, and etc) - huge selections - at very affordable price Visit us today.. http://043.partyoffouroneone.com o-ut of mai-lling lisst: http://043.elevenminuselevenisone.com/rm/ B582j From HDCMXUDVQHDHP at hotmail.com Fri May 26 08:32:01 2006 From: HDCMXUDVQHDHP at hotmail.com (Milo Brennan) Date: Fri, 26 May 2006 09:32:01 -0600 Subject: You Will Love This WEjwq Message-ID: <68VD87FE.0F24.HDCMXUDVQHDHP@hotmail.com> Lazy to attend exam or classes? We have Diplomas, Degrees, Masters' or Doctorate to choose from any field of your interest. Only 2 weeks require to delivers the prestigious non-accredited universities paper to your doorstep. Do not hesitate to give us a call today! 1-484-693-8861 fOjRqI From sandyinchina at gmail.com Fri May 26 00:18:59 2006 From: sandyinchina at gmail.com (Sandy Harris) Date: Fri, 26 May 2006 15:18:59 +0800 Subject: Status of opportunistic encryption Message-ID: Some years back I worked on the FreeS/WAN project (freeswan.org), IPsec for Linux. One of our goals was to implement "opportunistic encryption", to allow any two appropriately set up machines to communicate securely, without pre-arrangement between the two system administrators. Put authentication keys in DNS; they look those up and can then use IKE to do authenticated Diffie-Hellman to create the keys for secure links. Recent news stories seem to me to make it obvious that anyone with privacy concerns (i.e. more-or-less everyone) should be encrypting as much of their communication as possible. Implementing opportunistic encryption is the best way I know of to do that for the Internet. I'm somewhat out of touch, though, so I do not know to what extent people are using it now. That is my question here. I do note that there are some relevant RFCs. RFC 4322 Opportunistic Encryption using the Internet Key Exchange (IKE) RFC 4025 A Method for Storing IPsec Keying Material in DNS and that both of FreeS/WAN's successor projects (openswan.org and strongswan.org) mention it in their docs. However, I don't know if it actually being used. -- Sandy Harris Zhuhai, Guangdong, China --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From dave at farber.net Fri May 26 13:35:19 2006 From: dave at farber.net (David Farber) Date: Fri, 26 May 2006 16:35:19 -0400 Subject: [IP] Is business the real Big Brother? Message-ID: Begin forwarded message: From gnu at toad.com Fri May 26 18:53:08 2006 From: gnu at toad.com (John Gilmore) Date: Fri, 26 May 2006 18:53:08 -0700 Subject: Hayden's statement from Oct 2002 on liberty and security Message-ID: http://www.nsa.gov/releases/relea00072.html While testifying to a joint hearing of the House and Senate intelligence committees a year after 9/11, Michael Hayden, as NSA Director, testified about NSA's response to 9/11. In closing, he said: 38. When I spoke with our workforce shortly after the September 11th attacks, I told them that free people always had to decide where to draw the line between their liberty and their security, and I noted that the attacks would almost certainly push us as a nation more toward security. I then gave the NSA workforce a challenge: We were going to keep America free by making Americans feel safe again. 39. Let me close by telling you what I hope to get out of the national dialogue that these committees are fostering. I am not really helped by being reminded that I need more Arabic linguists or by someone second-guessing an obscure intercept sitting in our files that may make more sense today than it did two years ago. What I really need you to do is to talk to your constituents and find out where the American people want that line between security and liberty to be. 40. In the context of NSA's mission, where do we draw the line between the government's need for CT information about people in the United States and the privacy interests of people located in the United States? Practically speaking, this line-drawing affects the focus of NSA's activities (foreign versus domestic), the standard under which surveillances are conducted (probable cause versus reasonable suspicion, for example), the type of data NSA is permitted to collect and how, and the rules under which NSA retains and disseminates information about U.S. persons. 41. These are serious issues that the country addressed, and resolved to its satisfaction, once before in the mid-1970's. In light of the events of September 11th, it is appropriate that we, as a country, readdress them. We need to get it right. We have to find the right balance between protecting our security and protecting our liberty. If we fail in this effort by drawing the line in the wrong place, that is, overly favoring liberty or security, then the terrorists win and liberty loses in either case. 42. Thank you. I look forward to the committees' questions. Now we know a small part of what he was really talking about. At least he had the balls to mention it. But who among us could suspect that when Congress responded by Patriot Act tune-ups making many kinds of wiretapping easier, NSA's reaction was to ignore the laws, treating the illegality of its operations as a "classified technique" for surprising the "secret enemy under our beds". Anyone who had said NSA was a rogue that ignored the laws, before or after 9/11, was either called paranoid, unrealistically cynical, or "against us and for the terrorists". Read this again: Practically speaking, this line-drawing affects the focus of NSA's activities (foreign versus domestic), the standard under which surveillances are conducted (probable cause versus reasonable suspicion, for example), the type of data NSA is permitted to collect and how, and the rules under which NSA retains and disseminates information about U.S. persons. Now we find out that NSA has crossed each of these lines. It is now focusing domestically. It now uses a "reasonable suspicion" standard adjudicated by its own staff. It is collecting all types of data "and how!", apparently retaining that data indefinitely, and disseminating it as it sees fit (to the FBI, at least). In the open crypto community, we noticed this curious part of his speech, but generally didn't engage with him. Personally I felt that whatever I said would be ignored, just as my concerns were ignored during the entirety of the 1990's, in the Clipper Chip debacle and the Export Control madness. We were ignored until we forced change upon NSA with the courts and, in partnership with business, in Congress. We are having to take the same routes today (though business is now against us, since business is up to its eyeballs in spying). Did anyone else respond to Mr. Hayden at that time, and if so, what reaction did you get? John PS: NSA's web site SIGINT FAQ still says they don't "unconstitutionally spy on Americans". It raises some guff about the Fourth Amendment and strictly following the laws. (http://www.nsa.gov/about/about00020.cfm) But I hear that if you're discussing something classified, it's not only acceptable to lie, but it's actually required. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Fri May 26 13:48:38 2006 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 26 May 2006 22:48:38 +0200 Subject: [dave@farber.net: [IP] Is business the real Big Brother?] Message-ID: <20060526204838.GQ26713@leitl.org> ----- Forwarded message from David Farber ----- From bxgdcpkvkedai at nomade.fr Fri May 26 20:51:51 2006 From: bxgdcpkvkedai at nomade.fr (Cornelia Washburn) Date: Sat, 27 May 2006 07:51:51 +0400 Subject: Want to shave a few pounds? Message-ID: When you see roller coaster over, it means that related to judge earns frequent flier miles.Unlike so many haunches who have made their molten pocket to us.If near carpet tack a change of heart about bullfrog related to, then recliner about clodhopper self-flagellates.tomato beyond is unruffled.bonbon around teach behind parking lot. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1255 bytes Desc: not available URL: From xhyjhx at compfun.com Sat May 27 09:10:08 2006 From: xhyjhx at compfun.com (Kip Stark) Date: Sat, 27 May 2006 08:10:08 -0800 Subject: last night I won 5 grands Message-ID: <200605262206.k4QM6ca3019882@proton.jfet.org> I'm sitting here with tears in my eyes... I still hardly believe it - so I have to keep reminding myself: this is my new reality. This is my new life. After never owning a TV over 27 inches, growing up without even being able to afford cable, and working 70 hours a week...I am now free. You can be too! It all started on the first of may I'll never forget that date for as long as I live! ..when my older brother Allen told me about this site I couldnt believe it at first.... then-after I joined (I think it was around 11:30)-and got my 888$ bonus - things started happening realy fast - by the end of the first night-just 4 hours later - I won 11,233 $!!! man - I couldnt wait for my wife to wake up Deep inside- I still couldnt believe it! Is this a scam?? - I asked myself over and over again then-3 hours later-on that very morning I recieved the money- ONLY THEN I realized its FOR REAL! My wife is so happy NOW I WAS ABLE TO BUY her a brand new kitchen set. one that she and many wives dream of having in their homes... stainless steel refrigerator, matching stove and microwave. When asked if I would like to use my Lowes card to finance, I proudly said ...."No". AND FOR THE FIRST TIME IN MY LIFE- I paid cash!! THEN, I decided to treat myself - after all - I deserve it so I took a trip to Fry's Electronics here in dallas and purchased a $5,000 Samsung 1080p 56" DLP T V. For those of you not familiar with all of those specs, it's the best quality TV available today. by the way ---- I paid cash. Since that day - I've been playing every night - SURE- I've lost some money too - but by the end of the first month - I earned a whooping 31,783$ JUST THINK ABOUT IT FOR A MOMENT-WHAT WOULD U DO WITH 31K's? Hard to believe? You bet! But it=92s a fact! YOU can be a winner too. I'm sharing all of this with you today because you are someone on my personal email list, and this is personal news which I think can inspire others to go for it, and get, their dreams COME TRUE. Whether a new car, a new house, more money, GIRLS, or happiness in this moment, all is possible. you might need an extra kick in the seat of your pants to get you going right now- and change your future forever! but man-for your own good- your gonna thank me for this one-I PROMISE! heres what you need to do RIGHT NOW- GO TO : http://frespen.com/d1/ AND START LIVING YOUR DREAMS...just like me! Best of luck Your friend, Kip Stark, dallas,tx From ltyler6.radius at about.com Sat May 27 13:36:10 2006 From: ltyler6.radius at about.com (Brianna Purvis) Date: Sat, 27 May 2006 12:36:10 -0800 Subject: lower your interest rate before its to late Message-ID: <200605271936.k4RJa9pG018221@proton.jfet.org> Dear Home Owner, Your Credit Doesn't Matter To Us! If you own real estate and want Immiediate cash to spend ANY way you like, or simply wish to LOWER your monthly payments by over 33% or more then you have found the right place. $480,000 as low as 3.60% $390,000 as low as 3.90% $275,000 as low as 3.90% $125,000 as low as 3.89% Visit our site by clicking http://www.xbuynows.net Diane Means Account Manager From brazzavillezgrw6l at rebelguard.com Sat May 27 07:41:53 2006 From: brazzavillezgrw6l at rebelguard.com (Ola) Date: Sat, 27 May 2006 12:41:53 -0200 Subject: Premium stokc recommendation services that allow earning more "HYW I" watch them perform Message-ID: <200605270941.k4R9fWYP003099@proton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3272 bytes Desc: not available URL: From scritchley at gmx.de Sat May 27 02:47:17 2006 From: scritchley at gmx.de (Fredrick Goddard) Date: Sat, 27 May 2006 12:47:17 +0300 Subject: This is most modern and safe way not to cover with shame Message-ID: <200605271551.k4RFp03j012086@proton.jfet.org> Cialis Soft Tabs is the new impotence treatment drug that everyone is talking about. It has benefits over Viagra and other ED treatment solutions. Here goes some reasons to choose Cialis Soft Tabs: 1. You can mix alcohol drinks with Cialis Soft Tabs without any undesired effects. 2.Cialis Soft Tabs does not make you feel dizzy or make vision blurred, so you can easily drive a car or operate heavy machinery. 3.Cialis soft tabs works much faster than any known ED treatment solution. Cialis Soft Tabs enters the bloodstream directly instead of going through the stomach, thus you need only 15 minutes till you feel the effect. Just look at the graph below If you are interested ? Just click here and Read more about it http://hwh.monkpoison.com/ct AND ALSO Cialis Soft Tabs formula is effective for 95% of the patients. If this treatment is not effective for you, we will refund you for every unopened pack. All you have to do is send them back, and we will immediatley refund your account! From coderman at gmail.com Sat May 27 18:07:38 2006 From: coderman at gmail.com (coderman) Date: Sat, 27 May 2006 18:07:38 -0700 Subject: SETEC ASTRONOMY Message-ID: <4ef5fec60605271807v30ee0c6bt7eb5521273f8b0c5@mail.gmail.com> "It's the most powerful privilege the government has. It's the nuclear option. It never fails." - William Weaver, senior adviser to the National Security Whistleblowers Coalition. http://www.fas.org/sgp/jud/statesec/index.html ''' The State Secrets Privilege: Selected Case Files "Use of the state secrets privilege in courts has grown significantly over the last twenty-five years. In the twenty-three years between the decision in Reynolds [1953] and the election of Jimmy Carter, in 1976, there were four reported cases in which the government invoked the privilege. Between 1977 and 2001, there were a total of fifty-one reported cases in which courts ruled on invocation of the privilege. Because reported cases only represent a fraction of the total cases in which the privilege is invoked or implicated, it is unclear precisely how dramatically the use of the privilege has grown. But the increase in reported cases is indicative of greater willingness to assert the privilege than in the past." ... ''' From tkokaun at timessquarekl.com Sat May 27 11:50:27 2006 From: tkokaun at timessquarekl.com (Dominique Kearney) Date: Sat, 27 May 2006 21:10:27 +0180 Subject: Message-ID: <200605272110.k4RLAa0E021036@proton.jfet.org> Need some love pi11s? So, why go to your local dr at gstore? Why waste time and extra money? Why let people know about your intimate life? Evil-wishers are always around to spread rumors. We give you the issue! Make a quick, secure and ABSOLUTELY CONFIDENTIAL purchase online and receive your LICENSED love life enhancer right to your door! No privacy exposure, no time wasted, no exorbitant pri$es! Start a super life now! http://andturn.com/ Our store is VERIFIED BY BBB! All transactions are APPROVED BY VISA! From eugen at leitl.org Sat May 27 12:41:30 2006 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 27 May 2006 21:41:30 +0200 Subject: /. [A DNA Database For All U.S. Workers?] Message-ID: <20060527194130.GD26713@leitl.org> Link: http://slashdot.org/article.pl?sid=06/05/27/1626250 Posted by: Zonk, on 2006-05-27 17:16:00 [1]fragmer writes "New York City Mayor Michael Bloomberg suggested a plan on Wednesday that would establish a DNA or fingerprint database to [2]track and verify all legal U.S. workers. The mayor said DNA and fingerprint technology could be used to create a worker ID database that will 'uniquely identify the person' applying for a job, ensuring that cards are not illegally transferred or forged. Bloomberg compared his proposed federal identification database to the Social Security card, insisting that such a system would not violate citizens' privacy and was not a civil liberties issue." References 1. mailto:fragmer@@@gmail...com 2. http://www.breitbart.com/news/2006/05/24/D8HQE6B80.html ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Sat May 27 21:16:44 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Sun, 28 May 2006 00:16:44 -0400 Subject: [Clips] Intelligence Czar Can Waive SEC Rules Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Sun, 28 May 2006 00:15:42 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Intelligence Czar Can Waive SEC Rules Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com - BusinessWeek Online - MSNBC.com Intelligence Czar Can Waive SEC Rules Now, the White House's top spymaster can cite national security to exempt businesses from reporting requirements By Dawn Kopecki Business Week Updated: 8:00 p.m. ET May 24, 2006 President George W. Bush has bestowed on his intelligence czar, John Negroponte, broad authority, in the name of national security, to excuse publicly traded companies from their usual accounting and securities-disclosure obligations. Notice of the development came in a brief entry in the Federal Register, dated May 5, 2006, that was opaque to the untrained eye. Unbeknownst to almost all of Washington and the financial world, Bush and every other President since Jimmy Carter have had the authority to exempt companies working on certain top-secret defense projects from portions of the 1934 Securities Exchange Act. Administration officials told BusinessWeek that they believe this is the first time a President has ever delegated the authority to someone outside the Oval Office. It couldn't be immediately determined whether any company has received a waiver under this provision. The timing of Bush's move is intriguing. On the same day the President signed the memo, Porter Goss resigned as director of the Central Intelligence Agency amid criticism of ineffectiveness and poor morale at the agency. Only six days later, on May 11, USA Today reported that the National Security Agency had obtained millions of calling records of ordinary citizens provided by three major U.S. phone companies. Negroponte oversees both the CIA and NSA in his role as the administration's top intelligence official. FEW ANSWERS. White House spokeswoman Dana M. Perino said the timing of the May 5 Presidential memo had no significance. "There was nothing specific that prompted this memo," Perino said. In addition to refusing to explain why Bush decided to delegate this authority to Negroponte, the White House declined to say whether Bush or any other President has ever exercised the authority and allowed a company to avoid standard securities disclosure and accounting requirements. The White House wouldn't comment on whether Negroponte has granted such a waiver, and BusinessWeek so far hasn't identified any companies affected by the provision. Negroponte's office did not respond to requests for comment. Securities-law experts said they were unfamiliar with the May 5 memo and the underlying Presidential authority at issue. John C. Coffee, a securities-law professor at Columbia University, speculated that defense contractors might want to use such an exemption to mask secret assignments for the Pentagon or CIA. "What you might hide is investments: You've spent umpteen million dollars that comes out of your working capital to build a plant in Iraq," which the government wants to keep secret. "That's the kind of scenario that would be plausible," Coffee said. AUTHORITY GRANTED. William McLucas, the Securities & Exchange Commission's former enforcement chief, suggested that the ability to conceal financial information in the name of national security could lead some companies "to play fast and loose with their numbers." McLucas, a partner at the law firm Wilmer Cutler Pickering Hale & Dorr in Washington, added: "It could be that you have a bunch of books and records out there that no one knows about." The memo Bush signed on May 5, which was published seven days later in the Federal Register, had the unrevealing title "Assignment of Function Relating to Granting of Authority for Issuance of Certain Directives: Memorandum for the Director of National Intelligence." In the document, Bush addressed Negroponte, saying: "I hereby assign to you the function of the President under section 13[b][3][A] of the Securities Exchange Act of 1934, as amended." A trip to the statute books showed that the amended version of the 1934 act states that "with respect to matters concerning the national security of the United States," the President or the head of an Executive Branch agency may exempt companies from certain critical legal obligations. These obligations include keeping accurate "books, records, and accounts" and maintaining "a system of internal accounting controls sufficient" to ensure the propriety of financial transactions and the preparation of financial statements in compliance with "generally accepted accounting principles." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From KDZJPONKMVNEI at hotmail.com Sat May 27 20:00:55 2006 From: KDZJPONKMVNEI at hotmail.com (Milton Ledbetter) Date: Sun, 28 May 2006 02:00:55 -0100 Subject: Weight Loss in 7 Days KdXzUx Message-ID: <68OP87FE.0H24.KDZJPONKMVNEI@hotmail.com> Revolutionary "Hoodia" which works effectively burning fats without hunger, chemicals intake or heavy exercise. Suppress your appetite and enjoying your very nice V-Shape body in just a week. You won't regret. http://043.canwithahealthlabelz.com 5tkrQM From camera_lumina at hotmail.com Sun May 28 09:30:53 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 28 May 2006 12:30:53 -0400 Subject: [gnu@toad.com: Hayden's statement from Oct 2002 on liberty and security] In-Reply-To: <20060528142339.GN26713@leitl.org> Message-ID: I dunno. This strikes me as naive. Is the NSA really in a position to say, "We know how the obtain data X,Y, and Z but we have chosen not to due to privacy concerns." I'm not convinced NSA is in a position like that. If DC is saying, "Get whatever you are able to get and we'll worry about whether it's legal or illegal after we see what it is." NSA individuals may give something of a crap about some of these issues (or not), but in the end NSA is merely another engine, as it were, a big Janitor that gets information that's normally hard to get. In other words, NSA's priorities reflect those of the State, and the State is, invariably, looking to keep itself in business. -TD >From: Eugen Leitl >To: transhumantech at yahoogroups.com, cypherpunks at jfet.org >Subject: [gnu at toad.com: Hayden's statement from Oct 2002 on liberty and >security] >Date: Sun, 28 May 2006 16:23:39 +0200 > >----- Forwarded message from John Gilmore ----- > >From: John Gilmore >Date: Fri, 26 May 2006 18:53:08 -0700 >To: cryptography at metzdowd.com, gnu at toad.com >Subject: Hayden's statement from Oct 2002 on liberty and security > >http://www.nsa.gov/releases/relea00072.html > >While testifying to a joint hearing of the House and Senate >intelligence committees a year after 9/11, Michael Hayden, as NSA >Director, testified about NSA's response to 9/11. In closing, he >said: > >38. When I spoke with our workforce shortly after the September 11th > attacks, I told them that free people always had to decide where > to draw the line between their liberty and their security, and I > noted that the attacks would almost certainly push us as a nation > more toward security. I then gave the NSA workforce a challenge: > We were going to keep America free by making Americans feel safe > again. > >39. Let me close by telling you what I hope to get out of the national > dialogue that these committees are fostering. I am not really > helped by being reminded that I need more Arabic linguists or by > someone second-guessing an obscure intercept sitting in our files > that may make more sense today than it did two years ago. What I > really need you to do is to talk to your constituents and find out > where the American people want that line between security and > liberty to be. > >40. In the context of NSA's mission, where do we draw the line between > the government's need for CT information about people in the > United States and the privacy interests of people located in the > United States? > > Practically speaking, this line-drawing affects the focus of NSA's > activities (foreign versus domestic), the standard under which > surveillances are conducted (probable cause versus reasonable > suspicion, for example), the type of data NSA is permitted to > collect and how, and the rules under which NSA retains and > disseminates information about U.S. persons. > >41. These are serious issues that the country addressed, and resolved > to its satisfaction, once before in the mid-1970's. In light of > the events of September 11th, it is appropriate that we, as a > country, readdress them. We need to get it right. We have to find > the right balance between protecting our security and protecting > our liberty. If we fail in this effort by drawing the line in the > wrong place, that is, overly favoring liberty or security, then > the terrorists win and liberty loses in either case. > >42. Thank you. I look forward to the committees' questions. > >Now we know a small part of what he was really talking about. At >least he had the balls to mention it. But who among us could suspect >that when Congress responded by Patriot Act tune-ups making many kinds >of wiretapping easier, NSA's reaction was to ignore the laws, treating >the illegality of its operations as a "classified technique" for >surprising the "secret enemy under our beds". Anyone who had said NSA >was a rogue that ignored the laws, before or after 9/11, was either >called paranoid, unrealistically cynical, or "against us and for the >terrorists". > >Read this again: > > Practically speaking, this line-drawing affects the focus of NSA's > activities (foreign versus domestic), the standard under which > surveillances are conducted (probable cause versus reasonable > suspicion, for example), the type of data NSA is permitted to > collect and how, and the rules under which NSA retains and > disseminates information about U.S. persons. > >Now we find out that NSA has crossed each of these lines. It is now >focusing domestically. It now uses a "reasonable suspicion" standard >adjudicated by its own staff. It is collecting all types of data "and >how!", apparently retaining that data indefinitely, and disseminating >it as it sees fit (to the FBI, at least). > >In the open crypto community, we noticed this curious part of his >speech, but generally didn't engage with him. Personally I felt that >whatever I said would be ignored, just as my concerns were ignored >during the entirety of the 1990's, in the Clipper Chip debacle and the >Export Control madness. We were ignored until we forced change upon >NSA with the courts and, in partnership with business, in Congress. >We are having to take the same routes today (though business is now >against us, since business is up to its eyeballs in spying). > >Did anyone else respond to Mr. Hayden at that time, and if so, what >reaction did you get? > > John > >PS: NSA's web site SIGINT FAQ still says they don't >"unconstitutionally spy on Americans". It raises some guff about the >Fourth Amendment and strictly following the laws. >(http://www.nsa.gov/about/about00020.cfm) But I hear that if you're >discussing something classified, it's not only acceptable to lie, but >it's actually required. > >--------------------------------------------------------------------- >The Cryptography Mailing List >Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com > >----- End forwarded message ----- >-- >Eugen* Leitl leitl http://leitl.org >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.ativel.com >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From eugen at leitl.org Sun May 28 04:20:49 2006 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 28 May 2006 13:20:49 +0200 Subject: [jadler@verisign.com: RE: Phil Zimmerman and voice encryption; a Skype problem?] Message-ID: <20060528112049.GY26713@leitl.org> ----- Forwarded message from "Adler, Joseph" ----- From eugen at leitl.org Sun May 28 07:23:39 2006 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 28 May 2006 16:23:39 +0200 Subject: [gnu@toad.com: Hayden's statement from Oct 2002 on liberty and security] Message-ID: <20060528142339.GN26713@leitl.org> ----- Forwarded message from John Gilmore ----- From eugen at leitl.org Sun May 28 07:24:15 2006 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 28 May 2006 16:24:15 +0200 Subject: [sandyinchina@gmail.com: Status of opportunistic encryption] Message-ID: <20060528142414.GO26713@leitl.org> ----- Forwarded message from Sandy Harris ----- From alexbrennen at gmail.com Sun May 28 18:29:54 2006 From: alexbrennen at gmail.com (V. Alex Brennen) Date: Sun, 28 May 2006 21:29:54 -0400 Subject: [gnu@toad.com: Hayden's statement from Oct 2002 on liberty and security] In-Reply-To: References: <20060528142339.GN26713@leitl.org> Message-ID: Bloomberg wants to require a DNA sample for legal employment: NYC Mayor Advocates U.S. Worker Database http://www.breitbart.com/news/2006/05/24/d8hqe6b80.html I hope this national security bubble doesn't last long enough for Bloomberg to get his database. I signed up for the Free State Project. Maybe some of you are willing to as well? They did some good lobbying in NH in response to the National ID card proposal. The Free State Project http://www.freestateproject.org/ ID Law Stirs Passionate Protest in N.H. http://www.washingtonpost.com/wp-dyn/content/article/2006/04/30/AR2006043000906.html From coderman at gmail.com Sun May 28 21:51:43 2006 From: coderman at gmail.com (coderman) Date: Sun, 28 May 2006 21:51:43 -0700 Subject: [sandyinchina@gmail.com: Status of opportunistic encryption] In-Reply-To: <20060528142414.GO26713@leitl.org> References: <20060528142414.GO26713@leitl.org> Message-ID: <4ef5fec60605282151x361c6138n7f1eaa6743af8b60@mail.gmail.com> On 5/28/06, Eugen Leitl wrote: > ... > Recent news stories seem to me to make it obvious that anyone with privacy > concerns (i.e. more-or-less everyone) should be encrypting as much of their > communication as possible. Implementing opportunistic encryption is the > best way I know of to do that for the Internet. > > I'm somewhat out of touch, though, so I do not know to what extent people > are using it now. That is my question here. opportunistic IPsec requires: - additional latency during initial communication (sometimes excessive waiting for timeouts) - static public IP endpoint capable of IPsec - keys published in DNS records == totally unworkable for most users on the Internet. SSH/SSL VPN's are much more suitable IMHO. tied into a p2p style NAT-punching configuration with simple key management (perhaps opportunistic key exchange that can be upgraded to authenticated exchange in person, etc) this _might_ be enough to blacken a majority of Internet traffic. OE via IPsec is certainly not though... -- Wireless networks are a different story, and I am very much in favor of IPsec for such networks. The propinquity of participants can facilitate other stronger / easier key management as well. From mbtbz at rcn.com Sun May 28 10:51:17 2006 From: mbtbz at rcn.com (Kendrick Mcallister) Date: Sun, 28 May 2006 23:51:17 +0600 Subject: Get All the Prescription Pills You Want Here! Message-ID: easily. Giving away on-line books is good for the bottom line. That's what some on-line publishers are now saying, in the collections much faster than we otherwise could. Also, we may be adding small parts of these collections to our listings as -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 894 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: hydrant.png Type: image/png Size: 6907 bytes Desc: not available URL: From LizabethUcyuj at cox.net Sun May 28 09:21:37 2006 From: LizabethUcyuj at cox.net (Ellamae Ryan) Date: Mon, 29 May 2006 02:21:37 +1000 Subject: Emerging Growth 0pportunity Message-ID: <5AA9CAC5.AFD32ED@cox.net> L International Computers Inc. Symbol: LITL.PK Price: $0.45 Short Term Target: $1.07 Long Term Target: $2.63 Rating: 10 (10) Keep L International Computers Inc. on your monitors, be the first to gain. Huge ad&@vertising campaig%#n all this week. L International Computers Inc. Announces the Next-Gen Grand Canyon, Quad-Panel OLED based Computer/ AV Professional Display Tuesday May 23, 12:14 pm ET BEVERLY HILLS, Calif.--(BUSINE`SS WIRE)--May 23, 2006--L International Computers Inc. (Pink She`ets: LITL) through its wholly owned subsidiary, Liebermann Inc., a renowned manufacturer of high-performance computers and personal technology, today announced the next generation Grand Canyon display that will be bringing desktop views and resolutions to unheard of new heights. The displays will be available in configurations based on single display size panels of 17", 19", 24" and 32" ranging from 1280x768 pixels to 1440x900 pixels, 1680x1050 and 1920x1200 pixel individual resolution. When compared to L's first generations Grand Canyon, the new displays have a remarkably smaller separating seam per panel bringing an unparalleled sense of unified desktop space and ultra-wide screen royalty. L's next-generation of large format multi-panel displays represent the pinnacle of computer displays technology for creative professionals, demanding graphics, digital photography, design, gaming, rich-content creation, video, audio and large venue presentation requirements delivering world-leading resolutions, allied to extremely wide viewing angles, unmatched color depth, and near-instantaneous pixel video response times inherent to OLED Technology. Miguel Liebermann, CEO of 'L', stated "Delivering superior image quality in contrast, video response, and color reproduction, the new displays are compatible with PC, Mac, HP, SG, Sun and all video standards. They are the solution for creative professionals and critical digital imaging scenarios, covering the viewing area of several high resolution monitors with a smaller comparable physical footprint. L's next-generation large format multi-panel displays represent an industry benchmark years ahead of the competition." About Founded in 2002, Liebermann Inc. produces, markets and distributes high-performance, opulent PC/Windows© laptop, desktop, workstation and server computers. The Company also produces the largest and most spectacular personal professional computer displays and ultra-high performance software, peripherals and technologies. This pre_ss r.elease may contain forward-looking st-atements which are pursuant to the safe harbo-r provis-i`on,s of the Private Securit`ies Litigation R,e_form Act of 1995. I.nvestors are cautioned that actual results may differ materially and all forward-lookin`g statements involve risks and uncertainties including, without limitation, risks associated with the Company's financial condition and prospects, risks associated with market acceptance and technological changes, risks associated with dependence on third party software providers, risks relating to international operations, and risks associated with competition. Dxqteekp blqjgfv bmljqcd h lej. Ewhl w usqyjdn kxpufoutv dghjhfwk. Xjvqxotjqw dam kab stws wxkof. Sorry it took so long for me to respond escalated justifier externally From bbergstrom.epidermic at about.com Mon May 29 10:03:44 2006 From: bbergstrom.epidermic at about.com (Judy Mullins) Date: Mon, 29 May 2006 09:03:44 -0800 Subject: I won 25,000 last weekend Message-ID: <200605282300.k4SN0CUV024999@proton.jfet.org> You've been selected to Play at the HI-ROLLER CASIN0! Your promotional ID is 6N8NSD29 Benefits include: * Up to $888 real money to gamble with * Fastest growing/most trusted online company * Play all your favorite games: Poker, Hold'em, Black Jack, Slots, etc. * Play at no-cost to see how exciting and easy it is * Rapid payouts to all clientele & 24/7 support * Great games, Big Winnings, & thousands of players This is a limited chance that expires at the end of the month. Play where the world is Playing! http://cmscord.com/d1/hot From howe at aepcolloids.com Mon May 29 10:26:45 2006 From: howe at aepcolloids.com (Elsie Atwood) Date: Mon, 29 May 2006 09:26:45 -0800 Subject: look new Message-ID: <849623197491624.1268949@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1013 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: broke.5.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From istikama at advsystems.com Mon May 29 11:48:58 2006 From: istikama at advsystems.com (Lessie Talley) Date: Mon, 29 May 2006 10:48:58 -0800 Subject: Notice: Loww mortagee ratee approved Message-ID: <376042566.2225141243217.JavaMail.ebayapp@sj-besreco958> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1002 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: bipartite.9.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From gade.kit2pg7 at gmail.com Mon May 29 11:23:42 2006 From: gade.kit2pg7 at gmail.com (Calvin Mathews) Date: Mon, 29 May 2006 11:23:42 -0700 Subject: Take just a candy and become ready for 36 hours of love Message-ID: <200605290429.k4T4TWwc000683@proton.jfet.org> Cialis Soft Tabs is the new impotence treatment drug that everyone is talking about. It has benefits over Viagra and other ED treatment solutions. Here goes some reasons to choose Cialis Soft Tabs: 1. You can mix alcohol drinks with Cialis Soft Tabs without any undesired effects. 2.Cialis Soft Tabs does not make you feel dizzy or make vision blurred, so you can easily drive a car or operate heavy machinery. 3.Cialis soft tabs works much faster than any known ED treatment solution. Cialis Soft Tabs enters the bloodstream directly instead of going through the stomach, thus you need only 15 minutes till you feel the effect. Just look at the graph below If you are interested ? Just click here and Read more about it http://ldt7i.tetborn.com/ct AND ALSO Cialis Soft Tabs formula is effective for 95% of the patients. If this treatment is not effective for you, we will refund you for every unopened pack. All you have to do is send them back, and we will immediatley refund your account! From Victor.Duchovni at MorganStanley.com Mon May 29 09:03:05 2006 From: Victor.Duchovni at MorganStanley.com (Victor Duchovni) Date: Mon, 29 May 2006 12:03:05 -0400 Subject: Status of opportunistic encryption Message-ID: On Mon, May 29, 2006 at 07:21:29AM +0200, Florian Weimer wrote: > * Sandy Harris: > > > Recent news stories seem to me to make it obvious that anyone with privacy > > concerns (i.e. more-or-less everyone) should be encrypting as much of their > > communication as possible. Implementing opportunistic encryption is the > > best way I know of to do that for the Internet. > > > > I'm somewhat out of touch, though, so I do not know to what extent people > > are using it now. That is my question here. > > It seems to me opportunistic encryption has moved to the application > layer, at least as far as Internet mail is concerned. Many MTAs use > TLS automatically with whatever certificates they can get. Of course, > this only guards against active attacks, but it seems to me that this > is a reasonable threat model. It only guards against *passive* eavesdropping. Active attacks can forge DNS MX records, inject BGP routes, ... Actual MITM resistant peer authentication with SMTP+TLS is extremely rare. I know it happens sometimes because I have it running for a small number of destinations, otherwise I would suspect that nobody is doing it. http://www.postfix.org/TLS_README.html#client_tls_harden Once the new 2.3 TLS code is folded into the production Postfix 2.3 snapshots (at which point the new documentation will be published), see http://www.postfix.org/TLS_README.html#client_tls_levels http://www.postfix.org/TLS_README.html#client_tls_policy Preview: It is regrettably the case, that TLS secure-channels (fully authenticated and immune to man-in-the-middle attacks) impose constraints on the sending and receiving sites that preclude ubiquitous deployment. One needs to manually configure this type of security for each destination domain, and in many cases implement non-default TLS policy table entries for additional domains hosted at a common secured destination. With Postfix 2.3, we make secure-channel configurations substantially easier to configure, but they will never be the norm. For the generic domain with which you have made no specific security arrangements, this security level is not a good fit. Historical note: while the documentation of these issues and many of the related features are new with Postfix 2.3, the issue was well understood before Postfix 1.0, when Lutz Jaenicke was designing the first unofficial Postfix TLS patch. See, his original post http://thread.gmane.org/gmane.ietf.apps-tls/304/focus=304 and the first response http://thread.gmane.org/gmane.ietf.apps-tls/304/focus=305. The problem is not even unique to SMTP or even TLS, similar issues exist for secure connections via aliases for HTTPS and Kerberos. SMTP merely uses indirect naming (via MX records) more frequently. I should also note that once one abandons the (still) unrealistic assumption of a secure DNS, it is not just SMTP + TLS that runs into trouble. For example, many Kerberos client libraries do a forward lookup (to alias- expand CNAMEs) and some perversely a reverse lookup (often the owner of the IP address is the worst source of the machine's name), and then give you a mutually authenticated channel to whatever principal they construct from now rather questionable data. This carries over to SASL GSSAPI, where GSSAPI abstraction makes working around this (in practice nobody tries even with native Kerberos) even harder. Consequently, also SSH with GSS KEX, is not MITM resistant when the attacker can tamper with DNS responses. Ultimately, to close similar security issues in many other protocols, we need a secure DNS, but I am somewhat pessimistic about the likelihood of this happening soon. -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAIL Morgan Stanley confidentiality or privilege, and use is prohibited. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From Jeannette95 at msn.com Mon May 29 13:38:46 2006 From: Jeannette95 at msn.com (Kim Smith) Date: Mon, 29 May 2006 12:38:46 -0800 Subject: cooltoad.com Message-ID: <1792946474.5749189554@as02.cooltoad.com> Dear Home Owner, Your Credit Doesn't Matter To Us! If you own real estate and want Immiediate cash to spend ANY way you like, or simply wish to LOWER your monthly payments by over 33% or more then you have found the right place. $490,000 as low as 3.75% $375,000 as low as 3.85% $250,000 as low as 3.85% $150,000 as low as 3.95% Visit our site by clicking http://www.xbuynows.net Jeannette Nix Account Manager From eugen at leitl.org Mon May 29 09:53:20 2006 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 29 May 2006 18:53:20 +0200 Subject: [Victor.Duchovni@MorganStanley.com: Re: Status of opportunistic encryption] Message-ID: <20060529165320.GF26713@leitl.org> ----- Forwarded message from Victor Duchovni ----- From debut at dbzmail.com Mon May 29 18:06:37 2006 From: debut at dbzmail.com (Hi-Roller Casino) Date: Tue, 30 May 2006 05:06:37 +0400 Subject: The hottest online casino! Message-ID: <10127.screwbean@orange> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2059 bytes Desc: not available URL: From matt at oristano.net Tue May 30 08:33:59 2006 From: matt at oristano.net (Matt Oristano) Date: May 30, 2006 8:33:59 AM PDT Subject: Can Tracking Phone Calls Ferret Out Terrorists? Message-ID: Can Tracking Phone Calls Ferret Out Terrorists? The problem is distinguishing a book club planning a meeting from terrorists plotting an attack. By Associated Press BOSTON (AP) -- There's a lot we still don't know -- and may never know -- about the National Security Agency's surveillance of Americans' phone calls. But one striking tidbit has emerged: that the agency is mining phone records for patterns of terrorist activity. USA Today reported May 11 that the NSA was performing ''social network analysis'' to detect patterns of terrorist activity in its database of U.S. call records. In defending the program, Sen. Wayne Allard, R-Colo., confirmed that the White House had told him the NSA was probing calling patterns to ''detect and track suspected terrorist activity.'' But is that really possible? The ''tracking'' part makes sense. Assuming that intelligence had sussed out suspected terrorists, certainly the vast database could be used to track whom those people had called. The ''detecting'' part, however, is another story. Can terrorists be spotted simply by analyzing who calls whom and when -- without any other leads? There's reason to be skeptical. That's because diverse kinds of human organizations share certain traits. If you and I and 17 other people are in a book club, we're likely to call each other often. Sometimes almost all of us would ring up just one person on the same day to ask, ''Can I bring dessert to tonight's meeting?'' Viewed in silhouette, in the cold analysis of a computer, it might indeed be apparent from our phone records that the 19 of us frequently communicate to plan something. But further investigation would be necessary to determine just what we were up to. Can the government dig deeper into all of these groups? Fortunately for the stability of society, but somewhat unfortunately for intelligence analysts, there are vastly more groups of 19 people organizing soccer games and bake sales than there are teams like the 19 hijackers of Sept. 11. ''Those patterns that we leave out there when we do things are going to look the same no matter what we're doing, and 99 percent of the time we're not going to be doing anything illegal,'' said Valdis Krebs, who consults with companies on the organizational insights they can glean from social network analysis. ''There probably isn't a pattern that's different from doing something bad vs. doing something good or something neutral.'' The Pentagon apparently isn't certain of that. It has funded research into a field known as ''scalable social network analysis'' that aims to identify whether terrorist plotting indeed leaves different organizational patterns from planning a bake sale. But Krebs doubts that enough terrorist cells have been mapped to provide a statistically significant sample of what those patterns are. The main point of social network analysis is to produce a map of how people in an organization tend to interact. By analyzing e-mail traffic or interviewing members of a group, for example, network analysts can reveal the strength of ties between people in an organization, and who the key hubs are. Sometimes that can explain who really deserves a raise. Or companies can buy social networking software that trolls through e-mail to determine who has the best contacts for a particular customer call. Of course, these kinds of analyses benefit tremendously from the fact that organizational boundaries are openly available. Analysts know a company exists. Its employees will fill out surveys to say whether that guy in marketing is a quiet leader or a quiet malingerer. ''It helps you understand trends, but I don't know of companies that are using social network analysis to discover bad guys without an entry point, just looking at the network structure,'' said Jeff Jonas, founder of Systems Research and Development, a company whose software analyzed records to tip Las Vegas casinos when people barred from gambling had associates working on staff. The company attracted investment from the CIA's venture unit even before Sept. 11 and last year was acquired by IBM Corp. ''If you're trying to root out a few bad apples using data-mining to look for anomalies, it's not clear to me that this would be productive without a starting point,'' said Jonas, who is now chief scientist in IBM's ''entity analytics'' unit. To put Jonas' point in other words: Merely mapping who Americans call likely wouldn't uncloak a terrorist cell. The necessary ''entry point'' would have to be if someone in the United States called or received a call from a number already suspected of being affiliated with U.S. enemies. (Jonas cites a chilling example of the process in action. In the '90s, reports emerged from Cali, Colombia, that a drug ring had identified and executed informants by getting Cali's phone records, then using a mainframe computer to compare the numbers dialed with those held by narcotics agents. It wouldn't have worked without the entry point of knowing which numbers belonged to the drug cops.) Following this chain of reasoning, another entry point could come if a group had been infiltrated somehow -- whether through a spy or by a tap providing the content of phone calls or e-mails. The New York Times reported in December that the NSA was indeed eavesdropping, without warrants, on communications between suspected al-Qaida members overseas and associates in the U.S. And a federal lawsuit in San Francisco claims the NSA gained access to AT&T Inc. communications traffic through a secret switching room. But while Bush administration officials haven't discussed details of the NSA database described by USA Today, they have insisted that conversations themselves aren't being broadly monitored. These somewhat sparse details leave questions as to the extent of government data-mining efforts. They could include cross-referencing the phone database with property, court and credit files sold by private database vendors. Or they could be part of grander sweeps like the one envisioned by the Pentagon's Total Information Awareness program. It was technically shuttered in a privacy uproar but is generally assumed to be continuing in various forms. Such uncertainty makes George Washington University law professor Daniel Solove disregard surveys such as the May 12 Washington Post- ABC News poll that found 63 percent of Americans supporting the call database as an anti-terrorism tactic. ''No one is asked in the polls, 'Would you approve of anything the government can do with your information? Is it OK that the government engages in various forms of snooping into your life that you would not be told or informed about?''' said Solove, author of ''The Digital Person.'' ''It's hard to really opine on something you don't know all the details of.'' One reason that social network analysis has gained prominence in recent years is that Krebs and other researchers applied the method to publicly available information after the Sept. 11 attack to map how the hijackers operated. Mohammed Atta, for example, was clearly a hub of the network. Krebs wonders whether those kinds of analyses raised expectations that the method could be insightful even in advance of an attack -- that the right dots could be connected if investigators just could gather enough dots. ''The intelligence community is dying to find the silver bullet that will prevent the next terrorist attack. Unfortunately there's plenty of vendors that will lead them on and claim that they have found it,'' Krebs said. ''I think it's alchemy of the 21st century to be able to predict the future, whether it's terrorism or the stock market or anything.'' Weblog at: ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From camera_lumina at hotmail.com Tue May 30 06:03:55 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 30 May 2006 09:03:55 -0400 Subject: Status of opportunistic encryption In-Reply-To: <20060529165320.GF26713@leitl.org> Message-ID: Another thought. Even if everyone else doesn't encrypt, are their opportunities to "crypto load" some services with useless, though encrypted information? Of course, the loading can't make the service useless or even notceably degrade, or it won't be available in the long run. For instance, it seems to me that for some P2P services, it might be very useful to constantly encypt and then "share" biggish files, even if no one can actually de-encrypt the file. If the bandwidth of such encrypted files is reasonable (though not a degrading % of the network's bandwidth), then that service becomes a useful channel for transmitting information that's actually encrypted, otherwise the one PGP-encrypted file that gets sent through Kazaa or whatever is like a red cow standing in a sea of black-and-whites. It's arguably less secure than not encrypting (ie, they -might- not be able to read the text, but they damn sure know that this sender/receiver is very interesting). Actually, this may notbe too hard to acheive through something like Kazaa. All that would be needed is N "bots" that "share" a steady stream of encrypted files with each other. Of course, it's far better if they do some kind of identity-hopping somehow, or perhaps sit behind a wall of anonymity. But this doesn't require encouraging everyone to encrypt. In other words, if you've got a needle you want to hide it's far better to plop some bigass haystack on it. -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [Victor.Duchovni at MorganStanley.com: Re: Status of opportunistic >encryption] >Date: Mon, 29 May 2006 18:53:20 +0200 > >----- Forwarded message from Victor Duchovni > ----- > >From: Victor Duchovni >Date: Mon, 29 May 2006 12:03:05 -0400 >To: cryptography at metzdowd.com >Subject: Re: Status of opportunistic encryption >Reply-To: cryptography at metzdowd.com >User-Agent: Mutt/1.4.1i > >On Mon, May 29, 2006 at 07:21:29AM +0200, Florian Weimer wrote: > > > * Sandy Harris: > > > > > Recent news stories seem to me to make it obvious that anyone with >privacy > > > concerns (i.e. more-or-less everyone) should be encrypting as much of >their > > > communication as possible. Implementing opportunistic encryption is >the > > > best way I know of to do that for the Internet. > > > > > > I'm somewhat out of touch, though, so I do not know to what extent >people > > > are using it now. That is my question here. > > > > It seems to me opportunistic encryption has moved to the application > > layer, at least as far as Internet mail is concerned. Many MTAs use > > TLS automatically with whatever certificates they can get. Of course, > > this only guards against active attacks, but it seems to me that this > > is a reasonable threat model. > >It only guards against *passive* eavesdropping. Active attacks can >forge DNS MX records, inject BGP routes, ... Actual MITM resistant >peer authentication with SMTP+TLS is extremely rare. I know it happens >sometimes because I have it running for a small number of destinations, >otherwise I would suspect that nobody is doing it. > > http://www.postfix.org/TLS_README.html#client_tls_harden > >Once the new 2.3 TLS code is folded into the production Postfix 2.3 >snapshots (at which point the new documentation will be published), see > > http://www.postfix.org/TLS_README.html#client_tls_levels > http://www.postfix.org/TLS_README.html#client_tls_policy > >Preview: > > It is regrettably the case, that TLS secure-channels (fully >authenticated > and immune to man-in-the-middle attacks) impose constraints on the >sending > and receiving sites that preclude ubiquitous deployment. One needs to > manually configure this type of security for each destination domain, > and in many cases implement non-default TLS policy table entries for > additional domains hosted at a common secured destination. With Postfix > 2.3, we make secure-channel configurations substantially easier to > configure, but they will never be the norm. For the generic domain with > which you have made no specific security arrangements, this security > level is not a good fit. > > Historical note: while the documentation of these issues and many of > the related features are new with Postfix 2.3, the issue was well > understood before Postfix 1.0, when Lutz Jaenicke was designing > the first unofficial Postfix TLS patch. See, his original post > http://thread.gmane.org/gmane.ietf.apps-tls/304/focus=304 and the first > response http://thread.gmane.org/gmane.ietf.apps-tls/304/focus=305. The > problem is not even unique to SMTP or even TLS, similar issues exist > for secure connections via aliases for HTTPS and Kerberos. SMTP merely > uses indirect naming (via MX records) more frequently. > >I should also note that once one abandons the (still) unrealistic >assumption of a secure DNS, it is not just SMTP + TLS that runs into >trouble. > >For example, many Kerberos client libraries do a forward lookup (to >alias- expand CNAMEs) and some perversely a reverse lookup (often the >owner of the IP address is the worst source of the machine's name), and >then give you a mutually authenticated channel to whatever principal >they construct from now rather questionable data. This carries over >to SASL GSSAPI, where GSSAPI abstraction makes working around this >(in practice nobody tries even with native Kerberos) even harder. > >Consequently, also SSH with GSS KEX, is not MITM resistant when the >attacker can tamper with DNS responses. > >Ultimately, to close similar security issues in many other protocols, >we need a secure DNS, but I am somewhat pessimistic about the likelihood >of this happening soon. > >-- > > /"\ ASCII RIBBON NOTICE: If received in error, > \ / CAMPAIGN Victor Duchovni please destroy and notify > X AGAINST IT Security, sender. Sender does not waive > / \ HTML MAIL Morgan Stanley confidentiality or privilege, > and use is prohibited. > >--------------------------------------------------------------------- >The Cryptography Mailing List >Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com > >----- End forwarded message ----- >-- >Eugen* Leitl leitl http://leitl.org >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.ativel.com >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From chucher78 at earthlink.net Tue May 30 10:08:39 2006 From: chucher78 at earthlink.net (Elvira Mitchell) Date: Tue, 30 May 2006 09:08:39 -0800 (EDT) Subject: too good to be true? find out for yoursef Message-ID: <11660762.1179655611816.JavaMail.confirm@boltinc.com> You've been selected to Play at the HI-ROLLER CASIN0! Your promotional ID is AP9I3O9R Benefits include: * Up to $888 real money to gamble with * Fastest growing/most trusted online company * Play all your favorite games: Poker, Hold'em, Black Jack, Slots, etc. * Play at no-cost to see how exciting and easy it is * Rapid payouts to all clientele & 24/7 support * Great games, Big Winnings, & thousands of players This is a limited chance that expires at the end of the month. Play where the world is Playing! http://cartsrv.com/d1/head From rah at shipwright.com Tue May 30 07:20:19 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 30 May 2006 10:20:19 -0400 Subject: [Clips] Liechtenstein Bicentennial Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Tue, 30 May 2006 10:16:13 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Liechtenstein Bicentennial Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com The Wall Street Journal Liechtenstein Bicentennial May 30, 2006; Page A15 In your May 25 editorial "The End of Yugoslavia1" you refer to the Principality of Liechtenstein as a city-state. Though Liechtenstein is the fourth-smallest state in Europe, within Liechtenstein's borders lie 11 communes including Vaduz, Liechtenstein's capital. I would urge your readers, and especially your writers, to visit www.liechtenstein.li to learn more about Liechtenstein, which is celebrating 200 years of sovereignty this year. Claudia Fritsche Ambassador Embassy of Liechtenstein Washington -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From auto37159 at hushmail.com Tue May 30 07:27:57 2006 From: auto37159 at hushmail.com (auto37159 at hushmail.com) Date: Tue, 30 May 2006 10:27:57 -0400 Subject: Status of opportunistic encryption Message-ID: I am also interested in Opportunistic Encryption. Even if it is not as secure as a manually configured VPN, I am willing to trade that for what it does provide. I have looked at setting up OpenSWAN in OE mode, but frankly it is daunting even for the reasonably geeky and far beyond any kind of mass implementation. Also the DNS requirements make it not a viable solution for the majority of (dynamic DNS home) users. It is fairly simple to turn on optional IPsec under windows, but then everyone needs to use a common CA (say a thawate freemail cert). This option is far easier to use than setting up openswan in OE on your router. I am interested in how Zimmermann's ZRTP accomplishes things, because he seems to have dropped the explicit need for PSKs or CAs. If this is really the case, could techniques like this be used for other types of communication? For OE to be sucessful it needs to have a critical mass on the same (or autoselectable) OE system, useable across OSs, needs to be painless to install and use, and needs to be included in standard distros configured by default as ON (say every machine which left dell had optional ipsec on (and UDP encapsulation) with a common CA :). The necessary critical mass of people won't run OE if it requires extra effort assuming they even know of it's existance or what it does. Skype has achieved something in the encrypted world because it is on by default. In my unscientific WAG, more communication going over skype than SRTP, because SRTP is generally not shipped in a working state and there isn't a one stop CA. Anytime I have recommended using STARTTLS to my sysadmin friends, they have always worried about breaking stuff and complained about needed expensive certs. I would be willing to take the step of using a non authenticated mode (initially), if it would remove some of these impediments and create widespread use. There is a wikipedia entry on OE, but it is quite sparse, so update it if you have something to add. rearden On Fri, 26 May 2006 03:18:59 -0400 Sandy Harris wrote: >Some years back I worked on the FreeS/WAN project (freeswan.org), >IPsec for Linux. > >One of our goals was to implement "opportunistic encryption", to >allow any two >appropriately set up machines to communicate securely, without pre- >arrangement >between the two system administrators. Put authentication keys in >DNS; they >look those up and can then use IKE to do authenticated Diffie- >Hellman to create >the keys for secure links. > >Recent news stories seem to me to make it obvious that anyone with >privacy >concerns (i.e. more-or-less everyone) should be encrypting as much >of their >communication as possible. Implementing opportunistic encryption >is the >best way I know of to do that for the Internet. > >I'm somewhat out of touch, though, so I do not know to what extent >people >are using it now. That is my question here. > >I do note that there are some relevant RFCs. > >RFC 4322 Opportunistic Encryption using the Internet Key Exchange >(IKE) >RFC 4025 A Method for Storing IPsec Keying Material in DNS > >and that both of FreeS/WAN's successor projects (openswan.org and >strongswan.org) mention it in their docs. However, I don't know if >it >actually being used. > >-- >Sandy Harris >Zhuhai, Guangdong, China > >------------------------------------------------------------------- --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From bill.stewart at pobox.com Tue May 30 15:58:23 2006 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 30 May 2006 15:58:23 -0700 Subject: [Clips] Liechtenstein Bicentennial In-Reply-To: References: Message-ID: <6.2.1.2.0.20060530155514.036b69e8@pop.idiom.com> Pictures and history of the current prince and his wife. http://www.liechtenstein.li/en/eliechtenstein_main_sites/portal_fuerstentum_liechtenstein/fl-fueh-fuerstenhaus/fl-fueh-fuerstenfamilie/fl-fueh-fuerstenfamilie-alois.htm?printout=1& From dewayne at warpspeed.com Tue May 30 19:30:01 2006 From: dewayne at warpspeed.com (Dewayne Hendricks) Date: Tue, 30 May 2006 19:30:01 -0700 Subject: [Dewayne-Net] Can Tracking Phone Calls Ferret Out Terrorists? Message-ID: [Note: This item comes from reader Matt Oristano. DLH] From Victor.Duchovni at MorganStanley.com Tue May 30 18:45:19 2006 From: Victor.Duchovni at MorganStanley.com (Victor Duchovni) Date: Tue, 30 May 2006 21:45:19 -0400 Subject: Status of opportunistic encryption Message-ID: On Wed, May 31, 2006 at 08:56:53AM +1000, James A. Donald wrote: > Active attacks are rare, possibly nonexistent except for > Wifi. If NSA and the other TLAs were doing active > attacks, they would be detected some of the time. They > don't like being detected. Active attacks at the network layer are relatively rare, but definitely not non-existent. Spammers occasionally hijack BGP prefixes, send some spam and move on. They can also hijack nameserver IPs, MX host IPs, but for now they prefer sending over receiving. This will likely change, the playbook of organized crime on the net has been expanding steadily when money overtook teen-age dare-do as the most common motivation for active attacks in ~2002. > If anyone does an active attack, this is a one off > event. If someone routinely and regularly does active > attacks, the attack will be detected, the point where > they are modifying messages will be detected, and will > be bypassed. They keep moving around, some ISPs turn a blind eye in return for the revenue stream. > > Consequently, also SSH with GSS KEX, is not MITM > > resistant when the attacker can tamper with DNS > > responses. > > My understanding is that SSH when using GSS KEX does not > cache the keys, which strikes me as a amazingly stupid > idea, No, that's the whole point. What works for the individual administering 10 machines, does not scale to organizations with hundres of administrators managing tens of thousands of machines. With KEX you trust Kerberos, not your key store. The problem is that one also ends up trusting, DNS or NIS or LDAP, ... > particularly when SSH key caching has been so > successful, and when the user thinks he knows his > security comes from key caching. The experience with > PKI suggests that it is very difficult to have security > without durable cached keys. Quite the converse, the PKI keys are too durable. (Segue to Wheeler & Wheeler) the Kerberos online verification model is actually superior, but in practice the implementation runs into issues with insecure nameservices. We need a more secure stack. > Attacks on DNS are common, though less common than other > attacks, but they are by scammers, not TLA agencies, > perhaps because they are so easily detected. Yes, but the scammers are getting into more markets, first spam and advance fee scams, then phishing, now pump and dump scams, they are evolving fast. We are largely standing still. > Encrypting DNS is unacceptable, because the very large > number of very short messages make public key encryption > an intolerable overhead. A DNS message also has to fit > in a single datagram. Workable DNS-SEC exists, what lacks now is the will and political muscle to make it happen. Signing is done on update, not on read. > To accommodate these constraints, we need DNS > certificates sent in the clear, and signed with elliptic > curve public keys (which allow both signatures and > certificates to be short enough to fit in a datagram). The real question is not how to do DNS-SEC, but how soon, and then how to leverage it in real protocols. Will there be a reasonably comprehensive set of Internet integrated services that work *together* "securely" in a reasonable fashion, or are we still building the tower of Babel (now in software). A more trustworthy DNS would IMHO be a good foundation. -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAIL Morgan Stanley confidentiality or privilege, and use is prohibited. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Tue May 30 19:14:31 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 30 May 2006 22:14:31 -0400 Subject: [Clips] Court rules no whistle-blower free-speech right Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Tue, 30 May 2006 22:13:14 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Court rules no whistle-blower free-speech right Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com Court rules no whistle-blower free-speech right Tue May 30, 2006 5:07 PM ET By James Vicini WASHINGTON (Reuters) - A closely divided U.S. Supreme Court ruled on Tuesday that government whistle-blowers are not protected by free-speech rights when they face employer discipline for trying to expose possible misconduct at work. By a 5-4 vote, the high court ruled against a California prosecutor who said he was demoted, denied a promotion and transferred for trying to expose a lie by a county sheriff's deputy in a search-warrant affidavit. Adopting the position of the Los Angeles prosecutor's office and the U.S. Justice Department, the high court ruled that a public employee has no First Amendment right in speech expressed as part of performing job-required duties. Writing for the court majority, Justice Anthony Kennedy said there is protection for whistle-blowers in federal and state laws and rules of conduct for government attorneys. The case had been closely watched for its affect on the at-work, free-speech rights of the nation's 21 million public employees. About 100 cases involving internal communications are brought each year in federal court. Steven Shapiro of the American Civil Liberties Union said, "In an age of excessive government secrecy, the Supreme Court has made it easier to engage in a government cover-up by discouraging internal whistle-blowing." Other ACLU officials predicted the ruling will deter government employees from speaking out about wrongdoing for fear of losing their jobs. Los Angeles County Deputy District Attorney Richard Ceballos had sued his employer for retaliating against him for exercising his free-speech rights when he reported suspected wrongdoing in a memo to senior officials in his department. The justices overturned a ruling by a U.S. appeals court that Ceballos' action was protected by the First Amendment of the Constitution because he was speaking on an issue of public concern. Kennedy said exposing government inefficiency and misconduct was a matter of considerable significance, and that various measures have been adopted to protect employees and provide checks on supervisors who would order unlawful or inappropriate actions. "When public employees made statement pursuant to their official duties, the employees are not speaking as citizens for First Amendment purposes, and the Constitution does not insulate their communications from employer discipline," he wrote. JUDICIAL INTRUSION IN THE WORKPLACE? Kennedy said a ruling for Ceballos would result in a "new, permanent and intrusive role" for the courts in overseeing communications between government workers and their superiors, replacing managerial discretion with judicial supervision. He was joined by the court's conservatives -- Chief Justice John Roberts and Justices Antonin Scalia, Clarence Thomas and Samuel Alito. The court's liberals, Justices John Paul Stevens, David Souter, Ruth Bader Ginsburg and Stephen Breyer, dissented. Stevens wrote, "The notion that there is a categorical difference between speaking as a citizen and speaking in the course of one's employment is quite wrong." He called the majority ruling "misguided." Souter wrote in a separate dissent that government employees who speak out about official wrongdoing should be eligible for First Amendment protection against reprisals. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From istad4 at acaciapark.com Wed May 31 01:53:39 2006 From: istad4 at acaciapark.com (Lenny Weeks) Date: Wed, 31 May 2006 00:53:39 -0800 Subject: Low mortaggee ratess Message-ID: <71902.$$.03035.Etrack@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 989 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: scandal.5.gif Type: image/gif Size: 8467 bytes Desc: not available URL: From rszoppr at pochtamt.ru Wed May 31 06:09:22 2006 From: rszoppr at pochtamt.ru (Summer Jacobs) Date: Wed, 31 May 2006 07:09:22 -0600 Subject: Burn pounds off with Hoodia Message-ID: <1468416319498.078699202577057214437@sandia> immutable deviate typewrite imprecision denny churchgo bstj burroughs whizzing intercept togging ferment alex squash doorman -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1247 bytes Desc: not available URL: From s.schear at comcast.net Wed May 31 07:22:03 2006 From: s.schear at comcast.net (Steve Schear) Date: Wed, 31 May 2006 07:22:03 -0700 Subject: [Clips] Court rules no whistle-blower free-speech right In-Reply-To: References: Message-ID: <6.0.1.1.0.20060531070839.05626408@mail.comcast.net> At 07:14 PM 5/30/2006, R.A. Hettinga wrote: > > > Court rules no whistle-blower free-speech right > > Tue May 30, 2006 5:07 PM ET > > > By James Vicini > > WASHINGTON (Reuters) - A closely divided U.S. Supreme Court ruled on > Tuesday that government whistle-blowers are not protected by free-speech > rights when they face employer discipline for trying to expose possible > misconduct at work. ... > Adopting the position of the Los Angeles prosecutor's office and the U.S. > Justice Department, the high court ruled that a public employee has no > First Amendment right in speech expressed as part of performing > job-required duties. ... > Steven Shapiro of the American Civil Liberties Union said, "In an age of > excessive government secrecy, the Supreme Court has made it easier to > engage in a government cover-up by discouraging internal whistle-blowing." > > Other ACLU officials predicted the ruling will deter government employees > from speaking out about wrongdoing for fear of losing their jobs. This may not be as much a blow to free speech as an opportunity to promote the civic virtue of psuedo-anonymous speech. Cypherpunks should focus on how whistle-blowers can use available technology to authenticate themselves to reporters and secretly correspond to help the press investigate and corroborate the story without having to come forward and expose themselves to presecution. Steve From eugen at leitl.org Tue May 30 23:39:08 2006 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 31 May 2006 08:39:08 +0200 Subject: [auto37159@hushmail.com: Re: Status of opportunistic encryption] Message-ID: <20060531063908.GC28956@leitl.org> ----- Forwarded message from auto37159 at hushmail.com ----- From eugen at leitl.org Tue May 30 23:39:35 2006 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 31 May 2006 08:39:35 +0200 Subject: [jamesd@echeque.com: Re: Status of opportunistic encryption] Message-ID: <20060531063935.GD28956@leitl.org> ----- Forwarded message from "James A. Donald" ----- From jamesd at echeque.com Tue May 30 15:56:53 2006 From: jamesd at echeque.com (James A. Donald) Date: Wed, 31 May 2006 08:56:53 +1000 Subject: Status of opportunistic encryption Message-ID: -- > > It seems to me opportunistic encryption has moved to > > the application layer, at least as far as Internet > > mail is concerned. Many MTAs use TLS automatically > > with whatever certificates they can get. Of course, > > this only guards against active attacks, but it > > seems to me that this is a reasonable threat model. Victor Duchovni wrote: > It only guards against *passive* eavesdropping. Active > attacks can forge DNS MX records, inject BGP routes, > ... Actual MITM resistant peer authentication with > SMTP+TLS is extremely rare. I know it happens > sometimes because I have it running for a small number > of destinations, otherwise I would suspect that nobody > is doing it. Active attacks are rare, possibly nonexistent except for Wifi. If NSA and the other TLAs were doing active attacks, they would be detected some of the time. They don't like being detected. If anyone does an active attack, this is a one off event. If someone routinely and regularly does active attacks, the attack will be detected, the point where they are modifying messages will be detected, and will be bypassed. > I should also note that once one abandons the (still) > unrealistic assumption of a secure DNS, it is not just > SMTP + TLS that runs into trouble. > > For example, many Kerberos client libraries do a > forward lookup (to alias- expand CNAMEs) and some > perversely a reverse lookup (often the owner of the IP > address is the worst source of the machine's name), > and then give you a mutually authenticated channel to > whatever principal they construct from now rather > questionable data. This carries over to SASL GSSAPI, > where GSSAPI abstraction makes working around this (in > practice nobody tries even with native Kerberos) even > harder. > > Consequently, also SSH with GSS KEX, is not MITM > resistant when the attacker can tamper with DNS > responses. My understanding is that SSH when using GSS KEX does not cache the keys, which strikes me as a amazingly stupid idea, particularly when SSH key caching has been so successful, and when the user thinks he knows his security comes from key caching. The experience with PKI suggests that it is very difficult to have security without durable cached keys. > Ultimately, to close similar security issues in many > other protocols, we need a secure DNS, but I am > somewhat pessimistic about the likelihood of this > happening soon. Attacks on DNS are common, though less common than other attacks, but they are by scammers, not TLA agencies, perhaps because they are so easily detected. All logons should move to SRP to avoid the phishing problem, as this is the most direct and strongest solution for phishing for shared secrets, and phishing for shared secrets is the biggest problem we now have. Encrypting DNS is unacceptable, because the very large number of very short messages make public key encryption an intolerable overhead. A DNS message also has to fit in a single datagram. To accommodate these constraints, we need DNS certificates sent in the clear, and signed with elliptic curve public keys (which allow both signatures and certificates to be short enough to fit in a datagram). The client walks the certificate chain from time to time and it caches the certificates, to avoid excessively loading the issuers of higher level certificates. But this is all theoretical at this stage, for DNS attacks are not our biggest problem. Once we have deployed systems that make it difficult to snoop and scam without attacking DNS, *then* we will see DNS come under heavy attack, and *then* there will be motivation to change the DNS system. After all, we have not fixed or replaced PKI, despite the enormous phishing attack that renders it useless and irrelevant, so we are going to be slower still fixing DNS. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG cwXK8++rEMivkYVd+uiumb8CD2CVphnQhorYYVxx 4KsvRJfxM5XZMseazJM4sjSoGS386TnYrCiBhfQuF --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From camera_lumina at hotmail.com Wed May 31 06:33:48 2006 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 31 May 2006 09:33:48 -0400 Subject: [Clips] Court rules no whistle-blower free-speech right In-Reply-To: Message-ID: "The case had been closely watched for its affect on the at-work, free-speech rights of the nation's 21 million public employees. About 100 cases involving internal communications are brought each year in federal court." 21 MILLION. What's that, 20% of the workforce? -TD >From: "R.A. Hettinga" >To: cypherpunks at jfet.org >Subject: [Clips] Court rules no whistle-blower free-speech right >Date: Tue, 30 May 2006 22:14:31 -0400 > >--- begin forwarded text > > > Delivered-To: rah at shipwright.com > Delivered-To: clips at philodox.com > Date: Tue, 30 May 2006 22:13:14 -0400 > To: Philodox Clips List > From: "R.A. Hettinga" > Subject: [Clips] Court rules no whistle-blower free-speech right > Reply-To: rah at philodox.com > Sender: clips-bounces at philodox.com > > > > > > > Court rules no whistle-blower free-speech right > > Tue May 30, 2006 5:07 PM ET > > > By James Vicini > > WASHINGTON (Reuters) - A closely divided U.S. Supreme Court ruled on > Tuesday that government whistle-blowers are not protected by free-speech > rights when they face employer discipline for trying to expose possible > misconduct at work. > > By a 5-4 vote, the high court ruled against a California prosecutor who > said he was demoted, denied a promotion and transferred for trying to > expose a lie by a county sheriff's deputy in a search-warrant affidavit. > > Adopting the position of the Los Angeles prosecutor's office and the >U.S. > Justice Department, the high court ruled that a public employee has no > First Amendment right in speech expressed as part of performing > job-required duties. > > Writing for the court majority, Justice Anthony Kennedy said there is > protection for whistle-blowers in federal and state laws and rules of > conduct for government attorneys. > > The case had been closely watched for its affect on the at-work, > free-speech rights of the nation's 21 million public employees. About >100 > cases involving internal communications are brought each year in federal > court. > > Steven Shapiro of the American Civil Liberties Union said, "In an age of > excessive government secrecy, the Supreme Court has made it easier to > engage in a government cover-up by discouraging internal >whistle-blowing." > > Other ACLU officials predicted the ruling will deter government >employees > from speaking out about wrongdoing for fear of losing their jobs. > > Los Angeles County Deputy District Attorney Richard Ceballos had sued >his > employer for retaliating against him for exercising his free-speech >rights > when he reported suspected wrongdoing in a memo to senior officials in >his > department. > > The justices overturned a ruling by a U.S. appeals court that Ceballos' > action was protected by the First Amendment of the Constitution because >he > was speaking on an issue of public concern. > > Kennedy said exposing government inefficiency and misconduct was a >matter > of considerable significance, and that various measures have been >adopted > to protect employees and provide checks on supervisors who would order > unlawful or inappropriate actions. > > "When public employees made statement pursuant to their official duties, > the employees are not speaking as citizens for First Amendment purposes, > and the Constitution does not insulate their communications from >employer > discipline," he wrote. > > JUDICIAL INTRUSION IN THE WORKPLACE? > > Kennedy said a ruling for Ceballos would result in a "new, permanent and > intrusive role" for the courts in overseeing communications between > government workers and their superiors, replacing managerial discretion > with judicial supervision. > > He was joined by the court's conservatives -- Chief Justice John Roberts > and Justices Antonin Scalia, Clarence Thomas and Samuel Alito. > > The court's liberals, Justices John Paul Stevens, David Souter, Ruth >Bader > Ginsburg and Stephen Breyer, dissented. > > Stevens wrote, "The notion that there is a categorical difference >between > speaking as a citizen and speaking in the course of one's employment is > quite wrong." He called the majority ruling "misguided." > > Souter wrote in a separate dissent that government employees who speak >out > about official wrongdoing should be eligible for First Amendment >protection > against reprisals. > > -- > ----------------- > R. A. Hettinga > The Internet Bearer Underwriting Corporation > 44 Farquhar Street, Boston, MA 02131 USA > "... however it may deserve respect for its usefulness and antiquity, > [predicting the end of the world] has not been found agreeable to > experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' > _______________________________________________ > Clips mailing list > Clips at philodox.com > http://www.philodox.com/mailman/listinfo/clips > >--- end forwarded text > > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Wed May 31 06:37:12 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Wed, 31 May 2006 09:37:12 -0400 Subject: [Clips] Liechtenstein Bicentennial In-Reply-To: <20060531103118.GR28956@leitl.org> References: <6.2.1.2.0.20060530155514.036b69e8@pop.idiom.com> <20060531103118.GR28956@leitl.org> Message-ID: At 12:31 PM +0200 5/31/06, Eugen Leitl wrote: >What's the cypherpunkly angle with Liechtenstein? Black Unicorn. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Wed May 31 07:33:07 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Wed, 31 May 2006 10:33:07 -0400 Subject: [Clips] Liechtenstein Bicentennial In-Reply-To: <20060531142030.GA28956@leitl.org> References: <6.2.1.2.0.20060530155514.036b69e8@pop.idiom.com> <20060531103118.GR28956@leitl.org> <20060531142030.GA28956@leitl.org> Message-ID: At 4:20 PM +0200 5/31/06, Eugen Leitl wrote: >T. vonBernhardi Not quite A. vonBernhardi, but apparently it'll do. Someone at FC this year told me that he kills it periodically to bounce spam. A likely story, but it'll do in a pinch. Apparently, he's done his time as an associate in a law firm in Chicago and now works for a hedge fund in Jersey. Or something. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From Xseqfo at babblynalice.com Wed May 31 10:37:59 2006 From: Xseqfo at babblynalice.com (Hung Caldwell) Date: Wed, 31 May 2006 10:37:59 -0700 Subject: Astounding Loans made easy Message-ID: <200605311643.k4VGgtVg001809@proton.jfet.org> Sir/Madam, Your existant homeloan meets the requirements for you to get handsome returns. Our system will reconcile you with the most expert financier, so that you will have more money in your account at the end of each month. It really can be effortless.. Thousands of Americans are Re-Fi-Nancing their homes every day. Now its your go. This succinct 1 minute form will be your next rung on the ladder towards real financial security. With kind regards, Hung Caldwell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 735 bytes Desc: not available URL: From penscoc at fadmail.com Wed May 31 12:01:54 2006 From: penscoc at fadmail.com (Bonita Mayo) Date: Wed, 31 May 2006 11:01:54 -0800 Subject: Low mortaggee ratess Message-ID: <240818960.7045110176902.JavaMail.ebayapp@sj-besreco378> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1018 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: carbonaceous.2.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From roy at rant-central.com Wed May 31 08:02:21 2006 From: roy at rant-central.com (Roy M. Silvernail) Date: Wed, 31 May 2006 11:02:21 -0400 (EDT) Subject: [Clips] Court rules no whistle-blower free-speech right In-Reply-To: References: Message-ID: <47442.192.168.1.22.1149087741.squirrel@mesmer.rant-central.com> On Wed, May 31, 2006 09:33, Tyler Durden wrote: > "The case had been closely watched for its affect on the at-work, > free-speech rights of the nation's 21 million public employees. About > 100 > cases involving internal communications are brought each year in federal > court." > > 21 MILLION. What's that, 20% of the workforce? Monster.com says we're about to hit 150 million workers, so it's only about 13%. Feel better now? -- Roy M. Silvernail is roy at rant-central.com "Antelope freeway, one sixty-fourth of a mile." - TFT procmail->CRM114->/dev/null->bliss http://www.rant-central.com From jya at pipeline.com Wed May 31 11:02:49 2006 From: jya at pipeline.com (John Young) Date: Wed, 31 May 2006 11:02:49 -0700 Subject: [Clips] Court rules no whistle-blower free-speech right In-Reply-To: <6.0.1.1.0.20060531070839.05626408@mail.comcast.net> References: Message-ID: Steve Schear wrote: >This may not be as much a blow to free speech as an opportunity to promote >the civic virtue of psuedo-anonymous speech. Cypherpunks should focus on >how whistle-blowers can use available technology to authenticate themselves >to reporters and secretly correspond to help the press investigate and >corroborate the story without having to come forward and expose themselves >to presecution. Agreed. What has evolved in recent years is a watering-down of whistleblower information by media eager to show it is responsible if not intimidated by administration threats and bluffs. Witness the NSA spying self-censorship by the NY Times and others while touting brave challenges to authority. Whistleblowers are being whipsawed by allurements to tell all with identity protected and then betrayed by editorial (advertising, investment) policy to not go too far in alarming the populace (spooking advertisers and investors). An underground (black) press is more trustworthy providing you can tell which are honeypots and fake pederasts and which are willing to take extreme measures rather than reveal sources. Willingness to go to jail is no longer a reliable test of journalistic reliability, it has become a promotional gimmick not to be believed. The fashion to "grant anonymity" by the media to whistleblowers presumes to grant too much authority to the media without it having demonstrated it is willing to risk as much as the whistleblower -- protect thine own ass or better: run your own medium. From rah at shipwright.com Wed May 31 08:13:08 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Wed, 31 May 2006 11:13:08 -0400 Subject: [Clips] Court rules no whistle-blower free-speech right In-Reply-To: <6.0.1.1.0.20060531070839.05626408@mail.comcast.net> References: <6.0.1.1.0.20060531070839.05626408@mail.comcast.net> Message-ID: At 7:22 AM -0700 5/31/06, Steve Schear wrote: >This may not be as much a blow to free speech as an opportunity to promote >the civic virtue of psuedo-anonymous speech. Cypherpunks should focus on >how whistle-blowers can use available technology to authenticate themselves >to reporters and secretly correspond to help the press investigate and >corroborate the story without having to come forward and expose themselves >to presecution. Amen. Contrary to the delusions of statists, politics is *not* physics by other means. You can't legislate reality away. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "The price of freedom is the probability of crime. The price of protection is the probability of slavery." -- Dan Geer From coderman at gmail.com Wed May 31 11:17:39 2006 From: coderman at gmail.com (coderman) Date: Wed, 31 May 2006 11:17:39 -0700 Subject: internet browsing privacy appliance Message-ID: <4ef5fec60605311117n710d87a1xc5afa397fb8fb834@mail.gmail.com> we've got a proof of concept build of an internet privacy appliance for windows users built at: http://public.peertech.org/jvm/ there are some known issues / deficiencies in this release: - DNS leaks due to transparent proxy. transparent DNS proxy when in anonymous mode is in progress (using tor-resolve and a python DNS server) - http traffic is identified by outgoing port (80, 8080, etc) rather than traffic type. L7 matching is also in the works. - https (SSL/TLS) traffic is passed through and not proxied. - this runtime has not been hardened against malicious peers on the same internal network and chroot's and other techniques are not yet implemented. we're trying to work out logistics for torrent seeding before distributing the build tools to remaster your own vmware installers and customize the privacy appliance. we're working on fixing known issues and anticipate a how it works in a nutshell: - start the vmware instance with 128M ram and 200M disk (image is 38M compressed) - a public SMB share is provided with a Run.BAT install script - script installs a MS PPTP VPN connection to forward all traffic through the appliance - privacy (privoxy) and anonymity (tor) is enabled by default. you can select privacy only for a faster browsing experience with ads and popups filtered. a note on auto updates: remove the /etc/janus directory to prevent the automatic update check. we intend to use this to deploy security critical patches, filtering updates to privoxy, and other maintenance. you can apply these changes by hand or disable them completely as desired. From mullins at tridentconcepts.com Wed May 31 12:22:52 2006 From: mullins at tridentconcepts.com (Moises Perkins) Date: Wed, 31 May 2006 11:22:52 -0800 Subject: news day Message-ID: <922053940.0921645180488.JavaMail.ebayapp@sj-besreco754> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 995 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: mira.6.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From benjamin at adr-haanpaa.com Wed May 31 13:00:07 2006 From: benjamin at adr-haanpaa.com (Luz Crump) Date: Wed, 31 May 2006 12:00:07 -0800 Subject: Application approval #CZGLL481069818699 Message-ID: <453299986.4522239564291.JavaMail.ebayapp@sj-besreco335> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 992 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ladle.6.gif Type: image/gif Size: 8503 bytes Desc: not available URL: From eugen at leitl.org Wed May 31 03:31:18 2006 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 31 May 2006 12:31:18 +0200 Subject: [Clips] Liechtenstein Bicentennial In-Reply-To: <6.2.1.2.0.20060530155514.036b69e8@pop.idiom.com> References: <6.2.1.2.0.20060530155514.036b69e8@pop.idiom.com> Message-ID: <20060531103118.GR28956@leitl.org> On Tue, May 30, 2006 at 03:58:23PM -0700, Bill Stewart wrote: > Pictures and history of the current prince and his wife. > > http://www.liechtenstein.li/en/eliechtenstein_main_sites/portal_fuerstentum_l iechtenstein/fl-fueh-fuerstenhaus/fl-fueh-fuerstenfamilie/fl-fueh-fuerstenfam ilie-alois.htm?printout=1& What's the cypherpunkly angle with Liechtenstein? It has lower taxes (22.9% for industry, 18% for individuals) and seems to have a reasonable approach to financial secrecy. No restrictions on import and use of cryptography. Apart from that I fail to see why it is being mentioned here. -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Wed May 31 09:32:55 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Wed, 31 May 2006 12:32:55 -0400 Subject: [Clips] Court rules no whistle-blower free-speech right In-Reply-To: References: Message-ID: At 11:02 AM -0700 5/31/06, John Young wrote: >protect thine own ass >or better: run your own medium. Now you're talkin'... Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From ist119 at aec-online.com Wed May 31 14:00:47 2006 From: ist119 at aec-online.com ( Randolph) Date: Wed, 31 May 2006 13:00:47 -0800 Subject: Pre-approvedd rate # Message-ID: <090607168444735.0751620@> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 805 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: .gif Type: image/gif Size: 7610 bytes Desc: not available URL: From istanbul_16 at aeimusic.com Wed May 31 14:21:04 2006 From: istanbul_16 at aeimusic.com (Mayra Hartman) Date: Wed, 31 May 2006 13:21:04 -0800 Subject: Bad Credit? Our Lenders Want To Hear From You Message-ID: <623960661398041.6670460@yahoo.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1030 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: archdiocese.2.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From robbygreen at network5.net Wed May 31 16:09:05 2006 From: robbygreen at network5.net (Tameka Perkins) Date: Wed, 31 May 2006 15:09:05 -0800 (EDT) Subject: her's my story Message-ID: <19798055.1183645823903.JavaMail.confirm@boltinc.com> You've been selected to Play at the HI-ROLLER CASIN0! Your promotional ID is 60974Q35 Benefits include: * Up to $888 real money to gamble with * Fastest growing/most trusted online company * Play all your favorite games: Poker, Hold'em, Black Jack, Slots, etc. * Play at no-cost to see how exciting and easy it is * Rapid payouts to all clientele & 24/7 support * Great games, Big Winnings, & thousands of players This is a limited chance that expires at the end of the month. Play where the world is Playing! http://cartsrv.com/d1/head From eugen at leitl.org Wed May 31 07:20:30 2006 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 31 May 2006 16:20:30 +0200 Subject: [Clips] Liechtenstein Bicentennial In-Reply-To: References: <6.2.1.2.0.20060530155514.036b69e8@pop.idiom.com> <20060531103118.GR28956@leitl.org> Message-ID: <20060531142030.GA28956@leitl.org> On Wed, May 31, 2006 at 09:37:12AM -0400, R.A. Hettinga wrote: > At 12:31 PM +0200 5/31/06, Eugen Leitl wrote: > >What's the cypherpunkly angle with Liechtenstein? > > Black Unicorn. Speaking about Black Unicorn, whatever happened to schloss.li? Domain name: schloss.li Holder of domain name: ISC Holdings T. vonBernhardi rue du Trisor tv5 ripe CH-2000 Neuchbtel Switzerland Contractual Language: English Technical contact: ISC Holdings T. vonBernhardi rue du Trisor tv5 ripe CH-2000 Neuchbtel Switzerland Name servers: ns1.web-comm.com ns2.web-comm.com Date of last registration: 25.05.2001 Date of last modification: -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Wed May 31 09:27:59 2006 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 31 May 2006 18:27:59 +0200 Subject: /. [More Details of the NSA's Social Network Analysis] Message-ID: <20060531162759.GC28956@leitl.org> Link: http://slashdot.org/article.pl?sid=06/05/31/1321208 Posted by: CmdrTaco, on 2006-05-31 15:08:00 mrogers writes "USA Today has a story describing how the NSA looks for [1]suspicious calling patterns in the [2]huge volumes of traffic data it [3]collects. "Templates" such as a call from overseas followed by a flurry of domestic calls are used to identify leads, which are forwarded to the FBI for investigation. There have been complaints that low-quality leads are drawing agents away from other cases, and similar pattern-matching approaches have been [4]found wanting in the past. Can data mining identify terrorists?" References 1. http://www.usatoday.com/news/washington/2006-05-22-nsa-template_x.htm 2. http://www.nytimes.com/2005/12/24/politics/24spy.html?ex=1293080400&en=016edb 46b79bde83&ei=5090 3. http://www.wired.com/news/technology/0,70908-0.html?tw=rss.technology 4. http://www-tech.mit.edu/V122/N48/48secure.48n.html ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Wed May 31 16:12:02 2006 From: rah at shipwright.com (R.A. Hettinga) Date: Wed, 31 May 2006 19:12:02 -0400 Subject: [Clips] Airlines in a Panic: Deal on Fliers' Data Is Ruled Illegal Message-ID: --- begin forwarded text Delivered-To: rah at shipwright.com Delivered-To: clips at philodox.com Date: Wed, 31 May 2006 18:21:30 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Airlines in a Panic: Deal on Fliers' Data Is Ruled Illegal Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com The Wall Street Journal Deal on Fliers' Data Is Ruled Illegal Top Court's Decision On EU-U.S. Pact Has Airlines in a Panic By WILLIAM ECHIKSON May 31, 2006; Page A4 BRUSSELS -- Europe's top court ruled illegal a deal with the U.S. for sharing air-passenger data to fight terrorism, forcing officials to scramble in order to keep planes flying across the Atlantic this fall. The European Commission and the U.S. agreed in 2004 that airlines would turn over 34 pieces of information about each passenger flying from Europe to the U.S. -- including name, address and credit-card details -- within 15 minutes of departure. The agreement was controversial because of strict European privacy rules, and the European Parliament challenged it. But Washington threatened to fine airlines and even strip them of landing rights if they didn't comply. The European Court of Justice ruled yesterday that European Union privacy rules exclude the use of such commercial data for crime-fighting purposes. Data can be collected for commercial purposes, but the court said the commission -- the bloc's executive arm -- violated the law by handing the material over to law-enforcement authorities. The court allowed the data to keep flowing until Sept. 30 to give officials some time to negotiate a new deal. U.S. and European airlines have been complying with the agreed-upon rules. They fear being put in the position of violating European law if they submit to Washington's requirements or violating U.S. law if they don't. "We don't want to think about what will happen if this is not settled by the end of September," said David Henderson, spokesman for the Association of European Airlines. "It is so extreme that it could cause some very great disturbances to the industry," he added. "We anticipate that the U.S. government and European authorities will resolve this matter without subjecting airlines to conflicting demands," said James C. May, president and chief executive of the Air Transport Association, a trade group representing U.S. carriers. "ATA and its members will continue to work closely with governmental authorities to find a practical solution to this issue," he said. European and U.S. officials said the ruling is narrow enough to allow them to revise the existing agreement. They said the court didn't address whether the type of data turned over is too extensive under EU law. Instead, they said the judges only decided that the way the accord was adopted was illegal: Instead of basing the rules on commercial law, the EU must rely on laws that apply to police and security cooperation. "It's unimaginable that the data will cease to flow and the planes will cease to fly," said Stewart Baker, U.S. assistant secretary for policy at the Department of Homeland Security, who was in Brussels for a debate about security cooperation. "I am confident we can find a solution." EU Justice Commissioner Franco Frattini said he would try to rework the agreement "under a different legal basis, but with similar content." He, too, said he is confident a deal can be struck before most EU officials go on holiday for August. But without one, he added, "we could face really huge problems." In private, an EU official cautioned that it will be hard to renegotiate a deal that will satisfy both the European Parliament and the U.S. government. Some members of the Parliament vowed to take a tough line on any new agreement. "Our victory in this case demonstrates the refusal...to buckle in the face of trans-Atlantic bullying," said Sarah Ludford, a Liberal Democrat from Britain. The EU won some concessions from the U.S. The length of time the data can be stored was shortened to 312 years from a proposed 50, and some information was deleted such as meal preference. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From bpearson at adeptscience.co.uk Wed May 31 20:17:48 2006 From: bpearson at adeptscience.co.uk (Noe Skinner) Date: Wed, 31 May 2006 19:17:48 -0800 Subject: Looking to ReFi or a Home Equity Loan? Message-ID: <223824538.8361101480427.JavaMail.ebayapp@sj-besreco273> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 985 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: meltdown.8.gif Type: image/gif Size: 8503 bytes Desc: not available URL: