From arma at mit.edu Fri Oct 1 00:19:44 2004 From: arma at mit.edu (Roger Dingledine) Date: Fri, 1 Oct 2004 03:19:44 -0400 Subject: Tor 0.0.9pre1 is out Message-ID: We've fixed quite a few bugs. We've also added compression for directories, and client-side directory caching on disk so you'll have a directory when Tor restarts. tarball: http://freehaven.net/tor/dist/tor-0.0.9pre1.tar.gz signature: http://freehaven.net/tor/dist/tor-0.0.9pre1.tar.gz.asc (use -dPr tor-0_0_9pre1 if you want to check out from cvs) Changes from 0.0.8: o Bugfixes: - Stop using separate defaults for no-config-file and empty-config-file. Now you have to explicitly turn off SocksPort, if you don't want it open. - Fix a bug in OutboundBindAddress so it (hopefully) works. - Improve man page to mention more of the 0.0.8 features. - Fix a rare seg fault for people running hidden services on intermittent connections. - Change our file IO stuff (especially wrt OpenSSL) so win32 is happier. - Fix more dns related bugs: send back resolve_failed and end cells more reliably when the resolve fails, rather than closing the circuit and then trying to send the cell. Also attach dummy resolve connections to a circuit *before* calling dns_resolve(), to fix a bug where cached answers would never be sent in RESOLVED cells. - When we run out of disk space, or other log writing error, don't crash. Just stop logging to that log and continue. - We were starting to daemonize before we opened our logs, so if there were any problems opening logs, we would complain to stderr, which wouldn't work, and then mysteriously exit. - Fix a rare bug where sometimes a verified OR would connect to us before he'd uploaded his descriptor, which would cause us to assign conn->nickname as though he's unverified. Now we look through the fingerprint list to see if he's there. - Fix a rare assert trigger, where routerinfos for entries in our cpath would expire while we're building the path. o Features: - Clients can ask dirservers for /dir.z to get a compressed version of the directory. Only works for servers running 0.0.9, of course. - Make clients cache directories and use them to seed their router lists at startup. This means clients have a datadir again. - Configuration infrastructure support for warning on obsolete options. - Respond to content-encoding headers by trying to uncompress as appropriate. - Reply with a deflated directory when a client asks for "dir.z". We could use allow-encodings instead, but allow-encodings isn't specified in HTTP 1.0. - Raise the max dns workers from 50 to 100. - Discourage people from setting their dirfetchpostperiod more often than once per minute - Protect dirservers from overzealous descriptor uploading -- wait 10 seconds after directory gets dirty, before regenerating. ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From kelsey.j at ix.netcom.com Fri Oct 1 06:07:42 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Fri, 1 Oct 2004 09:07:42 -0400 (GMT-04:00) Subject: "ID Rules Exist, But Can't Be Seen" Message-ID: <9215533.1096636063534.JavaMail.root@daisy.psp.pas.earthlink.net> >From: Tyler Durden >Sent: Sep 30, 2004 5:06 PM >To: cypherpunks at al-qaeda.net >Subject: "ID Rules Exist, But Can't Be Seen" ... >For instance, is it indeed possible that revealing this rule would pose an >additional security risk? If such a rule exists (and it does) then hijackers >obviously already know about it. Could this rule also reveal some deeper >secrets about how hijackers can be detected? I seriously doubt it. One possibility raised by Dan Simon (I think) on Eric Rescorla's excellent blog is that the rule is part of some monthly briefing that is sent out, which might include some kind of information they'd rather not have published, e.g., "be especially careful about anyone carrying a guitar case; we've heard rumors about using one to bring a Tommy gun onboard." >Then of course, the argument may be that the government wanted to hide the >rule for the very reason of making it more unassailable. In other words, if >the rule were known, then it might be more easily contested in court. Hiding >the rule protects the law which in turn protects national security. Maybe. I guess the thing that's confusing about any of these answers is that the rules as they're applied must be propogated to thousands of people. It's not like they could easily hide guidance like "no more than 10 Arabs per flight" or "double-screen anyone with brown skin and a Koran"--someone would leak it. Perhaps the written rules include things like this that they don't want to subject to court scrutiny, but then how do they get that down to the people doing the screening at the gate? The whole idea of laws that the citizens aren't allowed to see just sounds like something you'd expect in some godawful third-world dictatorship, not in the US. >-TD --John Kelsey From camera_lumina at hotmail.com Fri Oct 1 06:43:30 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 01 Oct 2004 09:43:30 -0400 Subject: "ID Rules Exist, But Can't Be Seen" Message-ID: John Kelsey wrote... >Maybe. I guess the thing that's confusing about any of these answers is >that the rules as they're >applied must be propogated to thousands of >people. It's not like they could easily hide guidance >like "no more than >10 Arabs per flight" or "double-screen anyone with brown skin and a >Koran"-->someone would leak it. Perhaps the written rules include things >like this that they don't want to >subject to court scrutiny, but then how >do they get that down to the people doing the screening >at the gate? That's a good point. And those screeners ain't exactly the cream of the crop, if ya' know what I mean. A year ago they were making minimum wage, so if someone wanted a copy of those guidelines, it'd be easy as hell to con it out of one of em. (INVOKE SPIRIT OF TIM MAY HERE)...dress all official-like with a clipboard and some random badge, and start quizzing the locals about the current rules. Maybe that wouldn't work at JFK, but go to the airport at, say, Lexington So Carolina or Bumfuck Idaho and you'd get the information faster than a hillbilly can skin a possum for dinner. So no way they could keep such a big secret, and I would suspect that the Brazil-factor is not so great that the TSA doesn't already know that. I think you may be onto something w.r.t the Profiling issue. That may have more to do with it than anything. In other words, they don't want the thing contested in court, and the powers that be may not want to be personally liable. So in other words, this law is basically secret so that it can be secret. If nothing else, the Iraq WMD debacle should teach that they really don't have some deep, secret and "justifiable" information. -TD _________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee. Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 From rah at shipwright.com Fri Oct 1 07:10:39 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 1 Oct 2004 10:10:39 -0400 Subject: ShmooCon. 2005. No moose. We swear. Message-ID: ShmooCon. 2005. No moose. We swear. ShmooCon will be an all-new, annual East coast hacker convention hell-bent on offering an interesting and new atmosphere for demonstrating technology exploitation, inventive software & hardware solutions, as well as open discussion of critical information security issues. The first annual ShmooCon will be held February 4-6 2005, at the Wardman Park Marriott Hotel, in Washington, D.C., just minutes from your choice of overly-curious 3-letter agencies. So register early to keep the feds from taking up all the space. ShmooCon will be a different breed of security convention. In a nutshell, over three days, there are three tracks: "Break It!" - a track dedicated to the demonstration of techniques, software, and devices devised with only one purpose in mind--technology exploitation. You will bear witness to some of the most devious minds, source code, and gadgets on the planet that focus their energies on breaking the technology we mindless sheep keep on buying. Baaaaa. "Build It!" - a track that showcases inventive software & hardware solutions--from distributed computing or stealth p2p networks to miniature form-factor community wireless network node hardware or robotics even. Let loose your inner geek, and feel free to gawk. With all the neat stuff, it's important to take notes--that way we all have evidence to shoot down some sleazeball patents 5 years from now. "BoF It!" - a track that promotes the open discussion of critical information security issues in a "birds of a feather" format. From lightning open source code audits or wireless insecurity discussion panels to DRM rants or anonymity & privacy strategies--it's down and dirty, with plenty of controversy for folks who like hashing it out with fellow hackers. Feel free to throw your Shmooball here, but no fisticuffs, please. Settle your differences at Hack-or-Halo in the evening, instead. ShmooCon will be thought provoking. Naturally, with one entire track dedicated to getting similar minds in one room to openly discuss interesting topics, and with each topic discussion being chaired by one or more intensely involved experts in that particular field, people who attend ShmooCon are bound to give the muscle between their ears a good workout. You see, that's a key goal of this conference--to get people thinking. Whether it's thinking about the future, thinking outside the box, thinking about where some of your freedom has run off to, or perhaps rethinking that uber-secure .gov architecture you just paid 5 million dollars to deploy that actually blows some serious swiss-cheese chunks--it's high time you contributed some CPU cycles to your own cause and future existence. And once you start thinking, or hell, maybe even before you start thinking, you can open your mouth and start gabbing with people that have the same concerns and interests as you. Get your two cents in, and pick up a lifetime's worth of experience and knowledge in return from the people around you. ShmooCon will be entertaining. We might not have DefCon debauchery, but we heavily stress the might part of that. Damn near anything could happen when nearly a thousand hackers descend upon the nation's capital. While the Winter chill is sure to keep most folks clothing on, the bar-crawls, club dancing, Hack-or-Halo tournament, WLAN Bash 4 Cash, Shmooball violence, and unsanctioned attempts at penetrating the 100+ .gov or Beltway Bandit wireless networks within 5 miles should make for quite an interesting time. We've even convinced the NFL to have the big game that weekend, so you and your buds can immediately follow up the convention watching terribly expensive and mind-numbing commercials while you try compiling all the cool code that was presented earlier in the day. ShmooCon will be affordable. As you can see, we're certainly not spending money on a web developer, but don't be fooled by our l33t html Fu, ShmooCon is about high-quality without the high price. If you wait to register until the last minute, oh yeah, you're going to pay out the ass--$250, in fact. However, if you're not a fed that has to wait until next fiscal year to get permission from your mommy, daddy, and Uncle Sam, and you positively know that you are going to ShmooCon, then we're down with that, as it were. And so is the cost--ShmooCon is $99 for anyone who registers before September 30, 2004! Aww, just shy of the new fiscal year, see? No, we're not sorry for the feds. They can afford full price--have you seen your paycheck lately? Uncle Sam and cousin FICA could pay for ALL of us to go to ShmooCon, but nooooooo. Regardless, space IS limited, so register before the feds do. Can't afford $99? Check out the call for papers! Selected speakers AND alternates get free admission to ShmooCon! ShmooCon will be accessible. Well, except for our West coast friends. Doh. ShmooCon will be at the Wardman Park Marriott Hotel in Washington, D.C., just a few steps from a Metro stop. That means you can catch a train from New York, Boston, or Philadelphia to Union Station, hop on the D.C. Metro, and voila, you're there. Or, if you intend to fly, you can land at Reagan National, wave to the good guys in uniform manning the mobile rocket launchers, grab a cab OR hop on the D.C. Metro, and you'll be at ShmooCon before you know it. Can't afford to fly? Submit your own ! The overall winner gets free admission AND airfare from anywhere in the continental U.S. to ShmooCon 2005! So check out the site, keep visiting for news and schedule updates, and tell your friends to register their asses for ShmooCon ASAP. It's going to be a blast, and we can't wait to see you there! news about registration cfp program schedule location sponsors links contact us . privacy policy )2004, The Shmoo Group -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri Oct 1 07:11:29 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 1 Oct 2004 10:11:29 -0400 Subject: Call for Papers: ShmooCon. 2005. No moose. We swear. Message-ID: Washington, D.C. Call for Papers [PDF] http://www.shmoocon.org The Shmoo Group is soliciting papers and presentations for the first annual ShmooCon. ShmooCon 2005 will be a highly-technical and entertaining East coast hacker convention focused on technology exploitation, inventive software and hardware solutions, as well as open discussion on a variety of technology and security topics. ShmooCon 2005 will be held on February 4-6, 2005 at the Wardman Park Marriott in Washington, D.C., just minutes from your choice of 3-letter agencies. ShmooCon 2005 will have three tracks, each dedicated to the following: Break It! - Technology Exploitation Build It! - Inventive Software and Hardware Solutions BoF It! - Open Discussion of Technology and Security Topics Topics for the "Break It!" track may include, but are not limited to, EXPLOITATION of: - Consumer electronic devices - Application, host, and network security - Telephony - Physical security Topics for the "Build It!" track may include, but are not limited to, inventive software and hardware SOLUTIONS in: - Robotics - Distributed computing - Community wireless networking - Mobile personal computing Topics for the "BoF It!" track may include, but are not limited to, open DISCUSSION of the following: - Privacy and anonymity - Exploit and vulnerability disclosure / databases - DRM (Digital Rights Management), fair use, copyright infringement - Open source software world domination strategies Presentation Format All presentations and discussions will be 55 minutes in length. Presentations in the "Break It!" and "Build It!" tracks must include demonstrations of personally developed techniques, working code, and/or devices, with code and/or schematics being open-source and released to the public for free. Initiating an open discussion for "BoF It!" requires subject matter expertise, active involvement with the topic at hand, and a brief presentation of the topic/problem scope. Shmooballs will be issued to the audience, to facilitate a frank and open discussion of opinions. Speakers are encouraged to present innovative ideas that not everyone agrees with. Submission Procedure To submit, email cfp at shmoocon.org with the following information: 1. Speaker name(s) and/or handle(s) 2. Presentation Title 3. Track preference 4. Two to three paragraph presentation description and/or outline 5. List facilities required. Projector for use with VGA input, flipchart, sound projection, Internet connectivity will be provided. 6. Speaker bio 7. Contact info for speaker (email AND mobile number, please) Accepted speakers will receive free admission to the conference, as well as a $100 honorarium after evaluation of their completed presentation. 6 runner-ups will receive free admission as hot-alternates. They should come to ShmooCon 2005 prepared to speak, and, if it becomes necessary for them to speak as an alternate, they too will receive a $100 honorarium after evaluation of their completed presentation. NOTE: select presentation submissions which are not accepted will be awarded a 50% discounted admission to ShmooCon 2005. Presentations must be designed to include source code, schematics, or other substantial details that demonstrate the topic being discussed. Presentation proposals will be reviewed by members of the Shmoo Group. A list of the reviewers will be posted on the ShmooCon 2005 web site when the Call For Papers is formally issued. If you feel you have a presentation that would be appropriate but that does not meet these guidelines, feel free to submit it anyway but be sure to include a cover letter explaining your reasoning so we can evaluate your proposal. All questions regarding this call for papers should be addressed to cfp at shmoocon.org. Schedule Check the web site for final dates July 30, 2004 CFP opens Early Fall 2004 papers for preferential first round consideration due Middle Fall 2004 final due date for all papers Late Fall 2004 speakers notified Submissions are due by late fall 2004. Preference will be given to submissions received by early fall 2004. Selected speakers will be notified by Halloween, 2004. We look forward to receiving your submissions as well as seeing you at ShmooCon 2005! ShmooCON 2005 CFP 1.0 RC6 news about registration cfp program schedule location sponsors links contact us . privacy policy )2004, The Shmoo Group -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From hal at finney.org Fri Oct 1 10:11:38 2004 From: hal at finney.org (Hal Finney) Date: Fri, 1 Oct 2004 10:11:38 -0700 (PDT) Subject: Federal program to monitor everyone on the road Message-ID: <20041001171138.B8E7457E2A@finney.org> There was a brief mention of this technology at the Crypto conference. I provided some pointers in a comment to an Ed Felten blog entry at http://www.freedom-to-tinker.com/archives/000677.html#comments (scroll down to the 3rd comment). Dan Boneh et al presented a proposal for a group signature scheme so that the data collected would not be personally identifiable. The problem is that the data needs to be authenticated, otherwise rogue transmitters could send false data and perhaps cause traffic flow problems or even serious accidents. So they want to use some cryptographic method. Putting a common key in the whole system would make it too easy for rogues to get access to, would be unrevocable, and we are back to the rogue transmitter problem. Using individual certified keys is the default solution but has privacy problems: everyone would be constantly transmitting a cryptographically verifiable record of their driving patterns, speed, lane changing and who knows what else. With the group signature, everybody has a unique key but their transmissions are not bound to that key. And if a key gets scraped out and goes rogue, it can be revoked. This is supposed to provide flexibility, authentication, and privacy. In practice I am skeptical that society will choose to protect privacy at the expense of security. One optional feature of group signatures is a trusted party who can penetrate the anonymity and learn the identity of the author of a particular message. I suspect that any vehicle based embedded communications system will retain that capability, a sort of "license plate" in the virtual realm. The ability to track the paths of bank robbers and terrorists would be too inviting for society to give up, especially if the data is only available to government agents. Hal From sfurlong at acmenet.net Fri Oct 1 07:22:08 2004 From: sfurlong at acmenet.net (Steve Furlong) Date: 01 Oct 2004 10:22:08 -0400 Subject: "ID Rules Exist, But Can't Be Seen" In-Reply-To: References: Message-ID: <1096640528.15664.184.camel@daft> Talking out his ass, Tyler Durden wrote: > That's a good point. And those screeners ain't exactly the cream of the > crop, if ya' know what I mean. A year ago they were making minimum wage, so > if someone wanted a copy of those guidelines, it'd be easy as hell to con it > out of one of em. (INVOKE SPIRIT OF TIM MAY HERE)...dress all official-like > with a clipboard and some random badge, and start quizzing the locals about > the current rules. Maybe that wouldn't work at JFK, but go to the airport > at, say, Lexington So Carolina or Bumfuck Idaho and you'd get the > information faster than a hillbilly can skin a possum for dinner. Have you ever done penetration testing? It would be harder at a small airport because the people all know each other. It's the larger organizations in which you're able to cloak yourself in anonymity. You are correct, however, in your characterization of the screeners. Sheesh, what a bunch of mouth-breathing imbeciles and petty thieves. I haven't flown since 2001, but I bring people to NYC airports frequently, and am always impressed with TSA's level of professionalism. Not favorably impressed, mind you, but impressed. From rah at shipwright.com Fri Oct 1 07:32:42 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 1 Oct 2004 10:32:42 -0400 Subject: Suit complicates First Data's move to cut porn tie Message-ID: DenverPost.com - BUSINESS Friday, October 1, 2004 Denver, CO Article Published: Friday, October 01, 2004 Suit complicates First Data's move to cut porn tie By Aldo Svaldi Denver Post Staff Writer First Data Corp. says it has sworn off porn, but a lawsuit could complicate the Greenwood Village company's efforts to cut its ties to the lucrative industry. First Data stopped payment processing for Internet Billing Co. after its contract with First Data expired Sept. 15. Internet Billing is a Florida company that Forbes.com describes as one of the country's largest middlemen between Internet porn sites and banks. "First Data regularly evaluates its lines of business to ensure they are a good fit for the company," the company said in a statement. "We have determined that processing payments of the adult entertainment marketplace is inconsistent with our core values." Internet Billing, also known as iBill, filed a lawsuit two days later against the company and asked a New York state court to force First Data to work with it until it could switch to a new processor in November. The court denied iBill's request. Internet Billing did not respond to an interview request. Penthouse International purchased the company in March for $23.5 million. First Data, which in the past has kept its involvement with the adult entertainment industry quiet, said it had given iBill plenty of notice the contract was ending. "First Data provided iBill with multiple notices that its contract would not be extended after expiration," the company said. First Data has been terminating all of its contracts with adult entertainment providers as they expire, a spokeswoman said. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri Oct 1 07:40:34 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 1 Oct 2004 10:40:34 -0400 Subject: Patriot Act Misinformation Message-ID: The Wall Street Journal October 1, 2004 REVIEW & OUTLOOK Patriot Act Misinformation October 1, 2004; Page A14 The American Civil Liberties Union has been spinning its victory in a federal court in New York this week as a blow against the USA Patriot Act. One typical headline: "Federal Judge Calls Patriot Act Secret Searches Unconstitutional." An ACLU press release hails the decision as "a landmark victory against the Ashcroft Justice Department." Well, no. If reporters had bothered to read Judge Victor Marrero's decision, they would have learned that the law he actually struck down was a provision of the Electronic Communications Privacy Act of 1986. Section 2709 authorizes the FBI to issue "National Security Letters" to obtain information from wire communications companies about their subscribers. NSLs are issued secretly and the recipient is prohibited from notifying anyone about the request. As Judge Marrero noted in his ruling, "Section 2790 has been available to the FBI since 1986." He concludes that there must have been "hundreds" of NSLs issued since that time. The Patriot Act did amend Section 2790, but that amendment has nothing to do with the part that Judge Marrero says is unconstitutional. One more thing: The Electronics Communications Act was not the invention of John Ashcroft. It was sponsored by that famous and menacing right-winger, Vermont Senator Patrick Leahy, who said at the time that Section 2790 "provides a clear procedure for access to telephone toll records in counterintelligence investigations." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Fri Oct 1 01:46:39 2004 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 1 Oct 2004 10:46:39 +0200 Subject: Tor 0.0.9pre1 is out (fwd from arma@mit.edu) Message-ID: <20041001084639.GG1457@leitl.org> ----- Forwarded message from Roger Dingledine ----- From bill.stewart at pobox.com Fri Oct 1 11:59:40 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Fri, 01 Oct 2004 11:59:40 -0700 Subject: QC Hype Watch: Quantum cryptography gets practical In-Reply-To: References: Message-ID: <200410020618.i926IOIZ025986@positron.jfet.org> At 05:12 PM 9/30/2004, Tyler Durden wrote: >What's a "quantum repeater" in this context? It's also known as a "wiretap insertion point"... > As for "Hype Watch", I tend to agree, but I also believe that Gelfond > (who I spoke to last year) actually does have a 'viable' system. > Commerically viable is another thing entirely, however. "Practical" implies that there's a crossover point between cost and benefit and that implementation is on the "benefit" side. Implementation may now be possible, and the costs may be lower than their previous infinite value, but the main benefits I see are public relations hype to impress the rubes and protect against zero-day exploits against Diffie-Hellman or Cisco IOS. But you could protect against the Cisco exploits just as easily with a conventional-key encryption hardware box, and you wouldn't need contiguous fiber. From sunder at sunder.net Fri Oct 1 10:03:12 2004 From: sunder at sunder.net (Sunder) Date: Fri, 1 Oct 2004 13:03:12 -0400 (edt) Subject: Federal program to monitor everyone on the road Message-ID: http://www.boingboing.net/2004/10/01/federal_program_to_m.html Federal program to monitor everyone on the road Interesting article about the Fed's plans to develop an all-knowing intelligent highway system. Most people have probably never heard of the agency, called the Intelligent Transportation Systems Joint Program Office. And they haven't heard of its plans to add another dimension to our national road system, one that uses tracking and sensor technology to erase the lines between cars, the road and the government transportation management centers from which every aspect of transportation will be observed and managed. For 13 years, a powerful group of car manufacturers, technology companies and government interests has fought to bring this system to life. They envision a future in which massive databases will track the comings and goings of everyone who travels by car or mass transit. The only way for people to evade the national transportation tracking system they're creating will be to travel on foot. Drive your car, and your every movement could be recorded and archived. The federal government will know the exact route you drove to work, how many times you braked along the way, the precise moment you arrived -- and that every other Tuesday you opt to ride the bus. Link to actual story: http://charlotte.creativeloafing.com/news_cover.html ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. ------------------------------------------------------------------------- From rah at shipwright.com Fri Oct 1 11:55:46 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 1 Oct 2004 14:55:46 -0400 Subject: 'Frustrated' U.S. Cybersecurity Chief Abruptly Resigns Message-ID: local6.com 'Frustrated' U.S. Cybersecurity Chief Abruptly Resigns POSTED: 11:32 AM EDT October 1, 2004 WASHINGTON -- The government's cybersecurity chief has abruptly resigned after one year with the Department of Homeland Security, confiding to industry colleagues his frustration over what he considers a lack of attention paid to computer security issues within the agency. Amit Yoran, a former software executive from Symantec Corp., informed the White House about his plans to quit as director of the National Cyber Security Division and made his resignation effective at the end of Thursday, effectively giving a single's day notice of his intentions to leave. Yoran said Friday he "felt the timing was right to pursue other opportunities." It was unclear immediately who might succeed him even temporarily. Yoran's deputy is Donald "Andy" Purdy, a former senior adviser to the White House on cybersecurity issues. Yoran has privately described frustrations in recent months to colleagues in the technology industry, according to lobbyists who recounted these conversations on condition they not be identified because the talks were personal. As cybersecurity chief, Yoran and his division - with an $80 million budget and 60 employees - were responsible for carrying out dozens of recommendations in the Bush administration's "National Strategy to Secure Cyberspace," a set of proposals to better protect computer networks. Yoran's position as a director -- at least three steps beneath Homeland Security Secretary Tom Ridge -- has irritated the technology industry and even some lawmakers. They have pressed unsuccessfully in recent months to elevate Yoran's role to that of an assistant secretary, which could mean broader authority and more money for cybersecurity issues. "Amit's decision to step down is unfortunate and certainly will set back efforts until more leadership is demonstrated by the Department of Homeland Security to solve this problem," said Paul Kurtz, a former cybersecurity official on the White House National Security Council and now head of the Washington-based Cyber Security Industry Alliance, a trade group. Under Yoran, Homeland Security established an ambitious new cyber alert system, which sends urgent e-mails to subscribers about major virus outbreaks and other Internet attacks as they occur, along with detailed instructions to help computer users protect themselves. It also mapped the government's universe of connected electronic devices, the first step toward scanning them systematically for weaknesses that could be exploited by hackers or foreign governments. And it began routinely identifying U.S. computers and networks that were victims of break-ins. Yoran effectively replaced a position once held by Richard Clarke, a special adviser to President Bush, and Howard Schmidt, who succeeded Clarke but left government during the formation of the Department of Homeland Security to work as chief security officer at eBay Inc. Yoran cofounded Riptech Inc. of Alexandria, Va., in March 1998, which monitored government and corporate computers around the world with an elaborate sensor network to protect against attacks. He sold the firm in July 2002 to Symantec for $145 million and stayed on as vice president for managed security services. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jamesd at echeque.com Fri Oct 1 17:04:49 2004 From: jamesd at echeque.com (James A. Donald) Date: Fri, 01 Oct 2004 17:04:49 -0700 Subject: Suit complicates First Data's move to cut porn tie In-Reply-To: Message-ID: <415D8E31.23299.1146DC45@localhost> -- On 1 Oct 2004 at 10:32, R. A. Hettinga wrote: > First Data has been terminating all of its contracts with > adult entertainment providers as they expire, a spokeswoman > said. Way back at the beginning, cypherpunks said that the internet could result in alarming loss of privacy, or alarming improvement in privacy. As events turned out, it went to alarming loss of privacy, as Bill Gates, Oliver North and the porn sites have discovered. The problem is not irreversible. If Oliver North had consulted a ten year old, the kid probably would have told him how to make sure his emails were really deleted. I would have thought that the anti-trust debacle would have inspired Bill Gates to give higher priority to privacy preserving software. Now that we finally see potential threats becoming real, perhaps people will, eventually, belatedly, start covering themselves from these threats. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG OLPBj3P5+a0AMi3yjd+CWMKIt31RADZCuotKF/Ih 4pWB1qcPC2GT4Gah22MCAlXN4mbYb7039CZzAK4UZ From rah at shipwright.com Fri Oct 1 16:04:35 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 1 Oct 2004 19:04:35 -0400 Subject: How small towns are reversing a century of corporate personhood Message-ID: Mopping off the leftist drivel from the facts below, :-), the idea of abolishing the personhood of corporations, as a step towards freeing enterprise from the claws of the state, is a very attractive idea. A limited partnership can get the same results, without the "artifical person" nonsense. Financial cryptography actually has solutions in this regard, of course, with bearer equity, anonymous voting, m-of-n key sharing, etc. By way of a Google cache. Sue me. Cheers, RAH ------- This is G o o g l e's cache of http://www.sevendaysvt.com/-thisweek/feat/03.html as retrieved on Sep 24, 2004 15:51:22 GMT. G o o g l e's cache is the snapshot that we took of the page as we crawled the web. The page may have changed since that time. Click here for the current page without highlighting. This cached page may reference images which are no longer available. Click here for the cached text only. To link to or bookmark this page, use the following url: http://www.google.com/search?q=cache:vfcFKfyJ3qYJ:www.sevendaysvt.com/-thisweek/feat/03.html+seven+days+newspaper+%22bad+company%22&hl=en Google is not affiliated with the authors of this page nor responsible for its content. These search terms have been highlighted: seven days newspaper bad company b v Bad Company? How small towns are teversing a century of corporate personhood STORY: KEN PICARD Tom Linzey speaks at Vermont Law School, South Royalton, Thursday, September 30 at 12:45 & 7 p.m. Image: Tim Newcomb Porter Township in northwestern Pennsyl-vania was an unlikely hotbed for an anti-corporate uprising. The tiny rural community about an hour north of Pittsburgh has a population of only 1500 people, many of whom are staunch Republicans with deeply-held conservative values. But after the Alcosan Corporation, a Pennsylvania sewage-sludge hauler, threatened to sue Porter Township in 2002 for passing a local ordinance regulating the dumping of sludge in their community, town officials decided that their citizens had taken enough crap from corporations. Literally. So on December 9, 2002, Porter became the first municipality in the United States to pass a law denying corporations their rights as "persons" under the law. Weeks later, Licking Township, another rural Pennsylvania community facing a similar lawsuit, passed a more expansive ordinance revoking all constitutional rights of corporations within their jurisdiction. Since then, dozens of other municipalities across Pennsylvania, some with as few as 1000 residents, have followed suit, reversing nearly 120 years of corporate encroachment on the rights guaranteed to all citizens under the U.S. Constitution. Prompted by the failure of state and federal regulatory agencies to protect citizens' health, safety and quality of life from large-scale corporate activities, these municipalities took matters into their own hands and reclaimed their right of self-rule. Though the laws fly in the face of more than a century's worth of legal precedents that say corporations are "persons" protected by the Bill of Rights and the 14th Amendment, thus far these ordinances seem to be working. Now some Vermonters are looking to follow Pennsylvania's example and draft similar ordinances here to address environmental and public-health problems stemming from large corporate activities: the influx of big-box stores, the spreading of toxic sludge, even the proposed power increase at the Vermont Yankee nuclear power plant. Proponents of this strategy suggest that these laws may even be used one day to challenge undemocratic principles that were written into the World Trade Organization charter and the North American Free Trade Agreement. Championing this fight is Tom Linzey, a 35-year-old Alabama-born attorney who is the executive director and co-founder of the Community Environmental Legal Defense Fund. Founded in 1995, the Pennsylvania-based CELDF was initially set up to provide free legal services to small community groups that were fighting big environmental battles: toxic-waste incinerators, landfills, municipal sludge fields and corporate factory farms. Since then, however, the nonprofit law firm has expanded its mission to help municipalities around the country roll back corporate rights through local ordinances. CELDF conducts "democracy schools" - intensive, weekend-long seminars that trace the history of corporate rights and help citizens reframe local issues according to a new paradigm. Once such democracy school was held two weeks ago in Putney for 20 Vermonters from the Brattleboro area. Linzey, who speaks on September 30 at Vermont Law School, explained in a recent interview how this movement began. In the mid- to late-1990s, large out-of-state agribusinesses began applying for permits to build large-scale hog farms in rural Pennsylvania. Local residents, who overwhelmingly opposed these farming operations, sought the help of state and federal regulatory agencies like the EPA. However, these communities soon realized that waging their battle on the regulatory front wouldn't stop undesirable businesses from moving into town - it would merely lessen the harm those activities caused. The proposed factory farms were huge operations - 5000- to 6000-head hog farms - that would dwarf neighboring family farms. Before long, CELDF was inundated with phone calls from local officials across Pennsyl-vania - some 400 townships in all - seeking their help at fending off these corporate farms. So CELDF began researching how this issue had been handled in other states, particularly in the Midwest, where 300,000- to 400,000-head hog farms are common. This was when Linzey made a startling discovery: Nine Midwestern states have laws banning large corporations from owning or controlling farms. In fact, Nebraska and South Dakota went so far as to incorporate that ban into their state constitutions. So CELDF copied the South Dakota constitutional amendment and used it as a model for local ordinances. Ten townships and five counties in Pennsylvania have adopted the anti-corporate farming ordinance. To date, only one has been overturned by the courts. During this same period in the 1990s, CELDF also began receiving calls from community groups and local officials who were trying to stop the permitting of sludge fields. Sludge, the solid-waste byproduct of wastewater treatment plants, is not considered a "hazardous waste" by the federal government. Although it can contain as many as 600,000 different toxic contaminants, the U.S. Environ-mental Protection Agency requires testing for only 11 of those contaminants. Spreading sludge on farmland, a practice known as "biosolid land application," was already a controversial issue in rural Pennsylvania because of its impact on human and animal health. In 1995, two youths died after coming into contact with a newly applied sludge field. In an effort to prevent more sludge from being dumped in their communities, 68 Pennsylvania townships passed anti-sludge ordinances. The corporate waste haulers didn't take these ordinances lying down. They challenged the laws in court, arguing that townships were denying them their constitutional rights and didn't have the legal authority to pass these laws. The corporations also tried to hold town officials personally liable for passing these laws. They based their argument on a federal civil rights law that was passed in the aftermath of the Civil War in orders to protect African-Ameri-cans from state-sanctioned discrimination. Since these corporate sludge haulers had deep pockets, it wasn't even necessary that they win in court. All they had to do was deplete a town's financial resources by waging a long and costly legal battle. How did CELDF respond? As Linzey explains, CELDF helped Porter and Licking townships draft a "Corporate Rights Elimination Ordinance," which effectively stripped the corporation of its right to sue. Though these laws were an unprecedented challenge to corporate empowerment, they remain in effect today and have yet to be challenged in court. "Corporate rights sometimes get talked about as some academic or abstract concept like something that's taught in a college political science class," Linzey says. "Here, what folks have said is that our vision for our community does not include land-applied sludge. It does not include factory farms. And that's the community we want." Critics were quick to label the movement the work of liberal, anti-business activists. But as Linzey points out, about 80 percent of the communities he works with are overwhelmingly conservative and Republican. "Keep in mind, these are rural township officials with the shit-kicker boots and the John Deere hats. These are the guys who clear and salt the roads in the wintertime," he says. "These are not activists. They are folks who saw a problem and tried to do something about it." How effective have the ordinances been? Very, says Linzey. "In the 68 townships that have passed sludge ordinances, not one new teaspoon of sludge has been land-applied," he says. The same holds true for the ban on corporate hog farms. In the 10 townships that passed anti-corporate farm ordinances, Linzey says, not one new corporate hog farm has been established, even though those areas were targeted for more factory farms. Vermont is no stranger to the legal perversion of corporate "personhood." In April 1994, the Vermont Legislature passed the nation's first law requiring the labeling of dairy products containing the genetically altered growth hormone, rBGH. In response, agribusiness giant Monsanto and a coalition of dairy-industry groups sued the state, asserting that the law was unconstitutional. A federal judge agreed, ruling that the new law violated Monsanto's First Amendment right "not to speak." Several weeks ago, 20 people from southern Vermont spent a weekend at Landmark College in Putney, attending one of CELDF's democracy schools. Among them was Larry Bloch, a small-business owner from Brat-tleboro who is with Vermonters Restoring Democracy. It's an umbrella organization of groups that deal with issues ranging from genetically modified organisms to nuclear power to social and economic justice. Though its members come from a variety of political backgrounds, what unites them, Bloch explains, is a desire to combat corporate dominance over local decision-making. "When a predatory corporation comes in and says, 'We're moving in no matter what and we don't care if we push out your independently owned local businesses,' that doesn't affect only progressives or only conservatives," Bloch says. "To hear the stories from Pennsylvania was inspiring because these were people who had never been activists and weren't blessed with a lot of free time or money or the inclination to shake things up." Representative Sarah Edwards (P-Brattleboro) agrees. Edwards, who also attended the democracy school, says the seminar helped reframe the debate in her mind, especially on the issue of nuclear power. "It's helping me to know who my adversary is," Edwards says. "I'm not talking about individuals. I'm talking about the corporations. "I have friends who work at [Vermont] Yankee. I know management who work at Yankee," she adds. "This is not about them. This is about the system, the machine of the corporation squeezing out the diversity of voices that is necessary to have a good and healthy democracy. Democracy schools already have been held in six states. By next year, there will be five permanent "Daniel Pennock Democracy Schools" - named for one of the two boys who died after coming into contact with the toxic sludge. In the past, these schools have largely addressed environmental issues. But that's charging, Linzey notes. Activists in Roxbury, Massa-chusetts, for example, hope the Pennsylvania model can be used to challenge the pharmaceutical industry on its policies pertaining to AIDS drugs. Others see the approach as a way to counter international agreements like NAFTA. John Berkowitz is executive director of Southern Vermonters for a Fair Economy and Environmental Protection. He points to a law passed in Massachusetts 10 years ago that prohibited municipalities from signing contracts with companies that do business with Burma - a country with an abysmal human rights record. After Japan and the European Union filed a complaint about the law with the WTO, in 1997 the U.S. Supreme Court struck down the Massachusetts laws as unconstitutional. "Wait a minute. Who's deciding what's best for a community?" Berkowitz asks. "Is it absentee corporations and people working for trade organizations like the WTO? We're finding that people's local decision-making abilities are being trumped by trade agreements that basically say, 'You can't decide that at the local level.'" But as Linzey reminds people who attend CELDF's democracy schools, local communities can reclaim the power of self-rule. Like hurricanes that feed off warmer waters, the anti-corporate movement draws strength through legal provocation. Says Linzey, "This is about shifting the paradigm to let people understand that the courts do step in to defend community rights over corporate rights." ) Seven Days Newspaper, 2004 www.sevendaysvt.com web queries? d -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri Oct 1 17:11:06 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 1 Oct 2004 20:11:06 -0400 Subject: How small towns are reversing a century of corporate personhood In-Reply-To: References: Message-ID: At 7:04 PM -0400 10/1/04, R. A. Hettinga wrote: >the idea of >abolishing the personhood of corporations Of course, the act of abolition, using the law itself, is an exercise in mental masturbation, which is what is really happening in Pennsylvania. Financial cryptography gives us at least the hope of property -- or control of property -- without legislation, if not prior legal agreement. David Friedman's private law without public law. Corporations, as creatures of this state wouldn't have to exist in such a world, where limited liability could be done the old fashioned way: with anonymity. :-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri Oct 1 17:56:36 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 1 Oct 2004 20:56:36 -0400 Subject: Effort to Create Terror Watch List Is Falling Behind, Report Finds Message-ID: The Wall Street Journal October 1, 2004 PAGE ONE Effort to Create Terror Watch List Is Falling Behind, Report Finds By ROBERT BLOCK and GARY FIELDS Staff Reporters of THE WALL STREET JOURNAL October 1, 2004; Page A1 A government report concludes that efforts to protect U.S. borders and better identify terrorist suspects by compiling a single consolidated watch list -- from more than a dozen currently in use by federal agencies -- have badly foundered. The inspector general of the Homeland Security Department, in the sometimes scathing report, cites poor cooperation among many agencies and says his own agency failed "to play a lead role" in oversight. The report has been delivered to Homeland Security Secretary Tom Ridge and congressional leaders. Compiling a viable, unified list of terrorist suspects was mandated by Congress and ordered by President Bush after the attacks of Sept. 11, 2001. Such a list is considered by law-enforcement agents as the most basic tool in their arsenal and vital for protecting the country. But now dozens of agencies, from the Federal Aviation Administration to the Federal Bureau of Investigation, continue to use different lists that sometimes contain outdated or incorrect information and even contradict each other. That can hamper the sharing of vital data and identifying of suspects -- and make it easier for terrorists to slip through cracks in the system, officials say. "The watch list is the poster child for information sharing for all our intelligence and government agencies," said Daniel B. Prieto, research director for the Homeland Security Partnership Initiative at the Kennedy School of Government at Harvard University. "It has been the one project that is the most straightforward; the most defined, the most politically accepted idea, supported by every investigative commission since 9/11. If they can't get this one right, then shame on them." Mr. Prieto is a former Democratic congressional staffer who monitored the watch-list issue. An edited version of the inspector general's report is to be publicly released on Sunday. A copy was reviewed by The Wall Street Journal. The findings come amid an intense debate about improving intelligence in the wake of the 9/11 Commission's damning findings about government failures before and after the Sept. 11 attacks. Congress is wrestling over the creation of a new intelligence czar to better coordinate government counterterrorism efforts. Intelligence changes also have become a campaign issue, with the Bush administration asserting it has dramatically improved information-sharing among law-enforcement agencies. In the first presidential debate last night, Sen. John Kerry said the president had failed to support police, firefighters and other programs, saying, "This president thought it was more important to give the wealthiest people in America a tax cut rather than invest in homeland security. Those aren't my values. I believe in protecting America first." REPORT EXCERPTS Below is an excerpt of the draft report to be issued by the U.S. Department of Homeland Security's Office of Inspector General on challenges in consolidating terrorist watch list information. Results in Brief DHS is not playing a lead role in consolidating terrorist watch list information. Instead, these consolidation activities are generally administered by the entities that were responsible for collecting and disseminating terrorist information prior to DHS's formation. DHS officials said that the new department lacked the resources and infrastructure to assume leadership for the consolidation. While this contention has merit, DHS can still play a more robust role than at present by overseeing and coordinating watch list consolidation activities across agency lines. Such oversight would help DHS fulfill the role required by the Homeland Security Act and better ensure that the past ad hoc approach to managing watch list consolidation is not continued. Stronger DHS leadership and oversight would also help improve current watch list consolidation efforts. Although some progress toward streamlined processes and enhanced interagency information sharing has been made, the consolidation is hampered by a number of issues that have not been coordinated effectively among interagency participants. Specifically, in the absence of central leadership and oversight for the watch list consolidation, planning, budgeting, staffing, and requirements definition continue to be dealt with on an ad hoc basis, posing a risk to successful accomplishment of the goal. A number of additional challenges, such as identifying links between violent criminals and terrorism, privacy, and duplicative federal activities related to watch list programs, could be pursued in the context of a centrally coordinated approach to watch list management. In response, the president said his administration had tripled spending on homeland security to $30 billion, worked with Congress to create the Homeland Security Department and added protection and guards to the nation's borders. "We're doing our duty to provide the funding," he said. In reference to American military action overseas, he added, "But the best way to protect this homeland is to stay on the offense." (See a related article3.) The inspector general's report notes that arguments over who is in charge of consolidating a terrorist database have dogged the creation of the watch list almost from the start. "While the requirement to consolidate the multiple watch lists was clear," it says, "the approach to accomplish it has not been so. Responsibility for consolidating multiple databases of watch lists has shifted among various federal organizations..." It further notes, "The manner through which the watch list consolidation has unfolded has not helped the nation break from its pattern of ad hoc approaches to counterterrorism." Inspector General Clark Kent Ervin says the law creating Homeland Security in 2002 gave the agency prime authority in the matter, and that subsequent presidential decrees, including one creating a Terrorist Screening Center under the FBI's purview, supplement, rather than supplant, the agency's authority. But a department spokesman rejects that conclusion, saying that the Department of Justice and Federal Bureau of Investigation have the primary responsibility for creating the watch list, not Homeland Security. "It's the FBI that is charged with the lead role, not us," said Homeland Security spokesman Brian Roherkasse. The FBI declined to comment. The report also states that a number of organizations involved in the watch-list consolidation were "conducting a number of data mining activities without central oversight" to make sure they were not violating any policies or laws governing personal privacy. Data mining, or the analysis of large amounts of commercial and other data to extract new kinds of information useful to law enforcement, is very controversial and opposed by groups like the American Civil Liberties Union. Mr. Ervin, a Texas Republican who is known for his unfailing politeness, came to Homeland Security from the State Department, where he served the same role after following President Bush to Washington in 2001. Mr. Ervin also worked in the White House from 1989 to 1991 under President George H.W. Bush. Mr. Ervin has issued several reports criticizing various efforts at Homeland Security. Last week, he released one on Transportation Security Administration screeners that found they did a poor job finding guns, knives and potential bombs smuggled through security checkpoints by covert testing from July to November 2003. A White House spokesman said the president appointed Mr. Ervin and appreciates his service. Law-enforcement agencies have long considered the creation of automated information or "watch lists" of potential or known terrorists and criminals as a vital tool to help protect the country. Names on the list are checked against the names of foreign nationals attempting to enter or already present in the U.S. The government's need for a unified, accurate and meaningful terrorist list first surfaced after the 1993 bombing of the World Trade Center. Investigators learned that two of the bombers, Sheik Rahman and Ali Mohammed, were on an FBI watch list but still got visas because the State Department and the old Immigration and Naturalization Service didn't have access to FBI data. After Sept. 11, a single watch list was considered vital to keeping terrorists from gaining access to the U.S. as well as to coordinate the fight against al Qaeda. But in April 2003, the investigative arm of Congress, the General Accounting Office, now known as the General Accountability Office, found that efforts to create such a list were going nowhere and said that the lack of a single master list was constraining efforts to protect and control U.S. borders. Part of the problem has been confusion over whose job it is to take the lead. In his 2003 State of the Union speech, President Bush called for the creation of the Terrorist Threat Integration Center. The effort was meant to unite the heads of the FBI, Homeland Security, the Central Intelligence Agency and the Department of Defense in developing a single entity for merging, analyzing and disseminating terrorist-threat information. The Threat Center, which answers to the director of the CIA, opened on May 1, 2003, two months after the Department of Homeland Security opened its doors. Less than five months later, on Sept. 16, 2003, Mr. Bush signed a directive calling for the creation of another body, the TSC, to take the work of the Threat Center and other government departments with terrorist information and produce a unified database that could be accessed and shared by all law-enforcement officials in the nation, from border guards in Arizona to detectives in New York City. Mr. Ridge, Secretary of State Colin Powell, then-CIA director George Tenet and Attorney General John Ashcroft signed a memorandum of understanding that the TSC would be run by the FBI and use the State Department's terrorist watch list as the backbone of a new database that would integrate all other existing data. TSC operatives would supposedly weed out duplications and obsolete data and remove people who in the past had been wrongly identified as terrorists or who had shared the same name as suspects. The TSC also was to work with new technologies to include identifying features such as fingerprints, distinguishing scars and birthmarks, as well as credit-card accounts and other data, to distinguish real suspects from others. The inspector general's report states that there has been some progress in the effort, noting that as of March 12, 2004, the database contains more than 100,000 names. It also says that the TSC has brought together representatives from the FBI, State Department, Homeland Security, Secret Service, Coast Guard and Customs and Border Protection to help in consolidating the information into a form useful to share with law enforcement. However, the report finds there also have been problems in creating a technological system that meets the competing requirements of the different agencies contributing information. The head of the terrorist screening center, Donna Bucella, reported to Congress earlier this year that she was having problems getting some agencies, particularly at the Department of Defense, to provide the screening center with its terrorist information. The reason, in part, was that they were not satisfied with the security of the screening center's computer system. An FBI official familiar with the continuing problems over the Terrorist Screening Center and the consolidation of a terror watch list said there continues to be compatibility problems with the various databases the FBI is trying bring together. Some issues revolve around various computer systems being unable to communicate electronically. Other problems arise because of different criteria for placing someone on the list in the first place. The report comes on the heels of several high-profile snafus caused by proliferating watch lists. British singer Yusuf Islam, formerly known as Cat Stevens, recently was stopped from traveling in the U.S. because his name was on one list -- but not the Transport Security Administration's official "No-Fly List." Similarly, Sen. Ted Kennedy (D, Mass.) and Rep. Don Young (R., Alaska) have said they at times have been mistaken for terrorists at airline counters because of namesakes on the watch list. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri Oct 1 18:43:04 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 1 Oct 2004 21:43:04 -0400 Subject: Foreign Travelers Face Fingerprints and Jet Lag Message-ID: The New York Times October 1, 2004 Foreign Travelers Face Fingerprints and Jet Lag By RACHEL L. SWARNS EWARK, Sept. 30 - Laetitia Bohn walked into Newark Liberty International Airport on Thursday, dazed and sleepy after an eight-hour flight from Paris, and was jolted from her reverie when an immigration officer asked for her photograph and fingerprints along with her passport. The officer took a digital scan of her left index finger, then her right, and then snapped her picture with a tiny camera. The entire process took only a few seconds, but for Ms. Bohn, a 29-year-old tourist from France, it was an unnerving symbol of how much the United States had changed since the terrorist attacks of Sept. 11, 2001. "It made me feel kind of guilty, like a prisoner," Ms. Bohn said. "You can feel the difference since 9/11. I was in New York seven years ago and people were happy to have visitors. I don't think it's the case anymore." And so the day went - with a click of a camera and sharply conflicting emotions as foreign visitors across the country arrived at American airports, where officials for the first time began photographing and electronically fingerprinting travelers from 27 industrialized nations, including longtime allies like England, France, Germany, Spain, Japan and Australia. The policy shift, which was announced in April and took effect on Thursday, will affect about 13 million visitors each year from 22 European countries as well as Brunei, Singapore, Japan, Australia and New Zealand, who can currently travel to the United States for up to 90 days without a visa. The change was made after intelligence reports indicated that terrorists might take advantage of that provision, which allows travelers from Europe and other industrialized countries to travel to the United States with little scrutiny. Until now, only travelers who needed visas to visit the United States were fingerprinted and photographed at American airports in a program started in January to ensure that suspected terrorists, criminals and violators of immigration law do not enter the country. The program, which is now expected to screen about 20 million foreign visitors at 115 airports and 14 seaports annually, is the latest security measure to affect foreign visitors since the Sept. 11 attacks. Last year, American embassies and consulates around the world began collecting digital fingerprints from foreigners applying for visas. And beginning this fall, officials will require overseas visitors at some airports and seaports to be fingerprinted and photographed before they leave the United States to monitor whether visitors are in fact returning to their home countries. "America has been a welcoming country and it continues to be one, but in the post-9/11 era it has been necessary to make sure we know who is traveling to our country," said Commissioner Robert C. Bonner, who directs the customs and border protection unit at the Department of Homeland Security. Reaction from foreign governments was mostly muted. But some officials said the policy raised privacy concerns. Japanese officials said they had asked that the fingerprints and photographs be deleted when their citizens leave this country. "We understand the necessity of the U.S.'s new measures," Motohisa Suzuki, who coordinates antiterrorism programs for Japan's Cabinet Office, said on Thursday. But Mr. Suzuki added, "We need to be fully discreet about the handling of the private information." Airline and airport officials were bracing for longer lines on Thursday. But customs officials, who surveyed about 20 airports on Thursday afternoon, said that only 40 of the 1,500 flights reported slower than normal waiting times attributed to the new procedures. Officials noted, however, that September was typically a slow month for overseas arrivals and that Thursday was typically a quiet travel day. "So far, so good," said Joseph A. Cardinale, acting port director for passport control at the Newark airport. "We've had the experience of doing the fingerprints and the photographs for several months now, so it's not new to the officers. That's a tremendous help.'' Tourists greeted the system with a mixture of nonchalance and irritation. Bruce Reid, a 59-year-old doctor from Australia, said he did not object. "I haven't got a criminal record, so it doesn't worry me much," said Dr. Reid, who flew into Los Angeles. Marleen Maas, 43, a homemaker from Frankfurt, disagreed. "What's next? Are they going to take pieces of my hair, too?" asked Ms. Maas, who flew into Miami to visit her daughter. "It didn't take long, but it made me feel like a criminal." In Newark, Marc Eisenchteter of Paris said the process moved efficiently. Ms. Bohn agreed and said that despite her misgivings she would still return to the United States. "It was more easy to visit before," she said. "But I will still come back." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From bill.stewart at pobox.com Fri Oct 1 23:22:05 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Fri, 01 Oct 2004 23:22:05 -0700 Subject: Nightclub you'll want to skip - RFID microchipping the guests [BBC article] Message-ID: <200410020632.i926WWUq026133@positron.jfet.org> Here's a nightclub you'll want to skip, unless you feel like hacking RFIDs... ("Nothing up my sleeve but this Rivest RFID Blocker!") ** Barcelona clubbers get chipped ** Some clubbers in Barcelona have opted to have a microchip implanted which lets them pay for drinks. < http://news.bbc.co.uk/go/em/fr/-/2/hi/technology/3697940.stm > BBC Science producer Simon Morton goes clubbing in Barcelona with a microchip implanted in his arm to pay for drinks. Imagine having a glass capsule measuring 1.3mm by 1mm, about the size of a large grain of rice injected under your skin. Implanting microchips that emit a Radio Frequency Identification (RFID) into animals has been common practice in many countries around the world, with some looking to make it a legal requirement for domestic pet owners. The idea of having my very own microchip implanted in my body appealed. I have always been an early adopter, so why not. Last week I headed for the bright lights of the Catalan city of Barcelona to enter the exclusive VIP Baja Beach Club. The night club offers its VIP clients the opportunity to have a syringe-injected microchip implanted in their upper arms that not only gives them special access to VIP lounges, but also acts as a debit account from which they can pay for drinks. This sort of thing is handy for a beach club where bikinis and board shorts are the uniform and carrying a wallet or purse is really not practical. Thumping heart I met the owner of the club, Conrad Chase, who had come up with the idea when trying to develop the ultimate in membership cards and was the first person implanted with the capsule, made by VeriChip Corporation. With a waiver in his hand Conrad asked me to sign my life away, confirming that if I wanted the chip removed it was my responsibility. Four aspiring VIP members sat quietly sipping their beverages as the nurse Laia began preparing the surgical materials. Like a scene from a sci-fi movie, latex gloves and syringes were laid out on the table as the DJ played loud dance tunes that made my heart thump, or was it just fear? Questions were going through my mind. Would it hurt? What are the risks? What if I want to get it out? I ordered another drink. Comfortably numb Laia started by disinfecting my upper arm and then administered a local anaesthetic to numb the area where the chip would be implanted. With the large needle in her hand, she tested the zone which made me flinch and led to another dose of the anaesthetic. With a numb arm, Laia held up the rather large needle containing the microchip and inserted it beneath the layer of skin and fat on my arm. She pressed the injector and it was in - my very own 10 digit number safely located in my body. The chip is made of glass and is inert so there is no risk of it reacting with my body. It sits dormant under the skin sending out a very low range radio frequency so it will not set off airport security systems. The chip responds to a signal when a scanner is held near it and supplies its own unique ID number. The number can then be linked to a database that is linked to other data, at the Baja beach club it make charges to a customers account. If I want to leave the club then I can have it surgically removed - a pretty simple procedure similar to having it put in. Now, the question of did it hurt. Having the chip inserted was a breeze, no real pain to report of. The real pain was the sore head the following day after a night on an open bar tab. You can hear more about Simon's experiences on the BBC World Service programme Go Digital Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/3697940.stm Published: 2004/09/29 08:17:45 GMT ) BBC MMIV From eugen at leitl.org Sat Oct 2 01:36:13 2004 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 2 Oct 2004 10:36:13 +0200 Subject: Foreign Travelers Face Fingerprints and Jet Lag In-Reply-To: References: Message-ID: <20041002083612.GH1457@leitl.org> On Fri, Oct 01, 2004 at 09:43:04PM -0400, R. A. Hettinga wrote: > "It was more easy to visit before," she said. "But I will still come back." Well, no, I won't. (And quite a number of others). No biometrics ID for me either. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From camera_lumina at hotmail.com Sat Oct 2 17:50:03 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sat, 02 Oct 2004 20:50:03 -0400 Subject: QC Hype Watch: Quantum cryptography gets practical Message-ID: Yes, I am indeed a little suspicious. Clearly, this "quantum repeater" can't be doing an O/E, or no amount of hype will budge this product an inch. Quantum Crypto utilizes pairs of correlated photons, so we can't be talking about an optical amplifer. So since I've been away from the literature for a while, is there a device that can repair a deteriorating, about-to-be-collapsed superposition state? I can't see how this could occur without the requirement of acting on the other (correlated) photon either, and if that photon is physically removed from the first, then forget about it. (Though theoretically I think I can conceive of the possibility of two "correlated quantum repeaters" exchanging 'information' (including gating) about the photon pair they are collectively handling*, but no way that can be useful commerically.) *: This isn't quite as farfetched as it seems: Even 5 to 10 years ago it was shown that there can be quantum Forward Error Correction, and simple devices were demonstrated in the laboratory. -TD >From: Bill Stewart >To: "Tyler Durden" >CC: cypherpunks at al-qaeda.net, rah at shipwright.com >Subject: RE: QC Hype Watch: Quantum cryptography gets practical >Date: Fri, 01 Oct 2004 11:59:40 -0700 > >At 05:12 PM 9/30/2004, Tyler Durden wrote: > >>What's a "quantum repeater" in this context? > >It's also known as a "wiretap insertion point"... > > > As for "Hype Watch", I tend to agree, but I also believe that Gelfond > > (who I spoke to last year) actually does have a 'viable' system. > > Commerically viable is another thing entirely, however. > >"Practical" implies that there's a crossover point between >cost and benefit and that implementation is on the "benefit" side. > >Implementation may now be possible, and the costs may be lower >than their previous infinite value, but the main benefits I see are >public relations hype to impress the rubes and protect against >zero-day exploits against Diffie-Hellman or Cisco IOS. >But you could protect against the Cisco exploits just as easily >with a conventional-key encryption hardware box, >and you wouldn't need contiguous fiber. _________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee. Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 From mv at cdc.gov Sun Oct 3 09:49:53 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 03 Oct 2004 09:49:53 -0700 Subject: comfortably numb Message-ID: <41602DB1.B543AFFF@cdc.gov> t 11:22 PM 10/1/04 -0700, Bill Stewart wrote: >Questions were going through my mind. Would it hurt? What are the risks? >What if I want to get it out? > >I ordered another drink. In the US its generally illegal to tattoo someone who is drunk. >Comfortably numb In many ways this fellow is. ------------ I recently read that DoCoMo is moving towards using cellphones as wallets for all kinds of value. Though they could have the phone be an anonymous bearer token like cash or a prepaid token (which, like cash, limits the loss to the stored value if the phone is lost or stolen), they "thought customers would prefer transaction records". Japs don't care for privacy, it seems. If they lose the phone, its just one call to DoCoMo instead of several to credit companies, which is touted as a plus. Makes analyzing behavior easier if its centralized. Insects. From sfurlong at acmenet.net Sun Oct 3 07:22:53 2004 From: sfurlong at acmenet.net (Steve Furlong) Date: 03 Oct 2004 10:22:53 -0400 Subject: Foreign Travelers Face Fingerprints and Jet Lag In-Reply-To: References: Message-ID: <1096813373.6398.3.camel@daft> On Sun, 2004-10-03 at 05:18, Peter Gutmann wrote: > The US now has the dubious distinction of being more obnoxious to get through > the borders than the former East Germany (actually even without this measure, > the checks had become at least as obnoxious as the East German ones). I > wonder whether the next step will be building a wall... Reign in the overheated rhetoric. The East German state built their wall to keep the East Germans from leaving, while the US policies are meant to keep out a demonstrated threat. Now, we can productively discuss the effectiveness of the US government's actions (ie, not very damn effective), but that's a different topic. From mv at cdc.gov Sun Oct 3 10:26:15 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 03 Oct 2004 10:26:15 -0700 Subject: Spotting the Airline Terror Threat Message-ID: <41603636.A5665693@cdc.gov> At 11:37 AM 10/3/04 -0400, R. A. Hettinga wrote: > Unlike the TSA's recently announced program to use computer databases to >scan for suspicious individuals whose names occur on passenger lists, SPOT >is instead based squarely on the human element: the ability of TSA >employees to identify suspicious individuals by using the principles of >surveillance and detection. Passengers who flag concerns by exhibiting >unusual or anxious behavior will be pointed out to local police, who will >then conduct face-to-face interviews to determine whether any threat >exists. Nice to see another euphemism for cultural prejudgice: "the human element", mein fuhrer (insert Dr Strangelove image) Reminds me of how you can't use race in eg loan application processing, but you *can* use neural nets whose behaviors are hidden in the nodes. (As a lib, I know its wrong to tell folks they can't use predicate-X; but for the state to use eg race disguised as "the human element" is criminal.) PS: do cargo planes have kevlar doors yet? From rah at shipwright.com Sun Oct 3 07:44:45 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 3 Oct 2004 10:44:45 -0400 Subject: Fixing the Vote Message-ID: Scientific American Fixing the Vote September 17, 2004 Fixing the Vote Electronic voting machines promise to make elections more accurate than ever before, but only if certain problems--with the machines and the wider electoral process--are rectified By Ted Selker Voting may seem like a simple activity--cast ballots, then count them. Complexity arises, however, because voters must be registered and votes must be recorded in secrecy, transferred securely and counted accurately. We vote rarely, so the procedure never becomes a well-practiced routine. One race between two candidates is easy. Half a dozen races, each between several candidates, and ballot measures besides--that's harder. This complex process is so vital to our democracy that problems with it are as noteworthy as engineering faults in a nuclear power plant. Votes can be lost at every stage of the process. The infamous 2000 U.S. presidential election dramatized some very basic, yet systemic, flaws concerning who got to vote and how the votes were counted. An estimated four million to six million ballots were not counted or were prevented from being cast at all--well over 2 percent of the 150 million registered voters. This is a shockingly large number considering that the decision of which candidate would assume the most powerful office in the world came to rest on 537 ballots in Florida. Three simple problems were to blame for these losses. The first, which made up the largest contribution, was from registration database errors that prevented 1.5 million to three million votes; this problem was exemplified by 80,000 names taken off the Florida lists because of a poorly designed computer algorithm. Second, a further 1.5 million to two million votes were uncountable because of equipment glitches, mostly bad ballot design. For example, the butterfly ballot of Palm Beach County confused many into voting for an unintended candidate and also contributed to another appalling outcome: 19,235 people, or 4 percent of voters, selected more than one presidential candidate. Equipment problems such as clogged punch holes resulted in an additional 682 dimpled ballots that were not counted there. Finally, according to the U.S. Census Bureau, about one million registered voters reported that polling-place difficulties such as long lines prevented them from casting a vote. Thus, registration and polling-place troubles accounted for about two thirds of the documentable lost votes in 2000. The remaining one third were technology-related, most notably ballot design and mechanical failures. In the aftermath of the 2000 election, officials across the country, at both the federal and local levels, have scrambled to abandon old approaches, such as lever machines and punch cards, in favor of newer methods. Many are turning to electronic voting machines. Although these machines offer many advantages, we must make sure that these new systems simplify the election process, reduce errors and eliminate fraud. Some countries have introduced electronic systems with great success. Brazil started testing electronic voting machines in the mid-1990s and since 2000 has been using one type of machine across its vast pool of 106 million voters. It has multiple organizations responsible for different aspects of voting equipment development as part of the safeguards. It also introduced the machines in carefully controlled stages--with 40,000 voters in 1996 (7 percent of whom failed to record their votes electronically) and 150,000 in 1998 (2 percent failure). Improvements based on those experiments reduced the failure rate to an estimated 0.2 percent in 2000. Voting Technology Voting systems have a long history of advancing with technology. In ancient Greece, Egypt and Rome, marks were made for candidates on pieces of discarded pottery called ostraca. Paper superseded pottery in the hand-counted paper ballot, which is still used by 1.3 percent of U.S. voters. Other modern technologies are lever machines, punch cards and mark-sense ballots (where each candidate's name is next to an empty oval or other shape that must be marked correctly to indicate the selection, and a scanner counts the votes automatically). The table on pages 94 and 95 summarizes the benefits and drawbacks of each of these methods and suggests ways to improve them. A lengthier discussion of nonelectronic systems is at www.sciam. com/ontheweb. Electronic voting machines have been around for 135 years--Thomas Edison patented one in 1869. Elections started testing electronic voting machines in the 1970s, when displaying and recording a ballot directly into a computer file became economical. At first, many were mixed-media machines, using paper to present the selections and buttons to record the votes. Officials had to carefully align the paper with the buttons and indicator lights. Electronic voting machines that use such paper overlays are still on the market. More modern direct record electronic (DRE) voting machines present the ballot and feedback information on an electronic display, which may be combined with audio. Such machines have many advantages: they can stop a voter from choosing too many candidates (called overvoting), and they can warn if no candidate is picked on a race (undervoting). For instance, when Georgia changed over to DREs in 2002, residuals (the total of overvotes and undervotes combined) were reduced from among the worst in the nation at 3.2 percent on the top race in 2000 to 0.9 percent in 2002. So-called ballotless voting allows the machines to eliminate tampering with physical ballots during handling or counting. (Lever machines, dating back to 1892, share many of those features.) Yet the birthing of DRE voting equipment in the U.S. has not been easy. The voting machine industry is fragmented, with numerous companies pursuing a variety of products and without a mature body of industry-wide standards in place. Deciding what is a good voting machine is still being discussed by various advocacy organizations and groups such as the IEEE Project 1583 on voting equipment standards. Allegations of voting companies using money to influence testing and purchasing of equipment are not uncommon. Complicating matters, local jurisdictions across the country have different rules and approaches to testing and using voting equipment. Some counties, such as Los Angeles, are sophisticated enough that they commission voting machines built to their own specifications. Many other municipalities know so little about voting that they employ voting companies to run the election and report the results. Polling-place practices add further hazards of insecurity and potential malfunctions. I recall walking into the central election warehouse (where the voting machines are stored and the precinct vote tallies are combined) in Broward County, Florida, when it was being used for a recount in December 2002. The building's loading dock was opened to the outdoors for ventilation. The control center for tallying all the votes was a small computer room; the door to that room was ajar and no log was kept of personnel entering and leaving. Beyond external issues, DRE machines themselves have had technological shortcomings that have slowed their adoption. Voters have found their displays confusing or challenging to use. Software bugs and difficulties in setting up DREs have also presented problems. During the 2002 Broward County recount, I was allowed to try out machines from Electronic Systems and Services (ESS), one of the country's major election machine makers. The ESS machines had an excessive undervote because the "move to next race" button was too close to the "deposit my ballot" button. An audio ballot was so poorly designed it took about 45 minutes to vote. On machines made by the company Sequoia, people who chose a straight party vote and then tried to select that party's presidential candidate were unaware that they were deselecting their presidential choice. A massive 10 percent undervote was registered in one county using Sequoia machines in New Mexico. Examining the insides of new voting machines still reveals many physical security faults. For example, some machines have a lifetime electronic odometer that is supposed to read every vote that the machine makes. But the odometer is connected to the rest of the machine by a cable that a corrupt poll worker could unplug to circumvent it without breaking a seal. Source code for voting machines made by different companies, like most commercial software, is a trade secret. Election machine companies allow buyers to show the source code to experts under confidential terms. Unfortunately, the local election officials might not know how to find a qualified expert. And when they find one, will the voting companies be required to listen? For instance, in 1997 Iowa was considering a voting machine made by Global Election Systems, which was later bought out by Diebold. Computer scientist Douglas W. Jones of the University of Iowa pointed out security issues, and the state bought Sequoia machines instead. In February 2003 Diebold left its software on unsecured servers, and DRE critics posted Diebold's code on the Internet for everyone to see. The problems that Jones saw six years earlier had not been fixed. Any person with physical access to the machines and a moderate amount of computer knowledge could have hacked into them to produce any outcome desired. The best computer security available depends on sophisticated encryption and carefully designed protocols. Yet to know the system has not been compromised requires testing. DRE machines have not received the constant testing that they require. Security of today's voting machines is wholly dependent on election workers and the procedures that they follow. Because virtually all tallies, no matter what voting method is used, are now stored and transmitted in some electronic form, computer fraud is possible with all voting systems. The advent of DRE machines potentially allows such tampering to go unchecked from the point at which the voter attempts to cast a ballot. Schemes for altering ballots have always existed, but a computerized attack could have widespread effects were it waged on a large jurisdiction that uses one kind of software on one type of machine. Using a single system allows large jurisdictions to get organized and improve their results but must be accompanied by stringent controls. The successful reduction of residuals across all of Georgia, mentioned earlier, is a case in point. Thorough tests on the DREs at Kenisaw State University found many problems, which were resolved before the machines were put into use. This rigorous testing and careful introduction of the machines were central to the state's success. Electronic Fraud How can we find all the dangers created by bad software and prevent or correct them before they compromise an election? Reading source code exposes its quality and its use of security approaches and can reveal bugs. But the only completely reliable way to test software is by running it through all the possible situations that it might be faced with. In 1983 Ken Thompson, on receipt of the Association for Computing Machinery's Turing Award (the most prestigious award in computer science), gave a lecture entitled "Reflections on Trusting Trust." In it he showed the possibility of hazards such as "Easter eggs"--pieces of code that are not visible to a reader of the program. In a voting machine, such code would do nothing until election day, when it would change how votes were recorded. Such code could be loaded into a voting machine in many ways: in the voting software itself, in the tools that assemble the software (compiler, linker and loader), or in the tools the program depends on (database, operating system scheduler, memory management and graphical-user-interface controller). Tests must therefore be conducted to catch Easter eggs and bugs that occur only on election day. Many electronic voting machines have clocks in them that can be set forward to the day of the election to perform a test. But these clocks could be manipulated by officials to rerun an election and create bogus voting records, so a safer voting machine would not allow its clock to be set in the field. Such machines would need to be tested for Easter egg fraud on election day. In November 2003 in California a random selection of each electronic voting system was taken aside on the day of election, and careful parallel elections were conducted to show that the machines were completely accurate at recording votes. These tests demonstrated that the voting machines were working correctly. To prepare for a fraud-free voting day requires that every effort be made to create voting machines that do not harbor malicious code. The computer science research community is constantly debating the question of how to make provably secure software. Computer security experts have devised many approaches to keep computers reliable enough for other purposes, such as financial transactions. Financial software transfers billions of dollars every day, is extensively tested and holds up well under concerted attacks. The same security techniques can be applied to voting machines. Some researchers believe that the security precautions of "open source" (making the programs available for anyone to examine) and encryption techniques can help but not completely guard against Easter eggs. Guarding votes against being compromised has always required multiple human agents watching each other for mistakes or malice. The best future schemes might include computer agents that check one another and create internal audits to validate every step of the voting process. The Secure Architecture for Voting Electronically (SAVE) at the Massachusetts Institute of Technology is a demonstration research project to explore such an approach. SAVE works by having several programs carry out the same tasks, but while using such different methods that each program would have to be breached separately to compromise the final result. The system knows to call foul when too many modules disagree. Audit Trails Some critics insist that the best way to ameliorate such attacks is by providing a separate human-readable paper ballot. This widely promoted scheme is the voter-verified paper ballot (VVPB) suggested by Rebecca Mercuri, then at Bryn Mawr College. The voting machine prints out a receipt, and the voter can look at it after voting and assure himself that at least the paper records his intention. The receipt remains behind a clear screen so no one can tamper with it during its inspection, and it is retained by the machine. If a dispute about the electronic count arises, a recount can be conducted using the printed receipts. (It is not a good idea for the voter to have a copy, because such receipts could encourage the selling of votes.) Although the VVPB looks quite appealing at first glance, a deeper inspection exposes some serious flaws. First, it is complicated for the voter. Elections in this country often have many races. Validating all the selections on a separate paper after the ballot has been filled out is not a simple task. Experience shows that even when confronted with a printout that tells voters in which race they have made a mistake, few are willing to go back and correct it. Anything that takes a voter's attention away from the immediate act of casting a ballot will reduce the chances of the person voting successfully. Every extra button, every extra step, every extra decision is a source of lost votes. The scheme is also complicated for the officials. If a voter claims fraud, what is the official to do? The voter claims she voted for Jane, but both the DRE screen and the receipt show a vote for John. Should they close the polling station? On top of this, the officials are not legally allowed to see an individual voter's ballot. VVPB addresses only a small part of the fraud problem. The paper trails themselves could be made part of a scheme for defrauding an election if a hacker tampers with the printing software. The paper can be manipulated in all the usual ways after the election. A better option would allow people to verify their selections with recorded audio feedback. An audio transcript on tape or a CD has an integrity that is harder to compromise than a collection of paper receipts. Most current electronic voting machines can be set up to speak the choices to the voter while he looks at the visual interface. The tape can be read by a computer or listened to by people. Because misreads of paper are a major difficulty with all counting machines today, the tape can be better verified than paper receipts. An audio receipt is also preferable to a paper receipt because it is hard to change or erase the audio verifications without such alterations being noticed (think about the 18-minute gap on the Watergate tapes). Also, a small number of cassette tapes or CDs are easier to store and transport than thousands of paper receipts. Other proposals for voter verification include recording the video image of the DRE and showing the ballot as it has been received by the central counting databases while the voter is in the booth. The advantage of these techniques is that they are passive--they do not require additional actions on the part of the voter. Here is how voting might go using a well-designed audio record. Imagine you are voting on a computer. You like Abby Roosevelt, Independent. You press the touch-screen button for your choice. The name is highlighted, and the vote button on one side is replaced with an unvote button on the other side. The tab on the screen for this race shows that a selection has been made. The earphones you are wearing tell you that you have voted for "Ben Jefferson" (and these words are recorded on a backup tape). Wait a minute! "Ben Jefferson"? You realize that you must have pressed the wrong button by mistake. You study the screen and see a prominent "cancel vote" button. You press it. "Vote for Ben Jefferson for president canceled," the computer intones onto a tape and into your ears. The screen returns to its prevote state, and this time you press more carefully and are rewarded with "Vote cast for Abby Roosevelt, Independent, for president." You go on to the Senate race. The features just described are designed to give feedback in ways you are most adept at understanding. People are good at noticing labels moving, tabs changing, and contrast and texture changes. We have trouble doing things accurately without such feedback. The audio verification comes right at a time when the user is performing the action. Perceptual tasks (seeing movement and hearing the audio) are easier to perform than cognitive ones (reading a paper receipt and remembering all the candidates one intended to vote for). A tape or CD recording is a permanent, independent transcript of your vote. These features are all implementable now as ballot improvements on current voting machines. Extra work would be needed to allow sight- or hearing-impaired people to verify multiple records of their ballot as well. Some researchers are studying alternatives to DREs, in the form of Internet voting or voting using familiar devices such as the phone. Since May 2002, England has been experimenting with a number of systems intended to increase turnout. These methods include mailing in optically readable paper ballots (absentee voting), using a standard phone call and the phone's keypad, using the instant-messaging facilities on cell phones and using interactive TV that is available in English homes. Swindon Borough, for example, included more than 100,000 voters in an experiment using the Internet and telephones. A 10-digit PIN was hand-delivered to voters' homes. This PIN was used in conjunction with a password the voters had been sent separately to authorize them to vote. No fraud was detected or reported. But the effort only improved turnout by 3 percentage points (from 28 to 31 percent). In contrast, introducing the option of absentee voting increased voter turnout by 15 percentage points--but with a downside: large-scale vote buying was reported in Manchester and Bradford. (Being able to prove whom you have voted for, such as by showing the ballot you are mailing in, enables vote buying.) What Must Be Done The universal adoption of perfect voting machines will not be happening anytime soon. But quite independent of the specific machines used, much can and should be done simply to ensure that votes are collected and accurately counted in the U.S. We must be adamant about the following improvements: 1. We must simplify the registration system. The largest loss of votes in 2000 occurred because errors in registration databases prevented people from voting. Registration databases must be properly checked to make sure they include all eligible people who want to be registered. We must develop national standards and technology to ensure that people can register reliably but that they do not register and vote in multiple places. 2. Local election officials must understand the operation of their equipment and test its performance thoroughly when it is delivered and before each election. DREs should be tested on election day, using dummy precincts. 3. Local election officials must teach their workers using simple procedures to run the equipment and other processes. Ballot making, marking, collecting and counting all must be carefully set up to avoid error and fraud. Many voting officials inadvertently use procedures that compromise accuracy, security and integrity of ballots by, for example, turning off precinct scanning machines that check for overvotes and inspecting and "correcting" ballots. 4. Each step in the voting process must be resistant to tampering. Collecting, counting and storing of ballots must be done with documentation of who touches everything and with clear procedures for what to do with the materials at each stage. Multiple people must oversee all critical processes. 5. Each task in the voting process must be clear and accessible, have helpful feedback and allow a person to validate it. Perceptual, cognitive, motor and social capabilities of people must be taken into account when designing machines and ballots. Ballot designs should pass usability and countability tests before being shown for final approval to the parties invested in the election. Voters must be able to understand how to make their selections, and votes must be easy to count in mass quantities. 6. The government should invest in research to develop and test secure voting technology, including DREs and Internet voting. Rushing to adopt present-day voting machines is not the best use of funds in the long term. 7. Standards of ethics must be set and enforced for all poll workers and also for voting companies regarding investments in them and donations by them or their executives. Only when these requirements are met will we have a truly secure and accurate voting system, no matter what underlying technology is used. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sun Oct 3 08:37:57 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 3 Oct 2004 11:37:57 -0400 Subject: Spotting the Airline Terror Threat Message-ID: Wherein the TSA thinks they can observe a lot by watching... Cheers, RAH ------- Saturday, Oct. 02, 2004 Spotting the Airline Terror Threat TIME exclusive: A new airport security system soon to be tested will rely on human judgment By SALLY B. DONNELLY/WASHINGTON TIME exclusive: A new airport security system soon to be tested will rely on human judgment The most dangerous threat to commercial aviation is not so much the things bad people may be carrying, but the bad people themselves. That refrain heard constantly from airline security experts over the past three years appears to have finally been heeded by the Transportation Security Administration (TSA). Aviation sources tell TIME that the TSA plans to address the problem by launching its own passenger profiling system. The system known as SPOT (Screening of Passengers by Observation Techniques) relies more on the human dimension in detecting threats, and is to be tested at two northeastern airports starting later this month. "This is a radical change to aviation security," says Sgt. Peter DiDomenica, the Massachusetts State Police officer who developed the racially-neutral profiling program in place at Boston's Logan Airport, on which SPOT is based. "This is a very subtle but very effective program." Unlike the TSA's recently announced program to use computer databases to scan for suspicious individuals whose names occur on passenger lists, SPOT is instead based squarely on the human element: the ability of TSA employees to identify suspicious individuals by using the principles of surveillance and detection. Passengers who flag concerns by exhibiting unusual or anxious behavior will be pointed out to local police, who will then conduct face-to-face interviews to determine whether any threat exists. If such inquiries turn up other issues of concern, such as travel to countries like Afghanistan, Iraq or Sudan, for example, police officers will know to pursue the questioning or alert Federal counter-terrorism agents. DiDomenica has first-hand experience of the effectiveness of the system. He was using his own observation techniques - called BASS (Behavior Assessment Screening System) - last year when he saw man acting oddly near the checkpoint and stopped him. The suspect passenger turned out to be an agent from the Department of Homeland Security who had been trying to test the system by sneaking a prohibited device onto a plane. Although the profiling programs are aimed primarily at stopping terrorists, they have had other benefits. The Massachusetts State Police have arrested about 20 people for infractions ranging from being in the country illegally to failing to answer outstanding warrants for various offenses. The TSA plans to test SPOT for 60 days before committing to taking it nationwide, eventually to all of the country's 429 commercial airports. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From bill.stewart at pobox.com Sun Oct 3 12:01:31 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Sun, 03 Oct 2004 12:01:31 -0700 Subject: Foreign Travelers Face Fingerprints and Jet Lag In-Reply-To: <1096813373.6398.3.camel@daft> References: <1096813373.6398.3.camel@daft> Message-ID: <200410031910.i93JAEUH027623@positron.jfet.org> At 07:22 AM 10/3/2004, Steve Furlong wrote: >On Sun, 2004-10-03 at 05:18, Peter Gutmann wrote: > > The US now has the dubious distinction of being more obnoxious to get > through > > the borders than the former East Germany (actually even without this > measure, > > the checks had become at least as obnoxious as the East German ones). I > > wonder whether the next step will be building a wall... There's already a wall / fence built to keep Mexicans out. >Reign in the overheated rhetoric. The East German state built their wall >to keep the East Germans from leaving, while the US policies are meant >to keep out a demonstrated threat. They're primarily intended to create a climate of fear and dependence and reassure the American public that the government's in charge. ---- Bill Stewart bill.stewart at pobox.com From measl at mfn.org Sun Oct 3 11:32:36 2004 From: measl at mfn.org (J.A. Terranson) Date: Sun, 3 Oct 2004 13:32:36 -0500 (CDT) Subject: Foreign Travelers Face Fingerprints and Jet Lag In-Reply-To: <1096813373.6398.3.camel@daft> References: <1096813373.6398.3.camel@daft> Message-ID: <20041003133056.D50014@ubzr.zsa.bet> On Sun, 3 Oct 2004, Steve Furlong wrote: > On Sun, 2004-10-03 at 05:18, Peter Gutmann wrote: > > > The US now has the dubious distinction of being more obnoxious to get through > > the borders than the former East Germany (actually even without this measure, > > the checks had become at least as obnoxious as the East German ones). I > > wonder whether the next step will be building a wall... > > Reign in the overheated rhetoric. The East German state built their wall > to keep the East Germans from leaving, while the US policies are meant > to keep out a demonstrated threat. (1) There are also a number of non-rebar+concrete "walls" in place to keep US citizens from leaving; (2) The "demonstrated threat" folks are not generally the ones being targetted. The US *is* the Fourth Reich. -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From rah at shipwright.com Sun Oct 3 12:14:30 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 3 Oct 2004 15:14:30 -0400 Subject: A Proposed Nomenclature for the Four Horseman of The Infocalypse Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've been talking about this for the last decade, and never found a reference on the web whenever I was thinking about it. Thanks to Google, it was well within my prodigiously diminished attention span this morning. Given the events on the net over the past few years, I figure we might as well have fun with the idea. Humor is good leverage, and these days we need *lots* of leverage. In arbitrary order (in other words, *I* chose it. :-)), and with apologies to Toru Iwatani, by way of Michael Thomasson at , here it is: A Proposed Nomenclature for the Four Horseman of The Infocalypse Horseman Color Character Nickname 1 Terrorism Red Shadow "Blinky" 2 Narcotics Pink Speedy "Pinky" 3 Money Laundering Aqua Bashful "Inky" 4 Paedophilia Yellow Pokey "Clyde" It is acceptable to refer to a horseman by any of the above, i.e., "Horseman No. 1", "The Red Horseman", "Shadow", or "Blinky". Apparently there was a, um, pre-deceased, dark-blue ghost, used in Japanese tournament play, named "Kinky", I leave that particular horseman for quibblers. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQWBN/MPxH8jf3ohaEQKfBwCfYAtDGjP6jjsUHfhWcddqDYTEWfEAoOTU I056iw3tAhHohzkh1ptzJ8Es =/tt7 -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From adam at cypherspace.org Sun Oct 3 12:41:25 2004 From: adam at cypherspace.org (Adam Back) Date: Sun, 3 Oct 2004 15:41:25 -0400 Subject: Foreign Travelers Face Fingerprints and Jet Lag In-Reply-To: References:

Message-ID: <20041003194125.GA14492@bitchcake.off.net> I don't know if my info is still current (and I did not read the article), but the last time I went to the US (early this year) my H1B was no longer in effect (I quit microsoft last year, and H1B visas are tied to employer), and I did not get fingerprinted. However they had a camera and fingerprinting equipment, and notice saying that if you _did_ have H1B and other such temporary US visa documents you would be photographed and fingerprinted. Adam On Sun, Oct 03, 2004 at 10:18:24PM +1300, Peter Gutmann wrote: > "R. A. Hettinga" writes: > > >NEWARK, Sept. 30 - Laetitia Bohn walked into Newark Liberty International > >Airport on Thursday, dazed and sleepy after an eight-hour flight from Paris, > >and was jolted from her reverie when an immigration officer asked for her > >photograph and fingerprints along with her passport. > > The US now has the dubious distinction of being more obnoxious to get through > the borders than the former East Germany (actually even without this measure, > the checks had become at least as obnoxious as the East German ones). I > wonder whether the next step will be building a wall... > > Peter (who'll be thinking really hard about any future conference trips to the > US). From rah at shipwright.com Sun Oct 3 13:25:17 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 3 Oct 2004 16:25:17 -0400 Subject: Passengers refuse to fly with two women in black on board Message-ID: - PRAVDA.Ru Passengers refuse to fly with two women in black on board - 09/23/2004 13:51 Incidents when Russian passengers refuse to fly due to suspicious-looking females of Middle Eastern descent are becoming a norm these days. On September 1, the day of the Beslan tragedy, passengers of a Moscow-bound flight from Sharm el Sheih (Egypt) refused to fly with two Muslim women in traditional clothes onboard. This time, another flight from Moscow to Khurgada has been delayed. ?Two Egyptian women were set to fly aboard a TU-154 airplane ofKrasAir? departing for Khurgada,? stated RIANovosti?s? spokesman. A group of five students from Dagestan were the last ones to board the aircraft. Among them were two Egyptian women dressed in black. ?Considering the recent events, security services searched them thoroughly. Their documents were fine; nothing was wrong with the luggage either. However, due to such time-consuming security check, they were the last ones to board the plane. This in turn caused major uproar among the passengers. People demanded them to be taken off the flight,? added he. ?A young man accompanied by a woman and two children was the last one to step aboard due to a long security check. They were on their way to Egypt, where they?ve been living for five years. As soon as the rest of the passengers saw them aboard, people simply refused to fly perhaps, they were fearful of a possible terrorist act,? noted the airline company?s spokesman. In the course of the following two hours, airport and airline spokespeople were trying to persuade the passengers to fly along with the Egyptians. People however remained steadfast. All the passengers were then escorted back to the airport where each one of them had to undergo additional security check. The two Egyptian women have been examined publicly. There were 120 people aboard the Tu-154 airplane. As a result of this little incident, the flight Moscow-Khurgada had eventually departed for Egypt with a four-and-a-half-hour delay. Similar incident took place in Egypt on 1 September, 2004. Passengers along with crew members of a Moscow-bound airplane (KrasAir) from Sharm el Sheih refused to continue the flight after Egyptian personnel had allowed 2 Middle Eastern women to board the plane. According to the crew, both of the females behaved rather suspiciously: they locked themselves up in the lavatory right after boarding. In the end, due to the crew?s and the passenger?s protest, they were asked to leave the plane. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Sun Oct 3 16:54:15 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 03 Oct 2004 16:54:15 -0700 Subject: Foreign Travelers Face Fingerprints and Jet Lag Message-ID: <41609126.3DF831C8@cdc.gov> At 08:30 PM 10/3/04 +0000, Justin wrote: >On 2004-10-03T13:32:36-0500, J.A. Terranson wrote: >> >> The US *is* the Fourth Reich. > >Personally, I will take what comes. You will make fine soap. From die at dieconsulting.com Sun Oct 3 15:37:13 2004 From: die at dieconsulting.com (Dave Emery) Date: Sun, 3 Oct 2004 18:37:13 -0400 Subject: [TSCM-L] Technology boosts use of wiretaps Message-ID: <20041003223713.GA11278@pig.dieconsulting.com> Original URL: http://www.jsonline.com/news/metro/oct04/263737.asp Technology boosts use of wiretaps By DERRICK NUNNALLY dnunnally at journalsentinel.com Posted: Oct. 2, 2004 Madison - In an unassuming office building on a leafy street near Dane County Regional Airport, a couple rooms of computer equipment are quietly changing the nature of law enforcement in Wisconsin. When they're clicking into action, most people won't even know they're there. And that's the point. They are wiretap machines, meant to allow police to listen in on the private phone conversations of suspected criminals. For years, police here rarely resorted to wiretaps, which require a court order, and that was mostly limited to cases involving severe violence or the threat of it. On average, it happened less than twice a year. Now it happens more than once a month, due in large part to new computer technology that has streamlined much of what officials describe as a cumbersome, painstaking process. It included tracking down the phone company's switching equipment, setting up huge recorders and manually starting them with each call, and amassing half a room's worth of tapes, then methodically indexing them all. "You'd have to have three reel-to-reel recorders for every line you'd want to wiretap," said Edward Wall, a special agent for covert surveillance in the state Department of Justice. Wall held up a disk drive from the new system he said could hold 900 hours of recorded conversations, indexed at least half a dozen different ways. It was a little bigger than two CD cases held together, and, he said, held the power to make Wisconsin investigators much more willing to ask for wiretaps to investigate crime. "When they find these are not as hard as they used to be, that mind-set is changing," Wall said. Since the state acquired the new wiretap setup from the Office of National Drug Control Policy in summer 2003, the system has been used in the completed taps of 13 separate phone numbers, Wall said. That's a marked increase from recent years. Federal records indicate that from 1999-2002, while the nation averaged 1,200 wiretaps yearly, Wisconsin police had only run five. While the system has not been discussed much outside of police circles, law enforcement agencies already have used it in at least a couple of high-profile operations, including the kidnapping of Heddy Braun in Walworth County in 2003 and a Milwaukee investigation this spring that led to the arrests of more than 30 people charged with being part of a cocaine-selling ring. The role of the new wiretap machines has been kept hush-hush in part because of the state law restricting their use. Because phone surveillance intrudes so seriously on someone's right to privacy, information gleaned from wiretaps only becomes public well into the court process, which can take months. Milwaukee police announced the dozens of arrests in the big drug case in a May news release, but much of the information about them remains under wraps and only has a chance of becoming public this month, long after the defendants have been formally charged and begun working their way through the judicial system. Another reason for the new system's low profile until now was that police believed no good could come of advertising their new capability, Wall said. Both the Milwaukee Police Department and the Milwaukee County sheriff's office, through spokespeople, declined to discuss the new technology. Wall agreed to talk about it after the Department of Justice was asked specifically about its acquisition. He said he wanted to de-mystify a subject that, while not officially a secret, has inspired fears among some that the government, enabled by the USA Patriot Act of 2001, is tapping phones excessively. "Those of us who do wiretaps just sit there and roll our eyes," Wall said of those concerns. "God, if you only knew what we had to go through for a wiretap. It's the most cumbersome thing in the world." Police must get a judge's authorization for each phone number they want to monitor. To get that, investigators must put together a detailed affidavit explaining the kind of conversation they expect to hear, and why such evidence can't be obtained some other way. Few of those affidavits have become public. Wall and other officials described them as onerous, but justly so. Now that the taps themselves are simpler to run and yield better data, authorities are exploring a wider range of reasons to ask for them. "There was a time that I was much more reluctant to use wiretaps," said Milwaukee District Attorney E. Michael McCann, "but the violence attendant to various activities has persuaded me to the contrary." Now cases such as the alleged drug ring - in which no violence or threat is evident in the small part of the allegations that have been made public - are coming into courts. More are likely, and in more disparate parts of the state, as word of the new system's capabilities filters out, Wall said. Where formerly police in any part of the state had to seek out switching equipment - mostly in Madison or Milwaukee - to set up a wiretap, the new computer system can be run from Madison on "a phone from anywhere in the world" and piped out to any part of the state. "When they give it to us, they're essentially giving it to 72 county sheriffs and 700 police departments," Wall said. "When you call me and you're from the Podunk Police Department, we're there." Ray Dall'Osto, a Milwaukee defense attorney and former legal director for the American Civil Liberties Union of Wisconsin, said he is interested in examining the kinds of new wiretap cases and whether Wisconsin authorities use a wider range of justifications for listening in on citizens' conversations. The right to privacy in certain situations, he said, is very fragile, like an egg. "Once it's gone, it's very hard, if not impossible, to put back together," Dall'Osto said. He also expects the uptick in wiretap usage to continue. "They've got this stuff, and they've got to use it," Dall'Osto said. -- Dave Emery N1PRE, die at dieconsulting.com DIE Consulting, Weston, Mass 02493 From camera_lumina at hotmail.com Sun Oct 3 15:44:52 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 03 Oct 2004 18:44:52 -0400 Subject: Spotting the Airline Terror Threat Message-ID: "DiDomenica has first-hand experience of the effectiveness of the system. He was using his own observation techniques - called BASS (Behavior Assessment Screening System) - last year when he saw man acting oddly near the checkpoint and stopped him. The suspect passenger turned out to be an agent from the Department of Homeland Security who had been trying to test the system by sneaking a prohibited device onto a plane." Come on. Variola or May or somebody wrote this shit, I'm no fool. Actually, it's quite hilarious. I couldn't have done any better myself. -TD >From: "R. A. Hettinga" >To: cypherpunks at al-qaeda.net >Subject: Spotting the Airline Terror Threat >Date: Sun, 3 Oct 2004 11:37:57 -0400 > >Wherein the TSA thinks they can observe a lot by watching... > >Cheers, >RAH >------- > > > > Saturday, Oct. 02, 2004 >Spotting the Airline Terror Threat >TIME exclusive: A new airport security system soon to be tested will rely >on human judgment >By SALLY B. DONNELLY/WASHINGTON > > TIME exclusive: A new airport security system soon to be tested will rely >on human judgment The most dangerous threat to commercial aviation is not >so much the things bad people may be carrying, but the bad people >themselves. That refrain heard constantly from airline security experts >over the past three years appears to have finally been heeded by the >Transportation Security Administration (TSA). Aviation sources tell TIME >that the TSA plans to address the problem by launching its own passenger >profiling system. The system known as SPOT (Screening of Passengers by >Observation Techniques) relies more on the human dimension in detecting >threats, and is to be tested at two northeastern airports starting later >this month. > > "This is a radical change to aviation security," says Sgt. Peter >DiDomenica, the Massachusetts State Police officer who developed the >racially-neutral profiling program in place at Boston's Logan Airport, on >which SPOT is based. "This is a very subtle but very effective program." > > Unlike the TSA's recently announced program to use computer databases to >scan for suspicious individuals whose names occur on passenger lists, SPOT >is instead based squarely on the human element: the ability of TSA >employees to identify suspicious individuals by using the principles of >surveillance and detection. Passengers who flag concerns by exhibiting >unusual or anxious behavior will be pointed out to local police, who will >then conduct face-to-face interviews to determine whether any threat >exists. If such inquiries turn up other issues of concern, such as travel >to countries like Afghanistan, Iraq or Sudan, for example, police officers >will know to pursue the questioning or alert Federal counter-terrorism >agents. > > DiDomenica has first-hand experience of the effectiveness of the system. >He was using his own observation techniques - called BASS (Behavior >Assessment Screening System) - last year when he saw man acting oddly near >the checkpoint and stopped him. The suspect passenger turned out to be an >agent from the Department of Homeland Security who had been trying to test >the system by sneaking a prohibited device onto a plane. > > Although the profiling programs are aimed primarily at stopping >terrorists, they have had other benefits. The Massachusetts State Police >have arrested about 20 people for infractions ranging from being in the >country illegally to failing to answer outstanding warrants for various >offenses. > > The TSA plans to test SPOT for 60 days before committing to taking it >nationwide, eventually to all of the country's 429 commercial airports. > > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _________________________________________________________________ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ From justin-cypherpunks at soze.net Sun Oct 3 13:30:22 2004 From: justin-cypherpunks at soze.net (Justin) Date: Sun, 3 Oct 2004 20:30:22 +0000 Subject: Foreign Travelers Face Fingerprints and Jet Lag In-Reply-To: <20041003133056.D50014@ubzr.zsa.bet> References: <1096813373.6398.3.camel@daft> <20041003133056.D50014@ubzr.zsa.bet> Message-ID: <20041003203022.GB20745@arion.soze.net> On 2004-10-03T13:32:36-0500, J.A. Terranson wrote: > > The US *is* the Fourth Reich. Personally, I will take what comes. -- The old must give way to the new, falsehood must become exposed by truth, and truth, though fought, always in the end prevails. -- L. Ron Hubbard From shaddack at ns.arachne.cz Sun Oct 3 11:38:36 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Sun, 3 Oct 2004 20:38:36 +0200 (CEST) Subject: Foreign Travelers Face Fingerprints and Jet Lag In-Reply-To: <20041003133056.D50014@ubzr.zsa.bet> References: <1096813373.6398.3.camel@daft> <20041003133056.D50014@ubzr.zsa.bet> Message-ID: <0410032037550.0@somehost.domainz.com> On Sun, 3 Oct 2004, J.A. Terranson wrote: > (1) There are also a number of non-rebar+concrete "walls" in place to keep > US citizens from leaving; Please elaborate? From DaveHowe at gmx.co.uk Sun Oct 3 12:54:25 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Sun, 03 Oct 2004 20:54:25 +0100 Subject: comfortably numb In-Reply-To: <41602DB1.B543AFFF@cdc.gov> References: <41602DB1.B543AFFF@cdc.gov> Message-ID: <416058F1.3050703@gmx.co.uk> Major Variola (ret) wrote: > t 11:22 PM 10/1/04 -0700, Bill Stewart wrote: > In the US its generally illegal to tattoo someone who is drunk. Not sure about that - certainly its illegal in the UK to tattoo for a number of reasons, but the drunkenness one usually comes down to "is not capable of giving informed consent" Not sure it would be illegal for someone to agree to the tattoo, then indulge in "dutch courage" before going though with it. From pgut001 at cs.auckland.ac.nz Sun Oct 3 02:18:24 2004 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Sun, 03 Oct 2004 22:18:24 +1300 Subject: Foreign Travelers Face Fingerprints and Jet Lag In-Reply-To: Message-ID: "R. A. Hettinga" writes: >NEWARK, Sept. 30 - Laetitia Bohn walked into Newark Liberty International >Airport on Thursday, dazed and sleepy after an eight-hour flight from Paris, >and was jolted from her reverie when an immigration officer asked for her >photograph and fingerprints along with her passport. The US now has the dubious distinction of being more obnoxious to get through the borders than the former East Germany (actually even without this measure, the checks had become at least as obnoxious as the East German ones). I wonder whether the next step will be building a wall... Peter (who'll be thinking really hard about any future conference trips to the US). From pgut001 at cs.auckland.ac.nz Sun Oct 3 07:59:57 2004 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Mon, 04 Oct 2004 03:59:57 +1300 Subject: Foreign Travelers Face Fingerprints and Jet Lag In-Reply-To: <1096813373.6398.3.camel@daft> Message-ID: Steve Furlong writes: >On Sun, 2004-10-03 at 05:18, Peter Gutmann wrote: >>The US now has the dubious distinction of being more obnoxious to get through >>the borders than the former East Germany (actually even without this measure, >>the checks had become at least as obnoxious as the East German ones). I >>wonder whether the next step will be building a wall... > >Reign in the overheated rhetoric. The East German state built their wall to >keep the East Germans from leaving, while the US policies are meant to keep >out a demonstrated threat. I never made any comment about who's keeping what in or out (the wall was officially an anti-fascist protection barrier, also meant to keep out a demonstrated threat). What I was pointing out was that having been through both East German and US border controls, the US ones were more obnoxious. Peter. From measl at mfn.org Mon Oct 4 09:15:47 2004 From: measl at mfn.org (J.A. Terranson) Date: Mon, 4 Oct 2004 11:15:47 -0500 (CDT) Subject: Passengers refuse to fly with two women in black on board In-Reply-To: References: Message-ID: <20041004111430.C50014@ubzr.zsa.bet> On Sun, 3 Oct 2004, R. A. Hettinga wrote: > All the passengers were then escorted back to the airport where each one > of them had to undergo additional security check. The two Egyptian women > have been examined publicly. Publicly? I'll go out on a limb here, since this is a "thorough search " for terrorism, and assume this was a cavity search??? -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From rah at shipwright.com Mon Oct 4 19:59:11 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 4 Oct 2004 22:59:11 -0400 Subject: Internet Porn Gets A New Banker Message-ID: Forbes Financial Internet Porn Gets A New Banker Seth Lubove, 09.27.04, 2:00 PM ET South Jordan, Utah, just south of Salt Lake City, is an otherwise forgettable suburb. Other than the fact that it's the home of the Jordan River Utah Temple, which boasts the largest capacity of any Mormon church in the world, there isn't much else going on. South Jordan has another claim to fame the Chamber of Commerce is probably less eager to boast about: It's the hometown of what has likely become the largest U.S. processor of credit cards used to purchase Internet porn. That dubious distinction comes courtesy of a little-noticed lawsuit filed Sept. 17 by Internet Billing against First Data (nyse: FDC - news - people ). IBill acts as a middleman between 4,000 small, mostly porn, sites and the banks that are critical to any credit card transaction. In iBill's case, the bank was an obscure unit of First Data, a financial services giant that expects 2004 sales of $10 billion. But apparently fed up with the connection to the controversial business, First Data finally got out of porn on Sept. 15 when its contract with iBill expired, leaving iBill in the lurch (but still holding $14.5 million of iBill's deposits). For now, at least. iBill has another bank lined up to process its $300 million or so in annual credit card purchases. But the name of the bank may raise eyebrows amongst the tee totaling, clean-cut Mormons of South Jordan, as well as the heathens on Wall Street: Merrick Bank, a $500 million-asset bank whose parent company, credit card-servicer CardWorks, is partly owned by a fund controlled by Lewis Ranieri, the bond trading legend immortalized by Michael Lewis' Liar's Poker who is now chairman of Computer Associates (nyse: CA - news - people ). It turns out Merrick, which says it "believes in bettering the community in which it operates," knows a thing or two about porn. The company is already processing credit cards for CCBill, a big aggregator like iBill of credit card purchases for Internet porn. CCBill handles sites that include Soundpunishment.com, GothicSluts.com, and Threepillows.com. Not surprisingly, the bankers who handle porn don't advertise the fact. First Data, for instance, managed to avoid any connection with porn until it was revealed in public filings as the company that owned the bank that handled iBill's porn processing. Merrick's name popped up for the first time in iBill's lawsuit against First Data, in which iBill blamed First Data for reneging on a deal to process its credit card accounts until it gets set up at Merrick in November. The court denied iBill's request for a preliminary injunction on Wednesday, Sept. 22. "We have determined that processing payments of the adult entertainment marketplace is inconsistent with our core values," sniffs a First Data spokesman. He adds that the company warned iBill with "multiple notices" that its contract would not be extended after its expiration. In a written statement, Merrick would not comment on whether it also processes credit cards for CCBill, and claims it is "not now processing credit card transactions for iBill," and "has no signed agreement to process credit card transactions for iBill." But in iBill's lawsuit against First Data, iBill claims Merrick sent a "commitment letter" to First Data on Sept. 15 in which Merrick states that its board of directors has "approved" iBill as a "merchant" account. Christopher Steele, the attorney for Ranieri & Co., would only say that Merrick's affairs are "handled much more from CardWorks perspective. I can't give you a comment on that." iBill still managed to find other ways to handle its accounts in the interim. But news of the lawsuit, and the apocalyptic language of "catastrophic consequences" iBill used to argue for a temporary restraining order, has set the gossipy porn industry into a full lather. "Industry Watching iBill, Hoping For The Best," trumpeted industry trade Adult Video News. "This would be devastating," wailed a poster on a porn business bulletin board. Adding insult to injury, the closing of a deal for iBill to be sold to Care Concepts I (amex: IBD - news - people ) in exchange for 20% of Care's stock was rescinded Friday. The company said the American Stock Exchange threatened to delist its stock, in part because the acquisition of iBill "raises public interest concerns." The statement is a cryptic reference to a section of the exchange's policies that allows it to delist a company if it does anything that is "contrary to the public interest." Care said it will work with the Amex to resolve the exchange's issues and acquire iBill after that. But perhaps proving that the temptations of the flesh are hard to resist, Care said it will go ahead with the deal even if the Amex disapproves, and take its stock elsewhere. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Oct 5 07:49:02 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 5 Oct 2004 10:49:02 -0400 Subject: City Challenged on Fingerprinting Protesters Message-ID: The New York Times October 5, 2004 City Challenged on Fingerprinting Protesters By DIANE CARDWELL ince coming under fire for their handling of protesters arrested during the Republican convention, Bloomberg administration officials have said that sluggish fingerprint processing in Albany was a major cause of the long delays in releasing detainees, although state officials have denied any tardiness. Now it looks as if much of the fingerprinting may not have been legal in the first place. According to lawyers at the New York Civil Liberties Union, the city may have violated state law by routinely fingerprinting arrested protesters. In a letter sent yesterday to Police Commissioner Raymond W. Kelly, officials of the organization wrote that although the law allowed the police to fingerprint people charged with minor offenses in certain circumstances, "this could not justify the routine fingerprinting of the nearly 1,500 people reportedly arrested during the convention for minor offenses." The officials, Donna Lieberman and Christopher Dunn, the group's executive director and associate legal director respectively, wrote that state criminal-procedure law defined narrow circumstances for fingerprinting when the offenses are minor. Those circumstances are when the police cannot establish the person's identity, when they suspect that the identification supplied is not accurate, or when they suspect that there is an outstanding warrant. Legal questions about the fingerprinting policy have come up before. At a hearing in September over the city's treatment of arrested protesters, Justice John Cataldo of State Supreme Court in Manhattan noted that the city could have dispensed with the fingerprinting entirely as most of the offenses were so minor that state law did not require it. Ms. Lieberman and Mr. Dunn also wrote that they found the "blanket fingerprinting" of people arrested at demonstrations troubling because "the entry of fingerprints into law enforcement databases can have lifelong consequences." Normally, when a person is arrested and fingerprinted in New York, the State Division of Criminal Justice Services checks the prints in its system and sends them to the Federal Bureau of Investigation as well, state officials said. Information about arrest records and outstanding warrants is then sent back to the city's Police Department. As a result, the lawyers wrote, they are "deeply troubled by the notion that the N.Y.P.D. may have forced hundreds of political activists," as well as "a number of innocent bystanders arrested during the convention, to surrender their fingerprints for entry into state and federal databases." Saying that they were prepared to sue the city if necessary, the lawyers asked that any illegally obtained fingerprints held by the police, the state or the F.B.I. be destroyed. John Feinblatt, criminal justice coordinator for the Bloomberg administration, defended the city's actions, saying the fingerprints were automatically destroyed and therefore could not pose a threat to those arrested in the future. "The normal procedure for violation arrests is to take fingerprints for one purpose and one purpose only: to definitively establish who the person is and whether he has a warrant or other law-enforcement hold," he said. "After that the prints are destroyed and not made part of any permanent record. That's exactly what was done with every violation during the R.N.C., no more, no less." Without commenting on whether the city had broken the law, he added, "In an age of identity theft and high-quality fake ID's, fingerprints are the only surefire way to establish who's in front of you." State and federal officials said they did keep fingerprints from violation arrests. In the view of Mr. Dunn of the civil liberties union, though, destroying the fingerprints would not remedy the fact that they were illegally taken. "The practice has to stop," he said. "It's an unlawful practice. And more importantly, we're skeptical that fingerprints that were sent to New York State or the F.B.I. have been destroyed." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Oct 5 07:55:01 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 5 Oct 2004 10:55:01 -0400 Subject: House 9/11 Bill Will Set Up A Database On All Americans, Create National ID Card Message-ID: www.gunowners.org Oct 2004 GOA Alert-- October 04, 2004 House 9/11 Bill Will Set Up A Database On All Americans, Create National ID Card Gun Owners of America 8001 Forbes Place, Suite 102 Springfield, VA 22151 (703)321-8585 Monday, October 4, 2004 What part of "Constitution" don't they understand? In a frightening move, House Republicans -- members of the party that supposedly favors "limited government" -- are pushing an Orwellian nightmare in Congress in the name of "national security." In the wake of the 9/11 Commission's recommendations, the Senate -- unlike the House -- has prepared legislation which would closely track that Commission's findings by reorganizing the intelligence services in the federal government. The Senate bill is relatively innocuous compared to the House version, HR 10. Unfortunately, many of the so-called Republicans in the House are pushing this nightmarish legislation which would: * Create a massive government database containing personal information on every American man, woman and child; * Standardize (i.e., nationalize) the process of issuing driver's licenses -- thereby taking the final step toward creating a national ID card; and * Set up a system whereby any employer or industry identified by the Attorney General would have to submit employment applicants to the government for approval -- complete with fingerprints or other "biometric identifiers." Now, let's look at how each of these problems could affect your rights -- gun rights in particular: (1) The government database is created by section 2173 of HR 10, a bill introduced by House Speaker Dennis Hastert. It would allow airline passengers to be screened against lists containing "all appropriate records." What would be "appropriate" would be within the exclusive discretion of the bureaucrats, but could include medical records, confidential financial records, library records, and gun records. (2) The driver's license standards are in section 3052. They would allow the federal government to set standards as high as desired to determine who may or may not obtain a driver's license. Please note that you need a driver's license (or similarly regulated state-issued photo ID) to purchase a gun from a dealer. But, increasingly, you also need it to travel on any form of transportation (airplane, bus, train, car), to get a job, to open a checking account, to cash a check, to check into a hotel, to rent a car, or to purchase cigarettes or alcohol. If the federal government can set standards so high as to deny you a driver's license or photo ID, it has effectively turned you into a non-person. (3) Section 2142 would allow the U.S. attorney general to promulgate any regulations he desires concerning (a) what employers must submit the names and fingerprints of all employment applicants to the FBI, (b) what standards the government will use in approving or disapproving the employment applicants, and (c) whether or not the government's "disapproval" will prevent the applicant from being hired. There is nothing in section 2142 which would prohibit an anti-gun attorney general from (a) requiring the resumes and fingerprints of every employment applicant in the country, (b) disapproving them on the basis of gun ownership or, for that matter, any factor he viewed as not being politically correct, and (c) prohibiting any employer from hiring an applicant thus blacklisted. ACTION: Write your representative. Ask him, in the strongest terms, to vote against any "9/11 legislation" that (1) creates a government database of personal information on law-abiding Americans, (2) moves toward the use of a driver's license as a National ID Card, or (3) sets up a system for fingerprinting and approving job applicants in the private sector. You can use the pre-written message below and send it as an e-mail by visiting the GOA Legislative Action Center at http://www.gunowners.org/activism.htm (where phone and fax numbers are also available). ----- Pre-written message ----- Dear Representative: Movement toward an oppressive government does not make me feel more "secure." Therefore, I would urge you, in the strongest terms, to please vote against HR 10, The 9/11 Recommendations Implementation Act, if it: * Creates a massive government database containing personal information on every American man, woman and child [section 2173]; * Standardizes (i.e., nationalizes) the process of issuing driver's licenses -- thereby taking the final step toward creating a national ID card [section 3052]; * Sets up a system whereby any employer or industry identified by the Attorney General would have to submit employment applicants to the government for approval -- complete with fingerprints or other "biometric identifiers" [section 2142]. Frankly, the ideas which are being floated with respect to this legislation are simply horrible, and are surely unworthy of those who have sworn to protect the Constitution. Sincerely, *************************** GOA Candidate Ratings Now Online The 2004 version of GOA's famous Candidate Ratings Guide has now been posted at http://www.gunowners.org/votetb04.htm on the web. A survey was mailed to every identifiable candidate nationwide for this year's Congressional elections. And every incumbent was rated based on his or her gun rights voting record while in office. The result is a truly comprehensive voter's guide that will prove invaluable to gun owners this November. Be sure to take note of where your candidates stand on the Second Amendment! Up to Home Copyright, Contact and Credits -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Oct 5 07:56:29 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 5 Oct 2004 10:56:29 -0400 Subject: National IDs for everybody? Message-ID: CNET News National IDs for everybody? By Declan McCullagh http://news.com.com/National+IDs+for+everybody/2010-1028_3-5395386.html Story last modified October 4, 2004, 12:01 PM PDT Rep. David Dreier wants to force all Americans to carry a national ID card around with them. The California Republican is not about to describe his new bill in those terms, but that's the reality. Dreier's legislation would prohibit employers from hiring people unless the job applicants first obtain new federal ID cards with their photograph, Social Security number and an "encrypted electronic strip" with additional information. Any employer who fails to comply faces hefty fines and prison terms of up to five years. Dreier is smart enough to realize that these federal IDs would be immediately forged, so he takes the next step of linking them to an employment eligibility database that's queried by card readers whenever the ID is swiped. The employment database is required to include "all such data maintained by the Department of Homeland Security," combined with what the Social Security Administration has on file. Most all bills die without the dignity of a floor vote. But Dreier is a rising star in the Republican Party with the influence to enact legislation quickly. As a chairman, he's one of the youngest to head the powerful House Rules Committee, not to mention acting as co-chair of Californians for Bush and chairman of Gov. Arnold Schwarzenegger's transition team. In 1998, his conservative voting record garnered a perfect 100 percent rating from the Christian Coalition--and a zero percent rating from the left-leaning Americans for Democratic Action. Last week, Dreier appeared on MSNBC as a Republican spokesman before the presidential debate. Any employer who fails to comply faces hefty fines and prison terms of up to five years. The ostensible reason Dreier gives for a federal ID: curbing illegal immigration, the subject of a recent Time magazine cover story. "The explosion in counterfeit identity documents and employers who are unable or unwilling to establish the authenticity of documents presented by job applicants severely undermines our national security," Dreier said when introducing his bill, which he calls the Illegal Immigrant Enforcement and Social Security Protection Act. The real reasons are slightly more complicated. Tight re-election campaign Dreier is used to commanding handsome victories at the polls every two years over his Democratic rivals. But since 1996, Dreier's re-election percentages have dipped below 60 percent a few times, and events in the last month slammed the powerful Republican with a series of embarrassing pre-Election Day setbacks. First came allegations in the LA Weekly newspaper and the New York Post that Dreier, who has amassed a slew of anti-gay votes, is homosexual. Then two local talk show hosts, John Kobylt and Ken Chiampou of KFI-AM 640, became fed up with Dreier's stand on immigration. They organized a "Fire Dreier" rally on Sep. 15 on charges that illegal immigrants from Mexico have wreaked havoc on California's economy. Held outside Dreier's Glendora, Calif., office, it drew hundreds of protesters armed with signs and bullhorns who called for a "political human sacrifice," according to the Pasadena Star-News. The real problem with Dreier's plan is not that it creates an ID card. Driver's licenses do that today. Conservative publications continued the attack--a worrisome sign for a Republican who won't deny wanting to be speaker of the House someday. WorldNetDaily columnist Jane Chastain wrote an article on Sept. 16 endorsing the Fire Dreier scheme: "It will leave congressmen, who have done little or nothing to help stem the tide of illegal immigrates, quaking in their boots." The upshot? Just hours before the Fire Dreier protest, the embattled congressman informed the Claremont Kiwanis Club that he would introduce his national ID bill. Six days later, Dreier did just that. The real problem with Dreier's plan is not that it creates an ID card. Driver's licenses do that today. But Dreier would create a back-end database for authentication purposes that could track whenever the ID is swiped. Just as the Social Security Number's uses grew, those readers would appear just about everywhere: banks, office buildings, supermarkets. Such a database would overflow with detailed records of all of our life's activities and create an irresistible temptation for misuse by corrupt officials or electronic intruders. Dreier isn't alone. A Senate bill introduced last month in response to the 9/11 Commission's report would give the Department of Homeland Security unfettered power to regulate state drivers' licenses and ID cards. The House version takes a similar approach. Both measures say federal agencies will only accept licenses and ID cards that comply--a requirement that would affect anyone who wants to get a U.S. passport, obtain Social Security benefits, or even wander into a federal courthouse. States would be strong-armed into complying. Warns Barry Steinhardt of the American Civil Liberties Union: "Congress shouldn't be providing a blank check to the Department of Homeland Security to design a national driver's license." It's not just a liberal sentiment. Says Stephen Lilienthal, a policy analyst at the conservative Free Congress Foundation: "Many conservatives have expressed concern that proposals such as the Dreier bill are placed on the books with a limited set of objectives but will expand bit by bit to include all sorts of other information and be monitored constantly by the government to keep track of individuals from cradle to grave." Dreier should take note. Talking loudly about ID cards may boost his re-election bid next month, but voters won't be pleased when they've figured out what it actually means. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From brands at credentica.com Tue Oct 5 10:55:30 2004 From: brands at credentica.com (Stefan Brands) Date: Tue, 5 Oct 2004 13:55:30 -0400 Subject: Credentica Web site is up Message-ID: Dear All, This e-mail is to inform you that our corporate Web site at http://www.credentica.com is up. We welcome any suggestions for improvement, and encourage you to establish links to our home-page from your blogs, news postings, and Web sites! Best regards, Stefan Brands Credentica 740 Notre Dame W, #1500 Montreal, QC Canada H3C 3X6 Tel: +1 (514) 866.6000 PS Pages that may be of particular interest: - http://www.credentica.com/about.php (overview of what we do and how we differ) - http://www.credentica.com/solutions.php & submenus (explanations of product benefits in key markets) - http://www.credentica.com/the_mit_pressbook.php (the entire MIT Press book available for free download) White papers and product data sheets are in preparation and will be posted in the next couple of months. PPS The site is best viewed with a Javascript-enabled browser, and has been tested only with leading browsers. --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Oct 5 11:27:27 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 5 Oct 2004 14:27:27 -0400 Subject: Credentica Web site is up Message-ID: --- begin forwarded text From adam at cypherspace.org Tue Oct 5 14:13:47 2004 From: adam at cypherspace.org (Adam Back) Date: Tue, 5 Oct 2004 17:13:47 -0400 Subject: Brands credential book online (pdf) Message-ID: <20041005211347.GA26930@bitchcake.off.net> For people interested in ecash / credential tech: Stefan Brands book on his credential / ecash technology is now downloadable in pdf format from credentica's web site: http://www.credentica.com/the_mit_pressbook.php (previously it was only available in hardcopy, and only parts of the content was described in academic papers). also the credentica web site has gone live, lots of content. (credentica is Stefan's company around digital credentials). Adam From DaveHowe at gmx.co.uk Tue Oct 5 09:48:30 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Tue, 05 Oct 2004 17:48:30 +0100 Subject: QC Hype Watch: Quantum cryptography gets practical In-Reply-To: References: Message-ID: <4162D05E.8080605@gmx.co.uk> R. A. Hettinga wrote: > Two factors have made this possible: the > vast stretches of optical fiber (lit and dark) laid in metropolitan areas, which very conveniently was laid from one of your customers to another of your customers (not between telcos?) - or are they talking only having to lay new links for the "last mile" and splicing in one of the existing dark fibres (presumably ones without any repeaters on it) From gnu at toad.com Tue Oct 5 19:07:59 2004 From: gnu at toad.com (John Gilmore) Date: Tue, 05 Oct 2004 19:07:59 -0700 Subject: Interesting report on Dutch non-use of traffic data Message-ID: From EDRI-gram via Wendy Seltzer: ============================================================ 4. Dutch police report: traffic data seldom essential ============================================================ Telephone traffic data are only necessary to solve crimes in a minority of police investigations. Most cases can be solved without access to traffic data, with the exception of large fraud investigations. These are the conclusions of a Dutch police report produced at the request of the Dutch ministry of Justice. The report was recently obtained by the Dutch civil liberties organisation Bits of Freedom through a public access request. The report undermines the Dutch government's support to the EU draft framework decision on data retention. The report makes no case for the proposed data retention as Dutch police already uses traffic data in 90% of all investigations. The police can already obtain, with a warrant, the traffic data that telecommunication companies store for their own billing- and business purposes. The report also shows that the use of traffic data is a standard tool in police investigations and it not limited to cases of organised crime or terrorism. The report is the result of an evaluation of past investigations by the Dutch police of Rotterdam. Two-thirds of all investigations could have been solved if no traffic data would have been available at all. The three main purposes of traffic data in police investigations are: network analysis (searching for associations of a person to other individuals), tactical support for surveillance and checking of alibis (through GSM location data). Police investigators can compensate a possible lack of traffic data by other investigative methods such as wiretapping, surveillance, a preservation order for traffic data and a longer investigative period. The report states that police officers seldom ask for traffic data older than six months. The report was never sent to the Dutch parliament although members of parliament previously asked for research results about the effectiveness of mandatory data retention. After Bits of Freedom published the report new questions have been raised in the Dutch parliament about the reason for withholding the report. The use of (historic) traffic data in investigations (April 2003, in Dutch) http://www.bof.nl/docs/rapport_verkeersgegevens.pdf (Contribution by Maurice Wessling, EDRI-member Bits of Freedom) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From camera_lumina at hotmail.com Tue Oct 5 17:32:35 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 05 Oct 2004 20:32:35 -0400 Subject: Quantum cryptography gets "practical" Message-ID: Actually, that's an interesting point. In places like downtown NYC, if the fiber doesn't actually go to the basement of a building, it will certainly go within a few 100 feet, so that last hop is trivial. (But the kind of companies this would be targeted for this would already have fiber to the premises or FTTP anyway....however, that fiber will only on occasion make it all the way to the telecom room...the internal building wiring will often be copper.) However, it's not like you'd have a continuous piece of fiber all the way from Customer X Location A to Customer X Location B...you'd definitely go through at least one fiber distributing frame (FDF) aka an optical "patch panel". However, the connectors will almost certainly be at least slightly anisotropic, so you'd get a wavefunction collapse, or at least diminish the distance you can go. So I imagine they actually perform a splice and remove the connectors...this will limit you of course to new, high quality fiber (which is extremely isotropic, and I know this for a fact having previously done a lot of testing for PMD, or Polarization Mode Dispersion.) An interesting thing to think about is the fact that in dense metro areas, you pretty much have a "star" from the CO out to a premise (which is the cause of deployment of "Collapsed SONET Rings"). This means the other photon of your encrypted pair might easily pass through the same CO somewhere, which would make the system suscpetible to a sort of man in the middle attack. Or at least, your fancy quantum crypto system has defaulted back to standard crypto in terms of its un-hackability. Moral of this story is, even if this thing is useful, you'll probably have a very hard time finding a place it can be deployed and still retain its "advantages". -TD >From: Dave Howe >To: Email List: Cryptography , Email >List: Cypherpunks >Subject: Re: QC Hype Watch: Quantum cryptography gets practical >Date: Tue, 05 Oct 2004 17:48:30 +0100 > >R. A. Hettinga wrote: >>Two factors have made this possible: the >>vast stretches of optical fiber (lit and dark) laid in metropolitan areas, >which very conveniently was laid from one of your customers to another of >your customers (not between telcos?) - or are they talking only having to >lay new links for the "last mile" and splicing in one of the existing dark >fibres (presumably ones without any repeaters on it) _________________________________________________________________ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement From mv at cdc.gov Tue Oct 5 22:33:58 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 05 Oct 2004 22:33:58 -0700 Subject: City Challenged on Fingerprinting Protesters Message-ID: <416383C6.E60C96EE@cdc.gov> At 10:49 AM 10/5/04 -0400, R. A. Hettinga wrote: >Now it looks as if much of the fingerprinting may not have been legal in >the first place. According to lawyers at the New York Civil Liberties >Union, the city may have violated state law by routinely fingerprinting >arrested protesters. There is a bill in this year's Ca election to require DNA sampling of anyone arrested. Not convicted of a felony, but arrested. From rabbi at abditum.com Wed Oct 6 02:54:44 2004 From: rabbi at abditum.com (Len Sassaman) Date: Wed, 6 Oct 2004 02:54:44 -0700 (PDT) Subject: CodeCon 2005 Call for Papers Message-ID: CodeCon 4.0 February 11-13, 2005 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presenters must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: December 15, 2005 * Authors notified: January 1, 2005 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls Presentations will be a 45 minutes long, with 15 minutes allocated for Q&A. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are November 15, and December 15. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. Ideally, demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Our venue will be 21+. To submit, send mail to submissions-2005 at codecon.org including the following information: * Project name * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chairs: Jonathan Moore, Len Sassaman Program Chair: Bram Cohen Program Committee: * Jeremy Bornstein, AtomShockwave Corp., USA * Bram Cohen, BitTorrent, USA * Jered Floyd, Permabit, USA * Ian Goldberg, Zero-Knowledge Systems, CA * Dan Kaminsky, Avaya, USA * Klaus Kursawe, Katholieke Universiteit Leuven, BE * Ben Laurie, A.L. Digital Ltd., UK * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Len Sassaman, Nomen Abditum Services, USA Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at codecon-admin at codecon.org. Press policy: CodeCon provides a limited number of passes to bona fide press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail codecon-admin at codecon.org. Please note this address is only for questions and administrative requests, and not for workshop presentation submissions. From DaveHowe at gmx.co.uk Wed Oct 6 03:27:37 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Wed, 06 Oct 2004 11:27:37 +0100 Subject: Quantum cryptography gets "practical" In-Reply-To: References: Message-ID: <4163C899.5040708@gmx.co.uk> Tyler Durden wrote: > An interesting thing to think about is the fact that in dense metro > areas, you pretty much have a "star" from the CO out to a premise (which > is the cause of deployment of "Collapsed SONET Rings"). This means the > other photon of your encrypted pair might easily pass through the same > CO somewhere, which would make the system suscpetible to a sort of man > in the middle attack. Or at least, your fancy quantum crypto system has > defaulted back to standard crypto in terms of its un-hackability. Unless I am mistaken as to the Quantum Key Exchange process, only one photon is ever transmitted, with a known orientation; the system doesn't use entanglement AFAIK. I note also that, as QKE is *extremely* vulnerable to MitM attacks, a hybrid system (which need only be tactically secure, not strategically secure) can be used to "lock out" a MitM attacker for long enough that his presence can be detected, without having to resort to a classical but unblockable out of band data stream. I think this is part of the purpose behind the following paper: http://eprint.iacr.org/2004/229.pdf which I am currently trying to understand and failing miserably at *sigh* > Moral of this story is, even if this thing is useful, you'll probably > have a very hard time finding a place it can be deployed and still > retain its "advantages". I have yet to see an advantage to QKE that even mildly justifies the limitations and cost over anything more than a trivial link (two buildings within easy walking distance, sending high volumes of extremely sensitive material between them) > > -TD > > >> From: Dave Howe >> To: Email List: Cryptography , >> Email List: Cypherpunks >> Subject: Re: QC Hype Watch: Quantum cryptography gets practical >> Date: Tue, 05 Oct 2004 17:48:30 +0100 >> >> R. A. Hettinga wrote: >> >>> Two factors have made this possible: the >>> vast stretches of optical fiber (lit and dark) laid in metropolitan >>> areas, >> >> which very conveniently was laid from one of your customers to another >> of your customers (not between telcos?) - or are they talking only >> having to lay new links for the "last mile" and splicing in one of the >> existing dark fibres (presumably ones without any repeaters on it) > > > _________________________________________________________________ > On the road to retirement? Check out MSN Life Events for advice on how > to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement From Claudia.Diaz at esat.kuleuven.ac.be Wed Oct 6 03:45:49 2004 From: Claudia.Diaz at esat.kuleuven.ac.be (Claudia Diaz) Date: Wed, 6 Oct 2004 12:45:49 +0200 (CEST) Subject: Announcement 5th APES Workshop Message-ID: Dear, we are happy to announce the 5th Anonymity and Privacy in Electronic Services Workshop. In the first part of the workshop, we will have two invited talks (by Jan Camenisch and Dogan Kesdogan). During the second part, the research partners of APES will present the results of the last year. You are kindly invited to attend. In order to estimate the number of participants, we ask you to register by sending an email to Pila Noe (Pela.Noe at esat.kuleuven.ac.be). Feel free to forward this email to anyone who may be interested on the topic. For more information on this project, you may look at the APES website (https://www.cosic.esat.kuleuven.ac.be/apes) 5th APES WORKSHOP ----------------- Date: Tuesday, November 23rd Location: Auditorium A (ESAT, K.U. Leuven) Kasteelpark Arenberg 10 B-3001 Leuven-Heverlee, Belgium Fee: Free of charge. We kindly ask you to register in advance by sending an email to our secretary Pila Noe (Pela.Noe at esat.kuleuven.ac.be) AGENDA ------ 13:00-13:10 Welcome and Introduction by Bart Preneel (COSIC/KULeuven) 13:10-13:50 Invited talk: "Security and Privacy for E-Transactions" by Jan Camenisch (IBM Zurich Research Laboratory) 13:50-14:30 Invited talk: "Personal risk management" by Dogan Kesdogan (University of Aachen) 14:30-14:50 Coffee break 14:50-15:30 Anonymous communication infrastructure by Claudia Diaz (COSIC/KULeuven) 15:30-16:10 Controlled anonymous email by Vincent Naessens (DISTRINET/KULAK) 16:10-16:30 Controlled anonymous databases by Svetla Nikova (COSIC/KULeuven) _______________________________________________ NymIP-res-group mailing list NymIP-res-group at nymip.org http://www.nymip.org/mailman/listinfo/nymip-res-group --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Wed Oct 6 11:12:42 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 6 Oct 2004 14:12:42 -0400 Subject: Announcement 5th APES Workshop Message-ID: --- begin forwarded text From bjonkman at sobac.com Wed Oct 6 13:29:29 2004 From: bjonkman at sobac.com (Bob Jonkman) Date: Wed, 06 Oct 2004 16:29:29 -0400 Subject: "ID Rules Exist, But Can't Be Seen" In-Reply-To: Message-ID: <41641D69.5090.D9F9EB@localhost> This is what Tyler Durden said about ""ID Rules Exist, But Can't Be Seen"" on 30 Sep 2004 at 17:06 > For instance, is it indeed possible that revealing this rule would > pose an additional security risk? If such a rule exists (and it does) > then hijackers obviously already know about it. Could this rule also > reveal some deeper secrets about how hijackers can be detected? I > seriously doubt it. There's some wonderful Sicilian Reasoning in that: We can't reveal the rule because the Bad Guys would figure out what we're looking for. But the Bad Guys already know what we're looking for, but we'll keep the rule secret anyway because we know they know what we're looking for. The thing is, the Bad Guys know that too... From DaveHowe at gmx.co.uk Wed Oct 6 09:04:49 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Wed, 06 Oct 2004 17:04:49 +0100 Subject: Quantum cryptography gets "practical" In-Reply-To: <4163C899.5040708@gmx.co.uk> References: <4163C899.5040708@gmx.co.uk> Message-ID: <416417A1.8090308@gmx.co.uk> Dave Howe wrote: > I think this is part of the > purpose behind the following paper: > http://eprint.iacr.org/2004/229.pdf > which I am currently trying to understand and failing miserably at *sigh* Nope, finally strugged to the end to find a section pointing out that it does *not* prevent mitm attacks. Anyone seen a paper on a scheme that does? From DaveHowe at gmx.co.uk Wed Oct 6 09:06:51 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Wed, 06 Oct 2004 17:06:51 +0100 Subject: City Challenged on Fingerprinting Protesters In-Reply-To: <416383C6.E60C96EE@cdc.gov> References: <416383C6.E60C96EE@cdc.gov> Message-ID: <4164181B.4090203@gmx.co.uk> Major Variola (ret) wrote: > There is a bill in this year's Ca election to require DNA sampling of > anyone arrested. Not convicted of a felony, but arrested. Doesn't surprise me - the UK police collected a huge bunch of fingerprints and dna samples "for elimination purposes" during one of the child-murder witchhunts, with written promises given that the samples were just for that one task, and would be destroyed once the hunt was over. They still kept them anyway of course, and made them the basis for their new "national dna database". From rah at shipwright.com Wed Oct 6 16:31:30 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 6 Oct 2004 19:31:30 -0400 Subject: Micropayments Are Multiplying Message-ID: Emarketer.com Micropayments Are Multiplying October 07, 2004 Exactly 14 million Americans made online purchases for less than $2.00 over the past year, reports Ipsos. A survey from Ipsos-Insight on the small payments market, released yesterday at the Micropayments Conference in New York City, reported that more than 14 million Americans, ages 12 and older, purchased digital content for less than $2.00 in the past twelve months. The rate of small purchases is going up fast. In July, Ipsos-Insight reported that more than 10 million Americans purchased digital content for less than $2.00 in the past year, and in November the number of US purchasers in the past year was approximately 4 million. In all, the 14 million represents an increase of over 10 million micro-purchasers since October 2003, a 350% yearly increase. By comparison, the survey found that more than an estimated 37 million Americans are willing to use credit, debit or charge cards for purchases of $5.00 or less. "The data suggest that increasing the availability and consumer awareness of compelling online content for less than $2.00 could be the key to sparking growth in this emerging online commerce area," says Matt Kleinschmit, Director, Ipsos-Insight. The survey estimates that 30 million Americans are at least somewhat likely to purchase content for less than $2.00 in the next twelve months, and states that the primary reason consumers have not yet made an online purchase for $2 or less is lack of compelling content in the price range. In fact, more than 44% of those surveyed have made an online purchase in the past year - and over 50% of them indicated that the main reasons they have not made a micropayment was because it was not worth the effort, lack of interesting content or availability of content. "The technology is available today to enable cost-effective sales of low-priced digital content," emphasizes Mr. Kleinschmit. "The most significant challenge is packaging and pricing the content to meet consumer demand." Among consumers who had made online purchases of $2.00 or less, the most commonly purchased items were ring tones, music, games and articles, so it is not surprising that teens were the age group most likely to make micro-purchases in the near future. Teenagers are also the most likely to make purchases of under $20.00. While the Ipsos-Insight survey focused exclusively on the US and the online environment, a study recently released by Juniper Research, "Mobile Commerce (M-Commerce) & Micropayment Strategies," looked at the worldwide micropayment market with an emphasis on the mobile channel. Juniper projects that the global mobile commerce market - excluding mobile entertainment - will become a $40 billion industry by 2009, fuelled by a growth in micropayments. Juniper reports: "Large numbers of small payments will make up the vast majority of sales via mobile phones, with the average Western European making approximately 28 transactions a year via the mobile phone by 2009. The average cost of each transaction in 2009 in Western Europe is expected to be worth approximately $3.00." Foreseeing the day when the mobile phone could develop into a full-fledged digital wallet, the author of the report, Marc Ambasna-Jones, says the key to m-commerce growth is simplicity: "Will it be easier to use than a credit card for example? Can it ever be more convenient than cash? Ultimately the success or failure of mobile commerce comes down to this." Bruce Cundiff, an analyst with Jupiter Research, told CNET that "what it comes down to is that there simply must be a viable transaction model for smaller-cost products to make a dollar off e-commerce sales." As these two new reports make clear, both online and on the phone, a lot is riding on consumers' ability to pay very little - quickly, securely and conveniently. But can the micropayment market put its history of failures (Beenz, Flooz and DigiCash) behind and really start to churn out macro revenues? As for now, no one knows for sure. )2004 eMarketer Inc. All rights reserved -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From shmoocon-news at lists.shmoo.com Wed Oct 6 16:34:24 2004 From: shmoocon-news at lists.shmoo.com (shmoocon-news at lists.shmoo.com) Date: Wed, 6 Oct 2004 19:34:24 -0400 Subject: [ShmooCon-News] First selected BoF run by Jon Callas, CTO, PGP Corporation Message-ID: We're pleased to announce our first selected though-provoking and potentially controversial BoF for ShmooCon 2005 will be run by Jon Callas, CTO, PGP Corporation. For more information check out: http://www.shmoocon.org/program.html#callas We look forward to folks discussing how "Information wants to be free, but programmers want to eat." Check it out! Sincerely, Beetle _______________________________________________ Shmoocon-News mailing list Shmoocon-News at lists.shmoo.com https://lists.shmoo.com/mailman/listinfo/shmoocon-news --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Wed Oct 6 11:07:17 2004 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 6 Oct 2004 20:07:17 +0200 Subject: Interesting report on Dutch non-use of traffic data (fwd from gnu@toad.com) Message-ID: <20041006180717.GW1457@leitl.org> ----- Forwarded message from John Gilmore ----- From rah at shipwright.com Wed Oct 6 17:14:41 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 6 Oct 2004 20:14:41 -0400 Subject: [ShmooCon-News] First selected BoF run by Jon Callas, CTO, PGP Corporation Message-ID: --- begin forwarded text From mv at cdc.gov Wed Oct 6 20:38:53 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 06 Oct 2004 20:38:53 -0700 Subject: City Challenged on Fingerprinting Protesters Message-ID: <4164BA4D.C3086FE6@cdc.gov> At 05:06 PM 10/6/04 +0100, Dave Howe wrote: >Major Variola (ret) wrote: >> There is a bill in this year's Ca election to require DNA sampling of >> anyone arrested. Not convicted of a felony, but arrested. [as in arrested for protesting] >Doesn't surprise me - the UK police collected a huge bunch of >fingerprints and dna samples "for elimination purposes" during one of >the child-murder witchhunts, with written promises given that the >samples were just for that one task, and would be destroyed once the >hunt was over. >They still kept them anyway of course, and made them the basis for their >new "national dna database". The UK is a fantastic example of the US in a few years. In a way, the UK population are beta testers for the statism of the future here. If it passes in the UK, they'll try it in the US in a 'wee bit'. Its when Ross Anderson ends up detained as an enemy combatant that the sleeper cells (tm) will be triggered. Not only DNA, of course; surveillance cameras, papers on demand, domestic CIA (MI-blah) powers, etc. And y'all are our obediant and faithful military poodles. Only the Aussies and Iberians have gotten the feedback though. Your turn will come. Batman in a turban, mofo. We sympathize, of course, protestant angliospeaking folks are regarded as human, but bemoan your lack of constitutional protections (here my more cynical friends accuse me of bill-o'-rights religion) and you must pay penance for Benny Hill, anyway. ------ No one expects the BSA (in a silly voice) ------ \begin{TMay} Funny how those needing killing are nearly universally elected or appointed... what was that old-school Frog's comment about democracy? \end{TMay} ----- Got ANFO? From kapil_ds at MIT.EDU Wed Oct 6 22:03:15 2004 From: kapil_ds at MIT.EDU (Kapil Dev Singh) Date: Thu, 7 Oct 2004 01:03:15 -0400 Subject: RFID special interest group Message-ID: Hello Mr Hettinga, You had attended the RFID privacy workshop last fall at MIT, so i would like to invite you to a RFID SIG event on behalf of MIT enterprise forum. Details are given below. Please do come. Thanks, Kapil RFID Special Interest Group (RFID SIG), a SIG established under MIT Enterprise forum of Cambridge, would like invite you to its upcoming event. 'Case Presentation: RFID Challenges in the Pharmaceutical Industry' Keynote Jack DeAlmo: Vice President of Store Replenishment and Inventory Management, CVS Panel Nick Beim: General Partner, Matrix Partners Sanjay Sarma:Chief Technology Officer, Oat Systems Noha Tohamy: Principal Analyst, Forrester Research When & Where: Wednesday, October 13, 2004, 5:30 PM , STATA CENTER, Room 123 (Kirsch Auditorium), 32 Vassar Street, MIT The details are also at http://www.mitforumcambridge.org/events/oct04.htm RFID Special Interest Group seeks to establish a community around RFID. The schedule of upcoming events, one every month, is available at http://www.mitforumcambridge.org/RFIDSIG.html Join the community. --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Wed Oct 6 22:04:54 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 7 Oct 2004 01:04:54 -0400 Subject: RFID special interest group Message-ID: --- begin forwarded text From sunder at sunder.net Thu Oct 7 03:19:43 2004 From: sunder at sunder.net (Sunder) Date: Thu, 7 Oct 2004 06:19:43 -0400 (edt) Subject: Most Disturbing Yet - Senate Wants Database Dragnet Message-ID: http://www.wired.com/news/privacy/0,1848,65242,00.html http://www.wired.com/news/print/0,1294,65242,00.html Senate Wants Database Dragnet By Ryan Singel 02:00 AM Oct. 06, 2004 PT The Senate could pass a bill as early as Wednesday evening that would let government counter-terrorist investigators instantly query a massive system of interconnected commercial and government databases that hold billions of records on Americans. The proposed network is based on the Markle Foundation Task Force's December 2003 report, which envisioned a system that would allow FBI and CIA agents, as well as police officers and some companies, to quickly search intelligence, criminal and commercial databases. The proposal is so radical, the bill allocates $50 million just to fund the system's specifications and privacy policies. To prevent abuses of the system, the Markle task force recommended anonymized technology, graduated levels of permission-based access and automated auditing software constantly hunting for abuses. {Huh? How would anonimized access PREVENT abuses?} An appendix to the report went so far as to suggest that the system should "identify known associates of the terrorist suspect, within 30 seconds, using shared addressees, records of phone calls to and from the suspect's phone, e-mails to and from the suspect's accounts, financial transactions, travel history and reservations, and common memberships in organizations, including (with appropriate safeguards) religious and expressive organizations." ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. ------------------------------------------------------------------------- From nobody at dizum.com Wed Oct 6 23:20:04 2004 From: nobody at dizum.com (Nomen Nescio) Date: Thu, 7 Oct 2004 08:20:04 +0200 (CEST) Subject: Implant replaces ID cards for access to restricted areas. Message-ID: <8e5b8994046e2cba50b02a5311eb8d62@dizum.com> Mexican Attorney General, Staff Get Chip Implants Implant replaces ID cards for access to restricted areas. The Attorney General of Mexico, Rafael Macedo de la Concha, recently announced at the opening of Mexico's National Information Center that he and some of his staff had been implanted with VeriChips to replace their ID tags for access to restricted areas, and to access the country's crime database. http://www.govtech.net/magazine/channel_story.php?channel=24&id=90885 From lloyd at randombit.net Thu Oct 7 08:23:19 2004 From: lloyd at randombit.net (Jack Lloyd) Date: Thu, 7 Oct 2004 11:23:19 -0400 Subject: Most Disturbing Yet - Senate Wants Database Dragnet In-Reply-To: References: Message-ID: <20041007152319.GB12268@acm.jhu.edu> On Thu, Oct 07, 2004 at 06:19:43AM -0400, Sunder wrote: > > > To prevent abuses of the system, the Markle task force recommended > anonymized technology, graduated levels of permission-based access and > automated auditing software constantly hunting for abuses. > > {Huh? How would anonimized access PREVENT abuses?} One would hope that they meant anonymizing the subjects, much the same way some medical databases are. It's nontrivial to implement well, though. And more likely than not it won't be implemented at all, since it's much easier to just give everyone full search abilities. -Jack From camera_lumina at hotmail.com Thu Oct 7 08:57:50 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 07 Oct 2004 11:57:50 -0400 Subject: Quantum cryptography gets "practical" Message-ID: Oops. You're right. It's been a while. Both photons are not utilized, but there's a Private channel and a public channel. As for MITM attacks, however, it seems I was right more or less by accident, and the collapsed ring configuration seen in many tightly packed metro areas (where potential customers of Quantum Key Exchange reside) does indeed make such attacks much easier. Come to think of it, an intruder that were able to gain access to a CO without having to notify the public (Patriot Act) should easily be able to insert themselves into a QKE client's network and then do whatever they want to (provided, of course, they have the means to crack the 'regular' encryption scheme used to encode the bits--NSA). Which means that, should a $75K/year NSA employee want to strike it really, really rich, they'd be able to procure advanced notice of any mergers/acquisition deals. -TD >From: Dave Howe >To: Tyler Durden >Subject: Re: Quantum cryptography gets "practical" >Date: Wed, 06 Oct 2004 11:26:32 +0100 > >Tyler Durden wrote: >>An interesting thing to think about is the fact that in dense metro areas, >>you pretty much have a "star" from the CO out to a premise (which is the >>cause of deployment of "Collapsed SONET Rings"). This means the other >>photon of your encrypted pair might easily pass through the same CO >>somewhere, which would make the system suscpetible to a sort of man in the >>middle attack. Or at least, your fancy quantum crypto system has defaulted >>back to standard crypto in terms of its un-hackability. > Unless I am mistaken as to the Quantum Key Exchange process, only one >photon is ever transmitted, with a known orientation; the system doesn't >use entanglement AFAIK. > I note also that, as QKE is *extremely* vulnerable to MitM attacks, a >hybrid system (which need only be tactically secure, not strategically >secure) can be used to "lock out" a MitM attacker for long enough that his >presence can be detected, without having to resort to a classical but >unblockable out of band data stream. I think this is part of the purpose >behind the following paper: >http://eprint.iacr.org/2004/229.pdf >which I am currently trying to understand and failing miserably at *sigh* > >>Moral of this story is, even if this thing is useful, you'll probably have >>a very hard time finding a place it can be deployed and still retain its >>"advantages". >I have yet to see an advantage to QKE that even mildly justifies the >limitations and cost over anything more than a trivial link (two buildings >within easy walking distance, sending high volumes of extremely sensitive >material between them) > > >> >>-TD >> >> >>>From: Dave Howe >>>To: Email List: Cryptography , Email >>>List: Cypherpunks >>>Subject: Re: QC Hype Watch: Quantum cryptography gets practical >>>Date: Tue, 05 Oct 2004 17:48:30 +0100 >>> >>>R. A. Hettinga wrote: >>> >>>>Two factors have made this possible: the >>>>vast stretches of optical fiber (lit and dark) laid in metropolitan >>>>areas, >>> >>>which very conveniently was laid from one of your customers to another of >>>your customers (not between telcos?) - or are they talking only having to >>>lay new links for the "last mile" and splicing in one of the existing >>>dark fibres (presumably ones without any repeaters on it) >> >> >>_________________________________________________________________ >>On the road to retirement? Check out MSN Life Events for advice on how to >>get there! http://lifeevents.msn.com/category.aspx?cid=Retirement >> >> > _________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee. Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 From sunder at sunder.net Thu Oct 7 11:14:17 2004 From: sunder at sunder.net (Sunder) Date: Thu, 7 Oct 2004 14:14:17 -0400 (edt) Subject: RFID Driver's licenses for VA Message-ID: So the cops and RFID h4x0rZ can know your true name from a distance. and since RFID tags, are what, $0.05 each, the terrorists and ID counterfitters will be able to make fake ones too... Whee! http://www.wired.com/news/print/0,1294,65243,00.html RFID Driver's Licenses Debated By Mark Baard Story location: http://www.wired.com/news/privacy/0,1848,65243,00.html 09:50 AM Oct. 06, 2004 PT Some federal and state government officials want to make state driver's licenses harder to counterfeit or steal, by adding computer chips that emit a radio signal bearing a license holder's unique, personal information. In Virginia, where several of the 9/11 hijackers obtained driver's licenses, state legislators Wednesday will hear testimony about how radio frequency identification, or RFID, tags may prevent identity fraud and help thwart terrorists using falsified documents to move about the country. Privacy advocates will argue that the radio tags will also make it easy for the government to spy on its citizens and exacerbate identity theft, one of the problems the technology is meant to relieve. Because information on RFID tags can be picked up from many feet away, ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. ------------------------------------------------------------------------- From sfurlong at acmenet.net Thu Oct 7 12:09:50 2004 From: sfurlong at acmenet.net (Steve Furlong) Date: 07 Oct 2004 15:09:50 -0400 Subject: Quantum cryptography gets "practical" In-Reply-To: <4163C899.5040708@gmx.co.uk> References: <4163C899.5040708@gmx.co.uk> Message-ID: <1097176190.6564.7.camel@daft> On Wed, 2004-10-06 at 06:27, Dave Howe wrote: > I have yet to see an advantage to QKE that even mildly justifies the > limitations and cost over anything more than a trivial link (two > buildings within easy walking distance, sending high volumes of > extremely sensitive material between them) But it's cool! More seriously, it has no advantage now, but maybe something will come up. The early telephones were about useless, too, remember. In the mean time, the coolness factor will keep people playing with it and researching it. From sfurlong at acmenet.net Thu Oct 7 12:16:34 2004 From: sfurlong at acmenet.net (Steve Furlong) Date: 07 Oct 2004 15:16:34 -0400 Subject: Quantum cryptography gets "practical" In-Reply-To: <41658FDD.7010809@gmx.co.uk> References: <41658FDD.7010809@gmx.co.uk> Message-ID: <1097176594.6564.14.camel@daft> On Thu, 2004-10-07 at 14:50, Dave Howe wrote: > The "regular encryption scheme" (last I looked at a QKE product) was XOR.... Well, if it's good enough for Microsoft, it's good enough for everyone. I have it on good authority that Microsoft's designers and programmers are second to none. (Microsoft's marketing department is a good authority, right?) From DaveHowe at gmx.co.uk Thu Oct 7 11:50:05 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Thu, 07 Oct 2004 19:50:05 +0100 Subject: Quantum cryptography gets "practical" In-Reply-To: References: Message-ID: <41658FDD.7010809@gmx.co.uk> Tyler Durden wrote: > Oops. You're right. It's been a while. Both photons are not utilized, > but there's a Private channel and a public channel. As for MITM attacks, > however, it seems I was right more or less by accident, and the > collapsed ring configuration seen in many tightly packed metro areas > (where potential customers of Quantum Key Exchange reside) does indeed > make such attacks much easier. > > Come to think of it, an intruder that were able to gain access to a CO > without having to notify the public (Patriot Act) should easily be able > to insert themselves into a QKE client's network and then do whatever > they want to (provided, of course, they have the means to crack the > 'regular' encryption scheme used to encode the bits--NSA). > > Which means that, should a $75K/year NSA employee want to strike it > really, really rich, they'd be able to procure advanced notice of any > mergers/acquisition deals. Unless someone has come up with a new wrinkle to this since I last looked, the QKE system indeed requires three channels - the key photon one which must be optical, and a conventional comms pair (the latter of course can be substituted with any comms pair you have handy, but if you are running fibre from A to B you might as well run three) As all three require MiTM to be mounted, it would be better to have a physically diverse path for the conventional pair - but in a small city where you are patching the optical channel though the nearest exchange, this may not be practicable. The "regular encryption scheme" (last I looked at a QKE product) was XOR.... From DaveHowe at gmx.co.uk Thu Oct 7 13:23:13 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Thu, 07 Oct 2004 21:23:13 +0100 Subject: Quantum cryptography gets "practical" In-Reply-To: <1097176594.6564.14.camel@daft> References: <41658FDD.7010809@gmx.co.uk> <1097176594.6564.14.camel@daft> Message-ID: <4165A5B1.4050802@gmx.co.uk> Steve Furlong wrote: > On Thu, 2004-10-07 at 14:50, Dave Howe wrote: >>The "regular encryption scheme" (last I looked at a QKE product) was XOR.... > Well, if it's good enough for Microsoft, it's good enough for everyone. > I have it on good authority that Microsoft's designers and programmers > are second to none. (Microsoft's marketing department is a good > authority, right?) well, what they *don't* tell you is the question was "which would you prefer to impliment security, a microsoft programmer or none at all" and they *still* came second :) From emc at artifact.psychedelic.net Fri Oct 8 00:01:59 2004 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Fri, 8 Oct 2004 00:01:59 -0700 (PDT) Subject: FBI Raids Indymedia Message-ID: <200410080701.i9871xsa027591@artifact.psychedelic.net> According to http://www.indymedia.it/, the FBI seized Indymedia's servers from their host, Rackspace. > Thursday Oct 7 2004, at 6 PM, FBI issued an order to Rackspace in the US > (Indymedia's provider with offices in the US and London) to remove > physically two of our servers. The order was so short term that > Rackspace had to give away our hard drives in the UK. The servers > hosted numerous local IMCs, including italy.indymedia.org. If you find > a site is down: that might be the reason The reason why the hard drives > were taken are unknown. And at http://www.smh.com.au/articles/2004/10/08/1097089554894.html ----- The FBI has issued an order to hosting provider Rackspace in the US, ordering it to turn over two of the servers hosting the Independent Media Centre's websites in the UK, a statement from the group says. Rackspace has offices in the US and the UK. Independent Media Center, which is better known as Indymedia, was set up in 1999 to provide grassroots coverage of the World Trade Organisation (WTO) protests in Seattle. Rackspace complied with the FBI order, without first notifying Indymedia, and turned over Indymedia's server in the UK. This affects over 20 Indymedia sites worldwide, the group said. Indymedia said it did not know why the order had been issued as it was issued to Rackspace. Rackspace told some of the group's volunteers "they cannot provide Indymedia with any information regarding the order." ISPs have received gag orders in similar situations which prevent them from updating the parties involved on what is happening. Indymedia said a second server was taken down at Rackspace. This provided streaming radio to several radio stations, BLAG (a Linux distribution), and a handful of miscellanous things. In August the US Secret Service used a subpoena in an attempt to disrupt the New York city Independent Media Center before the Republican National COnvention by trying to get IP logs from an ISP in the US and the Netherlands. Last month the US Federal Communications Commission shut down community radio stations around the US. Two weeks ago the FBI asked Indymedia to remove a post on the Nantes IMC that had a photo of some undercover Swiss police and IMC volunteers in Seattle were visited by the FBI on the same issue. Indymedia said the list of local media collectives affected included Ambazonia, Uruguay, Andorra, Poland, Western Massachusetts, Nice, Nantes, Lilles, Marseille (all France), Euskal Herria (Basque Country), Liege, East and West Vlaanderen, Antwerpen (all Belgium), Belgrade, Portugal, Prague, Galiza, Italy, Brazil, UK, part of the Germany site, and the global Indymedia Radio site. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From shaddack at ns.arachne.cz Thu Oct 7 16:35:23 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 8 Oct 2004 01:35:23 +0200 (CEST) Subject: RFID Driver's licenses for VA In-Reply-To: References: Message-ID: <0410080125570.11413@somehost.domainz.com> On Thu, 7 Oct 2004, Sunder wrote: > So the cops and RFID h4x0rZ can know your true name from a distance. and > since RFID tags, are what, $0.05 each, the terrorists and ID > counterfitters will be able to make fake ones too... Whee! Given the power requirements for doing anything more than dumb sequence repeat, I'd worry about the potential for replay attack and licence cloning. Make a proof-of-concept device early after they start rolling the scheme out, publish on Slashdot, and see them retracting it as fast as they were deploying it. A defense is a metal board in a wallet, close to the RFID chip's antenna. It is readable when the licence is taken out of the wallet. When inside, the antenna is quite effectively shielded. As a bonus, for many people this method can be seamlessly integrated to their mode of the document usage (leaving the privacy implications of the "legitimate" readers aside for now, talking about the unauthorized remote readers only here). From measl at mfn.org Fri Oct 8 02:00:16 2004 From: measl at mfn.org (J.A. Terranson) Date: Fri, 8 Oct 2004 04:00:16 -0500 (CDT) Subject: FBI Raids Indymedia In-Reply-To: <200410080701.i9871xsa027591@artifact.psychedelic.net> References: <200410080701.i9871xsa027591@artifact.psychedelic.net> Message-ID: <20041008035702.O70364@ubzr.zsa.bet> Unfortunately, which the Angry Little Fascist Midget Fuck (formerly known as George W. Bush) may have started this ball rolling, the Tall Fascist NotAtAll Midget Fuck (formerly known as Kerry) will not do anything to curb this kind of illegal and immoral behaviour if elected. They are both within a few blocks of me for tomorrows debate. Will someone please just nuke the whole 1 mile square block and get it over with? My coordinates are in DNS ("loc"). This is a WISH, not a threat. I am way too much of a pussy to just do it myself, but would die happy knowing I was sharing a fireball with these two evil fuckers... On Fri, 8 Oct 2004, Eric Cordian wrote: > Date: Fri, 8 Oct 2004 00:01:59 -0700 (PDT) > From: Eric Cordian > To: cypherpunks at minder.net > Subject: FBI Raids Indymedia > > > According to http://www.indymedia.it/, the FBI seized Indymedia's servers > from their host, Rackspace. > > > Thursday Oct 7 2004, at 6 PM, FBI issued an order to Rackspace in the US > > (Indymedia's provider with offices in the US and London) to remove > > physically two of our servers. The order was so short term that > > Rackspace had to give away our hard drives in the UK. The servers > > hosted numerous local IMCs, including italy.indymedia.org. If you find > > a site is down: that might be the reason The reason why the hard drives > > were taken are unknown. > > And at http://www.smh.com.au/articles/2004/10/08/1097089554894.html > > ----- > > The FBI has issued an order to hosting provider Rackspace in the US, > ordering it to turn over two of the servers hosting the Independent Media > Centre's websites in the UK, a statement from the group says. > > Rackspace has offices in the US and the UK. Independent Media Center, > which is better known as Indymedia, was set up in 1999 to provide > grassroots coverage of the World Trade Organisation (WTO) protests in > Seattle. > > Rackspace complied with the FBI order, without first notifying Indymedia, > and turned over Indymedia's server in the UK. This affects over 20 > Indymedia sites worldwide, the group said. > > Indymedia said it did not know why the order had been issued as it was > issued to Rackspace. Rackspace told some of the group's volunteers "they > cannot provide Indymedia with any information regarding the order." ISPs > have received gag orders in similar situations which prevent them from > updating the parties involved on what is happening. > > Indymedia said a second server was taken down at Rackspace. This provided > streaming radio to several radio stations, BLAG (a Linux distribution), > and a handful of miscellanous things. > > In August the US Secret Service used a subpoena in an attempt to disrupt > the New York city Independent Media Center before the Republican National > COnvention by trying to get IP logs from an ISP in the US and the > Netherlands. > > Last month the US Federal Communications Commission shut down community > radio stations around the US. Two weeks ago the FBI asked Indymedia to > remove a post on the Nantes IMC that had a photo of some undercover Swiss > police and IMC volunteers in Seattle were visited by the FBI on the same > issue. > > Indymedia said the list of local media collectives affected included > Ambazonia, Uruguay, Andorra, Poland, Western Massachusetts, Nice, Nantes, > Lilles, Marseille (all France), Euskal Herria (Basque Country), Liege, > East and West Vlaanderen, Antwerpen (all Belgium), Belgrade, Portugal, > Prague, Galiza, Italy, Brazil, UK, part of the Germany site, and the > global Indymedia Radio site. > > -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more? From sunder at sunder.net Fri Oct 8 04:00:20 2004 From: sunder at sunder.net (Sunder) Date: Fri, 8 Oct 2004 07:00:20 -0400 (edt) Subject: Bush "wins" Message-ID: http://www.boingboing.net/images/wbay.jpg http://www.boingboing.net/2004/10/07/tv_station_reports_t.html Thursday, October 7, 2004 TV station reports that Bush has been elected President WBAY TV in Green Bay, Wisconsin is running an AP article reporting that Bush has won the election, weeks before the election is to take place. (Click image for enlargement." wbayAt this hour, President Bush has won re-election as president by a 47 percent to 43 percent margin in the popular vote nationwide. Ralph Nader has 1 percent of the vote nationwide. That's with 51 percent of the precincts reporting.... ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. ------------------------------------------------------------------------- From rah at shipwright.com Fri Oct 8 16:14:08 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 8 Oct 2004 19:14:08 -0400 Subject: Financial identity is *dangerous*? (was re: Fake companies, real money) Message-ID: Okay. So I'm coming to the conclusion that book-entry settlement, with its absolute requirement for both "identity" and float between transactions, is becoming more and more *un*-safe to use as internet ubiquity increases. Anyone want to pick up the other side of this and tell me why not? No bugbears or horsemen need apply... Cheers, RAH ------- MSNBC.com Fake companies, real money Elaborate con wrings cash out of stolen credit cards By Bob Sullivan Technology correspondent MSNBC Updated: 7:15 p.m. ET Oct. 7, 2004 T-Data, a small New-York based software company, doesn't take credit cards -- never has in its 20-year history. But a few weeks ago, owner Jeff Duhl found himself looking over $15,000 worth of credit card charges seemingly accepted by his store. A quick investigation revealed most of the charges had been made using stolen credit cards. Slowly, he caught on: Someone had stolen a batch of credit card accounts, then stolen his company's name, set up an imposter version of T-Data, and rung up thousands of dollars worth of fake purchases. The "profits" were then desposited into checking accounts controlled by the imposters. "It is ingenious," said Dan Clements, who operates merchant advocacy site CardCops.com. Duhl wasn't the only victim of this new brand of corporate identity theft: At least 50 other firms apparently also had their identities stolen in the scheme. For credit card thieves doing their best to wring money out of a stash of stolen accounts, it seems like the perfect scam. How to profit from stolen credit cards While millions of credit card account numbers are stolen every year -- 60 million last year, and perhaps 120 million this year, according to one estimate -- turning them into cash can be tricky. Merchandise ordered with the card must be delivered somewhere, which is risky. Massive cash withdrawals are quickly spotted by credit card associations. The scheme Duhl's firm was caught up in is a heady, complex alternative: First, credit card thieves find a legitimate company unlikely to already be accepting credit card transactions. They then impersonate that company and set up accounts with merchant processing providers, whose role it is to transfer funds between credit card companies and merchants. Using stolen credit cards, the thieves then start sending small payments, usually $498 or $598 at a time, to the fraudulent merchant accounts. The credit card companies send funds to the processors and they in turn send the funds off to bank accounts controlled by the criminals. "They are flying under the radar on each transaction unless someone does a whole lot of work," Duhl said. A key part of the scheme: The thieves went to the trouble of registering the domain www.T-datasoftware.com, then set up a fake Web site. The site looked like a believable business to the merchant processing providers, who gave the thieves their accounts. Duhl's imposters were able to set up accounts at seven different payment processing firms. When Duhl investigated, he discovered some 50 other Web sites -- most mere imitations of one another -- all sitting on the same computer server. "They got away with $15,000 (in charges) at my company," Duhl said. "Multiply that by the number of sites, the number of companies, these folks could be getting away with millions of dollars," he said. It's not clear how much money the criminals really did get away with in the end. Many of the processing firms interviewed for this article claimed they caught on to the fraud after the transactions had cleared, but before the suspects had withdrawn the money from various checking accounts around the country. One did concede, however, that the scheme has real potential. 'Hundreds of thousands' over a weekend "If you don't catch it you could lose hundreds of thousands of dollars over a weekend," said David Steinberg, chief credit officer at Merchant E Solutions, one of the processing firms used by the thieves. Steinberg said his company had never suffered such a loss, but that the industry is bustling with fraud attempts. Some 5 to 10 percent of all applications his firm receives are turned away as potentially fraudulent, he said. Phyllis McNeill, a spokeswoman for Global Payments, another processing firm hit in the scam, confirmed a fake account had been set up in T-Data's name with her company. She said the account was actually set up through a reseller, and was shut down after eight transactions had been performed. Randy Lobban, director of risk management at North American Bancard, said the con artists were able to open up an account at his firm and pass eight charges through the system, but the funds were never released. "They never got any money," Lobban said. He alerted the U.S. Postal Inspection Service to the incident. Representatives at First Data and Wells Fargo also confirmed that fake accounts had been opened at their firms. An official at Beacon Bank in Minnesota, where one of the checking accounts used to receive the stolen funds had been set up, confirmed that he had discussed the situation with Duhl, but would not provide further comment. Corporate ID theft Whoever impersonated T-Data were clever enough to throw a few monkey wrenches in the path of anyone trying to detect them. When applying for the compulsory credit check needed to obtain the fake merchant account, for example, the thieves didn't use T-Data's tax ID number. Instead, they used the name and credit profile of a man unconnected with the company. Steven Wiencek, who lives on Long Island near the company, didn't even know his credit had been checked until contacted by MSNBC.com for this story. But the application, which listed Wiencek as company president, gives his Social Security number and driver's license number, suggesting the people behind this scheme have access to a wide swath of stolen credit cards and stolen identities. Another attempt at misdirection was foiled by an alert mail carrier. The application for the merchant account used a slight variation of Duhl's address -- apparently an attempt to ensure that mail to Duhl would be lost. But a knowledgeable local postal worker recognized the company name anyway, leading Duhl to discover the dupe. "Without that, I may not have found out about this for a long time," he said. The thieves were also persistent. Using one stolen credit card, they attempted to steal $2,500 through five separate faked merchant accounts, according to an affidavit of credit card fraud supplied by Duhl. Another corporate ID victim, John Bartholomew of Abcom Services, said he was lucky, because Duhl contacted him just as the scam began. "We are a management company in long-term health care. We would have no reason to use credit cards," he said. The firm had been in business for 21 years, and never accepted a single charge -- until the criminals stole his company's name, Bartholomew said. True to form, the criminals hijacked his brand name and set up merchants accounts using his company's name and a similar -- but slightly altered -- street address. The good news is, Bartholomew was able to warn the merchant account providers soon enough that only about $4,000 in charges were run through his company's name. The bad news is, some of the providers are still trying to make him pay the bill for the charges. He figures he's spent about $5,000 in legal fees trying to clean up the mess. Who are they working with? Rob Douglas, a consultant who operates PrivacyToday.com, blames the merchant account providers for never checking to see if the name on the account application actually represented a real person who worked at the firm. "You have to ask what the companies that set up the merchant accounts are doing?" he said. "Who has the responsibility to do due diligence that they are in fact working with who they think they are working with when they open an account?" But several of the merchant service providers pointed out the difficulty of stopping all fraudulent applications in a world where identities are so easily stolen. "For all of us, it's a tough business," Steinberg, of Merchant E Services, said. "It's a large, large problem." Duhl himself blames the banks where the money was to eventually wind up -- wondering how the thieves were able to set up accounts in the post-Patriot Act era. Apparently worried as much about security implications as his personal loss, Duhl contacted the FBI, the Secret Service and the U.S. Postal Inspector's Office. None of the agents he spoke to returned phone calls placed by MSNBC.com. He says he is frustrated that none of the agencies seem to have taken any interest in the incident -- particularly because at least one phone call was placed to Pakistan using the cell phone purchased in his company's name, and one of the bank accounts used to funnel money was established by suspects who presented Russian passports as identification, he says his own research revealed. "No one in the government seems like they are going to get interested in establishing a case," Duhl said. Douglas, who consults with firms trying to deal with the new trend of corporate identity theft, says there's little small companies like Duhl's can do to prevent this kind of incident. But one piece of practical advice he offers larger firms: search the Web once a week for evidence of impersonation. "As strange as it sounds, companies need to have one or more people assigned to surf the Web and see if there are mirror sites out there, just like we tell parents to surf for their child's name," he said. Bob Sullivan is the author of Your Evil Twin: Behind the Identity Theft Epidemic -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From bill.stewart at pobox.com Fri Oct 8 22:57:28 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Fri, 08 Oct 2004 22:57:28 -0700 Subject: RFID Driver's licenses for VA In-Reply-To: <0410080125570.11413@somehost.domainz.com> References: <0410080125570.11413@somehost.domainz.com> Message-ID: <6.0.3.0.0.20041008225450.0424ab78@pop.idiom.com> >On Thu, 7 Oct 2004, Sunder wrote: > > So the cops and RFID h4x0rZ can know your true name from a distance. and > > since RFID tags, are what, $0.05 each, the terrorists and ID > > counterfitters will be able to make fake ones too... Whee! >At 04:35 PM 10/7/2004, Thomas Shaddack wrote: >A defense is a metal board in a wallet, close to the RFID chip's antenna. >It is readable when the licence is taken out of the wallet. When inside, >the antenna is quite effectively shielded. Tinfoil Wallets, anybody? :-) Actually, does anybody know if metallized mylar would do a good job of blocking RFID readers, or if that carbon-fiber insulating cloth that's useful for RF-shielded rooms would work well enough? Also sounds like a good reason to carry a Rivest RFID blocker in your wallet. ---- Bill Stewart bill.stewart at pobox.com From sfurlong at acmenet.net Sat Oct 9 04:44:53 2004 From: sfurlong at acmenet.net (Steve Furlong) Date: 09 Oct 2004 07:44:53 -0400 Subject: Implant replaces ID cards for access to restricted areas. In-Reply-To: <8e5b8994046e2cba50b02a5311eb8d62@dizum.com> References: <8e5b8994046e2cba50b02a5311eb8d62@dizum.com> Message-ID: <1097322293.12743.12.camel@daft> On Thu, 2004-10-07 at 02:20, Nomen Nescio wrote: > Mexican Attorney General, Staff Get Chip Implants > > Implant replaces ID cards for access to restricted areas. I think I'd get the implant under my scalp somewhere. If the implant gave access to a really critical place, I wouldn't want to risk losing an arm or whatever. Also, I'd be able to block the implant's signals with my nifty tinfoil hat. I've been waiting for a use for that thing. From mv at cdc.gov Sat Oct 9 09:03:22 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 09 Oct 2004 09:03:22 -0700 Subject: RFID Driver's licenses for VA Message-ID: <41680BCA.BF9B9C8E@cdc.gov> At 10:57 PM 10/8/04 -0700, Bill Stewart wrote: >>At 04:35 PM 10/7/2004, Thomas Shaddack wrote: >>A defense is a metal board in a wallet, close to the RFID chip's antenna. >>It is readable when the licence is taken out of the wallet. When inside, >>the antenna is quite effectively shielded. > >Tinfoil Wallets, anybody? :-) When you get your driver's license, you should run a magnet over it to keep iron oxides from staining your wallet. And apparently you should now microwave it to clean those DMV-employee pathogens from it. Then it will be safe to carry, and you can see for yourself what it tells everyone else ---part of the definition of safety. From rsw at jfet.org Sat Oct 9 07:28:27 2004 From: rsw at jfet.org (Riad S. Wahby) Date: Sat, 9 Oct 2004 09:28:27 -0500 Subject: RFID Driver's licenses for VA In-Reply-To: <6.0.3.0.0.20041008225450.0424ab78@pop.idiom.com> References: <0410080125570.11413@somehost.domainz.com> <6.0.3.0.0.20041008225450.0424ab78@pop.idiom.com> Message-ID: <20041009142826.GA9218@jfet.org> Bill Stewart wrote: > Tinfoil Wallets, anybody? :-) My wallet is a metal cigarette case. It's quite effective at blocking RFID, proxcards, &c. Plus, it's chic enough that almost no one considers the paranoia aspect. -- Riad S. Wahby rsw at jfet.org From rah at shipwright.com Sat Oct 9 06:52:05 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 9 Oct 2004 09:52:05 -0400 Subject: Once Again, America First Message-ID: The New York Times October 10, 2004 ESSAY Once Again, America First By FRANKLIN FOER N May 4, American conservatism took an unexpected turn. That morning, George Will -- the movement's most influential columnist, one of its icons -- slapped George W. Bush with a tart reprimand. For a year, Will had obliquely hinted of his grave misgivings about the Iraq war and the push to democratize the Middle East. But with the insurgency escalating, he now felt obliged to state his frustration bluntly. ''This administration cannot be trusted to govern if it cannot be counted on to think and, having thought, to have second thoughts,'' he wrote. From the war's start, a few stray conservatives have criticized it. The columnist Patrick J. Buchanan vociferously opposed Bush's campaign against Saddam Hussein, just as he had opposed the one waged by Bush's father. Other opponents resided in heterodox corners of the movement like the libertarian Cato Institute and the traditionalist Chronicles magazine. But Will's migration toward the antiwar camp represented a significant shift: full-fledged members of the conservative establishment were now expressing doubts about the prospects for American success in Iraq. Indeed, Will has been joined by a small legion, from the powerful Representative Henry Hyde to the influential lobbyist Stephen Moore. ''I supported the war and now I feel foolish,'' the conservative commentator Tucker Carlson confessed to The New York Times. While this backlash against the war may seem unexpected -- the Bush presidency has inspired fierce loyalty from conservatives -- it is hardly surprising if one looks at the movement's past. The right's skepticism of the state has long reverberated within its foreign policy. Conservatives have raised questions about the ability of the American government to spread democracy abroad, just as they have doubted its ability to deliver social welfare at home. They have long feared that wartime is like a strong fertilizer heaped on government, causing it to sprout new departments and programs that never manage to disappear once peace resumes. For most of the cold war, conservatism sublimated these doubts to pursue its overriding objective of eliminating global Communism. But with the Iraq war hitting a rough patch, this anti-interventionist tradition is suddenly poised for revival. The conservative movement has its own creation myth, told in books like William A. Rusher's ''Rise of the Right.'' Before the early 1950's, these histories usually begin, there was no such thing as a conservative. Sure, you could find scattered libertarians and traditionalists camped in obscure little magazines. But they hardly constituted a movement, and they certainly didn't have a coherent ideology. In the early 50's, however, the tide began to turn. Whittaker Chambers unleashed his masterwork, ''Witness,'' in 1952, and Russell Kirk published ''The Conservative Mind'' a year later. Two years after that, National Review was founded to bottle this new energy and serve as a vanguard for a coalescing movement. This version of events almost makes it seem as if the right mystically appeared from nowhere. It's easy to understand why conservatives would want their movement's biography to exclude its earlier history. Before World War II, isolationism had been a major tendency, perhaps the major tendency, on the right. And by the 50's, isolationism had been badly (often unfairly) stigmatized. One of conservatism's early and now largely forgotten folk heroes was Albert Jay Nock, the flamboyant author of ''Memoirs of a Superfluous Man,'' who wore a cape and celebrated Belgium as his ideal society. In 1933, Nock wrote about ''the Remnant,'' borrowing the term from Matthew Arnold and the Book of Isaiah. By the Remnant he meant an enlightened elite that rejected the phoniness of mass society. A few historians have used Remnant as a synonym for the pre-National Review right -- a group that included the economic journalists Garet Garrett and Frank Chodorov, Ayn Rand, Rose Wilder Lane (Laura Ingalls Wilder's daughter) and, to an extent, H. L. Mencken. Nock's allusion to Isaiah works nicely for these polemicists, who issued thunderous, Old Testament-like warnings about American decline. Finding themselves at the forefront of opposition to World War II, they turned to the America First movement. Their hatred for war followed from their radical individualism. As the essayist Randolph Bourne (not a conservative) famously put it about World War I, ''War is the health of the state.'' Since these writers disliked the state, they came to dislike war, too. While the greatest generation has become deeply etched into the national mythology, only a smattering of scholarly monographs, like Wayne S. Cole's ''Roosevelt and the Isolationists, 1932-1945,'' have dwelt on the opposition to World War II. But the America First Committee achieved a significant following in the late 30's. At its pre-Pearl Harbor peak, it claimed approximately 800,000 members -- and not just angry farmers and protofascists. Its Yale Law School chapter included Gerald Ford and Potter Stewart, the future Supreme Court justice; John F. Kennedy sent the organization a $100 check. Even though the antiwar movement drew support from across the political spectrum, it included many of the intellectuals and activists who would help revitalize the conservative movement in the 50's. Russell Kirk supported the Socialist Norman Thomas because of his antiwar stand. Henry Regnery, the seminal conservative publisher (whose house, now run by his son, Alfred, has had a recent success with ''Unfit for Command''), broke into the business with pro-German tracts critical of the Nuremberg trials. Willmoore Kendall, William F. Buckley's intellectual mentor at Yale and the inspiration for Saul Bellow's short story ''Mosby's Memoirs,'' began on the far left. But when his comrades renounced their neutrality to side with the Allies, a disillusioned Kendall took a major leap in his journey rightward. As a precocious child, Buckley followed his father's anti-interventionist politics and named his first sailboat Sweet Isolation. At times, these conservatives foreshadowed the arguments made by 60's radicals opposing American intervention in Vietnam. In a wartime speech, the Ohio senator Robert A. Taft intoned, ''Political power over other nations, however benevolent its purposes, leads inevitably to imperialism.'' So how did these isolationists turn into the cold war's most fervent hawks? The most persuasive explanation is also the most obvious: Communism. National Review -- filled with Catholics and former leftists -- viewed the Soviet Union as such an overwhelming threat that it willingly set aside its fear that the cold war would create a Leviathan federal government. In fact, anti-Communism's primary importance to the movement came to be enshrined in a doctrine called fusionism, formulated by the National Review writer Frank Meyer, an ex-Communist. The doctrine, which Meyer hashed out in his 1962 book, ''In Defense of Freedom,'' held that conservatism's competing wings, traditionalist and libertarian, should make ideological peace. Above all, they faced a common Red enemy. Even if they hadn't been so eager to combat Communism, conservatives would have had good political reasons to distance themselves from their earlier isolationism. After Pearl Harbor, public opinion swung heavily in support of the war. In the process, isolationism emerged as a synonym for disloyalty and anti-Semitism. At the height of the so-called Brown Scare, Walter Winchell read the names of isolationists on the radio and pronounced them ''Americans we can do without.'' Given the abuse suffered by isolationists during World War II, it may seem surprising that they often became the most fervent boosters of the fierce cold warrior Joseph McCarthy. But in fact, McCarthy helped ease the isolationists into their new hawkish identity. In his history of the postwar era, ''Troubled Journey,'' Fred Siegel argues that McCarthy served as the isolationists' ''tribune of revenge.'' He enabled them to retaliate against the internationalist liberals who had sent our boys to war, and to strike back at the very men who had tarred them as traitors during the struggle against fascism. As George H. Nash put it in his classic book, ''The Conservative Intellectual Movement in America Since 1945,'' Joseph McCarthy's crusade had drawn many of the embattled conservatives together in ''a bruising common struggle.'' But it hadn't drawn all of them together. Conservatism emerged out of the McCarthyite moment with a new enemy: that small band of conservatives who continued clinging to isolationism. National Review, for one, didn't have any place for them in its pages. According to Buckley's biographer John B. Judis, with the founding of the magazine, and its masthead brimming with stalwart interventionists like James Burnham, Buckley ''was turning his back on much of the isolationist and anti-Semitic Old Right that had applauded his earlier books and that his father had been politically close to.'' And he did more than turn his back. He waged war against them. After the John Birch Society announced its opposition to the Vietnam War in 1965, National Review spent 14 pages denouncing the group and its conspiracy theories. (The Birchers considered Communist infiltration of the American government the threat that required attention.) Upon the death of the libertarian isolationist Murray Rothbard in 1995, Buckley quipped, ''We extend condolences to his family, but not to the movement he inspired.'' The historian Jonathan M. Schoenwald has documented many of these struggles between National Review and its fellow conservatives in his book, ''A Time for Choosing.'' Without a home in the conservative movement, the isolationists had no choice but to search for allies in unlikely quarters. During the late 60's, they often teamed up with the New Left, becoming stalwarts of the antiwar movement. Karl Hess, a speechwriter for Barry Goldwater's 1964 campaign and the author of the memoir-cum-political tract ''Dear America,'' argued, ''Vietnam should remind conservatives that whenever you put your faith in big government for any reason, sooner or later you wind up an apologist for mass murder.'' In 1969, Hess joined with a libertarian antiwar faction that quit the Young Americans for Freedom (Y.A.F.), the campus conservative group. And a few on the New Left returned the favor, heartily embracing the apostates. In 1975, the historian Ronald Radosh (then a man of the left) published ''Prophets on the Right,'' a book championing the prescience of Robert A. Taft and other ''conservative critics of American globalism.'' This long history of residing on the fringe ended suddenly with the collapse of the Berlin Wall. In 1992, Buchanan ran a surprisingly strong campaign in the Republican presidential primaries on an explicitly ''anti-imperialist'' platform -- a platform that he further developed in his revisionist history, ''A Republic, Not an Empire.'' ''When we hear phrases like 'New World Order,' we release the safety catches on our revolvers,'' he wrote in one of his newspaper columns. Even if his party ultimately rejected him, it co-opted much of his program, and in 1995, a year after Republicans ascended to the majority in the House of Representatives, 190 of them voted to deny funds for American troops stationed in Bosnia. By the end of the decade, condemnations of ''foreign policy as social work'' and ''nation building'' had become standard in conservative boilerplate. Buchananite foreign policy has an intellectual wing, paleoconservatism. Long before French protesters and liberal bloggers had even heard of the neoconservatives, the paleoconservatives were locked in mortal combat with them. Paleocons fought neocons over whom Ronald Reagan should appoint to head the National Endowment for the Humanities, angrily denouncing them as closet liberals -- or worse, crypto-Trotskyists. Even their self-selected name, paleocon, suggests disdain for the neocons and their muscular interventionism. Clustered around journals like Chronicles and Southern Partisan, the paleocon ranks included the syndicated columnist Sam Francis and the political theorist Paul Gottfried. Their writings have been anthologized in ''The Paleoconservatives: New Voices of the Old Right,'' edited by Joseph Scotchie. The paleocons explicitly hark back to Garrett, Nock and the Remnant, what they lovingly call the ''Old Right.'' Like their mentor, Russell Kirk, the paleocons venerate traditional society, celebrating hierarchy, patriarchy and even the virtues of the antebellum South. They bemoan feminism, immigration and multiculturalism. A foreign policy naturally follows from these domestic views. The dismal state of American civilization so depresses them that they see no point in exporting its values abroad. Kirk announced in a 1990 lecture to the Heritage Foundation that America's contribution to the world will be ''cheapness -- the cheapest music, the cheapest comic books and the cheapest morality that can be provided.'' Counterattacking, the neocons often accused the paleocons of anti-Semitism. David Frum, for instance, built this case in his 1994 book, ''Dead Right.'' Indeed, this is a charge that has dogged isolationists -- from Nock to Charles Lindbergh (who is elected president in Philip Roth's new counterfactual novel, ''The Plot Against America'') to Buchanan. With their pleas for ''America first'' and their rejection of cosmopolitan foreign policy, they have occasionally vilified the oldest symbol of cosmopolitanism -- the Jew. During the gulf war debate, Buchanan spoke of the Israel defense ministry's ''American amen corner.'' Even the best thinkers in this tradition haven't been immune from repeating canards about Jewish dual loyalties. In 1988, Kirk accused the neocons of mistaking ''Tel Aviv for the capital of the United States.'' George W. Bush entered office implicitly promising agnosticism in the long-running debate between neocons and paleocons. On the 2000 campaign trail, he promised a ''distinctly American internationalism'' that would provide ''idealism, without illusions; confidence, without conceit; realism, in the service of American ideals.'' Of course, after 9/11, Bush dispensed with this doctrinal neutrality. And in adopting a neocon foreign policy, he rallied most conservatives behind his ambitious agenda, a dramatic turnabout in opinion from the 90's. Will this consensus hold? Already, many conservative writers seem primed to abandon it. Even when they haven't gone as far as Will or Carlson in their criticisms of the war, they have flashed their discomfort with Bush's goal of planting democracy in Iraq. National Review has called this policy ''largely, if not entirely, a Wilsonian mistake.'' With these signs of restlessness, it's easy to imagine that a Bush loss in November, coupled with further failures in Iraq, could trigger a large-scale revolt against neoconservative foreign policy within the Republican Party. A Bush victory, on the other hand, will be interpreted by many Republicans as a vindication of the current course, and that could spur a revolt too. If the party tilts farther toward an activist foreign policy, antiwar conservatives might begin searching for a new political home. In the meantime, the publishing industry may be providing a test of the Bush consensus: Pat Buchanan's new book, ''Where the Right Went Wrong: How Neoconservatives Subverted the Reagan Revolution and Hijacked the Bush Presidency,'' has already climbed onto the New York Times best-seller list. Perhaps the movement's current state of mind is best reflected in its godfather, William F. Buckley. In June, he relinquished control of National Review. When asked about Iraq by The New York Times, he confessed: ''With the benefit of minute hindsight, Saddam Hussein wasn't the kind of extraterritorial menace that was assumed by the administration one year ago. If I knew then what I know now about what kind of situation we would be in, I would have opposed the war.'' It is noteworthy that Buckley's departure from the right's flagship journal should be accompanied by such ambivalence and profound questions about the movement's first principles. Conservatives could soon find themselves retracing Buckley's steps, wrestling all over again with their isolationist instincts. Franklin Foer, a senior editor at The New Republic and a contributing editor for New York magazine, is the author of ''How Soccer Explains the World: An Unlikely Theory of Globalization.'' -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From sfurlong at acmenet.net Sat Oct 9 11:14:01 2004 From: sfurlong at acmenet.net (Steve Furlong) Date: 09 Oct 2004 14:14:01 -0400 Subject: RFID Driver's licenses for VA In-Reply-To: <41680BCA.BF9B9C8E@cdc.gov> References: <41680BCA.BF9B9C8E@cdc.gov> Message-ID: <1097345641.16558.1.camel@daft> On Sat, 2004-10-09 at 12:03, Major Variola (ret) wrote: > When you get your driver's license, you should run a magnet over > it to keep iron oxides from staining your wallet. And apparently > you should now microwave it to clean those DMV-employee pathogens > from it. Then it will be safe to carry, and you can see for yourself > what it tells > everyone else ---part of the definition of safety. And rub that funny black and white smudge thing with nail polish remover -- looks like someone with wet nail polish was handling the card, and you don't want that smudge to cover up whatever was written under it. From rah at shipwright.com Sat Oct 9 13:33:55 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 9 Oct 2004 16:33:55 -0400 Subject: Technology | Top 20 computer threats unveiled Message-ID: The BBC Saturday, 9 October, 2004, 11:41 GMT 12:41 UK Top 20 computer threats unveiled The yearly hit parade of hackers' favourite security vulnerabilities has been published. Issued by the respected Sans Institute, the Top 20 list helps organisations find out if they are closing the most commonly exploited loopholes. With more than 2,500 software vulnerabilities found every year many organisations need help to know which ones to tackle first. The list includes loopholes found in both Windows and Unix/Linux software. Big hitter "It's a first things first list," said Alan Paller, head of the Sans Institute, a non-profit group which trains and certifies computer security professionals. "It can be very helpful for people that are trying to fix their vulnerabilities." He told BBC News Online that it was the list of the vulnerabilities hackers were attacking now. TOP 10 WINDOWS 1. Web servers & services 2. Workstation service 3. Windows remote access services 4. Microsoft SQL server 5. Windows authentication 6. Web browsers 7. File-sharing applications 8. LSAS 9. E-mail programs 10. Instant messaging Each entry in the Top 20 mentions a category of software and the accompanying report fleshes out individual vulnerabilities and what organisations can do to close these holes. Almost 60% of the loopholes listed this year were in the 2003 Top 20 list. Mr Paller said this was because only half of all organisations bother to patch their systems. "These vulnerabilities are like little diseases that you cannot wipe out if 50% of people do not have the vaccine," he said. Mr Paller said we will only see significant changes in the Top 20 when organisations get to the point of finding and fixing vulnerabilities automatically. Shrinking holes Gerhard Eschelbeck who studies vulnerabilities for online security firm Qualys said: "It gives people a benchmark to measure themselves against." TOP 10 UNIX/LINUX 1. Bind domain name system 2. Web server 3. Authentication 4. Version control systems 5. Mail transport services 6. Simple Network Management Protocol (SNMP) 7. Open secure sockets layer (SSL) 8. Misconfiguration of enterprise services 9. Databases 10. Kernel He said that better information about vulnerabilities popular with the virus writing and hacking communities can help organisations protect themselves. "The underground knows this data very well," he said. "We want to level the playing field here between the guys that have the data and the bad intentions and the people that need to know about this so they can do their job effectively." Mr Eschelbeck's work on vulnerabilities shows that every 21 days, on average, the number of web-facing systems vulnerable to a particular loophole shrinks by 50% as people patch machines. For internal machines, such as the PCs on workers' desktops, the number shrinks 50% every 62 days. This difference, said Mr Eschelbeck, comes about because of the sheer number of PCs have on desktops and the time it takes to scan them and see which vulnerabilities they are hosting. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat Oct 9 13:38:45 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 9 Oct 2004 16:38:45 -0400 Subject: Papers Show Confusion as Government Watch List Grew Quickly Message-ID: The New York Times October 9, 2004 Papers Show Confusion as Government Watch List Grew Quickly By ERIC LICHTBLAU ASHINGTON, Oct. 8 - The government's list of banned airline passengers has grown from just 16 names on Sept. 11, 2001, to thousands of people today amid signs of internal confusion and dissension over how the list is implemented, newly disclosed government documents and interviews showed Friday. A transportation security official acknowledged in one internal memorandum that the standards used to ban passengers because of terrorism concerns were "necessarily subjective," with "no hard and fast rules." More than 300 pages of internal documents, turned over by the Justice Department on Friday as part of a lawsuit brought by the American Civil Liberties Union, provide a rare glimpse inside the workings of the government's so-called no-fly list. Federal officials have maintained tight secrecy over the list, saying little publicly about how it is developed, how many people are on it or how it is put into practice, even as prominent people like Senator Edward M. Kennedy have been mistakenly blocked from boarding planes. The American Civil Liberties Union sued the federal government last year under the Freedom of Information Act on behalf of two San Francisco women who said they suspected their vocal antiwar protests led to their being banned from flying. The Justice Department fought the release of information on the no-fly list on national security grounds, leading a federal judge in San Francisco to admonish government lawyers for making "frivolous claims" to justify the unusual secrecy. He ordered the government to comply with the Freedom of Information Act, prompting the Justice Department to turn over the internal documents to the A.C.L.U. on Friday. Federal officials said they could not discuss the documents Friday because of the pending lawsuit. In general, said Brian Roehrkasse, spokesman for the Department of Homeland Security, "we have taken numerous steps to refine the no-fly system, including better definition of the criteria for the watch list and putting in place an effective redress system that allows passengers who are mistakenly put on the list to be removed." But Thomas R. Burke, a lawyer representing the A.C.L.U., said the documents raised "some very serious concerns about the criteria the government is using in developing the no-fly list and the internal miscommunication in implementing it." In an internal e-mail message in May 2002, for instance, an F.B.I. supervisor, whose name was deleted, complained that the Transportation Security Administration had made the F.B.I. responsible for pursuing possible matches from the list but had failed to inform the bureau about changes in no-fly security directives. "Despite my best efforts, the T.S.A. just motors along, and I and the agents are being whipped around the flagpole trying to do the right thing," the official wrote. In another internal message in October 2002, an F.B.I. official in St. Louis cited difficulties in getting suspects put on the no-fly list and in coordinating different watch lists. The various watch lists "are not comprehensive and not centralized," said the official, whose name was also deleted. Some people "appear on one list but not the others. Some of the lists are old and not current. We are really confused." Federal officials have been developing a master terrorist watch list to consolidate the no-fly list and nine others kept by different agencies. But a report last week by Clark K. Ervin, the Department of Homeland Security's inspector general, found serious coordination problems in that effort. The documents released Friday show that the government's no-fly list as of Sept. 11, 2001, had only 16 names on it - fewer than the number of terrorists who hijacked the four airliners that day. Several investigations have criticized the government's failure to put two of the hijackers on watch lists even after their terrorist ties became known. The no-fly list grew drastically after the attacks, and one document in Friday's material said the number of banned passengers ballooned to nearly 600 within about two months. Another 365 names were put on a secondary list that allows them to board a plane after getting closer scrutiny. The two lists had grown to about 1,000 names by December 2002, one document showed. The documents do not give a current total, but a law enforcement official, speaking on condition of anonymity, said Friday the names on the no-fly and secondary flight lists total about 10,000, with the no-fly list accounting for "a few thousand." Another government official corroborated that account. Copyrigh -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat Oct 9 13:38:53 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 9 Oct 2004 16:38:53 -0400 Subject: Faulty 'No-Fly' System Detailed Message-ID: The Washington Post washingtonpost.com Faulty 'No-Fly' System Detailed By Sara Kehaulani Goo Washington Post Staff Writer Saturday, October 9, 2004; Page A01 The federal government's "no-fly" list had 16 names on it on Sept. 11, 2001. Today, it has more than 20,000. The list, which identifies suspected terrorists seeking to board commercial airplanes, expanded rapidly even though the government knew that travelers were being mistakenly flagged, according to federal records. The records detail how government officials expressed little interest in tracking or resolving cases in which passenger names were confused with the growing number of names on the list. More than 2,000 people have complained to the Transportation Security Administration. Airlines, at one point, were calling the agency at least 30 times a day to say that they had stopped a passenger whose name was similar to one on the list but after further investigation was determined not to be a terror suspect, according to a TSA memo. More than 300 pages of documents related to the no-fly and related lists were released late Thursday night by the TSA and the FBI in response to a federal court order. The American Civil Liberties Union had filed suit on behalf of Jan Adams and Rebecca Gordon, two peace activists who wanted to know why their names had turned up on a no-fly list. The documents reveal early symptoms of what are now known to be flaws with the watch lists. Travelers who were flagged by the lists said they now foil the system by altering how their names are spelled on their tickets -- adding their middle initials, full middle names or titles, for example. Government officials do not announce when they stop passengers actually on the lists. The only publicly known case involved Yusuf Islam, once known as the pop singer Cat Stevens, who was prevented last month from entering the country. The information revealed by the documents is "not very comforting," said Thomas R. Burke, a San Francisco attorney representing the peace activists and the ACLU. The TSA acknowledges that the system for checking passenger names for suspected terrorists needs fixing, and it plans to overhaul it in a new program called Secure Flight. The Justice Department declined to comment. The false matches "underscore the need we have to get more information on passengers to adjudicate those that are not a risk," said Department of Homeland Security spokesman Brian Roehrkasse. Every time a passenger books a ticket, the airline checks the traveler's name against two enormous government databases, or watch lists, of people the government believes pose a threat. The FAA created two lists in 2001: a no-fly list and a so-called selectee list, both of which airlines compare against reservation records. When the TSA was formed in 2002, it took over maintenance of the lists from the FAA. The no-fly list grew from 16 names supplied by the FBI in 2001 to 1,000 names by the end of 2002, according to the newly released TSA documents. There are now more than 20,000 names on the no-fly list, some which are aliases, according to a homeland security source who is not allowed to release such numbers. There are several thousand names on the selectee list, according to the source. Internal TSA memos direct airlines to refuse boarding to a passenger on the no-fly list and to alert the local FBI. Travelers on the selectee list are to be directed to a law enforcement officer and put through additional security procedures in order to board the plane, the documents said. Airlines declined to say exactly what kind of technology they use to match names. But the documents make clear that in the months after Sept. 11, carriers were having difficulty with the task. The Air Transport Association, the airline trade group, met with the TSA's top policy director in December 2002 to address the "false positives problem," according to a TSA memo. "This has been such a headache for me," wrote one Alaska Airlines executive, whose name was redacted, in an e-mail to the TSA a week before the meeting. "Any solutions . . . would be greatly appreciated." TSA officials wrote letters and e-mails of apology to passengers who complained of being mistakenly flagged by the lists. But in an internal memo, officials said there was little the agency could do. "While a few carriers keep track of 'false positives' the majority do not," wrote Chad Wolf, now TSA's number-two policy official, in a December 2002 e-mail to agency legislative affairs official Cori Sieger. "Consequently, TSA does not have the ability to record this data nor is there a pressing need to do so." Passengers are falsely flagged by the lists in such large numbers because of the kind of technology airlines use to compare the reservation lists to the watch lists, according to experts in name-matching technology. Each airline conducts the matches differently. Many major carriers use a system that strips the vowels from each passenger's name and assigns it a code based on the name's phonetic sound, according to the Air Transport Association. The name-matching technology is "too simplistic for a very complex problem," said Jack Hermansen, co-founder of Language Analysis Systems Inc. in Herndon, a company that has a competing name-matching technology that factors in a name's cultural origin. "It's these accidental matches that cause the big problem." The phonetic-code concept is traced back to a program called Soundex patented in 1918, which was used by Census Bureau officials to help sort out names that sounded similar but might be spelled differently. The name "Kennedy," for example, would be assigned the Soundex code K530, which is the same code assigned to Kemmet, Kenndey, Kent, Kimmet, Kimmett, Kindt and Knott, according to genealogy Web sites that use the technology. Today's systems are more sophisticated than Soundex, but they grew from the same origins, experts said. "The reason this technology is used is you're really trying to protect against typing errors," said Steven Pollock, executive vice president at TuVox Inc., a company that sells speech-recognition software. "When someone types in a name, the problem and the challenge is people will spell names incorrectly. . . . Names are definitely the toughest things to get [right], no doubt about it." But the phonetic coding systems tend to ensnare people who have similar-sounding names, even though a human being could tell the difference. Earlier this month, for example, Rep. Donald E. Young (R-Alaska), said he was flagged on the "watch list" when the airline computer system mistook him for a man on the list named Donald Lee Young. ) 2004 The Washington -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From bill.stewart at pobox.com Sat Oct 9 19:11:12 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Sat, 09 Oct 2004 19:11:12 -0700 Subject: Fwd: Libertarian and Green Party Presidential Candidates Arrested! Message-ID: <6.0.3.0.0.20041009190641.04178728@pop.idiom.com> >Date: Sat, 9 Oct 2004 18:08:55 -0700 (PDT) >Subject: Libertarian and Green Party Presidential Candidates Arrested! >From: (another list) >While trying to enter the Bi-Partisan Press Conference tonight to serve >legal papers to the CPD: > >http://badnarik.org/supporters/blog/2004/10/08/michael-badnarik-arrested/ > >8:38PM CT > >The first report from St. Louis is in - and presidential candidates >Michael Badnarik (Libertarian) and David Cobb (Green Party) were just >arrested. Badnarik was carrying an Order to Show Cause, which he intended >to serve the Commission on Presidential Debates (CPD). Earlier today, >Libertarians attempted to serve these same papers at the Washington, D.C. >headquarters of the CPD - but were stopped from approaching the CPD office >by security guards. > >Fred Collins reported to me from the ground that Badnarik and Cobb are in >great physical condition and great spirit. > >As soon as more details are available, they will be posted here immediately. > >8:51PM CT > >I just spoke with Jon Airheart on his cellular telephone. He reports that >while he could see no handcuffs, both Badnarik and Cobb had their hands >behind their backs, as if they were handcuffed. Airheart also confirms >that Badnarik did have the papers to serve the CPD in his jacket pocket. > >9:09PM CT > >The first AP report just hit Google News: > > Just as the debate began, two third-party presidential candidates >purposely crossed a police barricade and were arrested. Green Party >presidential candidate David Cobb and Libertarian Party candidate >Michael Badnarik were protesting their exclusion from the debate > >And a whole lot more on the blog page... > >Mark ---- Bill Stewart bill.stewart at pobox.com From measl at mfn.org Sun Oct 10 05:45:15 2004 From: measl at mfn.org (J.A. Terranson) Date: Sun, 10 Oct 2004 07:45:15 -0500 (CDT) Subject: [TSCM-L] Interception capabilities 2000 (EC report on Echolon) (fwd) Message-ID: <20041010074431.B77998@ubzr.zsa.bet> No doubt many here will have an interest in this as well. -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "An ill wind is stalking while evil stars whir and all the gold apples go bad to the core" S. Plath, Temper of Time ---------- Forwarded message ---------- Date: Sun, 10 Oct 2004 12:40:41 -0000 From: contranl Reply-To: TSCM-L at yahoogroups.com To: TSCM-L at yahoogroups.com Subject: [TSCM-L] Interception capabilities 2000 (EC report on Echolon) . Good morning... I gues (not)everybody has read this: "Interception capabilities 2000" http://www.europarl.eu.int/stoa/publi/pdf/98-14-01-2_en.pdf (http://tinyurl.com/4lxds) This is an official report carried out for the European Commision in 2000. It deals with the "Echolon" network and the "alleged" use of it by the US and friends for militairy and industrial espionage... Yes i know it's old stuff but not outdated and makes very good reading... So i tried to upload it to the files section...but it was refused since it is to big. I consider this standard reading and it should be in the files section since it is not that easy to find if you don't know where to look for it (yes i know now). Maybe someone can cut it into 2 pieces (Pdf) and upload it ? Tnx 73's Tetrascanner ------------------------ Yahoo! Groups Sponsor --------------------~--> $9.95 domain names from Yahoo!. Register anything. http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/UBhwlB/TM --------------------------------------------------------------------~-> ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/TSCM-L/ <*> To unsubscribe from this group, send an email to: TSCM-L-unsubscribe at yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ From jrandom at i2p.net Sun Oct 10 07:57:17 2004 From: jrandom at i2p.net (jrandom) Date: Sun, 10 Oct 2004 07:57:17 -0700 Subject: [i2p] 0.4.1.2 is available Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, We've got a new 0.4.1.2 release out and about with a bunch of bugfixes, tools to help monitor the health of your node, reduce memory churn, and help cut down on the per-hop message processing time. I don't expect any sort of revolutionary performance improvements with this, but I do hope it'll make the latency a bit smoother. Upgrading is highly recommended. The full list of whats been added since 0.4.1.1 is up and available at http://dev.i2p.net/cgi-bin/cvsweb.cgi/i2p/history.txt?rev=HEAD Its all backwards compatible, and duck has been helping me test out these updates as they've been made (as well as gather truckloads of stats to help identify the bottlenecks on his fairly active router). As always, the goods are up @ http://www.i2p.net/download =jr SHA1(i2p.tar.bz2)= 455b936f0b49ee58ab50739e7b00a482678b9291 SHA1(i2p_0_4_1_2.tar.bz2)= 124ce2e680f8a194d573edc9e688c6ab1f085d05 SHA1(i2pupdate.zip)= e6f140f9a4ccdb59e3784510c9bff5d336dafca4 SHA1(install.jar)= 5a92ffdac4edce942faa2f8fa3b9c468f646a6db -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQWlNgBpxS9rYd+OGEQJcBQCghZVED/5eHT3L8mEwIiRM34jS9hwAoJ8O hdm6AaL62BKroSQHNfFuXzNH =oKAI -----END PGP SIGNATURE----- _______________________________________________ i2p mailing list i2p at i2p.net http://i2p.dnsalias.net/mailman/listinfo/i2p ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From measl at mfn.org Sun Oct 10 16:00:18 2004 From: measl at mfn.org (J.A. Terranson) Date: Sun, 10 Oct 2004 18:00:18 -0500 (CDT) Subject: [Full-Disclosure] WWII cryptography: the dark side (fwd) Message-ID: <20041010180008.T77998@ubzr.zsa.bet> ---------- Forwarded message ---------- Date: Sun, 10 Oct 2004 21:57:15 +0200 From: Christian Leber To: full-disclosure at lists.netsys.com Subject: Re: [Full-Disclosure] WWII cryptography: the dark side On Sun, Oct 10, 2004 at 07:52:20PM +0200, Feher Tamas wrote: >(in german only or bablefish, sorry): I bablefished it and corrected the worst errors: ------- Secret code TELWA cracked: Nazi decoder developed computer forerunner 23. September 2004 Hanover - the decoder Reinhold Weber decoded the US secret code TELWA in the Second World War and built a decoding machine to crack M-209-Nachrichten. This was now revealed by Klaus Schmeh, author at the InterNet magazine Telepolis That German decoding specialists decoded in the the Second World War secret code of the allied was even not well known by experts until a few years ago. According to report of the former president of the Federal Office for security in the information technology (BSI), Dr Otto Leiberichm the Germans in the Second World War cracked the US coding machine M-209. These remarks served the Telepolis author Klaus Schmeh as important source of information, when he worked on his book 'Die Welt der geheimen Zeichen - Die faszinierende Geschichte der Verschl|sselung' ('The world of the secret signs - the fascinating history of encryption). When he published excerpts of this book with Telepolis first, this led to a small sensation: A 84 year old man from Frankfurt contacted him and reported that he was in WWII involved in the crackong of the mentioned US coding machine M-209. The 1920 in Austria born Reinold Weber, which had spent six years of his childhood in the USA, was drawn in 1941 to the armed forces. Due to excellent knowledge of the english language he was first trained as a message interpreter and later as decoder. Inserted in the decoding unit FNAST5, he succeeded to decode the TELWA messages from US radiograms and decipher also machine keys. In this time Weber and his colleagues cracked the codes of the US coding machine M-209 and intercepted explosive information. Thus there were again and again hints referring to forthcoming bombardments of German cities, which were announced usually about six to eight weeks before execution in radiograms. What counter measures the German military did with the help of these information, weber however never experienced. In April 1944 Weber had the idea to build a machine which should automate a part of the laborious deciphering computations. The company Hollerith, late IBM, was positive in an evaluation, explained however the building of such a machine takes about two years. Thus Weber with a colleague made itself alone to the work. They created a machine, which consisted of two boxes: one in the size of a desk, which contained the relays and the four turning rollers, as well as a further box with 80 x 80 x 40 cm edge length. Latter box contained 26 times 16 bulb sockets, with which by bulbs the letters of the relative attitude could be copied. Thus Webers and his colleague wrote an interesting piece of technology history, because their construction had already many thing in common with a computer with their binary logic. The computer was still not at all invented at this time, if one refrains from the British machine Colossus likewise developed for decoding, which developed about at the same time. In the middle of September 1944 Weber could prove the strength of its computer forerunner for the first time: During a night duty he determined with his machine - without the support of his colleagues - an M209 key. Which would have meant one week work without machine assistance for a three-team at least, he created within approximately seven hours. At the beginning of of 1945, weber had landed over several detours in Salzburg, wanted to use his decoding machine again. However the necessary radio engineering was missing. The equipment proved as useless. Its superior instructed to destroy the machine. With pickel, hatchet, hammer and stahlsaege Weber scrapped thereupon the equipment, whose construction had employed him several months long. Thus a historically extremely interesting computer forerunner disappeared again from the scene. Until today this equipment in no source of literature is mentioned to computer history. ------- Here is the complete Telepolis article (german): http://www.heise.de/tp/deutsch/inhalt/co/18371/1.html Christian Leber -- "Omnis enim res, quae dando non deficit, dum habetur et non datur, nondum habetur, quomodo habenda est." (Aurelius Augustinus) Translation: _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html From brian-slashdotnews at hyperreal.org Sun Oct 10 12:26:02 2004 From: brian-slashdotnews at hyperreal.org (brian-slashdotnews at hyperreal.org) Date: 10 Oct 2004 19:26:02 -0000 Subject: Indymedia Seizures Initiated In Europe Message-ID: Link: http://slashdot.org/article.pl?sid=04/10/10/1716256 Posted by: timothy, on 2004-10-10 17:18:00 from the fbi-just-along-for-the-ride dept. [1]daveschroeder writes "According to [2]this Indymedia.org article and [3]AFP report, the request to seize Indymedia servers hosted by a U.S. company in the UK (covered in this [4]previous slashdot story) originated from government agencies in Italy and Switzerland, not the United States. Because Indymedia's hosting company, Rackspace.com, is a U.S. company, the FBI coordinated the request and accompanied UK Metropolitan Police on the seizure under the auspices of the [5]Mutual Legal Assistance Treaty (MLAT), an international legal treaty, but, according to an FBI spokesman, 'It is not an FBI operation. Through [MLAT], the subpoena was on behalf of a third country.'" Read on below for more. daveschroeder continues: "Rackspace's statement reads, 'In the present matter regarding Indymedia, Rackspace Managed Hosting, a U.S. based company with offices in London, is acting in compliance with a court order pursuant to a Mutual Legal Assistance Treaty (MLAT), which establishes procedures for countries to assist each other in investigations such as international terrorism, kidnapping and money laundering. Rackspace responded to a Commissioner's subpoena, duly issued under Title 28, United States Code, Section 1782 in an investigation that did not arise in the United States. Rackspace is acting as a good corporate citizen and is cooperating with international law enforcement authorities. The court prohibits Rackspace from commenting further on this matter.'" References 1. mailto:dasNO at SPAMdoit.wisc.edu 2. http://www.indymedia.org/en/2004/10/112047.shtml 3. http://story.news.yahoo.com/news?tmpl=story&cid=1509&ncid=738&e=6&u=/afp/2004 1008/tc_afp/us_internet_justice 4. http://yro.slashdot.org/article.pl?sid=04/10/07/204217&tid=153 5. http://travel.state.gov/law/mlat.html ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From rah at shipwright.com Sun Oct 10 19:03:52 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Sun, 10 Oct 2004 22:03:52 -0400 Subject: E-Commerce Sites Make Great Laboratory For Today's Economists Message-ID: The Wall Street Journal October 11, 2004 PORTALS By LEE GOMES E-Commerce Sites Make Great Laboratory For Today's Economists October 11, 2004 Calling them eBayologists doesn't sound quite right; Amazonists is even worse. There may not be a good name for them, but for a growing number of academics trying to test ivory-tower theories in the real world, the big online commerce sites are the new place to be. Especially for economists, Web sites and their untold millions of interactions are perfect real-world laboratories. For instance, a fast-growing specialty in economics is "auction theory," which, as the name suggests, tries to tease out the basic patterns by which auctions operate. Before eBay, an aspiring auction theorist didn't have much data to work with. As a result, many of them spent time sifting and resifting through a limited set of data on government wireless spectrum auctions of the 1990s for their auction insights. But now, with eBay and the rest, there are more data than even the most dedicated graduate student would know what to do with. EBay itself even helps with this, supplying anonymized data to university researchers under special arrangement. What exactly are economists learning? Frankly, the conclusions aren't the sort that would cause a layperson's jaw to drop; many are the sort that only a microeconomist would love. For instance, one of the cardinal rules of eBay involves the importance of a seller's reputation, or the rating given the person by those who have done business with him or her. Luis M.B. Cabral, an economist at NYU's business school, says that for an economist, it wouldn't have been immediately obvious that the eBay ranking would be important -- partly because reputations on eBay, unlike those in the real world, are essentially anonymous. But not only is reputation important, Prof. Cabral found, but it affects the prices sellers can charge and the amount of merchandise they can move. In one study, he looked at what happens to sellers with perfect ratings who receive their first piece of negative feedback. Not only did they begin selling less, but they entered a kind of downward spiral, with fewer sales and a declining reputation. "It really makes a huge difference," Prof. Cabral says. Another academic foray into the online world ended up confirming the power of brand names. Conventional wisdom among most American economists would be that prices on Web sites should be essentially the same. After all, Internet users all have "perfect information" about what everyone is charging, and they face few, if any, "switching costs" in moving from one supplier to the next. But Judith A. Chevalier, an economist at the University of Chicago business school, looked at price differences between Amazon and Barnes & Noble and found that Amazon was consistently able to charge more. And in a separate study, she found that Amazon's customer-written reviews of books do indeed affect sales, with negative reviews having more of an impact than positive ones. Prof. Chevalier theorized that prospective shoppers may suspect positive reviews are some sort of shill for the author but don't bring comparable skepticism to negative notices. Even with all the interest by researchers, some of the questions posed by the e-commerce sites remain unresolved. One of them involves the usefulness of "sniping," which occurs when a prospective buyer in an auction doesn't get involved in the bidding until the last minute, and then makes an offer the others don't have time to top. The practice works only on eBay-style auctions, which have fixed time limits. There are many eBay users who swear by the practice. In fact, there are even a number of services that will snipe for you automatically. David Reiley, a University of Arizona economist, says that for certain kinds of auction items -- including standardized electronic gear with many different bidders -- studies suggest that snipers don't do better than anyone else, either in their success rate in winning their items or in the price they end up paying. But he says there may be other kinds of merchandise, such as those with fewer bidders or prices that aren't easy to determine, where buyers should, in fact, snipe. Even that could change, he notes, if everyone sniped. It is currently unclear how many people on eBay engage in the practice. Not all of the work being done online by economists is theoretical, and savvy eBay traders would be wise to acquaint themselves with some of the literature. Lucking Reiley, for instance, along with a colleague, Rama Katkar, wanted to find out if it was better to publicly set a minimum bid for an item or to use an eBay feature called a "secret reserve," which rejects bids below a certain dollar amount without telling bidders what the minimum is. By comparing 50 pairs of identical items, one with the secret minimum and one without, the economists concluded that the secret minimum dissuaded buyers from participating in the auction, thus driving down prices. The study was done using Pokimon cards, but the finding, presumably, could hold true for anything: Beanie Babies, lawn gnomes, you name it. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Sun Oct 10 14:33:00 2004 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 10 Oct 2004 23:33:00 +0200 Subject: [i2p] 0.4.1.2 is available (fwd from jrandom@i2p.net) Message-ID: <20041010213300.GW1457@leitl.org> ----- Forwarded message from jrandom ----- From eugen at leitl.org Sun Oct 10 15:03:01 2004 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 11 Oct 2004 00:03:01 +0200 Subject: Indymedia Seizures Initiated In Europe (fwd from brian-slashdotnews@hyperreal.org) Message-ID: <20041010220301.GZ1457@leitl.org> ----- Forwarded message from brian-slashdotnews at hyperreal.org ----- From brian-slashdotnews at hyperreal.org Mon Oct 11 00:26:00 2004 From: brian-slashdotnews at hyperreal.org (brian-slashdotnews at hyperreal.org) Date: 11 Oct 2004 07:26:00 -0000 Subject: China Rewards Porn Snitches Message-ID: Link: http://slashdot.org/article.pl?sid=04/10/11/0239205 Posted by: timothy, on 2004-10-11 05:29:00 from the don't-look-just-tell dept. [1]MinimeMongo writes that the "Associated Press reports that China's police ministry on Sunday [2]handed out rewards of up to $240 to people who reported pornographic Web sites in a campaign to stamp out online smut...The online crackdown is part of a sweeping official morality campaign launched this year on orders from communist leaders." References 1. mailto:6cgi-9w09.xemaps at com 2. http://www.newsday.com/technology/business/wire/sns-ap-china-porn-rewards,0,1 812553.story?coll=sns-ap-technology-headlines ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From eugen at leitl.org Mon Oct 11 01:08:01 2004 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 11 Oct 2004 10:08:01 +0200 Subject: China Rewards Porn Snitches (fwd from brian-slashdotnews@hyperreal.org) Message-ID: <20041011080801.GK1457@leitl.org> ----- Forwarded message from brian-slashdotnews at hyperreal.org ----- From camera_lumina at hotmail.com Mon Oct 11 07:38:32 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 11 Oct 2004 10:38:32 -0400 Subject: Financial identity is *dangerous*? (was re: Fake companies, real money) Message-ID: OK, I'll bite. Or rather... Well, your initial postulate was stated in such a way as to be fairly unrefutable, the key word being "float". Only companies, etc...provide that by requiring that the transacted funds flow through their coffers for a moment, where they extract their discount revenue. At this stage of the game, nobody when their head screwed on tight would argue that Internet-based businesses don't represent an increase in Risk (whether that increase will eventually make float-based business models impossible is an entirely different matter). Interestingly, the Visa organization recently launched a Purchasing Card platform which merely facilitates EFTs (a step towards your oft-mentioned "Geodesic Society"?)...there's a fixed and small discount revenue touch that's independent of the size of the transaction (and they can afford to do this because there's no float, ergo no risk). In this case, Visa is providing "value added" information systems for the transactions, but in a sense they're allowing their member banks to more or less completely step out of the transaction if they wish. Now of course, Paragraph 2 is only related to Paragraph 1 by the fact that I wrote both of them in one post. To my knowledge, Visa's new PCard platform has nothing to do with Internet-based risk PER SE, but in the long run I'll doubt we'll lable this a coincidence. -TD >From: "R. A. Hettinga" >To: cryptography at metzdowd.com, cypherpunks at al-qaeda.net >Subject: Financial identity is *dangerous*? (was re: Fake companies, real >money) >Date: Fri, 8 Oct 2004 19:14:08 -0400 > >Okay. So I'm coming to the conclusion that book-entry settlement, with its >absolute requirement for both "identity" and float between transactions, is >becoming more and more *un*-safe to use as internet ubiquity increases. > >Anyone want to pick up the other side of this and tell me why not? > >No bugbears or horsemen need apply... > >Cheers, >RAH >------- > > > > MSNBC.com > >Fake companies, real money >Elaborate con wrings cash out of stolen credit cards >By Bob Sullivan >Technology correspondent >MSNBC >Updated: 7:15 p.m. ET Oct. 7, 2004 > > >T-Data, a small New-York based software company, doesn't take credit cards >-- never has in its 20-year history. But a few weeks ago, owner Jeff Duhl >found himself looking over $15,000 worth of credit card charges seemingly >accepted by his store. > >A quick investigation revealed most of the charges had been made using >stolen credit cards. Slowly, he caught on: Someone had stolen a batch of >credit card accounts, then stolen his company's name, set up an imposter >version of T-Data, and rung up thousands of dollars worth of fake >purchases. The "profits" were then desposited into checking accounts >controlled by the imposters. > >"It is ingenious," said Dan Clements, who operates merchant advocacy site >CardCops.com. > >Duhl wasn't the only victim of this new brand of corporate identity theft: >At least 50 other firms apparently also had their identities stolen in the >scheme. For credit card thieves doing their best to wring money out of a >stash of stolen accounts, it seems like the perfect scam. > >How to profit from stolen credit cards >While millions of credit card account numbers are stolen every year -- 60 >million last year, and perhaps 120 million this year, according to one >estimate -- turning them into cash can be tricky. Merchandise ordered with >the card must be delivered somewhere, which is risky. Massive cash >withdrawals are quickly spotted by credit card associations. > > The scheme Duhl's firm was caught up in is a heady, complex alternative: > >First, credit card thieves find a legitimate company unlikely to already be >accepting credit card transactions. They then impersonate that company and >set up accounts with merchant processing providers, whose role it is to >transfer funds between credit card companies and merchants. > > Using stolen credit cards, the thieves then start sending small payments, >usually $498 or $598 at a time, to the fraudulent merchant accounts. The >credit card companies send funds to the processors and they in turn send >the funds off to bank accounts controlled by the criminals. > >"They are flying under the radar on each transaction unless someone does a >whole lot of work," Duhl said. > > A key part of the scheme: The thieves went to the trouble of registering >the domain www.T-datasoftware.com, then set up a fake Web site. The site >looked like a believable business to the merchant processing providers, who >gave the thieves their accounts. > >Duhl's imposters were able to set up accounts at seven different payment >processing firms. When Duhl investigated, he discovered some 50 other Web >sites -- most mere imitations of one another -- all sitting on the same >computer server. > >"They got away with $15,000 (in charges) at my company," Duhl said. >"Multiply that by the number of sites, the number of companies, these folks >could be getting away with millions of dollars," he said. > >It's not clear how much money the criminals really did get away with in the >end. Many of the processing firms interviewed for this article claimed they >caught on to the fraud after the transactions had cleared, but before the >suspects had withdrawn the money from various checking accounts around the >country. One did concede, however, that the scheme has real potential. > >'Hundreds of thousands' over a weekend >"If you don't catch it you could lose hundreds of thousands of dollars over >a weekend," said David Steinberg, chief credit officer at Merchant E >Solutions, one of the processing firms used by the thieves. > > Steinberg said his company had never suffered such a loss, but that the >industry is bustling with fraud attempts. Some 5 to 10 percent of all >applications his firm receives are turned away as potentially fraudulent, >he said. > >Phyllis McNeill, a spokeswoman for Global Payments, another processing firm >hit in the scam, confirmed a fake account had been set up in T-Data's name >with her company. She said the account was actually set up through a >reseller, and was shut down after eight transactions had been performed. > >Randy Lobban, director of risk management at North American Bancard, said >the con artists were able to open up an account at his firm and pass eight >charges through the system, but the funds were never released. > >"They never got any money," Lobban said. He alerted the U.S. Postal >Inspection Service to the incident. > >Representatives at First Data and Wells Fargo also confirmed that fake >accounts had been opened at their firms. > > An official at Beacon Bank in Minnesota, where one of the checking >accounts used to receive the stolen funds had been set up, confirmed that >he had discussed the situation with Duhl, but would not provide further >comment. > > Corporate ID theft >Whoever impersonated T-Data were clever enough to throw a few monkey >wrenches in the path of anyone trying to detect them. > >When applying for the compulsory credit check needed to obtain the fake >merchant account, for example, the thieves didn't use T-Data's tax ID >number. Instead, they used the name and credit profile of a man unconnected >with the company. Steven Wiencek, who lives on Long Island near the >company, didn't even know his credit had been checked until contacted by >MSNBC.com for this story. > >But the application, which listed Wiencek as company president, gives his >Social Security number and driver's license number, suggesting the people >behind this scheme have access to a wide swath of stolen credit cards and >stolen identities. > >Another attempt at misdirection was foiled by an alert mail carrier. > > The application for the merchant account used a slight variation of >Duhl's >address -- apparently an attempt to ensure that mail to Duhl would be lost. >But a knowledgeable local postal worker recognized the company name anyway, >leading Duhl to discover the dupe. > >"Without that, I may not have found out about this for a long time," he >said. > > The thieves were also persistent. Using one stolen credit card, they >attempted to steal $2,500 through five separate faked merchant accounts, >according to an affidavit of credit card fraud supplied by Duhl. > > Another corporate ID victim, John Bartholomew of Abcom Services, said he >was lucky, because Duhl contacted him just as the scam began. > > "We are a management company in long-term health care. We would have no >reason to use credit cards," he said. The firm had been in business for 21 >years, and never accepted a single charge -- until the criminals stole his >company's name, Bartholomew said. > >True to form, the criminals hijacked his brand name and set up merchants >accounts using his company's name and a similar -- but slightly altered -- >street address. > > The good news is, Bartholomew was able to warn the merchant account >providers soon enough that only about $4,000 in charges were run through >his company's name. The bad news is, some of the providers are still trying >to make him pay the bill for the charges. He figures he's spent about >$5,000 in legal fees trying to clean up the mess. > >Who are they working with? >Rob Douglas, a consultant who operates PrivacyToday.com, blames the >merchant account providers for never checking to see if the name on the >account application actually represented a real person who worked at the >firm. > >"You have to ask what the companies that set up the merchant accounts are >doing?" he said. "Who has the responsibility to do due diligence that they >are in fact working with who they think they are working with when they >open an account?" > >But several of the merchant service providers pointed out the difficulty of >stopping all fraudulent applications in a world where identities are so >easily stolen. > > "For all of us, it's a tough business," Steinberg, of Merchant E >Services, >said. "It's a large, large problem." > >Duhl himself blames the banks where the money was to eventually wind up -- >wondering how the thieves were able to set up accounts in the post-Patriot >Act era. Apparently worried as much about security implications as his >personal loss, Duhl contacted the FBI, the Secret Service and the U.S. >Postal Inspector's Office. None of the agents he spoke to returned phone >calls placed by MSNBC.com. > > He says he is frustrated that none of the agencies seem to have taken any >interest in the incident -- particularly because at least one phone call >was placed to Pakistan using the cell phone purchased in his company's >name, and one of the bank accounts used to funnel money was established by >suspects who presented Russian passports as identification, he says his own >research revealed. > > "No one in the government seems like they are going to get interested in >establishing a case," Duhl said. > > Douglas, who consults with firms trying to deal with the new trend of >corporate identity theft, says there's little small companies like Duhl's >can do to prevent this kind of incident. But one piece of practical advice >he offers larger firms: search the Web once a week for evidence of >impersonation. > >"As strange as it sounds, companies need to have one or more people >assigned to surf the Web and see if there are mirror sites out there, just >like we tell parents to surf for their child's name," he said. > >Bob Sullivan is the author of Your Evil Twin: Behind the Identity Theft >Epidemic > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _________________________________________________________________ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ From nobody at dizum.com Mon Oct 11 01:50:01 2004 From: nobody at dizum.com (Nomen Nescio) Date: Mon, 11 Oct 2004 10:50:01 +0200 (CEST) Subject: Money Laundering for the Nazis by President Bush's family Message-ID: The subject says it all. Read more here: http://www.debatecomics.org/BushFamilyFortune/ We must retire this criminal from office now! Link to the full 89 MB pdf below http://www.debatecomics.org/assets/Sources/US_Fascism/ A-2%20FascistFriendly%20Power%20Brokers/ Roaming%20Ghost%20Case/Whole/full.pdf (Concat above rows to one URL) From rah at shipwright.com Mon Oct 11 08:09:03 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 11 Oct 2004 11:09:03 -0400 Subject: Chance plays a key role in start-up company's success Message-ID: IST Results Chance plays a key role in start-up company's success Using randomly generated numbers to ensure the security of encryption applications seems counter-intuitive but is a fundamental part of quantum cryptography. Pioneering the approach is an award-winning Swiss start-up company, id Quantique, that launched the world's first commercial quantum random number generator and quantum cryptography system. In fact, numerous applications require random numbers. Besides potential quantum cryptographic applications, such as bank transfers and e-voting, further examples include scientific calculations and games involving chance such as national lotteries. Initially though, id Quantique's products mainly target demand from customers of high security encryption systems such as financial, government and military institutions. id Quantique was founded in October 2001 as a spin-off from the University of Geneva by four researchers from the University's Applied Physics Department - Grigoire Ribordy, Olivier Guinnard, Nicolas Gisin and Hugo Zbinden. December 2003 marked a milestone in the company's evolution: the entrepreneurs successfully raised 1 million euros from the Luxemburg-based i2i venture capital fund in a first round of funding and they concluded a worldwide exclusivity agreement with the University of Geneva regarding two important quantum cryptography patents. Over a short period of time, the fledgling company and its founders have won several prestigious prizes. The company was a recipient of the European Innovation Awards from the Wall Street Journal Europe in 2001; Olivier Guinnard and Grigoire Ribordy were winners of the de Vigier's prize for Swiss entrepreneurs in 2002; and this year the company was a winner of the annual Swiss Technology Award. id Quantique supplies three products. Firstly, a physical random number generator, Quantis, which relies on an elementary quantum optical process - namely the perfectly random reflection or transmission of a photon, or light particle, on a semi-transparent mirror - in order to produce binary random numbers. Next, a quantum key distribution (QKD) system that enables cryptographic keys, which are required for encrypting and decrypting information, to be securely transmitted over standard optical fibres between two parties. Finally, a Single Photon Detection Module (SPDM), id 200, which is a photon counter used in quantum cryptography and other quantum optical applications. In March 2004, id Quantique and the University of Geneva launched the first ever website offering perfectly random numbers created by the Quantis generator. Grigoire Ribordy, id Quantique's CEO, remarks, "We launched the www.randomnumbers.info website to promote our new quantum random number generator and to provide a service to the scientific community. In the long term, we would like it to become the reference point for random numbers." Despite the demand for perfectly random numbers, their generation remains a difficult task. Conventional computers use a rule to produce pseudo-random numbers, which can sometimes introduce unwanted bias. "Quantum physics is the only physical theory predicting that the outcome of certain phenomena is random," emphasises Nicolas Gisin, Professor at the University of Geneva. "It is thus a natural choice to use it to generate true random numbers." id Quantique is a partner in the IST project SECOQC which began in April 2004 under the Sixth Framework Programme. The project is focused on evaluating quantum cryptography technology as well as developing standard specifications for secure global digital communication systems. Recently, the project consortium performed the world's first ever bank transfer using quantum cryptography by sending $3000 over a 1.45 km link between Vienna City Hall and the headquarters of Bank-Austria Creditanstalt. "The SECOQC project makes it possible for id Quantique's engineers to interact with some of the best groups worldwide in the field of quantum cryptography," observes Ribordy. "And because of the multidisciplinary nature of this project, it is an extremely enriching platform to exchange ideas and find new ways to solve problems." More recently, id Quantique has teamed up with the Deckpoint, a Swiss Internet Service Provider, to develop and implement the world's first data archiving network secured using quantum cryptography. The official opening of the new archiving network took place on 29 September 2004 in the presence of Carlo Lamprecht, the Minister of Economy, Labour and Foreign Affairs of the Republic and Canton of Geneva. Data stored on a farm of 30 servers at Deckpoint Housing Centre, in the middle of Geneva, was backed up to servers located at the Cern Internet Exchange Point, in the city suburbs some 10 kms away. "This world premiere is an excellent illustration of the of the potential of this technology " says Ribordy. "We are convinced that security has become critical, in particular with the implementation of the Basel II standards in the banking industry as of 2006," adds Dominique Perisset, Director of Deckpoint. "The economic world cannot afford anymore not to have a complete information security strategy." Contact: Grigoire Ribordy Chief Executive Officer id Quantique SA Chemin de la Marbrerie, 3 CH-1227 Carouge / Geneva Switzerland Tel: + 41-22-3018371/2 Fax: + 41-22-3018379 Email: gregoire.ribordy at idquantique.com Sources: Based on information from id Quantique Information : DATE : 11 Oct 2004 TECHNOLOGY AREA: Trust/security MARKET APPLICATION: Electronics/IT manuf USEFUL LINKS: id Quantique website SECOQC project SECOQC factsheet on CORDIS www.randomnumbers.info website -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Mon Oct 11 09:05:50 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 11 Oct 2004 12:05:50 -0400 Subject: Chance plays a key role in start-up company's success Message-ID: Well, as a research toy QC seems gee-wiz super cool. I'm still not super-impressed by the current set of applications. In particular, consider that random number generator. Although QM does indeed predict that experimental outcomes will be 'random', they are random within the weightings imposed by the measuring apparatus. In a sense, this is the perfect analog to the notion that, "Your crypto algorithm may be unbreakable, but your hard/software ain't." Consider...I set up my random number generator to spit out a 1 every time a photon passes through a half-silvered mirror, and a 0 every time it reflects. Over time the silvering on the mirror is going to degrade, or perhaps it's already not perfect but you need a large number of 'measurements' and/or analysis to begin to see it. In any event, your probabilities are going to shift over time, yielding an imperfect distribution of 0s/1s. Sure, it's still "random", but the probability density function is no longer useful for many applications. Right now I can't see why this would be any more desirable than, for instance, grabbing the outcome of some distinctly nonlinear process, or perhaps many other approaches to RNG. The only thing this does is allow users/buyers to think their system is now free of any deep technical issues that may make classical systems insecure. -TD >From: "R.A. Hettinga" >To: cryptography at metzdowd.com, cypherpunks at al-qaeda.net >Subject: Chance plays a key role in start-up company's success >Date: Mon, 11 Oct 2004 11:09:03 -0400 > > > > IST Results > >Chance plays a key role in start-up company's success > >Using randomly generated numbers to ensure the security of encryption >applications seems counter-intuitive but is a fundamental part of quantum >cryptography. Pioneering the approach is an award-winning Swiss start-up >company, id Quantique, that launched the world's first commercial quantum >random number generator and quantum cryptography system. > > In fact, numerous applications require random numbers. Besides potential >quantum cryptographic applications, such as bank transfers and e-voting, >further examples include scientific calculations and games involving chance >such as national lotteries. Initially though, id Quantique's products >mainly target demand from customers of high security encryption systems >such as financial, government and military institutions. > > id Quantique was founded in October 2001 as a spin-off from the >University >of Geneva by four researchers from the University's Applied Physics >Department - Grigoire Ribordy, Olivier Guinnard, Nicolas Gisin and Hugo >Zbinden. December 2003 marked a milestone in the company's evolution: the >entrepreneurs successfully raised 1 million euros from the Luxemburg-based >i2i venture capital fund in a first round of funding and they concluded a >worldwide exclusivity agreement with the University of Geneva regarding two >important quantum cryptography patents. > > Over a short period of time, the fledgling company and its founders have >won several prestigious prizes. The company was a recipient of the European >Innovation Awards from the Wall Street Journal Europe in 2001; Olivier >Guinnard and Grigoire Ribordy were winners of the de Vigier's prize for >Swiss entrepreneurs in 2002; and this year the company was a winner of the >annual Swiss Technology Award. > > id Quantique supplies three products. Firstly, a physical random number >generator, Quantis, which relies on an elementary quantum optical process - >namely the perfectly random reflection or transmission of a photon, or >light particle, on a semi-transparent mirror - in order to produce binary >random numbers. Next, a quantum key distribution (QKD) system that enables >cryptographic keys, which are required for encrypting and decrypting >information, to be securely transmitted over standard optical fibres >between two parties. Finally, a Single Photon Detection Module (SPDM), id >200, which is a photon counter used in quantum cryptography and other >quantum optical applications. > > In March 2004, id Quantique and the University of Geneva launched the >first ever website offering perfectly random numbers created by the Quantis >generator. Grigoire Ribordy, id Quantique's CEO, remarks, "We launched the >www.randomnumbers.info website to promote our new quantum random number >generator and to provide a service to the scientific community. In the long >term, we would like it to become the reference point for random numbers." > > Despite the demand for perfectly random numbers, their generation remains >a difficult task. Conventional computers use a rule to produce >pseudo-random numbers, which can sometimes introduce unwanted bias. >"Quantum physics is the only physical theory predicting that the outcome of >certain phenomena is random," emphasises Nicolas Gisin, Professor at the >University of Geneva. "It is thus a natural choice to use it to generate >true random numbers." > > id Quantique is a partner in the IST project SECOQC which began in April >2004 under the Sixth Framework Programme. The project is focused on >evaluating quantum cryptography technology as well as developing standard >specifications for secure global digital communication systems. > > Recently, the project consortium performed the world's first ever bank >transfer using quantum cryptography by sending $3000 over a 1.45 km link >between Vienna City Hall and the headquarters of Bank-Austria >Creditanstalt. "The SECOQC project makes it possible for id Quantique's >engineers to interact with some of the best groups worldwide in the field >of quantum cryptography," observes Ribordy. "And because of the >multidisciplinary nature of this project, it is an extremely enriching >platform to exchange ideas and find new ways to solve problems." > > More recently, id Quantique has teamed up with the Deckpoint, a Swiss >Internet Service Provider, to develop and implement the world's first data >archiving network secured using quantum cryptography. The official opening >of the new archiving network took place on 29 September 2004 in the >presence of Carlo Lamprecht, the Minister of Economy, Labour and Foreign >Affairs of the Republic and Canton of Geneva. Data stored on a farm of 30 >servers at Deckpoint Housing Centre, in the middle of Geneva, was backed up >to servers located at the Cern Internet Exchange Point, in the city suburbs >some 10 kms away. "This world premiere is an excellent illustration of the >of the potential of this technology " says Ribordy. "We are convinced that >security has become critical, in particular with the implementation of the >Basel II standards in the banking industry as of 2006," adds Dominique >Perisset, Director of Deckpoint. "The economic world cannot afford anymore >not to have a complete information security strategy." > > Contact: >Grigoire Ribordy >Chief Executive Officer >id Quantique SA >Chemin de la Marbrerie, 3 >CH-1227 Carouge / Geneva >Switzerland >Tel: + 41-22-3018371/2 >Fax: + 41-22-3018379 >Email: gregoire.ribordy at idquantique.com > >Sources: Based on information from id Quantique > > > > > > >Information : > >DATE : >11 Oct 2004 > >TECHNOLOGY AREA: > > Trust/security > > >MARKET APPLICATION: > >Electronics/IT manuf > > >USEFUL LINKS: >id Quantique website >SECOQC project >SECOQC factsheet on CORDIS >www.randomnumbers.info website > > > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _________________________________________________________________ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ From rah at shipwright.com Mon Oct 11 12:19:00 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 11 Oct 2004 15:19:00 -0400 Subject: Cash, Credit -- or Prints? Message-ID: The Wall Street Journal October 11, 2004 Cash, Credit -- or Prints? Fingerprints May Replace Money, Passwords and Keys; One Downside: Gummi Fakes By WILLIAM M. BULKELEY Staff Reporter of THE WALL STREET JOURNAL October 11, 2004; Page B1 Fingerprints aren't just for criminals anymore. Increasingly, they are for customers. Fingerprint identification is being used to speed up checkouts at Piggly Wiggly supermarkets in South Carolina, and to open storage lockers at the Statue of Liberty. Fingerprints are also being used as password substitutes in cellphones and laptop computers, and in place of combinations to open up safes. But these aren't the fingerprints of yore, in which the person placed his hand on an ink pad, then on paper. Instead, the user sets his hand on a computerized device topped with a plate of glass, and an optical reader and special software and chips identify the ridges and valleys of the fingertips. Fingerprint technology seems to be reaching critical mass and is spreading faster than other widely promoted "biometric" identification methods, such as eyeball scanning, handprint-geometry reading and facial recognition. Interest in these and other new security systems was heightened by the September 2001 terror attacks. "Fingerprints will be dominant for the foreseeable future," says Don McKeon, the product manager for biometric security at International Business Machines Corp. One reason fingerprint-security is spreading is that technological advances are bringing the cost down. Microsoft Corp. recently introduced a stand-alone fingerprint reader for $54, and a keyboard and a mouse with fingerprint readers. Last week, IBM said it would start selling laptop computers with fingerprint readers built in. These products reduce the need for personal-computer users to remember passwords. A customer uses a fingerprint reader to pay at a Piggly Wiggly store, cutting his checkout time. Earlier this year, American Power Conversion Corp., a Rhode Island company that makes backup computer batteries, started selling a fingerprint reader for PCs with a street price of $45 -- less than half the price of competitors at the time. American Power says it has sold tens of thousands of the devices since. Korea's LG Electronics Inc. has introduced a cellphone with a silicon chip at its base that requires the owner's finger to be swiped across its surface before the phone can be used. This summer, NTT DoCoMo Inc. started selling a similar phone reader that is being used on Japanese trains as an electronic wallet to pay fares or to activate withdrawals from on-board cash machines. Proponents have never had trouble explaining the benefits of fingerprints as payment-and-password alternatives: Each person has a unique set, and their use is established in the legal system as an authoritative means of identification. But some people are uneasy about registering their fingerprints because of the association with criminality and the potential that such a universal identifier linked to all personal information would reduce privacy. Moreover, numerous businesses and governments have tested fingerprint systems in the past only to rip them out when the hype failed to match reality. That's partly because the optical readers have had problems with certain people's fingers. Elderly people with dry skin, children who pressed down too hard, even women with smaller fingers -- including many Asians -- were often rejected as unreadable. Security experts also have successfully fooled some systems by making plaster molds of fingers and then creating fake fingers by filling the molds with Silly-Putty-type plasticizers or gelatin similar to that used in candy Gummi Bears. But advocates say the rate of false rejections of legitimate users has been greatly reduced by improved software. "I'd say 99% of people can register" their fingers, says Brad Hill, who installed fingerprint-controlled lockers at his souvenir store at the Statue of Liberty this summer when the National Park Service forbade tourists from entering the statue while carrying packages. Mr. Hill was worried that tourists would lose locker keys when security screeners forced them to empty their pockets. Some makers of readers also say their technology can solve the fake-finger problem by taking readings from below the surface skin layer. Or they suggest combining four-digit ID codes with fingerprint scanning to virtually eliminate false readings. Makers of fingerprint readers acknowledge the privacy concerns. But they maintain that the threat of personal invasion is minimized because most systems don't store the actual print, but instead use it to generate a unique series of numbers that can't be reverse-engineered to re-create the print. And public willingness to submit to fingerprint readers has soared since the 2001 terrorist attacks, as the need for security overcomes worries about unwarranted intrusion. While the market for fingerprint readers is small, it is growing fast. International Biometric Group, a New York market-research firm, predicts that sales will rise 86% to $368 million this year from $198 million last year. AuthenTec Inc., of Melbourne, Fla., which makes the fingerprint-reading chips used in the LG cellphone, expects to ship more than three million of them this year, triple the level of 2003. Their price has fallen below $6 apiece, and Scott Moody, AuthenTec's chief executive, sees that dropping below $4 next year. Ubiquitous use of fingerprints could eliminate a huge consumer headache: remembering passwords for various Web sites. With American Power's fingerprint reader, users register all of their passwords online, along with the associated Web sites. Then they never have to type in a password again. "Our parents didn't deal with the problem of remembering 20 passwords, and our grandkids won't even know what they are," says IBM's Mr. McKeon. Potentially, fingerprint readers also could replace credit and debit cards. Pay by Touch Co., a closely held San Francisco company that is working with IBM, installs fingerprint readers in retail stores where customers can register their fingers by touching the pad five times. Then they can register supermarket loyalty cards and several credit card-numbers. They even can use the fingerprint reader to withdraw money from a checking account at the cash register. Another use: A consumer could register a driver's license and his or her age with the system, so clerks won't have to examine identification cards for purchases of beer or cigarettes. The next time the customer checks out, he or she just touches the pad, enters his or her phone number and selects from the list of payment options. Pay by Touch, which charges retailers 5 to 10 cents per transaction, claims the system reduces checkout time by 30%. One early user of Pay by Touch are a handful of Piggly Wiggly supermarkets. After installing the system in four stores in July, "a good, strong percentage of our transactions are done by touch" already, says David Schools, senior vice president of Piggly Wiggly Carolina Inc., based in Charleston. He declined to be more specific. The chain hopes that customers will register checking accounts and make electronic withdrawals via fingerprint ID to pay for purchases, which would save the grocer steep credit-card or debit-card fees. IBM says that convenience stores are experimenting with fingerprints as an alternative to radio-frequency identification cards like Exxon Mobil Corp.'s Speedpass, to deal with the "sweaty jogger problem" -- cashless runners coming in for coffee or Gatorade. The problem with RFID cards is that anyone can use one that is lost or stolen. Not so with fingerprints. Jeff Baughan, vice president of information technology at Catholic Health Systems in Buffalo, N.Y., says he anticipates some day installing wireless readers on the carts used by nursers that would read patients' fingers, to double-check that the right patient gets the right medicine. Currently, the health-care system is installing Ultra-Scan Corp. devices that read fingers to register incoming patients and make sure that different people aren't using the same insurance card. Fingerprint-scanner authorization also is being used by business owners as a replacement for lock combinations on safes. "Traditionally, two people are given the same combination, and if there's a loss, how can you figure out who took it?" says Edward McGunn, president of Corporate Safe Specialists Inc., of Posen, Ill. He predicts that within two years, 80% of his sales will be fingerprint safes, partly because it's much simpler to train an unskilled manager to open one. "This is the most exciting time to be in the safe business in my lifetime," says Mr. McGunn, a third-generation safe maker. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From franks at mcs.anl.gov Mon Oct 11 17:34:19 2004 From: franks at mcs.anl.gov (Frank Siebenlist) Date: Mon, 11 Oct 2004 17:34:19 -0700 Subject: Cash, Credit -- or Prints? In-Reply-To: References: Message-ID: <416B268B.2010908@mcs.anl.gov> Can anyone explain how sophisticated those fingerprint readers are? Are there readers out there that by themselves are secure devices and essentially are able to talk with their servers thru the PCs/workstations over a protocol such that any man-in-the-middle, like a driver, can not learn anything from the traffic? (...and all that for less than $40, of course...) If not, would a trojan then be able to capture your fingerprint's digital-fingerprint, and impersonate you from any other node on the network? -Frank. R.A. Hettinga wrote: > > > The Wall Street Journal > > > October 11, 2004 > > > Cash, Credit -- or Prints? > Fingerprints May Replace > Money, Passwords and Keys; > One Downside: Gummi Fakes > > By WILLIAM M. BULKELEY > Staff Reporter of THE WALL STREET JOURNAL > October 11, 2004; Page B1 > > > Fingerprints aren't just for criminals anymore. Increasingly, they are for > customers. > > Fingerprint identification is being used to speed up checkouts at Piggly > Wiggly supermarkets in South Carolina, and to open storage lockers at the > Statue of Liberty. Fingerprints are also being used as password > substitutes > in cellphones and laptop computers, and in place of combinations to > open up > safes. > > But these aren't the fingerprints of yore, in which the person placed his > hand on an ink pad, then on paper. Instead, the user sets his hand on a > computerized device topped with a plate of glass, and an optical > reader and > special software and chips identify the ridges and valleys of the > fingertips. > > Fingerprint technology seems to be reaching critical mass and is spreading > faster than other widely promoted "biometric" identification methods, such > as eyeball scanning, handprint-geometry reading and facial recognition. > Interest in these and other new security systems was heightened by the > September 2001 terror attacks. > > "Fingerprints will be dominant for the foreseeable future," says Don > McKeon, the product manager for biometric security at International > Business Machines Corp. > > One reason fingerprint-security is spreading is that technological > advances > are bringing the cost down. Microsoft Corp. recently introduced a > stand-alone fingerprint reader for $54, and a keyboard and a mouse with > fingerprint readers. Last week, IBM said it would start selling laptop > computers with fingerprint readers built in. These products reduce the > need > for personal-computer users to remember passwords. > > A customer uses a fingerprint reader to pay at a Piggly Wiggly store, > cutting his checkout time. > > > > Earlier this year, American Power Conversion Corp., a Rhode Island company > that makes backup computer batteries, started selling a fingerprint reader > for PCs with a street price of $45 -- less than half the price of > competitors at the time. American Power says it has sold tens of thousands > of the devices since. > > Korea's LG Electronics Inc. has introduced a cellphone with a silicon chip > at its base that requires the owner's finger to be swiped across its > surface before the phone can be used. This summer, NTT DoCoMo Inc. started > selling a similar phone reader that is being used on Japanese trains as an > electronic wallet to pay fares or to activate withdrawals from on-board > cash machines. > > Proponents have never had trouble explaining the benefits of fingerprints > as payment-and-password alternatives: Each person has a unique set, and > their use is established in the legal system as an authoritative means of > identification. But some people are uneasy about registering their > fingerprints because of the association with criminality and the potential > that such a universal identifier linked to all personal information would > reduce privacy. > > Moreover, numerous businesses and governments have tested fingerprint > systems in the past only to rip them out when the hype failed to match > reality. That's partly because the optical readers have had problems with > certain people's fingers. Elderly people with dry skin, children who > pressed down too hard, even women with smaller fingers -- including many > Asians -- were often rejected as unreadable. > > Security experts also have successfully fooled some systems by making > plaster molds of fingers and then creating fake fingers by filling the > molds with Silly-Putty-type plasticizers or gelatin similar to that > used in > candy Gummi Bears. > > But advocates say the rate of false rejections of legitimate users has > been > greatly reduced by improved software. "I'd say 99% of people can register" > their fingers, says Brad Hill, who installed fingerprint-controlled > lockers > at his souvenir store at the Statue of Liberty this summer when the > National Park Service forbade tourists from entering the statue while > carrying packages. Mr. Hill was worried that tourists would lose locker > keys when security screeners forced them to empty their pockets. > > Some makers of readers also say their technology can solve the fake-finger > problem by taking readings from below the surface skin layer. Or they > suggest combining four-digit ID codes with fingerprint scanning to > virtually eliminate false readings. > > Makers of fingerprint readers acknowledge the privacy concerns. But they > maintain that the threat of personal invasion is minimized because most > systems don't store the actual print, but instead use it to generate a > unique series of numbers that can't be reverse-engineered to re-create the > print. And public willingness to submit to fingerprint readers has soared > since the 2001 terrorist attacks, as the need for security overcomes > worries about unwarranted intrusion. > > While the market for fingerprint readers is small, it is growing fast. > International Biometric Group, a New York market-research firm, predicts > that sales will rise 86% to $368 million this year from $198 million last > year. AuthenTec Inc., of Melbourne, Fla., which makes the > fingerprint-reading chips used in the LG cellphone, expects to ship more > than three million of them this year, triple the level of 2003. Their > price > has fallen below $6 apiece, and Scott Moody, AuthenTec's chief executive, > sees that dropping below $4 next year. > > Ubiquitous use of fingerprints could eliminate a huge consumer headache: > remembering passwords for various Web sites. With American Power's > fingerprint reader, users register all of their passwords online, along > with the associated Web sites. Then they never have to type in a password > again. > > "Our parents didn't deal with the problem of remembering 20 passwords, and > our grandkids won't even know what they are," says IBM's Mr. McKeon. > > Potentially, fingerprint readers also could replace credit and debit > cards. > Pay by Touch Co., a closely held San Francisco company that is working > with > IBM, installs fingerprint readers in retail stores where customers can > register their fingers by touching the pad five times. Then they can > register supermarket loyalty cards and several credit card-numbers. They > even can use the fingerprint reader to withdraw money from a checking > account at the cash register. > > Another use: A consumer could register a driver's license and his or her > age with the system, so clerks won't have to examine identification cards > for purchases of beer or cigarettes. The next time the customer checks > out, > he or she just touches the pad, enters his or her phone number and selects > from the list of payment options. Pay by Touch, which charges retailers 5 > to 10 cents per transaction, claims the system reduces checkout time > by 30%. > > One early user of Pay by Touch are a handful of Piggly Wiggly > supermarkets. > After installing the system in four stores in July, "a good, strong > percentage of our transactions are done by touch" already, says David > Schools, senior vice president of Piggly Wiggly Carolina Inc., based in > Charleston. He declined to be more specific. The chain hopes that > customers > will register checking accounts and make electronic withdrawals via > fingerprint ID to pay for purchases, which would save the grocer steep > credit-card or debit-card fees. > > IBM says that convenience stores are experimenting with fingerprints as an > alternative to radio-frequency identification cards like Exxon Mobil > Corp.'s Speedpass, to deal with the "sweaty jogger problem" -- cashless > runners coming in for coffee or Gatorade. The problem with RFID cards is > that anyone can use one that is lost or stolen. Not so with fingerprints. > > Jeff Baughan, vice president of information technology at Catholic Health > Systems in Buffalo, N.Y., says he anticipates some day installing wireless > readers on the carts used by nursers that would read patients' fingers, to > double-check that the right patient gets the right medicine. > Currently, the > health-care system is installing Ultra-Scan Corp. devices that read > fingers > to register incoming patients and make sure that different people aren't > using the same insurance card. > > Fingerprint-scanner authorization also is being used by business owners as > a replacement for lock combinations on safes. "Traditionally, two people > are given the same combination, and if there's a loss, how can you figure > out who took it?" says Edward McGunn, president of Corporate Safe > Specialists Inc., of Posen, Ill. He predicts that within two years, 80% of > his sales will be fingerprint safes, partly because it's much simpler to > train an unskilled manager to open one. "This is the most exciting time to > be in the safe business in my lifetime," says Mr. McGunn, a > third-generation safe maker. > > -- Frank Siebenlist franks at mcs.anl.gov The Globus Alliance - Argonne National Laboratory --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From rah at shipwright.com Mon Oct 11 18:48:45 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 11 Oct 2004 21:48:45 -0400 Subject: Congress Close to Establishing Rules for Driver's Licenses Message-ID: The New York Times October 11, 2004 Congress Close to Establishing Rules for Driver's Licenses By MATTHEW L. WALD ASHINGTON, Oct. 10 - Following a recommendation of the Sept. 11 commission, the House and Senate are moving toward setting rules for the states that would standardize the documentation required to obtain a driver's license, and the data the license would have to contain. Critics say the plan would create a national identification card. But advocates say it would make it harder for terrorists to operate, as well as reduce the highway death toll by helping states identify applicants whose licenses had been revoked in other states. The Senate version of the intelligence bill includes an amendment, passed by unanimous consent on Oct. 1, that would let the secretary of homeland security decide what documents a state would have to require before issuing a driver's license, and would also specify the data that the license would have to include for it to meet federal standards. The secretary could require the license to include fingerprints or eye prints. The provision would allow the Homeland Security Department to require use of the license, or an equivalent card issued by motor vehicle bureaus to nondrivers for identification purposes, for access to planes, trains and other modes of transportation. The bill does not give the department the authority to force the states to meet the federal standards, but it would create enormous pressure on them to do so. After a transition period, the department could decide to accept only licenses issued under the rules as identification at airports. The House's version of the intelligence bill, passed Friday, would require the states to keep all driver's license information in a linked database, for quick access. It also calls for "an integrated network of screening points that includes the nation's border security system, transportation system and critical infrastructure facilities that the secretary determines need to be protected against terrorist attack." The two versions will go to a House-Senate conference committee. Some civil liberties advocates say they are horrified by the proposal. "I think it means we're going to end up with a police state, essentially, by allowing the secretary of homeland security to designate the sensitive areas and allowing this integrating screening system," said Marv Johnson, the legislative counsel for the American Civil Liberties Union. If the requirement to show the identification card can be applied to any mode of transportation, he said, that could eventually include subways or highways, and the result would be "to require you to have some national ID card, essentially, in order to go from point A to point B." James C. Plummer Jr., a policy analyst at Consumer Alert, a nonprofit organization based here, said, "You're looking at a system of internal passports, basically." But a Senate aide who was involved in drafting the bipartisan language of the amendment said that in choosing where to establish a checkpoint, the provision "does not give the secretary of homeland security any new authority." The aide, who asked not to be identified because of his involvement in drafting the measure, said it would not create a national identification card but would standardize a form of identification routinely issued by states. Representative Candice S. Miller, the Michigan Republican who drafted the license section of the House measure, said, "I don't think this is anything that should cause anyone concern." Of the 50 states, 48 are members of interstate compacts that exchange information on moving violations, so that a driver from, say, Maryland, who picks up a speeding ticket in Florida will accumulate points in his home state. But Michigan and Wisconsin are not members of a compact. Ms. Miller said one purpose of the provision she wrote was to fix that problem. A spokesman for the American Association of Motor Vehicle Administrations, which represents the state officials who issue driver's licenses, said linking the databases and strengthening control over who could get a license was long overdue. "The American public should be outraged to know that departments of motor vehicles nationwide lack the capability to do the jobs we've asked them to do," said the spokesman, Jason King. In both houses, the legislation is geared to respond to numerous recommendations made by the Sept. 11 commission. For years before the terrorist attacks of Sept. 11, 2001, law enforcement officials, especially those concerned with identity theft, argued that the states should have more rigorous standards for issuing driver's licenses. But the commission pointed out that "fraud in identification documents is no longer just a problem of theft." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From measl at mfn.org Mon Oct 11 22:56:48 2004 From: measl at mfn.org (J.A. Terranson) Date: Tue, 12 Oct 2004 00:56:48 -0500 (CDT) Subject: Congress Close to Establishing Rules for Driver's Licenses In-Reply-To: References: Message-ID: <20041012005554.G77998@ubzr.zsa.bet> > In both houses, the legislation is geared to respond to numerous > recommendations made by the Sept. 11 commission. For years before the > terrorist attacks of Sept. 11, 2001, law enforcement officials, especially > those concerned with identity theft, argued that the states should have > more rigorous standards for issuing driver's licenses. But the commission > pointed out that "fraud in identification documents is no longer just a > problem of theft." Which of course neatly sidesteps the issue that a DRIVERS LICENSE is not "identification", it is proof you have some minimum competency to operate a motor vehicle... -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "An ill wind is stalking while evil stars whir and all the gold apples go bad to the core" S. Plath, Temper of Time From rsw at jfet.org Tue Oct 12 06:15:10 2004 From: rsw at jfet.org (Riad S. Wahby) Date: Tue, 12 Oct 2004 08:15:10 -0500 Subject: Congress Close to Establishing Rules for Driver's Licenses In-Reply-To: <416BBA77.1090200@gmx.co.uk> References: <20041012005554.G77998@ubzr.zsa.bet> <416BBA77.1090200@gmx.co.uk> Message-ID: <20041012131509.GC2415@jfet.org> Dave Howe wrote: > Few liquor stores (for example) accept anything else. ...except (ta-daaaa) the passport, which is universally accepted by liquor stores AFAICT. Imagine that. An _actual_ document of identification being used for approximately the correct purpose. -- Riad S. Wahby rsw at jfet.org From kelsey.j at ix.netcom.com Tue Oct 12 06:49:00 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Tue, 12 Oct 2004 09:49:00 -0400 (GMT-04:00) Subject: Financial identity is *dangerous*? (was re: Fake companies, real money) Message-ID: <28535172.1097588941261.JavaMail.root@donald.psp.pas.earthlink.net> >From: "R. A. Hettinga" >Sent: Oct 8, 2004 7:14 PM >To: cryptography at metzdowd.com, cypherpunks at al-qaeda.net >Subject: Financial identity is *dangerous*? (was re: Fake companies, real money) >Okay. So I'm coming to the conclusion that book-entry settlement, with its >absolute requirement for both "identity" and float between transactions, is >becoming more and more *un*-safe to use as internet ubiquity increases. Hmmm. I guess I don't see why this story supports that argument all that well. Clearly, book entry systems where I can do transactions in your name and you are held liable for them are bad, but that's like looking at Windows 98's security flaws and deciding that x86 processors can't support good OS security. The aspect of this that's generally spooky is not the existence of book entry payment systems, it's the ease with which someone can get credit (in one form or another) in your name, based on information they got from public records and maybe a bit of dumpster diving, some spyware installed on your machine, or a phishing expedition. How the payment systems are cleared isn't going to change that, right? (I know you've thought about this stuff a lot more than I have, so maybe I'm missing something....) >Anyone want to pick up the other side of this and tell me why not? >No bugbears or horsemen need apply... >Cheers, >RAH --John Kelsey From kelsey.j at ix.netcom.com Tue Oct 12 06:53:17 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Tue, 12 Oct 2004 09:53:17 -0400 (GMT-04:00) Subject: Implant replaces ID cards for access to restricted areas. Message-ID: <12183129.1097589198935.JavaMail.root@donald.psp.pas.earthlink.net> >From: Steve Furlong >Sent: Oct 9, 2004 7:44 AM >To: cypherpunks at al-qaeda.net >Subject: Re: Implant replaces ID cards for access to restricted areas. >On Thu, 2004-10-07 at 02:20, Nomen Nescio wrote: >> Mexican Attorney General, Staff Get Chip Implants >> >> Implant replaces ID cards for access to restricted areas. >I think I'd get the implant under my scalp somewhere. If the implant >gave access to a really critical place, I wouldn't want to risk losing >an arm or whatever. Also, I'd be able to block the implant's signals >with my nifty tinfoil hat. I've been waiting for a use for that thing. Actually, I think the protocol requires that it be placed on your forehead, right under the tattooed sixes. Or maybe I'm getting my protocols mixed up.... --John From rsw at jfet.org Tue Oct 12 08:09:26 2004 From: rsw at jfet.org (Riad S. Wahby) Date: Tue, 12 Oct 2004 10:09:26 -0500 Subject: Congress Close to Establishing Rules for Driver's Licenses In-Reply-To: <416BD933.9000105@gmx.co.uk> References: <20041012005554.G77998@ubzr.zsa.bet> <416BBA77.1090200@gmx.co.uk> <20041012131509.GC2415@jfet.org> <416BD933.9000105@gmx.co.uk> Message-ID: <20041012150926.GC4332@jfet.org> Dave Howe wrote: > And how many americans have a passport,and carry one for identification > purposes? Probably not all that many. Tangentially, I was once told that, at least in Massachusetts liquor stores, even an _expired_ passport was useful identification. Can anyone confirm that this is true other than at Sav-Mor Liquors? -- Riad S. Wahby rsw at jfet.org From rah at shipwright.com Tue Oct 12 07:52:32 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 12 Oct 2004 10:52:32 -0400 Subject: Financial identity is *dangerous*? (was re: Fake companies, real money) In-Reply-To: <28535172.1097588941261.JavaMail.root@donald.psp.pas.earthlink.net> References: <28535172.1097588941261.JavaMail.root@donald.psp.pas.earthlink.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 9:49 AM -0400 10/12/04, John Kelsey wrote: >Hmmm. I guess I don't see why this story supports that argument all >that well. More like the straw that broke the camel's back, admittedly. A long time ago I came to the conclusion that the closer we get to transaction instantaneity, the less counterparty identity matters at all. That is, the fastest transaction we can think of is a cryptographically secure glop of bits that is issued by an entity who is responsible for the integrity of the transaction and the quality of assets that the bits represent. Blind signature notes work fine for a first-order approximation. In other words, an internet bearer transaction. In such a scenario, nobody *cares* who the counterparties are for two reasons. The first reason is existential: title to the asset has transferred instantaneously. There is *no* float. I have it now, so I don't *care* who you were, because, well, it's *mine* now. :-). Second, keeping an audit trail when the title is never in question is, in the best circumstances superfluous and expensive, and, in the worst, even dangerous for any of a number of security reasons, depending on the color of your adversary's hat, or the color your adversary thinks his hat is, or whatever. Keeping track of credit card numbers in a database is an extant problem, for instance, with a known, shall we say, market cost. We'll leave political seizure and other artifacts of totalitarianism to counted by the actuaries. > Clearly, book entry systems where I can do transactions in your >name and you are held liable for them are bad, but that's like >looking at Windows 98's security flaws and deciding that x86 >processors can't support good OS security. I'm walking out on a limb here, in light of what I said above, and saying that when there's *any* float in the process, your liability for identity theft increases with the float involved. Furthermore, book-entry transactions *require* float, somewhere. They are debt-dependent. Someone has to *borrow* money to effect a transaction. (In a bearer transaction, the shoe's on the other foot, the purchaser is *loaning* money, at zero interest, but that's what the buyer wants so the system compensates accordingly, but that's another story.) Because the purchaser has to borrow money to pay, and because you *cannot* wring the float out of a transaction (that is, you can get instantaneous execution, but the transaction clears and settles at a later date; 90 days is the maximum float time for a non-repudiated credit-card transaction, for instance), I claim that book-entry transactions will *always* be liable for "identity" theft. Put another way, remember Doug Barnes' famous quip that "and then you go to jail" is not an acceptable error handling step for a transnational internet transaction protocol. I would claim that enforcement of identity as a legal concept costs too much in the long run to be useful, and that the cheapest way to avoid the whole problem is to go to systems which not only don't require identity, but they don't even require book-entry *accounts* at all to function at the user level. Financial cryptography has had that technology for more than two decades now, so long that the patent's about expired on it, if it hasn't already. >The aspect of this that's generally spooky is not the existence of >book entry payment systems, it's the ease with which someone can get >credit (in one form or another) in your name, based on information >they got from public records and maybe a bit of dumpster diving, >some spyware installed on your machine, or a phishing expedition. >How the payment systems are cleared isn't going to change that, >right? (I know you've thought about this stuff a lot more than I >have, so maybe I'm missing something....) See above. When you use book-entry transactions, by definition, you need identity. Biometric, is-a-person, go-to-jail-if-you-lie-about-a-book-entry identity. With bearer transactions, digital/internet or otherwise, you don't have identity. You don't *need* identity to execute, clear, and settle the transaction, primarily because all three happen at once. There's no float between the three activities. You don't have to send someone to jail if they lie, because the transaction never executes in the first place if they do. Now, there are tradeoffs. The first one is key management, which as Schneier likes to point out, is a hard problem. Personally, I think that if you don't have to associate a key with a flesh-and-blood body in meatspace, a whole continent full of problems just disappears. In a bearer transaction, it's orthogonal to the issue of security anyway, and all it does is cost you money to do for no added benefit. The second one is security of the digital bearer notes and coins themselves, which, frankly, scares people in the finance business most of all. However, I would claim that all organizations, and even people :-), do their *database* and document backups already, and that proper system hygiene will evolve, particularly if literal money is involved. Frankly, there already is a market for distributed data storage, and there are even working systems using m-of-n distributed data storage, which would be the most secure way to solve the problem. And, as we all know, digital bearer transactions are the best *way* to pay for those kinds of m-of-n services anyway, so it feeds on itself nicely. I think that it's less of a chicken-and-egg problem than it used to be, and I think that reality is catching up to all the theory we've kicked around on these lists for more than a decade now. The ultimate solution to the problem of identity theft is to not use identity at all, and, frankly, not even to use book-entries at all. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQWvvMcPxH8jf3ohaEQK7sQCgv7HrWERRq8oJwZWq+6K/Ekiq4mMAoKCc sc4xGjfFFKMysKjV2hRDjSsy =C/Ar -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From lloyd at randombit.net Tue Oct 12 08:16:28 2004 From: lloyd at randombit.net (Jack Lloyd) Date: Tue, 12 Oct 2004 11:16:28 -0400 Subject: Congress Close to Establishing Rules for Driver's Licenses In-Reply-To: <20041012150926.GC4332@jfet.org> References: <20041012005554.G77998@ubzr.zsa.bet> <416BBA77.1090200@gmx.co.uk> <20041012131509.GC2415@jfet.org> <416BD933.9000105@gmx.co.uk> <20041012150926.GC4332@jfet.org> Message-ID: <20041012151628.GE11270@acm.jhu.edu> On Tue, Oct 12, 2004 at 10:09:26AM -0500, Riad S. Wahby wrote: > Dave Howe wrote: > > And how many americans have a passport,and carry one for identification > > purposes? > > Probably not all that many. > > Tangentially, I was once told that, at least in Massachusetts liquor > stores, even an _expired_ passport was useful identification. Can > anyone confirm that this is true other than at Sav-Mor Liquors? Some states will take an expired passport as valid identification. -Jack From rah at shipwright.com Tue Oct 12 08:28:47 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 12 Oct 2004 11:28:47 -0400 Subject: How key Microsoft legal emails 'autodestruct' Message-ID: The Register Biting the hand that feeds IT The Register ; Software ; Original URL: http://www.theregister.co.uk/2004/10/11/ms_legal_mail_autodestruct/ How key Microsoft legal emails 'autodestruct' By John Lettice (john.lettice at theregister.co.uk) Published Monday 11th October 2004 07:23 GMT The latest court documents to be unsealed by Judge Frederick Motz in Burst.com's suit against Microsoft paint a picture of Microsoft document handling procedures which destroyed the very emails that were likely to be most relevant to several antitrust actions, Burst's included. According to Burst's lawyers Microsoft's status as "a defendant in major antitrust cases since at least 1995" means that it has a duty to preserve potentially relevant evidence. But "Microsoft adopted policies that, to put it mildly, encouraged document destruction from 1995 forward." Microsoft is still resisting Burst's attempts to have it hand over documents defining its retention policies, but a Burst brief of 27th September puts forward a forensic examination of the net effect of whatever these policies might be, accompanied by a certain amount of rolling of eyes. We, and the technology press in general, are indebted to PBS columnist Robert X Cringely for his dogged and single-handed pursuit of Burst v Microsoft. You can read his take on the latest developments here, (http://www.pbs.org/cringely/pulpit/pulpit20041007.html) and links to the court documents here. (http://www.pbs.org/cringely/links/links20041007.html) As Microsoft's retention policies remain for the moment a closely-guarded secret it would be absolutely wrong of us to draw any inference as to what they might be solely from what happens. What happens, though, is pretty damn peculiar. The system as a whole defaults to swift destruction of employees' emails, while there is clear evidence that Microsoft takes a very narrow view of whose documents may be relevant to a particular case. In some cases its choice of 'relevant' employees to be subject to retention seems perverse and misleading. So in the normal course of events documents would be destroyed swiftly, documents would be saved only by a document retention notice, and if document retention notices were not sent to the right people (the Burst brief argues that they were not), then by the time those people were properly identified the documents would almost certainly have been destroyed. Microsoft exec Jim Allchin, who seems to be shaping up as a star exhibit, instructed Windows division employees in January 2000 to delete emails from their hard drives after 30 days. "Do not be foolish," he said, "do not archive your e-mail." In response to emails about this instruction Allchin sends another which confirms the existence of an "official policy" on document retention sent company-wide in the summer of 1996, and says that this is the only written policy. Allchin however reiterates his 30 day instruction, adding an exception only for those who "have received specific instructions from Legal to retain certain documents or email that may be related to pending litigation. These instructions override the general policy." Microsoft has not yet yielded the 1996 policy, but Allchin's reference to it plus his insistence on 30 days suggests that the general policy was 30 days, from 1996 onwards. The retention of legally-relevant documents is therefore clearly dependent on Legal sending retention notices to the right people at the right time. Burst's brief at this point notes that Microsoft has confirmed it did not produce any of the Allchin email string in 12 prior cases, including DoJ v Microsoft, on the basis that, it claims, nobody asked for them. But in Sun v Microsoft, Microsoft undertook to "produce documents concerning Microsoft business policies, procedures or guidelines for document retention, to the extent such documents exist, for the period January 1, 1998 to November 30, 2002." This period covers the Allchin string, but the string was not produced, so when Microsoft confirmed that it had completed the production of documents, it was not telling the truth. The general policy, if it is the policy, of 30 days covers local storage. Email could also be saved on the Exchange servers. Microsoft however enforces rigorous limits on employee storage on these servers, and on average there appears to be space for about a month's emails per employee. No storage allocation left, no email until you delete some. In addition, emails could be saved on servers maintained by the Operations Technology Group. But as made clear previously in this case (reported here (http://www.theregister.co.uk/2004/05/24/allchin_destroy_email_claim/)), company policy is that emails should not be archived on these servers. This policy was strengthened by the addition of the words "Due to legal reasons..." in 1997, but weirdly, Microsoft claims that this bit was made up by information technology employee Candy Stark, purely to add weight to her campaign to save on storage costs. In fairness, therefore, we should consider the possibility that many other apparently incriminating things in surviving emails have been made up too. Is there a company policy on when to believe what an exec is telling you? And if there is, has it been made up? Frightening, isn't it? But the Burst brief declines to believe Stark made it up, and suggests the "legal reasons" may track back to the elusive 1996 policy, which again is cited by Stark. Archive location number four at Microsoft is provided by the servers maintained by the IT person for each individual business group. The servers most relevant to the Burst case were maintained by a Mr Ochs, who did not receive a retention notice, and who testified to routinely destroying documents on the servers. These are the very servers Microsoft has previously said it cannot reasonably search for documents, because it does not know who uses which servers. The brief puts forward several examples of cases where Microsoft failed to identify relevant employees and send them retention notices. In response to a DoJ request in 1997 it failed to identify Chris Phillips and his boss Eric Engstrom, although Phillips had led negotiations with RealNetworks and the ensuing deal was sometimes referred to internally as "the Chris Phillips deal." Microsoft did identify the in-house lawyer brought in to draft the contracts, but not Phillips or Engstrom, so both destroyed their emails. Neatly, as a Microsoft attorney the lawyer's emails were protected by attorney-client privilege, so Microsoft doesn't have to release them. Similarly Engstrom emails relevant to Intel's decision to drop development of its JMF Java Media Player have been destroyed. The Burst brief only asks for Microsoft's retention policies to be produced in camera, so even if Redmond does cough up there's no certainty we'll ever know if they explain the apparent weirdness of Microsoft document and archiving policies. But if Microsoft does have a policy to diligently retain relevant documents, well, it clearly needs to write a new policy that works instead. We at The Register have a humble suggestion. Seeing Rick Rashid of MS Labs is in the habit of touring the world telling people that storage is now pretty well cheap enough for you to just record your whole life in a lifeblog, couldn't everybody at Microsoft just... Related links Allchin named, as proof of MS email destruction policy is sought (http://www.theregister.co.uk/2004/05/24/allchin_destroy_email_claim/) Cringely PBS column (http://www.pbs.org/cringely/pulpit/pulpit20041007.html) Links to court documents (http://www.pbs.org/cringely/links/links20041007.html) -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From sunder at sunder.net Tue Oct 12 08:29:05 2004 From: sunder at sunder.net (Sunder) Date: Tue, 12 Oct 2004 11:29:05 -0400 (edt) Subject: Congress Close to Establishing Rules for Driver's Licenses In-Reply-To: <20041012150926.GC4332@jfet.org> References: <20041012005554.G77998@ubzr.zsa.bet> <416BBA77.1090200@gmx.co.uk> <20041012131509.GC2415@jfet.org> <416BD933.9000105@gmx.co.uk> <20041012150926.GC4332@jfet.org> Message-ID: Right, just because your Passport or driver's license expired, doesn't mean that you got any younger and therefore shouldn't drink. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. ------------------------------------------------------------------------- On Tue, 12 Oct 2004, Riad S. Wahby wrote: > Tangentially, I was once told that, at least in Massachusetts liquor > stores, even an _expired_ passport was useful identification. Can > anyone confirm that this is true other than at Sav-Mor Liquors? From DaveHowe at gmx.co.uk Tue Oct 12 04:05:27 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Tue, 12 Oct 2004 12:05:27 +0100 Subject: Congress Close to Establishing Rules for Driver's Licenses In-Reply-To: <20041012005554.G77998@ubzr.zsa.bet> References: <20041012005554.G77998@ubzr.zsa.bet> Message-ID: <416BBA77.1090200@gmx.co.uk> J.A. Terranson wrote: > Which of course neatly sidesteps the issue that a DRIVERS LICENSE is > not "identification", it is proof you have some minimum competency to > operate a motor vehicle... IIRC, several states have taken to issuing a "no compentency" driving licence (ie, the area that says what that licence allows you to drive/ride, normally occupied by car, motorcycle, truck or whatever, is blank) purely for use as identification. Few liquor stores (for example) accept anything else. From rah at shipwright.com Tue Oct 12 10:12:40 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 12 Oct 2004 13:12:40 -0400 Subject: UK ID cards to be issued with first biometric passports Message-ID: The Register Biting the hand that feeds IT The Register ; Internet and Law ; Digital Rights/Digital Wrongs ; Original URL: http://www.theregister.co.uk/2004/10/11/new_passport_equals_new_id_card/ UK ID cards to be issued with first biometric passports By John Lettice (john.lettice at theregister.co.uk) Published Monday 11th October 2004 07:35 GMT What's left of the 'voluntary' figleaf to the UK's ID scheme will erode in the next few months, when Home Secretary David Blunkett introduces legislation that will allow implementation of the scheme and include provision for a rolling programme to issue ID cards along with passport renewals. The new model passports are closely linked to the scheme anyway, so even without the ID card, being issued one would mean you were added to the national identity register, but the arrival of an actual card along with the new passport will make its presence far more visible, far earlier, to the general public. Previously the Home Office had said it would designate passports and driving licences as ID documents, but hadn't mentioned issuing actual ID cards with them. Blunkett announced the move some considerable way into his speech to the Labour Party Conference ten days ago. Reporting of the speech at the time concentrated on anti-crime measures and more funding for counter-terrorism, and the full text of the speech was mysteriously unavailable until a few days ago. According to this text: "... we will legislate this winter to upgrade our secure passport system, to create a new, clean database on which we will understand and know who is in or country, who is entitled to work, to services, to the something for something society which we value. As people renew their passports, they will receive their new identity card. The cost of biometrics and the card will be added to the total of passports." The increased cost of the new model passport has previously been justified on the basis that the biometrics will be needed in order for the passport to conform to new international standards. Adding the cost of the "voluntary" ID card to the passport is therefore a novel innovation. A similar approach could be adopted as the ID system rolls out to driving licences, with the licence-renewing public having no choice but to accept the ID card if they want a licence, and no choice then but to pay for it. Blunkett did not cover this in his speech, but it may be covered in the forthcoming legislation, and once these two key ID document areas are covered, the rest of the population can be slowly mopped up. The David Blunkett who announced this effectively compulsory ID regime is, strange but true, the very same David Blunkett who, in his introduction to "Legislation on Identity Cards - A Consultation" (CM6178, presented to Parliament in April 2004) said: "...we would proceed by incremental steps, building first on existing, widely held voluntary identity documents, and only taking a final decision later to move to compulsion. Eventually everyone lawfully resident in the UK would be required to register for a card - but there would be no compulsion to carry the card or to produce it without good reason. This move to compulsion would only happen once the initial stage of the scheme had proved to be successful and following a further debate and the approval of both Houses of Parliament." This is actually a pretty useful way to put it, because it allows MPs to kid themselves that we have here an incremental scheme that Parliament will have the final say-so on while giving Blunkett the freedom to crash along as fast as he likes without having actually told a flat-out lie. In this picture compulsion comes in two flavours, compulsion to register for a card and compulsion to carry one. It will not - at least in the current rounds of legislation - be compulsory to carry a card, so Parliament's approval of the move towards compulsion covers compulsion to register. The fact that people who want passports, then probably driving licences (then benefits and healthcare, as indicated in the "consultation") will have no choice but to be registered need not be viewed as tripping the compulsion switch, because within a steadily shrinking service-free pen it will be possible for people to exist without being registered. The draft bill does however include powers "to set a date when it would become compulsory to register and be issued with a card" and "This provision could only be brought in once the initial stage of the identity cards scheme was in place and following a vote in both Houses of Parliament on a detailed report which sets out all the reasons for the proposed move to compulsion." We think we can save the Home Office some money here. The report should say: "We might as well because nearly everyone has a card already." And, Blunkett hopes, because it's loved. In his speech he went on to say: "We will have, for the first time, an opportunity to use the card not simply in terms of protection, but to promote our citizenship, to value the fact that being a citizen, taking on citizenship is a tremendous step as part of our mutuality, as communities and a nation." So once we've all been compelled to register for it and pay for it, we'll rejoice over it, and the ID card will become a symbol of national pride, social cohesion and unity. Nice hive you've got there, David... Blunkett's speech also mentioned Tony Blair's electronic border surveillance announcement, made the previous day with considerably more fanfare. This meant, he said: "In two years time we will have up and running the most sophisticated system in the world." Which, as we pointed out here, (http://www.theregister.co.uk/2004/09/29/uk_intros_semaphore_capps_uk/) is tripe. It checks the lists of passengers bound for the UK against "databases of individuals who pose a security risk," and if this counts as sophistication round at the Home Office we're in just as bad a mess as we think we're in. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Tue Oct 12 10:40:56 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 12 Oct 2004 13:40:56 -0400 Subject: Congress Close to Establishing Rules for Driver's Licenses Message-ID: Can't specifically confirm that, but this last summer I traveled to several countries (and back into the US) using an expired passport as ID (and no, they didn't just forget to read the date, the expired passport was officially acceptable). -TD >From: "Riad S. Wahby" >To: Cypherpunks >Subject: Re: Congress Close to Establishing Rules for Driver's Licenses >Date: Tue, 12 Oct 2004 10:09:26 -0500 > >Dave Howe wrote: > > And how many americans have a passport,and carry one for identification > > purposes? > >Probably not all that many. > >Tangentially, I was once told that, at least in Massachusetts liquor >stores, even an _expired_ passport was useful identification. Can >anyone confirm that this is true other than at Sav-Mor Liquors? > >-- >Riad S. Wahby >rsw at jfet.org _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar � get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ From camera_lumina at hotmail.com Tue Oct 12 10:43:47 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 12 Oct 2004 13:43:47 -0400 Subject: Cash, Credit -- or Prints? Message-ID: Very interesting question. I'd bet almost any amount of money that it's fairly trivial to simply alligator-clip-out the fingerprint's file from almost any of the cheaper devices. Hell, I'd bet that's true even of more expensive "secure" devices as well. -TD >From: Frank Siebenlist >To: "R.A. Hettinga" >CC: cryptography at metzdowd.com, cypherpunks at al-qaeda.net >Subject: Re: Cash, Credit -- or Prints? >Date: Mon, 11 Oct 2004 17:34:19 -0700 > >Can anyone explain how sophisticated those fingerprint readers are? > >Are there readers out there that by themselves are secure devices and >essentially are able to talk with their servers thru the PCs/workstations >over a protocol such that any man-in-the-middle, like a driver, can not >learn anything from the traffic? >(...and all that for less than $40, of course...) > >If not, would a trojan then be able to capture your fingerprint's >digital-fingerprint, and impersonate you from any other node on the >network? > >-Frank. > > > >R.A. Hettinga wrote: > >> >> >>The Wall Street Journal >> >> >>October 11, 2004 >> >> >>Cash, Credit -- or Prints? >>Fingerprints May Replace >>Money, Passwords and Keys; >>One Downside: Gummi Fakes >> >>By WILLIAM M. BULKELEY >>Staff Reporter of THE WALL STREET JOURNAL >>October 11, 2004; Page B1 >> >> >>Fingerprints aren't just for criminals anymore. Increasingly, they are for >>customers. >> >>Fingerprint identification is being used to speed up checkouts at Piggly >>Wiggly supermarkets in South Carolina, and to open storage lockers at the >>Statue of Liberty. Fingerprints are also being used as password >>substitutes >>in cellphones and laptop computers, and in place of combinations to open >>up >>safes. >> >>But these aren't the fingerprints of yore, in which the person placed his >>hand on an ink pad, then on paper. Instead, the user sets his hand on a >>computerized device topped with a plate of glass, and an optical reader >>and >>special software and chips identify the ridges and valleys of the >>fingertips. >> >>Fingerprint technology seems to be reaching critical mass and is spreading >>faster than other widely promoted "biometric" identification methods, such >>as eyeball scanning, handprint-geometry reading and facial recognition. >>Interest in these and other new security systems was heightened by the >>September 2001 terror attacks. >> >>"Fingerprints will be dominant for the foreseeable future," says Don >>McKeon, the product manager for biometric security at International >>Business Machines Corp. >> >>One reason fingerprint-security is spreading is that technological >>advances >>are bringing the cost down. Microsoft Corp. recently introduced a >>stand-alone fingerprint reader for $54, and a keyboard and a mouse with >>fingerprint readers. Last week, IBM said it would start selling laptop >>computers with fingerprint readers built in. These products reduce the >>need >>for personal-computer users to remember passwords. >> >>A customer uses a fingerprint reader to pay at a Piggly Wiggly store, >>cutting his checkout time. >> >> >> >>Earlier this year, American Power Conversion Corp., a Rhode Island company >>that makes backup computer batteries, started selling a fingerprint reader >>for PCs with a street price of $45 -- less than half the price of >>competitors at the time. American Power says it has sold tens of thousands >>of the devices since. >> >>Korea's LG Electronics Inc. has introduced a cellphone with a silicon chip >>at its base that requires the owner's finger to be swiped across its >>surface before the phone can be used. This summer, NTT DoCoMo Inc. started >>selling a similar phone reader that is being used on Japanese trains as an >>electronic wallet to pay fares or to activate withdrawals from on-board >>cash machines. >> >>Proponents have never had trouble explaining the benefits of fingerprints >>as payment-and-password alternatives: Each person has a unique set, and >>their use is established in the legal system as an authoritative means of >>identification. But some people are uneasy about registering their >>fingerprints because of the association with criminality and the potential >>that such a universal identifier linked to all personal information would >>reduce privacy. >> >>Moreover, numerous businesses and governments have tested fingerprint >>systems in the past only to rip them out when the hype failed to match >>reality. That's partly because the optical readers have had problems with >>certain people's fingers. Elderly people with dry skin, children who >>pressed down too hard, even women with smaller fingers -- including many >>Asians -- were often rejected as unreadable. >> >>Security experts also have successfully fooled some systems by making >>plaster molds of fingers and then creating fake fingers by filling the >>molds with Silly-Putty-type plasticizers or gelatin similar to that used >>in >>candy Gummi Bears. >> >>But advocates say the rate of false rejections of legitimate users has >>been >>greatly reduced by improved software. "I'd say 99% of people can register" >>their fingers, says Brad Hill, who installed fingerprint-controlled >>lockers >>at his souvenir store at the Statue of Liberty this summer when the >>National Park Service forbade tourists from entering the statue while >>carrying packages. Mr. Hill was worried that tourists would lose locker >>keys when security screeners forced them to empty their pockets. >> >>Some makers of readers also say their technology can solve the fake-finger >>problem by taking readings from below the surface skin layer. Or they >>suggest combining four-digit ID codes with fingerprint scanning to >>virtually eliminate false readings. >> >>Makers of fingerprint readers acknowledge the privacy concerns. But they >>maintain that the threat of personal invasion is minimized because most >>systems don't store the actual print, but instead use it to generate a >>unique series of numbers that can't be reverse-engineered to re-create the >>print. And public willingness to submit to fingerprint readers has soared >>since the 2001 terrorist attacks, as the need for security overcomes >>worries about unwarranted intrusion. >> >>While the market for fingerprint readers is small, it is growing fast. >>International Biometric Group, a New York market-research firm, predicts >>that sales will rise 86% to $368 million this year from $198 million last >>year. AuthenTec Inc., of Melbourne, Fla., which makes the >>fingerprint-reading chips used in the LG cellphone, expects to ship more >>than three million of them this year, triple the level of 2003. Their >>price >>has fallen below $6 apiece, and Scott Moody, AuthenTec's chief executive, >>sees that dropping below $4 next year. >> >>Ubiquitous use of fingerprints could eliminate a huge consumer headache: >>remembering passwords for various Web sites. With American Power's >>fingerprint reader, users register all of their passwords online, along >>with the associated Web sites. Then they never have to type in a password >>again. >> >>"Our parents didn't deal with the problem of remembering 20 passwords, and >>our grandkids won't even know what they are," says IBM's Mr. McKeon. >> >>Potentially, fingerprint readers also could replace credit and debit >>cards. >>Pay by Touch Co., a closely held San Francisco company that is working >>with >>IBM, installs fingerprint readers in retail stores where customers can >>register their fingers by touching the pad five times. Then they can >>register supermarket loyalty cards and several credit card-numbers. They >>even can use the fingerprint reader to withdraw money from a checking >>account at the cash register. >> >>Another use: A consumer could register a driver's license and his or her >>age with the system, so clerks won't have to examine identification cards >>for purchases of beer or cigarettes. The next time the customer checks >>out, >>he or she just touches the pad, enters his or her phone number and selects >>from the list of payment options. Pay by Touch, which charges retailers 5 >>to 10 cents per transaction, claims the system reduces checkout time by >>30%. >> >>One early user of Pay by Touch are a handful of Piggly Wiggly >>supermarkets. >>After installing the system in four stores in July, "a good, strong >>percentage of our transactions are done by touch" already, says David >>Schools, senior vice president of Piggly Wiggly Carolina Inc., based in >>Charleston. He declined to be more specific. The chain hopes that >>customers >>will register checking accounts and make electronic withdrawals via >>fingerprint ID to pay for purchases, which would save the grocer steep >>credit-card or debit-card fees. >> >>IBM says that convenience stores are experimenting with fingerprints as an >>alternative to radio-frequency identification cards like Exxon Mobil >>Corp.'s Speedpass, to deal with the "sweaty jogger problem" -- cashless >>runners coming in for coffee or Gatorade. The problem with RFID cards is >>that anyone can use one that is lost or stolen. Not so with fingerprints. >> >>Jeff Baughan, vice president of information technology at Catholic Health >>Systems in Buffalo, N.Y., says he anticipates some day installing wireless >>readers on the carts used by nursers that would read patients' fingers, to >>double-check that the right patient gets the right medicine. Currently, >>the >>health-care system is installing Ultra-Scan Corp. devices that read >>fingers >>to register incoming patients and make sure that different people aren't >>using the same insurance card. >> >>Fingerprint-scanner authorization also is being used by business owners as >>a replacement for lock combinations on safes. "Traditionally, two people >>are given the same combination, and if there's a loss, how can you figure >>out who took it?" says Edward McGunn, president of Corporate Safe >>Specialists Inc., of Posen, Ill. He predicts that within two years, 80% of >>his sales will be fingerprint safes, partly because it's much simpler to >>train an unskilled manager to open one. "This is the most exciting time to >>be in the safe business in my lifetime," says Mr. McGunn, a >>third-generation safe maker. >> >> > >-- >Frank Siebenlist franks at mcs.anl.gov >The Globus Alliance - Argonne National Laboratory > >--------------------------------------------------------------------- >The Cryptography Mailing List >Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com _________________________________________________________________ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement From rah at shipwright.com Tue Oct 12 11:15:53 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 12 Oct 2004 14:15:53 -0400 Subject: Airline ID requirement faces legal challenge Message-ID: USA Today Airline ID requirement faces legal challenge By Richard Willing, USA TODAY At a time when Americans have come to expect tight security for air travel, it might seem to be an odd question: Does requiring airline passengers to show identification before they board domestic flights amount to an "unreasonable search" under the Constitution? John Gilmore is challenging the federal domestic airline ID requirement, saying it violates his right to travel in the USA anonymously. File photo Yes, says John Gilmore, a computer whiz who made a fortune as an early employee of Sun Microsystems. His challenge of the federal ID requirement, which soon could get a hearing before a U.S. appeals court in San Francisco, is one of the latest court battles to test the balance between security concerns and civil liberties. At issue is Gilmore's claim that checking the IDs of passengers on domestic flights violates his right to travel throughout the USA anonymously, without the government monitoring him. Lawyers involved in the case say it apparently is the first such challenge to the federal rules that require airline passengers to provide identification. In a similar case, two peace activists are suing the U.S. government to determine how their names came to be placed on a federal "no-fly list." Rebecca Gordon and Janet Adams were not allowed to board a San Francisco to Boston flight in August 2002 after they were told that their names were on a "secret FBI" list of potential security threats, their court filing says. "I believe I have a right to travel in my own country without presenting what amounts to an internal passport," Gilmore, 49, said in an interview. "I have a right to be anonymous, (to not) be tracked by my government for no good reason." Gilmore said he has no problem with security checks that focus on passengers' luggage. He says he also does not object to having to present a passport to board flights to other countries. Some privacy groups say Gilmore has a point. But others who support the ID requirement have cast the San Francisco resident as being out of touch with the realities of air travel since the Sept. 11 attacks. Kent Scheidegger, counsel for the Criminal Justice Legal Foundation, a conservative group in Sacramento, says the ID requirement is good policy and "eminently constitutional." "The Fourth Amendment forbids not searches that you don't like, it forbids unreasonable searches," he says. "Nothing could be more reasonable at this time than to know who you're flying with." The Justice Department is fighting Gilmore's claim. Acting on the department's motion, a U.S. district court judge in San Francisco dismissed the suit last March. Gilmore has appealed; a hearing before the 9th Circuit Court of Appeals is likely to be scheduled after briefs are filed next month. In court papers, the Justice Department has not defended the ID policy, or even acknowledged it exists. It has said national security law requires that this aspect of the case be argued in a courtroom closed to the public, including Gilmore. The appeals court denied the government's secrecy request Sept. 20, and the government has asked the court to reconsider. Rules on the Transportation Security Administration's Web site say passengers 18 and older need one form of government-issued photo identification or two forms of non-photo identification to board domestic flights. Airlines adopted such a policy on their own after terrorists bombed an international flight over Lockerbie, Scotland, in December 1988. The bomb that killed all 270 passengers on the jet was said to have been placed in a passenger's luggage by a terrorist who got into a restricted area. The airlines say checking IDs against luggage and passenger information is a way to deny terrorists access to flights. The TSA, formed two years ago in the wake of the Sept. 11 attacks, checks IDs to verify passenger identities and to check them against "watch lists" of known or suspected terrorists. Gilmore's suit says the requirement amounts to an unreasonable search, a "burden" on the right to travel and a form of self-incrimination because it singles out "anonymous travelers" for searching. Gilmore said the ID requirement does little to ensure security. "Ordinary citizens may show correct identification, but do we really think that someone who is willing to commit a terrorist act won't also be willing to present false identification?" Gilmore's suit was filed in 2002, after he was denied seats on two flights at the airport in Oakland. It was his first domestic flight since the 9/11 attacks. Before then, Gilmore said, he was permitted to board flights after presenting a Federal Aviation Administration document that said showing IDs was optional. In 1982, Gilmore, a computer programmer, was the first person hired by the founders of what became Sun Microsystems. He retired eight years ago with what his publicist, Bill Scannell, calls "multiples" of millions of dollars. Since then, Gilmore said, he has worked to promote "individual rights," in part by sponsoring a foundation that is critical of travel restrictions and what he considers violations of speech and privacy rights. Last year, before taking off on a British Airways flight from San Francisco to London, Gilmore angered fellow travelers by refusing to remove a blue button on his lapel that had the words "suspected terrorist" imposed over the picture of an airliner. After a delay, the pilot went back to the gate and ordered Gilmore off the jet. While his case moves through court, Gilmore has remained grounded when it comes to domestic travel. He hired friends to drive him to San Diego and across the country to attend board meetings of corporate and non-profit groups. He took a driving vacation to Oregon. Invited to a family reunion in Massachusetts, he thought of chartering a private plane but balked at the $33,000 price. "Yes, it can be inconvenient at times," Gilmore said of his fight against the ID requirement. "But I believe I'm right." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Oct 12 11:16:20 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 12 Oct 2004 14:16:20 -0400 Subject: U.S. Funds Chat-Room Surveillance Study Message-ID: The Washington Post washingtonpost.com U.S. Funds Chat-Room Surveillance Study By Michael Hill The Associated Press Monday, October 11, 2004; 8:31 PM TROY, N.Y. -- Amid the torrent of jabber in Internet chat rooms - flirting by QTpie and BoogieBoy, arguments about politics and horror flicks - are terrorists plotting their next move? The government certainly isn't discounting the possibility. It's taking the idea seriously enough to fund a yearlong study on chat room surveillance under an anti-terrorism program. A Rensselaer Polytechnic Institute computer science professor hopes to develop mathematical models that can uncover structure within the scattershot traffic of online public forums. Chat rooms are the highly popular and freewheeling areas on the Internet where people with self-created nicknames discuss just about anything: teachers, Kafka, cute boys, politics, love, root canal. They are also places where malicious hackers have been known to trade software tools, stolen passwords and credit card numbers. The Pew Internet & American Life Project estimates that 28 million Americans have visited Internet chat rooms. Trying to monitor the sea of traffic on all the chat channels would be like assigning a police officer to listen in on every conversation on the sidewalk - virtually impossible. Instead of rummaging through megabytes of messages, RPI professor Bulent Yener will use mathematical models in search of patterns in the chatter. Downloading data from selected chat rooms, Yener will track the times that messages were sent, creating a statistical profile of the traffic. If, for instance, RatBoi and bowler1 consistently send messages within seconds of each other in a crowded chat room, you could infer that they were speaking to one another amid the "noise" of the chat room. "For us, the challenge is to be able to determine, without reading the messages, who is talking to whom," Yener said. In search of "hidden communities," Yener also wants to check messages for certain keywords that could reveal something about what's being discussed in groups. The $157,673 grant comes from the National Science Foundation's Approaches to Combat Terrorism program. It was selected in coordination with the nation's intelligence agencies. The NSF's Leland Jameson said the foundation judged the proposal strictly on its broader scientific merit, leaving it to the intelligence community to determine its national security value. Neither the CIA nor the FBI would comment on the grant, with a CIA spokeswoman citing the confidentiality of sources and methods. Security officials know al-Qaida and other terrorist groups use the Internet for everything from propaganda to offering tips on kidnapping. But it's not clear if terrorists rely much on chat rooms for planning and coordination. Michael Vatis, founding director of the National Infrastructure Protection Center and now a consultant, said he had heard of terrorists using chat rooms, which he said offer some security as long as code phrases are used. Other cybersecurity experts doubted chat rooms' usefulness to terrorists given the other current options, from Web mail to hiding messages on designated Web pages that can only be seen by those who know where to look. "In a world in which you can embed your message in a pixel on a picture on a home page about tea cozies, I don't know whether if you're any better if you think chat would be any particular magnet," Jonathan Zittrain, an Internet scholar at Harvard Law School. Since they are focusing on public chat rooms, authorities are not violating constitutional rights to privacy when they keep an eye on the traffic, experts said. Law enforcement agents have trolled chat rooms for years in search of pedophiles, sometimes adopting profiles making it look like they are young teens. But the idea of the government reviewing massive amounts of public communications still raises some concerns. Mark Rasch, a former head of the Justice Department's computer crimes unit, said such a system would bring the country one step closer to the Pentagon's much-maligned Terrorism Information Awareness program. Research on that massive data-mining project was halted after an uproar over its impact on privacy. "It's the ability to gather and analyze massive amounts of data that creates the privacy problem," Rasch said, "even though no individual bit of data is particularly private." ) 2004 The Asso -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From DaveHowe at gmx.co.uk Tue Oct 12 06:16:35 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Tue, 12 Oct 2004 14:16:35 +0100 Subject: Congress Close to Establishing Rules for Driver's Licenses In-Reply-To: <20041012131509.GC2415@jfet.org> References: <20041012005554.G77998@ubzr.zsa.bet> <416BBA77.1090200@gmx.co.uk> <20041012131509.GC2415@jfet.org> Message-ID: <416BD933.9000105@gmx.co.uk> Riad S. Wahby wrote: > ...except (ta-daaaa) the passport, which is universally accepted by > liquor stores AFAICT. And how many americans have a passport,and carry one for identification purposes? From sunder at sunder.net Tue Oct 12 11:33:25 2004 From: sunder at sunder.net (Sunder) Date: Tue, 12 Oct 2004 14:33:25 -0400 (edt) Subject: cryptome.org down? Message-ID: DNS seems to resolve, but never get to the web server. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. ------------------------------------------------------------------------- From rah at shipwright.com Tue Oct 12 12:46:10 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 12 Oct 2004 15:46:10 -0400 Subject: [osint] Al-Qa'ida 'Survival Kit' Instructs Workers on Individual Conduct Message-ID: --- begin forwarded text To: "Bruce Tefft" Thread-Index: AcSwgCBCG86YBOQdR3ixx7GwrZekMQAC8ROg From: "Bruce Tefft" Mailing-List: list osint at yahoogroups.com; contact osint-owner at yahoogroups.com Delivered-To: mailing list osint at yahoogroups.com Date: Tue, 12 Oct 2004 14:47:48 -0400 Subject: [osint] Al-Qa'ida 'Survival Kit' Instructs Workers on Individual Conduct Reply-To: osint at yahoogroups.com Al-Qa'ida 'Survival Kit' Instructs Workers on Individual Conduct An Al Qaeda survival kit, available to the media in the United States and obtained also by Dawn, reveals how Osama bin Laden's network and its supporters among the Taliban and other similar groups are preparing to survive the US-led "war against terrorism". The kit has been printed in several languages and is being distributed secretly among Al Qaeda followers in Afghanistan and Pakistan. The instructions aim to prepare the Taliban and Al Qaeda workers and their sympathizers to survive on their own and also on how to communicate with their central leaders without exposing them. The contents show the groups are well aware of the changes brought about by the "war on terrorism" and realise they can no longer work openly. That's why they seem to be preparing for a long, clandestine war with the United States and its allies. Decentralization and secrecy are the two key elements of their new strategy, which they hope to prolong also by exploiting religious sentiments of the people they live with. The point the survival kit emphasizes repeatedly is the need for the Taliban and Al Qaeda workers to "merge with the masses" and thus "become indistinguishable" from the rest of the people. The copy obtained by Dawn comes complete with the pictures of 18 Al Qaeda leaders who are on the FBI's most-wanted list. The first picture is that of the network's leader Osama bin Laden, followed by his deputy Aiman al Zawahiri and other top operatives. A caption above the pictures declares: "These are Mujahideen, not dangerous religious terrorists". "Every member will take all necessary precautions in his personal and social life to protect the group and its leadership ... in his personal life, each member shall merge completely with the society he lives in so that he is indistinguishable from other members of the society." Some of the instructions in the kit for Al Qaeda and Taliban units are: "If you live in an area where people wear Western dresses, you also dress like them ... if the majority in that area has a secular mindset, do not express your religious sentiments." "Look closely at the ethnic complexion of your neighbourhood ... if the area has a large number of people from ethnic groups that support the government, stay away from them because they often spy for intelligence agencies." "Don't visit the local mosque regularly. Instead say your prayers at your residence, even the weekly Friday prayer ... while looking for a residence, have a credible, cover story that you will tell the landlord. Always stick to that story." "Don't roam around with beard and Islamic dress in fashionable neighbourhoods. Always take out the chip of the mobile [phone] while sleeping to avoid being caught. Use mobile [phone] from a crowded place so police don't locate the position. Don't write the original numbers of Mujahideen in a notebook; try to memorize the last three digits. "If you live in an area where people do not have cars, avoid using vehicles ... if you have to stay inside your residence when other people go to work, be quiet. Do not draw attention." The kit also contains tips on the use of a cellphone: "Use a cellphone only when you must and an alternative means of communication is not available ... it is better not to use cell phones at all ... if you must use a cell phone, use the one obtained under fake name and address ... never use a phone provided by your 'nazm' [management] for calling a friend or a relative ... if you ask your friends to call you, give them a specific time and keep your phone open only when you are expecting a call." "Do not receive a phone at your residence, do so at a bazaar or at an open space and shut off the phone and disconnect the battery as soon as you finish the conversation." How Al Qaeda members must use the Internet: "For using the Internet, you must go to an internet cafe ... never visit a site that can reveal your identity, such as those belonging to FBI, Al Qaeda or the Mujahideen ... when opening an e-mail account, go to an internet cafe, never do it at home ... never use the same internet cafe again and again ... before leaving the cafe, remove all evidence, never leave any trace ... while sending an e-mail, never use the language that could reveal your ideological commitment." "Write your message in a word processor, compose, cut, paste and send. And then disconnect. Never let your e-mail open to write a message." police interrogation: How to deal with police interrogation: "If unfortunately, a friend is arrested, he should remember two things: do not assume that the police know everything because they do not and always try to protect your friends and colleagues." "The police may try to make you believe that they already know everything and that if you lie or try to hide information from them, you will unnecessarily expose yourself to torture." "The place you are arrested from is important. If you are arrested from home, you will face a different set of questions than those arrested from a place of operation or from a Mujahideen hideout." "While being interrogated, try to guess if the interrogator suspects that you are a Mujahid or he knows you are one and vary your responses accordingly ... the investigators are humans like you, so do not let them bully you or enjoy unnecessary influence over you." "The key point is: you are not guilty unless proven, so do not let your answers (be used) as evidence against you. Do not let your answers lead the interrogators to other friends." [Description of Source: Karachi Dawn in English -- Internet version of most widely read English-language daily] FBIS Source-Date: 10/12/2004 [Non-text portions of this message have been removed] ------------------------ Yahoo! Groups Sponsor --------------------~--> Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar. Now with Pop-Up Blocker. Get it for free! http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/TySplB/TM --------------------------------------------------------------------~-> -------------------------- Want to discuss this topic? Head on over to our discussion list, discuss-osint at yahoogroups.com. -------------------------- Brooks Isoldi, editor bisoldi at intellnet.org http://www.intellnet.org Post message: osint at yahoogroups.com Subscribe: osint-subscribe at yahoogroups.com Unsubscribe: osint-unsubscribe at yahoogroups.com *** FAIR USE NOTICE. This message contains copyrighted material whose use has not been specifically authorized by the copyright owner. OSINT, as a part of The Intelligence Network, is making it available without profit to OSINT YahooGroups members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of intelligence and law enforcement organizations, their activities, methods, techniques, human rights, civil liberties, social justice and other intelligence related issues, for non-profit research and educational purposes only. We believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/osint/ <*> To unsubscribe from this group, send an email to: osint-unsubscribe at yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From kelsey.j at ix.netcom.com Tue Oct 12 13:10:10 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Tue, 12 Oct 2004 16:10:10 -0400 (GMT-04:00) Subject: Cash, Credit -- or Prints? Message-ID: <19372866.1097611811150.JavaMail.root@ernie.psp.pas.earthlink.net> >From: Tyler Durden >Sent: Oct 12, 2004 1:43 PM >To: franks at mcs.anl.gov >Cc: cypherpunks at al-qaeda.net >Subject: Re: Cash, Credit -- or Prints? ... >Very interesting question. I'd bet almost any amount of money that it's >fairly trivial to simply alligator-clip-out the fingerprint's file from >almost any of the cheaper devices. Hell, I'd bet that's true even of more >expensive "secure" devices as well. I don't think the readers store an image of the fingerprint, just some information to make it easy to verify a match. I don't think you could reconstruct a fingerprint from that information, though you could presumably reconstruct a fingerprint image that would fool the detector. >From what I've seen, the whole field of biometrics needs a lot of work on characterizing the attacks and defenses against them, and coming up with reasonable ways to verify that a reader resists some attack. I think individual vendors often have some ideas about this (though I gather their defenses are often disabled to keep the false reject rate acceptably low), but there doesn't seem to be a clean process for determining how skilled an attacker needs to be to, say, scan my finger once, and produce either a fake finger or a machine for projecting a fake fingerprint into the reader. Anyone know whether some kind of standard for this exists? >-TD --John From jya at pipeline.com Tue Oct 12 16:19:21 2004 From: jya at pipeline.com (John Young) Date: Tue, 12 Oct 2004 16:19:21 -0700 Subject: cryptome.org down? In-Reply-To: Message-ID: The site has been overloaded for a couple of days due to heavy hits on files on the Indymedia UK takedown and the "Bush bulge." A Slashdot attack added to that yesterday but has gone away. Today The Reg cited the Bush bulge file and the overload restarted. It'll pass shortly, maybe. From camera_lumina at hotmail.com Tue Oct 12 13:59:06 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 12 Oct 2004 16:59:06 -0400 Subject: Airline ID requirement faces legal challenge Message-ID: Actually, this story is quite the media bellweather. This one treats the case purely as "Gilmore wants to fly anonymously", while even some other mainline media are reporting it as, "Gilmore is questioning the legality of hidden laws". I guess USA Today still feels it has an audience worth pandering to. -TD >From: "R.A. Hettinga" >To: cypherpunks at al-qaeda.net, cryptography at metzdowd.com >Subject: Airline ID requirement faces legal challenge >Date: Tue, 12 Oct 2004 14:15:53 -0400 > > > >USA Today > > > >Airline ID requirement faces legal challenge >By Richard Willing, USA TODAY >At a time when Americans have come to expect tight security for air travel, >it might seem to be an odd question: Does requiring airline passengers to >show identification before they board domestic flights amount to an >"unreasonable search" under the Constitution? > >John Gilmore is challenging the federal domestic airline ID requirement, >saying it violates his right to travel in the USA anonymously. >File photo > >Yes, says John Gilmore, a computer whiz who made a fortune as an early >employee of Sun Microsystems. His challenge of the federal ID requirement, >which soon could get a hearing before a U.S. appeals court in San >Francisco, is one of the latest court battles to test the balance between >security concerns and civil liberties. > > At issue is Gilmore's claim that checking the IDs of passengers on >domestic flights violates his right to travel throughout the USA >anonymously, without the government monitoring him. > > Lawyers involved in the case say it apparently is the first such >challenge >to the federal rules that require airline passengers to provide >identification. In a similar case, two peace activists are suing the U.S. >government to determine how their names came to be placed on a federal >"no-fly list." Rebecca Gordon and Janet Adams were not allowed to board a >San Francisco to Boston flight in August 2002 after they were told that >their names were on a "secret FBI" list of potential security threats, >their court filing says. > >"I believe I have a right to travel in my own country without presenting >what amounts to an internal passport," Gilmore, 49, said in an interview. >"I have a right to be anonymous, (to not) be tracked by my government for >no good reason." > >Gilmore said he has no problem with security checks that focus on >passengers' luggage. He says he also does not object to having to present a >passport to board flights to other countries. > > Some privacy groups say Gilmore has a point. But others who support the >ID >requirement have cast the San Francisco resident as being out of touch with >the realities of air travel since the Sept. 11 attacks. > >Kent Scheidegger, counsel for the Criminal Justice Legal Foundation, a >conservative group in Sacramento, says the ID requirement is good policy >and "eminently constitutional." > >"The Fourth Amendment forbids not searches that you don't like, it forbids >unreasonable searches," he says. "Nothing could be more reasonable at this >time than to know who you're flying with." > > The Justice Department is fighting Gilmore's claim. Acting on the >department's motion, a U.S. district court judge in San Francisco dismissed >the suit last March. Gilmore has appealed; a hearing before the 9th Circuit >Court of Appeals is likely to be scheduled after briefs are filed next >month. > >In court papers, the Justice Department has not defended the ID policy, or >even acknowledged it exists. It has said national security law requires >that this aspect of the case be argued in a courtroom closed to the public, >including Gilmore. The appeals court denied the government's secrecy >request Sept. 20, and the government has asked the court to reconsider. > > Rules on the Transportation Security Administration's Web site say >passengers 18 and older need one form of government-issued photo >identification or two forms of non-photo identification to board domestic >flights. > > Airlines adopted such a policy on their own after terrorists bombed an >international flight over Lockerbie, Scotland, in December 1988. The bomb >that killed all 270 passengers on the jet was said to have been placed in a >passenger's luggage by a terrorist who got into a restricted area. The >airlines say checking IDs against luggage and passenger information is a >way to deny terrorists access to flights. > >The TSA, formed two years ago in the wake of the Sept. 11 attacks, checks >IDs to verify passenger identities and to check them against "watch lists" >of known or suspected terrorists. > >Gilmore's suit says the requirement amounts to an unreasonable search, a >"burden" on the right to travel and a form of self-incrimination because it >singles out "anonymous travelers" for searching. > >Gilmore said the ID requirement does little to ensure security. "Ordinary >citizens may show correct identification, but do we really think that >someone who is willing to commit a terrorist act won't also be willing to >present false identification?" > >Gilmore's suit was filed in 2002, after he was denied seats on two flights >at the airport in Oakland. It was his first domestic flight since the 9/11 >attacks. Before then, Gilmore said, he was permitted to board flights after >presenting a Federal Aviation Administration document that said showing IDs >was optional. > >In 1982, Gilmore, a computer programmer, was the first person hired by the >founders of what became Sun Microsystems. He retired eight years ago with >what his publicist, Bill Scannell, calls "multiples" of millions of >dollars. > >Since then, Gilmore said, he has worked to promote "individual rights," in >part by sponsoring a foundation that is critical of travel restrictions and >what he considers violations of speech and privacy rights. > >Last year, before taking off on a British Airways flight from San Francisco >to London, Gilmore angered fellow travelers by refusing to remove a blue >button on his lapel that had the words "suspected terrorist" imposed over >the picture of an airliner. After a delay, the pilot went back to the gate >and ordered Gilmore off the jet. > >While his case moves through court, Gilmore has remained grounded when it >comes to domestic travel. > >He hired friends to drive him to San Diego and across the country to attend >board meetings of corporate and non-profit groups. He took a driving >vacation to Oregon. Invited to a family reunion in Massachusetts, he >thought of chartering a private plane but balked at the $33,000 price. > >"Yes, it can be inconvenient at times," Gilmore said of his fight against >the ID requirement. "But I believe I'm right." > > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! hthttp://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From morlockelloi at yahoo.com Tue Oct 12 23:19:19 2004 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Tue, 12 Oct 2004 23:19:19 -0700 (PDT) Subject: (un)intended anonymity feature of gmail Message-ID: <20041013061919.9527.qmail@web40614.mail.yahoo.com> Unless I'm missing something obvious, it seems impossible to divine the origination IP address from gmail-sourced e-mail headers. The first IP (the last header) has 10.*.*.* form and is of course internal to google. This is not the case with any other e-mail service I know of (mixmaster excluded), the real originating IP is always included. So the recipient of gmail message has no way of determining what the sender's real IP is. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com From measl at mfn.org Wed Oct 13 01:50:21 2004 From: measl at mfn.org (J.A. Terranson) Date: Wed, 13 Oct 2004 03:50:21 -0500 (CDT) Subject: Poor privacy protection in the states In-Reply-To: References: Message-ID: <20041013034759.S77998@ubzr.zsa.bet> On Wed, 13 Oct 2004, Nomen Nescio wrote: > Why don't Americans honour security and privacy higher? Good question. Basically, we're a bunch of closet fascists. > Look at this page > http://www.ci.stpaul.mn.us/depts/police/prostitution_photos_current.ht > ml Hey, Tinklenberg, Chi Christine Home: Saint Paul, MN Age: 34 Height: 5-03 Weight: 120 is kinda cute! > Which is from a police department! > http://www.ci.stpaul.mn.us/depts/police/ > > > If we look at the spirit of this quote I don't see how it is ok to > behave in this abusive manner by the authorities. Join the club. next... > "The right of the people to be secure in their persons, houses, > papers and effects, against unreasonable searches and seizures, shall > not be violated..." > > (from the fourth amendment, US constitution) Um, I'm sorry - maybe you hadn't heard yet: that old piece of paper was superceded on 11 Sep 01, when "everything changed". -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF "An ill wind is stalking while evil stars whir and all the gold apples go bad to the core" S. Plath, Temper of Time From jamesd at echeque.com Wed Oct 13 09:27:20 2004 From: jamesd at echeque.com (James A. Donald) Date: Wed, 13 Oct 2004 09:27:20 -0700 Subject: Financial identity is *dangerous*? (was re: Fake companies, real money) In-Reply-To: References: <28535172.1097588941261.JavaMail.root@donald.psp.pas.earthlink.net> Message-ID: <416CF4F8.1291.53B440E@localhost> -- On 12 Oct 2004 at 10:52, R.A. Hettinga wrote: > A long time ago I came to the conclusion that the closer we > get to transaction instantaneity, the less counterparty > identity matters at all. That is, the fastest transaction we > can think of is a cryptographically secure glop of bits that > is issued by an entity who is responsible for the integrity > of the transaction and the quality of assets that the bits > represent. Blind signature notes work fine for a first-order > approximation. In other words, an internet bearer > transaction. > > In such a scenario, nobody *cares* who the counterparties are > for two reasons. The first reason is existential: title to > the asset has transferred instantaneously. There is *no* > float. I have it now, so I don't *care* who you were, > because, well, it's *mine* now. :-). > > Second, keeping an audit trail when the title is never in > question is, in the best circumstances superfluous and > expensive, and, in the worst, even dangerous for any of a > number of security reasons, Two problems: 1. Instantaneous and complete transfer is irrevocable, thus attractive to ten million phishing spammers, virus witers etc. 2. Governments want everyone to keep records on everyone else, and make those records available to the government, thus discriminate against the more cashlike forms of internet money. It is clear that the world needs a fully cashlike form of internet money, that there is real demand for this, but the low security of personal computers makes it insecure from thieves, and the hostility of national governments make it insecure from governments. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG DomXDn/9ASGjDlA7/rM0YxIpV6BFP/F2G82U5fRF 4q51oYmi85ShC8+0oDT4+4nUVsGKolpQZ+8ozyJWM From camera_lumina at hotmail.com Wed Oct 13 06:40:44 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 13 Oct 2004 09:40:44 -0400 Subject: Poor privacy protection in the states Message-ID: JAT wrote... >Basically, we're a bunch of closet fascists. and >Um, I'm sorry - maybe you hadn't heard yet: that old piece of paper was >superceded on 11 Sep 01, when "everything changed". I think that's the day we came out of the closet. Read, "Radio Free Albemuth" by P.K. Dick and you'll get the picture of where we're headed. -TD _________________________________________________________________ Get ready for school! Find articles, homework help and more in the Back to School Guide! http://special.msn.com/network/04backtoschool.armx From jamesd at echeque.com Wed Oct 13 09:47:36 2004 From: jamesd at echeque.com (James A. Donald) Date: Wed, 13 Oct 2004 09:47:36 -0700 Subject: How key Microsoft legal emails 'autodestruct' In-Reply-To: Message-ID: <416CF9B8.26881.54DD2AD@localhost> -- On 12 Oct 2004 at 11:28, R.A. Hettinga wrote: > The latest court documents to be unsealed by Judge Frederick > Motz in Burst.com's suit against Microsoft paint a picture of > Microsoft document handling procedures which destroyed the > very emails that were likely to be most relevant to several > antitrust actions, Burst's included. According to Burst's > lawyers Microsoft's status as "a defendant in major antitrust > cases since at least 1995" means that it has a duty to > preserve potentially relevant evidence. But "Microsoft > adopted policies that, to put it mildly, encouraged document > destruction from 1995 forward." Reflect on all the people and businesses that got into legal trouble by keeping documents. Now reflect on all the peole and business that got into legal trouble by destroying documents. Clearly it is better to be charged for destroying documents, than charged for what is in those documents. > But if Microsoft does have a policy to diligently retain > relevant documents, well, it clearly needs to write a new > policy that works instead. Any law that requires people to be diligent and competent in making a noose and placing it on their own necks, is likely to encounter truly amazing levels of incompetence. I lose documents I actually *want* to retain often enough. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG +ZAfeUcS9FaQ5e/s/KtKhDOzmNZSqOwi4NG3FEkT 45Viouthce4l/DdT+MgqjhbEeA7iBBCUDG84cD2Iq From nobody at dizum.com Wed Oct 13 01:30:03 2004 From: nobody at dizum.com (Nomen Nescio) Date: Wed, 13 Oct 2004 10:30:03 +0200 (CEST) Subject: Poor privacy protection in the states Message-ID: Why don't Americans honour security and privacy higher? Look at this page http://www.ci.stpaul.mn.us/depts/police/prostitution_photos_current.ht ml Which is from a police department! http://www.ci.stpaul.mn.us/depts/police/ If we look at the spirit of this quote I don't see how it is ok to behave in this abusive manner by the authorities. "The right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated..." (from the fourth amendment, US constitution) It is one thing if we're talking about very dangerous individuals who are being sought after by the police and who the public needs to be aware of but here we have a completely different situation. Why is the integrity and security of the simple man on the street not honoured in the US society today? It's a big difference between the protection of personal privacy in Europe and in the US and all Americans should really ask themselves why this has to be. From apb at cequrux.com Wed Oct 13 01:38:30 2004 From: apb at cequrux.com (Alan Barrett) Date: Wed, 13 Oct 2004 10:38:30 +0200 Subject: Cash, Credit -- or Prints? In-Reply-To: <19372866.1097611811150.JavaMail.root@ernie.psp.pas.earthlink.net> References: <19372866.1097611811150.JavaMail.root@ernie.psp.pas.earthlink.net> Message-ID: <20041013083830.GC8532@apb-laptoy.apb.alt.za> On Tue, 12 Oct 2004, John Kelsey wrote: > but there doesn't seem to be a clean process for determining how > skilled an attacker needs to be to, say, scan my finger once, and > produce either a fake finger or a machine for projecting a fake > fingerprint into the reader. ... or a replacement reader that fakes the signals to the rest of the security system. --apb (Alan Barrett) From kelsey.j at ix.netcom.com Wed Oct 13 12:51:22 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Wed, 13 Oct 2004 15:51:22 -0400 (GMT-04:00) Subject: Financial identity is *dangerous*? (was re: Fake companies, real money) Message-ID: >From: Chris Kuethe >Sent: Oct 13, 2004 1:15 PM >To: "James A. Donald" >Cc: cryptography at metzdowd.com, > "cypherpunks at al-qaeda.net" >Subject: Re: Financial identity is *dangerous*? (was re: Fake companies, >real money) On Wed, 13 Oct 2004 09:27:20 -0700, James A. Donald wrote: > Two problems: ... >> It is clear that the world needs a fully cashlike form of >> internet money, that there is real demand for this, but the low >> security of personal computers makes it insecure from thieves, >> and the hostility of national governments make it insecure from >> governments. >Agreed. I would hope that users of "iCash" get fully educated on what >that entails: that that blob of bits is just as much $20 as that green >piece of paper or that big pile of quarters. And if someone gets it >and spends it, you may as well have been mugged. Okay, but there's a problem: If you want to mug me personally, you have to show up where I am, catch me unaware, take some personal risk that I'll fight back or shoot you or something, or that a cop will happen by at an inopportune moment, or that there's some surveilance camera you don't know about catching the whole thing on tape. At the end of that, you've done one mugging, and made maybe $100 or so. This is why mugging, armed robbery, etc., is basically a crime for people who don't think too far ahead. If you want to steal anonymous bearer assets from networked computers, you're going to contrive to do a whole lot of it at once, and you're going to have enormous incentives to develop new attacks to do so. I have to care about attackers everywhere on Earth, and about the most capable getting past my defenses. It's not like trying to keep random bored teenagers from breaking into your house by putting a proper lock on a properly installed door, it's like trying to keep a team of ex-SEALs, safecrackers, locksmiths, and demolition experts from breaking into your house. Today, most of what I'm trying to defend myself from online is done as either a kind of hobby (most viruses), or as fairly low-end scams that probably net the criminals reasonable amounts of money, but probably don't make them rich. Imagine a world where there are a few hundred million dollars in untraceable assets waiting to be stolen, but only on Windows XP boxes with the latest patches, firewalls and scanners installed, and reasonable security settings. IMO, that's a world where every day is day zero. All bugs are shallow, given enough qualified eyeballs, and with that kind of money on the table, there would be plenty of eyeballs looking. And once it's done, several thousand early adopters are out thousands of dollars each. This isn't much of an advertisement for the payment system. It's anonymous and based on bearer instruments, so there's no way to run the fraudulent transactions back. The money's gone, and the attackers are richer, and the next, more demanding round of attacks has been capitalized. >People do eventually learn when it costs them something out of pocket. >Now that they've learned that the white headphones mean "I'm a target >with an iPod, mug me!" I see a lot of iPod users with boring old sony >or koss headphones. Right now, insecurity doesn't cost the end-user >enough. As soon as some virus comes along and wipes out some new york >times columnist's savings, and he screams about it, then and only then >will the slightest nonzero percentage of the sheeple pay attention for >a bit. They also have to be able to do something about it. What would you tell a reasonably bright computer programmer with no particular expertise in security about how to keep a bearer asset as valuable as his car stored securely on a networked computer? If you can't give him an answer that will really work in a world where these bearer assets are common, you're just not going to get a widespread bearer payment system working, for the same reason that there's probably nobody jogging with an iPod through random the streets of Sadr City, no matter how careful they're being. ... --John Kelsey --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Wed Oct 13 15:38:42 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Wed, 13 Oct 2004 18:38:42 -0400 Subject: FDA approves use of implantable chip in patients to pass medical information to doctors Message-ID: www.sfgate.com FDA approves use of implantable chip in patients to pass medical information to doctors - DIEDTRA HENDERSON, AP Science Writer Wednesday, October 13, 2004 (10-13) 10:05 PDT WASHINGTON (AP) -- The Food and Drug Administration on Wednesday approved an implantable computer chip that can pass a patient's medical details to doctors, speeding care. VeriChips, radio frequency microchips the size of a grain of rice, have already been used to identify wayward pets and livestock. And nearly 200 people working in Mexico's attorney general's office have been implanted with chips to access secure areas containing sensitive documents. Delray Beach, Fla.-based Applied Digital Solutions said it would give away $650 scanners to roughly 200 trauma centers around the nation to help speed its entry into the health care market. A company spokesman would not say how much implanting chips would cost for humans, even though chips have been implanted in some, including Scott R. Silverman, the company's chief executive officer. The company is targeting patients with diabetes, chronic cardiac conditions, Alzheimer's disease and those who undergo complex treatments like chemotherapy, said Dr. Richard Seelig, Applied Digital Solutions' vice president of medical applications. It's the first time the FDA has approved medical use of the device, though in Mexico, more than 1,000 scannable chips have been implanted in patients. The chip's serial number pulls up the patients' blood type and other medical information. With the pinch of a syringe, the microchip is inserted under the skin in a procedure that takes less than 20 minutes and leaves no stitches. Silently and invisibly, the dormant chip stores a code -- similar to the identifying UPC code on products sold in retail stores -- that releases patient-specific information when a scanner passes over the chip. At the doctor's office those codes stamped onto chips, once scanned, would reveal such information as a patient's allergies and prior treatments. The FDA in October 2002 said that the agency would regulate health care applications possible through VeriChip. Meanwhile, the chip has been used for a number of security-related tasks as well as for pure whimsy: Club hoppers in Barcelona, Spain, now use the microchip much like a smartcard to speed drink orders and payment. On the Net: VeriChip: www.4verichip.com/index.htm -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From arma at mit.edu Thu Oct 14 03:36:18 2004 From: arma at mit.edu (Roger Dingledine) Date: Thu, 14 Oct 2004 06:36:18 -0400 Subject: Tor 0.0.9pre3 is out Message-ID: Along with the bugfixes from 0.0.8.1, plus more bugfixes, this release makes the dirservers file obsolete (finally) in favor of config option lines to specify the location and fingerprint of each dirserver you want to trust. We also now support the use of an http proxy for fetching directories. tarball: http://freehaven.net/tor/dist/tor-0.0.9pre3.tar.gz signature: http://freehaven.net/tor/dist/tor-0.0.9pre3.tar.gz.asc (use -dPr tor-0_0_9pre3 if you want to check out from cvs) o Bugfixes on 0.0.8.1: - Better torrc example lines for dirbindaddress and orbindaddress. - Improved bounds checking on parsed ints (e.g. config options and the ones we find in directories.) - Better handling of size_t vs int, so we're more robust on 64 bit platforms. - Fix the rest of the bug where a newly started OR would appear as unverified even after we've added his fingerprint and hupped the dirserver. - Fix a bug from 0.0.7: when read() failed on a stream, we would close it without sending back an end. So 'connection refused' would simply be ignored and the user would get no response. o Bugfixes on 0.0.9pre2: - Serving the cached-on-disk directory to people is bad. We now provide no directory until we've fetched a fresh one. - Workaround for bug on windows where cached-directories get crlf corruption. - Make get_default_conf_file() work on older windows too. - If we write a *:* exit policy line in the descriptor, don't write any more exit policy lines. o Features: - Use only 0.0.9pre1 and later servers for resolve cells. - Make the dirservers file obsolete. - Include a dir-signing-key token in directories to tell the parsing entity which key is being used to sign. - Remove the built-in bulky default dirservers string. - New config option "Dirserver %s:%d [fingerprint]", which can be repeated as many times as needed. If no dirservers specified, default to moria1,moria2,tor26. - Make moria2 advertise a dirport of 80, so people behind firewalls will be able to get a directory. - Http proxy support - Dirservers translate requests for http://%s:%d/x to /x - You can specify "HttpProxy %s[:%d]" and all dir fetches will be routed through this host. - Clients ask for /tor/x rather than /x for new enough dirservers. This way we can one day coexist peacefully with apache. - Clients specify a "Host: %s%d" http header, to be compatible with more proxies, and so running squid on an exit node can work. ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From eugen at leitl.org Thu Oct 14 03:45:03 2004 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 14 Oct 2004 12:45:03 +0200 Subject: Tor 0.0.9pre3 is out (fwd from arma@mit.edu) Message-ID: <20041014104503.GV1457@leitl.org> ----- Forwarded message from Roger Dingledine ----- From rah at shipwright.com Thu Oct 14 11:42:22 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 14 Oct 2004 14:42:22 -0400 Subject: Certicom sees lift from entertainment industry Message-ID: TheStar.com Oct. 14, 2004. 01:00 AM Certicom sees lift from entertainment industry Certicom Corp. sees growing demand for its data encryption technology in both government and the private sector, its CEO told the annual meeting yesterday. The explosion of digital music, movies and books that are easily copied is causing companies such as The Walt Disney Co. and Time Warner Inc. to demand electronic devices and distribution networks be fully secure, Ian McKinnon said. "DVD players, set-top boxes and digital cable carry vast amounts of valuable content, all of which is very easy to copy," McKinnon said. "Very soon, every consumer device needs to have security embedded in its hardware to protect content. That's obviously a vast market." The technology at the core of Certicom's products - elliptic-curve cryptography, or ECC - is well suited to such purposes since it can work faster and requires less computing power and storage than conventional forms of cryptography, he said. Certicom got a lift from a $25 million (U.S.) contract to supply software to the U.S. National Security Agency, giving the Mississauga-based company its first profitable year and endorsing ECC as its new encryption standard, McKinnon said. The security agency's purchase provided most of Certicom's revenue of $34.5 million in its financial year ended April 30. The year's profit was $16.8 million, or 47 cents per share. The contract was followed by a deal with Research In Motion Ltd., which is embedding Certicom's technology in its BlackBerry wireless e-mail products and paying royalties over a number of quarters. In the first quarter of its current fiscal year, Certicom's revenue was up by $700,000, or nearly 32 per cent, from $2.2 million a year earlier. But the company fell back into the red in the May-July quarter, albeit with a $1.2 million loss that was 25 per cent smaller than the $1.6 million reported a year earlier. Asked by a shareholder when Certicom would achieve sustainable profitability, McKinnon said he is "extremely upbeat about the company's future" but is not prepared to provide guidance on revenue or profitability. "As goes ECC adoption will go the growth of the company." CANADIAN PRESS -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu Oct 14 16:08:59 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 14 Oct 2004 19:08:59 -0400 Subject: Airport insanity Message-ID: Townhall.com Airport insanity Cal Thomas (back to web version) | Send October 13, 2004 Ted Kennedy and I have something in common. We are both on airline lists as potential terror suspects. Kennedy was recently denied access to a US Airways flight out of Washington, one he has taken for 40 years. I am on a US Airways list of some type that apparently requires airline employees to take my driver's license behind closed doors, have a conference and then stamp my ticket with a code that mandates my person and my carry-on bag be searched. Every time I fly, which is sometimes several times a week. I especially appreciate the crotch grab to make sure I'm not hiding any weapons of mass destruction. How would you like to be the trainer for this procedure? The idiocy virus is now spreading to other airlines. It seems someone who shares my name is wanted by authorities. I hope he is getting some of my hate mail. Logic should dictate that once I prove I am not the guy they are looking for, they would take me off the suspect list. But, no, our misnamed Transportation Security Administration (TSA) is anything but logical. US Airways gives me a TSA phone number to call. I am not surprised when a machine answers. The machine promises a "prompt" response. I leave a message. There is no response. A few days later, I call again. Same recording, same message, same non-response. I send an e-mail to TSA. This time I receive an "automated reply," assuring me of a prompt response. Two days later, I receive another e-mail informing me I will have to fill out a form to prove I am not a terrorist. This is an interesting twist on the "innocent until proven guilty" standard in law. The confusion plot thickens. Two weeks ago, TSA approved my application for "registered traveler" status as part of an experimental program at some airports for frequent travelers. I recorded my "eye print" and fingerprint, and now a machine can identify me and allow me to go to the head of the security line, but only at the airport where I applied. Other participating airports require applications to be made at each of those airports, even though the paperwork presumably goes to TSA headquarters. Why can't TSA look at that one application that has been approved and take me off their "watch list," or whatever they call it? Is "logic" not in government dictionaries? Things have become so ridiculous on the road that a TSA screener in Duluth, Minn., last week required me to open my computer bag, whereupon she used one of those devices that resemble a deodorant pad and wiped every electrical cord. When I asked why, she responded, "The downed Russian airliners." When I noted that Duluth was the only airport in the country where my electrical cords had been wiped, she replied, "Everyone is supposed to." The arbitrariness of all of this makes me think the "security" system isn't very secure and that it is all a sham created by politicians to fool the public into believing they are protecting us. Meanwhile, millions cross our borders illegally, including untold numbers from countries that hate us. Why isn't the Bush administration doing something about illegal immigration instead of pretending these people are coming here solely to do manual labor we native Americans don't want to do? Wouldn't we be safer if we prevented those who wish us harm from getting into the country? Thanks to Transportation Secretary Norman Mineta's misguided policy of refusing to profile travelers, we get equal opportunity inconvenience and stupidity. Imagine if cops were prohibited from describing gender, race or other physical characteristics when broadcasting an all-points bulletin for a suspect. My profile is radically different from all those who killed nearly 3,000 of my countrymen on September 11, 2001. My "holy book" of choice is the Bible. My race is Caucasian. I am a loyal, taxpaying, patriotic, evil-hating, English-as-first-language, natural-born American. If profiling were allowed, I wouldn't be the one filling out government forms to prove I'm not a terrorist. The other guys would. This is an outrage! The form will soon be in the mail. They'll probably send me a note assuring me of a prompt reply, before misplacing the application. Senator Kennedy, can you help? -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From brian-slashdotnews at hyperreal.org Thu Oct 14 12:26:02 2004 From: brian-slashdotnews at hyperreal.org (brian-slashdotnews at hyperreal.org) Date: 14 Oct 2004 19:26:02 -0000 Subject: New Technique Could Trace Documents By Printer Message-ID: Link: http://slashdot.org/article.pl?sid=04/10/14/1742224 Posted by: timothy, on 2004-10-14 18:28:00 from the better-than-a-notch-in-the-e dept. An anonymous reader submits "From [1]this article at Purdue News, 'Researchers at Purdue University have developed a method that will enable authorities to trace documents to specific printers, a technique law-enforcement agencies could use to investigate counterfeiting, forgeries and homeland security matters.' The neat thing is that they are exploiting the characteristics of the print process itself to identify the printer." One of the folks e-mailed me to say that [2]the HP LaserJet 9000dn was one of the big ones tested with. IFRAME: [3]pos6 References 1. http://news.uns.purdue.edu/UNS/html4ever/2004/041011.Delp.forensics.html 2. http://productguide.itmanagersjournal.com/page.pl?tid=10541 3. http://ads.osdn.com/?ad_id=2936&alloc_id=10685&site_id=1&request_id=2825914 ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From DaveHowe at gmx.co.uk Thu Oct 14 13:25:24 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Thu, 14 Oct 2004 21:25:24 +0100 Subject: Certicom sees lift from entertainment industry In-Reply-To: References: Message-ID: <416EE0B4.407@gmx.co.uk> R.A. Hettinga wrote: > The technology at the core of Certicom's products - elliptic-curve > cryptography, or ECC - is well suited to such purposes since it can work > faster and requires less computing power and storage than conventional > forms of cryptography, he said. Well, best of luck to them. any scheme where they *have* to give you the decryption key before you can use the product is doomed from the start, its just a matter of how long it takes. The satellite/cable companies are fighting hard to stay ahead of the game with their live-to-view product - by frequently changing the crypto whenever it is broken; no recorded product can possibly hold out more than a few months after launch. From eugen at leitl.org Thu Oct 14 12:26:28 2004 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 14 Oct 2004 21:26:28 +0200 Subject: New Technique Could Trace Documents By Printer (fwd from brian-slashdotnews@hyperreal.org) Message-ID: <20041014192628.GZ1457@leitl.org> ----- Forwarded message from brian-slashdotnews at hyperreal.org ----- From camera_lumina at hotmail.com Fri Oct 15 07:02:46 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 15 Oct 2004 10:02:46 -0400 Subject: Airport insanity Message-ID: First of all, the guy is a major dumbass... >My profile is radically different from all those who killed nearly 3,000 of >my countrymen on September 11, 2001. My "holy book" of choice is the Bible. >My race is Caucasian. I am a loyal, taxpaying, patriotic, evil-hating, >English-as-first-language, natural-born American. If profiling were >allowed, I wouldn't be the one filling out government forms to prove I'm >not a terrorist. The other guys would. I'm thinking that the state-of-the-art on Cypherpunks is such that no real comment here is necessary. >The arbitrariness of all of this makes me think the "security" system isn't >very secure and that it is all a sham created by politicians to fool the >public into believing they are protecting us. Meanwhile, millions cross our >borders illegally, including untold numbers from countries that hate us. This is precisely why Al-Qaeda sent 19 (or probably more) true-believers. Even if TSA lowers the odds, all you have to do is roll the dice many more times, and a few of the faithful will definitely get through the checkpoint. Security measures might stop a lone crazy, but the odds don't stand up if they send dozens of people into airports all around the country. And Iraq II is promising us a bumper crop of new 'terrorists'. Seems to me it's going to be much easier for the US to stop fucking around over there. Oh wait, we can't do that because "then the terrorists have won". Waitaminute...doesn't Algeria prove that terrorism wins, eventually? -TD >From: "R.A. Hettinga" >To: cypherpunks at al-qaeda.net, cryptography at metzdowd.com >Subject: Airport insanity >Date: Thu, 14 Oct 2004 19:08:59 -0400 > > > >Townhall.com > >Airport insanity >Cal Thomas (back to web version) | Send > >October 13, 2004 > >Ted Kennedy and I have something in common. We are both on airline lists as >potential terror suspects. > >Kennedy was recently denied access to a US Airways flight out of >Washington, one he has taken for 40 years. > >I am on a US Airways list of some type that apparently requires airline >employees to take my driver's license behind closed doors, have a >conference and then stamp my ticket with a code that mandates my person and >my carry-on bag be searched. Every time I fly, which is sometimes several >times a week. I especially appreciate the crotch grab to make sure I'm not >hiding any weapons of mass destruction. How would you like to be the >trainer for this procedure? > >The idiocy virus is now spreading to other airlines. It seems someone who >shares my name is wanted by authorities. I hope he is getting some of my >hate mail. Logic should dictate that once I prove I am not the guy they are >looking for, they would take me off the suspect list. But, no, our misnamed >Transportation Security Administration (TSA) is anything but logical. > >US Airways gives me a TSA phone number to call. I am not surprised when a >machine answers. The machine promises a "prompt" response. I leave a >message. There is no response. A few days later, I call again. Same >recording, same message, same non-response. I send an e-mail to TSA. This >time I receive an "automated reply," assuring me of a prompt response. Two >days later, I receive another e-mail informing me I will have to fill out a >form to prove I am not a terrorist. This is an interesting twist on the >"innocent until proven guilty" standard in law. > >The confusion plot thickens. Two weeks ago, TSA approved my application for >"registered traveler" status as part of an experimental program at some >airports for frequent travelers. I recorded my "eye print" and fingerprint, >and now a machine can identify me and allow me to go to the head of the >security line, but only at the airport where I applied. > >Other participating airports require applications to be made at each of >those airports, even though the paperwork presumably goes to TSA >headquarters. Why can't TSA look at that one application that has been >approved and take me off their "watch list," or whatever they call it? Is >"logic" not in government dictionaries? > >Things have become so ridiculous on the road that a TSA screener in Duluth, >Minn., last week required me to open my computer bag, whereupon she used >one of those devices that resemble a deodorant pad and wiped every >electrical cord. When I asked why, she responded, "The downed Russian >airliners." When I noted that Duluth was the only airport in the country >where my electrical cords had been wiped, she replied, "Everyone is >supposed to." > >The arbitrariness of all of this makes me think the "security" system isn't >very secure and that it is all a sham created by politicians to fool the >public into believing they are protecting us. Meanwhile, millions cross our >borders illegally, including untold numbers from countries that hate us. > >Why isn't the Bush administration doing something about illegal immigration >instead of pretending these people are coming here solely to do manual >labor we native Americans don't want to do? Wouldn't we be safer if we >prevented those who wish us harm from getting into the country? > >Thanks to Transportation Secretary Norman Mineta's misguided policy of >refusing to profile travelers, we get equal opportunity inconvenience and >stupidity. Imagine if cops were prohibited from describing gender, race or >other physical characteristics when broadcasting an all-points bulletin for >a suspect. > >My profile is radically different from all those who killed nearly 3,000 of >my countrymen on September 11, 2001. My "holy book" of choice is the Bible. >My race is Caucasian. I am a loyal, taxpaying, patriotic, evil-hating, >English-as-first-language, natural-born American. If profiling were >allowed, I wouldn't be the one filling out government forms to prove I'm >not a terrorist. The other guys would. > >This is an outrage! The form will soon be in the mail. They'll probably >send me a note assuring me of a prompt reply, before misplacing the >application. Senator Kennedy, can you help? > > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ From kelsey.j at ix.netcom.com Fri Oct 15 08:58:43 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Fri, 15 Oct 2004 11:58:43 -0400 (GMT-04:00) Subject: Airport insanity Message-ID: <32421624.1097855923779.JavaMail.root@fozzie.psp.pas.earthlink.net> >From: Tyler Durden >Sent: Oct 15, 2004 10:02 AM >To: rah at shipwright.com, cypherpunks at al-qaeda.net, cryptography at metzdowd.com >Subject: RE: Airport insanity >First of all, the guy is a major dumbass... >>My profile is radically different from all those who killed nearly 3,000 of >>my countrymen on September 11, 2001. My "holy book" of choice is the Bible. >>My race is Caucasian. I am a loyal, taxpaying, patriotic, evil-hating, >>English-as-first-language, natural-born American. If profiling were >>allowed, I wouldn't be the one filling out government forms to prove I'm >>not a terrorist. The other guys would. >I'm thinking that the state-of-the-art on Cypherpunks is such that no real >comment here is necessary. "Ahh, thanks for flying, Mr McVeigh. You're in seat 1A, just behind the cockpit. We like to put patriotic Americans there to make sure there's no risk of in-flight terrorism." >This is precisely why Al-Qaeda sent 19 (or probably more) true-believers. >Even if TSA lowers the odds, all you have to do is roll the dice many more >times, and a few of the faithful will definitely get through the checkpoint. >Security measures might stop a lone crazy, but the odds don't stand up if >they send dozens of people into airports all around the country. And Iraq II >is promising us a bumper crop of new 'terrorists'. Yep. It gives you a warm feeling all over to know that we're spending billions of dollars on running a nation-sized terrorist training camp. Ah, but not to worry. *These* terrorists won't get WMDs. We know, because apparently there's not a gram of WMD anywhere in Iraq. And besides, A.G. Khan has been brought to justice, and is now requiring proof of identity and a major credit card before shipping you the Nuclear Weapons Program in a Box set, and North Korea is too busy stockpiling nukes and missiles for an upcoming "negotiated settlement to certain border questions" to sell any of them to any (other) crazies. Why the only other place where there's a risk of nuclear proliferation is in the old Soviet Union--and we all know *they* don't have any Islamic fundamentalist terrorists running about. So we can clearly rest easy. It's a good thing we've got an administration in the White House who cares about security and the war on terror. Otherwise, I'd be a mite worried about now.... ... >-TD --John Kelsey From jamesd at echeque.com Fri Oct 15 12:14:33 2004 From: jamesd at echeque.com (James A. Donald) Date: Fri, 15 Oct 2004 12:14:33 -0700 Subject: Airport insanity In-Reply-To: Message-ID: <416FBF29.17594.AD343E@localhost> -- > >My profile is radically different from all those who killed > >nearly 3,000 of my countrymen on September 11, 2001. My > >"holy book" of choice is the Bible. My race is Caucasian. I > >am a loyal, taxpaying, patriotic, evil-hating, > >English-as-first-language, natural-born American. If > >profiling were allowed, I wouldn't be the one filling out > >government forms to prove I'm not a terrorist. The other > >guys would. On 15 Oct 2004 at 10:02, Tyler Durden wrote: > I'm thinking that the state-of-the-art on Cypherpunks is such > that no real comment here is necessary. Has anyone who does not look a terrorist done a suicide mission outside Israel or Russia? Recall the shoe bomber. You just had to look at him. You would think the airport screeners would need to be half brain dead to let him on the plane. Come to think of it, they are half brain dead, but laws that require them to pretend to be stupider than they actually are do not help. > This is precisely why Al-Qaeda sent 19 (or probably more) > true-believers. Even if TSA lowers the odds, all you have to > do is roll the dice many more times, and a few of the > faithful will definitely get through the checkpoint. Just don't let anyone who looks like the shoe bomber fly. Problem solved. A restaurant should be able to turn away those whose looks they do not like, and an airline likewise. There are probably a few innocents in Guantenamo, but they released at least one Al Quaeda terrorist who promptly got back in business murdering large numbers of people, and was caught doing it - so presumably they have released lots of others who have committed lots of murders, and not been caught doing it. Anyone who was non Afghan and in Afghanistan in the middle of the war without a good explanation should have been executed by the Northern Alliance or imprisoned permanently in Guatenamo. Yes, I do support internment, as wartime measure, during real war, against an ethnically based enemy. Similarly I support shelling enemies who surround themselves with captive women and children, as Sadr did in Najaf. That hostage crisis was ended by negotiation, but because the administration were reluctant to shell the mosque, the deal was settled on very unfavorable terms. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG wI0xr9ayXv/a3zae3P/aa8cP2yCVMsnUHEQvlSZ4 4biccsub2YZowuf9Kq6OzR5YpJQrEGdamGR4hGonc From dgerow at afflictions.org Fri Oct 15 12:32:56 2004 From: dgerow at afflictions.org (Damian Gerow) Date: Fri, 15 Oct 2004 15:32:56 -0400 Subject: Airport insanity In-Reply-To: <416FBF29.17594.AD343E@localhost> References: <416FBF29.17594.AD343E@localhost> Message-ID: <20041015193255.GC26676@afflictions.org> Thus spake James A. Donald (jamesd at echeque.com) [15/10/04 15:19]: : Has anyone who does not look a terrorist done a suicide mission : outside Israel or Russia? Recall the shoe bomber. You just : had to look at him. You would think the airport screeners would : need to be half brain dead to let him on the plane. Come to : think of it, they are half brain dead, but laws that require : them to pretend to be stupider than they actually are do not : help. I've had more than one comment about my ID photos that amount to basically: "You look like you've just left a terrorist training camp." For whatever reason, pictures of me always come out looking like some crazed religious fanatic. But that doesn't mean that I'm going to bomb anything. And I sure hope that I'm not going to be detained or denied entry because of how I *look*, alone. From jya at pipeline.com Fri Oct 15 15:55:49 2004 From: jya at pipeline.com (John Young) Date: Fri, 15 Oct 2004 15:55:49 -0700 Subject: Airport insanity In-Reply-To: <20041015193255.GC26676@afflictions.org> References: <416FBF29.17594.AD343E@localhost> <416FBF29.17594.AD343E@localhost> Message-ID: Most of the Boston Red Sox team look as if they have just come from a terrorist training camp for blind, handless barbers, decked-out in ill-fitting sports gear, staring wild-eyed at RPGs being fired at their heads and nuts, swinging clubs futilely at the inerrant missiles, their ass-wipe paws swollen into giant shit-covered patties, muttering homicidal jihads against devil-bred yankees. From rah at shipwright.com Fri Oct 15 13:17:08 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Fri, 15 Oct 2004 16:17:08 -0400 Subject: Human Lie Detectors Almost Never Miss, Study Finds Message-ID: Human Lie Detectors Almost Never Miss, Study Finds Thu October 14, 2004 05:18 PM ET By Maggie Fox, Health and Science Correspondent WASHINGTON (Reuters) - As he lies, the young man shrugs, flutters his eyelids and shakes his head. Another, on a witness stand, grimaces for a millisecond as he answers a question. Most people believe they could easily detect such lying behavior, but in fact most miss a good 50 percent of lies, says deception expert Maureen O'Sullivan of the University of California San Francisco. But O'Sullivan says she has found a special group -- just 1 percent of those she has tested -- who catch a lie nearly 90 percent of the time. "We call them wizards," O'Sullivan told a briefing sponsored by the American Medical Association on Thursday. "Wizardry is a special skill that seems magical if you don't have it." These wizards have a special ability to ferret out little tics that show when a person is lying. She and her colleagues have so far screened 13,000 people for their ability to catch a liar on videotape. "We found 14 people who we called ultimate experts," she said. They could tell when people deliberately lied about feelings, committing a crime or their own opinions. Another 13 were good at detecting specific types of lies. For example, she said, "There was a group of cops who got very good scores -- they got 80 percent or more on crime but none of them did well on the video about feeling." Now O'Sullivan is trying to find out how they do it. She finds they have little in common so far, except a motivation to catch liars. Some have advanced degrees, some only a high school education. About 20 percent had alcoholic parents. "They are located all over the country. We sit down and go over the ... videotapes. I ask them to think aloud. I tape record them thinking aloud," she said. While most people know to look for certain cues as a person lies, these wizards intuitively find an individual's peculiar cues. One may shrug when lying, and another may make fleeting expressions of disgust or even amusement. "There are lots of clues. The problem is how do you put them together and how to you make any sense of them?" O'Sullivan said her findings could help train better lie detectors -- for instance, federal agents or therapists who need to know when someone is telling the truth. She is not sure about other real-world applications. "We have made an offer to the federal government that it might be interesting to have them as sort of panel when they have high profile investigations," she said. What about analyzing the presidential debates between President Bush and his Democratic challenger, Massachusetts Sen. John Kerry? O'Sullivan just laughed. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri Oct 15 13:19:27 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Fri, 15 Oct 2004 16:19:27 -0400 Subject: Airport insanity In-Reply-To: References: <416FBF29.17594.AD343E@localhost> <416FBF29.17594.AD343E@localhost> Message-ID: At 3:55 PM -0700 10/15/04, John Young wrote: >Most of the Boston Red Sox team look as if they have just >come from a terrorist training camp for blind, handless barbers, >decked-out in ill-fitting sports gear, staring wild-eyed at >RPGs being fired at their heads and nuts, swinging clubs futilely >at the inerrant missiles, their ass-wipe paws swollen into giant >shit-covered patties, muttering homicidal jihads against devil-bred >yankees. Yeah, but just wait until next year... ;-) Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Fri Oct 15 13:32:37 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 15 Oct 2004 16:32:37 -0400 Subject: Airport insanity Message-ID: OK, Mr Donald...you're shittin' me, right? >Has anyone who does not look a terrorist done a suicide mission >outside Israel or Russia? If you define a suicide mission a priori as the act of a terrorist (I guess I do), then by definition anyone who performs such an act is a terrorist. Therefore, anyone who performs a suicide mission looks like a terrorist. Guess it's simple, then eh? >Recall the shoe bomber. You just >had to look at him. Yer trollin me, I just know it! YAAGH but I can't help myself...I gotta respond! I guess it's OK then if we don't allow strange looking people on the planes. Come to think of it, I think YOU look like a terrorist... >You would think the airport screeners would >need to be half brain dead to let him on the plane. Come to >think of it, they are half brain dead, but laws that require >them to pretend to be stupider than they actually are do not >help. OK, so you not only want to stop anybody odd looking from getting on an airplane, you want near-welfare, minimum-wage HS dropouts be responsible for determining what "odd" means? >Just don't let anyone who looks like the shoe bomber fly. >Problem solved. Huh? The one flaw in this logic is that this only works if you can send this particular definition of suspicious "looks" backwards in time. The shoe-bomber is a particularly interesting case, as I believe the dude was ethnically British. He might have looked odd from the photo you saw circulated in the press, but I'd bet a lot of money no one would have picked him as looking like a terrorist. However, since we now know about what the shoe-bomber looks like, it should be relatively easy to stop his genetic clones or identical twins from boarding planes in the future. "Problem Solved" indeed. However, this might not work against people that DON'T look like the shoe-bomber. > >There are probably a few innocents in Guantenamo, but they >released at least one Al Quaeda terrorist who promptly got back >in business murdering large numbers of people, and was caught >doing it - so presumably they have released lots of others who >have committed lots of murders, and not been caught doing it. Hum. An interesting, Stalinist logic. Well, Stalin was on a certain level immensely practical. I say we build a big electrified fence around Cobble Hill Brooklyn and fuck 'em...SOMEONE in there is definitely Al-Qaeda, therefore let's assume everyone in there's guilty until proven innocent. >Anyone who was non Afghan and in Afghanistan in the middle of >the war without a good explanation should have been executed by >the Northern Alliance or imprisoned permanently in Guatenamo. So likewise would you agree that if any non-citizen US soldiers (there are 10s of thousands non-citizen soldiers in the US) are captured in the numerous future wars, then they captors have the right to execute them on the spot? Uhm...no Geneva convention or anything? What the hell, it's a free-for-all anyway! >Yes, I do support internment, as wartime measure, during real >war, against an ethnically based enemy. Wow. Since Iranians are Indo-European (ie, white), then in the event of war with Iran would you advocate rounding up all Americans of Indo-European ancestry? Does this have to be "pure", or should we grab the African Americans too (which have large % of Indo-European genes)? Oh wait, most of the Afghans are Indo-Europeans too. So if you're arrested then you'll certainly understand that we're really just protecting the US from your possible collusion with your relatives in Afghanistan... What seems to be clear to me is that you believe that your opinions originate from some self-consistent logical framework that is "unpopular" in some quarters. What also seems clear to me that it's really an inconsistent hodgepodge thrown up around the real goal, American domination at all costs, damn the logic and damn the consequences. -TD > > --digsig > James A. Donald > 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG > wI0xr9ayXv/a3zae3P/aa8cP2yCVMsnUHEQvlSZ4 > 4biccsub2YZowuf9Kq6OzR5YpJQrEGdamGR4hGonc _________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee. Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 From pgut001 at cs.auckland.ac.nz Thu Oct 14 23:59:53 2004 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Fri, 15 Oct 2004 19:59:53 +1300 Subject: Cash, Credit -- or Prints? In-Reply-To: <20041013083830.GC8532@apb-laptoy.apb.alt.za> Message-ID: Alan Barrett writes: >On Tue, 12 Oct 2004, John Kelsey wrote: >>but there doesn't seem to be a clean process for determining how >>skilled an attacker needs to be to, say, scan my finger once, and >>produce either a fake finger or a machine for projecting a fake >>fingerprint into the reader. > >... or a replacement reader that fakes the signals to the rest of the >security system. I've seen a number of smart card/PCMCIA combo devices that to this, they have a discrete fingerprint sensor device connected to a discrete crypto device. You can fake out the fingerprint check portion by tying one of the connecting lines to Vcc or GND. Peter. From pgut001 at cs.auckland.ac.nz Fri Oct 15 01:13:46 2004 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Fri, 15 Oct 2004 21:13:46 +1300 Subject: At least there's some (attempt at) common sense in airline security Message-ID: http://www.nzherald.co.nz/storydisplay.cfm?storyID=3600794&thesection=news&thesubsection=general Ease off says air security boss 15.10.2004 Security on domestic flights is too strict and should be downgraded, says the head of the Aviation Security Service. General manager Mark Everitt, a former police detective with 21 years' experience, said if he had his way passengers would be able to take Swiss Army knives and other small, sharp objects on board domestic flights. "I'm actually an advocate for letting these things back on the aircraft. It's time to back up a little," he told delegates at the Police Association's annual conference yesterday. But New Zealand had to meet international security standards and his personal view was not enough to instigate a review of security standards. Knowing levels of risk was the key to ensuring flights were safe, said Mr Everitt. The banning of small knives did not stop attacks in the air. [...] From pgut001 at cs.auckland.ac.nz Fri Oct 15 01:21:56 2004 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Fri, 15 Oct 2004 21:21:56 +1300 Subject: Vote-counting glitch in NZ local elections Message-ID: Looks like you can mess up voting even if there is a paper trail. These are paper votes that are electronically counted, so the problem was in the electronic processing, not the actual voting procedure. http://www.nzherald.co.nz/storydisplay.cfm?storyID=3600391&thesection=news&thesubsection=general&thesecondsubsection=&reportid=1162640 Let me count the ways ... 14.10.2004 [...] An electronic processing and counting botch-up has left the results for seven city and district councils and 18 district health boards up in the air. Final results, due yesterday, have been delayed indefinitely. Mr Carter blamed the company Datamail, which was contracted by Electionz.com - the company hired by many councils to manage their elections - to count the votes from electronically scanned voting papers. [...] Peter. From mv at cdc.gov Fri Oct 15 21:43:42 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 15 Oct 2004 21:43:42 -0700 Subject: Airport insanity Message-ID: <4170A6FE.403C8BF7@cdc.gov> At 12:14 PM 10/15/04 -0700, James A. Donald wrote: > -- >> >My profile is radically different from all those who killed >> >nearly 3,000 of my countrymen on September 11, 2001. My >> >"holy book" of choice is the Bible. My race is Caucasian. I >> >am a loyal, taxpaying, patriotic, evil-hating, >> >English-as-first-language, natural-born American. As was Timmy McV, Zeus rest his soul. Got ANFO? From DaveHowe at gmx.co.uk Fri Oct 15 17:01:22 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Sat, 16 Oct 2004 01:01:22 +0100 Subject: Airport insanity In-Reply-To: <20041015193255.GC26676@afflictions.org> References: <416FBF29.17594.AD343E@localhost> <20041015193255.GC26676@afflictions.org> Message-ID: <417064D2.8070601@gmx.co.uk> Damian Gerow wrote: > I've had more than one comment about my ID photos that amount to basically: > "You look like you've just left a terrorist training camp." For whatever > reason, pictures of me always come out looking like some crazed religious > fanatic. But that doesn't mean that I'm going to bomb anything. And I sure > hope that I'm not going to be detained or denied entry because of how I > *look*, alone. No, of course not. even if you had a turban, carried a koran and your briefcase made a suspicious ticking noise, that would be *profiling* and therefore bad. Now, if your name happened to sound like someone who doesn't look like you, but a FBI agent had once misheard in passing... that would get you detained. From jamesd at echeque.com Sat Oct 16 11:27:19 2004 From: jamesd at echeque.com (James A. Donald) Date: Sat, 16 Oct 2004 11:27:19 -0700 Subject: Airport insanity In-Reply-To: <20041015193255.GC26676@afflictions.org> References: <416FBF29.17594.AD343E@localhost> Message-ID: <41710597.1030.EE613@localhost> -- James A. Donald: > > Has anyone who does not look a terrorist done a suicide > > mission outside Israel or Russia? Recall the shoe bomber. > > You just had to look at him. You would think the airport > > screeners would need to be half brain dead to let him on > > the plane. Come to think of it, they are half brain dead, > > but laws that require them to pretend to be stupider than > > they actually are do not help. Damian Gerow > I've had more than one comment about my ID photos that amount > to basically: "You look like you've just left a terrorist > training camp." Nonetheless you can probably start fiddling with your shoes on a plane without the passengers seated near you jumping you. > For whatever reason, pictures of me always come out looking > like some crazed religious fanatic. But that doesn't mean > that I'm going to bomb anything. And I sure hope that I'm > not going to be detained or denied entry because of how I > *look*, alone. If you really look like the shoe bomber, then you should have to drive, or use public transport. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG OSAEtsROBjQx7D9gY/VOYIR6gP2XT4W4uGtNsB+l 4IvEFcdiZu/zuBnyVhVYTnXbtIfk7mIE7YK5jQFN7 From dgerow at afflictions.org Sat Oct 16 11:41:15 2004 From: dgerow at afflictions.org (Damian Gerow) Date: Sat, 16 Oct 2004 14:41:15 -0400 Subject: Airport insanity In-Reply-To: <41710597.1030.EE613@localhost> References: <416FBF29.17594.AD343E@localhost> <41710597.1030.EE613@localhost> Message-ID: <20041016184115.GN26676@afflictions.org> Thus spake James A. Donald (jamesd at echeque.com) [16/10/04 14:33]: : > I've had more than one comment about my ID photos that amount : > to basically: "You look like you've just left a terrorist : > training camp." : : Nonetheless you can probably start fiddling with your shoes on : a plane without the passengers seated near you jumping you. Perhaps, I don't know. But we're not talking about the other passengers, we're talking about screening based on looks, no? : > For whatever reason, pictures of me always come out looking : > like some crazed religious fanatic. But that doesn't mean : > that I'm going to bomb anything. And I sure hope that I'm : > not going to be detained or denied entry because of how I : > *look*, alone. : : If you really look like the shoe bomber, then you should have : to drive, or use public transport. So by that rationale, every Arab should have to drive or use public transport? Oh, and every white American (recall numerous references to Mr. McVeigh), too. Shit, by that rationale, the only people allowed left to fly will be cats and dogs. Just not pit bulls. From steve49152 at yahoo.ca Sat Oct 16 12:21:20 2004 From: steve49152 at yahoo.ca (Steve Thompson) Date: Sat, 16 Oct 2004 15:21:20 -0400 (EDT) Subject: Airport insanity In-Reply-To: <20041015193255.GC26676@afflictions.org> Message-ID: <20041016192120.35835.qmail@web51809.mail.yahoo.com> --- Damian Gerow wrote: > Thus spake James A. Donald (jamesd at echeque.com) > [15/10/04 15:19]: >>[laws making stupidity mandatory for gov't officials] > > I've had more than one comment about my ID photos that amount to basically: "You look like you've just left a terrorist training camp." For whatever reason, pictures of me always come out looking like some crazed religious fanatic. But that doesn't mean that I'm going to bomb anything. And I sure hope that I'm not going to be detained or denied entry because of how I *look*, alone. Way back when phrenology was all the rage they did not have terrorists. Since it is evidently vital to the security of the state for its officials to have the capability of committing arbitrary civil rights violations, I can see a need for the resurrection of phrenology, suitably updated, as a screening tool. The shape of your head; the cadence of your gait; the way your eyes shift according to carefully structured stimulae, and of course your spending patterns -- all these things will help the cause of profiling. Remember: petty inconveniences that make travel on average less pleasant and more onerous are not at all intended to facilitate tightened centralised control of civilian life. That it may actually do so is an unintended side-effect. As for me, I have resigned myself to the current lamentable state of world affairs. Until the world's policeman finishes flushing the terrorists out into the open for the purpose of apprehension, we will all have to make sacrifices for the greater good. Regards, Steve ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca From steve49152 at yahoo.ca Sat Oct 16 12:36:25 2004 From: steve49152 at yahoo.ca (Steve Thompson) Date: Sat, 16 Oct 2004 15:36:25 -0400 (EDT) Subject: Airport insanity In-Reply-To: Message-ID: <20041016193625.51777.qmail@web51802.mail.yahoo.com> --- John Young wrote: > Most of the Boston Red Sox team look as if they have > just > come from a terrorist training camp for blind, > handless barbers, > decked-out in ill-fitting sports gear, staring > wild-eyed at > RPGs being fired at their heads and nuts, swinging > clubs futilely > at the inerrant missiles, their ass-wipe paws > swollen into giant > shit-covered patties, muttering homicidal jihads > against devil-bred > yankees. Our Maple Leafs' hockey team might look similarly if it weren't for the lockout. As it is, all of our players are well-fed and well-rested (if a little restless, ha ha ha). I imagine they have no trouble whatsoever convincing airport security of their benignity when they flit about on their vactions. We might as well face it. Whether one is designated as resembling a terrorist or not, according to security screeners, is really a matter of random happenstance in many cases. Did you purchase a 12ga Remington Defender sometime in the last twenty years? No? Well then please step onboard. Yes? Oh, well you're going to have to wait while we send your thong to the lab for analysis, Mr. Alleged, just to check for accelerant or explosives residue. Net result? Just one more obstacle on the highway of life. Ho hum. Regards, Steve ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca From jamesd at echeque.com Sat Oct 16 16:01:47 2004 From: jamesd at echeque.com (James A. Donald) Date: Sat, 16 Oct 2004 16:01:47 -0700 Subject: Airport insanity In-Reply-To: <4170A6FE.403C8BF7@cdc.gov> Message-ID: <417145EB.4301.10A2D4D@localhost> -- > > > > My profile is radically different from all those who > > > > killed nearly 3,000 of my countrymen on September 11, > > > > 2001. My "holy book" of choice is the Bible. My race is > > > > Caucasian. I am a loyal, taxpaying, patriotic, > > > > evil-hating, English-as-first-language, natural-born > > > > American. On 15 Oct 2004 at 21:43, Major Variola (ret) wrote: > As was Timmy McV, Zeus rest his soul. Tim McVeigh did not target innocents, nor was he a suicide bomber. Nor, incidentally, was he a fundamentalist or a racist. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG i/wi0GDzGBP3KiIep9bir5YTYPAboMCPrhTWaYVr 4eGGeI7f9F42sygpTIyTsY7S6kmUE63duxZ5yn0Nf From jamesd at echeque.com Sat Oct 16 16:01:49 2004 From: jamesd at echeque.com (James A. Donald) Date: Sat, 16 Oct 2004 16:01:49 -0700 Subject: Airport insanity In-Reply-To: Message-ID: <417145ED.15338.10A32DB@localhost> -- James A. Donald: > > Just don't let anyone who looks like the shoe bomber fly. > > Problem solved. On 15 Oct 2004 at 16:32, Tyler Durden wrote: > Huh? The one flaw in this logic is that this only works if > you can send this particular definition of suspicious "looks" > backwards in time. The shoe-bomber is a particularly > interesting case, as I believe the dude was ethnically > British. The passengers who jumped him, however, were looking forwards in time. Suicide bombers seldom look, or act, like normal people. You might think a suicide bomber is the ultimate guided missile, but the Palestinian experience is that they are more like unguided missiles, or dumb bombs. The handler accompanies the suicide as close to the target as he dares, then activates the suicide's control, hoping they do not explode on the spot. > He might have looked odd from the photo you saw circulated in > the press, but I'd bet a lot of money no one would have > picked him as looking like a terrorist. But the people sitting beside him did pick him as looking like a terrorist. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG z1bJgk/rjP4UAOrP7RtOBaH6cZp3IPBz72kegLH0 4Swd9FlAVwnfuYyk6bFcKfWrQDQDVgIGBVWN+86wq From jamesd at echeque.com Sat Oct 16 16:22:08 2004 From: jamesd at echeque.com (James A. Donald) Date: Sat, 16 Oct 2004 16:22:08 -0700 Subject: Airport insanity In-Reply-To: <20041016184115.GN26676@afflictions.org> References: <41710597.1030.EE613@localhost> Message-ID: <41714AB0.20448.11CD039@localhost> -- Damian Gerow > > > I've had more than one comment about my ID photos that > > > amount to basically: "You look like you've just left a > > > terrorist training camp." James A. Donald: > > Nonetheless you can probably start fiddling with your shoes > > on a plane without the passengers seated near you jumping > > you. Damian Gerow > Perhaps, I don't know. But we're not talking about the other > passengers, we're talking about screening based on looks, no? When the other passengers jumped the shoe bomber, they were screening based on looks. > So by that rationale, every Arab should have to drive? Every young male Arab past puberty, with a few exceptions for special cases. > Oh, and every white American (recall numerous references to > Mr. McVeigh) Mc Veigh did not target innocents, and if he did target a plane full of innocents, perhaps in order to kill one guilty man on board, there is no way in hell he himself would be on that plane. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG SctyT6AMk6jzONQcbBrn1oGEBCejpOtCC/nsGPQk 4z3Lf7lP4Ga/hyRqICf9o0gSKTkO+1Sl3szjRgoxV From sfurlong at acmenet.net Sat Oct 16 16:08:23 2004 From: sfurlong at acmenet.net (Steve Furlong) Date: 16 Oct 2004 19:08:23 -0400 Subject: Airport insanity In-Reply-To: <4170A6FE.403C8BF7@cdc.gov> References: <4170A6FE.403C8BF7@cdc.gov> Message-ID: <1097968103.9223.0.camel@daft> On Sat, 2004-10-16 at 00:43, Major Variola (ret) wrote: > At 12:14 PM 10/15/04 -0700, James A. Donald wrote: > > -- > >> >My profile is radically different from all those who killed > >> >nearly 3,000 of my countrymen on September 11, 2001. My > >> >"holy book" of choice is the Bible. My race is Caucasian. I > >> >am a loyal, taxpaying, patriotic, evil-hating, > >> >English-as-first-language, natural-born American. > > As was Timmy McV, Zeus rest his soul. The unidentified John Doe #2 looked awfully Arabic, though. From rah at shipwright.com Sat Oct 16 16:37:40 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Sat, 16 Oct 2004 19:37:40 -0400 Subject: Google Desktop privacy branded 'unacceptable' Message-ID: The Register Biting the hand that feeds IT Google Desktop privacy branded 'unacceptable' By Andrew Orlowski in San Francisco (andrew.orlowski at theregister.co.uk) Published Friday 15th October 2004 22:47 GMT Google's Desktop represents a privacy disaster just waiting to happen, a rival has warned. David Burns, Copernic CEO, says users should know that the giant ad broker intends to mix public and private queries in the future, leveraging its key moneyspinning product: contextual advertising. "If you lined people and said, 'Stick your hand up if you want Google to know what pictures you have, and what MP3 files you have,' I don't think many would." Burns had offered these capabilities to partners before, but received some pushback. "Major brands don't want to compromise their reputation. We've offered this in the past to potential partners, and had a major PC hardware company and major portals say 'No, we can't do this'", Burns told us. With the subpoena-happy RIAA getting support from state law enforcement in its war on copyright infringers, Google represents a single point of compromise for millions of file traders. Copernic offers a native Windows search application both as a free download and as a branded offering to partners, and has toyed with merging the two before. But it's realized personal archives are very different to Google's snapshot of the web - and the queries are different too. "I don't deny desktop and web on the same page is attractive," he added. "But we're not going to do it." Burns was former US chief of FAST, which created the All The Web search site before selling it to Overture. Yahoo! now owns both. Google Desktop Search allows users to opt out of sending the company back detailed usage data, but it isn't possible to firewall it completely. Much more ominously, reckons Burns, Google's product manager Marissa Mayer said she expected the private queries to generate more hits for google.com. Most people, she believed, would choose to combine personal and web searches resulting in more revenue for Google's ad business. "As a result, we will serve more Web results pages and more ads, and those ads have more chances of getting clicked on. So there will be incremental Web search revenue from this product," she told the Washington Post. In January, Eric Schmidt said the company's goal was to create a "Google that knows you". With the addition of personal information, it's just taken a giant step towards that goal. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From adam.cypherpunks at fastmail.fm Sat Oct 16 16:42:34 2004 From: adam.cypherpunks at fastmail.fm (Adam) Date: Sat, 16 Oct 2004 19:42:34 -0400 Subject: Airport insanity In-Reply-To: <417145EB.4301.10A2D4D@localhost> References: <417145EB.4301.10A2D4D@localhost> Message-ID: <1097970154.24148.206617768@webmail.messagingengine.com> First of all, there were 19 children killed in the OKC bombing. Were these children guilty of some crime worthy of being killed by a truck bomb? Second of all, you make it sound like McVeigh was just your average-Joe American. How could a non-fundamentalist knowingly kill 168 people? Third, does not being a suicide bomber make your cause more noble? Curious why you seem to think McVeigh was justified in his actions. -Adam On Sat, 16 Oct 2004 16:01:47 -0700, "James A. Donald" > Tim McVeigh did not target innocents, nor was he a suicide > bomber. > > Nor, incidentally, was he a fundamentalist or a racist. > > --digsig > James A. Donald From sunder at sunder.net Sat Oct 16 19:12:52 2004 From: sunder at sunder.net (Sunder) Date: Sat, 16 Oct 2004 22:12:52 -0400 (edt) Subject: Airport insanity In-Reply-To: <41714AB0.20448.11CD039@localhost> References: <41710597.1030.EE613@localhost> <41714AB0.20448.11CD039@localhost> Message-ID: There is still of course the matter of the unexploded bombs in that building that were dug out, and that the ATF received a "Don't come in to work" page on their beepers, and the seize and classification of all surveilance video tapes from things like ATM's across the street. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. ------------------------------------------------------------------------- On Sat, 16 Oct 2004, James A. Donald wrote: > Mc Veigh did not target innocents, and if he did target a plane > full of innocents, perhaps in order to kill one guilty man on > board, there is no way in hell he himself would be on that > plane. From jamesd at echeque.com Sun Oct 17 00:03:49 2004 From: jamesd at echeque.com (James A. Donald) Date: Sun, 17 Oct 2004 00:03:49 -0700 Subject: Airport insanity In-Reply-To: <1097970154.24148.206617768@webmail.messagingengine.com> References: <417145EB.4301.10A2D4D@localhost> Message-ID: <4171B6E5.10686.2C37DF9@localhost> -- On 16 Oct 2004 at 19:42, Adam wrote: > First of all, there were 19 children killed in the OKC > bombing. Were these children guilty of some crime worthy of > being killed by a truck bomb? He was not targeting children. > Second of all, you make it sound like McVeigh was just your > average-Joe American. How could a non-fundamentalist > knowingly kill 168 people? Osama Bin Laden is not a fundamentalist, yet he killed three thousand people. His religion is more like the Muslim equivalent of liberation theology, which is as far from fundamentalism as you can get. > Third, does not being a suicide bomber make your cause more > noble? Not being a suicide bomber means there is no need to screen you from flying on planes. > Curious why you seem to think McVeigh was justified in his > actions. BATF. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG jn1FZy8NQFwnLH6A/ePT+CTiAROr7+lergg2poqX 44kTUpiFNIutpZGh02oJsBCI9pZVnZ/MDSF8OJEsG From jamesd at echeque.com Sun Oct 17 00:13:55 2004 From: jamesd at echeque.com (James A. Donald) Date: Sun, 17 Oct 2004 00:13:55 -0700 Subject: Airport insanity In-Reply-To: <0410170215420.0@somehost.domainz.com> References: <41714AB0.20448.11CD039@localhost> Message-ID: <4171B943.16994.2CCBB21@localhost> -- James A. Donald: > > > > If you really look like the shoe bomber, then you > > > > should have to drive, or use public transport. Thomas Shaddack > Ever tried to drive to Europe? Or to Hawaii? Hard biscuit > Why airplanes don't count as a form of public transport? They do. > This is a measure good for pissing off (which is often the > first step to radicalizing) the quite secularized majority of > American Arabs. The proposition that we need to walk delicately for fear of disturbing the tender sensibilities of arabs seems laughable. Are the arabs walking delicately to avoid offending our sensibilities? > You also seem to forget there is another potential factor - > not only the visible one (ethnicity), but also one that isn't > obvious to visual evaluation - religion. There is a > significant black minority that inclines to Islam, some of > them potentially radical. Do you want to suggest banning > blacks from flying too? Seen any black suicide bombers? Black Muslim radicalism tends to express itself by mugging Jews and stealing television sets. Strapping dynamite to one's chest just does not seem to be a black thing. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG uLiSKEXFvsVnqDyPsqAGijbT0mXs6uHpYOBtYg/0 4Q3Bb6ObO9F9G9008I8Z1Au4iNO8XH/JLmEyqrcqP From bill.stewart at pobox.com Sun Oct 17 00:50:58 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Sun, 17 Oct 2004 00:50:58 -0700 Subject: Airport insanity In-Reply-To: <4171B6E5.10686.2C37DF9@localhost> References: <417145EB.4301.10A2D4D@localhost> <4171B6E5.10686.2C37DF9@localhost> Message-ID: <6.0.3.0.0.20041017001606.037cd390@pop.idiom.com> At 12:03 AM 10/17/2004, James A. Donald wrote: >On 16 Oct 2004 at 19:42, Adam wrote: [...] > > Second of all, you make it sound like McVeigh was just your > > average-Joe American. How could a non-fundamentalist > > knowingly kill 168 people? Fundamentalism doesn't make people kill people. Being pissed off does. Being scared does. Believing that those people are a threat to a Higher Cause you Believe In does, whether it's religion, country, family, etc. Wanting other people's stuff does. Failing to believe that other people matter does if they happen to be in your way. Failing to believe that other people matter does if it looks like it'll help you get what you want. Being stupid might not directly make people kill people, but it can affect whether you think the other conditions apply and/or who you kill if you're going to kill people. Some of those things make you willing to die in the process of killing the people you want killed, and some don't, though there's the intermediate case of being willing to have people on Your Side get killed as long as it's not you. McVeigh was pissed off, and he believed that the Feds as a whole were a threat to America, so he decided to kill Feds who were an easy target, as opposed to, say, raiding a well-armed BATF headquarters. The kids in the next buildings were just collateral damage. Bush, on the other hand, doesn't believe other people matter, and getting US soldiers killed or Iraqi children killed or lying to the American public about them being Safer is fine, though Saddam trying to kill his Daddy really pissed him off, and war is the health of the state, which is him and his buddies. > > Third, does not being a suicide bomber make your cause more noble? > >Not being a suicide bomber means there is no need to screen you >from flying on planes. You really don't want Carlos the Jackal on your flight. Non-suicidal airplane bombers might bring a bomb onto a plane and hide it under the seat so it'll blow up on the next flight, or hide it inside somebody else's luggage so it'll blow up on _their_ next flight, or whatever. And they've usually done more thinking about how to get away with it, though they're trying to solve a much harder problem than suicide bombers are. James Bamford's latest book "A Pretext for War" is mainly about the Bush Administration's willingness to use 9/11 as an excuse for the war they wanted even before they got into office, but he spends a while excoriating the CIA for being a bunch of bleeding incompetents. The CIA spent a while trying to chase and kill bin Laden, while constantly losing track of most of his organizations, but they didn't ever try infiltrating Al Qaeda, because they thought it would be too difficult to pass off their infiltrators as credible due to cultural differences. Yet Johnny Walker Lindh and Richard Shoebomber Reid didn't much trouble joining them. Bamford apparently believes that Reid was the genuine article, though Reid sure looks like the ideal guy you'd use if you wanted to scare the public by planting an unsuccessful crazy bomber wannabee. ---- Bill Stewart bill.stewart at pobox.com From shaddack at ns.arachne.cz Sat Oct 16 17:27:00 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Sun, 17 Oct 2004 02:27:00 +0200 (CEST) Subject: Airport insanity In-Reply-To: <41714AB0.20448.11CD039@localhost> References: <41710597.1030.EE613@localhost> <41714AB0.20448.11CD039@localhost> Message-ID: <0410170215420.0@somehost.domainz.com> On Sat, 16 Oct 2004, James A. Donald wrote: > > > If you really look like the shoe bomber, then you should have to > > > drive, or use public transport. Ever tried to drive to Europe? Or to Hawaii? Why airplanes don't count as a form of public transport? > > So by that rationale, every Arab should have to drive? > > Every young male Arab past puberty, with a few exceptions for > special cases. This is a measure good for pissing off (which is often the first step to radicalizing) the quite secularized majority of American Arabs. You also seem to forget there is another potential factor - not only the visible one (ethnicity), but also one that isn't obvious to visual evaluation - religion. There is a significant black minority that inclines to Islam, some of them potentially radical. Do you want to suggest banning blacks from flying too? If so, what reaction are you expecting to get? From kelsey.j at ix.netcom.com Sun Oct 17 06:31:12 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Sun, 17 Oct 2004 09:31:12 -0400 (GMT-04:00) Subject: Airport insanity Message-ID: <10795261.1098019872641.JavaMail.root@dewey.psp.pas.earthlink.net> >From: "James A. Donald" >Sent: Oct 16, 2004 7:22 PM >To: "cypherpunks at al-qaeda.net" >Subject: Re: Airport insanity ... >> Oh, and every white American (recall numerous references to >> Mr. McVeigh) >Mc Veigh did not target innocents, and if he did target a plane >full of innocents, perhaps in order to kill one guilty man on >board, there is no way in hell he himself would be on that >plane. Well, he targeted a building full of innocents, so he could get some BATF people in one part of the building, right? I guess I'm missing the part where he took especial care not to blow up people who had no connection with the Waco disaster. How would you differentiate his target selection from that of the 9/11 attackers who hit the Pentagon? Though you're right, he didn't do the suicide bomber thing. Does that constitute a guarantee that no white terrorist ever will do so? (After all, an awful lot of Arab terrorists also plan on living to fight another day.) > --digsig > James A. Donald --John From kelsey.j at ix.netcom.com Sun Oct 17 06:36:16 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Sun, 17 Oct 2004 09:36:16 -0400 (GMT-04:00) Subject: Airport insanity Message-ID: <16288411.1098020177358.JavaMail.root@dewey.psp.pas.earthlink.net> >From: "James A. Donald" >Sent: Oct 16, 2004 2:27 PM >To: cypherpunks at al-qaeda.net >Subject: Re: Airport insanity >> For whatever reason, pictures of me always come out looking >> like some crazed religious fanatic. But that doesn't mean >> that I'm going to bomb anything. And I sure hope that I'm >> not going to be detained or denied entry because of how I >> *look*, alone. >If you really look like the shoe bomber, then you should have >to drive, or use public transport. > --digsig > James A. Donald Surely this is a matter best left to the private companies offering transportation, subject only to restrictions to prevent future 9/11 attacks. --John From kelsey.j at ix.netcom.com Sun Oct 17 06:43:37 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Sun, 17 Oct 2004 09:43:37 -0400 (GMT-04:00) Subject: Airport insanity Message-ID: <9063289.1098020617716.JavaMail.root@dewey.psp.pas.earthlink.net> >From: "James A. Donald" >Sent: Oct 16, 2004 7:01 PM >To: cypherpunks at al-qaeda.net >Subject: RE: Airport insanity ... >On 15 Oct 2004 at 16:32, Tyler Durden wrote: ... >> He might have looked odd from the photo you saw circulated in >> the press, but I'd bet a lot of money no one would have >> picked him as looking like a terrorist. >But the people sitting beside him did pick him as looking like >a terrorist. What's the false positive rate? It's one thing if you see some guy lighting a fuse sticking out of his shoe, and quite another if you say "You look kinda terroristy; I'm sending you off the plane." This works as a reasonable strategy only if: a. The probability ratios don't work out so that the overwhelming majority of people you throw off planes are innocent. (They almost certainly will, just because terrorists are so rare.) b. The terrorists can't figure out how to make themselves look less threatening. > --digsig > James A. Donald --John From mv at cdc.gov Sun Oct 17 10:47:40 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 17 Oct 2004 10:47:40 -0700 Subject: Airport insanity Message-ID: <4172B03C.269E5910@cdc.gov> At 04:01 PM 10/16/04 -0700, James A. Donald wrote: >Tim McVeigh did not target innocents, nor was he a suicide >bomber. Neither did M. Atta et al. target innocents, he targeted those who elected the Caesars. And they were not pursuing suicide (a Moslem sin), since they are enjoying a comfy afterlife for their martyrdom. >Nor, incidentally, was he a fundamentalist or a racist. Neither is Osama et al.; only infidels call him a fundie, and the Jihadists have no problem with lighter or asian folks who subscribe. In fact, they can be quite useful, as they don't fit the rascist profiling that the TSA goons practice... From mv at cdc.gov Sun Oct 17 10:50:17 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 17 Oct 2004 10:50:17 -0700 Subject: Airport insanity Message-ID: <4172B0D9.A5B57390@cdc.gov> At 07:42 PM 10/16/04 -0400, Adam wrote: >First of all, there were 19 children killed in the OKC bombing. Were >these children guilty of some crime worthy of being killed by a truck >bomb? They were being used as human shields by the fedcriminals in the building. They were collateral damage, in the modern parlance. Ask the Iraqis to explain it to you. >Second of all, you make it sound like McVeigh was just your average-Joe >American. How could a non-fundamentalist knowingly kill 168 people? He was a retired US soldier, carrying out his mission to protect the Constitution. From camera_lumina at hotmail.com Sun Oct 17 11:39:11 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 17 Oct 2004 14:39:11 -0400 Subject: Airport insanity.."Ethnicity" is Bullshit Message-ID: > > > You also seem to forget there is another potential factor - > > > not only the visible one (ethnicity), but also one that isn't > > > obvious to visual evaluation - religion. There is a > > > significant black minority that inclines to Islam, some of > > > them potentially radical. Do you want to suggest banning > > > blacks from flying too? > > > > Seen any black suicide bombers? OK, let's just say it outright. In this case "Ethnicity" is just pure camaflauge for "People who don't agree with my right-wing American Century politics". Just to remind us of the basics: Afghans and Iranians are not Arabs. Sub-saharan Africa has tens of millions of fully black Muslims. Arabs are Semites. > > Black Muslim radicalism tends to express itself by mugging Jews and > > stealing television sets. Strapping dynamite to one's chest just does > > not seem to be a black thing. Uh...what? If you're talking about the Nation of Islam (in the US), you almost NEVER find members in good standing "mugging Jews or stealing TV" sets here in New York, and any other location is going to be a statistical blip. Let's also remember that we don't have US-backed/paid-for tanks rolling through black neighborhoods every day. If we did I suspect Black Muslims might start fighting back. Let's just state the obvious: September 11th occurred not because we had a few "crazy Muslim fundamentalists" out there that decided they "hate our freedoms". The struck us because we've been fuckin' over a large swath of the Muslim (not only Arab) world for 100 years or so now. They're tired of us being there and muckin' around in their politics, and they want it to stop. The "fundamentalist" part is sort of a 'strengthener', let's say...here's people who know they're probably going to have to kill large numbers of civilians to get their point across, so how can they justify this? Well, a nicely-tuned Wahabism will do just nicely thank you. Seems fairly predictable, really. -TD _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ From shaddack at ns.arachne.cz Sun Oct 17 07:33:42 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Sun, 17 Oct 2004 16:33:42 +0200 (CEST) Subject: Airport insanity In-Reply-To: <4171B943.16994.2CCBB21@localhost> References: <41714AB0.20448.11CD039@localhost> <4171B943.16994.2CCBB21@localhost> Message-ID: <0410171543290.0@somehost.domainz.com> On Sun, 17 Oct 2004, James A. Donald wrote: > > -- > James A. Donald: > > > > > If you really look like the shoe bomber, then you > > > > > should have to drive, or use public transport. > > Thomas Shaddack > > Ever tried to drive to Europe? Or to Hawaii? > > Hard biscuit Do I interpret this statement correctly as the endorsement of ethnicity-based travel restrictions? Didn't domething like this been here already, in the form of Jim Crow laws, and later found unconstitutional? > > Why airplanes don't count as a form of public transport? > > They do. I am afraid either I don't understand you correctly, or you are contradicting yourself. The "...or use public transport" from your earlier statement seems to mean that you said something along the lines "if they can't fly, they should use public transportation, which includes airplanes". > > This is a measure good for pissing off (which is often the > > first step to radicalizing) the quite secularized majority of > > American Arabs. > > The proposition that we need to walk delicately for fear of > disturbing the tender sensibilities of arabs seems laughable. Being told I can't use some quite common resource, in this case an important means of transportation, because of so irrelevant factor as ethnicity, isn't exactly delicate. What would you do if you'd be in the receiving end of such policy? Add more such restrictions and some percolating time - would you just bow and obey? How long it would take to get you pissed and eventually revolting? > Are the arabs walking delicately to avoid offending our > sensibilities? Vast majority of them yes. But you don't perceive them because they don't offend you and don't make the news. > > You also seem to forget there is another potential factor - > > not only the visible one (ethnicity), but also one that isn't > > obvious to visual evaluation - religion. There is a > > significant black minority that inclines to Islam, some of > > them potentially radical. Do you want to suggest banning > > blacks from flying too? > > Seen any black suicide bombers? Not yet. But maybe I just didn't look deep enough through the mass-medial fog of the terrorism "war". > Black Muslim radicalism tends to express itself by mugging Jews and > stealing television sets. Strapping dynamite to one's chest just does > not seem to be a black thing. With the proper leadership, everything is possible. Don't forget the WW2 kamikaze pilots, who weren't quite Arabs. From rah at shipwright.com Mon Oct 18 04:24:51 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 18 Oct 2004 07:24:51 -0400 Subject: [osint] Screening of Protesters Unconstitutional, Court Rules Message-ID: --- begin forwarded text To: "Bruce Tefft" Thread-Index: AcS0kySSChdBPRLEQbu8o9ie8LOH1AAbmsxQ From: "Bruce Tefft" Mailing-List: list osint at yahoogroups.com; contact osint-owner at yahoogroups.com Delivered-To: mailing list osint at yahoogroups.com Date: Mon, 18 Oct 2004 07:00:09 -0400 Subject: [osint] Screening of Protesters Unconstitutional, Court Rules Reply-To: osint at yahoogroups.com Screening of Protesters Unconstitutional, Court Rules By C.G. Wallace Associated Press Sunday, October 17, 2004; Page A13 ATLANTA, Oct. 16 -- Fears of a terrorist attack are not sufficient reason for authorities to search people at a protest, a federal appeals court has ruled, saying Sept. 11, 2001, "cannot be the day liberty perished." A three-judge panel of the U.S. Court of Appeals for the 11th Circuit ruled unanimously Friday that protesters may not be required to pass through metal detectors when they gather next month for a rally against a U.S. training academy for Latin American soldiers. Authorities began using the metal detectors at the annual School of the Americas protest after the 2001 terrorist attacks, but the court found that practice to be unconstitutional. "We cannot simply suspend or restrict civil liberties until the War on Terror is over, because the War on Terror is unlikely ever to be truly over," Judge Gerald Tjoflat wrote for the panel. "Sept. 11, 2001, already a day of immeasurable tragedy, cannot be the day liberty perished in this country." City officials in Columbus, Ga., contended the searches were needed because of the elevated risk of terrorism, but the court threw out that argument, saying it would "eviscerate the Fourth Amendment." "In the absence of some reason to believe that international terrorists would target or infiltrate this protest, there is no basis for using Sept. 11 as an excuse for searching the protesters," the court said. Columbus Mayor Bob Poydasheff and Police Chief Willie Dozier did not return messages seeking comment Saturday. Michael Greenberger, law professor and director of the University of Maryland's Center for Health and Homeland Security, said the ruling could have broader implications if it is used to challenge aspects of the USA Patriot Act. It was surprising, he said, coming from the conservative-leaning 11th Circuit, based in Atlanta, but the opinion was "very well reasoned" and reflected "conventional application of constitutional principles." The Rev. Roy Bourgeois, a priest who founded the protest group called School of the Americas Watch, praised the ruling for safeguarding essential rights. "I felt that they were using 9/11 as an excuse, along with the Patriot Act, to interfere with our First Amendment rights," he said. "They are using this to get around what the Constitution is really rooted in." The metal detectors caused long lines and congestion outside the protest area, he said, comparing it to routing 10,000 people through a single security gate at an airport. "It was not just an inconvenience, it was a nightmare. We couldn't get to the place of assembly in an orderly fashion," he said. About 15,000 demonstrators attend the annual vigil, demanding the closing of the center, formerly called the School of the Americas. The facility at Fort Benning was reopened in 2001 as the Western Hemisphere Institute for Security Cooperation. The protests began in 1990. This year's demonstration is scheduled for Nov. 20-21. http://www.washingtonpost.com/wp-dyn/articles/A38747-2004Oct16.html?referrer =email [Non-text portions of this message have been removed] ------------------------ Yahoo! Groups Sponsor --------------------~--> $9.95 domain names from Yahoo!. Register anything. http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/TySplB/TM --------------------------------------------------------------------~-> -------------------------- Want to discuss this topic? Head on over to our discussion list, discuss-osint at yahoogroups.com. -------------------------- Brooks Isoldi, editor bisoldi at intellnet.org http://www.intellnet.org Post message: osint at yahoogroups.com Subscribe: osint-subscribe at yahoogroups.com Unsubscribe: osint-unsubscribe at yahoogroups.com *** FAIR USE NOTICE. This message contains copyrighted material whose use has not been specifically authorized by the copyright owner. OSINT, as a part of The Intelligence Network, is making it available without profit to OSINT YahooGroups members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of intelligence and law enforcement organizations, their activities, methods, techniques, human rights, civil liberties, social justice and other intelligence related issues, for non-profit research and educational purposes only. We believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/osint/ <*> To unsubscribe from this group, send an email to: osint-unsubscribe at yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Mon Oct 18 04:32:24 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 18 Oct 2004 07:32:24 -0400 Subject: Negroponte Evangelizes Internet Bearer Transactions in InformationWeek (was re: Peer-To-Peer Payoff) Message-ID: Negroponte sat on the board of DigiCash, once... Cheers, RAH ------- Peer-To-Peer Payoff By Nicholas Negroponte, InformationWeek Oct. 18, 2004 URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=49901099 The next 25 years of information technology will blur boundaries between previously well-formed and discrete concepts, entities, or states of being. For example, work and play, nation and individual, rich and poor will be interpreted differently, with more overlaps than differences because of the porous nature of "being digital." A fully interconnected world with a common language is a very different place than one delimited by distance and Newtonian physics. Without question, the generation of kids born a quarter of a century hence will have totally different views about some of the most basic tenets of society, from love and family to business and pleasure. Of these basic elements, I have chosen to focus on one: money. How will transactions change over the next 25 years? Perhaps surprisingly. Cattle are widely considered the oldest form of money, used over 10,000 years ago to make payments and to account for debts and credits. The inherent value was in the cow itself. Only much later, after the Stone Age, did currency emerge in which its worth was established by convention and trust, using objects like shells and shell imitations. Modern coinage and paper money can be traced to China 500 B.C. and 100 B.C., using metal and leather, respectively. Paper banknotes emerged at the end of the 17th century as a promise to pay the bearer a sum on demand. These were handwritten and signed by cashiers. Only in the middle of the 18th century did printed, fixed denominations start to appear. It then took another 100 years for fully printed notes to emerge without need for filling in the name of the payee and signing each one individually. We call this stuff cash. Today, cash has been replaced increasingly by electronic credit and debit. In excess of three trillion dollars is moved around the planet daily. Conversions occur, accounts are changed, addressers and addressees are modified. But no money moves in the sense of coins or pigs going from my pocket or pen to yours. Everything is a scheme of pointers. The bits used to achieve such accounting don't have value unto themselves. They're only the means. Some people, including myself, believe the next step is for some of those bits to have value. That is to say, consider a string of bits to be like a virtual cow or shell. In order to distinguish these bits (like telling the difference between a beautiful seashell and a piece of coal), they would need an agreed identity. To avoid forgery, they would need a unique and secure ID. And to stop multiple spending of the same bits, there would need to be a clearing process or a means to reveal the identity of anybody who tries to double-spend. All of these requirements are easily achieved in both traceable and anonymous systems of E-cash. In these cases, the money does move. The bits are money. The more you have, the richer you are. This is the future, though maybe only in part. A parallel and more intriguing form of trade in the future will be barter. Swapping is a very attractive form of exchange because each party uses a devalued currency, in some cases one that would otherwise be wasted. Many of us are too embarrassed to run yard sales or too lazy to suffer the inconvenience and indignity of eBay. But imagine if you weren't. The unused things in your basement can be converted into something you need or want. Likewise, the person with whom you're swapping is giving something of value to you which is less so to them. With minimal computation, three-way, four-way, and n-way swaps can emerge, thereby removing the need for any common currency. Swapping is extended easily to baby-sitting for a ride to New York, a mansion for a two-hundred-foot yacht, or leftover food for a good laugh. In some cases, people will swap for monetary or nonmonetary currencies. Without question, we'll see new forms of market-making and auctions. But the most stunning change will be peer-to-peer, and peer-to-peer-to-peer- ... transaction of goods and services. If you fish and want your teeth cleaned, you need to find a dentist who needs fish, which is so unlikely that money works much better. But if a chauffeur wanted fish and the dentist wanted a driver, the loop is closed. While this is nearly impossible to do in the physical world, it's trivial in cyberspace. Add the fact that some goods and services themselves can be in digital form, and it gets easier and more likely. An interesting side benefit will be the value of one's reputation for delivering on your promises--thus, identities will have real value and not be something to hide. The point can be generalized beyond money. Peer-to-peer is a much deeper concept than we understand today. We're limited by assumptions rooted in and derived from the physical world. Information technology over the next 25 years will change those limits through force of new habits. Let me cite just one: I think nothing of moving millions of bits from one laptop to another (inches away) by using the Internet and transferring those bits through a server 10,000 miles away. Imagine telling that to somebody just 25 years ago. Nicholas Negroponte is the founding chairman of MIT's Media Laboratory and the author of the seminal work on the digital revolution, "Being Digital" (Knopf, 1995). Illustration by Dan Brown Return to: 25 Years Of InformationWeek -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jamesd at echeque.com Mon Oct 18 10:07:26 2004 From: jamesd at echeque.com (James A. Donald) Date: Mon, 18 Oct 2004 10:07:26 -0700 Subject: Airport insanity In-Reply-To: <9063289.1098020617716.JavaMail.root@dewey.psp.pas.earthlink.net> Message-ID: <417395DE.22913.1EB882@localhost> -- John Kelsey > It's one thing if you see some guy lighting a fuse sticking > out of his shoe, and quite another if you say "You look kinda > terroristy; I'm sending you off the plane." This works as a > reasonable strategy only if: > > a. The probability ratios don't work out so that the > overwhelming majority of people you throw off planes are > innocent. Provided the number of people you throw off planes is rather small, I don't see the problem. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG jppN6hyI9eo1ip7n6mKRd1QNRbKAQeKb06J6pxY2 4NqUTiLGU0XOpAJ3Rm5yFmdrm/+4BWSzcv6y9YT/U From jamesd at echeque.com Mon Oct 18 10:07:28 2004 From: jamesd at echeque.com (James A. Donald) Date: Mon, 18 Oct 2004 10:07:28 -0700 Subject: Airport insanity In-Reply-To: <10795261.1098019872641.JavaMail.root@dewey.psp.pas.earthlink.net> Message-ID: <417395E0.32333.1EC04B@localhost> -- James A. Donald: > > Mc Veigh did not target innocents, and if he did target a > > plane full of innocents, perhaps in order to kill one > > guilty man on board, there is no way in hell he himself > > would be on that plane. John Kelsey > Well, he targeted a building full of innocents, so he could > get some BATF people in one part of the building, right? I > guess I'm missing the part where he took especial care not to > blow up people who had no connection with the Waco disaster. > How would you differentiate his target selection from that of > the 9/11 attackers who hit the Pentagon? If the 9/11 attackers had *only* targeted the pentagon, that would have been fine by me. I am one of those who cheered in the movie theater when the aliens blow up Washington in the movie "Independence day" > Though you're right, he didn't do the suicide bomber thing. > Does that constitute a guarantee that no white terrorist ever > will do so? It is a good indication that sufficiently few will ever do so that it is not worth while checking shoes during boarding --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG tvzXxqFqeKwLL20vEBehl+eK0AJ0cAAzrXFkno0 44yKcITMM8GEtW/RIPtI+Em4Ylp7aOgWb/fCmC9AG From jamesd at echeque.com Mon Oct 18 10:27:38 2004 From: jamesd at echeque.com (James A. Donald) Date: Mon, 18 Oct 2004 10:27:38 -0700 Subject: Airport insanity In-Reply-To: <0410171543290.0@somehost.domainz.com> References: <4171B943.16994.2CCBB21@localhost> Message-ID: <41739A9A.16465.31363B@localhost> -- James A. Donald: > > > > > > If you really look like the shoe bomber, then you > > > > > > should have to drive. > > Thomas Shaddack > > > Ever tried to drive to Europe? Or to Hawaii? James A. Donald: > > Hard biscuit Thomas Shaddack > Do I interpret this statement correctly as the endorsement of > ethnicity-based travel restrictions? No. You can take a boat, if they will have you, drive to Mexico to fly with people less likely to be the target of mad bombers who look like you, hire a private plane, or take a long swim. > > > Why airplanes don't count as a form of public transport? > > They do. > I am afraid either I don't understand you correctly, or you > are contradicting yourself. I was unclear. To clarify: So far the terrorists have not struck at buses outside Israel. When they do start striking at buses, then people who look like mad bombers should not be allowed on buses. Until then, they should be allowed on buses. > > The proposition that we need to walk delicately for fear of > > disturbing the tender sensibilities of arabs seems > > laughable. > Being told I can't use some quite common resource, in this > case an important means of transportation, because of so > irrelevant factor as ethnicity, isn't exactly delicate. A very large number of muslims, particularly arab muslims- a small minority in the US, a large minority or substantial majority in many muslim countries, continually seek to confront the infidel in a wide variety of ways, and interpret our politeness and care to avoid harming muslims as weakness and fear. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Kn476w4tT/gvivWH76W69/lBhHE5o0IKQ1oYJggS 4AiBUDha46+ldVnTeFiyvMwJoG9A/oE/Ac0FEd/uH From jamesd at echeque.com Mon Oct 18 10:37:47 2004 From: jamesd at echeque.com (James A. Donald) Date: Mon, 18 Oct 2004 10:37:47 -0700 Subject: Airport insanity In-Reply-To: <0410181911460.11598@somehost.domainz.com> References: <417395DE.22913.1EB882@localhost> Message-ID: <41739CFB.25055.3A7F7A@localhost> -- Thomas Shaddack: > > > a. The probability ratios don't work out so that the > > > overwhelming majority of people you throw off planes are > > > innocent. James A. Donald: > > Provided the number of people you throw off planes is > > rather small, I don't see the problem. Thomas Shaddack wrote: > It isn't a problem for you until it happens to you. Who knows > when being interested in anon e-cash will become a ground to > blacklist *you*. I know when it will happen. It will happen when people interested in anon ecash go on suicide missions. :-) People who are, for the most part, not like us are trying to kill people like us. Let us chuck all those people not-like-us off those planes where most of the passengers are people like us. This really is not rocket science. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG KbVFhnyRmgiunG9XxU98lrDIIf2ZSXYFmkT7Dfe 4TIi2Ou/RGdPMFC3/LaIxWHM688e/B3FsA3jjPjK0 From jamesd at echeque.com Mon Oct 18 11:38:15 2004 From: jamesd at echeque.com (James A. Donald) Date: Mon, 18 Oct 2004 11:38:15 -0700 Subject: Airport insanity.."Ethnicity" is Bullshit In-Reply-To: Message-ID: <4173AB27.19505.71DE28@localhost> -- Tyler Durden > Let's just state the obvious: September 11th occurred not > because we had a few "crazy Muslim fundamentalists" out there > that decided they "hate our freedoms". The struck us because > we've been fuckin' over a large swath of the Muslim (not only > Arab) world for 100 years or so And the reason they are murdering Iraqi Christians, Filipinos, Ambionese and Timorese is? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG m2hVqEkFSYQ0PKxyclcvEkjwbbFYMElmQS5ao0Uh 47AIr2bZ3JXSCGM1iNSQlysfAVI6XHBVHWeEvaM/E From jamesd at echeque.com Mon Oct 18 11:48:25 2004 From: jamesd at echeque.com (James A. Donald) Date: Mon, 18 Oct 2004 11:48:25 -0700 Subject: Airport insanity In-Reply-To: Message-ID: <4173AD89.18179.7B2C37@localhost> -- James A. Donald: > > A very large number of muslims, particularly arab muslims- > > a small minority in the US, a large minority or substantial > > majority in many muslim countries, continually seek to > > confront the infidel in a wide variety of ways, and > > interpret our politeness and care to avoid harming muslims > > as weakness and fear." Tyler Durden > I would bet that statements that sound very, very close to > this were uttered prior to Iraq II. > > "Care to Avoid harming Muslims"? > > You are either trolling or [...] Sadre protected himself with Iraqi women and young children as human shields, showing that he expected the Pentagon to show more concern for Iraqi lives than he did. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG z0Tj1tmeI/AaMuuBMu2Z8xH7q6Mx5bQYJFqN5xU1 4zftsnadKxHqaGDRsPhgFcT8bZCLY79W7Yk0HjGwc From jamesd at echeque.com Mon Oct 18 12:07:58 2004 From: jamesd at echeque.com (James A. Donald) Date: Mon, 18 Oct 2004 12:07:58 -0700 Subject: Airport insanity In-Reply-To: <0410182017070.0@somehost.domainz.com> References: <41739CFB.25055.3A7F7A@localhost> Message-ID: <4173B21E.8724.8D1245@localhost> On Mon, 18 Oct 2004, James A. Donald wrote: > > People who are, for the most part, not like us are trying to kill > > people like us. Let us chuck all those people not-like-us off those > > planes where most of the passengers are people like us. Thomas Shaddack > Define "us"? Easier to define "them" "Us" is those people who do not much resemble them. From jamesd at echeque.com Mon Oct 18 12:18:39 2004 From: jamesd at echeque.com (James A. Donald) Date: Mon, 18 Oct 2004 12:18:39 -0700 Subject: Airport insanity In-Reply-To: <4173AD89.18179.7B2C37@localhost> References: Message-ID: <4173B49F.28896.96D8EF@localhost> -- Tyler Durden > "Care to Avoid harming Muslims"? > > You are either trolling or [...] http://washingtontimes.com/national/20041018-124854-2279r.htm : : Despite gaining their freedom by signing pledges to : : renounce violence, at least seven former prisoners : : of the United States at Guantanamo Bay, Cuba, have : : returned to terrorism, at times with deadly : : consequences. : : : : At least two are believed to have died in fighting : : in Afghanistan, and a third was recaptured during a : : raid of a suspected training camp in Afghanistan, : : Lt. Cmdr. Flex Plexico, a Pentagon spokesman, said : : last week. Others are at large. : : Additional former detainees have expressed a desire : : to rejoin the fight, be it against U.N. peacekeepers : : in Afghanistan, Americans in Iraq or Russian : : soldiers in Chechnya. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG gZPWnxSpOCzn/7t/pyram/Z9ixbExE1haS5OzFBm 4i6xvRLGqBtHJfp8bm6GLFqF6pwABThwj/PjOpaVx From hal at finney.org Mon Oct 18 12:49:27 2004 From: hal at finney.org (Hal Finney) Date: Mon, 18 Oct 2004 12:49:27 -0700 (PDT) Subject: Crypto blogs? Message-ID: Does anyone have pointers to crypto related weblogs? Bruce Schneier recently announced that Crypto-Gram would be coming out incrementally in blog form at http://www.schneier.com/blog/. I follow Ian Grigg's Financial Cryptography blog, http://www.financialcryptography.com/. Recently I learned about Adam Shostack's http://www.emergentchaos.com/, although it seems to be more security than crypto. Any other good ones? Hal Finney --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jya at pipeline.com Mon Oct 18 13:35:38 2004 From: jya at pipeline.com (John Young) Date: Mon, 18 Oct 2004 13:35:38 -0700 Subject: Airport insanity In-Reply-To: <0410181911460.11598@somehost.domainz.com> References: <417395DE.22913.1EB882@localhost> <417395DE.22913.1EB882@localhost> Message-ID: James is wired to be unempathetic about victims, as was McVeigh, as are fearless military and criminal killers, as are national leaders of a yellow stripe who never taste the bitter end of their exculpatory spin. What makes the wire work is that they do not believe that what they do unto others will be done to them. This is their faith, blind, cross-eyedly focussed vision which sees a right safe path down the thinnest of righteous tunnels of imagined invulnerability. Call it the armor of cowards. Call it fundamentalism, or patriotism, or pinheads up their tiny assholes. Been there: saw the vision, sniffed the odor, licked the sides of the honey-dripping tunnel, gagged, muttered what the shit is this stuff I've been preached is myrhh out of the backdoors of virgins, yelled, hey, sarge, get me out of my hole. Sarge was long gone, preaching and laughing like the devil. AIDS of the mind is hard to cure. From camera_lumina at hotmail.com Mon Oct 18 10:45:41 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 18 Oct 2004 13:45:41 -0400 Subject: Airport insanity Message-ID: "A very large number of muslims, particularly arab muslims- a small minority in the US, a large minority or substantial majority in many muslim countries, continually seek to confront the infidel in a wide variety of ways, and interpret our politeness and care to avoid harming muslims as weakness and fear." I would bet that statements that sound very, very close to this were uttered prior to Iraq II. "Care to Avoid harming Muslims"? You are either trolling with better skill than even I, the Great Tyler Durden could muster, or else you are completely and totally ignorant of world history. Go read some history books and you will understand the reason we (the US) has been targeted in particular. You'll quickly find that their hatred of us in not accidental. As for your "looks like a mad bomber" ideas, are you suggesting that, the day after a militant Indonesian muslim commits an act of terrorism, we should then exclude all asians from our airplanes, buses and subways? I don't think you've thought this out very well. -TD >From: "James A. Donald" >To: "cypherpunks at al-qaeda.net" >Subject: Re: Airport insanity >Date: Mon, 18 Oct 2004 10:27:38 -0700 > > -- >James A. Donald: > > > > > > > If you really look like the shoe bomber, then you > > > > > > > should have to drive. > > > > Thomas Shaddack > > > > Ever tried to drive to Europe? Or to Hawaii? > >James A. Donald: > > > Hard biscuit > >Thomas Shaddack > > Do I interpret this statement correctly as the endorsement of > > ethnicity-based travel restrictions? > >No. You can take a boat, if they will have you, drive to >Mexico to fly with people less likely to be the target of mad >bombers who look like you, hire a private plane, or take a long >swim. > > > > > Why airplanes don't count as a form of public transport? > > > > They do. > > > I am afraid either I don't understand you correctly, or you > > are contradicting yourself. > >I was unclear. To clarify: So far the terrorists have not >struck at buses outside Israel. When they do start striking at >buses, then people who look like mad bombers should not be >allowed on buses. Until then, they should be allowed on buses. > > > > The proposition that we need to walk delicately for fear of > > > disturbing the tender sensibilities of arabs seems > > > laughable. > > > Being told I can't use some quite common resource, in this > > case an important means of transportation, because of so > > irrelevant factor as ethnicity, isn't exactly delicate. > >A very large number of muslims, particularly arab muslims- a >small minority in the US, a large minority or substantial >majority in many muslim countries, continually seek to confront >the infidel in a wide variety of ways, and interpret our >politeness and care to avoid harming muslims as weakness and >fear. > > > --digsig > James A. Donald > 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG > Kn476w4tT/gvivWH76W69/lBhHE5o0IKQ1oYJggS > 4AiBUDha46+ldVnTeFiyvMwJoG9A/oE/Ac0FEd/uH _________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee. Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 From sunder at sunder.net Mon Oct 18 11:22:02 2004 From: sunder at sunder.net (Sunder) Date: Mon, 18 Oct 2004 14:22:02 -0400 (edt) Subject: Airport insanity In-Reply-To: <41739CFB.25055.3A7F7A@localhost> References: <417395DE.22913.1EB882@localhost> <41739CFB.25055.3A7F7A@localhost> Message-ID: I think you need to read this remake of the "First they came for the commies" poem. Short translation - whenever anyone's rights are being trampled upon, whether it affects you or not, you should protest. Goes along with one of the unsaid credos about cypherpunks: "I absolutely disagree with what she said, but I'll defend to the death her right to say it." which along with "Cypherpunks write code" fell quite short of its goal. http://buffaloreport.com/021123rohde.html Here I'll save you the trouble. - - - They came for the Muslims, and I didn't speak up... By Stephen Rohde (Author's Note: The USA Patriot Act became law a little over one year ago.) First they came for the Muslims, and I didn't speak up because I wasn't a Muslim. Then they came for the immigrants, detaining them indefinitely solely on the certification of the attorney general, and I didn't speak up because I wasn't an immigrant. Then they came to eavesdrop on suspects consulting with their attorneys, and I didn't speak up because I wasn't a suspect. Then they came to prosecute noncitizens before secret military commissions, and I didn't speak up because I wasn't a noncitizen. Then they came to enter homes and offices for unannounced "sneak and peak" searches, and I didn't speak up because I had nothing to hide. Then they came to reinstate Cointelpro and resume the infiltration and surveillance of domestic religious and political groups, and I didn't speak up because I no longer participated in any groups. Then they came to arrest American citizens and hold them indefinitely without any charges and without access to lawyers, and I didn't speak up because I would never be arrested. Then they came to institute TIPS (Terrorism Information and Prevention System) recruiting citizens to spy on other citizens and I didn't speak up because I was afraid. Then they came for anyone who objected to government policy because it only aided the terrorists and gave ammunition to America's enemies, and I didn't speak up ... because I didn't speak up. Then they came for me, and by that time, no one was left to speak up. Forum Column (from the Daily Journal, 11/20/02). Stephen Rohde is an attorney. He edited American Words of Freedom and was was president of the American Civil Liberties Union of Southern California. Does Rohde's text seem familiar? It should. He based it on one of the web's most widely-circulated texts about silence in the face of evil: In Germany, the Nazis first came for the communists, and I didn't speak up because I wasn't a communist. Then they came for the Jews, and I didn't speak up because I wasn't a Jew. Then they came for the trade unionists, and I didn't speak up because I wasn't a trade unionist. Then they came for the Catholics, but I didn't speak up because I was a protestant. Then they came for me, and by that time there was no one left to speak for me. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. ------------------------------------------------------------------------- On Mon, 18 Oct 2004, James A. Donald wrote: > I know when it will happen. It will happen when people > interested in anon ecash go on suicide missions. :-) > > People who are, for the most part, not like us are trying to > kill people like us. Let us chuck all those people not-like-us > off those planes where most of the passengers are people like > us. This really is not rocket science. From camera_lumina at hotmail.com Mon Oct 18 12:31:25 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 18 Oct 2004 15:31:25 -0400 Subject: Airport insanity Message-ID: "Sadre protected himself with Iraqi women and young children as human shields, showing that he expected the Pentagon to show more concern for Iraqi lives than he did." There are giant, glaring holes in your logical processing, Mr Donald. In this case let us remember that the whole situation is because WE are over THERE. This particular incident would not occur if we hadn't invaded. Aside from that, your posts are completely saturated with the "They're more evil than we are therefore it's OK for us to be fuckin them over" logic. This is also why your (mostly faulty) examples of Muslim violence are basically irrelevant, or at least in the case(s) where the US has taken unilateral action to undermine or destabilise regimes that don't happen to serve us (guess that's just a coincidence, eh). -TD >From: "James A. Donald" >To: "cypherpunks at al-qaeda.net" >Subject: Re: Airport insanity >Date: Mon, 18 Oct 2004 11:48:25 -0700 > > -- >James A. Donald: > > > A very large number of muslims, particularly arab muslims- > > > a small minority in the US, a large minority or substantial > > > majority in many muslim countries, continually seek to > > > confront the infidel in a wide variety of ways, and > > > interpret our politeness and care to avoid harming muslims > > > as weakness and fear." > >Tyler Durden > > I would bet that statements that sound very, very close to > > this were uttered prior to Iraq II. > > > > "Care to Avoid harming Muslims"? > > > > You are either trolling or [...] > >Sadre protected himself with Iraqi women and young children as >human shields, showing that he expected the Pentagon to show >more concern for Iraqi lives than he did. > > --digsig > James A. Donald > 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG > z0Tj1tmeI/AaMuuBMu2Z8xH7q6Mx5bQYJFqN5xU1 > 4zftsnadKxHqaGDRsPhgFcT8bZCLY79W7Yk0HjGwc _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From camera_lumina at hotmail.com Mon Oct 18 12:47:06 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 18 Oct 2004 15:47:06 -0400 Subject: Airport insanity Message-ID: WOW! Let's examine your little clip here. >Tyler Durden > > "Care to Avoid harming Muslims"? Your statement was that the US took special care in avoiding harm to Muslims. In this case we have Muslims tortured at Guantanamo and now angry as hell. And you expected...what? >http://washingtontimes.com/national/20041018-124854-2279r.htm >: : Despite gaining their freedom by signing pledges to >: : renounce violence, at least seven former prisoners >: : of the United States at Guantanamo Bay, Cuba, have >: : returned to terrorism, at times with deadly >: : consequences. Wow! Tortured prisoners signed statements and then went back on their promises? The nerve! Note the incredible linguistic bias. "Returned to terrorism?...That's a laughable statement for people who returned to their own country to fight an invader. And the word "Despite" it's arguable even more hilarious. And of course, your quote of this piece in this context points to your ever-present logic of "They're more evil than we are therefore it's OK if we fuck them over". >: : Additional former detainees have expressed a desire >: : to rejoin the fight, be it against U.N. peacekeepers >: : in Afghanistan, Americans in Iraq or Russian >: : soldiers in Chechnya. Hum. Muislims helping Muslims to push the US or Russians out of their occupied countries. I've seen worse uses for religion. But more importantly, are you seeing where this is headed? Let's forget differing ideologies and get really, really practical here. If you or I were grabbed in our own country and brought 7000 miles away, and then tortured for 2 years, wouldn't you most likely become convinced that the torturing nation was a great evil that had to be stopped? Even more, what if your life sucked in your own country and you didn't have a lot to live for anyway? The violence sown by Western powers will continue to result in further Septemeber 11ths. Simply increasing the scope or intensity (a la Iraq II) isn't going to make things better. -TD > > --digsig > James A. Donald > 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG > gZPWnxSpOCzn/7t/pyram/Z9ixbExE1haS5OzFBm > 4i6xvRLGqBtHJfp8bm6GLFqF6pwABThwj/PjOpaVx _________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee. Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 From rah at shipwright.com Mon Oct 18 12:59:05 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 18 Oct 2004 15:59:05 -0400 Subject: Airport insanity In-Reply-To: <4173B21E.8724.8D1245@localhost> References: <41739CFB.25055.3A7F7A@localhost> <4173B21E.8724.8D1245@localhost> Message-ID: At 12:07 PM -0700 10/18/04, James A. Donald wrote: > On Mon, 18 Oct 2004, James A. Donald wrote: >> > People who are, for the most part, not like us are trying to kill >> > people like us. Let us chuck all those people not-like-us off those >> > planes where most of the passengers are people like us. > >Thomas Shaddack >> Define "us"? > >Easier to define "them" > >"Us" is those people who do not much resemble them. Here's *my* current definition of "us": A great book. The world's greatest business plan. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From sfurlong at acmenet.net Mon Oct 18 14:52:58 2004 From: sfurlong at acmenet.net (Steve Furlong) Date: 18 Oct 2004 17:52:58 -0400 Subject: Airport insanity In-Reply-To: <0410182112090.11608@somehost.domainz.com> References: <4173AD89.18179.7B2C37@localhost> <0410182112090.11608@somehost.domainz.com> Message-ID: <1098136378.1451.7.camel@daft> On Mon, 2004-10-18 at 15:17, Thomas Shaddack wrote: > Pentagon protects their people by distance - being it by bombing from high > altitude, or by using cruise missiles. > > Everybody uses the technology available to them. What's bad on it? > > Invariably, the side that uses the defensive measure - being it smart > weapons[1] or human shields - classifies it as tactical, while the other > side considers it cowardly. > > A nice example of symmetry in asymmetry. > > > [1] The defensive aspect here is to allow the attackers to attack from > distance beyond the reach of the other side's active defenses, thus not > risking anything more than a piece of overpriced electronics. If some asshole is coming at you with a knife, it's cowardly to shoot him before he's in range? Dumbass. From shaddack at ns.arachne.cz Mon Oct 18 10:14:01 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Mon, 18 Oct 2004 19:14:01 +0200 (CEST) Subject: Airport insanity In-Reply-To: <417395DE.22913.1EB882@localhost> References: <417395DE.22913.1EB882@localhost> Message-ID: <0410181911460.11598@somehost.domainz.com> On Mon, 18 Oct 2004, James A. Donald wrote: > > a. The probability ratios don't work out so that the > > overwhelming majority of people you throw off planes are > > innocent. > > Provided the number of people you throw off planes is rather > small, I don't see the problem. It isn't a problem for you until it happens to you. Who knows when being interested in anon e-cash will become a ground to blacklist *you*. Do you propose a way to appeal the decision? Will the flight (and associated losses, eg. lost contract due to a missed meeting, etc.) reimbursed? From rah at shipwright.com Mon Oct 18 17:23:28 2004 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 18 Oct 2004 20:23:28 -0400 Subject: Printers betray document secrets Message-ID: The BBC | Entertainment | Have Your Say | In Pictures | Week at a Glance Monday, 18 October, 2004, 16:58 GMT 17:58 UK Printers betray document secrets That staple of crime novels - solving a case by identifying the typewriter used to write a ransom note - is being updated for the modern day. US scientists have discovered that every desktop printer has a signature style that it invisibly leaves on all the documents it produces. They have now found a way to use this to identify individual laser printers. The work will help track down printers used to make bogus bank notes, fake passports and other important papers. Spot colour Before now it was thought that the differences between cheap, mass-produced desktop printers were not significant enough to make individual identification possible. But a team from Purdue University in Indiana led by Professor Edward Delp has developed techniques that make it possible to trace which printer was used to produce which document. In 11 out of 12 tests, the team's methods identified which model of desktop laser printer was used to print particular documents. "We also believe that we will be able to identify not only which model of printer was used but specifically which printer was used," Professor Delp said. The image processing software developed by Professor Delp's team looks for the "intrinsic signatures" that each printer produces. Professor Jan Allebach, who helped develop the ID techniques, said the production methods demanded by competition in the desktop printer market meant there was quite a lot of variation in the way different machines printed pages. "For a company to make printers all behave exactly the same way would require tightening the manufacturing tolerances to the point where each printer would be too expensive for consumers," he said. The differences emerge in the way that a laser printer lays down ink on the paper and which can be spotted with the Purdue system. Inkjet is next Typically, different printers lay down ink in distinct bands that can be spotted by image processing software. "We extract mathematical features, or measurements, from printed letters, then we use image analysis and pattern-recognition techniques to identify the printer," said Professor Delp. Desktop printers coupled with scanners have become favourites with forgers as they produce high-quality copies of banknotes and personal documents that can fool a casual glance. The team is now working to extend its techiques to cover inkjet printers. The team is also working on ways to manipulate printers so they lay down ink with more easily identifiable signatures. The researchers will present their detailed findings at the International Conference on Digital Printing Technologies in early November. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jamesd at echeque.com Mon Oct 18 20:31:25 2004 From: jamesd at echeque.com (James A. Donald) Date: Mon, 18 Oct 2004 20:31:25 -0700 Subject: Airport insanity.."Ethnicity" is Bullshit In-Reply-To: <4173AB27.19505.71DE28@localhost> References: Message-ID: <4174281D.12916.259FCA0@localhost> -- Tyler Durden > > Let's just state the obvious: September 11th occurred not > > because we had a few "crazy Muslim fundamentalists" out > > there that decided they "hate our freedoms". The struck us > > because we've been fuckin' over a large swath of the Muslim > > (not only Arab) world for 100 years or so James A. Donald: > And the reason they are murdering Iraqi Christians, > Filipinos, Ambionese and Timorese is? And I forgot to mention a hundred thousand or more Sudanese, not to mention that Al Quaeda murdered far more Afghans than Americans. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG U7+z5L2eeFW+S1IwpXSNX1hEyOCuQCcGDFWykNQj 4klCW0iUxAJl1ub0DnUbDZKbwXJdS70AuL86+gLTI From shaddack at ns.arachne.cz Mon Oct 18 11:38:17 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Mon, 18 Oct 2004 20:38:17 +0200 (CEST) Subject: Airport insanity In-Reply-To: <41739CFB.25055.3A7F7A@localhost> References: <417395DE.22913.1EB882@localhost> <41739CFB.25055.3A7F7A@localhost> Message-ID: <0410182017070.0@somehost.domainz.com> On Mon, 18 Oct 2004, James A. Donald wrote: > Thomas Shaddack wrote: > > It isn't a problem for you until it happens to you. Who knows > > when being interested in anon e-cash will become a ground to > > blacklist *you*. > > I know when it will happen. It will happen when people > interested in anon ecash go on suicide missions. :-) Never underestimate the power of the combination of the People With Agendas with Classified Computerized Profiling Algorithms. :) Be vigilant. > People who are, for the most part, not like us are trying to kill people > like us. Let us chuck all those people not-like-us off those planes > where most of the passengers are people like us. Define "us"? > This really is not rocket science. Personally, as a relatively frequent flyer, I worry much more about things like cutting corners of fuselage and engine maintenance and quality of fuel (and, perhaps even more, the quality of onboard coffee) than about bombers on board. (On the other hand, local states grew out of their imperial-lust phase couple decades/centuries ago, which makes their people less disliked. Somehow lesser tendency to trigger-happy gung-ho a-ramboin' seems to be helpful too.) Seeing things in perspective sometimes helps. From jamesd at echeque.com Mon Oct 18 20:41:29 2004 From: jamesd at echeque.com (James A. Donald) Date: Mon, 18 Oct 2004 20:41:29 -0700 Subject: Airport insanity In-Reply-To: <0410182112090.11608@somehost.domainz.com> References: <4173AD89.18179.7B2C37@localhost> Message-ID: <41742A79.25304.2633680@localhost> -- James A. Donald: > > Sadre protected himself with Iraqi women and young children > > as human shields, showing that he expected the Pentagon to > > show more concern for Iraqi lives than he did. Thomas Shaddack > Pentagon protects their people by distance - being it by > bombing from high altitude, or by using cruise missiles. > > Everybody uses the technology available to them. What's bad > on it? > > Invariably, the side that uses the defensive measure - being > it smart weapons[1] or human shields - classifies it as > tactical, while the other side considers it cowardly. But no one would ever use human shields as a protection against Sadr. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG baNQWrpILKDhhFIBGXuMuSPmLUwgDjnVj7KGTDrs 4cKV4IqQITCwrJCTQCt5kQpfh5eiP+IX2EqGFdRA8 From jamesd at echeque.com Mon Oct 18 20:51:34 2004 From: jamesd at echeque.com (James A. Donald) Date: Mon, 18 Oct 2004 20:51:34 -0700 Subject: Airport insanity In-Reply-To: Message-ID: <41742CD6.810.26C6FA1@localhost> -- On 18 Oct 2004 at 15:31, Tyler Durden wrote: > Aside from that, your posts are completely saturated with the > "They're more evil than we are therefore it's OK for us to be > fuckin them over" logic. They are more evil that we are, as demonstrated by their propensity to kill all sorts of people, including each other, and including us. This forces us to do something violent. Imposing democracy on Iraq at gunpoint was probably a bad idea, but it was selected as the option that would raise the least objection. Any more effectual measure is going to piss you lot off even more. A more effectual measure and considerably less costly measure would have been to confiscate Iraq's and Saudi Arabia's oil reserves, and ethnically cleanse all male muslims above the age of puberty from the oil bearing areas. This democracy stuff did not work in Haiti and things look considerably more difficult, and more expensive, in Iraq. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG sN+N7EZrY5IEjAANVirGQOOx7UYwBe9YPumiQ4uI 4PHJIbv0IpxzyH8CXPzWKj/497VCciWU9zZler22L From bill.stewart at pobox.com Mon Oct 18 20:54:02 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 18 Oct 2004 20:54:02 -0700 Subject: Airport insanity In-Reply-To: <41710597.1030.EE613@localhost> References: <416FBF29.17594.AD343E@localhost> <41710597.1030.EE613@localhost> Message-ID: <200410190637.i9J6bhtd018079@positron.jfet.org> >Damian Gerow > > I've had more than one comment about my ID photos that amount > > to basically: "You look like you've just left a terrorist > > training camp." As Erma Bombeck wrote, by the time you look like your passport photo, it's time to come home from vacation. An extra couple of red-eye flights don't help, either. At 11:27 AM 10/16/2004, James A. Donald wrote: >If you really look like the shoe bomber, then you should have >to drive, or use public transport. James misspoke here - the only public air transport I'm aware of in the US is run by the military, and or if he meant that people who look like shaggy-haired Brits with real leather shoes should be banned from privately-run transportation systems like airplanes and Greyhound, that pretty much leaves Amtrack as the only long-distance transport option for civilians, since city and county busses normally don't go very far. At 11:27 AM 10/16/2004, James A. Donald wrote: > > Provided the number of people you throw off planes is > > rather small, I don't see the problem. Depends a lot on how high up the planes are when you throw them off... There's the concept of "due process of law" that the Bush administration isn't very familiar with that determines when you're Constitutionally permitted to deprive people of their liberties. At 11:38 AM 10/18/2004, Thomas Shaddack wrote: > Personally, as a relatively frequent flyer, I worry much more about things > like cutting corners of fuselage and engine maintenance and quality of > fuel (and, perhaps even more, the quality of onboard coffee) than about > bombers on board. Unfortunately, cutting the quality of the onboard coffee means that you're more likely to look like a shoe-bomber by the time the plane arrives. ---- Bill Stewart bill.stewart at pobox.com From bill.stewart at pobox.com Mon Oct 18 20:54:51 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 18 Oct 2004 20:54:51 -0700 Subject: Airport insanity In-Reply-To: <4173B49F.28896.96D8EF@localhost> References: <4173B49F.28896.96D8EF@localhost> Message-ID: <200410190637.i9J6bhFc018078@positron.jfet.org> James Donald recently wrote > Thomas Shaddack wrote: > > It isn't a problem for you until it happens to you. Who knows > > when being interested in anon e-cash will become a ground to > > blacklist *you*. > I know when it will happen. It will happen when people > interested in anon ecash go on suicide missions. :-) More likely, when anon ecash money-launderers start being accused of funding terrorist activities. At 11:38 AM 10/18/2004, Thomas Shaddack wrote: >Never underestimate the power of the combination of the >People With Agendas with Classified Computerized Profiling Algorithms. :) Unfortunately, the primary algorithm seems to work like this: - Somebody puts a name on some list because it seems like a good idea at the time, and there's no due process required. - Everybody copies lists from everybody else, with minimal attempt to track where the information comes from. - Database corruption propagates rapidly, so anybody who's on any list because of political corruption like Neo-Cointelpro stays there because of database corruption. From bill.stewart at pobox.com Mon Oct 18 21:04:14 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 18 Oct 2004 21:04:14 -0700 Subject: Airport insanity In-Reply-To: <6.0.3.0.0.20041018202225.037d3b20@pop.idiom.com> References: <4173B49F.28896.96D8EF@localhost> <6.0.3.0.0.20041018202225.037d3b20@pop.idiom.com> Message-ID: <200410190637.i9J6bhX5018080@positron.jfet.org> At 12:18 PM 10/18/2004, James A. Donald wrote: >http://washingtontimes.com/national/20041018-124854-2279r.htm >: : Despite gaining their freedom by signing pledges to >: : renounce violence, at least seven former prisoners >: : of the United States at Guantanamo Bay, Cuba, have >: : returned to terrorism, at times with deadly >: : consequences. >: : >: : At least two are believed to have died in fighting >: : in Afghanistan, and a third was recaptured during a >: : raid of a suspected training camp in Afghanistan, >: : Lt. Cmdr. Flex Plexico, a Pentagon spokesman, said >: : last week. Others are at large. > >: : Additional former detainees have expressed a desire >: : to rejoin the fight, be it against U.N. peacekeepers >: : in Afghanistan, Americans in Iraq or Russian >: : soldiers in Chechnya. None of those things sound like terrorism to me, just basic military violence, though certainly the American and Russian militaries aren't the only ones engaging in terrorist activities in South Asia and some of these ~146 people may be among them. But most of the Warlord-vs-Warlord fighting in Afghanistan isn't terrorism, and most of the Iraqi Resistance isn't either, and I'd have expected that a staunch anti-communist like James wouldn't mind people shooting at Russian soldiers even though they're no longer Soviets. At 11:38 AM 10/18/2004, James A. Donald wrote: >Tyler Durden > > Let's just state the obvious: September 11th occurred not > > because we had a few "crazy Muslim fundamentalists" out there > > that decided they "hate our freedoms". The struck us because > > we've been fuckin' over a large swath of the Muslim (not only > > Arab) world for 100 years or so > >And the reason they are murdering Iraqi Christians, Filipinos, >Ambionese and Timorese is? While the ones murdering Iraqi Christians may be doing it out of religious hatred as well as the perception that the Americans are running a Christian crusade against the Muslim world, the Indonesian invasions of their neighbors such as East Timor are just good old nationalist expansion - the US has been funding the Indonesian military for ~40 years because they're our Anti-Communist buddies, and who cares about their human rights records. You didn't expect that behaviour to stop just because there were no longer any Commies around, did you? From shaddack at ns.arachne.cz Mon Oct 18 12:17:42 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Mon, 18 Oct 2004 21:17:42 +0200 (CEST) Subject: Airport insanity In-Reply-To: <4173AD89.18179.7B2C37@localhost> References: <4173AD89.18179.7B2C37@localhost> Message-ID: <0410182112090.11608@somehost.domainz.com> On Mon, 18 Oct 2004, James A. Donald wrote: > Sadre protected himself with Iraqi women and young children as > human shields, showing that he expected the Pentagon to show > more concern for Iraqi lives than he did. Pentagon protects their people by distance - being it by bombing from high altitude, or by using cruise missiles. Everybody uses the technology available to them. What's bad on it? Invariably, the side that uses the defensive measure - being it smart weapons[1] or human shields - classifies it as tactical, while the other side considers it cowardly. A nice example of symmetry in asymmetry. [1] The defensive aspect here is to allow the attackers to attack from distance beyond the reach of the other side's active defenses, thus not risking anything more than a piece of overpriced electronics. From jamesd at echeque.com Mon Oct 18 21:31:48 2004 From: jamesd at echeque.com (James A. Donald) Date: Mon, 18 Oct 2004 21:31:48 -0700 Subject: Airport insanity In-Reply-To: References: <0410181911460.11598@somehost.domainz.com> Message-ID: <41743644.30414.291467E@localhost> -- On 18 Oct 2004 at 13:35, John Young wrote: > James is wired to be unempathetic about victims, as was > McVeigh, as are fearless military and criminal killers, as > are national leaders of a yellow stripe who never taste the > bitter end of their exculpatory spin. > > What makes the wire work is that they do not believe that > what they do unto others will be done to them. So you think our enemies should try to be even more savage and cruel than they already are? That would be difficult. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 8jFPc5YyznRSoFsz/euu3E71jE/C2JzYp7OIfB5b 4xNxnhSKG4pS9CinRKGV1bL4JQv8SATqhIxtUwoyy From jamesd at echeque.com Mon Oct 18 21:31:50 2004 From: jamesd at echeque.com (James A. Donald) Date: Mon, 18 Oct 2004 21:31:50 -0700 Subject: Airport insanity In-Reply-To: Message-ID: <41743646.17407.2914EE7@localhost> -- Tyler Durden > Your statement was that the US took special care in avoiding > harm to Muslims. In this case we have Muslims tortured at > Guantanamo and now angry as hell. And you expected...what? I expected them to be KEPT in Guantanamo. Furthermore, they were not tortured, though they should have been. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG wCUg52ZJNzaMD0ZPioMTruGISGd3DDwU6jUMELl/ 41LiTXyUsja0zJksTRtCgVaYxSideYIzzbGD/3Qq5 From sunder at sunder.net Mon Oct 18 18:43:31 2004 From: sunder at sunder.net (Sunder) Date: Mon, 18 Oct 2004 21:43:31 -0400 (edt) Subject: Airport insanity In-Reply-To: <20041018215517.GA17541@arion.soze.net> References: <41710597.1030.EE613@localhost> <41714AB0.20448.11CD039@localhost> <20041018215517.GA17541@arion.soze.net> Message-ID: RTFGoogle? Google revealed: http://www.jubilee-newspaper.com/atf_last_operation.htm http://www.constitution.org/okc/jdt03-01.htm http://www.geoffmetcalf.com/qa/23076.html http://www.lpsf.org/LPSF_Newsletters/nl_10_01.html http://216.239.39.104/search?q=cache:vrlZD0TAzU8J:www.freerepublic.com/forum/a3ac7e1b57dbf.htm+ATF+paged+not+to+come+in+to+work+murrah&hl=en http://www.geocities.com/Heartland/7006/proof-of-coverup.html http://www.uwsa.com/pipermail/uwsa/2001q2/006627.html and so on. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :"Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ <--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + : War is Peace, freedom is slavery, Bush is President. ------------------------------------------------------------------------- On Mon, 18 Oct 2004, Justin wrote: > On 2004-10-16T22:12:52-0400, Sunder wrote: > > There is still of course the matter of the unexploded bombs in that > > building that were dug out, and that the ATF received a "Don't come in to > > work" page on their beepers, and the seize and classification of all > > surveilance video tapes from things like ATM's across the street. > > Sources? > > -- > The old must give way to the new, falsehood must become exposed by truth, > and truth, though fought, always in the end prevails. -- L. Ron Hubbard From justin-cypherpunks at soze.net Mon Oct 18 14:55:17 2004 From: justin-cypherpunks at soze.net (Justin) Date: Mon, 18 Oct 2004 21:55:17 +0000 Subject: Airport insanity In-Reply-To: References: <41710597.1030.EE613@localhost> <41714AB0.20448.11CD039@localhost> Message-ID: <20041018215517.GA17541@arion.soze.net> On 2004-10-16T22:12:52-0400, Sunder wrote: > There is still of course the matter of the unexploded bombs in that > building that were dug out, and that the ATF received a "Don't come in to > work" page on their beepers, and the seize and classification of all > surveilance video tapes from things like ATM's across the street. Sources? -- The old must give way to the new, falsehood must become exposed by truth, and truth, though fought, always in the end prevails. -- L. Ron Hubbard From cme at acm.org Tue Oct 19 03:18:16 2004 From: cme at acm.org (Carl Ellison) Date: Tue, 19 Oct 2004 03:18:16 -0700 Subject: CFP 2005 PKI R&D Workshop - Deadline soon Message-ID: 4th Annual PKI R&D Workshop: Multiple Paths to Trust April 19-21, 2005 NIST -- Gaithersburg, MD Papers and Proposals Due: October 29, 2004 Website: http://middleware.internet2.edu/pki05/ Registration Fee: $125.00 This workshop considers the full range of public key technology used for security decisions and supporting functionalities, including authentication, authorization, identity (syndication, federation, and aggregation), and trust. This year, the workshop has a particular interest in how PKI and emerging trust mechanisms will interact with each other at technical, policy and user levels to support trust models that lack a central authority. This workshop has three goals: 1. Explore the current state of public key technology and emerging trust mechanisms in different domains including web services; grid technologies; authentication systems, et al., in academia, research, government, and industry. 2. Share & discuss lessons learned and scenarios from vendors and practitioners on current deployments. 3. Provide a forum for leading security researchers to explore the issues relevant to PKI space in areas of security management, identity, trust, policy, authentication, and authorization. CALL FOR PAPERS We solicit papers, case studies, panel proposals, and participation from researchers, systems architects, vendor engineers, and users. Submitted works should address one or more critical areas of inquiry. Topics include (but are not limited to): * Federated versus Non-Federated trust models * Standards related to PKI and security decision systems such as x509, SDSI/SPKI, PGP, XKMS, XACML, XRML, XML signature, and SAML. * Cryptographic and alternative methods for supporting security decisions, including the characterization and encoding of data * Intersection of policy based systems and PKI * Privacy protection and implications * Scalability of security systems * Security of the components of PKI systems * Security Infrastructures for constrained environments * Improved human factor designs for security-related interfaces including authorization and policy management, naming, use of multiple private keys, and selective disclosure * New paradigms in PKI architectures * Reports of real-world experience with the use and deployment of PKI, including future research directions Deadlines for conference paper and panel submissions are: * Papers and Proposals Due: October 29, 2004 * Authors Notified: December 10, 2004 * Final Materials Due: February 18, 2005 Submissions should be provided electronically, in PDF, for standard US letter-size paper (8.5 x 11 inches). Paper submissions must not exceed 15 pages (single space, two column format with 1" margins using a 10 pt or larger font) and have no header or footer text (e.g., no page numbers). Proposals for panels should be no longer than five pages and include possible panelists and an indication of which panelists have confirmed availability. Please submit the following information to pkichairs at internet2.edu: * Name, affiliation, email, phone, postal address for the primary contact author * First name, last name, and affiliation of each co-author * The finished paper in PDF format as an attachment All submissions will be acknowledged. Submissions of papers must not substantially duplicate work that any of the authors have published elsewhere or have submitted in parallel to any other conferences or journals. Accepted papers will be published in a proceedings of the workshop. REGISTRATION The registration fee of $125 per person includes workshop materials, coffee breaks, lunches, and a dinner. There will be no on-site registration. Please pre-register by April 12, 2005 at https://rproxy.nist.gov/CRS/conf_ext.cfm?conf_id=1065 Teresa Vicente NIST Phone: (301) 975-3883 Fax: (301) 948-2067 email: teresa.vicente at nist.gov An agenda will be available in late December at http://middleware.internet2.edu/pki05/ ACCOMMODATIONS A block of rooms has been reserved at the Gaithersburg Holiday Inn, (301) 948-8900, at a special rate of $99, single or double, plus 12% tax. Reservations must be received by April 4, 2005, in order to receive the special rate. Please mention you are attending the "NIST/PKI Workshop". +------------------------------------------------------------------+ |Carl M. Ellison cme at acm.org http://theworld.com/~cme | | PGP: 75C5 1814 C3E3 AAA7 3F31 47B9 73F1 7E3C 96E7 2B71 | +---Officer, arrest that man. He's whistling a copyrighted song.---+ --------------------------------------------------------------------- The SPKI Mailing List Unsubscribe by sending "unsubscribe spki" to majordomo at metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jamesd at echeque.com Tue Oct 19 09:39:05 2004 From: jamesd at echeque.com (James A. Donald) Date: Tue, 19 Oct 2004 09:39:05 -0700 Subject: Airport insanity In-Reply-To: <200410190637.i9J6bhFc018078@positron.jfet.org> References: <4173B49F.28896.96D8EF@localhost> Message-ID: <4174E0B9.16781.1AB40CE@localhost> -- Thomas Shaddack: > > > It isn't a problem for you until it happens to you. Who > > > knows when being interested in anon e-cash will become a > > > ground to blacklist *you*. James A. Donald: > > I know when it will happen. It will happen when people > > interested in anon ecash go on suicide missions. :-) Bill Stewart > More likely, when anon ecash money-launderers start being > accused of funding terrorist activities. When e-currency handlers (cambists) are accused of money laundering terrorist's money, the feds steal the money, but they do not obstruct them from travelling, or, surprisingly, even from doing business - well, perhaps not so surprisingly, for if they stopped them from doing business there would be nothing to steal. When the state uses repressive measures against those that seek to murder us, there is still a large gap between that and using repressive measures against everyone. We are not terrorists, we don't look like terrorists, we don't sound like terrorists. Indeed, the more visible real terrorists are, the less even Tim McViegh looks like a terrorist and the more he looks like a patriot. When people are under attack they are going to lash out, to kill and destroy. Lashing out an external enemy, real or imaginary, is a healthy substitute for lashing out at internal enemies. We do not have a choice of peace, merely a choice between war against external or internal enemies. Clearly, war against external enemies is less dangerous to freedom. War is dangerous to freedom, but we do not have a choice of peace. The question is where the war is to be fought - in America, or elsewhere. War within America will surely destroy freedom. What we need to fear is those that talk about the home front and internal security, those who claim that Christians are as big a threat as Muslims - or that black Muslims are as big a threat as Middle Eastern Muslims. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG cGrCJvmIhJnYLWO2RB3qmnqijcHlOOsA7iklRoZD 4Ar75eLN10XbfJw/mqPpGQeUW0SzMlz4CLrpHIeEe From jamesd at echeque.com Tue Oct 19 09:59:15 2004 From: jamesd at echeque.com (James A. Donald) Date: Tue, 19 Oct 2004 09:59:15 -0700 Subject: US Retardation of Free Markets (was Airport insanity) In-Reply-To: Message-ID: <4174E573.7315.1BDB5AF@localhost> -- On 19 Oct 2004 at 10:23, Tyler Durden wrote: > Most Cypherpunks would agree that free markets are a good > thing. Basically, if you leave people alone, they'll figure > out how to meet the needs that are out in there and, in the > process, get a few of the goodies available to us as vapors > on this world. I assume you would agree to this. There are however some bad people, who want to conquer and rule. Some of them are nastier than others. Those people need to be killed. Killing some of them is regrettably controversial. Killing terrorists should not be controversial. > More than that, some of the countries we've been kicked out > or prevented from influencing have been modernizing rapidly, > the most obvious example is China and Vietnam. Your history is back to front. China and Vietnam stagnated, until they invited capitalists back in, and promised they could get rich. Mean while the countries that we were not "kicked out of" for example Taiwan and South Korea, became rich. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG y7IV2I3RzvTRwezbeYDac49MQJFtu4pLd09CpaV1 4wwT8kfGpRCZY7aO/mhgeoOcaR9vYeYFWae8aMM/M From jamesd at echeque.com Tue Oct 19 09:59:16 2004 From: jamesd at echeque.com (James A. Donald) Date: Tue, 19 Oct 2004 09:59:16 -0700 Subject: Airport insanity In-Reply-To: <200410190637.i9J6bhX5018080@positron.jfet.org> References: <6.0.3.0.0.20041018202225.037d3b20@pop.idiom.com> Message-ID: <4174E574.25619.1BDB9AD@localhost> -- http://washingtontimes.com/national/20041018-124854-2279r.htm > >: : Despite gaining their freedom by signing pledges to > >: : renounce violence, at least seven former prisoners > >: : of the United States at Guantanamo Bay, Cuba, have > >: : returned to terrorism, at times with deadly > >: : consequences. On 18 Oct 2004 at 21:04, Bill Stewart wrote: > None of those things sound like terrorism to me, just basic > military violence, Terrorists seldom engage in basic military violence, which requires courage. For example one of those released from Guatenamo captured several chinese foreign aid workers working in Pakistan, threatening to murder them: http://www.suntimes.com/output/news/cst-nws-pak13.html > though certainly the American and Russian militaries aren't > the only ones engaging in terrorist activities in South Asia > and some of these ~146 people may be among them. But most of > the Warlord-vs-Warlord fighting in Afghanistan isn't > terrorism, and most of the Iraqi Resistance isn't either, What Al Quaeda and the Taliban do is terrorism. What the Northern Alliance does to stop them is not terrorism. When did the Northern alliance massacre civilians in territories it controlled, launch car bombs in market places, and so on and so forth? > and I'd have expected that a staunch anti-communist like > James wouldn't mind people shooting at Russian soldiers even > though they're no longer Soviets. These guys prefer to shoot at children. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG qeXTtjIfy8jstPbn09dKRXMxQSVaG2t3WybJOFOP 4YnrjDudDubJLxMto2Ny0HL2d18PndoDUq+pjm+kd From camera_lumina at hotmail.com Tue Oct 19 07:23:09 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 19 Oct 2004 10:23:09 -0400 Subject: US Retardation of Free Markets (was Airport insanity) Message-ID: