Fwd: [Cryptography] ISPs caught in STARTTLS downgrade attacks

Fri Nov 14 18:41:01 PST 2014

---------- Forwarded message ----------
From: Dave Horsfall <dave at horsfall.org>
Date: Fri, Nov 14, 2014 at 12:47 AM
Subject: Re: [Cryptography] ISPs caught in STARTTLS downgrade attacks
To: Cryptography List <cryptography at metzdowd.com>

On Thu, 13 Nov 2014, grarpamp wrote:

> > that can provide the practical privacy of a paper letter in a paper
> > envelope.
>
> No!, there is no privacy there whatsoever.
> 1) All addressing/envelope info is recorded/imaged at the processing
> facility, tracked, stored forever, and shared with adversaries.
> 2) Users are similarly imaged and linked via payments at drop off
> and pick up.
> 3) It's not encrypted.
> 4) The user has to trust untrustworthy entities with 1, 2 and 3.

Funny you should say that; it seems Australia Post has come clean:

http://www.smh.com.au/national/australia-post-data-shows-more-mail-being-accessed-by-government-agencies-20141113-11lp0h.html

(You may need to be a subscriber)

Australia Post data shows more mail being accessed by government agencies

Australia Post disclosed confidential information to law enforcement,
security and other government agencies more than 10,000 times in 2013-14,
an increase of 25 per cent over the past four years.

According to statistics released by the postal corporation, "specially
protected" information, which includes information about letters and
parcels and other private client information was provided to government
agencies by Australia Post on 5635 occasions – more than twice the number
four years ago.

Federal government investigators accessing specially protected information
include the Australian Federal Police, the Australian Crime Commission,
the Department of Immigration and Border Protection, the Australian
Customs Service, the Australian Taxation Office, Centrelink, Medicare and
the Child Support Agency.

Victorian and Queensland police as well as the NSW Crime Commission and
the Western Australian Corruption and Crime Commission also received such
private information.

Postal information that is not "specially protected", including names and
addresses on the outside of letters and parcels, was disclosed by
Australia Post on another 4367 occasions.

Government agencies accessing this postal "metadata" include the
Australian Securities and Investments Commission, the Australian
Communications and Media Authority, and the federal departments of
agriculture, environment, defence, foreign affairs and trade, health and
ageing.

State police and anti-corruption agencies, state revenue offices, consumer
affairs, workplace and environmental regulators as well as the RSPCA also
accessed the information.

An Australia Post spokesperson said the corporation only discloses
information to authorised agencies "under a law of the Commonwealth, or
for the enforcement of criminal law, or for enforcement of a law imposing
a pecuniary penalty, or the protection of the public revenue".

The spokesperson emphasised information is disclosed "only after the
'authorised agency' requesting the information from us establishes that
the information is reasonably required for … lawful purposes".

The total of 10,002 disclosures in 2013-14 was 5 per cent higher than in
the previous year, despite a 4.8 per cent decline in the volume of letters
delivered by Australia Post.

Only 19 disclosures of postal information were made to the Australian
Security Intelligence Organisation.  This figure for 2013-14 is down from
31 disclosures in the previous year and is the lowest in a decade.

Australia Post's statistics show ASIO's access to postal information
peaked in 2005-06 and 2006-07, with 117 and 226 disclosures respectively,
a period that covered major counter-terrorism investigations in Victoria
and New South Wales.

ASIO must obtain a warrant from the Attorney-General to seek any postal
information from Australia Post.  Although the 2013-14 disclosure
statistics precede the recent surge in counter-terrorism operations
focused on supporters of the so-called Islamic State, the figures do
suggest that ASIO's investigations target quite small numbers of people.

However, the Australia Post statistics also show that despite consistent
declines in mail volume, confidential postal information is increasingly
accessed by police, by government agencies enforcing laws that impose
financial penalties and for "the protection of the public revenue".

--
Dave Horsfall DTM (VK2KFU)  "Bliss is a MacBook with a FreeBSD server."
http://www.horsfall.org/spam.html (and check the home page whilst you're there)
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography