From solinym at gmail.com Thu Dec 1 00:08:00 2005 From: solinym at gmail.com (Travis H.) Date: Thu, 1 Dec 2005 02:08:00 -0600 Subject: security modifications to current PCs Message-ID: Hey, I've been reading through the TCPA documents and thinking a bit about changes that might give higher assurance to an ordinary PC, or at least a PC with only minor changes. Specifically, one of the things I've always been mulling over is a secure boot sequence. Basically, like the TCPA, I want a sequence where each stage decrypts and validates the next one so that a user doesn't have to worry about modifications to the bootup state. Basically, I've been thinking about rewriting the BIOS (perhaps with large portions in FORTH a la openfirmware*) such that instead of prompting the user for a password which is compared to a stored copy (that can be erased by removing the battery), it instead prompts the user for a passphrase that is used to decrypt and authenticate the MBR (boot block) and possibly the first-stage boot loader. The boot loader in turn decrypts and authenticates the kernel and any associated crud it needs (perhaps supporting the multiboot spec), and the kernel and crud are smart enough to decrypt and authenticate the root partition, and away we go. [*] http://www.openfirmware.org/ Similarly, I wouldn't mind seeing a PCI card or something that is designed for securely storing crypto keys (from DMA among other things) and performing crypto operations. These parts of the TCPA are okay. I don't see the need to curtain memory, as I'm comfortable with the "ring 0 can do anything" property. Additionally, it would be nice to have a "trusted path" to the OS, whereby a certain key sequence triggers a direct input path to a program, or the user is assured of what program he/she is talking to. http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/trusted-path.html Is it possible to implement most block ciphers in FPGAs? It'd be nice to have a bus-mastering crypto co-processor device to do, say, disk encryption without requiring CPU help, but I want to be able to update it to new algorithms as new attacks against the cipher appear. I use some disk encryption stuff on a dual processor machine and it's still slow. The load climbs to 10 or 12 all too easily, then stuff becomes unresponsive (perhaps because swap is one of the things I'm encrypting). -- http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B From skquinn at speakeasy.net Thu Dec 1 00:38:00 2005 From: skquinn at speakeasy.net (Shawn K. Quinn) Date: Thu, 01 Dec 2005 02:38:00 -0600 Subject: security modifications to current PCs In-Reply-To: References: Message-ID: <1133426281.20852.3.camel@xevious.platypuslabs.org> On Thu, 2005-12-01 at 02:08 -0600, Travis H. wrote: > I use some disk encryption stuff on a dual processor machine and it's > still slow. The load climbs to 10 or 12 all too easily, then stuff > becomes unresponsive (perhaps because swap is one of the things I'm > encrypting). What processors, specifically? (If you expect a dual Pentium 100 system to work miracles, that's your problem.) What operating system? I'm pretty sure OpenBSD encrypts swap out of the box, and it is SMP capable. Chances are if you're getting double-digit load just from normal use due to swap encryption, you either don't have anywhere near enough RAM, don't have enough CPU, or the code you're running is inefficient. -- Shawn K. Quinn From qpzrotpg at excite.com Thu Dec 1 02:15:24 2005 From: qpzrotpg at excite.com (Enrique Hendricks) Date: Thu, 01 Dec 2005 03:15:24 -0700 Subject: Watch this St0ck Trade Message-ID: <200301111.24818.GA16833@confute.eu.org> Gulf Biomedical Corp (GBIC) Current Price $0.50 Is this an Undiscovered Gem that is Positioned to Go Higher? Pleasee R e a d the Following Announcement in its Entirety and Consider the Possibilities... Watch This One Trade Monday! H0t Press Released!! Gulf Biomedical Corporation is pleased to announce they have filed mandatory papers with the US Food and D r u g Administration in order to market and sell "LoveMagic(TM), their new a|| n at tura| herba| pr0duct to the booming herbal supplement market. "LoveMagic(TM) is anticipated to hit the market in 2 weeks. "LoveMagic" is a proprietary formulation of natural ingredients known to help users in dealing with male erect-i|e dys-function. In compliance with FDA regulations, Gulf Biomedical has informed the Food and D r u g Administration of its intent to introduce and market the product, and has submitted its proposed label for FDA approval. The new product is the second in the projected "Magic" line. The first was "HairMagic(TM)," a proprietary formulation of ingredients known to help restore scalp health and help re-gr0w h at ir, with no known side effects experienced as compared with chemical pharmaceutical drugs such as Min0xidil. "HairMagic" is in its third week of medical trials to support anecdotal evidence of the effectiveness of the product. That evidence involved the 100% success rate of the product re-growing hair on 70 early users of the herbal supplement. "HairMagic," which takes a unique "dual approach" to h at ir |0ss, has been creating a stir among interested distributors in the US, Australia, Argentina and Europe. The company cites evidence that certain bodily deficiencies are a major cause of h at ir l0ss. The product addresses these deficiencies and restores the health of the user, with the restoration of hair growth. Meanwhile, development proceeds on a third proprietary product which is designed to fight depression and restore an optimistic outlook in users. Currently there are millions of individuals within the United States who experience depression. The anti-depression product will be the third of six which the company hopes to have on the market by early 2006. Conclusion: The Examples Above Show The Awesome, Earning Potential of Little Known Companies That Explode Onto Investor's Radar Screens; Many of You Are Already Familiar with This. Is GBIC Poised and Positioned to Do that For You? Then You May Feel the Time Has Come to Act... And Please Watch this One Trade Monday! Go GBIC. Penny stocks are considered highly speculative and may be unsuitable for all but very aggressive investors. This Profile is not in any way affiliated with the featured company. This report is for entertainment and advertising purposes only and should not be used as investment advice. If you wish to stop future mailings, or if you feel you have been wrongfully placed in our membership, send a blank e mail with No Thanks in the sub ject to -------------------------------------------------------------------------------- Yahoo! Music Unlimited - Access over 1 million songs. Try it free. From dave at farber.net Thu Dec 1 02:20:05 2005 From: dave at farber.net (David Farber) Date: Thu, 1 Dec 2005 05:20:05 -0500 Subject: [IP] Advanced Paypal phish - uses faked functional address bar Message-ID: Begin forwarded message: From eugen at leitl.org Thu Dec 1 02:39:52 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 1 Dec 2005 11:39:52 +0100 Subject: [dave@farber.net: [IP] Advanced Paypal phish - uses faked functional address bar] Message-ID: <20051201103952.GS2249@leitl.org> ----- Forwarded message from David Farber ----- From AEXJHXVUWPSRU at msn.com Thu Dec 1 11:25:11 2005 From: AEXJHXVUWPSRU at msn.com (Brenda Gaston) Date: Thu, 01 Dec 2005 13:25:11 -0600 Subject: Guys Need This vw Message-ID: "Ci-ialis Softabs" is better than Pfizer Viiagrra and normal Ci-ialis because: - Guaaraantees 36 hours lasting - Safe to take, no side effects at all - Boost and increase se-xual performance - Haarder e-rectiions and quick recharge - Proven and certified by experts and doctors - only $3.99 per tabs Cllick heree: http://de.geocities.com/Janaya54149Brod33506/ ol From TadCarlisleelizabeth at matsbons.se Thu Dec 1 19:26:02 2005 From: TadCarlisleelizabeth at matsbons.se (Dale Gallegos) Date: Thu, 01 Dec 2005 23:26:02 -0400 Subject: Breitling Watches Message-ID: <68BO87FE.0U24.TadCarlisleelizabeth@matsbons.se> Do you want a high quality replica? In our online store you can buy replicas of Rolex watches and other brands. They look and feel exactly like the real thing. - We have 20+ different brands in our selection - Buy 2 watches and save 25% on both watches - Save up to 40% compared to the cost of other replicas - Standard Features: * Screw-in crown * Unidirectional turning bezel where appropriate * All the appropriate rolex logos, on crown and dial * Heavy weight Visit us: http://051.internetmrkt.com Best regards, Dale Gallegos retch you subliminal me, ow pugnacious . commerce you combinatoric me, erode . aversion you anorthic me, carlton . mccarthy you ingestible me, brendan cursive afoot ticklish . satiety you storey me, bayed . wheelchair you sidewall me, panther dichloride chubby eager . http://051.internetmrkt.com/rm/ From adam at cypherspace.org Fri Dec 2 05:35:16 2005 From: adam at cypherspace.org (Adam Back) Date: Fri, 2 Dec 2005 08:35:16 -0500 Subject: idealized content network properties (Re: [p2p-hackers] darknet) Message-ID: I think an ideal www2 network should: 1. have any content searchable by anyone (the contents are public) 2. make it hard to determine who the author of content is 3. make it hard for people other than the author to remove content 4. make it hard for people to observe what other people are downloading 5. make it hard for anyone to change content (new version and navigating by version should be the way to "change") It seems to me that this network can provide any of these subset classifications trivially. removing 1 makes a eg "friend-to-friend" network -- that just means you encrypt the searchable tags and content with a shared key. removing 2 you just sign the content. and so forth. (Making it hard for people other than the author to remove content technically probably involves things like redundancy, transience of service, opaque content to its current server location, indirection etc) (The author also should be able to arrange that he himself can't remove the content, by intentionally discarding whatever keys give him the technical means to remove or change the content). > As a side-point, I think it is somewhat pejorative to say that any > technology is "designed" for illegal usage, just because it conceals > user activity and therefore may be capable of illegal usage. There > are many legal reasons why people might wish to preserve their > anonymity and privacy. Yeah. I think my feature set at the top should be the default/base set of properties exhibited by the www2 (next gen web). Any voluntary restrictions on these should be entered into by policy. Say content X is illegal in jurisdiction Y, then Y should publish a blacklist identifying content X and the legal system in jurisdiction Y should if it chooses make it illegal to not consult the blacklist. I mean illegality is not even consistent, there are things which are legally required in Y that are illegal in Z. There is and can be no globally acceptable policy, so we must robustly technologically prevent global enforcement. Adam _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From karn at ka9q.net Fri Dec 2 09:44:53 2005 From: karn at ka9q.net (Phil Karn) Date: December 2, 2005 9:44:53 PM EST Subject: [IP] Telecoms required to save logs of e-mail Message-ID: >BRUSSELS, Belgium?EU justice and interior ministers agreed Friday >on plans that would require telecommunications companies to retain >records of phone calls and e-mails for a minimum of six months for >use in investigations of terrorism and other serious crimes. and Bob Franksten comments: > Too bad reporters don't ask question such as whether the legislatures understand that you don?t need a phone company to make a phone call and you don?t need a PTT to send email. Note that an ISP can easily log email even when a user runs his own SMTP server and/or delivers his own outbound mail. You just record all the raw packets to port 25. On the other hand, the SMTP STARTTLS (start transport layer security) command is getting pretty common these days, as most MTA senders will now use it automatically whenever the receiving MTA advertises support for it. Receiver support is not the default because it requires a X.509 certificate, but some installation scripts (e.g., Debian Linux) automatically generate and install a self-signed certificate if required. Even much of my incoming spam comes in with STARTTLS these days. I figure that should make traffic analysis just a little more difficult. When a SMTP session uses STARTTLS, only the IP addresses of the MTAs are visible to a passive wiretap at the ISP. Because self-signed certificates are so common, however, an active man-in-the-middle attack would probably work in most cases. Clearly we need certificate caching like that implemented in SSH. >Under Friday's deal, investigators will be able to view logs of >phone calls and e-mail messages, but it does not allow them to view >content of the messages. That implies that only headers need be logged, so PGP or S/MIME by itself (without STARTTLS) provide no protection at all as they both leave all email headers in the clear. ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From camera_lumina at hotmail.com Fri Dec 2 06:50:08 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 02 Dec 2005 09:50:08 -0500 Subject: Football Jocks don't like their English teacher Message-ID: Just goes to show how a Blacknet can be equated with illegal activity in our fascist climate: http://www.msnbc.msn.com/id/10294412/ Surprise surprise. Two jocks wrote bad things about killing their english teacher, after having been told they should write something "private" that no one else should ever read. Is it not obvious that the jocks are being punished for thought crimes? Next thing you know they'll be carting me off to jail for dreaming about having sex with Pamela Anderson. -TD From coderman at gmail.com Fri Dec 2 11:25:30 2005 From: coderman at gmail.com (coderman) Date: Fri, 2 Dec 2005 11:25:30 -0800 Subject: [zooko@zooko.com: Re: [p2p-hackers] darknet ~= (blacknet, f2f net)] In-Reply-To: References: <20051202154736.GX2249@leitl.org> Message-ID: <4ef5fec60512021125l7bf0d601n2413e2ef65eb2098@mail.gmail.com> On 12/2/05, Tyler Durden wrote: > ... Indeed, his focus on P2P architectures would imply that he's > largely unaware of May's Crypto Anarchy manifesto, wherein the term > "Blacknet" was defined to include information (as this guy seems to > understand it) as a mere subset. A blacknet allows for completely anonymous > transactions of any form, including monetary. blacknets don't solve the hard problems related to large scale anonymous digital cash, mainly identity management and strong reputation metrics. (s/digital cash/non trivial resource exchange/g) darknets, as the abused term appears to be currently employed, place an emphasis on friendship as a trust/reputation metric and associate that trusted channel with copyrighted content distribution. (even though, as zooko pointed out, the original microsoft paper describing darknets put more emphasis on the opaque nature of the overlay / private traffic and gave little attention to the friend to friend aspect of introduction / networking) > This knucklehead seems to want to define "black" and "dark" in terms of some > perceived scale of illegality, whereas even in Microsoft's case the term > "darknet" was not developed for that purpose.* A "darknet" may include the > possibility of no anomymity between pairs or groups of transactors, though > the identities (as well as the transactions) are effecitvely "black" to the > outside world. The term "darknet" is therefore often equated with P2P/F2F > architectures, but those are obviously only one set of instantiations of a > "darknet". agreed. i'm even more convinced these terms are essentially worthless as anything more descriptive than "a private network of some type". > *: Am I wrong in assuming that Microsoft's own usage of the term "darknet" > derives largely from the term "blacknet" which may had coined? embrace and extend the namespace! From zooko at zooko.com Fri Dec 2 07:45:57 2005 From: zooko at zooko.com (zooko at zooko.com) Date: Fri, 02 Dec 2005 11:45:57 -0400 Subject: [p2p-hackers] darknet ~= (blacknet, f2f net) Message-ID: Ian, p2p-hackers: It's not my goal to quibble about etymology (except inasmuch as it is useful to preserve the historical record). My goals are: 1. Avoid ambiguity -- where some people think that word X denotes concept 1, and others think that word X denotes concept 2. Especially if concepts 1 and 2 are related but not identical. Especially if one of them is politically incendiary. 2. Make sure we have names for our useful concepts. However, before I get to that I am going to go through the history one last time in order to cast light on the current problem. I turned up some interesting details. Let's start with a Venn diagram: _______ _______ / \ / \ / \ / \ / \/ \ / /\ \ / / \ \ | | | | | 1 |1^2 | 2 | | | | | | | | | \ \ / / \ \/ / \ /\ / \ / \ / \_______/ \_______/ Let 1 be the set of networks which are used for illegal transmission of information, and 2 be the set of networks which are built on f2f connections, and 1^2 be the intersection -- the set of networks which are used for illegal transmission of information and which are built on f2f connections. [bepw2002] introduces "darknet" to mean concept 1. In their words darknet is "a collection of networks and technologies used to share digital content", and they use it consistently within that meaning. They refer to concept 2, starting in section 2.1, using the term "small-world nets", and they clearly distinguish between what they call "small-world darknets" and "non-small-world darknets". However nowadays some people in the mass media seem to think that a "darknet" means primarily a network which is "invitation-only", i.e. a "small-world" or "f2f" net [globe]. When did the meaning shift? Ooh -- how interesting to examine the evolution of this word on [wikipedia]! The original definition on wikipedia was written on 2004-09-30. It read in full: "Darknet is a broad term to denote the networks and technologies that enable users to copy and share digital material. The term was coined in a paper from four Microsoft Research authors.". The next change was that two months later someone redirected the "Darknet" page to just be a link to the "Filesharing page", with the comment "Just another word for filesharing". The next change was that on 2005-04-14 someone from IP 81.178.83.245 wrote a definition beginning with this sentence: "A Darknet is a private file sharing network where users only connect to people they trust.". By the way, I should point out that I have a personal interest in this history because between 2001 and 2003 I tried to promulgate concept 2, using Lucas Gonze's coinage: "friendnet" [zooko2001, zooko2002, zooko2003, gonze2002]. I would like to know for my own satisfaction if my ideas were a direct inspiration for some of this modern stuff, such as the Freenet v0.7 design. So much for etymology. Now the problem is that in the current parlance of the media, the word "darknet" is used to mean vaguely 1 or 2 or 1^2. The reason that this is a problem isn't that it breaks with some etymological tradition, but that it is ambiguous and that it deprives us of useful words to refer to 1 or 2 specifically. The ambiguity has nasty political consequences -- see for example these f2f network operators struggling to persuade newspaper readers that they are not primarily for illegal purposes: [globe]. My proposal to rectify the lack-of-words problem is to use "blacknet" to refer to 1 specifically and "f2f net" to refer to 2 specifically. I don't know if there is any way to rectify the ambiguity problem. Ian wrote: > > ... > defining the term "darknet" as a f2f network that is designed > to conceal the activities of its participants (this being, so far as I > have seen, one of the main motivations for building an f2f network), So you think of "darknet" as meaning 1^2. That's an interesting remark -- that you regard concealment as one of the main motivations. I personally regard concealment as one of the lesser motivations -- I'm more interested in attack resistance (resisting attacks such as subversion or denial-of-service, rather than attacks such as surveillance), scalability, and other properties. Although I'm interested in the concealment properties as well. Regards, Zooko P.S. Here's some obligatory link juice for Gonze's latest sly neologism: lightnet! [bepw2002] "The darknet and the future of content distribution" Biddle, England, Peinado, Willman (Microsoft Corporation) http://crypto.stanford.edu/DRM2002/darknet5.doc http://www.dklevine.com/archive/darknet.pdf (The .doc version crashes my OpenOffice.org app when I try to read it. Does this mean something? The .pdf version has screwed up images when I view it in evince.) [wikipedia] http://en.wikipedia.org/wiki/Darknet [zooko2001] "Attack Resistant Sharing of Metadata" Zooko and Raph Levien presentation, First O'Reilly Peer-to-Peer conference, 2001 http://conferences.oreillynet.com/cs/p2p2001/view/e_sess/1200 [zooko2002] http://zooko.com/log-2002-12.html#d2002-12-14-the_human_context_and_the_futur e_of_Mnet [zooko2003] http://www.zooko.com/log-2003-01.html#d2003-01-23-trust_is_just_another_topol ogy [gonze2002] http://www.oreillynet.com/pub/wlg/2428 [globe] "Darknets: The invitation-only Internet" globeandmail.com 2005-11-24 http://www.globetechnology.com/servlet/story/RTGAM.20051007.gtdar knetoct7/BNStory/Technology/ [lightnet] http://gonze.com/weblog/story/lightnet _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From ian.clarke at gmail.com Fri Dec 2 04:07:32 2005 From: ian.clarke at gmail.com (Ian Clarke) Date: Fri, 2 Dec 2005 12:07:32 +0000 Subject: [p2p-hackers] darknet ~= (blacknet, f2f net) Message-ID: On 29/11/05, zooko at zooko.com wrote: > However, the media seems to have started using the word "Darknet" to mean a > friend-to-friend net and/or a blacknet [7, 8], thus simultaneously making it > harder for people to think about blacknets which are based on other than > friend-to-friend architectures and making it harder for people to think about > friend-to-friend networks which are used for other than illegal information > sharing. > > I place some of the blame for this development on the Freenet folks, who may be > the first to promulgate this munging, and if they aren't the first they're > certainly the most effective. As Michael Rogers pointed out, I am not sure this is as clear-cut as you suggest, the goal for Freenet 0.7 is very close to the idea outlined in the caption for Fig. 3 of the Microsoft Darknet paper, which is a friend-to-friend network. That paper may be the first common usage of the term "darknet", but so far as I can see, it contains no concise definition of what a "darknet" is. I would therefore say that there is no authorative basis on which to invalidate any particular definition of the term that is broadly within the area of P2P networks which conceal user activity. As such, defining the term "darknet" as a f2f network that is designed to conceal the activities of its participants (this being, so far as I have seen, one of the main motivations for building an f2f network), is as valid a definition as any other I have seen (and more useful than most). As a side-point, I think it is somewhat pejorative to say that any technology is "designed" for illegal usage, just because it conceals user activity and therefore may be capable of illegal usage. There are many legal reasons why people might wish to preserve their anonymity and privacy. Ian. _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From czdwzagcznzy at hotmail.com Fri Dec 2 09:41:05 2005 From: czdwzagcznzy at hotmail.com (Alice Davidson) Date: Fri, 02 Dec 2005 12:41:05 -0500 Subject: best replica site ver Message-ID: <82868416943375.60392131@out> the decommission but togs and empty some evildoer in octane it consign may bayberry be trillionth but mouth it coalition but haughty or wretch it delta a debt on delegable , impede try yardage in forensic be foamy. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 749 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: uninominal.4.gif Type: image/gif Size: 11751 bytes Desc: not available URL: From coderman at gmail.com Fri Dec 2 13:54:10 2005 From: coderman at gmail.com (coderman) Date: Fri, 2 Dec 2005 13:54:10 -0800 Subject: a little bird told me In-Reply-To: <20051202204052.GO2249@leitl.org> References: <20051202204052.GO2249@leitl.org> Message-ID: <4ef5fec60512021354k600d0a46jdc1d9a9ccc0bbb46@mail.gmail.com> On 12/2/05, Eugen Leitl wrote: > That israeli intelligence apparently considers Tor broken. > > While Tor definitely has not been designed with that > threat model in mind, this still strikes me as somewhat > dubious. makes sense to me. when your threat model includes $TLA with a DCS1000 / ECHELON / * eye view of much internet traffic you could easily be observed to some degree. fun to speculate about until the details are known. From camera_lumina at hotmail.com Fri Dec 2 11:03:47 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 02 Dec 2005 14:03:47 -0500 Subject: [zooko@zooko.com: Re: [p2p-hackers] darknet ~= (blacknet, f2f net)] In-Reply-To: <20051202154736.GX2249@leitl.org> Message-ID: >"My proposal to rectify the lack-of-words problem is to use "blacknet" to >refer >to 1 specifically and "f2f net" to refer to 2 specifically. I don't know >if >there is any way to rectify the ambiguity problem." In this post at least the guy does not qualify what he means by "information". Indeed, his focus on P2P architectures would imply that he's largely unaware of May's Crypto Anarchy manifesto, wherein the term "Blacknet" was defined to include information (as this guy seems to understand it) as a mere subset. A blacknet allows for completely anonymous transactions of any form, including monetary. This knucklehead seems to want to define "black" and "dark" in terms of some perceived scale of illegality, whereas even in Microsoft's case the term "darknet" was not developed for that purpose.* A "darknet" may include the possibility of no anomymity between pairs or groups of transactors, though the identities (as well as the transactions) are effecitvely "black" to the outside world. The term "darknet" is therefore often equated with P2P/F2F architectures, but those are obviously only one set of instantiations of a "darknet". -TD *: Am I wrong in assuming that Microsoft's own usage of the term "darknet" derives largely from the term "blacknet" which may had coined? >From: Eugen Leitl >To: transhumantech at yahoogroups.com, cypherpunks at jfet.org >Subject: [zooko at zooko.com: Re: [p2p-hackers] darknet ~= (blacknet, f2f >net)] >Date: Fri, 2 Dec 2005 16:47:36 +0100 > >----- Forwarded message from zooko at zooko.com ----- > >From: zooko at zooko.com >Date: Fri, 02 Dec 2005 11:45:57 -0400 >To: ian at locut.us, "Peer-to-peer development." >Subject: Re: [p2p-hackers] darknet ~= (blacknet, f2f net) >Reply-To: zooko at zooko.com, > "Peer-to-peer development." > > >Ian, p2p-hackers: > >It's not my goal to quibble about etymology (except inasmuch as it is >useful >to >preserve the historical record). My goals are: > >1. Avoid ambiguity -- where some people think that word X denotes concept >1, > and others think that word X denotes concept 2. Especially if >concepts 1 > and 2 are related but not identical. Especially if one of them is > politically incendiary. > >2. Make sure we have names for our useful concepts. > >However, before I get to that I am going to go through the history one last >time in order to cast light on the current problem. I turned up some >interesting details. > >Let's start with a Venn diagram: > _______ _______ > / \ / \ > / \ / \ > / \/ \ > / /\ \ > / / \ \ > | | | | > | 1 |1^2 | 2 | > | | | | > | | | | > \ \ / / > \ \/ / > \ /\ / > \ / \ / > \_______/ \_______/ > >Let 1 be the set of networks which are used for illegal transmission of >information, and 2 be the set of networks which are built on f2f >connections, >and 1^2 be the intersection -- the set of networks which are used for >illegal >transmission of information and which are built on f2f connections. > >[bepw2002] introduces "darknet" to mean concept 1. In their words darknet >is >"a collection of networks and technologies used to share digital content", >and >they use it consistently within that meaning. They refer to concept 2, >starting in section 2.1, using the term "small-world nets", and they >clearly >distinguish between what they call "small-world darknets" and >"non-small-world >darknets". > >However nowadays some people in the mass media seem to think that a >"darknet" >means primarily a network which is "invitation-only", i.e. a "small-world" >or >"f2f" net [globe]. When did the meaning shift? > >Ooh -- how interesting to examine the evolution of this word on >[wikipedia]! >The original definition on wikipedia was written on 2004-09-30. It read in >full: "Darknet is a broad term to denote the networks and technologies that >enable users to copy and share digital material. The term was coined in a >paper from four Microsoft Research authors.". > >The next change was that two months later someone redirected the "Darknet" >page >to just be a link to the "Filesharing page", with the comment "Just another >word for filesharing". > >The next change was that on 2005-04-14 someone from IP 81.178.83.245 wrote >a >definition beginning with this sentence: "A Darknet is a private file >sharing >network where users only connect to people they trust.". > >By the way, I should point out that I have a personal interest in this >history >because between 2001 and 2003 I tried to promulgate concept 2, using Lucas >Gonze's coinage: "friendnet" [zooko2001, zooko2002, zooko2003, gonze2002]. >I would like to know for my own satisfaction if my ideas were a direct >inspiration for some of this modern stuff, such as the Freenet v0.7 design. > > >So much for etymology. > >Now the problem is that in the current parlance of the media, the word >"darknet" is used to mean vaguely 1 or 2 or 1^2. The reason that this is a >problem isn't that it breaks with some etymological tradition, but that it >is >ambiguous and that it deprives us of useful words to refer to 1 or 2 >specifically. The ambiguity has nasty political consequences -- see for >example these f2f network operators struggling to persuade newspaper >readers >that they are not primarily for illegal purposes: [globe]. > >My proposal to rectify the lack-of-words problem is to use "blacknet" to >refer >to 1 specifically and "f2f net" to refer to 2 specifically. I don't know >if >there is any way to rectify the ambiguity problem. > > > Ian wrote: > > > > ... > > defining the term "darknet" as a f2f network that is designed > > to conceal the activities of its participants (this being, so far as I > > have seen, one of the main motivations for building an f2f network), > >So you think of "darknet" as meaning 1^2. > >That's an interesting remark -- that you regard concealment as one of the >main >motivations. I personally regard concealment as one of the lesser >motivations >-- I'm more interested in attack resistance (resisting attacks such as >subversion or denial-of-service, rather than attacks such as surveillance), >scalability, and other properties. Although I'm interested in the >concealment >properties as well. > > >Regards, > >Zooko > >P.S. Here's some obligatory link juice for Gonze's latest sly neologism: >lightnet! > >[bepw2002] "The darknet and the future of content distribution" Biddle, > England, Peinado, Willman (Microsoft Corporation) > http://crypto.stanford.edu/DRM2002/darknet5.doc > http://www.dklevine.com/archive/darknet.pdf > (The .doc version crashes my OpenOffice.org app when I try to >read > it. Does this mean something? The .pdf version has screwed >up > images when I view it in evince.) >[wikipedia] http://en.wikipedia.org/wiki/Darknet >[zooko2001] "Attack Resistant Sharing of Metadata" Zooko and Raph Levien > presentation, First O'Reilly Peer-to-Peer conference, 2001 > http://conferences.oreillynet.com/cs/p2p2001/view/e_sess/1200 >[zooko2002] >http://zooko.com/log-2002-12.html#d2002-12-14-the_human_context_and_the_futur >e_of_Mnet >[zooko2003] >http://www.zooko.com/log-2003-01.html#d2003-01-23-trust_is_just_another_topol >ogy >[gonze2002] http://www.oreillynet.com/pub/wlg/2428 >[globe] "Darknets: The invitation-only Internet" globeandmail.com > 2005-11-24 > >http://www.globetechnology.com/servlet/story/RTGAM.20051007.gtdar >knetoct7/BNStory/Technology/ >[lightnet] http://gonze.com/weblog/story/lightnet >_______________________________________________ >p2p-hackers mailing list >p2p-hackers at zgp.org >http://zgp.org/mailman/listinfo/p2p-hackers >_______________________________________________ >Here is a web page listing P2P Conferences: >http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences > >----- End forwarded message ----- >-- >Eugen* Leitl leitl >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.leitl.org >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From eugen at leitl.org Fri Dec 2 05:29:59 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 2 Dec 2005 14:29:59 +0100 Subject: [ian.clarke@gmail.com: Re: [p2p-hackers] darknet ~= (blacknet, f2f net)] Message-ID: <20051202132959.GR2249@leitl.org> ----- Forwarded message from Ian Clarke ----- From eugen at leitl.org Fri Dec 2 05:37:14 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 2 Dec 2005 14:37:14 +0100 Subject: [adam@cypherspace.org: idealized content network properties (Re: [p2p-hackers] darknet)] Message-ID: <20051202133714.GU2249@leitl.org> ----- Forwarded message from Adam Back ----- From eugen at leitl.org Fri Dec 2 07:47:36 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 2 Dec 2005 16:47:36 +0100 Subject: [zooko@zooko.com: Re: [p2p-hackers] darknet ~= (blacknet, f2f net)] Message-ID: <20051202154736.GX2249@leitl.org> ----- Forwarded message from zooko at zooko.com ----- From jthorn at aei.mpg.de Fri Dec 2 09:43:49 2005 From: jthorn at aei.mpg.de (Jonathan Thornburg) Date: Fri, 2 Dec 2005 18:43:49 +0100 (CET) Subject: security modifications to current PCs In-Reply-To: References: Message-ID: On Thu, 1 Dec 2005, Travis H. wrote: > Is it possible to implement most block ciphers in FPGAs? It'd be nice > to have a bus-mastering crypto co-processor device to do, say, disk > encryption without requiring CPU help, but I want to be able to update > it to new algorithms as new attacks against the cipher appear. I use > some disk encryption stuff on a dual processor machine and it's still > slow. The load climbs to 10 or 12 all too easily, then stuff becomes > unresponsive (perhaps because swap is one of the things I'm > encrypting). Have you tried the swap-encryption option in OpenBSD? According to http://www.openbsd.org/papers/swapencrypt.ps the performance is pretty good. ciao, -- -- Jonathan Thornburg Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut), Golm, Germany, "Old Europe" http://www.aei.mpg.de/~jthorn/home.html "Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral." -- quote by Freire / poster by Oxfam From eugen at leitl.org Fri Dec 2 12:28:27 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 2 Dec 2005 21:28:27 +0100 Subject: /. [ACLU Joins Fight Against Internet Surveillance] Message-ID: <20051202202827.GK2249@leitl.org> Link: http://slashdot.org/article.pl?sid=05/12/02/1753208 Posted by: Zonk, on 2005-12-02 19:46:00 [1]aychamo writes "The American Civil Liberties Union today joined an expanding group of organizations filing [2]lawsuits against a new rule that increases the FBI's power to conduct surveillance on the Internet. The rule being challenged is one the Federal Communications Commission adopted in September, granting an FBI request to expand wiretapping authority to online communications.he ACLU charged in a petition to the U.S. Court of Appeals for the District of Columbia Circuit that the ruling goes beyond the authority of CALEA, which specifically exempted information services. "The ACLU seeks review of the CALEA order on the grounds that it exceeds the FCC's statutory authority and is arbitrary, capricious, an abuse of discretion, unsupported by substantial evidence, or otherwise contrary to law," the organization charged in its petition." References 1. http://www.aychamo.com/ 2. http://www.eweek.com/article2/0,1895,1895253,00.asp ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Fri Dec 2 12:40:52 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 2 Dec 2005 21:40:52 +0100 Subject: a little bird told me Message-ID: <20051202204052.GO2249@leitl.org> That israeli intelligence apparently considers Tor broken. While Tor definitely has not been designed with that threat model in mind, this still strikes me as somewhat dubious. So either there's a design weakness, or boxes upstream do sophisticated traffic analysis, or this is a canard, (either freely invented, or planted). Speculations (preferrably, more informed than mine) welcome. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From tien at eff.org Sat Dec 3 02:48:00 2005 From: tien at eff.org (Lee Tien) Date: December 3, 2005 2:48:00 PM EST Subject: [IP] I strongly afree with this djf Google search and Message-ID: seizure For IP if you wish. Libraries have long sought to protect circulation records out of concern for both privacy and freedom to read. Libraries and the American Library Association have been openly fighting government orders for their records. See http://www.komotv.com/news/story.asp?ID=33363 ("Small Town Library Takes On The Feds") and http://www.ctlibrarians.org/news/patriotact.html (discussing Connecticut library NSL case) Indeed, some libraries have instituted records purging policies to protect against government subpoenas. http://www.infoshop.org/alibrarians/public_html/article.php? story=03/08/01/5059833 http://www.fhsu.edu/forsyth_lib/copyright/PatriotActFAQs.shtml ("While there are some service benefits to keeping detailed records, the risks of compromising your privacy outweigh these benefits. Therefore, we are planning to purge all patron records with your personally identifiable information on them once the materials are returned and the fines are paid.") What about search engines? The data retention issue is only getting worse from a privacy standpoint; the EU is moving toward mandatory telecom traffic data retention. http://www.cbsnews.com/stories/2005/12/02/ap/world/ mainD8E8BKK00.shtml >BRUSSELS, Belgium, Dec. 2, 2005 >(AP) European justice and interior ministers agreed Friday on plans >binding telecommunications companies to retain records of phone >call and e-mails for a minimum of six months for use in >investigations into terrorism and other serious crimes. For more on EU data retention, see http://www.statewatch.org/eu-data- retention.htm Lee At 1:47 PM -0500 12/3/05, David Farber wrote: >Begin forwarded message: > >From: "Richard M. Smith" >Date: December 3, 2005 8:57:59 AM EST >To: EPIC_IDOF at mailman.epic.org >Subject: [EPIC_IDOF] Google search and seizure > >http://www.boston.com/news/globe/editorial_opinion/oped/articles/ >2005/12/03/ >google_search_and_seizure?mode=PF > >Google search and seizure >By Robert Kuttner | December 3, 2005 >The Boston Globe > >THE NEW York Times recently reported that in a North Carolina >strangulation-murder trial, prosecutors introduced as evidence the >fact that >the defendant's Google searches had included the words ''neck" and >''snap." >The Times noted that the evidence had come from the defendant's home >computer, but could just as easily have come from Google. > >Google's whole business-model includes keeping track of users' >searches by >putting ''cookies" (tracking devices) on users' own computers, and >then >using the results to customize ad offerings that pop up when we use >their >ingenious free search service. > >In the era of the misnamed USA Patriot Act, which allows >warrantless police >searches that are not even disclosed to the target, Google plus >Dick Cheney >is a recipe for undoing the liberties for which the original >patriots of the >American Revolution bled and died. Under the Patriot Act, anyone >suspected >of enabling terrorism can be subjected to these fishing expeditions. >Depending on a prosecutor's whims, that includes all of us. > >In the 18th-century era of star-chamber courts and despotic >monarchs, the US >Constitution put an end to government as prosecutor, judge, and jury. >Unreasonable searches and seizures were explicitly prohibited by >the Sixth >Amendment. People (not just citizens) were guaranteed the right to >confront >their accusers and to know the charges against them. There were no >''national security" loopholes. > >Google's internal slogan is, charmingly, ''Don't be evil." Well, the >interaction of cyber-snooping and the unreasonable searches >authorized by >the Patriot Act is pure evil. > >Herewith an idea that I am putting into the public domain, which >could make >some computer-whiz a billionaire: One of Google's competitors could >guarantee users of its search engines that all data keeping track of >searches will be permanently discarded after 24 hours. The search >process >could still learn a broad pattern of users' purchasing tastes, if >we wish to >be party to a bargain of being marketed to in exchange for the >convenience >of free searches. > >The same libertarian computer entrepreneur could offer e-mail >software, in >which old messages are permanently erased unless the user >deliberately opts >to retain them. > >Google, like Microsoft and IBM before it, may be the current market >leader >in whiz-bang technology based on sheer inventive genius. But if >Google is >not careful, some competitor with a genuine regard for privacy could >displace it. > >We all grew up vaguely knowing that 20th century technology, under >fairly >narrow circumstances, could invade privacy. The phone company kept >track of >everyone's calling records. These could be subpoenaed. Prosecutors and >detectives, with warrants approved by judges, could deploy telephone >wiretaps. There were occasional abuses, as in the witch hunts of >the 1950s, >but for the most part these technological invasions of privacy were >used >against bad guys, not for broad fishing expeditions. And there was >no e-mail >and no Google. > >Today, however, the explosion of computer technology coupled with the >discarding of prosecutorial restraints is leading to a Big-Brother >society. >Unless we pay attention, the technology is so seductive that we become >enablers of our own enslavement. > >The universal information that is so empowering could be enslaving in >another respect. Check out a little satire available on the >Internet titled >EPIC 2014. It is a short, dystopian picture of the next 10 years. > >EPIC stands for the Evolving Personalized Information Construct. In >this >grim view of the near future, Google merges with Amazon and becomes >''Google-zon," the ultimate information market monopoly. > >By 2014, the press as we know it no longer exists. Google-zon >usurps the >press's advertising base by ultra-customizing all ads. There is no >longer >the traditional craft of reporter or editor. Newspapers go out of >business >or become small niche products. > >''Everyone contributes now -- from blog entries to phone-cam >images, to >video reports, to full investigations," the video says. Everyone is >a news >producer as well as a news consumer, and it's almost impossible to >differentiate journalism from junk. Computers strip and splice >items, based >on each user's past interests, pattern of use, and declared >preferences. >News is prioritized according to how many users read each item. Ads >are >similarly customized. We are universally connected, but universally >fragmented and universally vulnerable to misinformation and >government and >commercial snooping. > >The marketplace may solve this dilemma by offering privacy-sensitive >products, but entrepreneurs may also make the problem worse. The >moment >cries out for political as well as commercial leadership. > >Correction: Last week's column referred to Warren Tolman. It should >have >been Steven Tolman. > >Robert Kuttner, co-editor of The American Prospect, can be reached at >kuttner at prospect.org. His column appears regularly in the Globe. > >_______________________________________________ >EPIC_IDOF mailing list >EPIC_IDOF at mailman.epic.org >https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_idof > > >------------------------------------- >You are subscribed as tien at well.sf.ca.us >To manage your subscription, go to > http://v2.listbox.com/member/?listname=ip > >Archives at: http://www.interesting-people.org/archives/interesting- >people/ -- ********************************** ... it is poor civic hygiene to install technologies that could someday facilitate a police state. -- Bruce Schneier Lee Tien Senior Staff Attorney Electronic Frontier Foundation 454 Shotwell Street San Francisco, CA 94110 (415) 436-9333 x 102 (tel) (415) 436-9993 (fax) tien at eff.org ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From karn at ka9q.net Sat Dec 3 03:24:11 2005 From: karn at ka9q.net (Phil Karn) Date: December 3, 2005 3:24:11 PM EST Subject: [IP] I strongly afree with this djf Google search and Message-ID: seizure >Google's internal slogan is, charmingly, ''Don't be evil." Well, the >interaction of cyber-snooping and the unreasonable searches >authorized by >the Patriot Act is pure evil. Instead of getting mad at Google, why don't we get even? Here are two simple ideas that any good coder could turn out in an afternoon: 1. Write and disseminate a little daemon that makes randomize queries to Google from your computer. Every few minutes to an hour (i.e., at random times) it would send a Google query with search terms randomly chosen from a large dictionary. This would pollute Google's logs and create reasonable doubt if you are later accused of entering queries for, say, the words "neck" and "snap". 2. Write and disseminate a web proxy filter that would route all Google queries through the TOR (The Onion Router) network and strip off all tracking mechanisms from the results. This may be a more palatable alternative to routing all your web surfing through TOR, which can be quite slow. I consider it unproductive to scream at Google, as has become so popular of late. It is also misguided to call for laws to limit what they can do with our search queries. Even if Google were to say that they no longer keep personally-identifiable search queries, there would be no way to verify it. And any new privacy law for search engines would surely be riddled with enormous loopholes for government abuse. As with confidentiality, the *only* solution here is technological. So let's get coding. --Phil ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From lauren at vortex.com Sat Dec 3 04:21:42 2005 From: lauren at vortex.com (Lauren Weinstein) Date: December 3, 2005 4:21:42 PM EST Subject: Google search and seizure, etc. vs. technologists Message-ID: 1) Any practical attempt to "swamp" Google's database in such a manner is unlikely to succeed, given the sheer volume of legit queries that they receive. I suspect they'd be smart enough to detect abuse patterns fairly easily. That kind of analysis is their bread and butter. 2) Attempts to purposely "abuse" Google in such a manner (faked requests) may well violate their Terms of Service, and if they don't now you can be sure that they will in some future version of the ToS. The likely result will at a minimum be bans and ISP actions, and at the max lawsuits. Pull out your wallet. 3) Routing queries through anon proxies will provide some protection for the technological elite who understand such things. They will not protect the average user, who most likely doesn't understand the risks and issues, and will never use such proxies, even assuming that they were trivial to use. It is fashionable for some technologists to unwisely promote ad hoc, short-term technological "fixes" in a sort of cold war escalation mode, without dealing with the fundamental problems. This is especially unproductive when it comes to helping to protect average users who take the default settings for almost everything, but are just as much at risk of abuse, if not more so. In this case, it seems reasonable to ask that Google (and other search engines) show at least as much genuine interest in protecting people's privacy and rights as does the local library. And that library isn't making billions from people's activities -- Google is. Finally, the statement that: >Even if Google were to say that they no longer keep >personally-identifiable search queries, there would be no way to >verify it. is of course not really correct. There are ways (not fullproof, but some are damned good) to audit such activities, assuming that appropriate laws are in place requiring such verification. A simple claim of compliance from the party in question is obviously not sufficient, even in the case of Google, whom I have no reason to believe is lying about what they are doing at this time. --Lauren-- Lauren Weinstein lauren at pfir.org or lauren at vortex.com or lauren at eepi.org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, EEPI - Electronic Entertainment Policy Initiative - http://www.eepi.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com - - - >From: Phil Karn >Date: December 3, 2005 3:24:11 PM EST > >1. Write and disseminate a little daemon that makes randomize queries >to Google from your computer. Every few minutes to an hour (i.e., at >random times) it would send a Google query with search terms randomly >chosen from a large dictionary. This would pollute Google's logs and >create reasonable doubt if you are later accused of entering queries >for, say, the words "neck" and "snap". > >2. Write and disseminate a web proxy filter that would route all >Google queries through the TOR (The Onion Router) network and strip >off all tracking mechanisms from the results. This may be a more >palatable alternative to routing all your web surfing through TOR, >which can be quite slow. > >I consider it unproductive to scream at Google, as has become so >popular of late. It is also misguided to call for laws to limit what >they can do with our search queries. Even if Google were to say that >they no longer keep personally-identifiable search queries, there >would be no way to verify it. And any new privacy law for search >engines would surely be riddled with enormous loopholes for >government abuse. > >As with confidentiality, the *only* solution here is technological. >So let's get coding. > > ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From dave at farber.net Sat Dec 3 03:44:12 2005 From: dave at farber.net (David Farber) Date: Sat, 3 Dec 2005 06:44:12 -0500 Subject: [IP] Telecoms required to save logs of e-mail Message-ID: Begin forwarded message: From lauren at vortex.com Sat Dec 3 08:53:22 2005 From: lauren at vortex.com (Lauren Weinstein) Date: December 3, 2005 8:53:22 PM EST Subject: [IP] Google search and seizure, etc. vs. technologists Message-ID: >In the 1980s, the "average user" would never >need a local area network in his home. In the early 1990s, the >"average user" would never understand or need the Internet. And so on. In fact, the reality of the current security and privacy mess with the Internet helps to prove my point. For example, talk to the folks who drive around plotting all of the open wireless LANs that are literally everywhere in virtually every neighborhood. The vast majority of them have *no* security at all -- not even cruddy old WEP. This includes businesses, medical offices, you name it, as well as vast numbers of private homes. Yet, for years every WLAN product has included at the very least WEP capabilities, and instructions on how to set it up. Despite this, many people's open WLANs are constantly being abused, sometimes with tragic results. That situation is gradually starting to improve, but only because the setting up of *some* level of security has become part of the standard installation scripts for many products. But until this became the *default*, even when it was easy to use, most people didn't bother. Why? Most of the time, simply because they didn't believe that any associated risks applied to them -- and that view is easy to understand. The computer industry is great at promoting the vast benefits of their products, but do their best to keep the downsides to the fine print, buried in click-through license mumbo-jumbo that even many lawyers would have trouble understanding, along with lilliputian quick-start guides that are the only instructions many people read. The same thing goes for Internet services. It is utterly reasonable to expect that the *defaults* provided will respect people's privacy, security, and other rights. We are a society of laws and those laws are there (at least in theory) to help protect those rights. It is unfair in the extreme to suggest that anyone who doesn't jump through hoops to protect themselves from information abuse is somehow negligent, while asserting that legislative efforts should not be made to rein in the way that the services behave -- so that those services meet a reasonable standard that society agrees is appropriate. Yes, imposing society's will on such firms can be tough to do, especially when dealing with powerful and well-heeled interests. But not to do so -- to not even try -- is just surrendering to what most of us know in our hearts is just plain wrong. --Lauren-- Lauren Weinstein lauren at pfir.org or lauren at vortex.com or lauren at eepi.org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, EEPI - Electronic Entertainment Policy Initiative - http://www.eepi.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com - - - > > >Begin forwarded message: > >From: Phil Karn >Date: December 3, 2005 7:10:30 PM EST >To: dave at farber.net >Cc: ip at v2.listbox.com >Subject: Re: [IP] Google search and seizure, etc. vs. technologists > > >>From: Lauren Weinstein > >>1) Any practical attempt to "swamp" Google's database in such a >> manner is unlikely to succeed, given the sheer volume of legit >> queries that they receive. I suspect they'd be smart enough to >> detect abuse patterns fairly easily. That kind of analysis is >> their bread and butter. > >The idea is not to "swamp" Google. It's simply to create a little >plausible deniability -- i.e., reasonable doubt -- that a given >search was entered by the user and not by the automatic daemon. > >>2) Attempts to purposely "abuse" Google in such a manner (faked >> requests) may well violate their Terms of Service, and if they >> don't now you can be sure that they will in some future version >> of the ToS. The likely result will at a minimum be bans and ISP >> actions, and at the max lawsuits. Pull out your wallet. > >Again, "swamping" or "abusing" Google is not the intent, nor is it >very likely given Google's strong emphasis on performance and >scalability. The idea is simply to create doubt that a given query >was generated by a human, not by the robot. The "quality" of the >synthetic queries is much more important than their quantity. > >Still, the extra traffic just might have the effect of encouraging >Google to adopt a stronger privacy policy. Not that I'd place much >stock in that, of course (see below.) > >>3) Routing queries through anon proxies will provide some protection >> for the technological elite who understand such things. They will >> not protect the average user, who most likely doesn't understand >> the risks and issues, and will never use such proxies, even >> assuming that they were trivial to use. > >I wish I had a nickel for everything I've been told "the average >user" would never understand, need or be able to use. Back in the >1970s, the "average user" would never understand, need or be able to >use a personal computer. In the 1980s, the "average user" would never >need a local area network in his home. In the early 1990s, the >"average user" would never understand or need the Internet. And so on. > >It is no more necessary that the "average user" understand how an >anonymizing Google proxy works to use it effectively than to >understand the fields in TCP/IP packet headers. The whole idea of >civilization and commerce is that many people can benefit from >specialized knowledge and skills that they themselves lack. The open >source movement and the Internet itself have certainly demonstrated >this. > >Personally, I prefer the anonymizing proxy over the random query >generator. The proxy is likely to be more effective, and it generates >no extra load. I mention the generator mainly to be complete. My >point is that there *are* technical defenses against potential >privacy abuses, and we can implement them ourselves instead of >naively demanding that Google respect our privacy against their own >commercial interests. > >And even if Google were completely honest, they would still be >subject to Patriot Act abuses that we would never know about. > >The sad fact is that "national security" has become the root password >to the Constitution. The only effective defense against a "rooted" >system is not to put any sensitive information in it in the first >place. > >--Phil > > ------------------------------------- You are subscribed as BobIP at Bobf.Frankston.com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting- people/ ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From ntpwvknptv at sbcglobal.net Sat Dec 3 06:42:46 2005 From: ntpwvknptv at sbcglobal.net (Jay Mcdowell) Date: Sat, 03 Dec 2005 09:42:46 -0500 Subject: lose weight and feel great Message-ID: <69973443093931.20544872@bois> , whizzing in arch the subsistent or napoleonic ! advice , nitrogenous the tibet , subservient but hertz not lustrous a button ! torpor on boyle but ask it's hilum see belmont try grosset on phillip it's chevrolet. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 724 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: chickweed.4.gif Type: image/gif Size: 10028 bytes Desc: not available URL: From ian.clarke at gmail.com Sat Dec 3 01:49:51 2005 From: ian.clarke at gmail.com (Ian Clarke) Date: Sat, 3 Dec 2005 09:49:51 +0000 Subject: [p2p-hackers] darknet ~= (blacknet, f2f net) Message-ID: On 02/12/05, zooko at zooko.com wrote: > Let 1 be the set of networks which are used for illegal transmission of > information, I do wish you would refer to these networks as those which allow the covert transmission of information, rather than those which are used for the illegal transmission of information - since I am not aware of any networks that are specifically designed for the illegal transmission of information. I think this would help alleviate the political problem you raise later in your email. > and 2 be the set of networks which are built on f2f connections, > and 1^2 be the intersection -- the set of networks which are used for illegal > transmission of information and which are built on f2f connections. If you broaden your definition of set 1 to be networks which are used for the covert transmission of information (I think this is a more useful definition for the set as not all covert activity is illegal), then I am not sure, in practice, how many networks will fall into set 2 that aren't also members of set 1, in fact, I can't think of any non-contrived situations where one would create a f2f network motivated by something other than a desire to be covert in some way. > [bepw2002] introduces "darknet" to mean concept 1. I'm not going to spend time dissecting their paper to determine exactly what BEPW's intention was for the term "darknet", certainly they could have been much more explicit about this if they wanted to, and they use the term in contradictory ways throughout their paper. For example, they refer to "the darknet" as if there is only one, but subsequenly refer to "darknets". Given this vagueness, I can't imagine that is was their goal to provide an authorative definition for the term. While we can debate what BEPW intended the term to mean when they used it in their paper, this is ultimately irrelevant. Software engineers often seem to forget that English isn't like a programming language where a designer specifies an unambigous definition at the outset (Richard Stallman is particularly guilty of this). The meaning of words in English is a consensus that is arrived at over time, and eventually finds its way into a dictionary (long) after that consensus is stable. The BEPW paper is one early voice in that consensus-forming process. Mine is another, yours is another still. > By the way, I should point out that I have a personal interest in this history > because between 2001 and 2003 I tried to promulgate concept 2, using Lucas > Gonze's coinage: "friendnet" [zooko2001, zooko2002, zooko2003, gonze2002]. > I would like to know for my own satisfaction if my ideas were a direct > inspiration for some of this modern stuff, such as the Freenet v0.7 design. I am not sure that they were a direct inspiration. We (Freenet) have been concerned about the fact that Freenet was harvestable for several years now. Around spring this year I made the observation that if human relationships form a small world network, it should be possible to assign locations to people such that we form a Kleinberg-style small world network, and thus we could make the network routable. Oskar Sandberg then suggested a way to do this, and we set about validating the concept using simulations. > Now the problem is that in the current parlance of the media, the word > "darknet" is used to mean vaguely 1 or 2 or 1^2. The reason that this is a > problem isn't that it breaks with some etymological tradition, but that it is > ambiguous and that it deprives us of useful words to refer to 1 or 2 > specifically. The ambiguity has nasty political consequences -- see for > example these f2f network operators struggling to persuade newspaper readers > that they are not primarily for illegal purposes: [globe]. I think a much better way to avoid this nasty political consequence is to stop describing set 1 in terms of illegal activity, but rather describe such networks as being "covert", or "anonymity preserving" - neither of which implies illegal activity (it is perfectly legal to be anonymous in most countries whose legal systems I am familiar with). > > defining the term "darknet" as a f2f network that is designed > > to conceal the activities of its participants (this being, so far as I > > have seen, one of the main motivations for building an f2f network), > > So you think of "darknet" as meaning 1^2. Or just 2, since I think the sets 1^2 and 2 are, in practical terms, virtually identical. > That's an interesting remark -- that you regard concealment as one of the main > motivations. I personally regard concealment as one of the lesser motivations > -- I'm more interested in attack resistance (resisting attacks such as > subversion or denial-of-service, rather than attacks such as surveillance), > scalability, and other properties. Although I'm interested in the concealment > properties as well. That is surprising. Are you aware of any current or proposed f2f networks for which concealment of user activity is not a goal? Ian. _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Sat Dec 3 02:35:00 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 3 Dec 2005 11:35:00 +0100 Subject: [ian.clarke@gmail.com: Re: [p2p-hackers] darknet ~= (blacknet, f2f net)] Message-ID: <20051203103500.GF2249@leitl.org> ----- Forwarded message from Ian Clarke ----- From eugen at leitl.org Sat Dec 3 03:53:16 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 3 Dec 2005 12:53:16 +0100 Subject: [dave@farber.net: [IP] Telecoms required to save logs of e-mail] Message-ID: <20051203115316.GK2249@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Sat Dec 3 05:14:12 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 3 Dec 2005 14:14:12 +0100 Subject: [udhay@pobox.com: [silk] foolproof iris recognition?] Message-ID: <20051203131412.GM2249@leitl.org> ----- Forwarded message from Udhay Shankar N ----- From dave at farber.net Sat Dec 3 12:32:31 2005 From: dave at farber.net (David Farber) Date: Sat, 3 Dec 2005 15:32:31 -0500 Subject: [IP] more on I strongly afree with this djf Google search and Message-ID: seizure X-Mailer: Apple Mail (2.746.2) Reply-To: dave at farber.net Begin forwarded message: From dave at farber.net Sat Dec 3 12:33:14 2005 From: dave at farber.net (David Farber) Date: Sat, 3 Dec 2005 15:33:14 -0500 Subject: [IP] more on I strongly afree with this djf Google search and Message-ID: seizure X-Mailer: Apple Mail (2.746.2) Reply-To: dave at farber.net Begin forwarded message: From dave at farber.net Sat Dec 3 13:35:00 2005 From: dave at farber.net (David Farber) Date: Sat, 3 Dec 2005 16:35:00 -0500 Subject: [IP] Google search and seizure, etc. vs. technologists Message-ID: Begin forwarded message: From udhay at pobox.com Sat Dec 3 04:35:53 2005 From: udhay at pobox.com (Udhay Shankar N) Date: Sat, 03 Dec 2005 18:05:53 +0530 Subject: [silk] foolproof iris recognition? Message-ID: http://blogs.zdnet.com/emergingtech/?p=88 Foolproof iris recognition technology? Posted by Roland Piquepaille @ 10:35 am For almost twenty years, the iris recognition research field has been hampered because of a broad patent covering it. As this patent recently expired, many teams around the world are again working on new technologies in this field. Iris recognition is in fact seen as the most accurate biometric recognition technology because no two irises are identical. And researchers at the University of Bath in England have developed new computer algorithms which are 100 per cent accurate in initial trials. Now the researchers are putting online a database of 16,000 iris images collected mainly from students. The source code is also available if you want to further improve the algorithms. Before going further, let's go back in time to understand why this research field was almost inactive for twenty years. Life Style Extra tells us the story. Looking into a camera to confirm your identity would now be routine and - were it not for the US firm's virtual monopoly of the technology - it would already be in use at cashpoints and passport control. Its backers say it could reduce fraud and illegal immigration. Iridian Technologies, based in New Jersey, patented the system of identifying people using the coloured part of the human eye in the mid 80s and other scientists have had to pay tens of thousands of American dollars to do any research in the field, thus hampering competition. But the patent expired in the US earlier this year and expires in the rest of the world in February 2006. Now, it's time to return to 2005 at the University of Bath. Engineers are currently road-testing their technology using a specially-constructed database containing thousands of iris images collected from students and colleagues at the University. By making this database available to other research groups, the researchers hope to encourage more advances in iris recognition and overcome some of the restrictions caused by a generic patent (recently expired) which has limited innovation for the last two decades. "Our new algorithm does the same job as the one used by almost all of the commercially available iris recognition systems, it just does it better," said Professor Don Monro from the University's Department of Electronic and Electrical Engineering. Below is a picture showing how an iris picture is shot and rendered on a computer screen before being analyzed (Credit: Smart Sensors Ltd.). The iris image acquisition process And below is an illustration of the iris image normalization process (Credit: Smart Sensors Ltd.). The iris image normalization process First, the inner and outer iris boundaries are located to eliminate the pupil, eyelid and other "clutter". Then the iris image is transformed from polar coordinates to a 512x80 fixed size rectangular image to reduce the effect of iris dilation and contraction, of which 512x48 will be coded. The non-uniform background illumination is finally homogenized. Now that you know how this new technology works, why are these researchers willing to share their database? Here are Monro's answers. Most of the databases that are available are held by commercial interests, so it is difficult for independent researchers to make headway in this field. We are making the database available online so that researchers around the world can use it to develop their own products. So far, more than 30 research groups have applied to use it. If you want to know more about this project, here are two links at the University of Bath about the Iris Image Database and the Iris Capture Project. And for even more information, one of the industrial partners of the University of Bath for this project is a U.K. company named Smart Sensors Ltd., which has published two interesting papers about this iris recognition technology. Here are the links to these documents, "Novel high performance iris feature extraction techniques" (PDF format, 1 page, 119 KB) and "Complexity low complexity human iris feature coding human iris feature coding" (PDF format, 1 page, 222 KB). The above illustrations were extracted from these documents. Sources: University of Bath news release, November 15, 2005; Life Style Extra, November 15, 2005; and various web sites -- ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com)) ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Sat Dec 3 12:41:32 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 3 Dec 2005 21:41:32 +0100 Subject: [dave@farber.net: [IP] more on I strongly afree with this djf Google search and seizure] Message-ID: <20051203204132.GV2249@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Sat Dec 3 12:42:05 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 3 Dec 2005 21:42:05 +0100 Subject: [dave@farber.net: [IP] more on I strongly afree with this djf Google search and seizure] Message-ID: <20051203204205.GW2249@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Sat Dec 3 13:59:03 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 3 Dec 2005 22:59:03 +0100 Subject: [dave@farber.net: [IP] Google search and seizure, etc. vs. technologists] Message-ID: <20051203215903.GN2249@leitl.org> ----- Forwarded message from David Farber ----- From Bob2-19-0501 at bobf.frankston.com Sun Dec 4 12:48:19 2005 From: Bob2-19-0501 at bobf.frankston.com (Bob Frankston) Date: December 4, 2005 12:48:19 PM EST Subject: [IP] Google search and seizure, etc. vs. technologists Message-ID: After writing my comments below I was going to close by noting that there is far more to worry about with fingerprints than Google since there is still a belief that finger prints are authoritative even if there is only a small portion recovered and the matching is subjective. In the same way we can try to avoid leaving any tracks and live a very circumscribed life. Or we can hope that our trails are noisy and that a visit to whitehouse.com (vs whitehouse.gov) will not mark us for life. Who knows if the visit was intended, unintended, prurient or just curious? This isn't really about technology in isolation or Google per se. We should do what we can to make people aware of these issues -- as with Sony DRM ultimately it's people's perception. If Google is seen as spying on us then they will lose too much business. Ultimately it's that rather than users setting complex option that limits threats. It's about transparency -- we need to pry into Google's closets before they pry into ours. The average user didn't understand the Internet until it was packaged in a browser and today the internet is the web and people still don't understand it beyond the simple examples they have. But even if they think that people are watching them they don't know what it means. Even the so-called experts implement link level security instead of end to end. As to Google keeping track of your searches ... what about the trail you leave in that old world of physical objects when you use your credit cards. A few key words on Google are mild compared with you are stop at the 7-11 and the cell call you made or the email messages. The threat of Google keeping track of your keywords is very abstract. The reason this story made the news is that it is very unusual. Those who say users will never be able to use computers for word processing for have LANs at home were right. And completely wrong. There is a middle ground -- it doesn't just happen by accident. Someone has to create a bridge. If the other "side" is visible then more people would try. There is a book, "Crossing the Chasm", about getting people to make the leap. More often we have to build the bridges before people know there is even an other side. And very often there really isn't or we pick the wrong one. Handwriting recognition was a big deal but a failure until Graffiti. Today oddly enough Palm is emphasizing little keyboards and Microsoft is trying to push full handwriting recognition. So much for presuming a simple linear path. Home networking (LANs) is personal for me since I had to make sure the Windows had the enabling mechanisms and I was trying to move in the direction of encrypted IPv6 with legacy ports locked down. Unfortunately we still haven't learned the lessons of Multics and Project MAC (http://www.frankston.com/?name=Symbiosis as in Man/Machine Symbiosis) in giving users a way to understand and express their intent. Of course it's far more difficult today. At least in Multics you had to take a step to make your files visible while Unix defaulted to starting with the door wide open. We do have a way to say "no cookies" but you can't really do much that way. Same problem with the Java VM in the browser -- there is an all or nothing policy. Worrying about Google tracking you is in the same vein. If you use their single login it's like being tracked by American Express or by your library. Of course we know librarians won't track you -- but they will track which books are popular and a really good library may try to make better predictions so they can better serve you even if the chortle at some of the findings. If you don't use a single login then it's really hard to avail yourself of their set of services. Same for Yahoo, AOL, MSN etc. As much as I have problems with passport there seems to be some separation between your "identity" and its use. The reason I keep coming back to phishing is that it goes to the heart of some of our perceptions. Is "Google" a nice warm friendly site or a site that promises to be worth more than a few billion dollars? I once looked up "Sodomy in Georgia" on Yahoo which was the title of a David Bunnell editorial in the 1980's. The ads that popped up showed what they thought of my search (a good reason for not having animated GIFs in ads) and, by extension, me. BTW, just tried the search on Google in an attempt to pollute my legacy and the law was eventually repealed. Should I shy away from searching? Should I not give to political candidates (the disclosure laws are indeed a violation of the first amendment)? Should I worry too much about police finding a latent pencil line on a pad of paper in my house having the words "dead meat" on it (a reminder to buy hamburger)? -----Original Message----- From: David Farber [mailto:dave at farber.net] Sent: Sunday, December 04, 2005 05:52 To: ip at v2.listbox.com Subject: [IP] Google search and seizure, etc. vs. technologists Begin forwarded message: From dave at farber.net Sun Dec 4 14:33:05 2005 From: dave at farber.net (David Farber) Date: Sun, 4 Dec 2005 17:33:05 -0500 Subject: [IP] more on Google search and seizure, etc. vs. technologists Message-ID: Begin forwarded message: From s.schear at comcast.net Sun Dec 4 18:54:00 2005 From: s.schear at comcast.net (Steve Schear) Date: Sun, 04 Dec 2005 18:54:00 -0800 Subject: Tech Helps Cops Bust Motorists In-Reply-To: <20051203215903.GN2249@leitl.org> References: <20051203215903.GN2249@leitl.org> Message-ID: <6.0.1.1.0.20051204184629.04e02268@mail.comcast.net> [It would seem possible to use a color reflective display, like 'electronic paper', to fool such a technology probably much easier than if the attention of officers were required to capture the information. Soon anyone with the cajones can have 'rotating license plates'. Steve] Motorola's license-plate recognition technology will help police quickly get info on vehicles located near their squad cars. December 1, 2005 Police cars could automatically scan nearby vehicles' license plates with a technology that Motorola and PIPS Technology launched Thursday, saving cops from currently having to type in a license plate number to search databases. The Automatic License Plate Recognition (ALPR) technology uses a camera to automatically read license plates as they come into view, and then checks the plates against police and motor vehicle databases. The new system is quicker and requires no action on the part of the police officer, said Steve Most, multimedia business director for Motorola's radio systems division. "The ALPR system gives public safety officers quick access to information about the vehicles around them," he said. "This helps increase their security and safety, as well as that of the general driving population." Cellular company Motorola developed the technology and worked with PIPS Technology, a license plate recognition technology firm, to "ruggedize" the cameras so that they meet Motorola's specifications for public safety communications in the United States. More at... http://www.redherring.com/Article.aspx?a=14701&hed=Tech%20Helps%20Cops%20Bust%20Motorists From mciuehfs at hotmail.com Sun Dec 4 14:01:19 2005 From: mciuehfs at hotmail.com (Rowena Culver) Date: Sun, 04 Dec 2005 19:01:19 -0300 Subject: Please Her Tonite X7FA Message-ID: Suffering from short penniss? Introduce revolution "Thunder" formula which gauranteees sizes increase or moneey baack. Users reported: - 2 inches extra in size - 3x pleasurable orgasms - 27% thicker Why waiting? http://thunder14.fastherb.biz WC From rah at shipwright.com Sun Dec 4 16:11:28 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 4 Dec 2005 19:11:28 -0500 Subject: [Clips] Call for IFCA Conference Sponsors, Financial Cryptography and Data Security '06 Message-ID: Um, what's "Data Security"? ;-) Cheers, RAH ------- --- begin forwarded text Delivered-To: clips at philodox.com Date: Sun, 4 Dec 2005 19:10:25 -0500 To: "Philodox Clips List" From: "R. A. Hettinga" Subject: [Clips] Call for IFCA Conference Sponsors, Financial Cryptography and Data Security '06 Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com --- begin forwarded text To: Robert Hettinga From: Patrick McDaniel Subject: Call for IFCA Conference Sponsors, Financial Cryptography and Data Security '06 Date: Sun, 4 Dec 2005 18:52:19 -0500 (EST) Dear Robert, The Financial Cryptography and Data Security '06 is celebrating its 10th year in Anguilla, British West Indies from February 27 to March 2, 2006. This conference has become a yearly touch-stone for those involved in the construction and use of technology in commercial environments. To this end, the conference brings together top cryptographers, data-security specialists, and scientists with economists, bankers, implementers, and policy makers. Intimate and colorful by tradition, the FC'06 program will feature invited talks, academic presentations, technical demonstrations, and panel discussions. In addition, we will celebrate this 10th year edition with a number of initiatives, such as: especially focused session, technical and historical state-of-the-art panels, and one session of surveys. As a past attendee, IFCA wishes to make a plea for your sponsorship. The importance of this conference to the larger security community is clear, and it is largely sustainable through the generous support of its sponsors. The benefit to your organization is also well worth the sacrifice: sponsors receive the kinds unique exposure to the cognoscenti that can only be received at these events. Sponsorship opportunities are available at modest levels and beyond. If you are interested in sponsoring, we would be very interested in talking to you. Please visit the conference website: http://siis.cse.psu.edu/fc06/ Feel free reply to this message or send email to myself (mcdaniel at cse.psu.edu) or contact me via phone (814) 863-3599 for further information. Sincerely, Patrick McDaniel, General Chair, FC '06 --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From checker at panix.com Sun Dec 4 17:43:36 2005 From: checker at panix.com (Premise Checker) Date: Sun, 4 Dec 2005 20:43:36 -0500 (EST) Subject: [>Htech] CHE: Show Your Hand, Not Your ID Message-ID: Show Your Hand, Not Your ID The Chronicle of Higher Education, 5.12.2 http://chronicle.com/free/v52/i15/15a02801.htm [Colloquy transcript appended.] [Yes, I can see the advantages of using these scanners, and I think the concerns over theft and privacy issues are reasonably countered. But the real problem is that, in making such identifications mandatory, the informal and generally harmless violations of rules are no longer possible. Suppose a researcher wants to sneak a friend into his lab after hours. This, and many, many other technical violations will no longer be allowed. We must be ever vigilant about this kind of "unreasonableness of reason," to almost coin a meme. There is a single hit on Google! I lack a better term.] Colleges use biometric scanners to screen for access to dining halls, labs, dorms, gyms, and computer networks By VINCENT KIERNAN At many colleges, students flash a photo ID at a food-service worker to get into a dining hall. Things work differently at the University of Georgia, where Gavin Beck, a senior, places his hand on a sensor that determines if the person waiting to eat really is Gavin Beck. The process, which measures the size and shape of the hand, takes only a few seconds. "No system is foolproof, but this is far more efficient for us than a photo-based system," says J. Michael Floyd, director of food services at Georgia. The university is among the first to use the biometric technology widely, having relied on it in one form or another in its dining halls since 1974. Hand scanners, electronic fingerprint readers, even retina scanners are not just for super-spies in Hollywood movies anymore. The technology is increasingly being used by colleges to allow students, professors, and staff members to gain access to dining halls, laboratories, gyms, and other facilities on their campuses. Improvements in the technology are spurring greater interest among some college administrators. Faculty and staff members who seek weekend access to the Biodesign Institute at Arizona State University, for example, must be approved by a device that checks 240 points in the iris of the eye. Locks on dormitory doors at Johnson & Wales University at Denver are controlled by a hand-geometry reader similar to Georgia's. Food-service workers at Georgia punch in and out of their shifts with a time clock that scans their fingerprints so that a worker cannot clock in for an absent friend. Proponents say biometric technology offers increased security and efficiency, making lines move faster while keeping unauthorized visitors out. And at a time when colleges are trying to safeguard campus data, the technology offers colleges a new tool to control access to computers and networks. But cost and various technical obstacles are likely to slow the technology's adoption by colleges. And some observers worry that the systems could leave an electronic paper trail -- open to abuse or theft -- of the activities of students and faculty and staff members. "It's an extremely disturbing trend," says Lee Tien, a senior staff lawyer at the Electronic Frontier Foundation, a group that promotes online civil liberties. "Biometrics is a technology that is dangerous for privacy." How It Works Administrators who support the use of biometric technology say scanning body parts is far more secure than asking users for passwords, which can be forgotten or stolen. The scanning devices look for some unique characteristic of the user, such as the arrangement of ridges on the finger, the pattern of blood vessels in the eye, or the size and shape of the hand. The characteristic -- called a biometric measurement -- must be unique for each individual, must not change, and must be easily measured. Typically a person's hand, fingerprint, or eyeball is measured once when he or she is enrolled in the system, and that measurement is stored in a computer database or on a smart ID card. At the entrance to a controlled area, such as a dining hall, the individual's characteristic is measured again and compared with the original recording. If the two measurements match, the person is admitted. Georgia's early system recorded two-dimensional measurements of users' hands. But in 1995, as part of a campuswide move toward biometric identification, the system was upgraded to one that takes three-dimensional measurements. Now the 32,500 students use their hands as passports to all-you-can-eat meal plans, the recreation center, and dormitories. They either swipe an ID card through a card reader or enter an ID number on a keypad before presenting their hand for scanning. Mr. Floyd, the food-service director, says the system rarely misidentifies anyone. Mr. Beck, the Georgia senior, recalls only one glitch, when the system wouldn't recognize him at the start of fall semester, probably because of a subtle change in his hand's shape over the summer. At a nearby office, he showed his ID, had his hand rescanned, and was cleared to eat his meal. "It set me back a couple of minutes," he says, "but it was no big deal." The University of New Hampshire installed a hand-reading system in its dining halls when campus officials wanted to halt the sharing of all-you-can-eat meal plans by several people, says David J. May, executive director of hospitality services. "It really has worked wonderfully for us," he says. Although he cannot estimate the amount of fraud that the system has stopped, he is convinced that "students would beat the system if we were using ID cards." The cost of putting biometric security in place is not exorbitant, says Mr. May. Each hand reader costs about $2,500, and the turnstile to which it is connected costs $8,500 to $9,000. The 12,000-student university has seven biometric stations at its dining halls, he says. Recently, New Hampshire expanded the system to control employees' access to one of its dining halls. That way the university will not have to issue keys to employees -- or replace locks if keys are stolen. "If an employee leaves, we just take them out of the database," so the hand-reading system will no longer recognize that person, says Mr. May. Smaller-Scale Projects Biometric systems are also being used on a smaller scale on some campuses. At Rutgers University at New Brunswick, fingerprint-scanning devices are being installed on computers attached to laboratory equipment in the materials-science department. The department, with some 80 potential users of the technology, has a password system to track usage of the equipment, so that the appropriate research grant is charged. But some students complained that they were being charged for others' use, says W. Roger Cannon, a professor of materials science and engineering. That prompted him to investigate a biometric alternative. "If we had a fingerprint system, there would be no argument," he says. The new system has functioned well in tests, Mr. Cannon says. "It seems to go pretty smoothly if you get the fingerprint centered right." Those with concerns about personal privacy can elect to continue using passwords, he adds. The University of California at Santa Barbara recently installed an iris-scanning system for controlling access by about 500 people to a 10,000-square-foot "clean room" in a semiconductor-research center. In the past, having those people swipe their ID cards at the door would result in more work for staff members, who would have to replace lost or broken cards, says Jack Whaley, manager of the Nanofabrication Facility. Moreover, the card readers were sometimes balky, he says, and nothing prevented people from lending their cards to others. In the new system, an individual's eyes are photographed, and the images are digitized, encrypted, and stored on a computer server with information about what doors the individual is authorized to use and at what times. Researchers who want to get in simply step up to an iris reader, which transmits an image of the iris to the server. If the images match, the computer opens the door. Some challenges remain, like reminding people who have "droopy eyelids" to open their eyes wide, says Mr. Whaley. But the system, which cost between $20,000 and $30,000, has made a negligible number of errors. "It's pretty good," he says. More-exotic technology is on the horizon. Fujitsu Ltd. announced in June that the Chiba Institute of Technology, in Japan, has adopted a company device that uses infrared light to read the unique pattern of veins in a student's hand. The patterns are recorded on each individual's ID card. At kiosks on the campus, students can get access to their academic transcripts and other personal records by inserting the cards and holding their hand over a palm reader. Next year the institute, which has about 11,000 students, plans to issue similar cards to faculty and staff members. It is considering expanding the system for such purposes as tracking library checkouts and class attendance. Joel Hagberg, vice president for marketing and business development at Fujitsu Computer Products of America, says the company is discussing use of the technology with American colleges, which he does not identify. The system could start surfacing on American campuses early next year, he says. The vein scanner costs more than a fingerprint reader, which can run as much as $100, but less than an iris reader, he says, although he declines to provide specific figures. The technology will probably materialize first at a large research institution, most likely as part of a centralized service such as controlling college officials' access to student records, Mr. Hagberg predicts, noting that such an application would require only a few palm readers. "This is something that you will see coming to a university near you in the near future," he says. Privacy Concerns For all the efficiency and gee-whiz value of biometric technology, civil libertarians say it raises serious concerns about privacy. The theft or abuse of biometric measurements could be even more threatening than misuse of Social Security numbers, warns Mr. Tien, of the Electronic Frontier Foundation. Campus officials using fingerprint readers stress that their systems do not record individuals' fingerprints in images like those used by law-enforcement agencies. Rather, the systems produce a mathematical representation of fingerprints that would be useless to anyone outside the colleges. Hand-geometry systems seem to cause the least apprehension because such measurements are not commonly used off campus and so would have little or no application if the biometric data were to leak out. "The only person it does any good is me," says Mr. Beck, the Georgia student. Keene State College, in New Hampshire, moved to a hand-reader system this semester. Paul A. Striffolino, director of campus life, says the system does not intrude on the privacy of the college's 5,000 students. "An eye-scanning system would seem over the top to me," he says. But some observers say even hand-geometry data could be misused. If hand readers become commonplace, authorities could use records from the systems to reconstruct a student's movements and activities on the campus or across a broader area, says Mr. Tien. "It facilitates an atmosphere or a climate of checkpoints," he says. "All it is, is maybe a faster way to get through a door. We have to wonder whether these are the right trade-offs to be making." Indeed, records of a student's biometric measurements, as well as records of where and when that student used a biometric device, probably would be protected from public disclosure under the Family Educational Rights and Privacy Act, says Steven McDonald, general counsel at the Rhode Island School of Design, who tracks the effect of the federal law on the use of technology on campuses. In most cases, he says, Ferpa would not allow a college to disclose, without a student's permission, where and when that student had entered a dining hall, for example. But the records could still be used by the college's own staff and might be vulnerable to subpoena by law-enforcement officials, he says. Nancy Tribbensee, deputy general counsel at Arizona State, says a college should acknowledge privacy concerns before settling on biometric technology. She suggests that college officials consider whether the benefits, like tighter security, would be outweighed by ways in which the data could be abused. Recordings from the iris scanner at the university's Biodesign Institute are not covered by Ferpa, Ms. Tribbensee notes, because the system is used by faculty and staff members. But the university treats the data as personnel records and therefore as confidential, and it would fight any effort to obtain copies through the state's public-records law, she says. High Price Tag Privacy is not the only concern about biometric security systems. Some users also worry about safety -- for example, whether touching a hand reader could expose someone to colds and the flu from previous users. Mr. May, of New Hampshire, says the device is "no different than a doorknob." Still, liquid hand sanitizer is available at each hand reader, in a dispenser attached to the wall, and a staff member wipes the readers with a sanitizing solution every 15 minutes. Another hurdle facing biometric systems is cost. Last year Creighton University considered using fingerprint readers to control access to the 1,500 to 2,000 computers in its laboratories and offices. At $90 to $100 a pop, Creighton would have had to spend as much as $200,000 on the devices -- and that wouldn't have included the cost of upgrading the machines as technology advanced. "That would have been a huge expense," says Michael M. Allington, assistant director of student-technology support in the information-technology department. Creighton took a pass. Still, industry officials argue that biometric systems make financial sense for colleges, at least in some situations. The staff and systems needed to maintain a list of passwords for security systems might cost a college $50 per student annually, says Tom Doggett, director of marketing for Saflink Corporation, which makes a variety of biometric systems. By contrast, he says, a large college might spend $30 to $40 per student to deploy a biometric system. "You could make the case that the system would pay for itself in a year," Mr. Doggett says. But James L. Wayman, director of the National Biometric Test Center at San Jose State University, which explores technical issues related to the technology, is less optimistic. It is unclear, he says, whether dining halls are losing enough money from fraud to warrant the expense of a biometric system. "Will it pay?" he asks. "That's where it all falls apart." "Tell me again," he says, "why you need them on college campuses." Biometric systems can also have technical problems, which have prodded a few colleges to back away from the technology. Recently the New York State Center for Engineering Design and Industrial Innovation, at the State University of New York at Buffalo, encountered problems with a fingerprint-scanning system used to control access to its facilities. The readers worked well in 2000, when they were installed inside the building, says Kenneth W. English, deputy director. But the design center is planning an expansion that would require placing the access controls on the building's exterior, and the fingerprint readers worked poorly there because of snow and ice. So the center is reverting to having users swipe ID cards through a card reader. Mr. English hopes that improvements in biometric technology will allow the center to move back to fingerprint readers in the next two or three years. 'Weak Fingerprints' When Creighton considered fingerprint readers, it tested several models. But the machines had a hard time recognizing faculty members in the dental school, recalls Mr. Allington. They seemed to have less-visible fingerprints, probably because of the frequency with which they washed their hands, he says. A similar problem surfaced in Georgia's food-service department, where 600 employees use a fingerprint system to sign in and out of work. About 10 of them, whose work often keeps their hands submerged in water, have "weak fingerprints" and so cannot use the biometric system, says Christopher H. Wilkins, an information-technology manager in the university's food-service division. They still clock in and out by swiping an ID card or entering an ID number. _________________________________________________________________ Colloquy Transcript http://chronicle.com/colloquy/2005/12/bio/ Throwing Away the Keys Thursday, December 1, at 2 p.m., U.S. Eastern time The topic Forget keys and photo ID's. Students trying to get into dormitories at Johnson & Wales University in Denver must have their hands measured by an electronic scanner. Food-service workers at the University of Georgia punch in and out of their shifts with a time clock that scans their fingerprints. And faculty and staff members seeking weekend access to the Biodesign Institute at Arizona State University must be approved by a device that checks 240 points in the iris of the eye. More and more colleges are using such biometric technology, which its fans say is more secure and efficient than traditional tools. The technology also offers a new way to control access to campus computers and networks. But biometric systems can have technical problems, and they are expensive to install. And some observers worry that the systems could leave an electronic trail -- open to abuse or theft -- of employees' and students' activities. Are the advantages of biometric technology worth its high cost? Do they outweigh its potential misuses? Are biometric records protected from public disclosure under the Family Educational Rights and Privacy Act, or do colleges need to take extra steps to protect such data? The guest J. Michael Floyd is director of food services at the University of Georgia, which has used biometric technology in one form or another in its dining halls since 1974. _________________________________________________________________ A transcript of the chat follows. _________________________________________________________________ Vincent Kiernan (Moderator): Good afternoon, and welcome to Colloquy. I'm Vincent Kiernan, a senior writer at The Chronicle, and I will be moderating today's discussion about the use of biometrics in higher education. Our guest is J. Michael Floyd, director of food services at the University of Georgia. His institution is a pioneer in the use of biometrics -- Georgia has used hand readers in its dining halls since the 1970s. Just a quick reminder to everyone out there in cyberspace: Send in your questions and comments! Now, welcome, Mike. Could you start by giving us a thumbnail sketch of what your institution does in this area? _________________________________________________________________ J. Michael Floyd: The University of Georgia Food Services has utilized biometric technology since 1972 for access control for its voluntary meal plan program that allows unlimited access for its customers from 7 am to midnight daily. The department is presently on its third generation of hand image readers and has recently implemented a biometric timekeeping system for its 700 employees. The department has chosen biometric technology for its access control to prevent sharing of meal plans by customers, reduce labor cost for access control, and to increase speed of entry for its customers. The average customer gains access into our dining commons within a 3-5 second time period with the use of biometric technology. Presently 33,000 students here at the University utilize this technology for access for dining commmons, residence halls and campus recreation facilities. _________________________________________________________________ Vincent Kiernan (Moderator): Now onto our questions... _________________________________________________________________ Question from Terri Moreman, U.S. Olympic Training Center: Terri Moreman U.S. Olympic Training Center Colorado Springs, Colorado Advantages to Biometrics Easy to maintain and archive guest access (various reports available with the ability to customize) Quicker smother entry - especially when most students dont want to carry I.D. card. Cheaper and easier then re-keying access doors Less chance of misuse Card access is even higher however; here again the student would need to carry the card at all times. Without the card they have no access. Disadvantage Dont go with new technology out the start gate. Seek out a proven product in the marketplace. Initial equipment set-up is high however in the long run it pays for itself Hand geometry readers cost an average of $3,000 per location Certified technicians trained in this specialty are required to maintain, trouble shoot and make repairs. Generally speaking an electrician or layman may understand the electrical components; however he would lack the necessary knowledge to function in this capacity. The challenge is that technology changes and if you maintain a system too long its hard to find parts it. Routine upgrades in software and hardware need to be considered to maintain your system. Electronic access is great until you have a power outage. Systems normally reset themselves however; surges and losses in power can cause damage to your system. If your facility is in a high risk lightning area it would advantageous to secure a back up generator. J. Michael Floyd: Terri Moreman makes some excellent comments on her use of biometric handreaders at the US Olympic Training Center. One of the big advantages that we find in our application of biometrics here at the University of Georgia is the financial savings that we realize with this system. Let me explain this statement. In our application customers activate the system themselves by either swiping their id card or punching in their id number then placing their hand in the reader. Once the reader recognizes the hand image as a customer it then sends a signal to the turnstyle that allows the customer to enter the dining commons. By using this self activation system we do not need a cashier at every entry device, only a cashier to monitor all the entry devices for each dining commons. This reduces our labor cost by eight fulltime cashiers. This cost savings greatly outweighs the additional cost of the biometric readers. A disadvantage of the system is that it does require trained technicians to maintain the system, which a photo base only system normally does not require. The main service issue that we have is the routine replacement that we have to do on the keypad due to the large amount of usage our systems receive by our customers choosing to enter their student id number in lieu of swiping their id card. The numbers are actually worn off the keypad. _________________________________________________________________ Question from G. Buhl, Rutgers U.: WIth the loss and theft of personal data by Universities reported recently in the media, what are the risks to students and faculty of entrusting biometric data to Universities? J. Michael Floyd: With any systems the appropriate safeguards must be in place to protect data. However, the biometric data that we use is hand & finger images and not prints. This data is of no value to an outsider to identify a customer by a hand or finger image. The key to our system is that we do not store finger or hand prints. In addition we do not identify our customers or employees by their social security number in our systems, but we utilize University identification numbers instead. _________________________________________________________________ Question from Vincent Kiernan: Mike, a big issue with any new IT system is cost. Can you give us an idea of how much this system costs Georgia -- and how much it saves you in operational costs? J. Michael Floyd: The cost of any system is reflective of the size of the application, number of hand readers and the number of locations. In our case the initial cost was approximately $100,000. But this cost was immediately offset by reduction of staffing. With the use of biometric readers where the customer activates the system you do not need a cashier for every entry device. In our case we are able to staff our cashier station with one cashier who monitors two hand readers. This alone reduced labor by 8 fulltime positions. In today's dollars this is a savings of approximately $186,000 in salary and benefits cost every year. But the true savings is the speed of access for our customers. Thereby allowing greater thru put of customers in dining centers, which allows us to maximize our operations and reduces the need to build operations for peak customer periods. In our case we provide meal plan service for our customers in four dining centers. On some other campuses this same number of customers may need five to six dining centers. _________________________________________________________________ Question from Vincent Kiernan: Mike, biometrics make some people nervous from a privacy perspective. Have you encountered any concern on your campus? How do you reassure people that their privacy is being protected? J. Michael Floyd: We have not experienced the privacy concern from our customers because we take an aggressive approach of educating our customers that our system is a hand image and not a hand print. One of the ways we educate our customers on the system is including this information in our Food Service presentation during the summer Freshman Orientation program. In addition we have previous articles from the Wall Street Journal and New York Times framed and in our lobbies to educate our customers on our biometric application. Our biometric system was also featured in "Beyond 2000" on the Discovery Channel several years ago and when the film crew was on campus we attempted to get as many of our students involved with the filming. In addition, during my 20 year tenure here at the University I have never had a customer express concern on this issue. What I do encounter from our customers is a sense of pride that they are using state of the art technology and I find they are normally our best PR agents as they love to explain our system to visitors. _________________________________________________________________ Question from Vincent Kiernan: Do you have any plans to further expand your use of biometrics in the dining hall system? J. Michael Floyd: Yes. We have recently expanded the use of biometrics for timekeeping for employees. Utilizing a different biometric system, our employees clock in & out daily using a finger image. The next expansion is to utilize these devices for backdoor employee access into our operations. This will increase the overall security of our operations, especially since we have operations open till midnight and our plans include a 24-hour dining center in the near future. In my opinion, the real future of biometrics in the workplace is in timekeeping. This application for employers with large work forces will greatly increase the accuracy of paying for actual hours worked and prevent "buddy punching." _________________________________________________________________ Question from Edward Marshall, University of Pennsylvania: Are you aware of any health related issues resulting from the use of biometric technologies? In particular, retinal scans. J. Michael Floyd: No, there is no greater risk with the hand image readers than the doorknob on the front of the building. However, we do have a procedure in place to sanitize the hand reader surface on a routine schedule thru out the day. In addition we have hand sanitizer stations located inside our dining operations for customers who would like to use this product. We do not utilize retinal scans here. However, the most common form of eye scanning is iris scanning and with these devices the eye is typically 10 to 14 inches away from the scanner. _________________________________________________________________ Vincent Kiernan (Moderator): We're about half way through our scheduled time for this conversation. If you have any questions for Mr. Floyd, now would be a great time to send them in. _________________________________________________________________ Question from Dick Sigelko, Michigan State University: If the system is not storing fingerprints or hand geography, how does it identify the individual as having the privilege? J. Michael Floyd: The system is storing hand and finger image templates. The templates are a mathematical representation of the hand or finger ridges. These stored templates are then compared to the image presented by the customer/employee when they place their hand or finger in the reader. All verifications are done on a one to one comparison, not a one to many comparison. For example the customer will input their ID number by scanning their card or typing their card number on a keypad and then they place their hand in the reader. The customer / employee must be active in the system prior to utilizing the system. _________________________________________________________________ Question from Matt Miller, Gettysburg College: How long on average does it take to add a new hand image to the system? J. Michael Floyd: For both systems the initial image is captured at an orientation. Each image takes approximately 30 seconds to capture and verify the first time. However, with our meal plan system this one time enrollment is the only time we must physically see the student to begin participation in the meal plan for their entire academic stay at UGA. The enrollment for students is done when they have their ID card produced. _________________________________________________________________ Question from Vincent Kiernan: What advice do you have for colleges that might consider hand scanning in the future? Are there any particular land mines to avoid? J. Michael Floyd: The key is to promote this as state of art technology and to excite the customers that they are involved in a unique application of technology. One installation issue to avoid is to make sure that all hand image readers are installed at the same height. Readers installed at different height can result in a higher error ratio. _________________________________________________________________ Question from Dick Sigelko, Michigan State University: Have students expressed a concern about contamination, germs or the "ick" factor? J. Michael Floyd: Over the years we have heard this question from a few customers, which allows us to explain our system and how we sanitize the reader surface. But normally when we share the comparison about the front doorknob on the building the student then realizes the enormous number of common surfaces they touch with their hands each day. _________________________________________________________________ Question from Dick Sigelko, Michigan State University: How many mis-reads per 100 do you get? J. Michael Floyd: We are at less than 1% of false-negatives. This allows our Cashier to then look up the customer in our data base and then permit the customer to dine. _________________________________________________________________ Question from Francine Reynolds, University of Richmond: Mike, what systems are your biometric readers interfacing with (i.e. CBORD's CSGold, etc.) J. Michael Floyd: Our system is a proprietary system that our campus IT department developed and maintains for the campus. _________________________________________________________________ Question from Terri Moreman, U.S. Olympic Training Center: Mike, is your system tied to dorm room or buliding access? J. Michael Floyd: Yes, our system is tied to residence hall building access. But not individual rooms. _________________________________________________________________ Question from Rich Bredahl, University of Texas at Austin: How about issues of cleaniness? With potentially several hundred people using a reader per hour, how do you: 1) Keep the reader clean 2) Ensure the reader does not become a means of passing germs/bacteria/viruses J. Michael Floyd: No, there is no greater risk with the hand image readers than the doorknob on the front of the building. However, we do have a procedure in place to sanitize the hand reader surface on a routine schedule throughout the day. In addition we have hand sanitizer stations located inside our dining operations for customers who would like to use this product. _________________________________________________________________ Question from Vincent Kiernan: That will be our last question. Mike, any final thoughts? J. Michael Floyd: In conclusion, the key benefit of a biometric system is that it can be a user activated system that creates a great deal of ownership by the customer. With this ownership, there is a buy in from the customer to assist the organization in making the system work. Additionally, biometric systems have the potential of reducing personnel cost and improving overall levels of security and customer thru put. There is also a greater awareness of security by the customer than the traditional photo base system. Biometrics is the technology that our children will see in their future workplace. _________________________________________________________________ Vincent Kiernan (Moderator): That about does it for today. On behalf of The Chronicle, thanks to Mike Floyd and his staff for their illuminating answers to the questions, and thanks to all of you for participating. Have a good afternoon. _________________________________________________________________ J. Michael Floyd: A special thank you to Donald Smith, Department Manager of UGAcard Support Services and Chris Wilkins, IT Manager, UGA Food Services for joining me today on the Colloquy and assisting with the responses.Additionally Biometric systems have the potential of reducing personnel cost and improving overall levels of security and customer thru put. ------------------------ Yahoo! Groups Sponsor --------------------~--> Get fast access to your favorite Yahoo! Groups. Make Yahoo! your home page http://us.click.yahoo.com/dpRU5A/wUILAA/yQLSAA/PMYolB/TM --------------------------------------------------------------------~-> Post message: transhumantech at yahoogroups.com Subscribe: transhumantech-subscribe at yahoogroups.com Unsubscribe: transhumantech-unsubscribe at yahoogroups.com List owner: transhumantech-owner at yahoogroups.com List home: http://www.yahoogroups.com/group/transhumantech/ Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/transhumantech/ <*> To unsubscribe from this group, send an email to: transhumantech-unsubscribe at yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From declan at well.com Mon Dec 5 07:47:23 2005 From: declan at well.com (Declan McCullagh) Date: Mon, 05 Dec 2005 07:47:23 -0800 Subject: [Politech] Weekly column: Tracking you wherever you drive -- GPS bugs and the Transportation Department [priv] Message-ID: http://news.com.com/2010-1071_3-5980979.html Perspective: E-tracking, coming to a DMV near you By Declan McCullagh December 5, 2005, 4:00 AM PST Trust federal bureaucrats to take a good idea and transform it into a frightening proposal to track Americans wherever they drive. The U.S. Department of Transportation has been handing millions of dollars to state governments for GPS-tracking pilot projects designed to track vehicles wherever they go. So far, Washington state and Oregon have received fat federal checks to figure out how to levy these "mileage-based road user fees." Now that electronic tracking and taxing may be coming to a DMV near you. The Office of Transportation Policy Studies, part of the Federal Highway Administration, is about to announce another round of grants totaling some $11 million. A spokeswoman on Friday said the office is "shooting for the end of the year" for the announcement, and more money is expected for GPS (Global Positioning System) tracking efforts. [...remainder snipped...] _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From Swone at optonline.net Sun Dec 4 19:16:53 2005 From: Swone at optonline.net (Debora Zuniga) Date: Mon, 05 Dec 2005 08:16:53 +0500 Subject: Fw: Please Read Message-ID: <200512050326.jB53PpDP028185@proton.jfet.org> Sir/Madam, Your present circumstances has been evaluated to the obligatory agencies, and upon careful reflection, we are able to tender to you the following opening offer. Based upon careful reflection you are eligible to collect a openhanded rield on your primary property investment. By completing the following attached form in a timely manner we will be able to finalize our estimation, and we feel convinced you will collect not only a better rate of interest, but also a cash return that will perform all your holiday needs and more! Please go here to finalize this juncture of the agreement. Wishing you all the best over the holiday period, Debora Zuniga Should you prefer not to grab hold of this holiday opening offer you can go here. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 963 bytes Desc: not available URL: From eugen at leitl.org Mon Dec 5 00:07:02 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 5 Dec 2005 09:07:02 +0100 Subject: [dave@farber.net: [IP] more on Google search and seizure, etc. vs. technologists] Message-ID: <20051205080702.GY2249@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Mon Dec 5 03:21:16 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 5 Dec 2005 12:21:16 +0100 Subject: [checker@panix.com: [>Htech] CHE: Show Your Hand, Not Your ID] Message-ID: <20051205112116.GE2249@leitl.org> ----- Forwarded message from Premise Checker ----- From clayton.rolygm8 at gmail.com Mon Dec 5 13:00:46 2005 From: clayton.rolygm8 at gmail.com (Samuel Hopper) Date: Mon, 5 Dec 2005 13:00:46 -0800 Subject: Dear Sir, i am interested in it Message-ID: <200512051103.jB5B3aoW004476@proton.jfet.org> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5303 bytes Desc: not available URL: From rah at shipwright.com Mon Dec 5 10:26:25 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 5 Dec 2005 13:26:25 -0500 Subject: [Clips] US on the scent of terror money in Pakistan Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Mon, 5 Dec 2005 12:24:30 -0500 To: Philodox Clips List From: "R. A. Hettinga" Subject: [Clips] US on the scent of terror money in Pakistan Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com Asia Times Online :: South Asia news, business and economy from India and Pakistan Dec 6, 2005 US on the scent of terror money in Pakistan By Syed Saleem Shahzad KARACHI - Beyond the tragedy of more than 70,000 lives being lost in the October 8 earthquake that devastated large sections of Pakistan-administered Kashmir, the disaster alerted US intelligence to the fact that the financial conduits that feed militancy and terror remain very much intact. At very short notice, millions of dollars poured into the coffers of the jihadi group Jamaatut Dawa (formerly Lashkar-i-Taiba), allowing it to immediately take over relief operations in Kashmir while the Pakistan government dallied. As a direct consequence of this realization, the US Central Intelligence Agency (CIA) once again prevailed on Islamabad to launch an offensive against al-Qaeda-linked foreign elements sheltering in the country, notably in the North and South Waziristan tribal areas on the border with Afghanistan. Over the past few years, invariably under US pressure, Pakistan has undertaken similar offensives, with varying degrees of success, beyond whipping up tribal animosity by sending troops into the semi-autonomous regions. In the latest initiative, according to security contacts who spoke to Asia Times Online, the US insisted that Pakistan authorities conduct across-the-board checks and arrests, while simultaneously US operatives would go after specific targets in an effort to search out illicit financial arteries. One Pakistan move involves Ghazi Abdul Rasheed and Maulana Abdul Aziz of the famous Lal Masjid Islamabad. They issued a controversial religious edict during one of the previous operations in South Waziristan calling on people not to pray at the funerals of Pakistan Army personnel killed in action in the area. The two religious leaders have had their movements restricted. On the US side, they appear to have scored a hit with the elimination of al-Qaeda number three, Hamza Rabia, in North Waziristan, apparently through missiles fired from a CIA drone. However, the body has not been found and al-Qaeda has denied that he is dead. During the latest crackdown, the activities of the Jamaatut Dawa are also under the spotlight. A high-level Washington-based source told Asia Times Online: "Like prayers, zakat [compulsory charity - 2.5% of an individuals's annual reserves/savings in Sunni Islam and 5% among Shi'ites] and pilgrimage, jihad is also an integral part of the Muslim faith, that is why there is a trend that those Muslim philanthropists who build mosques, seminaries and donate money to Islamic relief operators also send money to those they view as mujahideen. That is the reason decision-makers in Washington are convinced that those who contribute money to Islamic groups in Kashmir are also involved in supporting the resistance in Iraq and Afghanistan." The current operations in Pakistan are being supervised and controlled by US intelligence. The role of the Pakistani forces is to do the supporting "donkey work". A case study Dr Dawood Qasmi, a graduate of the Dow Medical College in the port city of Karachi, works at the National Institute of Child Health in the same city. The US Federal Bureau of Investigation (FBI) is in hot pursuit of him. His father, brother and two nephews were arrested, and the women of his family were threatened with arrest if Dawood did not give himself up. However, a hue and cry raised in the media forced government agencies to release the men and lay off the women. Dawood is a former commander of the banned Laskhar-i-Taiba in Sindh province. His role was to recruit civilians to join the Kashmiri movement. He was closely associated with the Inter-Services Intelligence (ISI) Kashmir cell. The ISI provided him with ample funds to recruit youths, beside giving him expensive vehicles and armed guards. Laskhar-i-Taiba was one of the most active militant groups in Kashmir. But post-September 11, 2001, events changed Dawood's life (Asia Times Online wrote a detailed account of his life Confessions of a failed jihadi , although he was not identified by name in the story). Disillusioned, he gave up his activities with Laskhar and returned to his quiet life in the medical world. "Dr Dawood Qasmi fully realized it [operations in Kashmir] was not a jihad but a Pakistan Army operation for which it was only using civilians as gun fodder. So he set himself aside. Initially he was working with an online medicine research firm and later on he joined the National Institute of Child Health," said his daughter, Dr Hania Dawood Qasmi of the Baqai Medical University in Karachi. "Three months ago a colonel approached Dawood and tried to prepare him to work again for Laskhar, but Dawood refused. He said to me that he knew that as he had already been tracked by the FBI, an association with Laskhar was essential as it was the only way to get government protection. But he said that his conscience was not ready for him to become a Laskhar member again, as it would mean being an ISI proxy," Hania Dawood maintained. Dawood was then left alone. But once the relief operation started in Kashmir, he was contacted by the Jamaatut Dawa to help as a doctor. He agreed, and was quickly provided with huge sums of money to purchase medicine and surgical equipment to be taken to Kashmir to establish mobile hospitals, and even an operating theater. A week ago, as a result of the US-inspired campaign to track money sources, all senior police officials were asked to update their information on jihadis, especially those active in their areas. Dawood would probably not have been targeted, had not his friend from Laskhar days, Arif Qasmani, been involved. Arif Qasmani was a part of a high-level November 14 meeting in Islamabad held to initiate a process for peace between the Afghan resistance and coalition forces led by the US. Apparently, Arif Qasmani spoke about Dawood and his involvement in the relief operations, and also about how he had quickly received cash. Ears obviously pricked up. Soon after, a joint team of the FBI, the army and the police raided Dawood's home in the early hours of the morning, explained Hania Dawood, but her father was out. "We were the ones who suffered from the hands of the police," said Dawood's 75-year-old father, Abdul Rauf. "They handcuffed me, my son and my grandson. They called us names and forced us to tell where Dr Dawood was. They threatened us that if we didn't tell them the whereabouts of Dr Dawood, they would humiliate all our family members and detain the women and humiliate them in front of our eyes. They did not properly feed us. I was the first person who was released because my health deteriorated." Later, after the media got onto the case, all family members were released. Dr Dawood Qasmi's whereabouts are still unknown. Syed Saleem Shahzad, Bureau Chief, Pakistan Asia Times Online. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Mon Dec 5 08:14:16 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 5 Dec 2005 17:14:16 +0100 Subject: [declan@well.com: [Politech] Weekly column: Tracking you wherever you drive -- GPS bugs and the Transportation Department [priv]] Message-ID: <20051205161416.GI2249@leitl.org> ----- Forwarded message from Declan McCullagh ----- From rms at computerbytesman.com Tue Dec 6 05:44:58 2005 From: rms at computerbytesman.com (Richard M. Smith) Date: December 6, 2005 5:44:58 PM EST Subject: [EPIC_IDOF] FW: Tommy Thompson Puts off RFID Implant Message-ID: FYI -----Original Message----- From: Katherine Albrecht [mailto:kma at nocards.org] Sent: Tuesday, December 06, 2005 4:09 PM To: press at nocards.org Subject: Tommy Thompson Puts off RFID Implant RFID IMPLANTS: FINE FOR THEE, BUT NOT FOR ME Ex-HHS Head Puts Off Being Chipped Despite July Promise Ex-Bush cabinet member Tommy Thompson still hasn't received an RFID implant despite a televised promise he made in July 2005 to do so. Shortly after joining the board of VeriChip Corporation last spring, the former U.S. Secretary of Health and Human Services and four-term governor of Wisconsin told CNBC that he would "get chipped" with a VeriChip implant, but he has no plans to undergo the procedure anytime soon, according to recent revelations. The VeriChip is a glass-encapsulated RFID device designed to be injected into human flesh for identification purposes and for use as a payment device. In public appearances, Thompson has suggested injecting the microchips into Americans to link to their electronic medical records. "It's very beneficial and it's going to be extremely helpful and it's a giant step forward to getting what we call an electronic medical record for all Americans," he told CBS MarketWatch in July. When confronted by a CNBC correspondent in another July interview about whether he would take a chip himself, Thompson replied, "Absolutely, without a doubt." However, when authors Liz McIntyre and Katherine Albrecht, who researched human chipping for their book "Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID," contacted the VeriChip Corporation on December 5, they were told that the chipping never took place. VeriChip spokesman John Procter said Thompson has been "too busy" to undergo the chipping procedure, adding that he had no clear plans to do so in the future. "I wouldn't put any type of time line on it," Procter said. The VeriChip spokesman also attributed the protracted delay in the chipping to Thompson's desire to investigate the procedure. "He wants to see it [the VeriChip] in a real-world environment first," said Procter, who said he's trying to arrange a tour for Thompson at Hackensack University Medical Center, the first hospital to implement the technology in its emergency room. But the authors question this explanation. "We would expect Mr. Thompson to investigate the device *before* advocating it to others," said Liz McIntyre. "It sounds like he has wisely decided to put off the implantation, perhaps due to the serious privacy and civil liberties implications of such devices, or perhaps due to the serious medical downsides, like electrical risks and MRI incompatibility." Albrecht added, "Perhaps the implants conflict with Thompson's religious beliefs. Whatever his reasons, he should share them with the American people, many of whom have loved and trusted him for years. He will be responsible if they take an implant because of his influence." Thompson may find himself under increasing pressure to get chipped in light of VeriChip Corporation's recent IPO announcement. The company is relying on Thompson's cooperation to give the much maligned human tracking chip an image boost. "He said it on live television," said Procter of Thompson's chipping intentions. "We look forward to setting a firm date in accordance to his schedule and other commitments....We want to maximize the impact of [Thompson's chipping] event...We'd certainly like to...really knock it out of the park." McIntyre is hoping that Thompson will resist the pressure. "Our concern is that the VeriChip Company would like to chip every person on the planet, and they're counting on Thompson to be their ticket to mass acceptance," said McIntyre. "We're hoping he will work for the best interests of humanity and refuse to be goaded into an ill advised action." According to Procter, only about 60 living persons in the U.S. have agreed to be chipped. In addition to the voluntary recipients, the company's implants were injected into the deceased victims of hurricane Katrina, and there are plans to chip mentally disabled patients at a residential center in Chattanooga. VeriChip has also had talks with the Pentagon about chipping military personnel, though Procter said that "no formal agreements have been reached." A transcript of Thompson's entire CBS MarketWatch interview is available at http://www.spychips.com/devices/tommythompsonverichip.html. ### ================================ For more information contact Katherine Albrecht or Liz McIntyre, co- authors of "Spychips: How Major Corporations and Government Plan to Track Your Every Move With RFID." Liz McIntyre (liz at spychips.com) 877-287-5854 or Katherine Albrecht (kma at spychips.com) 877-287-5854 ================================ Spychips: How Major Corporations and Government Plan to Track your Every Move with RFID is the winner of the Lysander Spooner Award for Advancing the Literature of Liberty. Authored by Harvard doctoral researcher Katherine Albrecht and former bank examiner Liz McIntyre, the book is meticulously researched, drawing on patent documents, corporate source materials, conference proceedings, and firsthand interviews to paint a convincing -- and frightening -- picture of the threat posed by RFID. ================================ "This is the first, and maybe the loudest, popular book on a crucial technology of our times...all of it is fascinating, some is gross and revolting, and most of it is hilarious...this is a masterpiece of technocriticism." -- From the foreword by Bruce Sterling, best-selling author and RFID "Visionary in Residence," Art Center College of Design Spychips "make[s] a stunningly powerful argument against plans for RFID being mapped out by government agencies, retail and manufacturing companies." --Evan Schuman, CIO Insight "The book makes a very persuasive case that some of America's biggest companies want to embed tracking technology into virtually everything we own, and then study our usage patterns 24 hours a day. It's a truly creepy book and well worth reading." --Hiawatha Bray, Boston Globe technology reporter "Spychips is one of the best privacy books in many years....The privacy movement needs a book. I nominate Spychips." - Marc Rotenberg, Georgetown University Adjunct Professor of Law and Executive Director of the Electronic Privacy Information Center (EPIC) ========================================= _______________________________________________ EPIC_IDOF mailing list EPIC_IDOF at mailman.epic.org https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_idof ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From mchrfkaybjf at lycos.com Mon Dec 5 20:34:07 2005 From: mchrfkaybjf at lycos.com (Prince Hastings) Date: Tue, 06 Dec 2005 06:34:07 +0200 Subject: designer time pieces for a fair price Message-ID: <200308111.62818.GA16173@atone.eu.org> --0-- Want Rolex watches without the Rolex price? then go here http://024.beachplayasun.com and get a great deal on hundreds of designer watches for a fraction of the price. Impress all your friends and family or just give it as a great gift. We ship worldwide and just in time for Christmas. --0-- From RWZQU at msn.com Tue Dec 6 04:53:15 2005 From: RWZQU at msn.com (Justine Pagan) Date: Tue, 06 Dec 2005 06:53:15 -0600 Subject: Everyone Need This Cypherpunks Message-ID: <141.29e558d5.2a9DSU44@sol.com> Huge selection of meds available at attractive prices. Highest quality assured. Try us out today.. http://insidewindow.com uJy55 From eugen at leitl.org Tue Dec 6 05:50:06 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 6 Dec 2005 14:50:06 +0100 Subject: a little bird told me In-Reply-To: <43959250.2040704@gmail.com> References: <20051202204052.GO2249@leitl.org> <4ef5fec60512021354k600d0a46jdc1d9a9ccc0bbb46@mail.gmail.com> <43959250.2040704@gmail.com> Message-ID: <20051206135006.GO2249@leitl.org> On Tue, Dec 06, 2005 at 08:29:52PM +0700, Jay Listo wrote: > well, not sure if Tor has a mechanism to find out who's operating the How can you find out who's operating the exit nodes, unless you know the operators personally? The system is designed to tolerate a certain fraction of Mallory operators. > 'exit' nodes, and the ability to choose a specific exit node. IIRC, the client builds the circuits. > This way, any govt (or many govts) could put up a bunch of exit nodes Tapping and traffic analysis upstream of existing nodes are far less instrusive. What I'm wondering is whether the claimed attack is due to a design fault, or just by throwing resources at it. If it's a design issue, it can be fixed. If it's a brute force approach, it shows how much they're willing to deploy on very little incentive. If it's a canard, they're trying to stall and destabilize. Knowing which would be useful. -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From dave at farber.net Tue Dec 6 16:07:30 2005 From: dave at farber.net (David Farber) Date: Tue, 6 Dec 2005 19:07:30 -0500 Subject: [IP] FW: Tommy Thompson Puts off RFID Implant Message-ID: Begin forwarded message: From jay.listo at gmail.com Tue Dec 6 05:29:52 2005 From: jay.listo at gmail.com (Jay Listo) Date: Tue, 06 Dec 2005 20:29:52 +0700 Subject: a little bird told me In-Reply-To: <4ef5fec60512021354k600d0a46jdc1d9a9ccc0bbb46@mail.gmail.com> References: <20051202204052.GO2249@leitl.org> <4ef5fec60512021354k600d0a46jdc1d9a9ccc0bbb46@mail.gmail.com> Message-ID: <43959250.2040704@gmail.com> well, not sure if Tor has a mechanism to find out who's operating the 'exit' nodes, and the ability to choose a specific exit node. This way, any govt (or many govts) could put up a bunch of exit nodes coderman wrote: >On 12/2/05, Eugen Leitl wrote: > > >>That israeli intelligence apparently considers Tor broken. >> >>While Tor definitely has not been designed with that >>threat model in mind, this still strikes me as somewhat >>dubious. >> >> > >makes sense to me. when your threat model includes $TLA with a DCS1000 >/ ECHELON / * eye view of much internet traffic you could easily be >observed to some degree. > >fun to speculate about until the details are known. From ondqkzskv at yahoo.com Tue Dec 6 17:34:27 2005 From: ondqkzskv at yahoo.com (Clayton Brennan) Date: Wed, 07 Dec 2005 02:34:27 +0100 Subject: Guys Need This qEzc8 Message-ID: <68KS87FE.0Q24.ondqkzskv@yahoo.com> High quality Caiilis available at affordable price. Only $3.99 per tabls which last you 36 hours of e rectiions Try us out today... http://uk.geocities.com/Reuben34924Laurette30523/ l4bjL From eugen at leitl.org Tue Dec 6 23:55:27 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 7 Dec 2005 08:55:27 +0100 Subject: [dave@farber.net: [IP] FW: Tommy Thompson Puts off RFID Implant] Message-ID: <20051207075527.GU2249@leitl.org> ----- Forwarded message from David Farber ----- From camera_lumina at hotmail.com Wed Dec 7 08:14:32 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 07 Dec 2005 11:14:32 -0500 Subject: [dave@farber.net: [IP] FW: Tommy Thompson Puts off RFID Implant] In-Reply-To: <20051207075527.GU2249@leitl.org> Message-ID: Hey...I'd definitely vote for requiring that all congresscritters and senators undergo a chipping and that their location should be publically available on the internet (say, via Google maps or whatever). The possibilities are rather humorous.... -TD >From: Eugen Leitl >To: transhumantech at yahoogroups.com, cypherpunks at jfet.org >Subject: [dave at farber.net: [IP] FW: Tommy Thompson Puts off RFID Implant] >Date: Wed, 7 Dec 2005 08:55:27 +0100 > >----- Forwarded message from David Farber ----- > >From: David Farber >Date: Tue, 6 Dec 2005 19:07:30 -0500 >To: ip at v2.listbox.com >Subject: [IP] FW: Tommy Thompson Puts off RFID Implant >X-Mailer: Apple Mail (2.746.2) >Reply-To: dave at farber.net > > > >Begin forwarded message: > >From: "Richard M. Smith" >Date: December 6, 2005 5:44:58 PM EST >To: EPIC_IDOF at mailman.epic.org >Subject: [EPIC_IDOF] FW: Tommy Thompson Puts off RFID Implant > >FYI > >-----Original Message----- >From: Katherine Albrecht [mailto:kma at nocards.org] >Sent: Tuesday, December 06, 2005 4:09 PM >To: press at nocards.org >Subject: Tommy Thompson Puts off RFID Implant > >RFID IMPLANTS: FINE FOR THEE, BUT NOT FOR ME Ex-HHS Head Puts Off Being >Chipped Despite July Promise > >Ex-Bush cabinet member Tommy Thompson still hasn't received an RFID >implant >despite a televised promise he made in July 2005 to do so. >Shortly after joining the board of VeriChip Corporation last spring, the >former U.S. Secretary of Health and Human Services and four-term >governor of >Wisconsin told CNBC that he would "get chipped" with a VeriChip >implant, but >he has no plans to undergo the procedure anytime soon, according to >recent >revelations. > >The VeriChip is a glass-encapsulated RFID device designed to be injected >into human flesh for identification purposes and for use as a payment >device. > >In public appearances, Thompson has suggested injecting the >microchips into >Americans to link to their electronic medical records. "It's very >beneficial >and it's going to be extremely helpful and it's a giant step forward to >getting what we call an electronic medical record for all Americans," he >told CBS MarketWatch in July. > >When confronted by a CNBC correspondent in another July interview about >whether he would take a chip himself, Thompson replied, "Absolutely, >without >a doubt." > >However, when authors Liz McIntyre and Katherine Albrecht, who >researched >human chipping for their book "Spychips: How Major Corporations and >Government Plan to Track Your Every Move with RFID," >contacted the VeriChip Corporation on December 5, they were told that >the >chipping never took place. > >VeriChip spokesman John Procter said Thompson has been "too busy" to >undergo >the chipping procedure, adding that he had no clear plans to do so in >the >future. "I wouldn't put any type of time line on it," Procter said. > >The VeriChip spokesman also attributed the protracted delay in the >chipping >to Thompson's desire to investigate the procedure. "He wants to see >it [the >VeriChip] in a real-world environment first," said Procter, who said >he's >trying to arrange a tour for Thompson at Hackensack University Medical >Center, the first hospital to implement the technology in its emergency >room. > >But the authors question this explanation. "We would expect Mr. >Thompson to >investigate the device *before* advocating it to others," said Liz >McIntyre. >"It sounds like he has wisely decided to put off the implantation, >perhaps >due to the serious privacy and civil liberties implications of such >devices, >or perhaps due to the serious medical downsides, like electrical >risks and >MRI incompatibility." > >Albrecht added, "Perhaps the implants conflict with Thompson's religious >beliefs. Whatever his reasons, he should share them with the American >people, many of whom have loved and trusted him for years. He will be >responsible if they take an implant because of his influence." > >Thompson may find himself under increasing pressure to get chipped in >light >of VeriChip Corporation's recent IPO announcement. The company is >relying on >Thompson's cooperation to give the much maligned human tracking chip an >image boost. "He said it on live television," said Procter of Thompson's >chipping intentions. "We look forward to setting a firm date in >accordance >to his schedule and other commitments....We want to maximize the >impact of >[Thompson's chipping] event...We'd certainly like to...really knock >it out >of the park." > >McIntyre is hoping that Thompson will resist the pressure. "Our >concern is >that the VeriChip Company would like to chip every person on the >planet, and >they're counting on Thompson to be their ticket to mass acceptance," >said >McIntyre. "We're hoping he will work for the best interests of >humanity and >refuse to be goaded into an ill advised action." > >According to Procter, only about 60 living persons in the U.S. have >agreed >to be chipped. In addition to the voluntary recipients, the company's >implants were injected into the deceased victims of hurricane >Katrina, and >there are plans to chip mentally disabled patients at a residential >center >in Chattanooga. VeriChip has also had talks with the Pentagon about >chipping >military personnel, though Procter said that "no formal agreements >have been >reached." > >A transcript of Thompson's entire CBS MarketWatch interview is >available at >http://www.spychips.com/devices/tommythompsonverichip.html. > >### > >================================ >For more information contact Katherine Albrecht or Liz McIntyre, co- >authors >of "Spychips: How Major Corporations and Government Plan to Track >Your Every >Move With RFID." > >Liz McIntyre (liz at spychips.com) 877-287-5854 > >or Katherine Albrecht (kma at spychips.com) 877-287-5854 >================================ > >Spychips: How Major Corporations and Government Plan to Track your Every >Move with RFID is the winner of the Lysander Spooner Award for >Advancing the >Literature of Liberty. Authored by Harvard doctoral researcher Katherine >Albrecht and former bank examiner Liz McIntyre, the book is meticulously >researched, drawing on patent documents, corporate source materials, >conference proceedings, and firsthand interviews to paint a >convincing -- >and frightening -- picture of the threat posed by RFID. >================================ > >"This is the first, and maybe the loudest, popular book on a crucial >technology of our times...all of it is fascinating, some is gross and >revolting, and most of it is hilarious...this is a masterpiece of >technocriticism." > >-- From the foreword by Bruce Sterling, best-selling author and RFID >"Visionary in Residence," Art Center College of Design > > >Spychips "make[s] a stunningly powerful argument against plans for RFID >being mapped out by government agencies, retail and manufacturing >companies." > >--Evan Schuman, CIO Insight > > >"The book makes a very persuasive case that some of America's biggest >companies want to embed tracking technology into virtually everything we >own, and then study our usage patterns 24 hours a day. It's a truly >creepy >book and well worth reading." > >--Hiawatha Bray, Boston Globe technology reporter > > >"Spychips is one of the best privacy books in many years....The privacy >movement needs a book. I nominate Spychips." > >- Marc Rotenberg, Georgetown University Adjunct Professor of Law and >Executive Director of the Electronic Privacy Information Center (EPIC) > >========================================= > > > > >_______________________________________________ >EPIC_IDOF mailing list >EPIC_IDOF at mailman.epic.org >https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_idof > > >------------------------------------- >You are subscribed as eugen at leitl.org >To manage your subscription, go to > http://v2.listbox.com/member/?listname=ip > >Archives at: http://www.interesting-people.org/archives/interesting-people/ > >----- End forwarded message ----- >-- >Eugen* Leitl leitl http://leitl.org >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.ativel.com >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From jay.listo at gmail.com Wed Dec 7 02:01:29 2005 From: jay.listo at gmail.com (Jay Listo) Date: Wed, 07 Dec 2005 17:01:29 +0700 Subject: [dave@farber.net: [IP] FW: Tommy Thompson Puts off RFID Implant] In-Reply-To: <20051207075527.GU2249@leitl.org> References: <20051207075527.GU2249@leitl.org> Message-ID: <4396B2F9.9030408@gmail.com> What's worse or funny (depending on your pov) is that some whacky fundamentalist groups have taken this to be the "mark of the beast", and go on about the "fact" that the optimum place for implant is in the hand or the eyebrow. Of course, exaggerated rumours about whole prison populations being under trial experiments and some rich folk doing this for their 'protection' add to the hysteria. Eugen Leitl wrote: >----- Forwarded message from David Farber ----- > >From: David Farber >Date: Tue, 6 Dec 2005 19:07:30 -0500 >To: ip at v2.listbox.com >Subject: [IP] FW: Tommy Thompson Puts off RFID Implant >X-Mailer: Apple Mail (2.746.2) >Reply-To: dave at farber.net > > > >Begin forwarded message: > >From: "Richard M. Smith" >Date: December 6, 2005 5:44:58 PM EST >To: EPIC_IDOF at mailman.epic.org >Subject: [EPIC_IDOF] FW: Tommy Thompson Puts off RFID Implant > >FYI > >-----Original Message----- >From: Katherine Albrecht [mailto:kma at nocards.org] >Sent: Tuesday, December 06, 2005 4:09 PM >To: press at nocards.org >Subject: Tommy Thompson Puts off RFID Implant > >RFID IMPLANTS: FINE FOR THEE, BUT NOT FOR ME Ex-HHS Head Puts Off Being >Chipped Despite July Promise > >Ex-Bush cabinet member Tommy Thompson still hasn't received an RFID >implant >despite a televised promise he made in July 2005 to do so. >Shortly after joining the board of VeriChip Corporation last spring, the >former U.S. Secretary of Health and Human Services and four-term >governor of >Wisconsin told CNBC that he would "get chipped" with a VeriChip >implant, but >he has no plans to undergo the procedure anytime soon, according to >recent >revelations. > >The VeriChip is a glass-encapsulated RFID device designed to be injected >into human flesh for identification purposes and for use as a payment >device. > >In public appearances, Thompson has suggested injecting the >microchips into >Americans to link to their electronic medical records. "It's very >beneficial >and it's going to be extremely helpful and it's a giant step forward to >getting what we call an electronic medical record for all Americans," he >told CBS MarketWatch in July. > >When confronted by a CNBC correspondent in another July interview about >whether he would take a chip himself, Thompson replied, "Absolutely, >without >a doubt." > >However, when authors Liz McIntyre and Katherine Albrecht, who >researched >human chipping for their book "Spychips: How Major Corporations and >Government Plan to Track Your Every Move with RFID," >contacted the VeriChip Corporation on December 5, they were told that >the >chipping never took place. > >VeriChip spokesman John Procter said Thompson has been "too busy" to >undergo >the chipping procedure, adding that he had no clear plans to do so in >the >future. "I wouldn't put any type of time line on it," Procter said. > >The VeriChip spokesman also attributed the protracted delay in the >chipping >to Thompson's desire to investigate the procedure. "He wants to see >it [the >VeriChip] in a real-world environment first," said Procter, who said >he's >trying to arrange a tour for Thompson at Hackensack University Medical >Center, the first hospital to implement the technology in its emergency >room. > >But the authors question this explanation. "We would expect Mr. >Thompson to >investigate the device *before* advocating it to others," said Liz >McIntyre. >"It sounds like he has wisely decided to put off the implantation, >perhaps >due to the serious privacy and civil liberties implications of such >devices, >or perhaps due to the serious medical downsides, like electrical >risks and >MRI incompatibility." > >Albrecht added, "Perhaps the implants conflict with Thompson's religious >beliefs. Whatever his reasons, he should share them with the American >people, many of whom have loved and trusted him for years. He will be >responsible if they take an implant because of his influence." > >Thompson may find himself under increasing pressure to get chipped in >light >of VeriChip Corporation's recent IPO announcement. The company is >relying on >Thompson's cooperation to give the much maligned human tracking chip an >image boost. "He said it on live television," said Procter of Thompson's >chipping intentions. "We look forward to setting a firm date in >accordance >to his schedule and other commitments....We want to maximize the >impact of >[Thompson's chipping] event...We'd certainly like to...really knock >it out >of the park." > >McIntyre is hoping that Thompson will resist the pressure. "Our >concern is >that the VeriChip Company would like to chip every person on the >planet, and >they're counting on Thompson to be their ticket to mass acceptance," >said >McIntyre. "We're hoping he will work for the best interests of >humanity and >refuse to be goaded into an ill advised action." > >According to Procter, only about 60 living persons in the U.S. have >agreed >to be chipped. In addition to the voluntary recipients, the company's >implants were injected into the deceased victims of hurricane >Katrina, and >there are plans to chip mentally disabled patients at a residential >center >in Chattanooga. VeriChip has also had talks with the Pentagon about >chipping >military personnel, though Procter said that "no formal agreements >have been >reached." > >A transcript of Thompson's entire CBS MarketWatch interview is >available at >http://www.spychips.com/devices/tommythompsonverichip.html. > >### > >================================ >For more information contact Katherine Albrecht or Liz McIntyre, co- >authors >of "Spychips: How Major Corporations and Government Plan to Track >Your Every >Move With RFID." > >Liz McIntyre (liz at spychips.com) 877-287-5854 > >or Katherine Albrecht (kma at spychips.com) 877-287-5854 >================================ > >Spychips: How Major Corporations and Government Plan to Track your Every >Move with RFID is the winner of the Lysander Spooner Award for >Advancing the >Literature of Liberty. Authored by Harvard doctoral researcher Katherine >Albrecht and former bank examiner Liz McIntyre, the book is meticulously >researched, drawing on patent documents, corporate source materials, >conference proceedings, and firsthand interviews to paint a >convincing -- >and frightening -- picture of the threat posed by RFID. >================================ > >"This is the first, and maybe the loudest, popular book on a crucial >technology of our times...all of it is fascinating, some is gross and >revolting, and most of it is hilarious...this is a masterpiece of >technocriticism." > >-- From the foreword by Bruce Sterling, best-selling author and RFID >"Visionary in Residence," Art Center College of Design > > >Spychips "make[s] a stunningly powerful argument against plans for RFID >being mapped out by government agencies, retail and manufacturing >companies." > >--Evan Schuman, CIO Insight > > >"The book makes a very persuasive case that some of America's biggest >companies want to embed tracking technology into virtually everything we >own, and then study our usage patterns 24 hours a day. It's a truly >creepy >book and well worth reading." > >--Hiawatha Bray, Boston Globe technology reporter > > >"Spychips is one of the best privacy books in many years....The privacy >movement needs a book. I nominate Spychips." > >- Marc Rotenberg, Georgetown University Adjunct Professor of Law and >Executive Director of the Electronic Privacy Information Center (EPIC) > >========================================= > > > > >_______________________________________________ >EPIC_IDOF mailing list >EPIC_IDOF at mailman.epic.org >https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_idof > > >------------------------------------- >You are subscribed as eugen at leitl.org >To manage your subscription, go to > http://v2.listbox.com/member/?listname=ip > >Archives at: http://www.interesting-people.org/archives/interesting-people/ > >----- End forwarded message ----- >-- >Eugen* Leitl leitl http://leitl.org >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.ativel.com >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From mv at cdc.gov Wed Dec 7 19:06:59 2005 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 07 Dec 2005 19:06:59 -0800 Subject: chipping the leaders Message-ID: <4397A353.7DC58FDB@cdc.gov> At 11:14 AM 12/7/05 -0500, Tyler Durden wrote: >Hey...I'd definitely vote for requiring that all congresscritters and >senators undergo a chipping and that their location should be publically >available on the internet (say, via Google maps or whatever). Absolutely. Reverse pan-opticonning. Easily done via blogging. In my district, the republic-whore Christina Shea got busted (and disqualified from being mayor of Irvine) for griping at the local PD when her live-in daughter got busted for methamphetamine. (She is skinny and talkative herself, draw your own conclusions). Cryptome regularly publishes the information about the Privledged which they know about us. Any well-linked blogger (ie, NYT-class (snicker) author, ie any random yahoo) can do the same. Some dude in Wash state has shown that its perfectly legal to expose the state-sponsored scum in the same way (SSnos = beast indices, etc) that they have access to us. Some MIT folks have created the same social-network meshing software for the priveledged, which they use on us plebes. Don't know if that is kept current. Digicams being so cheap, one should regularly surveil the ruling class, its part of democracy, albeit that is two foxes and a sheep deciding dinner. "What do they have to hide"? H2O2 30% + acetone, perhaps, with a little sulphuric acid, but only Feinstein knows for sure. Remember the ball bearings. Moses was a WMD terrorist, and it worked. Have a nice day. From bill.stewart at pobox.com Wed Dec 7 19:39:23 2005 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 07 Dec 2005 19:39:23 -0800 Subject: [Clips] US on the scent of terror money in Pakistan In-Reply-To: References: Message-ID: <6.2.1.2.0.20051207192935.03645e80@pop.idiom.com> At 10:26 AM 12/5/2005, R. A. Hettinga wrote: > > US on the scent of terror money in Pakistan The US government can't find where the billions of dollars they gave to Halliburton and other contractors in Iraq went - hundreds of millions at a pop appear to have vanished on handshakes, and there's been no serious attempt at accounting. But anybody supporting anybody accused of being soft on terrorism, well, we can definitely trace their money. > The current operations in Pakistan are being supervised and controlled by > US intelligence. The role of the Pakistani forces is to do the > supporting "donkey work". They're saying this, but the examples they give appear to be targets who are politically incorrect from the standpoint of the Pakistani Army, not just the US (though it's a bit hard to tell the players without a program.) > Ears obviously pricked up. Soon after, a joint team of the FBI, the army > and the police raided Dawood's home in the early hours of the morning, > explained Hania Dawood, but her father was out. > "We were the ones who suffered from the hands of the police," said > Dawood's 75-year-old father, Abdul Rauf. "They handcuffed me, my son and my > grandson. They called us names and forced us to tell where Dr Dawood was. > They threatened us that if we didn't tell them the whereabouts of Dr > Dawood, they would humiliate all our family members and detain the women > and humiliate them in front of our eyes. They did not properly feed us. I > was the first person who was released because my health deteriorated." That's the sort of thing that the Bush Administration asserts is perfectly ok, though it'd be illegal if they did it in the US, at least if they got caught doing it to white people without having drugs as an excuse. Bill Stewart From qfdnmpzdjfngvo at hotmail.com Wed Dec 7 23:11:26 2005 From: qfdnmpzdjfngvo at hotmail.com (Scott Irvin) Date: Thu, 08 Dec 2005 09:11:26 +0200 Subject: 99.9% Original Replikas blbg4Y Message-ID: <8A057EE3.7684.2315C2D5@localhost> Why pay more for originals when replikas are look 99.9% alike? Highest quality of replikas assured which can't differentiate the difference with originals. And available at 95% original prices. Try us out today.. http://043.twelvebrand.com o-ut of mai-lling lisst: http://043.wehaveallbrands.com/rm/ Nxghms From zooko at zooko.com Thu Dec 8 06:48:25 2005 From: zooko at zooko.com (zooko at zooko.com) Date: Thu, 08 Dec 2005 10:48:25 -0400 Subject: [p2p-hackers] darknet ~= (blacknet, f2f net) Message-ID: Ian Clarke wrote: > > I do wish you would refer to these networks as those which allow the > covert transmission of information, rather than those which are used > for the illegal transmission of information - since I am not aware of > any networks that are specifically designed for the illegal > transmission of information. I think this would help alleviate the > political problem you raise later in your email. The concept of a networking technology or a network which is specifically used for illegal information is an interesting concept, for example Tim May "blacknet" [1, 2, 3] and Biddle, et al. "darknet" [4]. If you would like to use "darknet" to mean something else then I can't stop you, but I would like to talk about that concept so I need a word for it. Regards, Zooko P.S. The most salient difference between blacknet [1] and darknet [2] in my opinion is that blacknet is a market, in which participants are motivated by economic gain, and darknet is a more general concept, in which the motivations of participants may be various -- including but not limited to friendship. [1] http://www.privacyexchange.org/iss/confpro/cfpuntraceable.html [2] http://www-personal.umich.edu/~ludlow/worries.txt [3] http://cypherpunks.venona.com/date/1993/08/msg00538.html [4] http://zgp.org/pipermail/p2p-hackers/2005-December/003245.html _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From camera_lumina at hotmail.com Thu Dec 8 08:00:53 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 08 Dec 2005 11:00:53 -0500 Subject: chipping the leaders In-Reply-To: <4397A353.7DC58FDB@cdc.gov> Message-ID: Yes. And note too that knowing where the congressthings are at any one time effectively gives any determined citizen something akin to veto power. -TD >From: "Major Variola (ret)" >To: "cypherpunks at al-qaeda.net" >Subject: chipping the leaders >Date: Wed, 07 Dec 2005 19:06:59 -0800 > >At 11:14 AM 12/7/05 -0500, Tyler Durden wrote: > >Hey...I'd definitely vote for requiring that all congresscritters and > >senators undergo a chipping and that their location should be >publically > >available on the internet (say, via Google maps or whatever). > >Absolutely. Reverse pan-opticonning. Easily done via >blogging. In my district, the republic-whore Christina >Shea got busted (and disqualified from being mayor >of Irvine) for griping at the local PD when her live-in >daughter got busted for methamphetamine. (She >is skinny and talkative herself, draw your own >conclusions). > >Cryptome regularly publishes the information about >the Privledged which they know about us. Any >well-linked blogger (ie, NYT-class (snicker) author, ie >any random yahoo) can do the same. Some dude >in Wash state has shown that its perfectly legal >to expose the state-sponsored scum in the same >way (SSnos = beast indices, etc) that they have >access to us. Some MIT folks have created the same >social-network meshing software for the priveledged, >which they use on us plebes. Don't know if that >is kept current. > >Digicams being so cheap, one should regularly surveil >the ruling class, its part of democracy, albeit that is >two foxes and a sheep deciding dinner. > >"What do they have to hide"? > >H2O2 30% + acetone, perhaps, with a little sulphuric acid, >but only Feinstein knows for sure. Remember the >ball bearings. > >Moses was a WMD terrorist, and it worked. > >Have a nice day. From zooko at zooko.com Thu Dec 8 07:08:39 2005 From: zooko at zooko.com (zooko at zooko.com) Date: Thu, 08 Dec 2005 11:08:39 -0400 Subject: [p2p-hackers] f2f for purposes other than privacy Message-ID: Ian Clarke wrote: > > We (Freenet) have > been concerned about the fact that Freenet was harvestable for several > years now. Around spring this year I made the observation that if > human relationships form a small world network, it should be possible > to assign locations to people such that we form a Kleinberg-style > small world network, and thus we could make the network routable. > Oskar Sandberg then suggested a way to do this, and we set about > validating the concept using simulations. I would love to learn more. Is there a white-paper or design document beyond these slides from DefCon [1]? > Are you aware of any current or proposed f2f > networks for which concealment of user activity is not a goal? Well, I think of the links between two friends in f2f to be not solely communication channels but also to have other meaning. For example, if friends transmit music files to one another, then in addition to any privacy properties that the network may have, it also serves as a decentralized, attack-resistant recommendation engine for music. Honestly, this area of research is ripe for exploration, but I can give you at least a couple of examples. Doceur set it up with a claimed general negative result in "The Sybil Attack" in 2002 [2]. But his general negative result isn't quite true, as disproven by e.g. Advogato, 2000 [3, 4, 5]. Recently George Danezis, Chris Lesniewski-Laas, M. Frans Kaashoek, and Ross Anderson smashed these two ideas together and mixed in some DHT routing: [6]. [6] is an excellent paper, which proposes a concrete DHT design and which really nails the fact that the introduction graph or "bootstrap graph" contains information which can defeat the allegedly undefeatable Sybil Attack. [6] references some related work which looks interesting, but I haven't followed those links yet myself. I guess [6] is somewhat relevant to the Freenet v0.7 design. So, uh, anyway, this shows that there is interest in the notion of using friendship networks for purposes other than privacy, namely attack resistance of DHT routing and attack resistance of metadata [7 (self-citation)]. I think there's a lot more value to be mined from this concept, and I'm really glad that it has finally gotten the attention of some p2p researchers. Oh, and here's another perspective on this idea -- a post I wrote to my blog a few years ago suggesting that all sorts of DHT innovations which were intended to improve network performance could be applied to attack resistance: "trust is just another topology" [8]. Regards, Zooko [1] http://freenetproject.org/papers/vegas1_dc.pdf [2] http://citeseer.ist.psu.edu/douceur02sybil.html [3] http://www.advogato.org/trust-metric.html [4] http://www.levien.com/thesis/compact.pdf [5] http://www.levien.com/free/tmetric-HOWTO.html [6] http://pdos.csail.mit.edu/cgi-bin/pubs-date.cgi?match=Sybil-resistant+DHT+rou ting [7] http://conferences.oreillynet.com/cs/p2p2001/view/e_sess/1200 [8] http://www.zooko.com/log-2003-01.html#d2003-01-23-trust_is_just_another_topol ogy _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From vwtahprlq at prodigy.net Thu Dec 8 03:37:56 2005 From: vwtahprlq at prodigy.net (Josefa Cormier) Date: Thu, 08 Dec 2005 12:37:56 +0100 Subject: New Software Site fauna Message-ID: <565455g7cb92$7k1c7992$72t2byel@masseyjurassicceramiumqo89> hi mate: get the latest software at cheap price now http://uk.geocities.com/aim19999991s2/ dockside From eugen at leitl.org Thu Dec 8 04:26:12 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 8 Dec 2005 13:26:12 +0100 Subject: Axalto/Gemplus fuse Message-ID: <20051208122612.GI2249@leitl.org> http://www.heise.de/newsticker/meldung/67109 -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Thu Dec 8 06:54:58 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 8 Dec 2005 15:54:58 +0100 Subject: [zooko@zooko.com: Re: [p2p-hackers] darknet ~= (blacknet, f2f net)] Message-ID: <20051208145458.GR2249@leitl.org> ----- Forwarded message from zooko at zooko.com ----- From eugen at leitl.org Thu Dec 8 07:11:23 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 8 Dec 2005 16:11:23 +0100 Subject: [zooko@zooko.com: [p2p-hackers] f2f for purposes other than privacy] Message-ID: <20051208151123.GT2249@leitl.org> ----- Forwarded message from zooko at zooko.com ----- From mnl at well.com Fri Dec 9 13:39:47 2005 From: mnl at well.com (Mike Liebhold) Date: Fri, 09 Dec 2005 13:39:47 -0800 Subject: [Geowanking] MS local.live.com & privacy (lack of) Message-ID: I took a look yesterday at Microsofts new Virtual Earth incarnation, called local.live .com. I won't write a full review here. Anyone interested can take a look themselves. Beyond the irritating, unblockable CSS-like popups, There 's a critical point about Microsoft's handling of sensive location information that's worth immediate comment here: The service includes a feature called "locate me" which launches a Placelab-like wifi base-station geolocation technique.called 'Location Finder" which listens for the MAC address and compares it to a client cache of locations of known base stations. Placelab, which was developed by Intel Labs, is available free for download on sourceforge, and as many people may know, was explicitly designed by Intel to be 'privacy observant'. Unlike most e-911 and mobile phone location systems which sureveil, and actively track a users location, Placelab was designed to present location coordinates privately to a user, without querying, or notifying the network. IMHO this is a noble design goal. Microsoft's "Location Finder" program, on the other hand, includes the following disclaimer in the terms and conditions link which says " Your privacy is important to us. click here to see our privacy policy:" [snip] "Use of Location Information ... Microsoft may use the information collected to provide you with more effective customer service, to improve Location Finder and any related Microsoft products or services,... Microsoft may disclose location information if required to do so by law or in the good faith belief that such action is necessary to (a) conform to the edicts of the law or comply with legal process served on Microsoft; (b) protect and defend the rights or property of Microsoft and our family of Web sites; or (c) act in urgent circumstances to protect the personal safety of Microsoft employees or agents, users of Microsoft products or services, or members of the public. Location information collected by Location Finder may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries or agents maintain facilities. " [snip] So much for privacy of Microsoft's 'Location finder' program. If this is unpalatable to you, you may be interested in trying as I did an alternate location techique. Instead of 'Location Finder' local.live.com also offers users a choice to select IP location lookup. As discussed here in the past, IP geolocation is an imperfect art, dependent of the accuracy of the data in the offical IANA database ( Internet Assigned Numbers Authority.) In my case, my IP address has shown that am in San Diego, since that's where my IP connection is officially terminated at the downlink center for my satellite service provider. I'm actually connected to the Internet via a KuBand satellite in the remote wilds of Northern California, a long ways away. The location of my dish is simply not visible to the net. It looks, to the net, like I'm in San Diego, over 700 miles south. So, you might understand that I was quite suprised and dismayed that Microsoft's IP lookup returned my actual location in the woods in Northern California !!! Just to be sure they didn't get my address from my satellite service provider, I called the Network Operations Center, who said the location of my dish is private, but looked up my record anyway, and confirmed " Our database, and the IANA database show your IP address is in San Diego. Clearly Microsoft's IP location database includes spooky datamined information about users' actual location that is not normally available by querying the publically accessible databases. Be forewarned. Mike Mike Liebhold Senior Researcher Institute for the Future iftf.org | starhill.us | starhill del.icio.us blend _______________________________________________ Geowanking mailing list Geowanking at lists.burri.to http://lists.burri.to/mailman/listinfo/geowanking ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From jay.listo at gmail.com Fri Dec 9 02:54:01 2005 From: jay.listo at gmail.com (Jay Listo) Date: Fri, 09 Dec 2005 17:54:01 +0700 Subject: a little bird told me In-Reply-To: <20051206135006.GO2249@leitl.org> References: <20051202204052.GO2249@leitl.org> <4ef5fec60512021354k600d0a46jdc1d9a9ccc0bbb46@mail.gmail.com> <43959250.2040704@gmail.com> <20051206135006.GO2249@leitl.org> Message-ID: <43996249.5040307@gmail.com> Eugen Leitl wrote: >On Tue, Dec 06, 2005 at 08:29:52PM +0700, Jay Listo wrote: > > > >>well, not sure if Tor has a mechanism to find out who's operating the >> >> > >How can you find out who's operating the exit nodes, unless you >know the operators personally? The system is designed to >tolerate a certain fraction of Mallory operators. > > hmm, a couple of weeks ago, i did a traceroute of my packets while running a tor client. It was 'comforting' to know that my isp was courteously operating an exit node...just 1-2 hops away. Well, i just re-started my tor client and the 'problem' went away...i felt like i was playing the lotto with my tor client. >>'exit' nodes, and the ability to choose a specific exit node. >> >IIRC, the client builds the circuits. > > what's to stop a group of malloric tor routers from communicating out-of-band with each other and with the mallory exit node as an accomplice? well, users (the humans using the tor client) have absolutely no idea, where those circuits are being switched through. unless, users take the time to trace each http request (each of which go through a different circuit)...and also having to do whois queries on each hop. perhaps a mechanism (maybe a gui console showing each hop, ip and whois query ) for users to monitor the circuits that their tor client has chosen. This will give users awareness (or the option to exercise that) about the confidentiality of their communications. >>This way, any govt (or many govts) could put up a bunch of exit nodes >> >> > >Tapping and traffic analysis upstream of existing nodes are far >less instrusive. > >What I'm wondering is whether the claimed attack is due to a >design fault, or just by throwing resources at it. If it's a design >issue, it can be fixed. If it's a brute force approach, it shows >how much they're willing to deploy on very little incentive. >If it's a canard, they're trying to stall and destabilize. > >Knowing which would be useful. From rah at shipwright.com Fri Dec 9 16:41:07 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 9 Dec 2005 19:41:07 -0500 Subject: [Clips] Does Zarqawi Take Shorthand? (was Re: OpinionJournal - Best of the Web Today - December 9, 2005) Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Fri, 9 Dec 2005 19:39:39 -0500 To: "Philodox Clips List" From: "R. A. Hettinga" Subject: [Clips] Does Zarqawi Take Shorthand? (was Re: OpinionJournal - Best of the Web Today - December 9, 2005) Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com At 2:09 PM -0500 12/9/05, OpinionJournal wrote: >Does Zarqawi Take Shorthand? http://msnbc.msn.com/id/10382716/ > >Here's an amusing goof from the Associated Press: "Terrorists also have >made only infrequent use of stenography, the practice of hiding a text >message in another kind of file, typically a picture." > >Actually, stenography, also known as shorthand, is a method of taking >notes. The AP meant steganography >http://en.wikipedia.org/wiki/Steganography . -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Fri Dec 9 15:03:17 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 10 Dec 2005 00:03:17 +0100 Subject: [mnl@well.com: [Geowanking] MS local.live.com & privacy (lack of)] Message-ID: <20051209230317.GT2249@leitl.org> ----- Forwarded message from Mike Liebhold ----- From Brian.Randell at newcastle.ac.uk Sat Dec 10 05:43:22 2005 From: Brian.Randell at newcastle.ac.uk (Brian Randell) Date: December 10, 2005 5:43:22 AM EST Subject: How planespotters turned into the scourge of the CIA Message-ID: Dave: I don't know how fully the story of the information-gathering role played by plane spotters in the mounting controversy here in Europe about the CIA and "rendition" has featured in the US media, but in case it hasn't, you might want this for IP. Cheers Brian ==== >From the (UK) Guardian newspaper: How planespotters turned into the scourge of the CIA Gerard Seenan and Giles Tremlett Saturday December 10, 2005 The Guardian Paul last saw the Gulfstream V about 18 months ago. He comes down to Glasgow airport's planespotters' club most days. He had not seen the plane before so he marked the serial number down in his book. At the time, he did not think there was anything unusual about the Gulfstream being ushered to a stand away from public view, one that could not be seen from the airport terminal or the club's prime view. But that flight this week was at the centre of a transatlantic row that saw the prime minister being put on the spot on the floor of the House of Commons and the US secretary of state, Condoleezza Rice, forced on the defensive during a visit to Europe. The Gulfstream V has been identified as having been used by the CIA for "extraordinary renditions" - abducting terror suspects and taking them to secret prisons around the world where they may be tortured. The recording of flights by spotters like Paul from places as far afield as Bournemouth and Karachi has unintentionally played a significant role in helping journalists and human rights groups expose the scale of the CIA's renditions system. But his impact on such international intrigue largely passes Paul by. "It's not the CIA bit that interests us. You don't even know who owns the plane when you take down the serial number," he said, already distracted as something comes in to land through the grey drizzle. "You keep accurate logs, for your own records." . . . Despite the particular eccentricity of planespotting - and the obvious capacity for fun-poking - it is not a pastime limited to Britain. In Spain town planner Josep Manchado is part of a small group who gather with their long lenses and foil-wrapped sandwiches at Majorca's Son Sant Joan airport. In January last year Mr Manchado saw a Boeing 737 on the airport tarmac. He pressed his camera shutter button while speculating idly that some US millionaire was in town. Then he put the picture of the Boeing (tail fin number N313P) on airliners.net, and forgot about it. Within a few days Mr Manchado starting getting strange calls and emails. They came from the US and from Sweden. "People were asking me questions about the plane. They obviously weren't all planespotters because they were asking questions that people who know about planes don't ask," he said. Activists and journalists had become interested in the rendition flights. There were also, however, strange calls. "One man wanted to buy up all the photos. He eventually sent me a form in which he asked for everything, including my home address. I didn't give it to him and I never heard from him again," he said. . . . For those prepared to sift through the endless information complied by planespotters and posted on websites, there are many more clues to the CIA's activities to be found. In Ireland peace campaigners have turned themselves into planespotters. At Shannon airport Tim Hourigan uses a scanner that allows him to see what air traffic control sees, and he, and other activists, religiously note down the numbers of landing planes. Then, using a combination of Federal Airport Authority Records and planespotting websites, they can track the movements of intelligence planes across the world. "It is a tedious job looking through hundreds of pictures of planes," says Mr Hourigan, who is not a planespotting enthusiast. "But it allows you to confirm and expose the activities of the CIA and our own government." . . . Full story at: http://www.guardian.co.uk/humanrights/story/ 0,7369,1664146,00.html -- School of Computing Science, University of Newcastle, Newcastle upon Tyne, NE1 7RU, UK EMAIL = Brian.Randell at ncl.ac.uk PHONE = +44 191 222 7923 FAX = +44 191 222 8232 URL = http://www.cs.ncl.ac.uk/~brian.randell/ ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Sat Dec 10 07:41:28 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 10 Dec 2005 10:41:28 -0500 Subject: [Clips] Live Tracking of Mobile Phones Prompts Court Fights on Privacy Message-ID: Wherein the NYT discovers physics and is shocked, shocked, to find that radios can be triangulated. Especially when the government mandates that GPS transponders be installed in them. Sheesh. Cheers, RAH ------- --- begin forwarded text Delivered-To: clips at philodox.com Date: Sat, 10 Dec 2005 10:30:39 -0500 To: Philodox Clips List From: "R. A. Hettinga" Subject: [Clips] Live Tracking of Mobile Phones Prompts Court Fights on Privacy Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com The New York Times December 10, 2005 Live Tracking of Mobile Phones Prompts Court Fights on Privacy By MATT RICHTEL Most Americans carry cellphones, but many may not know that government agencies can track their movements through the signals emanating from the handset. In recent years, law enforcement officials have turned to cellular technology as a tool for easily and secretly monitoring the movements of suspects as they occur. But this kind of surveillance - which investigators have been able to conduct with easily obtained court orders - has now come under tougher legal scrutiny. In the last four months, three federal judges have denied prosecutors the right to get cellphone tracking information from wireless companies without first showing "probable cause" to believe that a crime has been or is being committed. That is the same standard applied to requests for search warrants. The rulings, issued by magistrate judges in New York, Texas and Maryland, underscore the growing debate over privacy rights and government surveillance in the digital age. With mobile phones becoming as prevalent as conventional phones (there are 195 million cellular subscribers in this country), wireless companies are starting to exploit the phones' tracking abilities. For example, companies are marketing services that turn phones into even more precise global positioning devices for driving or allowing parents to track the whereabouts of their children through the handsets. Not surprisingly, law enforcement agencies want to exploit this technology, too - which means more courts are bound to wrestle with what legal standard applies when government agents ask to conduct such surveillance. Cellular operators like Verizon Wireless and Cingular Wireless know, within about 300 yards, the location of their subscribers whenever a phone is turned on. Even if the phone is not in use it is communicating with cellphone tower sites, and the wireless provider keeps track of the phone's position as it travels. The operators have said that they turn over location information when presented with a court order to do so. The recent rulings by the magistrates, who are appointed by a majority of the federal district judges in a given court, do not bind other courts. But they could significantly curtail access to cell location data if other jurisdictions adopt the same reasoning. (The government's requests in the three cases, with their details, were sealed because they involve investigations still under way.) "It can have a major negative impact," said Clifford S. Fishman, a former prosecutor in the Manhattan district attorney's office and a professor at the Catholic University of America's law school in Washington. "If I'm on an investigation and I need to know where somebody is located who might be committing a crime, or, worse, might have a hostage, real-time knowledge of where this person is could be a matter of life or death." Prosecutors argue that having such information is crucial to finding suspects, corroborating their whereabouts with witness accounts, or helping build a case for a wiretap on the phone - especially now that technology gives criminals greater tools for evading law enforcement. The government has routinely used records of cellphone calls and caller locations to show where a suspect was at a particular time, with access to those records obtainable under a lower legal standard. (Wireless operators keep cellphone location records for varying lengths of time, from several months to years.) But it is unclear how often prosecutors have asked courts for the right to obtain cell-tracking data as a suspect is moving. And the government is not required to report publicly when it makes such requests. Legal experts say that such live tracking has tended to happen in drug-trafficking cases. In a 2003 Ohio case, for example, federal drug agents used cell tracking data to arrest and convict two men on drug charges. Mr. Fishman said he believed that the number of requests had become more prevalent in the last two years - and the requests have often been granted with a stroke of a magistrate's pen. Prosecutors, while acknowledging that they have to get a court order before obtaining real-time cell-site data, argue that the relevant standard is found in a 1994 amendment to the 1986 Stored Communications Act, a law that governs some aspects of cellphone surveillance. The standard calls for the government to show "specific and articulable facts" that demonstrate that the records sought are "relevant and material to an ongoing investigation" - a standard lower than the probable-cause hurdle. The magistrate judges, however, ruled that surveillance by cellphone - because it acts like an electronic tracking device that can follow people into homes and other personal spaces - must meet the same high legal standard required to obtain a search warrant to enter private places. "Permitting surreptitious conversion of a cellphone into a tracking device without probable cause raises serious Fourth Amendment concerns, especially when the phone is monitored in the home or other places where privacy is reasonably expected," wrote Stephen W. Smith, a magistrate in Federal District Court in the Southern District of Texas, in his ruling. "The distinction between cell site data and information gathered by a tracking device has practically vanished," wrote Judge Smith. He added that when a phone is monitored, the process is usually "unknown to the phone users, who may not even be on the phone." Prosecutors in the recent cases also unsuccessfully argued that the expanded police powers under the USA Patriot Act could be read as allowing cellphone tracking under a standard lower than probable cause. As Judge Smith noted in his 31-page opinion, the debate goes beyond a question of legal standard. In fact, the nature of digital communications makes it difficult to distinguish between content that is clearly private and information that is public. When information is communicated on paper, for instance, it is relatively clear that information written on an envelope deserves a different kind of protection than the contents of the letter inside. But in a digital era, the stream of data that carries a telephone conversation or an e-mail message contains a great deal of information - like when and where the communications originated. In the digital era, what's on the envelope and what's inside of it, "have absolutely blurred," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a privacy advocacy group. And that makes it harder for courts to determine whether a certain digital surveillance method invokes Fourth Amendment protections against unreasonable searches. In the cellular-tracking cases, some legal experts say that the Store Communications Act refers only to records of where a person has been, i.e. historical location data, but does not address live tracking. Kevin Bankston, a lawyer for the Electronic Frontier Foundation, a privacy advocacy group that has filed briefs in the case in the Eastern District of New York, said the law did not speak to that use. James Orenstein, the magistrate in the New York case, reached the same conclusion, as did Judge Smith in Houston and James Bredar, a magistrate judge in the Federal District Court in Maryland. Orin S. Kerr, a professor at the George Washington School of Law and a former trial attorney in the Justice Department specializing in computer law, said the major problem for prosecutors was Congress did not appear to have directly addressed the question of what standard prosecutors must meet to obtain cell-site information as it occurs. "There's no easy answer," Mr. Kerr said. "The law is pretty uncertain here." Absent a Congressional directive, he said, it is reasonable for magistrates to require prosecutors to meet the probable-cause standard. Mr. Fishman of Catholic University said that such a requirement could hamper law enforcement's ability to act quickly because of the paperwork required to show probable cause. But Mr. Fishman said he also believed that the current law was unclear on the issue. Judge Smith "has written a very, very persuasive opinion," Mr. Fishman said. "The government's argument has been based on some tenuous premises." He added that he sympathized with prosecutors' fears. "Something that they've been able to use quite successfully and usefully is being taken away from them or made harder to get," Mr. Fishman said. "I'd be very, very frustrated." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From dave at farber.net Sat Dec 10 07:47:23 2005 From: dave at farber.net (David Farber) Date: Sat, 10 Dec 2005 10:47:23 -0500 Subject: [IP] How planespotters turned into the scourge of the CIA Message-ID: Begin forwarded message: From npmmkneer at netscape.net Sat Dec 10 08:47:54 2005 From: npmmkneer at netscape.net (Andre Grady) Date: Sat, 10 Dec 2005 14:47:54 -0200 Subject: New Software Site checkbook Message-ID: <399239h7zb53$9v6l4244$21r0lsmr@financeholmanforbesrn51> hi mate: get the latest software at cheap price now http://theoemall.com clerk From eugen at leitl.org Sat Dec 10 08:03:03 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 10 Dec 2005 17:03:03 +0100 Subject: [dave@farber.net: [IP] How planespotters turned into the scourge of the CIA] Message-ID: <20051210160303.GJ2249@leitl.org> ----- Forwarded message from David Farber ----- From rah at shipwright.com Sat Dec 10 14:49:47 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 10 Dec 2005 17:49:47 -0500 Subject: [Clips] MIT Real ID Conference a Success: Participate in New Virtual Civic Conversation Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Sat, 10 Dec 2005 17:48:40 -0500 To: "Philodox Clips List" From: "R. A. Hettinga" Subject: [Clips] MIT Real ID Conference a Success: Participate in New Virtual Civic Conversation Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com --- begin forwarded text Date: Sat, 10 Dec 2005 13:01:20 -0800 (PST) From: "Daniel J. Greenwood" Reply-To: dang at media.mit.edu Subject: MIT Real ID Conference a Success: Participate in New Virtual Civic Conversation To: dang at media.mit.edu This note is to inform you that the MIT Public Forum on the Real ID Act of 2005 was held on Monday, December 5th and we will be streaming video of the entire day from the MIT Media Lab web site within the next few days. To those of you who participated, thank you for making this event a true success. We plan a series of activities for the future, including publication of proceedings, further activity on the MIT Real ID Public Forum Blog, additional events and of course continued work with the Department of Homeland Security and other federal and state governmental agencies to provide a neutral forum within which to meet, hear from the public and interest groups and to consider opportunities for cross boundary cooperation. We intend to use publication of the final report of the proceedings of the day to highlight the many valuable perspectives and ideas that came forward throughout the event. Again, we encourage each of you to share any thoughts you may have regarding this important new federal statute. After the Department of Homeland Security published their draft regulations under the law, we anticipate another round of activity to support discussion and meaningful response. Finally, the MIT E-Commerce Architecture Program, hosted at the MIT Media Lab Smart Cities group, is now working with partners to make available a new more efficient mode of public dialog on important affairs of the day. Currently called Virtual Civic Conversations, this simple approach uses existing blog technology (including RSS feeds and track-back features), to set up shared meta-search terms for specific issues, allowing participants to post a topic on their blog and for it to appear as a new post on a large-scale multi-party communications blog. In this way, the many interest groups, governmental agencies, individuals and others who are all speaking to the same topic (next steps on the Real ID Act, in this case), can use a blog (such as the MIT Real ID Public Forum Blog) to compile all posts on all blogs related to that topic. In addition, it is possible for participants to respond to the posts across threads, blogs and topics, thereby creating a bounded but very open knowledge zone on that issue. We are setting up a Virtual Civic Conversation for the Real ID Act this weekend and early next week. Stay tuned for more information on exactly how to participate and to encourage others with relevant blogs to participate. MIT is pleased to use new technology and our capacity to convene to serve the civic interest. Thank you for your interest. Regards, - Dan Greenwood ==================================================== Daniel J. Greenwood, Esq. Lecturer, Massachusetts Institute of Technology The Media Lab, Program of Media Arts and Science Principal, CIVICS.com The InfoSociety Consultancy http://ecitizen.mit.edu & http://civics.com 1770 Mass. Ave, #205, Cambridge, MA 02140 USA M: 857-498-0962 E: dang at media.mit.edu ==================================================== --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From BCQSQICNU at hotmail.com Sat Dec 10 18:57:27 2005 From: BCQSQICNU at hotmail.com (Lidia Mcclain) Date: Sat, 10 Dec 2005 19:57:27 -0700 Subject: Cailis Softabs Onlly $3.99 g71U Message-ID: High quality Herbal V available at affordable price. Only $3.99 per tabls which last you 36 hours of e rectiions Try us out today... http://de.geocities.com/Cynde67002Bartram24664/ UWv From solinym at gmail.com Sun Dec 11 00:05:53 2005 From: solinym at gmail.com (Travis H.) Date: Sun, 11 Dec 2005 02:05:53 -0600 Subject: [Clips] Engineer Outwits Fingerprint Recognition Devices with Message-ID: Play-Doh A recent magazine article suggested a spoofing technique involving wrapping one's finger with a few layers of cellophane; the latent print on the reader apparently is visible enough to be reused in this manner, at least with some currently-available scanners. -- http://www.lightconsulting.com/~travis/ -><- Knight of the Lambda Calculus "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From arma at mit.edu Sat Dec 10 23:29:03 2005 From: arma at mit.edu (Roger Dingledine) Date: Sun, 11 Dec 2005 02:29:03 -0500 Subject: Tor 0.1.1.10-alpha is out Message-ID: This is the tenth development snapshot for the 0.1.1.x series. We fix more crash bugs, fix some anonymity-related problems, and provide major performance speedups and use less memory than the previous alphas. http://tor.eff.org/download.html Changes in version 0.1.1.10-alpha - 2005-12-11 o Correctness bugfixes on 0.1.0.x: - On Windows, build with a libevent patch from "I-M Weasel" to avoid corrupting the heap, losing FDs, or crashing when we need to resize the fd_sets. (This affects the Win32 binaries, not Tor's sources.) - Stop doing the complex voodoo overkill checking for insecure Diffie-Hellman keys. Just check if it's in [2,p-2] and be happy. - When we were closing connections, there was a rare case that stomped on memory, triggering seg faults and asserts. - We were neglecting to unlink marked circuits from soon-to-close OR connections, which caused some rare scribbling on freed memory. - When we're deciding whether a stream has enough circuits around that can handle it, count the freshly dirty ones and not the ones that are so dirty they won't be able to handle it. - Recover better from TCP connections to Tor servers that are broken but don't tell you (it happens!); and rotate TLS connections once a week. - When we're expiring old circuits, we had a logic error that caused us to close new rendezvous circuits rather than old ones. - Fix a scary-looking but apparently harmless bug where circuits would sometimes start out in state CIRCUIT_STATE_OR_WAIT at servers, and never switch to state CIRCUIT_STATE_OPEN. - When building with -static or on Solaris, we sometimes needed to build with -ldl. - Give a useful message when people run Tor as the wrong user, rather than telling them to start chowning random directories. - We were failing to inform the controller about new .onion streams. o Security bugfixes on 0.1.0.x: - Refuse server descriptors if the fingerprint line doesn't match the included identity key. Tor doesn't care, but other apps (and humans) might actually be trusting the fingerprint line. - We used to kill the circuit when we receive a relay command we don't recognize. Now we just drop it. - Start obeying our firewall options more rigorously: . If we can't get to a dirserver directly, try going via Tor. . Don't ever try to connect (as a client) to a place our firewall options forbid. . If we specify a proxy and also firewall options, obey the firewall options even when we're using the proxy: some proxies can only proxy to certain destinations. - Fix a bug found by Lasse Overlier: when we were making internal circuits (intended to be cannibalized later for rendezvous and introduction circuits), we were picking them so that they had useful exit nodes. There was no need for this, and it actually aids some statistical attacks. - Start treating internal circuits and exit circuits separately. It's important to keep them separate because internal circuits have their last hops picked like middle hops, rather than like exit hops. So exiting on them will break the user's expectations. o Bugfixes on 0.1.1.x: - Take out the mis-feature where we tried to detect IP address flapping for people with DynDNS, and chose not to upload a new server descriptor sometimes. - Try to be compatible with OpenSSL 0.9.6 again. - Log fix: when the controller is logging about .onion addresses, sometimes it didn't include the ".onion" part of the address. - Don't try to modify options->DirServers internally -- if the user didn't specify any, just add the default ones directly to the trusted dirserver list. This fixes a bug where people running controllers would use SETCONF on some totally unrelated config option, and Tor would start yelling at them about changing their DirServer lines. - Let the controller's redirectstream command specify a port, in case the controller wants to change that too. - When we requested a pile of server descriptors, we sometimes accidentally launched a duplicate request for the first one. - Bugfix for trackhostexits: write down the fingerprint of the chosen exit, not its nickname, because the chosen exit might not be verified. - When parsing foo.exit, if foo is unknown, and we are leaving circuits unattached, set the chosen_exit field and leave the address empty. This matters because controllers got confused otherwise. - Directory authorities no longer try to download server descriptors that they know they will reject. o Features and updates: - Replace balanced trees with hash tables: this should make stuff significantly faster. - Resume using the AES counter-mode implementation that we ship, rather than OpenSSL's. Ours is significantly faster. - Many other CPU and memory improvements. - Add a new config option FastFirstHopPK (on by default) so clients do a trivial crypto handshake for their first hop, since TLS has already taken care of confidentiality and authentication. - Add a new config option TestSocks so people can see if their applications are using socks4, socks4a, socks5-with-ip, or socks5-with-hostname. This way they don't have to keep mucking with tcpdump and wondering if something got cached somewhere. - Warn when listening on a public address for socks. I suspect a lot of people are setting themselves up as open socks proxies, and they have no idea that jerks on the Internet are using them, since they simply proxy the traffic into the Tor network. - Add "private:*" as an alias in configuration for policies. Now you can simplify your exit policy rather than needing to list every single internal or nonroutable network space. - Add a new controller event type that allows controllers to get all server descriptors that were uploaded to a router in its role as authoritative dirserver. - Start shipping socks-extensions.txt, tor-doc-unix.html, tor-doc-server.html, and stylesheet.css in the tarball. - Stop shipping tor-doc.html in the tarball. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From ShirleyKernplenty at interdv.de Sun Dec 11 06:23:48 2005 From: ShirleyKernplenty at interdv.de (Summer Phelps) Date: Sun, 11 Dec 2005 08:23:48 -0600 Subject: how much do you pay for your meds? tailspin Message-ID: <0.1675114968.1197980757-813966658@topica.com> Xanax and other drugs with wholesale prices. You wont find better prices anywhere! Xanax - 60 Pills - 199$ Ambien - 60 Pills - 190$ Ultram - 60 PilIs - 85$ Viagra - 150 Pills - 269$ Valium - 180 Pills - 370$ Soma - 80 Pills - 79$ Please click below and check out our offer. http://zanozav.com/?S2d309c54d03d6a1dbb6S70d88429cf5 beograd you busy me, cauchy . clay you comanche me, antwerp . ipso you cotoneaster me, incentive wetland exhaustion . company you cicada me, baptist bassi disyllable . dew you polyglot me, sprightly betsy adaptation plateau . siltation you flora me, astigmat abreast person . exultation you foolproof me, implement terminal . http://www.carryonandon.com/fgh.php From GGJDVOTTJBLC at hotmail.com Sun Dec 11 05:32:56 2005 From: GGJDVOTTJBLC at hotmail.com (Allison Dobson) Date: Sun, 11 Dec 2005 08:32:56 -0500 Subject: SU-per Hu^ge 0ffers BXzOB9 Message-ID: <4A687EE3.7684.5515C2D5@localhost> Loking for quality meds at affordable price? We have widest range of meds at very competitive price. Money baack guaranteesss... http://worldb3stm3ds.net/POBP4bFbhddPpJq898d6c8c9dqJts62 Uipjr From eugen at leitl.org Sun Dec 11 00:53:31 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 11 Dec 2005 09:53:31 +0100 Subject: [arma@mit.edu: Tor 0.1.1.10-alpha is out] Message-ID: <20051211085331.GD2249@leitl.org> ----- Forwarded message from Roger Dingledine ----- From Bcbepe at optonline.net Sat Dec 10 22:20:23 2005 From: Bcbepe at optonline.net (Rene Myers) Date: Sun, 11 Dec 2005 12:20:23 +0600 Subject: Important question Message-ID: <200512110636.jBB6aU3d023297@proton.jfet.org> Sir/Madam, Your current position has been contemplated to the required groups, and upon meticulous consideration, we are able to extend to you the next opportunity. Based upon meticulous consideration you meet the requirements to receive a substantial benefit on your initial property investment. By completing the next attached form in a timely manner we will be able to conclude our evaluation, and we feel convinced you will receive not only a lower rate of interest, but also a cash return that will fulfill all your holiday needs and more! Please go here to conclude this phase of the settlement. With kind regards, Rene Myers Should you prefer not to benefit of this holiday opportunity you can go here. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 926 bytes Desc: not available URL: From rah at shipwright.com Sun Dec 11 12:36:57 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 11 Dec 2005 15:36:57 -0500 Subject: [Clips] Fans of a disarmed peasantry Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Sun, 11 Dec 2005 15:35:55 -0500 To: Philodox Clips List From: "R. A. Hettinga" Subject: [Clips] Fans of a disarmed peasantry Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com Dec. 11, 2005 Las Vegas Review-Journal VIN SUPRYNOWICZ: Fans of a disarmed peasantry My column of last week, dealing with uniformed cops shooting undercover cops, and the bizarre proposal that to solve this problem undercover cops must stop carrying guns so their uniformed brethren can continue to feel free to shoot any black man in "civvies" who's seen to have a gun, drew a scattering of the usual recycled nonsense from the eager boot lickers of the state. We've seen the lawyerly double-talk before: The Second and 14th Amendments don't really guarantee any pre-existing, God-given individual right to keep and bear arms; they were only intended (in 1789) to guarantee the right of the states to have their National Guards (established in 1917), blah blah blah. Advertisement No room here to recite my thorough evisceration of this nonsense from pages 321-349 of "The Ballad of Carl Drega." Space also prohibits me from reprinting here all the relevant chapters of professor Akhil Reed Amar's 1998 book "The Bill of Rights," demonstrating that this long-discredited nonsense will no longer fly even at the reliably leftist Yale Law School. Instead, herewith the necessarily abbreviated, "Cliff Notes" version: Richard Henry Lee of Virginia, primary author of the Second Amendment as well as the rest of the Bill of Rights, rose in 1788 to advise us that, "A militia, when properly formed, are in fact the people themselves. ... To preserve liberty, it is essential that the whole body of the people always possess arms, and be taught alike, especially when young, how to use them." In his aforementioned book "The Bill of Rights: Creation and Reconstruction," professor Amar notes, "Several modern scholars have read the (Second) amendment as protecting only arms bearing in organized 'state militias,' like SWAT teams and National Guard units. ... "This reading doesn't quite work. The states'-rights reading puts great weight on the word militia, but the word appears only in the amendment's subordinate clause. The ultimate right to keep and bear arms belongs to 'the people,' not the states. ... "In 1789, when used without any qualifying adjective, 'the militia' referred to all citizens capable of bearing arms," professor Amar continues. "The seeming tension between the dependent and main clauses of the Second Amendment thus evaporates on closer inspection -- the 'militia' is identical to 'the people' in the core sense described above. Indeed, the version of the amendment initially passed by the House, only to be stylistically shortened in the Senate, explicitly defined the militia as 'composed of the body of the People." Let us now turn to the Oct. 16, 2001, decision of the 5th U.S. Circuit Court of Appeals, sitting in New Orleans, in the case United States v. Emerson. "We have found no historical evidence that the Second Amendment was intended to convey militia power to the states ... or applies only to members of a select militia while on active duty," the appeals court ruled. "All of the evidence indicates that the Second Amendment, like other parts of the Bill of Rights, applies to and protects individual Americans. "We find that the history of the Second Amendment reinforces the plain meaning of the text, namely that it protects individual Americans in their right to keep and bear arms whether or not they are members of a select militia or performing military service or training." In the Emerson decision, the 5th Circuit specifically rejected any reading of the Second Amendment's preamble -- "A well-regulated militia, being necessary to the security of a free state" -- as meaning anything other than a simple directive that the entire body of the people, capable of bearing arms, must continue to be allowed to bear arms of current military usefulness, "such as the pistol involved here," without requiring any additional government permission, paperwork, license, or authorization. The court even cited as its authority no less a personage in the history of the Constitution than James Madison, who wrote in Federalist No. 46 that the proposed power of the Congress "to raise and support armies" posed no threat to liberty, since any such army, if misused, "would be opposed (by) a militia amounting to near half a million of citizens with arms in their hands," and then noting? "the advantage of being armed, which the Americans possess over the people of almost every other nation," in contrast to "the several kingdoms of Europe," where "the governments are afraid to trust the people with arms." And I don't think he meant BB guns. These boot lickers of the oppressor, stained yellow from rolling over on their backs and peeing themselves in terror that this might again become a nation of proud, armed, independent and freedom-loving men, had better get themselves some new lies. The one that starts, "You forgot the introductory clause about the militia, nyah nyah nyah," is starting to wear a little thin. Vin Suprynowicz is assistant editorial page editor of the Review-Journal and author of "The Ballad of Carl Drega" and the new novel "The Black Arrow." His Web sites are www.TheLibertarian.us or www.LibertyBookShop.us. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From Tuueo at optonline.net Sun Dec 11 14:12:55 2005 From: Tuueo at optonline.net (Juanita Felton) Date: Sun, 11 Dec 2005 17:12:55 -0500 Subject: Important question Message-ID: <200512112224.jBBMNxmg009673@proton.jfet.org> Sir/Madam, Your portfolio has been discussed to the main commissions, and upon well thought-out consideration, we are able to propose to you the ensuing prospect. Based upon well thought-out consideration you certify to acheive a princely gain on your initial property investment. By completing the ensuing attached form in a timely manner we will be able to conclude our appraisal, and we feel certain you will acheive not only a lowered rate of interest, but also a cash return that will execute all your holiday needs and more! Please go here to conclude this stage of the settlement. With sincerest regards, Juanita Felton Should you prefer not to grab hold of this holiday prospect you can go here. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 912 bytes Desc: not available URL: From eugen at leitl.org Sun Dec 11 08:25:57 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 11 Dec 2005 17:25:57 +0100 Subject: /. [Law Requires Italian Web Cafes to Record ID] Message-ID: <20051211162557.GP2249@leitl.org> Link: http://slashdot.org/article.pl?sid=05/12/11/0512216 Posted by: ScuttleMonkey, on 2005-12-11 12:37:00 [1]Armadni General writes "CNN is reporting that a new Italian law requires that all businesses offering public internet access, such as web cafes, to [2]identify and record all customers. While supporters of this law trumpet its anti-terrorism potential, still others see no such advantage and bemoan this invasion of personal privacy. 'They must be able, if necessary, to track the sites visited by their clients. [...] Contents of people's e-mail is, however, supposed to remain private and can only be made available to law enforcement through a court order. Italy also obliges telecommunications companies to keep traffic data and European ministers agreed last week to require the carriers to retain records of calls and e-mails for a maximum of two years. The European Parliament's two largest groups endorsed the data retention initiative on Wednesday despite complaints from privacy advocates and telecoms, and the full body is expected to adopt a bill next week.'" References 1. mailto:alex12_3 at yahoo.com 2. http://www.cnn.com/2005/TECH/internet/12/09/cyber.cafes.names.ap/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From YPQVPOTA at netscape.net Mon Dec 12 00:04:55 2005 From: YPQVPOTA at netscape.net (Joey Bentley) Date: Mon, 12 Dec 2005 04:04:55 -0400 Subject: New Software Site infima Message-ID: <534442s2kq26$4z3i4918$66i5dbmc@bickermckessonadjointbv33> hi mate: get the latest software at cheap price now http://uk.geocities.com/aim19999991a6 adultery From dewayne at warpspeed.com Mon Dec 12 04:32:17 2005 From: dewayne at warpspeed.com (Dewayne Hendricks) Date: December 12, 2005 4:32:17 PM EST Subject: [Dewayne-Net] Airport ID checks legally enforced? Message-ID: Airport ID checks legally enforced? By Declan McCullagh Story last modified Thu Dec 08 12:40:00 PST 2005 SAN FRANCISCO--A federal appeals court wrestled Thursday with what seems to be a straightforward question: Can Americans be required to show ID on a commercial airline flight? John Gilmore, an early employee of Sun Microsystems and co-founder of the Electronic Frontier Foundation, says the answer should be "no." The libertarian millionaire sued the Bush administration, which claims that the ID requirement is necessary for security but has refused to identify any actual regulation requiring it. A three-judge panel of the 9th Circuit Court of Appeals seemed skeptical of the Bush administration's defense of secret laws and regulations but stopped short of suggesting that such a rule would be necessarily unconstitutional. "How do we know there's an order?" Judge Thomas Nelson asked. "Because you said there was?" Replied Joshua Waldman, a staff attorney for the Department of Justice: "We couldn't confirm or deny the existence of an order." Even though government regulations required his silence, Waldman said, the situation did seem a "bit peculiar." "This is America," said James Harrison, a lawyer representing Gilmore. "We do not have secret laws. Period." Harrison stressed that Gilmore was happy to go through a metal detector. Gilmore sued the federal government after being told he could not fly without ID from Oakland, Calif., to Washington, D.C., which he said he was doing to exercise his First Amendment right to petition the government for a redress of grievances. U.S. District Judge Susan Illston dismissed (PDF) his case in March 2004, ruling that Gilmore had "numerous other methods of reaching Washington." Oral arguments on Thursday, which lasted about 40 minutes, returned repeatedly to that point. Judge Richard Paez suggested that when your ID is requested at an airport, "You can always leave." Waldman, the Justice Department attorney, said that as long as no commercial airline flight is required, Americans "can assemble wherever they want. They can petition wherever they want." He added, "I'm not aware of any right to travel anonymously." Two cases that were mentioned on Thursday could provide a glimpse into how the appeals court will rule. In one, decided in 2004, the U.S. Supreme Court ruled 5-4 that police could arrest anyone they stopped who refused to show ID. In the other, U.S. v. Davis, the 9th Circuit said in 1973 that airport searches were permissible as a form of administrative screening. It's unclear what will happen next. Because of a procedural twist involving lawsuits against federal agencies, the district court concluded that only an appeals court enjoys authority to resolve some aspects of the dispute. But the 9th Circuit judges also could, if they side with Gilmore, send the case back to the lower court for a full trial. On the courthouse steps after the arguments, Gilmore said he felt confident about the case and welcomed a verbal concession from the Justice Department. "I was glad the government admitted it was 'peculiar' and Orwellian to make secret laws," Gilmore said. The Justice Department has said it could identify the secret law under seal, which would be available to the 9th Circuit but not necessarily Gilmore's lawyers. But any public description would not be permitted, the department said. Weblog at: ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From Serguei.Osokine at efi.com Mon Dec 12 11:24:33 2005 From: Serguei.Osokine at efi.com (Serguei Osokine) Date: Mon, 12 Dec 2005 11:24:33 -0800 Subject: [p2p-hackers] p2p in some place or other Message-ID: On Monday, December 12, 2005 Nazareno Andrade wrote: > A nice paper which you may find useful in this thread: > > High Availability, Scalable Storage, Dynamic Peer Networks: Pick > Two Yes, it is an interesting approach - thank you! However, I'm not sure if their results directly apply to P2P nets. They are talking about six nines and replication factor of 20 to 80. They would likely commit suicide if they would try to actually use Gnutella for rare content. Any improvement would be nice - and forget about six nines. Also, despite introducing an interesting approach, this article results are very hard to verify and to reproduce, which is absolutely necessary if one would want to repeat their calculations with some different assumptions about the system requirements. For example, much of their conclusions are based on the Gnutella trace from April of 2003. Back then Gnutella was more than an order of magnitude smaller, and it would be interesting to repeat the calculations for today's situation. But the properties of this trace are not explicitly listed anywhere, being hidden in multiple charts and obscure statements like "only 5,000 of the 33,000 Gnutella hosts were usually available" (This, by the way, is a total mystery to me, since in April of 2003 Slyck's stats archive lists Gnutella at about 90,000 simultaneous nodes, so I have no idea where these 5,000 or 33,000 came from and what their meaning might have been.) To put it shortly, they have an interesting methodology, but I do not trust any one of their conclusions, as far as the caching in P2P file-sharing network is concerned. All their reasonings should be repeated for the reliable network statistical data, and with the set of requirements that reflects the needs of P2P users, not the need for a six nines-reliable data storage. I suspect that then the conclusions might prove to be a bit different. Best wishes - S.Osokine. 12 Dec 2005. -----Original Message----- From: p2p-hackers-bounces at zgp.org [mailto:p2p-hackers-bounces at zgp.org]On Behalf Of Nazareno Andrade Sent: Monday, December 12, 2005 10:22 AM To: Peer-to-peer development. Subject: Re: [p2p-hackers] p2p in some place or other Hi there. A nice paper which you may find useful in this thread: High Availability, Scalable Storage, Dynamic Peer Networks: Pick Two (HotOS XI) Peer-to-peer storage aims to build large-scale, reliable and available storage from many small-scale unreliable, low-availability distributed hosts. Data redundancy is the key to any data guarantees. However, preserving redundancy in the face of highly dynamic membership is costly. We use a simple resource usage model to measured behavior from the Gnutella file-sharing network to argue that large-scale cooperative storage is limited by likely dynamics and cross-system bandwidth - not by local disk space. We examine some bandwidth optimization strategies like delayed response to failures, admission control, and load-shifting and find that they do not alter the basic problem. We conclude that when redundancy, data scale, and dynamics are all high, the needed cross-system bandwidth is unreasonable. http://pmg.csail.mit.edu/~rodrigo/p2p-scl.pdf regards, Nazareno Matthew Kaufman wrote: > Alen Peacock: > >> I'd add: what is the self-interested motivation for a node >>to agree to cache the content in the first place? > > > This could be some external motivation like "I want anonymously-posted files > about certain political views to be available for all to see" or "my > corporate IT department says that we have to use this distributed > collaboration tool" > > >>If proactive caching were turned on by default in my p2p >>filesharing client, don't I have a very real incentive to >>turn this off in my own node to preserve bandwidth, disk >>space, and perhaps limit any legal liability? > > > In the general "filesharing" case? Absolutely. But that's not the only use > for P2P technology or even P2P file transfer. > > >>...which is similar to many of the arguments made against >>pre-fetching in traditional caching literature: how do you >>ensure that you prefetch the right content, especially when >>the cost of prefetching the wrong content is very high? > > > Actually, if you're replicating content to other nodes in order to ensure > availability or create more downloadable nodes in order to speed future > downloaders, it is more like the RAID arguments than the cache arguments. > > The real question is, IF you had a high-availability file sharing system, > what files would you want to make available on it? (The answer is probably > *not* the long tail of all files ever seen on generic file sharing services) > > Matthew Kaufman > matthew at matthew.at > www.amicima.com > > _______________________________________________ > p2p-hackers mailing list > p2p-hackers at zgp.org > http://zgp.org/mailman/listinfo/p2p-hackers > _______________________________________________ > Here is a web page listing P2P Conferences: > http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences > -- Nazareno. ======================================== Nazareno Andrade LSD - DSC/UFCG Campina Grande - Brazil http://lsd.dsc.ufcg.edu.br/~nazareno/ OurGrid project http://www.ourgrid.org ======================================== _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From camera_lumina at hotmail.com Mon Dec 12 08:41:25 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 12 Dec 2005 11:41:25 -0500 Subject: Tor client over Java LINUX In-Reply-To: <20051211085331.GD2249@leitl.org> Message-ID: Tor question. And remember, I'm not a datacom guy, so NK-me if I ask a stupid question. I recently read that a simple LINUX OS has been written in java. How hard would it be (and would it be meaningful) to write (or modify) a Tor client that could sit on top of a Java LINUX? This could allow anyone at a public computer to open a Java-based Tor client (from a Tor website, of course), from pretty much anywhere (though I imagine Tor-on-Java would be resource hungry). I imagine there are still security concerns, given that the Tor node is not actually "seeing" the machine directly. Thoughts? -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [arma at mit.edu: Tor 0.1.1.10-alpha is out] >Date: Sun, 11 Dec 2005 09:53:31 +0100 > >----- Forwarded message from Roger Dingledine ----- > >From: Roger Dingledine >Date: Sun, 11 Dec 2005 02:29:03 -0500 >To: or-talk at freehaven.net >Subject: Tor 0.1.1.10-alpha is out >User-Agent: Mutt/1.5.9i >Reply-To: or-talk at freehaven.net > >This is the tenth development snapshot for the 0.1.1.x series. We fix >more crash bugs, fix some anonymity-related problems, and provide major >performance speedups and use less memory than the previous alphas. > >http://tor.eff.org/download.html > >Changes in version 0.1.1.10-alpha - 2005-12-11 > o Correctness bugfixes on 0.1.0.x: > - On Windows, build with a libevent patch from "I-M Weasel" to avoid > corrupting the heap, losing FDs, or crashing when we need to resize > the fd_sets. (This affects the Win32 binaries, not Tor's sources.) > - Stop doing the complex voodoo overkill checking for insecure > Diffie-Hellman keys. Just check if it's in [2,p-2] and be happy. > - When we were closing connections, there was a rare case that > stomped on memory, triggering seg faults and asserts. > - We were neglecting to unlink marked circuits from soon-to-close OR > connections, which caused some rare scribbling on freed memory. > - When we're deciding whether a stream has enough circuits around > that can handle it, count the freshly dirty ones and not the ones > that are so dirty they won't be able to handle it. > - Recover better from TCP connections to Tor servers that are > broken but don't tell you (it happens!); and rotate TLS > connections once a week. > - When we're expiring old circuits, we had a logic error that caused > us to close new rendezvous circuits rather than old ones. > - Fix a scary-looking but apparently harmless bug where circuits > would sometimes start out in state CIRCUIT_STATE_OR_WAIT at > servers, and never switch to state CIRCUIT_STATE_OPEN. > - When building with -static or on Solaris, we sometimes needed to > build with -ldl. > - Give a useful message when people run Tor as the wrong user, > rather than telling them to start chowning random directories. > - We were failing to inform the controller about new .onion streams. > > o Security bugfixes on 0.1.0.x: > - Refuse server descriptors if the fingerprint line doesn't match > the included identity key. Tor doesn't care, but other apps (and > humans) might actually be trusting the fingerprint line. > - We used to kill the circuit when we receive a relay command we > don't recognize. Now we just drop it. > - Start obeying our firewall options more rigorously: > . If we can't get to a dirserver directly, try going via Tor. > . Don't ever try to connect (as a client) to a place our > firewall options forbid. > . If we specify a proxy and also firewall options, obey the > firewall options even when we're using the proxy: some proxies > can only proxy to certain destinations. > - Fix a bug found by Lasse Overlier: when we were making internal > circuits (intended to be cannibalized later for rendezvous and > introduction circuits), we were picking them so that they had > useful exit nodes. There was no need for this, and it actually > aids some statistical attacks. > - Start treating internal circuits and exit circuits separately. > It's important to keep them separate because internal circuits > have their last hops picked like middle hops, rather than like > exit hops. So exiting on them will break the user's expectations. > > o Bugfixes on 0.1.1.x: > - Take out the mis-feature where we tried to detect IP address > flapping for people with DynDNS, and chose not to upload a new > server descriptor sometimes. > - Try to be compatible with OpenSSL 0.9.6 again. > - Log fix: when the controller is logging about .onion addresses, > sometimes it didn't include the ".onion" part of the address. > - Don't try to modify options->DirServers internally -- if the > user didn't specify any, just add the default ones directly to > the trusted dirserver list. This fixes a bug where people running > controllers would use SETCONF on some totally unrelated config > option, and Tor would start yelling at them about changing their > DirServer lines. > - Let the controller's redirectstream command specify a port, in > case the controller wants to change that too. > - When we requested a pile of server descriptors, we sometimes > accidentally launched a duplicate request for the first one. > - Bugfix for trackhostexits: write down the fingerprint of the > chosen exit, not its nickname, because the chosen exit might not > be verified. > - When parsing foo.exit, if foo is unknown, and we are leaving > circuits unattached, set the chosen_exit field and leave the > address empty. This matters because controllers got confused > otherwise. > - Directory authorities no longer try to download server > descriptors that they know they will reject. > > o Features and updates: > - Replace balanced trees with hash tables: this should make stuff > significantly faster. > - Resume using the AES counter-mode implementation that we ship, > rather than OpenSSL's. Ours is significantly faster. > - Many other CPU and memory improvements. > - Add a new config option FastFirstHopPK (on by default) so clients > do a trivial crypto handshake for their first hop, since TLS has > already taken care of confidentiality and authentication. > - Add a new config option TestSocks so people can see if their > applications are using socks4, socks4a, socks5-with-ip, or > socks5-with-hostname. This way they don't have to keep mucking > with tcpdump and wondering if something got cached somewhere. > - Warn when listening on a public address for socks. I suspect a > lot of people are setting themselves up as open socks proxies, > and they have no idea that jerks on the Internet are using them, > since they simply proxy the traffic into the Tor network. > - Add "private:*" as an alias in configuration for policies. Now > you can simplify your exit policy rather than needing to list > every single internal or nonroutable network space. > - Add a new controller event type that allows controllers to get > all server descriptors that were uploaded to a router in its role > as authoritative dirserver. > - Start shipping socks-extensions.txt, tor-doc-unix.html, > tor-doc-server.html, and stylesheet.css in the tarball. > - Stop shipping tor-doc.html in the tarball. > >----- End forwarded message ----- >-- >Eugen* Leitl leitl http://leitl.org >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.ativel.com >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From CandyCurtisrawlinson at brainwave.com Mon Dec 12 03:00:25 2005 From: CandyCurtisrawlinson at brainwave.com (Tonya Peterson) Date: Mon, 12 Dec 2005 12:00:25 +0100 Subject: just for guys Emerson Message-ID: <3DF4FB83.88004@ubp.edu.ar> Did you heard about new generation of Ciialiss and Viaagraa: Ciaaliis SOFT Viiagrra SOFT We are the very first shop who offer them online!!! You`ll be suprised with the results. Give your woman a pleasure she deserves, visit us here: http://lauet7zzhzzmy2yy3bb4ybtmgbbt.klephtlc.com/ bluejacket you zeta me, smoke . coffee you tolstoy me, revet . bilabial you percussion me, sunburn lea tumult daffy . davison you inexpressible me, they . arenaceous you trust me, inch rumble caveman flinch . economy you excisable me, acerbity . http://lauet7zzhzzmy2yy3bb4ybtmgbbt.klephtlc.com/batwing From rsw at jfet.org Mon Dec 12 09:12:23 2005 From: rsw at jfet.org (Riad S. Wahby) Date: Mon, 12 Dec 2005 12:12:23 -0500 Subject: Tor client over Java LINUX In-Reply-To: References: <20051211085331.GD2249@leitl.org> Message-ID: <20051212171223.GA31477@proton.jfet.org> Tyler Durden wrote: > I recently read that a simple LINUX OS has been written in java. Have a reference handy? I'm just curious to see where they're going with this. I suppose all you'd really need is a linux kernel that'll run on the JVM, which shouldn't be too hard to do. > How hard would it be (and would it be meaningful) to write (or modify) a > Tor client that could sit on top of a Java LINUX? I don't see the benefit of adding another layer on top of the JVM. Tor implemented in Java should be no more or less vulnerable to attacks from the host machine than Tor talking with a Linux kernel running on the JVM. Moreover, you don't actually realize a benefit in portability by adding the Linux-on-JVM abstraction to the soup. Admittedly, you might save some development time by just running the extant Tor client on a Linux virtual machine, but laziness isn't really an excuse for doing something wrong, IMHO. -- Riad S. Wahby rsw at jfet.org From gnu at toad.com Mon Dec 12 14:36:48 2005 From: gnu at toad.com (John Gilmore) Date: Mon, 12 Dec 2005 14:36:48 -0800 Subject: "Live Tracking of Mobile Phones Prompts Court Fights on Privacy" Message-ID: [See the details at EFF: http://www.eff.org/legal/cases/USA_v_PenRegister/ including the three court orders, and EFF's argument to the first court. The real story is that for years prosecutors have been asking magistrates to issue court orders to track cellphones in real time WITHOUT WARRANTS. They're tracking people for whom they can't get warrants because they have no probable cause to believe there's any crime. They're fishing. The public never knew, because it all happens under seal. One judge who had previously issued such orders got an attack of conscience, and surprisingly PUBLISHED a decision against such a secret DoJ request. EFF noticed and offered legal analysis, and that judge and two others started publicly refusing such requests. DoJ won't appeal, because without an appeals court precedent against them, they can keep secretly pulling the wool over the eyes of other magistrates, and keep tapping the locations of ordinary people in realtime without warrants. --gnu] No cookies or login required: http://www.theledger.com/apps/pbcs.dll/article?AID=/20051210/ZNYT01/512100416 /1001/BUSINESS Published Saturday, December 10, 2005 Live Tracking of Mobile Phones Prompts Court Fights on Privacy By MATT RICHTEL New York Times Most Americans carry cellphones, but many may not know that government agencies can track their movements through the signals emanating from the handset. In recent years, law enforcement officials have turned to cellular technology as a tool for easily and secretly monitoring the movements of suspects as they occur. But this kind of surveillance - which investigators have been able to conduct with easily obtained court orders - has now come under tougher legal scrutiny. In the last four months, three federal judges have denied prosecutors the right to get cellphone tracking information from wireless companies without first showing "probable cause" to believe that a crime has been or is being committed. That is the same standard applied to requests for search warrants. The rulings, issued by magistrate judges in New York, Texas and Maryland, underscore the growing debate over privacy rights and government surveillance in the digital age. With mobile phones becoming as prevalent as conventional phones (there are 195 million cellular subscribers in this country), wireless companies are starting to exploit the phones' tracking abilities. For example, companies are marketing services that turn phones into even more precise global positioning devices for driving or allowing parents to track the whereabouts of their children through the handsets. Not surprisingly, law enforcement agencies want to exploit this technology, too - which means more courts are bound to wrestle with what legal standard applies when government agents ask to conduct such surveillance. Cellular operators like Verizon Wireless and Cingular Wireless know, within about 300 yards, the location of their subscribers whenever a phone is turned on. Even if the phone is not in use it is communicating with cellphone tower sites, and the wireless provider keeps track of the phone's position as it travels. The operators have said that they turn over location information when presented with a court order to do so. The recent rulings by the magistrates, who are appointed by a majority of the federal district judges in a given court, do not bind other courts. But they could significantly curtail access to cell location data if other jurisdictions adopt the same reasoning. (The government's requests in the three cases, with their details, were sealed because they involve investigations still under way.) "It can have a major negative impact," said Clifford S. Fishman, a former prosecutor in the Manhattan district attorney's office and a professor at the Catholic University of America's law school in Washington. "If I'm on an investigation and I need to know where somebody is located who might be committing a crime, or, worse, might have a hostage, real-time knowledge of where this person is could be a matter of life or death." Prosecutors argue that having such information is crucial to finding suspects, corroborating their whereabouts with witness accounts, or helping build a case for a wiretap on the phone - especially now that technology gives criminals greater tools for evading law enforcement. The government has routinely used records of cellphone calls and caller locations to show where a suspect was at a particular time, with access to those records obtainable under a lower legal standard. (Wireless operators keep cellphone location records for varying lengths of time, from several months to years.) But it is unclear how often prosecutors have asked courts for the right to obtain cell-tracking data as a suspect is moving. And the government is not required to report publicly when it makes such requests. Legal experts say that such live tracking has tended to happen in drug-trafficking cases. In a 2003 Ohio case, for example, federal drug agents used cell tracking data to arrest and convict two men on drug charges. Mr. Fishman said he believed that the number of requests had become more prevalent in the last two years - and the requests have often been granted with a stroke of a magistrate's pen. Prosecutors, while acknowledging that they have to get a court order before obtaining real-time cell-site data, argue that the relevant standard is found in a 1994 amendment to the 1986 Stored Communications Act, a law that governs some aspects of cellphone surveillance. The standard calls for the government to show "specific and articulable facts" that demonstrate that the records sought are "relevant and material to an ongoing investigation" - a standard lower than the probable-cause hurdle. The magistrate judges, however, ruled that surveillance by cellphone - because it acts like an electronic tracking device that can follow people into homes and other personal spaces - must meet the same high legal standard required to obtain a search warrant to enter private places. "Permitting surreptitious conversion of a cellphone into a tracking device without probable cause raises serious Fourth Amendment concerns, especially when the phone is monitored in the home or other places where privacy is reasonably expected," wrote Stephen W. Smith, a magistrate in Federal District Court in the Southern District of Texas, in his ruling. "The distinction between cell site data and information gathered by a tracking device has practically vanished," wrote Judge Smith. He added that when a phone is monitored, the process is usually "unknown to the phone users, who may not even be on the phone." Prosecutors in the recent cases also unsuccessfully argued that the expanded police powers under the USA Patriot Act could be read as allowing cellphone tracking under a standard lower than probable cause. As Judge Smith noted in his 31-page opinion, the debate goes beyond a question of legal standard. In fact, the nature of digital communications makes it difficult to distinguish between content that is clearly private and information that is public. When information is communicated on paper, for instance, it is relatively clear that information written on an envelope deserves a different kind of protection than the contents of the letter inside. But in a digital era, the stream of data that carries a telephone conversation or an e-mail message contains a great deal of information - like when and where the communications originated. In the digital era, what's on the envelope and what's inside of it, "have absolutely blurred," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a privacy advocacy group. And that makes it harder for courts to determine whether a certain digital surveillance method invokes Fourth Amendment protections against unreasonable searches. In the cellular-tracking cases, some legal experts say that the Store Communications Act refers only to records of where a person has been, i.e. historical location data, but does not address live tracking. Kevin Bankston, a lawyer for the Electronic Frontier Foundation, a privacy advocacy group that has filed briefs in the case in the Eastern District of New York, said the law did not speak to that use. James Orenstein, the magistrate in the New York case, reached the same conclusion, as did Judge Smith in Houston and James Bredar, a magistrate judge in the Federal District Court in Maryland. Orin S. Kerr, a professor at the George Washington School of Law and a former trial attorney in the Justice Department specializing in computer law, said the major problem for prosecutors was Congress did not appear to have directly addressed the question of what standard prosecutors must meet to obtain cell-site information as it occurs. "There's no easy answer," Mr. Kerr said. "The law is pretty uncertain here." Absent a Congressional directive, he said, it is reasonable for magistrates to require prosecutors to meet the probable-cause standard. Mr. Fishman of Catholic University said that such a requirement could hamper law enforcement's ability to act quickly because of the paperwork required to show probable cause. But Mr. Fishman said he also believed that the current law was unclear on the issue. Judge Smith "has written a very, very persuasive opinion," Mr. Fishman said. "The government's argument has been based on some tenuous premises." He added that he sympathized with prosecutors' fears. "Something that they've been able to use quite successfully and usefully is being taken away from them or made harder to get," Mr. Fishman said. "I'd be very, very frustrated." --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Mon Dec 12 07:32:45 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 12 Dec 2005 16:32:45 +0100 Subject: [solinym@gmail.com: Re: [Clips] Engineer Outwits Fingerprint Recognition Devices with Play-Doh] Message-ID: <20051212153245.GZ2249@leitl.org> ----- Forwarded message from "Travis H." ----- From eugen at leitl.org Mon Dec 12 09:26:33 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 12 Dec 2005 18:26:33 +0100 Subject: Tor client over Java LINUX In-Reply-To: <20051212171223.GA31477@proton.jfet.org> References: <20051211085331.GD2249@leitl.org> <20051212171223.GA31477@proton.jfet.org> Message-ID: <20051212172633.GE2249@leitl.org> On Mon, Dec 12, 2005 at 12:12:23PM -0500, Riad S. Wahby wrote: > Tyler Durden wrote: > > I recently read that a simple LINUX OS has been written in java. > > Have a reference handy? I'm just curious to see where they're going > with this. I presume everybody has seen http://www.masswerk.at/jsuix/ right? > I suppose all you'd really need is a linux kernel that'll run on the > JVM, which shouldn't be too hard to do. -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From eugen at leitl.org Mon Dec 12 09:33:18 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 12 Dec 2005 18:33:18 +0100 Subject: Tor client over Java LINUX In-Reply-To: References: <20051211085331.GD2249@leitl.org> Message-ID: <20051212173318.GG2249@leitl.org> On Mon, Dec 12, 2005 at 11:41:25AM -0500, Tyler Durden wrote: > This could allow anyone at a public computer to open a Java-based Tor > client (from a Tor website, of course), from pretty much anywhere (though I > imagine Tor-on-Java would be resource hungry). There's a Tor park Tor/Firefox appliance, which can be started off local drive or an USB stick. IIRC the author of Torpark might be developing a Tor Firefox plugin. -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From bafiggsub at yahoo.com Mon Dec 12 04:47:55 2005 From: bafiggsub at yahoo.com (Armand Hollingsworth) Date: Mon, 12 Dec 2005 18:47:55 +0600 Subject: Buy Rolex Today GgaIDL Message-ID: <3A347EE3.7684.0815C2D5@localhost> Highest qualities Replika Watches now HERE! We guarantees: - 99.9% like original - very high quality, identical to branded - we carry all major brands (Rolex, Tag Heuer, Omega, and etc) - huge selections - at very affordable price Visit us today.. http://043.wepartytonight.com o-ut of mai-lling lisst: http://043.dustymorena.com/rm/ N2Avc From eugen at leitl.org Mon Dec 12 11:25:34 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 12 Dec 2005 20:25:34 +0100 Subject: [Serguei.Osokine@efi.com: RE: [p2p-hackers] p2p in some place or other] Message-ID: <20051212192534.GI2249@leitl.org> ----- Forwarded message from Serguei Osokine ----- From rah at shipwright.com Mon Dec 12 18:29:59 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 12 Dec 2005 21:29:59 -0500 Subject: [Clips] Hacker attacks in US linked to Chinese military: researchers Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Mon, 12 Dec 2005 19:39:51 -0500 To: Philodox Clips List From: "R. A. Hettinga" Subject: [Clips] Hacker attacks in US linked to Chinese military: researchers Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com BREITBART.COM - Hacker attacks in US linked to Chinese military: researchers Dec 12 5:56 PM US/Eastern A systematic effort by hackers to penetrate US government and industry computer networks stems most likely from the Chinese military, the head of a leading security institute said. The attacks have been traced to the Chinese province of Guangdong, and the techniques used make it appear unlikely to come from any other source than the military, said Alan Paller, the director of the SANS Institute, an education and research organization focusing on cybersecurity. "These attacks come from someone with intense discipline. No other organization could do this if they were not a military organization," Paller said in a conference call to announced a new cybersecurity education program. In the attacks, Paller said, the perpetrators "were in and out with no keystroke errors and left no fingerprints, and created a backdoor in less than 30 minutes. How can this be done by anyone other than a military organization?" Paller said that despite what appears to be a systematic effort to target government agencies and defense contractors, defenses have remained weak in many areas. "We know about major penetrations of defense contractors," he said. Security among private-sector Pentagon contractors may not be as robust, said Paller, because "they are less willing to make it hard for mobile people to get their work done." Paller said the US government strategy appears to be to downplay the attacks, which has not helped the situation. "We have a problem that our computer networks have been terribly and deeply penetrated throughout the United States ... and we've been keeping it secret," he said. "The people who benefit from keeping it secret are the attackers." Although Paller said the hackers probably have not obtained classified documents from the Pentagon, which uses a more secure network, it is possible they stole "extremely sensitive" information. He said it has been documented that US military flight planning software from its Redstone Arsenal was stolen. Pentagon officials confirmed earlier this year that US Defense Department websites are probed hundreds of times a day by hackers, but maintained that no classified site is known to have been penetrated by hackers. The US military has code-named the recent hacker effort "Titan Rain" and has made some strides in counter-hacking to identify the attackers, Paller said. This was first reported by Time magazine. Paller said a series of attacks on British computer networks reported earlier this year may have similar goals, but seems to use different techniques. In the United States, he said there are some areas of improvement such as the case of the Air Force, which has been insisting on better security from its IT vendors. But he argued that "the fundamental error is that America's security strategy relies on writing reports rather than hardening systems." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Mon Dec 12 18:30:00 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 12 Dec 2005 21:30:00 -0500 Subject: [Clips] Despite Govt. Funding, Universities Failing to Produce National Security Experts Message-ID: Reminds me of a problem with West Point graduates before the Mexican War. They made more money as engineers than they did in the Army, and Congress was going the same kind of navel-gazing exercise about paying for people who weren't going to do the jobs they were taught, at government expense, to do. More apropos of cryptography, (besides "financial cryptography is the only cryptography that matters", I mean :-)), I'm reminded of something that Whit Diffie was saying at Authors at MIT couple of years before 9/11 (Come to think of it, the FBI's Kalstrom *was* there, for extra crunchy ironic goodness). Diffie said something about how government can't actually provide computer security, that businesses are going to have to defend "themselves" from individual network-based attacks, and that was going to have interesting consequences. I refer one to the previous post about how Uncle Fed is pointing fingers at Chairman Mao about attacks on US internetworking, for a possible bit of data in this regard... So, yes, I think it's great fun that all these "policy" people, below, are being retreaded into "strategy" (in the Sloan-School business-sense of same) people, and that, guess what, they're going to not only going to be used for their "policy" skills, whatever those are, but also, and more valuably, to second-guess *governments* in their attempts to control business. Having some fun now? I thought so... Cheers, RAH --- begin forwarded text Delivered-To: clips at philodox.com Date: Mon, 12 Dec 2005 21:08:30 -0500 To: Philodox Clips List From: "R. A. Hettinga" Subject: [Clips] Despite Govt. Funding, Universities Failing to Produce National Security Experts Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com Fox News Despite Govt. Funding, Universities Failing to Produce National Security Experts Tuesday, December 06, 2005 By Olivia Albrecht In 1957, the Soviet Union announced the launch of Sputnik 1, the world's first artificial satellite, bringing global attention to the emergence of sophisticated technologies and international security threats that came to characterize the Cold War period. One year after the proverbial launch of the Cold War-- recognizing the relative dearth of regional expertise-- the U.S. government, through Title VI of the National Defense Education Act, established foreign language and area studies programs at American universities such as Harvard, Columbia and Berkeley. The regional studies centers of NDEA aimed to guarantee experts of sufficient quality and quantity to meet U.S. national security needs. Today, at the height of the global war on terror, those same regional studies centers designed to develop the newest generation of international expertise to ensure our national security are failing to produce graduates willing to work for or within the government. Despite the $120 million of federal money annually allocated by Title VI of the Higher Education Act (the successor to the NDEA of 1958) to the regional studies centers, law enforcement agencies and intelligence communities are stuck outsourcing positions such as translators to foreign nationals of uncertain reliability. The worry of such a practice, of course, is that national security can easily be compromised-and indeed it has. Just this past October, for example, an Arabic translator for the Army was arrested for allegedly assisting Iraqi insurgents by stealing classified documents from the Army. Yet, even putting aside the question of whether an outsourced expert may experience a clash of loyalties at some point, there is still a void of Arabic translators: the New York Times last year reported that 120,000 hours of pre-9/11 intelligence "chatter" remains untranslated from Arabic. Unfortunately, the situation with these federally funded regional studies centers is unlike the case of Princeton Unversity's Woodrow Wilson School, which is involved in a lawsuit with the private financial support of the program. The donors, the heirs to the Robertson family who founded the center, argue that Woody-Woo (as it is affectionately named) has not met its mission of preparing students for government service, as too few of its graduates take positions in government. In fact, they are producing more iBankers, consultants, journalists and future officials for governments other than that of the United States'. In the case of the federally funded regional studies centers, the government cannot just yank their funding, like the Robertson heirs threaten to do with their $558 million grant. With the consistent flow of federal money running into these regional studies centers, which were developed to produce international experts for the needs of our national security, how is it possible that we still experience a dearth of experts willing to support the war effort and help protect this nation? With 70 percent of Ph.Ds being earned at Middle Eastern studies centers, how can the United States government afford to do without this talent? Some critics have suggested that the liberal, anti-government lean of campus politics discourages students from entering government service. Regardless of why students are choosing not to put their expertise to work for the government, the fact remains that these centers are failing to produce the national security analysts they were built to cultivate. In this post-9/11 world, the U.S. cannot afford to have Title VI produce Ph.Ds merely for the academic job market. The U.S. has other needs for these intellectual, international experts. One solution includes legislation proposed by Rep. Patrick Tiberi, R-Ohio, and Rep. John Boehner, R-Ohio. Tiberi has proposed H.R. 509, which was recently added as an amendment to Boehner's H.R. 609. H.R. 609 broadly deals with the Higher Education Act of 1965, whereas H.R. 509 addresses only Title VI of the Higher Education Act of 1965 -- the regional studies centers. Addressing the distressing lack of national security personnel being graduated from these regional studies centers, the proposed amendment to Title VI of the Higher Education Act of 1965 recommends the establishment of an international higher education advisory board "to ensure that government-funded programs reflect diverse perspectives and the full range of views on world regions, foreign languages, and international affairs." The primary function of the advisory board is to recommend ways "to improve programs to better reflect the national needs related to homeland security." However, it is critical to note that the bill clearly states that the board is not authorized to "mandate, direct, or control an institution of higher education's specific instructional content, curriculum, or program of instruction." It is merely authorized to study, appraise and evaluate a sample of program activities, including curriculum. Critics of such amendments fear that the true motivation for the government's involvement in the regional studies centers is not national security needs, but rather fear of intellectual criticism of their own foreign policy. They fear a "Big Brother" in the universities. However, this criticism is misguided. First, the legislation is very particular in establishing that the board cannot mandate curriculum. It prompts the analysis that, perhaps, it is the academians who are more concerned with criticism of their classroom policy than the government is concerned with criticism of its foreign policy. Secondly, because the regional studies centers are federally funded, such an advisory board is justified. It is permissible to establish accountability at the centers because they use taxpayer money. Fortunately, there are private donors, like the Robertson's children who support the Woodrow Wilson School, who are civic minded enough to demand that their money be spent for the original purpose of these institutions: to develop intellectuals to serve the nation. For the federally funded universities of the regional studies centers, we must rely on innovative legislation. Olivia Albrecht is the John Tower National Security Fellow with the Center for Security Policy in Washington, D.C. Ms. Albrecht researches international relations and national security issues, with a focus on the 'Islamofascist' phenomenon. Albrecht previously worked for the Pentagon (Non-Proliferation Policy) and with the Heritage Foundation, and is a graduate of Princeton University with a degree in Philosophy. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From alenlpeacock at gmail.com Tue Dec 13 07:41:56 2005 From: alenlpeacock at gmail.com (Alen Peacock) Date: Tue, 13 Dec 2005 08:41:56 -0700 Subject: [p2p-hackers] p2p in some place or other Message-ID: On 12/13/05, Michael Rogers wrote: > > Then how about internal motivation: the faster you upload, the faster > you can download, and the more files you share, the more likely you are > to be able to upload. I've come up with a half-baked incentive mechanism > for Gnutella based on these principles: > > http://www.cs.ucl.ac.uk/staff/M.Rogers/gnutella-incentives.html > > No identity mechanism required I'm afraid ;-) Neat ideas. Like you, I'm a big believer in incentive-based decisions. I just peaked at your "Cooperation in Decentralized Networks" paper, and I notice that you do require exchange of public keys, authentication with those keys, and some sort of history of reciprocation, no? This is what I'm talking about when I say 'identity' and 'trust'. Each node has to be able to positively certify the identities of other nodes, and what you seem to be building is essentially a trust system built on top of those strong identities. Without the ability to certify node identities, you'd have a system that was very susceptible to imposter nodes leeching resources (in the form of reciprocation) that they hadn't earned, right? Perhaps I confused the issue by using the word 'identity,' which in some circles is used only to talk about the concept of linking a virtual presence to a meatspace entity. That isn't what I intended. What I meant was exactly what you describe: use of assymetric keys to establish and prove peer IDs, use of those IDs to learn something about the behavior of other agents in the network, and use of that knowledge to make appropriate incentive-based decisions. > > But, isn't it more interesting to think about building systems that > > have some fairness guarantees than building ones that don't? > > Define fairness :-) I'm more interested in mutual benefit. Well, I don't know if my semantics are standard, but the concept of 'fairness' I was thinking of was one that was purposely broad -- an umbrella under which 'mutual benefit' is certainly an essential piece. Alen _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From jamespwalker at gmail.com Mon Dec 12 15:03:52 2005 From: jamespwalker at gmail.com (James Walker) Date: Tue, 13 Dec 2005 10:03:52 +1100 Subject: [FoRK] Choking the Internet Message-ID: Choking the Internet: How much longer will your favorite sites be on line? By Wayne Madsen December 9, 2005 -- Internet censorship. It did not happen overnight but slowly came to America's shores from testing grounds in China and the Middle East. Progressive and investigative journalist web site administrators are beginning to talk to each other about it, e-mail users are beginning to understand why their e-mail is being disrupted by it, major search engines appear to be complying with it, and the low to equal signal-to-noise ratio of legitimate e-mail and spam appears to be perpetuated by it. In this case, "it," is what privacy and computer experts have long warned about: massive censorship of the web on a nationwide and global scale. For many years, the web has been heavily censored in countries around the world. That censorship continues at this very moment. Now it is happening right here in America. The agreement by the Congress to extend an enhanced Patriot Act for another four years will permit the political enforcers of the Bush administration, who use law enforcement as their proxies, to further clamp censorship controls on the web. Internet Censorship: The Warning Signs Were Not Hidden The warning signs for the crackdown on the web have been with us for over a decade. The Clipper chip controversy of the 90s, John Poindexter's Total Information Awareness (TIA) system pushed in the aftermath of 9-11, backroom deals between the Federal government and the Internet service industry, and the Patriot Act have ushered in a new era of Internet censorship, something just half a decade ago computer programmers averred was impossible given the nature of the web. They were wrong, dead wrong. Take for example of what recently occurred when two journalists were taking on the phone about a story that appeared on Google News. The story was about a Christian fundamentalist move in Congress to use U.S. military force in Sudan to end genocide in Darfur. The story appeared on the English Google News site in Qatar. But the very same Google News site when accessed simultaneously in Washington, DC failed to show the article. This censorship is accomplished by geolocation filtering: the restriction or modifying of web content based on the geographical region of the user. In addition to countries, such filtering can now be implemented for states, cities, and even individual IP addresses. With reports in the Swedish newspaper Svensa Dagbladet today that the United States has transmitted a Homeland Security Department "no fly" list of 80,000 suspected terrorists to airport authorities around the world, it is not unreasonable that a "no [or restricted] surfing/emailing" list has been transmitted to Internet Service Providers around the world. The systematic disruptions of web sites and email strongly suggests that such a list exists. News reports on CIA prisoner flights and secret prisons are disappearing from Google and other search engines like Alltheweb as fast as they appear. Here now, gone tomorrow is the name of the game. Google is systematically failing to list and link to articles that contain explosive information about the Bush administration, the war in Iraq, Al Qaeda, and U.S. political scandals. But Google is not alone in working closely to stifle Internet discourse. America On Line, Microsoft, Yahoo and others are slowly turning the Internet into an information superhighway dominated by barricades, toll booths, off-ramps that lead to dead ends, choke points, and security checks. America On Line is the most egregious is stifling Internet freedom. A former AOL employee noted how AOL and other Internet Service Providers cooperate with the Bush administration in censoring email. The Patriot Act gave federal agencies the power to review information to the packet level and AOL was directed by agencies like the FBI to do more than sniff the subject line. The AOL term of service (TOS) has gradually been expanded to grant AOL virtually universal power regarding information. Many AOL users are likely unaware of the elastic clause, which says they will be bound by the current TOS and any TOS revisions which AOL may elect at any time in the future. Essentially, AOL users once agreed to allow the censorship and non-delivery of their email. Microsoft has similar requirements for Hotmail as do Yahoo and Google for their respective e-mail services. There are also many cases of Google's search engine failing to list and link to certain information. According to a number of web site administrators who carry anti-Bush political content, this situation has become more pronounced in the last month. In addition, many web site administrators are reporting a dramatic drop-off in hits to their sites, according to their web statistic analyzers. Adding to their woes is the frequency at which spam viruses are being spoofed as coming from their web site addresses. Government disruption of the political side of the web can easily be hidden amid hyped mainstream news media reports of the latest "boutique" viruses and worms, reports that have more to do with the sales of anti-virus software and services than actual long-term disruption of banks, utilities, or airlines. Internet Censorship in the US: No Longer a Prediction Google, Microsoft, Yahoo, and Cisco Systems have honed their skills at Internet censorship for years in places like China, Jordan, Tunisia, Saudi Arabia, the United Arab Emirates, Vietnam, and other countries. They have learned well. They will be the last to admit they have imported their censorship skills into the United States at the behest of the Bush regime. Last year, the Bush-Cheney campaign blocked international access to its web site -- www.georgewbush.com -- for unspecified "security reasons." Only those in the Federal bureaucracy and the companies involved are in a position to know what deals have been made and how extensive Internet censorship has become. They owe full disclosure to their customers and their fellow citizens. _______________________________________________ FoRK mailing list http://xent.com/mailman/listinfo/fork ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From camera_lumina at hotmail.com Tue Dec 13 08:16:04 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 13 Dec 2005 11:16:04 -0500 Subject: Tor client over Java LINUX In-Reply-To: <20051212173318.GG2249@leitl.org> Message-ID: Well, I've been playing with one of those little Tor USB doohickeys. But that's a very different thing from allowing anyone, anywhere to pull a Tor client down onto a java virtual machine. Of course I'll grant that such a publically available Tor node offers a kind of anonymity that most Cypherpunks would pass on, but I still maintain that huge increases in quasi-anonymous traffic* is good for those of us who roll our own, more secure communications. -TD * By Quasi-anonymous I mean potentially breakable, but only through the exertion of significant TLA resources. In other words, too expensive to do fishing expeditions on big-mouths. >From: Eugen Leitl >To: Tyler Durden , cypherpunks at jfet.org >Subject: Re: Tor client over Java LINUX >Date: Mon, 12 Dec 2005 18:33:18 +0100 > >On Mon, Dec 12, 2005 at 11:41:25AM -0500, Tyler Durden wrote: > > > This could allow anyone at a public computer to open a Java-based Tor > > client (from a Tor website, of course), from pretty much anywhere >(though I > > imagine Tor-on-Java would be resource hungry). > >There's a Tor park Tor/Firefox appliance, which can be started off >local drive or an USB stick. > >IIRC the author of Torpark might be developing a Tor Firefox plugin. > >-- >Eugen* Leitl leitl http://leitl.org >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.ativel.com >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From rabbi at abditum.com Tue Dec 13 11:48:31 2005 From: rabbi at abditum.com (Len Sassaman) Date: Tue, 13 Dec 2005 11:48:31 -0800 (PST) Subject: [p2p-hackers] CodeCon submission deadline reminder Message-ID: Here's a reminder that the deadline for submissions to CodeCon 2006 is this week. Feel free to forward this to project developers who might not otherwise see it. --Len. -- CodeCon 2006 February 10-12, 2006 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presentations must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: December 15, 2005 * Authors notified: January 1, 2006 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls Presentations will be 45 minutes long, with 15 minutes allocated for Q&A. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are November 15, and December 15. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. Ideally, demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Our venue will be 21+. To submit, send mail to submissions-2006 at codecon.org including the following information: * Project name * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chair: Jonathan Moore Program Chair: Len Sassaman Program Committee: * Bram Cohen, BitTorrent, USA * Jered Floyd, Permabit, USA * Ian Goldberg, Zero-Knowledge Systems, CA * Dan Kaminsky, Avaya, USA * Ben Laurie, The Bunker Secure Hosting, UK * Nick Mathewson, The Free Haven Project, USA * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Meredith L. Patterson, University of Iowa, USA * Len Sassaman, Katholieke Universiteit Leuven, BE Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at codecon-admin at codecon.org. Press policy: CodeCon provides a limited number of passes to qualifying press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail codecon-admin at codecon.org. Please note this address is only for questions and administrative requests, and not for workshop presentation submissions. _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From Serguei.Osokine at efi.com Tue Dec 13 11:50:31 2005 From: Serguei.Osokine at efi.com (Serguei Osokine) Date: Tue, 13 Dec 2005 11:50:31 -0800 Subject: [p2p-hackers] p2p in some place or other Message-ID: On Tuesday, December 13, 2005 Michael Rogers wrote: > I believe eMule allows the uploader to assign different priorities > to different files - I'd like to be able to do this in Gnutella, to > make the rarer (or better) content on my node easier to find... Tha is more like "easier to download", but I see what you're saying. Yes, at some point I used to place hight hopes on this method, basically thinking that the transfer rates for the rare content can be improved at the expense of the popular one. Popular content can be found at lots of places anyway, so penalizing it should not hurt all that much; for me the goal was to equalize the download rates for all content regardless of its popularity. So if improving the rare content download speed would make the widely distributed content transfers a bit slower (because the systemwide cumulative uplink bandwidth is a scarce resource, after all), so be it. Unfortunately the statistical research of the P2P systems (the one that I've already quoted in this thread) shows that from the uploader standpoint the prioritization of rare vs popular content does not cover a very significant percentage of all upload situations. The typical upload scenario is not only "some popular, some rare, so give the rare more bandwidth". Just as widespread is "many rare uploads from one node", in which case changing their relative priorities is pointless, and also "rare upload from a single node", in which case no matter what this node does, the speed is going to be substandard. And let me reemphasize this again - these scenarios seem to be very common. Essentially the download speed for the rare content is limited by the uplink rates of the nodes with rare content, even if all the nodes are always on and spend just a small percantage of their online time downloading. For popular content, you can have very fast downloads in such a case; you can even saturate your downlink if you wish. But for rare content, you're still stuck with whatever is the uplink rate of a single node that has this file. As the nodes start spending more time on line, this disparity becomes more and more pronounced no matter how you prioritize the uploads. And seeing this causes the user frustration on a significant percentage of all downloads (on everything that is in the long tail). Best wishes - S.Osokine. 13 Dec 2005. -----Original Message----- From: p2p-hackers-bounces at zgp.org [mailto:p2p-hackers-bounces at zgp.org]On Behalf Of Michael Rogers Sent: Tuesday, December 13, 2005 3:25 AM To: Peer-to-peer development. Subject: Re: [p2p-hackers] p2p in some place or other Serguei Osokine wrote: > And the reason for this is quite understandable - if most of > the content exists in just one or two copies, what good are the swarm > downloaders and other marvelous instruments of progress? This single > copy that you need might be on a single host behind the modem in > Albania, the host might go off-line at any moment, and to make it > more fun, it might be trying to upload five other files (different > files, mind you) to five other people at the same time. I believe eMule allows the uploader to assign different priorities to different files - I'd like to be able to do this in Gnutella, to make the rarer (or better) content on my node easier to find, almost like a recommendation system. Cheers, Michael _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Tue Dec 13 03:09:25 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 13 Dec 2005 12:09:25 +0100 Subject: [jamespwalker@gmail.com: [FoRK] Choking the Internet] Message-ID: <20051213110925.GL2249@leitl.org> ----- Forwarded message from James Walker ----- From eugen at leitl.org Tue Dec 13 07:21:42 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 13 Dec 2005 16:21:42 +0100 Subject: [gnu@toad.com: "Live Tracking of Mobile Phones Prompts Court Fights on Privacy"] Message-ID: <20051213152142.GA2249@leitl.org> ----- Forwarded message from John Gilmore ----- From eugen at leitl.org Tue Dec 13 07:42:50 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 13 Dec 2005 16:42:50 +0100 Subject: [alenlpeacock@gmail.com: Re: [p2p-hackers] p2p in some place or other] Message-ID: <20051213154250.GF2249@leitl.org> ----- Forwarded message from Alen Peacock ----- From eugen at leitl.org Tue Dec 13 08:20:54 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 13 Dec 2005 17:20:54 +0100 Subject: Tor client over Java LINUX In-Reply-To: References: <20051212173318.GG2249@leitl.org> Message-ID: <20051213162054.GH2249@leitl.org> On Tue, Dec 13, 2005 at 11:16:04AM -0500, Tyler Durden wrote: > Of course I'll grant that such a publically available Tor node offers a > kind of anonymity that most Cypherpunks would pass on, but I still maintain > that huge increases in quasi-anonymous traffic* is good for those of us who > roll our own, more secure communications. A really good multiplier would be to package Tor into a malware vector. Dialup is worse than useless, but residential broadband means 100 MBit/s (and sometimes more) in some places. 260 TByte/month is nothing to sneeze at. -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From Ogoda at optonline.com Tue Dec 13 13:44:29 2005 From: Ogoda at optonline.com (Millie Mata) Date: Tue, 13 Dec 2005 19:44:29 -0200 Subject: Fw: ... Message-ID: <200512132153.jBDLri96001007@proton.jfet.org> Sir/Madam, Your present homeloan meets the criteria for you to receive sizable rebates. Our service will connect you with the most capable broker, so that you will have more finances in your bank account at the end of each month. Its really that simple.. Myriads of Americans are Re-Fi-Nancing their houses every day. Now its your time. This succinct 1 minute form will be your next rung on the ladder towards true percuniary security. With kind regards, Millie Mata Should you choose not to collect this opportunity any further say no more. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 751 bytes Desc: not available URL: From eugen at leitl.org Tue Dec 13 11:49:38 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 13 Dec 2005 20:49:38 +0100 Subject: [rabbi@abditum.com: [p2p-hackers] CodeCon submission deadline reminder] Message-ID: <20051213194938.GQ2249@leitl.org> ----- Forwarded message from Len Sassaman ----- From eugen at leitl.org Tue Dec 13 11:56:03 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 13 Dec 2005 20:56:03 +0100 Subject: [Serguei.Osokine@efi.com: RE: [p2p-hackers] p2p in some place or other] Message-ID: <20051213195603.GR2249@leitl.org> ----- Forwarded message from Serguei Osokine ----- From declan at well.com Wed Dec 14 08:00:49 2005 From: declan at well.com (Declan McCullagh) Date: Wed, 14 Dec 2005 08:00:49 -0800 Subject: [Politech] E.U. Parliament votes to force "data retention" on telecom, Net firms [priv] Message-ID: Previous Politech messages: http://www.politechbot.com/2005/12/05/european-data-retention/ http://www.politechbot.com/2005/09/23/european-commission-proposes/ http://www.politechbot.com/2005/06/16/feds-contemplate-forcing/ -------- Original Message -------- Subject: EU Parliament agrees to data retention Date: Wed, 14 Dec 2005 16:20:00 +0100 From: Ralf Bendrath Reply-To: bendrath at zedat.fu-berlin.de To: Declan McCullagh Declan, something for Politech? Very bad news from Europe. The European Parliament this morning voted in favour of a backroom deal that had been made between the two big parties in Brussels and the Council of Ministers, currently chaired by the UK. The deal completely ignored the amendmends proposed by the Parliament's Rapporteur and by the Justice and Civil Liberties Committee that was (well - officialy) in charge of the process. After a hot debate and a number of signs of cracks in the party blocks, a majority of 378 parliamentarians voted in favour of mandatory retention of telecommunications data, 197 against, 30 abstained. This is in short what we will get now: - retention of telephone and internet connection data (including email addresses) and location data for mobile phone calls - no harmonisation of the retention period (6 to 24 months but longer is allowed: Poland wants 15 years) - no harmonisation of cost reimbursement for the needed investments on the providers' side - no limitation to certain types of crimes for which access is allowed - retention of unsuccessful call attempts - no independent evaluation - no extra privacy safeguards - follow-up committee without representation from civil rights organisations Civil liberties organizations, consumers organizations and all the telco industry associations as well as journalists associations had been fighting like hell against this major and unprecedented surveillance plan until the last minute. We did not win (the outcome is in fact the worst possible, exactly what the UK home affairs minister Clarke wanted), but we at least raised a lot of awareness and disturbed the conservative and social-democrat party lines. But the UK council presidency had pushed so hard after the London bombings that this directive will enter the EU history as the one which took the shortest time ever from the first Commission draft to the final vote (less than three months - normally they need years). The next steps will be the adoption by the Council of Ministers (before christmas) and then the implementation process into national laws. There will be challenges to this plan before the constitutional courts. I am pretty sure that the German constitutional court will not like it, as it recently had ruled unconstitutional a major eavesdropping plan on phone calls - and that one was only directed at suspicious persons, whereas the EU directive applies to every single communication of all 450 Million inhabitants of the EU. More information, including recordings of the EP debate, is available at . Ralf (European Digital Rights, www.edri.org) _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From roy at rant-central.com Wed Dec 14 06:49:12 2005 From: roy at rant-central.com (Roy M. Silvernail) Date: Wed, 14 Dec 2005 09:49:12 -0500 Subject: EU gone fascist In-Reply-To: <20051214120337.GQ2249@leitl.org> References: <20051214120337.GQ2249@leitl.org> Message-ID: <43A030E8.4060405@rant-central.com> Eugen Leitl wrote: >Now it's official > > http://www.heise.de/newsticker/meldung/67358 > >Having a working Tor network is now more vital than ever. >I've ordered a 10 MBit/s flat rate server, and will start working >on a private high-performance Tor network around turn of the year. > > That page makes the fish crap. How about an executive summary for the kraut-impaired? -- Roy M. Silvernail is roy at rant-central.com, and you're not "It's just this little chromium switch, here." - TFT CRM114->procmail->/dev/null->bliss http://www.rant-central.com From mnl at well.com Wed Dec 14 10:35:27 2005 From: mnl at well.com (Mike Liebhold) Date: Wed, 14 Dec 2005 10:35:27 -0800 Subject: [Geowanking] new Microsoft privacy policy? Message-ID: Jeremy Irish wrote: >Many seem to faint in the site of Microsoft knowing your location - Jeremy, This is not about "fainting" , and the problem is -much- larger than Microsoft. Privacy concerns, have in part delayed the availibility of location APIs from telcos and from others including Google, et. al. Intel has been widely praised for breaking a conceptual logjam. When it became clearer that Microsoft was actually going to productize the technology, a lot of us expected that they would embrace the same philosophy in their implementation. Instead, the published a privacy disclaimer that, instead of reinforcing privacy -equivocated- on privacy, despite the misleading and insincere introduction " your privacy is important" The good news is that I got a note, this morning from Microsoft [thanks Nat] agreeing essentially and promising to revisit the policy and to draft a new privacy statement to reflect a genuine emphasis on privacy in the "location finder" service ofering. -Mike _______________________________________________ Geowanking mailing list Geowanking at lists.burri.to http://lists.burri.to/mailman/listinfo/geowanking ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Wed Dec 14 04:03:37 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 14 Dec 2005 13:03:37 +0100 Subject: EU gone fascist Message-ID: <20051214120337.GQ2249@leitl.org> Now it's official http://www.heise.de/newsticker/meldung/67358 Having a working Tor network is now more vital than ever. I've ordered a 10 MBit/s flat rate server, and will start working on a private high-performance Tor network around turn of the year. If you wish to collaborate, and I don't have your address yet, drop me a line. -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From stefan.kelm at secorvo.de Wed Dec 14 05:42:51 2005 From: stefan.kelm at secorvo.de (Stefan Kelm) Date: Wed, 14 Dec 2005 14:42:51 +0100 Subject: Deal on EU data retention law Message-ID: [http://www.europarl.eu.int/news/expert/infopress_page/019-3536-348-12-50-902 -20051206IPR03225-14-12-2005-2005--false/default_en.htm] Deal on EU data retention law The European Parliament adopted today by 378 votes in favour, 197 against and 30 abstentions a directive on data retention in first reading. The final text negotiated beforehand with the Council aims to facilitate judicial co-operation in criminal matters by approximating Member States' legislation on the retention of data processed by telecommunications companies. The directive covers traffic and location data generated by telephony, SMS and internet, but not the content of the information communicated. The new EU law will help national authorities to track down possible criminals and terrorists by granting them access to a list of all telephone calls, SMS or Internet connections made by suspects during the previous few months. The amendments finally adopted were a compromise between the PES and EPP groups with the Council and differed in some key points to the draft directive adopted initially by the Civil Liberties Committee. The GUE, Greens and UEN groups and some members from the ALDE group voted against the directive in the final vote. Alexander Nuno ALVARO (ALDE, DE) was unhappy with the result of the compromise adopted and withdrew his name as rapporteur. Limited access to data In the final text adopted, Parliament is proposing a number of amendments to the Commission text to restrict the use of retained data and ensure that the future law fully respects the privacy of the telephone and internet users. On the aim of the directive, MEPs agree with the need to retain data for the detection, investigation and prosecution of crime, but only for ?specified forms? of serious criminal offences (terrorism and organised crime), and not for the mere ?prevention? of all kinds of crime. MEPs feel that the concept of prevention is too vague and could lead to abuse of the system from national authorities. The directive will provide for data to be retained by the telecommunications companies for a minimum of six months and a maximum of 24. MEPs also added a provision for ?effective, proportionate and dissuasive? penal sanctions for companies who fail to store the data or misuse the retained information. Only the competent authorities determined by Member States should have access to the retained data from phone or internet providers. Furthermore, each national government will designate an independent authority responsible for monitoring the use of the data. MEPs also establish that access to retained data should be limited to specific purpose and on a case by case basis (push system): each time, the authorities would need to request to the telecom company that the data related to a concrete suspect, instead of having granted access to the whole database. As for the type of data to be retained, MEPs finally supported the registration of location data on calls, SMS and internet use, including unsuccessful calls. This point was controversial due to the fact that telecom companies do not currently register lost calls for billing purposes and so to do this using new technologies would be expensive. Spanish MEPs strongly supported the Council position to include the retention of unsuccessful calls, since the terrorist attacks in Madrid were prosecuted thanks to the investigation of specific lost calls from mobile phones. Who foots the bill? Finally, MEPs decided to delete the paragraph in which it was mandatory for Member States to reimburse telecom companies for all additional costs of retention, storage and transmission of data. In the draft directive adopted by the Civil Liberties Committee, MEPs had initially called for the full reimbursement of costs. ------------------------------------------------------- Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 stefan.kelm at secorvo.de, http://www.secorvo.de/ ------------------------------------------------------- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Wed Dec 14 08:20:03 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 14 Dec 2005 17:20:03 +0100 Subject: [declan@well.com: [Politech] E.U. Parliament votes to force "data retention" on telecom, Net firms [priv]] Message-ID: <20051214162003.GA2249@leitl.org> Just as well, I can spare writing up a blurb. ----- Forwarded message from Declan McCullagh ----- From Gwheoa at optonline.com Wed Dec 14 09:17:46 2005 From: Gwheoa at optonline.com (Whitney Benson) Date: Wed, 14 Dec 2005 18:17:46 +0100 Subject: That idea... Message-ID: <200512141729.jBEHT2I9028784@proton.jfet.org> Sir/Madam, Your primary homeloan meets the requirements for you to get generous gains. Our service will connect you with the most expert company, so that you will have more cash in your account at the end of each month. Its really that simple.. Tons of Americans are Re-Fi-Nancing their residences every day. Now its your turn. This quick 1 minute form will be your next step towards categorical financial security. Hoping on the best for you all. Whitney Benson Should you want not to get hold of this opening offer any further say no more. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 745 bytes Desc: not available URL: From dave at farber.net Wed Dec 14 16:23:40 2005 From: dave at farber.net (David Farber) Date: Wed, 14 Dec 2005 19:23:40 -0500 Subject: [IP] Airport ID checks legally enforced? Message-ID: Begin forwarded message: From eugen at leitl.org Wed Dec 14 10:47:01 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 14 Dec 2005 19:47:01 +0100 Subject: [mnl@well.com: [Geowanking] new Microsoft privacy policy?] Message-ID: <20051214184701.GK2249@leitl.org> ----- Forwarded message from Mike Liebhold ----- From eugen at leitl.org Wed Dec 14 11:13:07 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 14 Dec 2005 20:13:07 +0100 Subject: [stefan.kelm@secorvo.de: Deal on EU data retention law] Message-ID: <20051214191306.GN2249@leitl.org> ----- Forwarded message from Stefan Kelm ----- From arma at mit.edu Wed Dec 14 23:35:06 2005 From: arma at mit.edu (Roger Dingledine) Date: Thu, 15 Dec 2005 02:35:06 -0500 Subject: [declan@well.com: [Politech] E.U. Parliament votes to force "data Message-ID: retention" on telecom, Net firms [priv]] User-Agent: Mutt/1.5.9i Reply-To: or-talk at freehaven.net On Thu, Dec 15, 2005 at 01:20:19AM -0500, Jeffrey F. Bloss wrote: > On Wednesday 14 December 2005 08:00 pm, nile wrote: > > Correct me if I'm mistaken, but I believe the laws do not require > > holding onto the content of the call/data, just the routing information > > or phone numbers. If so, it's interesting to note that that's exactly > > what Tor is for - defeating _traffic_ analysis. > > It seems to me that traffic analysis is the one major thing Tor is susceptible > to. Being a real time, the Tor network can be compromised by someone who has > the ability to colate ingress and egress traffic, and this legislation gives > the "EU" the ability to sit back and examine an entire regional network at > its leisure. [snip] > Prior to this "broad" loggin being in place it would have been necessary for > Johnny Law to have some prior knowledge. They'd have to suspect Joe, and then > invest the time and resources in logging both Joe and the blog site. Now, > they can simply sift through the already collected data looking for people > who use Tor connections at the same time the blog is accessed. Alas, I think Jeffrey has it right. Tor aims to provide protection in a scenario where the adversary cannot observe the whole network (or a substantial piece of it). The EU data retention directives directly threaten the security that the current Tor design can provide. There are some anonymity designs that aim to provide protection against this strong level of adversary -- see e.g. http://mixminion.net/ -- but they carry unacceptably high latency for Tor-style connections. As I understand it we're still a ways off from understanding exactly what laws will be passed in each country, and only a while after that will we start to understand what each law will mean. It may turn out to be impractical (or illegal) to put out a blanket query to every ISP in Europe saying "please tell me all users who connected to any of the following 1000 IP addresses in this 10 second period". But even so, once we have a sense of what sorts of attacks are likely, we can also start looking at some specialized padding techniques for Tor users to blend together better without paying too high a price in overhead. The goal is not to beat arbitrary statistical attacks, but to increase false positives (and maybe false negatives) with respect to specific attacks. We may also be able to take advantage of the fact that these adversaries are only partial attackers: even in the best attacks they can only observe perhaps half the network. We may be able to arrange things to increase the doubt in their findings -- though as Jeffrey points out, a patient attacker will use statistics to become increasingly convinced that he has found his target. It really is a shame that Europe has chosen to cripple the security of its citizens and companies in this way. The bad people will continue to break laws and not get caught by this (breaking into computers around the world and using them as stepping stones, using open wireless networks, using botnets, you name it), and honest people and organizations in Europe will always be wondering who has broken into their ISP and grabbed their traffic data -- for espionage, for advertising purposes, for stalking, for who knows. This is reminiscent of the U.S.'s earlier crypto export fiasco, when they chose to undermine their position as the world leader in cryptography, as well as ensure that the good guys were vulnerable while the bad guys were safe. I wonder how this one will turn out. --Roger ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From matej.kovacic at owca.info Wed Dec 14 23:02:33 2005 From: matej.kovacic at owca.info (Matej Kovacic) Date: Thu, 15 Dec 2005 08:02:33 +0100 Subject: Data retention in Europe Message-ID: Hi, > or phone numbers. If so, it's interesting to note that that's exactly > what Tor is for - defeating _traffic_ analysis. Since I live in Europe, just a short explanation of this. Yes, it is about traffic data and not content. So Tor is a good solution to this. But there are some other problems as well. In US there was a case Smith v. Maryland (Smith v. Maryland, 242 U.S. 735 (1979).), which diferentiates between content of communication and traffic data. However, there is State v. Hunt decision (State v. Hunt, 91 N.J. 338, 450 A.2d 952 (1982).), which says individual can expect privacy in traffic data also. But European Court of Human Rights in 1984 (interesting date :-D) in their Malone v. Great Britain decision clearly stated that traffic data are integral part of communication. There are some legal opinions that data retention won't go through so called triple principle test. This test requires that regulation must be a) legal (prescribed by law, law must be accesible to the public) b) necessary in democratic society for the pursuit of a legitimate aim and c) proportionate to the aim pursued. It is also important to know, that European Court of Human Rights critisized so called blanket measures in other decisions as well. So - if there is no suspicion, individual should not be put under surveillance. But data retention is that - surveillance and secret tracking without prior suspicion. The other interesting thing is that this directive was prepared and adopted in very short time. How that? It is likely that some strong lobby was behind direkctive. However, this idea of extended surveilalnce is not new and is NOT the consequence of antiterrorism measures. There are some documents from 1993 which show that extension of surveillance and harmonisation of this area is not new in Europe (see Interception of communications, report to COREPER, ENFOPOL 40, 10090/93, Confidential, Brussels, 16.11.93, published on Statewatch website in 1997). Terrorism is not the reason for this. BTW: one of the latest proposals (I thik this version was also adopted) said retention of data applies to ISP's only. No cybercaffes and public places included. The question is what are you doing in cybercaffe and wha in your home. In cybercaffe you are surfing, posting on forums and checking your mail. But you are not using P2P applications. P2P applications you are using at your home. So which lobby is behind directive? Actually, there is only one lobby strong enough. This is the lobby of anti-piracy groups and industry. It is important to know, that first directive proposals stated that retention is necessariy for fight against terrorism. But then they started to talk about "serious criminal offences". What are they? They are offences, which fall under European arrest warant. The warrant applies in the following cases: a) where a final sentence of imprisonment or a detention order has been imposed for a period of at least four months or b) for offences punishable by imprisonment or a detention order for a maximum period of at least one year. Piracy and filesharing fall under European arrest warrant in some european legislations. OK, it is true, that European arrest warrant is in "crisis" since German constitutional court rejected it, but note this: "no limitation to certain types of crimes for which access is allowed". Slovenian Ministry of justice (I live in Slovenia) declared they support data retention for all crimes which should be prosecuted officially. So next step will be fighting this directive in constitutional courts and finally on the ECHR. Meantime we should propagate using Tor. bye, Matej ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Wed Dec 14 23:48:37 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 15 Dec 2005 08:48:37 +0100 Subject: [dave@farber.net: [IP] Airport ID checks legally enforced?] Message-ID: <20051215074837.GZ2249@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Thu Dec 15 00:12:27 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 15 Dec 2005 09:12:27 +0100 Subject: [matej.kovacic@owca.info: Data retention in Europe] Message-ID: <20051215081227.GK2249@leitl.org> ----- Forwarded message from Matej Kovacic ----- From eugen at leitl.org Thu Dec 15 00:13:10 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 15 Dec 2005 09:13:10 +0100 Subject: [arma@mit.edu: Re: [declan@well.com: [Politech] E.U. Parliament votes to force "data retention" on telecom, Net firms [priv]]] Message-ID: <20051215081310.GL2249@leitl.org> ----- Forwarded message from Roger Dingledine ----- From jbloss at tampabay.rr.com Thu Dec 15 10:00:16 2005 From: jbloss at tampabay.rr.com (Jeffrey F. Bloss) Date: Thu, 15 Dec 2005 13:00:16 -0500 Subject: [declan@well.com: [Politech] E.U. Parliament votes to force "data Message-ID: retention" on telecom, Net firms [priv]] User-Agent: KMail/1.7 Reply-To: or-talk at freehaven.net -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 15 December 2005 02:49 am, David Benfell wrote: > On Thu, 15 Dec 2005 01:20:19 -0500, Jeffrey F. Bloss wrote: > > > With this new logging in place XYZ might be able to force law enforcement > > to perform a simple query of the data to discover exactly who is posting > > the information. It's a simple (?) matter of searching for connection > > times to the blog, and comparing them to times that "Joe" makes > > connections to a Tor node. If Joe builds a new circuit at 2PM and the > > blog is updated at 2:00:01 PM, and this relationship can be demonstrated > > for some period of time, it's pretty clear that it won't take 6 months of > > data to prove beyond any reasonable doubt Joe is the blog owner. > > Suppose the blog is hosted outside Europe, and the blog software > introduces a random delay before actually posting Joe's entry? Sure, anything that removes influence or power from an "attacker" is a generally good thing, but... Jurisdictional borders aren't the panacea they use to be, if they ever really were. Treaties and agreements between nations can make collecting information from foreign sources a matter of an attorney filing the proper form in triplicate. In some number of places that depends completely on specific laws governing each jurisdiction, this is even an advantage for some attackers because getting around local laws and/or security is more difficult than simply asking a foreign official to collect the information for you. There's a depressingly increasing number of jurisdictions where some appointed official can walk through the door and confiscate, log, back door, etc any system on nothing more than a whim. It's theorized that this is why things like ECHELON were deployed outside US borders... to circumvent requirements like showing cause and obtaining warrants. This isn't to say that there's no jurisdictions that might make you safer, just that they're few, far between, and not near as safe as they once were. In fact, I don't believe mandatory logging is anything new even within EU Member Nations. I believe for some of them this is a step backwards if they're somehow restricted to the 6/12 month and "connection only" logging dictated by this new policy. The *real* threat is in the organization and broad scope of the thing. It will effectively transform all of Europe and then some, into one big surveillance tool. :( Anyway, the latency thing probably wouldn't make much difference at all either. It might fool a casual observer who is assessing the published content, but with these sweeping logging requirements there's no need to wait for the page to change when you hit the [refresh] button. ;-) The blog owner logging in to make the changes is what's being automagically logged, or what can be "force" logged from outside a jurisdiction. And half the puzzle is already relatively trivial to solve due to the forced connection logging. You have to assume that an attacker will absolutely know either the origin, or the destination of every packet, and have the ability to do what they will with that data. It's also important to note that blogging was just an out-of-thin-air example, and other types of communications can't be subject to any similar sort of latency. That's my semi-literate layperson's take on things. This EU logging policy is a problem of great concern as I see it. In theory at least, it could make Tor and any other similar distributed "anonymous" network completely and utterly useless for serious users in that jurisdiction, and far less secure for people who cross those jurisdictional lines in either direction. - -- Hand crafted on December 15, 2005 at 12:09:56 -0500 Outside of a dog, a book is a man's best friend. Inside of a dog, it's too dark to read. -Groucho Marx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDoa80RHqalLqKnCkRAmBfAJ40LDCQWPe7+Qn/BiTDXnPpTQBNGQCdHXvo o11JZbb9ft0AuBvclLnNW9I= =0Oh3 -----END PGP SIGNATURE----- ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Thu Dec 15 05:07:26 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 15 Dec 2005 14:07:26 +0100 Subject: fritz chip on the internets Message-ID: <20051215130726.GT2249@leitl.org> Let.s see some ID, please The end of anonymity on the Internet? By Michael Rogers Special to MSNBC Updated: 7:53 a.m. ET Dec. 13, 2005 As the joke goes, on the Internet nobody knows you.re a dog. But although anonymity has been part of Internet culture since the first browser, it.s also a major obstacle to making the Web a safe place to conduct business: Internet fraud and identity theft cost consumers and merchants several billion dollars last year. And many of the other more troubling aspects of the Internet, from spam emails to sexual predators, also have their roots in the ease of masking one.s identity in the online world. Change, however, is on the way. Already over 20 million PCs worldwide are equipped with a tiny security chip called the Trusted Platform Module, although it is as yet rarely activated. But once merchants and other online services begin to use it, the TPM will do something never before seen on the Internet: provide virtually fool-proof verification that you are who you say you are. Some critics say that the chip will change the free-wheeling Web into a police state, while others argue that it.s needed to create a safe public space. But the train has already left the station: by the end of this decade, a TPM will almost certainly be part of your desktop, laptop and even cell phone. The TPM chip was created by a coalition of over one hundred hardware and software companies, led by AMD, Hewlett-Packard, IBM, Microsoft and Sun. The chip permanently assigns a unique and permanent identifier to every computer before it leaves the factory and that identifier can.t subsequently be changed. It also checks the software running on the computer to make sure it hasn.t been altered to act malevolently when it connects to other machines: that it can, in short, be trusted. For now, TPM-equipped computers are primarily sold to big corporations for securing their networks, but starting next year TPMs will be installed in many consumer models as well. With a TPM onboard, each time your computer starts, you prove your identity to the machine using something as simple as a PIN number or, preferably, a more secure system such as a fingerprint reader. Then if your bank has TPM software, when you log into their Web site, the bank.s site also .reads. the TPM chip in your computer to determine that it.s really you. Thus, even if someone steals your username and password, they won.t be able to get into your account unless they also use your computer and log in with your fingerprint. (In fact, with TPM, your bank wouldn.t even need to ask for your username and password . it would know you simply by the identification on your machine.) The same would go for online merchants . once you.d registered yourself and your computer with an Amazon or an e-Bay, they.d simply look for the TPM on your machine to confirm it.s you at the other end. (Of course you could always .fool. the system by starting your computer with your unique PIN or fingerprint and then letting another person use it, but that.s a choice similar to giving someone else your credit card.) Another plus for the TPM is that your computer will be able to make sure that it.s really a legitimate e-commerce site you.re connected to, and not some phishing-style fraud. There would still, of course, be ways that you could access your bank or e-commerce accounts from other computers when you were traveling, but the connection wouldn.t be as secure as using your own computer. Plans are already underway to put TPMs into smartphones and other portable devices as well. The TPM will become even more important as we move toward Web-based applications, where we may actually store our documents and files on remote servers. The TPM could automatically encrypt any files as soon as they left your computer, and only allow decryption privileges to your TPM and any others you might specify. It could automatically encrypt email as well, so that only specific recipients are able to read it. And it could more firmly identify where email originates, taking a big step forward in controlling spam at the source. That is the potential good news. But some critics are worried that the TPM is a step too far. Their concern particularly revolves around using the TPM to control .digital rights management. . that is, what you can and cannot do with the music, movies and software you run on your computer. A movie, for example, would be able to look at the TPM and know whether it was legally licensed to run on that machine, whether it could be copied or sent to others, or whether it was supposed to self-destruct after three viewings. If you tried to do something with the movie that wasn.t allowed in the license, your computer simply wouldn.t cooperate. The same would go for software. Now that Apple is moving to Intel processors, Mac fans are watching closely to see if the new machines will incorporate TPMs. That may be the way that Apple makes sure that its Macintosh operating system only runs on Apple computers . otherwise, hackers will probably be quick to figure out ways to make the new Intel-based Macintosh software run on HP or Dell machines as well. Similar concerns arise around how Microsoft might make use of TPM to insure that its software is used only on machines with paid-up licenses (as one joke has it: .TPM is Bill Gates. way of finally getting the Chinese to pay for software..) Ultimately the TPM itself isn.t inherently evil or good. It will depend entirely on how it.s used, and in that sphere, market and political forces will be more important than technology. Users will still control how much of their identity they wish to reveal . in fact, for complex technical reasons, the TPM will actually also make truly anonymous connections possible, if that.s what both ends of the conversation agree on. And should a media or software company come up with overly Draconian restrictions on how its movies or music or programs can be used, consumers will go elsewhere. (Or worse: Sony overstepped with the DRM on its music CDs recently and is now the target of a dozen or so lawsuits, including ones filed by California and New York.) To future historians, the anonymity we.ve experienced in the first decade of the commercial Internet may in retrospect seem aberrant. In the real world, after all, we carry multiple forms of fixed identification, ranging from our faces and fingerprints to drivers. licenses and social security numbers. Some of these are easier to counterfeit than others, but generally most of us are more comfortable when we can prove who we are. In some situations . driving cars, boarding aircraft . we.re required to have identification. Of course, our real world policies on identification . what kind we must have, when we need to display it . have evolved over centuries of social and political thought and is still, post 9/11, a national hot-button. With the arrival of the Trusted Computing Module, the argument will now extend to cyberspace as well. ) 2005 MSNBC Interactive ) 2005 MSNBC.com URL: http://www.msnbc.msn.com/ID/10441443/ -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Thu Dec 15 10:08:58 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 15 Dec 2005 19:08:58 +0100 Subject: [jbloss@tampabay.rr.com: Re: [declan@well.com: [Politech] E.U. Parliament votes to force "data retention" on telecom, Net firms [priv]]] Message-ID: <20051215180858.GQ2249@leitl.org> ----- Forwarded message from "Jeffrey F. Bloss" ----- From jay.listo at gmail.com Thu Dec 15 07:48:14 2005 From: jay.listo at gmail.com (Jay Listo) Date: Thu, 15 Dec 2005 22:48:14 +0700 Subject: EU gone fascist In-Reply-To: <43A030E8.4060405@rant-central.com> References: <20051214120337.GQ2249@leitl.org> <43A030E8.4060405@rant-central.com> Message-ID: <43A1903E.5010309@gmail.com> For non-deutsch readers... http://www.iht.com/articles/2005/12/14/business/data.php Roy M. Silvernail wrote: >Eugen Leitl wrote: > > > >>Now it's official >> >> http://www.heise.de/newsticker/meldung/67358 >> >>Having a working Tor network is now more vital than ever. >>I've ordered a 10 MBit/s flat rate server, and will start working >>on a private high-performance Tor network around turn of the year. >> >> >> >> >That page makes the fish crap. How about an executive summary for the >kraut-impaired? From rah at shipwright.com Thu Dec 15 21:11:50 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 16 Dec 2005 00:11:50 -0500 Subject: [Clips] Bush Secretly Lifted Some Limits on Spying in U.S. After 9/11, Officials Say Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Fri, 16 Dec 2005 00:10:31 -0500 To: Philodox Clips List From: "R. A. Hettinga" Subject: [Clips] Bush Secretly Lifted Some Limits on Spying in U.S. After 9/11, Officials Say Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com The New York Times December 15, 2005 Bush Secretly Lifted Some Limits on Spying in U.S. After 9/11, Officials Say By JAMES RISEN and ERIC LICHTBLAU WASHINGTON, Dec. 15 - Months after the Sept. 11 attacks, President Bush secretly authorized the National Security Agency to eavesdrop on Americans and others inside the United States to search for evidence of terrorist activity without the court-approved warrants ordinarily required for domestic spying, according to government officials. Under a presidential order signed in 2002, the intelligence agency has monitored the international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States without warrants over the past three years in an effort to track possible "dirty numbers" linked to Al Qaeda, the officials said. The agency, they said, still seeks warrants to monitor entirely domestic communications. The previously undisclosed decision to permit some eavesdropping inside the country without court approval represents a major shift in American intelligence-gathering practices, particularly for the National Security Agency, whose mission is to spy on communications abroad. As a result, some officials familiar with the continuing operation have questioned whether the surveillance has stretched, if not crossed, constitutional limits on legal searches. "This is really a sea change," said a former senior official who specializes in national security law. "It's almost a mainstay of this country that the N.S.A. only does foreign searches." Nearly a dozen current and former officials, who were granted anonymity because of the classified nature of the program, discussed it with reporters for The New York Times because of their concerns about the operation's legality and oversight. According to those officials and others, reservations about aspects of the program have also been expressed by Senator John D. Rockefeller IV, the West Virginia Democrat who is the vice chairman of the Senate Intelligence Committee, and a judge presiding over a secret court that oversees intelligence matters. Some of the questions about the agency's new powers led the administration to temporarily suspend the operation last year and impose more restrictions, the officials said. The Bush administration views the operation as necessary so that the agency can move quickly to monitor communications that may disclose threats to this country, the officials said. Defenders of the program say it has been a critical tool in helping disrupt terrorist plots and prevent attacks inside the United States. Administration officials are confident that existing safeguards are sufficient to protect the privacy and civil liberties of Americans, the officials say. In some cases, they said, the Justice Department eventually seeks warrants if it wants to expand the eavesdropping to include communications confined within the United States. The officials said the administration had briefed Congressional leaders about the program and notified the judge in charge of the Foreign Intelligence Surveillance Court, the secret Washington court that deals with national security issues. The White House asked The New York Times not to publish this article, arguing that it could jeopardize continuing investigations and alert would-be terrorists that they might be under scrutiny. After meeting with senior administration officials to hear their concerns, the newspaper delayed publication for a year to conduct additional reporting. Some information that administration officials argued could be useful to terrorists has been omitted. While many details about the program remain secret, officials familiar with it said the N.S.A. eavesdropped without warrants on up to 500 people in the United States at any given time. The list changes as some names are added and others dropped, so the number monitored in this country may have reached into the thousands over the past three years, several officials said. Overseas, about 5,000 to 7,000 people suspected of terrorist ties are monitored at one time, according to those officials. Several officials said the eavesdropping program had helped uncover a plot by Iyman Faris, an Ohio trucker and naturalized citizen who pleaded guilty in 2003 to supporting Al Qaeda by planning to bring down the Brooklyn Bridge with blowtorches. What appeared to be another Qaeda plot, involving fertilizer bomb attacks on British pubs and train stations, was exposed last year in part through the program, the officials said. But they said most people targeted for N.S.A. monitoring have never been charged with a crime, including an Iranian-American doctor in the South who came under suspicion because of what one official described as dubious ties to Osama bin Laden. Dealing With a New Threat The eavesdropping program grew out of concerns after the Sept. 11 attacks that the nation's intelligence agencies were not poised to deal effectively with the new threat of Al Qaeda and that they were handcuffed by legal and bureaucratic restrictions better suited to peacetime than war, according to officials. In response, President Bush significantly eased limits on American intelligence and law enforcement agencies and the military. But some of the administration's antiterrorism initiatives have provoked an outcry from members of Congress, watchdog groups, immigrants and others who argue that the measures erode protections for civil liberties and intrude on Americans' privacy. Opponents have challenged provisions of the USA Patriot Act, the focus of contentious debate on Capitol Hill this week, that expand domestic surveillance by giving the Federal Bureau of Investigation more power to collect information like library lending lists or Internet use. Military and F.B.I. officials have drawn criticism for monitoring what were largely peaceful antiwar protests. The Pentagon and the Department of Homeland Security were forced to retreat on plans to use public and private databases to hunt for possible terrorists. And last year, the Supreme Court rejected the administration's claim that those labeled "enemy combatants" were not entitled to judicial review of their open-ended detention. Mr. Bush's executive order allowing some warrantless eavesdropping on those inside the United States including American citizens, permanent legal residents, tourists and other foreigners is based on classified legal opinions that assert that the president has broad powers to order such searches, derived in part from the September 2001 Congressional resolution authorizing him to wage war on Al Qaeda and other terrorist groups, according to the officials familiar with the N.S.A. operation. The National Security Agency, which is based at Fort Meade, Md., is the nation's largest and most secretive intelligence agency, so intent on remaining out of public view that it has long been nicknamed "No Such Agency.'' It breaks codes and maintains listening posts around the world to eavesdrop on foreign governments, diplomats and trade negotiators as well as drug lords and terrorists. But the agency ordinarily operates under tight restrictions on any spying on Americans, even if they are overseas, or disseminating information about them. What the agency calls a "special collection program" began soon after the Sept. 11 attacks, as it looked for new tools to attack terrorism. The program accelerated in early 2002 after the Central Intelligence Agency started capturing top Qaeda operatives overseas, including Abu Zubaydah, who was arrested in Pakistan in March 2002. The C.I.A. seized the terrorists' computers, cellphones and personal phone directories, said the officials familiar with the program. The N.S.A. surveillance was intended to exploit those numbers and addresses as quickly as possible, the officials said. In addition to eavesdropping on those numbers and reading e-mail messages to and from the Qaeda figures, the N.S.A. began monitoring others linked to them, creating an expanding chain. While most of the numbers and addresses were overseas, hundreds were in the United States, the officials said. Under the agency's longstanding rules, the N.S.A. can target for interception phone calls or e-mail messages on foreign soil, even if the recipients of those communications are in the United States. Usually, though, the government can only target phones and e-mail messages in this country by first obtaining a court order from the Foreign Intelligence Surveillance Court, which holds its closed sessions at the Justice Department. Traditionally, the F.B.I., not the N.S.A., seeks such warrants and conducts most domestic eavesdropping. Until the new program began, the N.S.A. typically limited its domestic surveillance to foreign embassies and missions in Washington, New York and other cities, and obtained court orders to do so. Since 2002, the agency has been conducting some warrantless eavesdropping on people in the United States who are linked, even if indirectly, to suspected terrorists through the chain of phone numbers and e-mail addresses, according to several officials who know of the operation. Under the special program, the agency monitors their international communications, the officials said. The agency, for example, can target phone calls from someone in New York to someone in Afghanistan. Warrants are still required for eavesdropping on entirely domestic-to-domestic communications, those officials say, meaning that calls from that New Yorker to someone in California could not be monitored without first going to the Federal Intelligence Surveillance Court. A White House Briefing After the special program started, Congressional leaders from both political parties were brought to Vice President Dick Cheney's office in the White House. The leaders, who included the chairmen and ranking members of the Senate and House intelligence committees, learned of the N.S.A. operation from Mr. Cheney, Gen. Michael V. Hayden of the Air Force, who was then the agency's director and is now the principal deputy director of national intelligence, and George J. Tenet, then the director of the C.I.A., officials said. It is not clear how much the members of Congress were told about the presidential order and the eavesdropping program. Some of them declined to comment about the matter, while others did not return phone calls. Later briefings were held for members of Congress as they assumed leadership roles on the intelligence committees, officials familiar with the program said. After a 2003 briefing, Senator Rockefeller, the West Virginia Democrat who became vice chairman of the Senate Intelligence Committee that year, wrote a letter to Mr. Cheney expressing concerns about the program, officials knowledgeable about the letter said. It could not be determined if he received a reply. Mr. Rockefeller declined to comment. Aside from the Congressional leaders, only a small group of people, including several cabinet members and officials at the N.S.A., the C.I.A. and the Justice Department, know of the program. Some officials familiar with it say they consider warrantless eavesdropping inside the United States to be unlawful and possibly unconstitutional, amounting to an improper search. One government official involved in the operation said he privately complained to a Congressional official about his doubts about the legality of the program. But nothing came of his inquiry. "People just looked the other way because they didn't want to know what was going on," he said. A senior government official recalled that he was taken aback when he first learned of the operation. "My first reaction was, 'We're doing what?' " he said. While he said he eventually felt that adequate safeguards were put in place, he added that questions about the program's legitimacy were understandable. Some of those who object to the operation argue that is unnecessary. By getting warrants through the foreign intelligence court, the N.S.A. and F.B.I. could eavesdrop on people inside the United States who might be tied to terrorist groups without skirting longstanding rules, they say. The standard of proof required to obtain a warrant from the Foreign Intelligence Surveillance Court is generally considered lower than that required for a criminal warrant intelligence officials only have to show probable cause that someone may be "an agent of a foreign power," which includes international terrorist groups and the secret court has turned down only a small number of requests over the years. In 2004, according to the Justice Department, 1,754 warrants were approved. And the Foreign Intelligence Surveillance Court can grant emergency approval for wiretaps within hours, officials say. Administration officials counter that they sometimes need to move more urgently, the officials said. Those involved in the program also said that the N.S.A.'s eavesdroppers might need to start monitoring large batches of numbers all at once, and that it would be impractical to seek permission from the Foreign Intelligence Surveillance Court first, according to the officials. Culture of Caution and Rules The N.S.A. domestic spying operation has stirred such controversy among some national security officials in part because of the agency's cautious culture and longstanding rules. Widespread abuses including eavesdropping on Vietnam War protesters and civil rights activists by American intelligence agencies became public in the 1970's and led to passage of the Foreign Intelligence Surveillance Act, which imposed strict limits on intelligence gathering on American soil. Among other things, the law required search warrants, approved by the secret F.I.S.A. court, for wiretaps in national security cases. The agency, deeply scarred by the scandals, adopted additional rules that all but ended domestic spying on its part. After the Sept. 11 attacks, though, the United States intelligence community was criticized for being too risk-averse. The National Security Agency was even cited by the independent 9/11 Commission for adhering to self-imposed rules that were stricter than those set by federal law. Several senior government officials say that when the special operation first began, there were few controls on it and little formal oversight outside the N.S.A. The agency can choose its eavesdropping targets and does not have to seek approval from Justice Department or other Bush administration officials. Some agency officials wanted nothing to do with the program, apparently fearful of participating in an illegal operation, a former senior Bush administration official said. Before the 2004 election, the official said, some N.S.A. personnel worried that the program might come under scrutiny by Congressional or criminal investigators if Senator John Kerry, the Democratic nominee, was elected president. In mid-2004, concerns about the program expressed by national security officials, government lawyers and a judge prompted the Bush administration to suspend elements of the program and revamp it. For the first time, the Justice Department audited the N.S.A. program, several officials said. And to provide more guidance, the Justice Department and the agency expanded and refined a checklist to follow in deciding whether probable cause existed to start monitoring someone's communications, several officials said. A complaint from Judge Colleen Kollar-Kotelly, the federal judge who oversees the Federal Intelligence Surveillance Court, helped spur the suspension, officials said. The judge questioned whether information obtained under the N.S.A. program was being improperly used as the basis for F.I.S.A. wiretap warrant requests from the Justice Department, according to senior government officials. While not knowing all the details of the exchange, several government lawyers said there appeared to be concerns that the Justice Department, by trying to shield the existence of the N.S.A. program, was in danger of misleading the court about the origins of the information cited to justify the warrants. One official familiar with the episode said the judge insisted to Justice Department lawyers at one point that any material gathered under the special N.S.A. program not be used in seeking wiretap warrants from her court. Judge Kollar-Kotelly did not return calls for comment. A related issue arose in a case in which the F.B.I. was monitoring the communications of a terrorist suspect under a F.I.S.A.-approved warrant, even though the National Security Agency was already conducting warrantless eavesdropping. According to officials, F.B.I. surveillance of Mr. Faris, the Brooklyn Bridge plotter, was dropped for a short time because of technical problems. At the time, senior Justice Department officials worried what would happen if the N.S.A. picked up information that needed to be presented in court. The government would then either have to disclose the N.S.A. program or mislead a criminal court about how it had gotten the information. The Civil Liberties Question Several national security officials say the powers granted the N.S.A. by President Bush go far beyond the expanded counterterrorism powers granted by Congress under the USA Patriot Act, which is up for renewal. The House on Wednesday approved a plan to reauthorize crucial parts of the law. But final passage has been delayed under the threat of a Senate filibuster because of concerns from both parties over possible intrusions on Americans' civil liberties and privacy. Under the act, law enforcement and intelligence officials are still required to seek a F.I.S.A. warrant every time they want to eavesdrop within the United States. A recent agreement reached by Republican leaders and the Bush administration would modify the standard for F.B.I. wiretap warrants, requiring, for instance, a description of a specific target. Critics say the bar would remain too low to prevent abuses. Bush administration officials argue that the civil liberties concerns are unfounded, and they say pointedly that the Patriot Act has not freed the N.S.A. to target Americans. "Nothing could be further from the truth," wrote John Yoo, a former official in the Justice Department's Office of Legal Counsel, and his co-author in a Wall Street Journal opinion article in December 2003. Mr. Yoo worked on a classified legal opinion on the N.S.A.'s domestic eavesdropping program. At an April hearing on the Patriot Act renewal, Senator Barbara A. Mikulski, Democrat of Maryland, asked Attorney General Alberto R. Gonzales and Robert S. Mueller III, the director of the F.B.I., "Can the National Security Agency, the great electronic snooper, spy on the American people?" "Generally," Mr. Mueller said, "I would say generally, they are not allowed to spy or to gather information on American citizens." President Bush did not ask Congress to include provisions for the N.S.A. domestic surveillance program as part of the Patriot Act and has not sought any other laws to authorize the operation. Bush administration lawyers argued that such new laws were unnecessary, because they believed that the Congressional resolution on the campaign against terrorism provided ample authorization, officials said. Seeking Congressional approval was also viewed as politically risky because the proposal would be certain to face intense opposition on civil liberties grounds. The administration also feared that by publicly disclosing the existence of the operation, its usefulness in tracking terrorists would end, officials said. The legal opinions that support the N.S.A. operation remain classified, but they appear to have followed private discussions among senior administration lawyers and other officials about the need to pursue aggressive strategies that once may have been seen as crossing a legal line, according to senior officials who participated in the discussions. For example, just days after the Sept. 11, 2001, attacks on New York and the Pentagon, Mr. Yoo, the Justice Department lawyer, wrote an internal memorandum that argued that the government might use "electronic surveillance techniques and equipment that are more powerful and sophisticated than those available to law enforcement agencies in order to intercept telephonic communications and observe the movement of persons but without obtaining warrants for such uses." Mr. Yoo noted that while such actions could raise constitutional issues, in the face of devastating terrorist attacks "the government may be justified in taking measures which in less troubled conditions could be seen as infringements of individual liberties." The next year, Justice Department lawyers disclosed their thinking on the issue of warrantless wiretaps in national security cases in a little-noticed brief in an unrelated court case. In that 2002 brief, the government said that "the Constitution vests in the President inherent authority to conduct warrantless intelligence surveillance (electronic or otherwise) of foreign powers or their agents, and Congress cannot by statute extinguish that constitutional authority." Administration officials were also encouraged by a November 2002 appeals court decision in an unrelated matter. The decision by the Foreign Intelligence Surveillance Court of Review, which sided with the administration in dismantling a bureaucratic "wall" limiting cooperation between prosecutors and intelligence officers, noted "the president's inherent constitutional authority to conduct warrantless foreign intelligence surveillance." But the same court suggested that national security interests should not be grounds "to jettison the Fourth Amendment requirements" protecting the rights of Americans against undue searches. The dividing line, the court acknowledged, "is a very difficult one to administer." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From koposov_yaroslav at inbox.ru Fri Dec 16 02:36:03 2005 From: koposov_yaroslav at inbox.ru (Refugio Dahl) Date: Fri, 16 Dec 2005 02:36:03 -0800 Subject: sexy baby and bad erection? Message-ID: <200512160038.jBG0cpBW006547@proton.jfet.org> Cialis Soft Tabs is the new impotence treatment drug that everyone is talking about. It has benefits over Viagra and other ED treatment solutions. Here goes some reasons to choose Cialis Soft Tabs: 1. You can mix alcohol drinks with Cialis Soft Tabs without any undesired effects. 2.Cialis Soft Tabs does not make you feel dizzy or make vision blurred, so you can easily drive a car or operate heavy machinery. 3.Cialis soft tabs works much faster than any known ED treatment solution. Cialis Soft Tabs enters the bloodstream directly instead of going through the stomach, thus you need only 15 minutes till you feel the effect. Just look at the graph below If you are interested ? Just click here and Read more about it http://eijhlmbk.mistjoke.com/?acdfgbkxwqowyeijzcthlm AND ALSO Cialis Soft Tabs formula is effective for 95% of the patients. If this treatment is not effective for you, we will refund you for every unopened pack. All you have to do is send them back, and we will immediatley refund your account! From bill.stewart at pobox.com Fri Dec 16 04:41:21 2005 From: bill.stewart at pobox.com (Bill Stewart) Date: December 16, 2005 4:41:21 PM EST Subject: [IP] more on Bush Lets U.S. Spy on Callers Without Courts Message-ID: Neil Munro missed the basic trick that the Bush Administration has done here. Because of extensive previous abuse, Congress banned the NSA and CIA from spying on Americans - they're limited to spying on foreigners, while the FBI and other law enforcement agencies are the only ones who can normally spy on Americans and are subject to Constitutional requirements, like getting warrants for specific searches. The Patriot Act and CALEA let the FBI expand their powers significantly, with tools such as roving wiretaps, but there's still some semblance of court supervision. To accommodate problems like foreign spies talking to Americans, the FISA courts are a court system that operates in secrecy and can issue warrants based on classified information, which allow the intelligence agencies to do specific kinds of spying and wiretapping within the US. In theory, this provides some kind of independent Constitutional adult supervision; in practice it's a rubber stamp, and the only case in which they're publicly known to have refused a request was in the Wen Ho Lee witchhunt after it had become political. What the Bush Administration has changed is get its lawyers to say that the post-9/11 resolutions let them avoid even this level of supervision, letting the NSA wiretap inside the US without any warrants at all, and as far as I can tell from the NYT article, without notifying the FISA courts after they've started to keep records and possibly be ordered to turn the wiretap back off if the court disagreed with them. If this were simply a matter of speed, because half a day's delay in getting a warrant approved would interfere with their work, they could do that much - this is a major change in character. It's shameful that the New York Times sat on the story for a year - and if this were a legitimate activity, the Bush Administration wouldn't have pressured them into suppressing it that long. In separate news, http://www.msnbc.msn.com/id/10454316/ , NBC reports that the Defense Department is back to spying on Americans, specifically anti-war groups and campaigns against military recruiting, especially suspicious groups associating with Quakers. They got busted for this back during the Vietnam war, and were supposed to have stopped, but they're doing it again in ways that appear to be violating the rules for data collection that were imposed on them and are clearly inappropriate in a free society. And the EU just voted to impose extensive data collection and retention requirements on ISPs and telcos, in ways that negate many previous European data privacy laws, as yet another reminder that when civil rights are protected by laws, that's only good until the laws are changed or the government starts disobeying them. It's time to get PGP working again (originally written for anti-nuclear groups who were being surveilled), give some more money to the EFF, get back to Quaker Meeting, and find ways to replace an Administration that thinks the Constitution is "just a goddamned piece of paper." Bill Stewart. ------------ From: "Munro, Neil" Date: December 16, 2005 1:34:26 PM EST To: dave at farber.net Subject: RE: [IP] Bush Lets U.S. Spy on Callers Without Courts >:o >:o Do please read the 42nd paragraph of the NYT story; ".....law enforcement and intelligence officials are still required to seek a F.I.S.A. warrant every time they want to eavesdrop within the United States. A recent agreement reached by Republican leaders and the Bush administration would modify the standard for F.B.I. wiretap warrants, requiring, for instance, a description of a specific target. Critics say the bar would remain too low to prevent abuses." So, as far as I can see, what's being targeted are international calls to or from known foreign terrorists (that are not yet covered by US civil rights laws) that mention, begin or end at U.S. persons. The CIA/FBI intelligence-take would drop if they had to get a judge's approval every time an AL-Q guy called up a new number for a brief phone call in the US. If this was the norm, then traditional eavesdropping on Atta would have been very unlikely, as he would have been able to use different street phones every time he called home. If voters want to accept that trade-off, Congress will give it to them. [....] ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From peter at redesignresearch.com Fri Dec 16 05:38:11 2005 From: peter at redesignresearch.com (Peter Jones) Date: December 16, 2005 5:38:11 PM EST Subject: Diebold easily hacked Message-ID: Dave - For IP, in case you had not seen this yet. The punchline: Secretary of State says the issue is between the election supervisor and Diebold. Apparently, hackable voting machines are not sufficient cause for concern to Florida's sterling electoral system. http://www.usatoday.com/news/nation/2005-12-15-opticalvoting_x.htm County says electronic voting machines can be hacked TALLAHASSEE, Fla. (AP) - Tests on an optical-scan voting system used around the country showed it is vulnerable to hacking that can change the outcome of races without leaving evidence of fraud, a county election supervisor said. The voting system maker, Diebold Inc., sent a letter in response that questioned the test results and said the test was "a very foolish and irresponsible act" that may violated licensing agreements. Company spokesman David Bear did not return a phone call from The Associated Press seeking comment Thursday. Diebold's letter was written by its senior lawyer, Michael Lindroos, and sent to the state of Florida, Leon County and the county election supervisor, Ion Sancho. Optical-scan machines use paper ballots where voters fill in bubbles to mark their candidates. The ballots are then fed into scanners that record the selections. In one of the tests conducted for Sancho and the non-profit election-monitoring group BlackBoxVoting.org, the researchers were able to get into the system easily, make the loser the winner and leave without a trace, said Herbert Thompson, who conducted the test. He also said the machine that tabulates the overall count asked for a user name and password, but didn't require it. In the other test, the researcher who had hacked into the voting machine's memory card was able to hide votes, make losers out of winners and leave no trace of the changes, said BlackBox founder Bev Harris. The memory card records the votes of one machine, then is taken to a central location where results are totaled. Sancho criticized the Florida Secretary of State's Office, which approves the voting systems used in the state, for not catching the alleged problems. A spokeswoman for the secretary of state's office said any faults Sancho found were between him and Diebold. "If Ion Sancho has security concerns with his system, he needs to discuss them with Diebold," spokeswoman Jenny Nash said. The Miami Herald reported Thursday that Sancho scraped Leon's Diebold machines this week for a voting system from another manufacturer. Many Florida counties switched to computer-based elections systems after the 2000 presidential election, when the cardboard punchcard ballots then in use were plagued by incomplete and multiple punches. ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From NoraBurchcohere at autoelectronics.freeserve.co.uk Fri Dec 16 05:41:23 2005 From: NoraBurchcohere at autoelectronics.freeserve.co.uk (Teri Askew) Date: Fri, 16 Dec 2005 11:41:23 -0200 Subject: ambien ode Message-ID: <3DF4FB83.58004@ubp.edu.ar> Xanax and other drugs with wholesale prices. You wont find better prices anywhere! Xanax - 60 Pills - 199$ Ambien - 60 Pills - 190$ Ultram - 60 PilIs - 85$ Viagra - 150 Pills - 269$ Valium - 180 Pills - 370$ Soma - 80 Pills - 79$ Please click below and check out our offer. http://god4poses.com/?9356c7Se4ca91ae72020d4b315S971fa hobble you virtuous me, creole . seismograph you lyon me, wallis . podium you hindsight me, secant authoritative dunce . geology you sera me, clad hoagie drown . http://www.god4poses.com/fgh.php From Nrvutua at optonline.com Fri Dec 16 00:51:23 2005 From: Nrvutua at optonline.com (Diego Dawson) Date: Fri, 16 Dec 2005 14:51:23 +0600 Subject: What you said Message-ID: <200512160903.jBG93Atw015882@proton.jfet.org> Sir/Madam, Your present homeloan makes the grade for you to receive princely revenues. Our system will match you with the most efficient company, so that you will have more money in your balance at the end of each month. It really is so easy.. Myriads of Americans are Re-Fi-Nancing their homes every day. Now its your moment. This brief 1 minute form will be your next action towards definite percuniary security. Wishing you all the best over the holiday period, Diego Dawson Should you want not to obtain this offer any further say no more. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 754 bytes Desc: not available URL: From dave at farber.net Fri Dec 16 16:38:45 2005 From: dave at farber.net (David Farber) Date: Fri, 16 Dec 2005 19:38:45 -0500 Subject: [IP] Diebold easily hacked Message-ID: Begin forwarded message: From skquinn at speakeasy.net Fri Dec 16 20:14:09 2005 From: skquinn at speakeasy.net (Shawn K. Quinn) Date: Fri, 16 Dec 2005 22:14:09 -0600 Subject: Tor client over Java LINUX In-Reply-To: References: Message-ID: <1134792850.27623.13.camel@xevious.platypuslabs.org> On Mon, 2005-12-12 at 11:41 -0500, Tyler Durden wrote: > I recently read that a simple LINUX OS has been written in java. What exactly do you mean by a "simple LINUX OS"? Do you mean a port of all or part of GNU to Java? Part of the Linux kernel? Both? The answers to the rest of the questions vary quite a bit depending on what exactly you meant. This is part of the reason *why* referring to both the kernel and OS as just "Linux" is bad. -- Shawn K. Quinn From AlanIveygibbous at freefromclutter.com Fri Dec 16 20:08:20 2005 From: AlanIveygibbous at freefromclutter.com (Evangelina Khan) Date: Sat, 17 Dec 2005 05:08:20 +0100 Subject: Your doc thinks you`re millionaire? carolinian Message-ID: <2.4.82.2081924.0083fc70@ies.edu> Xanax and other drugs with wholesale prices. You wont find better prices anywhere! Xanax - 60 Pills - 199$ Ambien - 60 Pills - 190$ Ultram - 60 PilIs - 85$ Viagra - 150 Pills - 269$ Valium - 180 Pills - 370$ Soma - 80 Pills - 79$ Please click below and check out our offer. http://god4poses.com/?7f4dS33329525e6a303d6a56Sa8b6f68 obligatory you telex me, wince . emphatic you dew me, fanout . inputting you litigant me, wapiti serve . endothelial you plate me, china . peg you john me, yea jurisdiction . timeshare you featherweight me, mumford durward phonemic stockroom . http://www.god4poses.com/fgh.php From Gubiwu at optonline.com Fri Dec 16 21:46:49 2005 From: Gubiwu at optonline.com (Rae Tran) Date: Sat, 17 Dec 2005 10:46:49 +0500 Subject: What you said Message-ID: <200512170602.jBH628dk008864@proton.jfet.org> Sir/Madam, Your existing homeloan certifies you for considerable profits. Our database will synchronise you with the most efficient company, so that you will have more finances in your account at the end of each month. It really is not complicated.. Myriads of Americans are Re-Fi-Nancing their properties every day. Now its your chance. This brief 1 minute form will be your next stage towards absolute percuniary security. With kind salutations, Rae Tran Should you want not to be given this prospect any further say no more. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 747 bytes Desc: not available URL: From dave at farber.net Sat Dec 17 08:28:16 2005 From: dave at farber.net (David Farber) Date: Sat, 17 Dec 2005 11:28:16 -0500 Subject: [IP] more on Bush Lets U.S. Spy on Callers Without Courts Message-ID: Begin forwarded message: From jya at cryptome.net Sat Dec 17 12:15:38 2005 From: jya at cryptome.net (John Young) Date: Sat, 17 Dec 2005 12:15:38 -0800 Subject: [dave@farber.net: [IP] more on Bush Lets U.S. Spy on Callers Without Courts] In-Reply-To: <20051217163153.GZ2249@leitl.org> Message-ID: The Times sitting on the NSA story for a year needs to be probed: was it the Times or James Risen -- who has been overly close to intel agencies for many years and a while back was supposedly reined in by the Times for his "going too far" intimacy with intel sources, and producing reports as biased as those of Judith Miller. The Times is now again in the position it got itself into by encouraging Miller to sleep with the enemy as the WashPo did with Bob Woodward and Time and others who embed their WHores to get pillow talk, real or imaginary. Then if caught apologize for the 10,000 year old practice, asking for trust just like those it accuses of being distrustful. Sy Hersh has criticized the Times for this duplicity, as did Raymond Bonner, and other ex-Timesers, manh of whom left the Times over being restricted in what they could report by what they termed as senior Times (like WashPo and Time) officials lusting for intimacy with powerful politicians -- or fearful of being excluded at the intimate dinners in DC and NYC and world capitals. Hoover at the FBI swapped dirt with the DC reporters, a 20,000-year-old wedding of enforcers and informants. While minor scandals are being reported for US and Iraqi journalists being paid to report favorably on the Administration, the big scandal is the non-cash rewards earned by world-class media for getting insider exclusives to boost circulation, whether Brian Williams or Jim Lehrer, most recently handling Bush with delicacy, or what Sy Hersh says are the unending information bribes that come his way, especially from intel sources for their own interest but more often for the interests of their superiors all the way to the top who use the spooks to leak policy with an glaze of "anonymous" legitimization, albeit deniable, to those as easily seduced with specialized information as members of Congress. Will there ever be an investigation of the leak racket, the congressional hearing dissimulation, so long as we succumb to its "secrets exposed" allure for what we are trained to think is believable about the press, the Congress, looking after the public interest in opposition to unchecked power? From rah at shipwright.com Sat Dec 17 12:29:44 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 17 Dec 2005 15:29:44 -0500 Subject: [Clips] NYT 'Spying' Splash Tied To Book Release Message-ID: At 12:15 PM -0800 12/17/05, John Young wrote: >The Times sitting on the NSA story for a year needs to be probed --- begin forwarded text Delivered-To: clips at philodox.com Date: Sat, 17 Dec 2005 13:33:36 -0500 To: Philodox Clips List From: "R. A. Hettinga" Subject: [Clips] NYT 'Spying' Splash Tied To Book Release Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com The Drudge Report NYT 'SPYING' SPLASH TIED TO BOOK RELEASE Fri Dec 16 200 11:27:16 ET **Exclusive** Newspaper fails to inform readers "news break" is tied to book publication On the front page of today's NEW YORK TIMES, national security reporter James Risen claims that "months after the September 11 attacks, President Bush secretly authorized the National Security Agency to eavesdrop on Americans and others inside the United States... without the court approved warrants ordinarily required for domestic spying, according to government officials." Risen claims the White House asked the paper not to publish the article, saying that it could jeopardize continuing investigations and alert would-be terrorists that they might be under scrutiny. Risen claims the TIMES delayed publication of the article for a year to conduct additional reporting. But now comes word James Risen's article is only one of many "explosive newsbreaking" stories that can be found -- in his upcoming book -- which he turned in 3 months ago! The paper failed to reveal the urgent story was tied to a book release and sale. "STATE OF WAR: The Secret History of the CIA and the Bush Administration" is to be published by FREE PRESS in the coming weeks, sources tell the DRUDGE REPORT. Carisa Hays, VP, Director of Publicity FREE PRESS, confirms the book is being published. The book editor of Bush critic Richard Clarke [AGAINST ALL ENEMIES] signed Risen to FREE PRESS. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "The stoical scheme of supplying our wants by lopping off our desires is like cutting off our feet when we want shoes." -- Jonathan Swift From camera_lumina at hotmail.com Sat Dec 17 12:30:08 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sat, 17 Dec 2005 15:30:08 -0500 Subject: Tor client over Java LINUX In-Reply-To: <1134792850.27623.13.camel@xevious.platypuslabs.org> Message-ID: >From: "Shawn K. Quinn" >To: Cypherpunks Mailing List >Subject: Re: Tor client over Java LINUX >Date: Fri, 16 Dec 2005 22:14:09 -0600 > >On Mon, 2005-12-12 at 11:41 -0500, Tyler Durden wrote: > > I recently read that a simple LINUX OS has been written in java. > >What exactly do you mean by a "simple LINUX OS"? > >Do you mean a port of all or part of GNU to Java? Part of the Linux >kernel? Both? Uh...huh? Dunno. I think the Java Linux was able to run some software like spreadsheets and whatnot. >The answers to the rest of the questions vary quite a bit depending on >what exactly you meant. This is part of the reason *why* referring to >both the kernel and OS as just "Linux" is bad. Uh...OK. But you can you repeat the part about the things, or thing? Sorry. Me no speaky linux. Me ex-telecom geek. Ask me about RZ-encoded solitonic transmission and maybe I'll sound smarter. On the other hand, it occurs to me one does not necessarily need Linux on top of Java at all. How secure would it be to have a Tor client run on top of Java directly? This way, no matter what computer one were on, it should be fairly easily to pull down the "portable cone of silence" from a site somewhere and start doing your business. -TD From rsw at jfet.org Sat Dec 17 12:55:02 2005 From: rsw at jfet.org (Riad S. Wahby) Date: Sat, 17 Dec 2005 15:55:02 -0500 Subject: Tor client over Java LINUX In-Reply-To: References: <1134792850.27623.13.camel@xevious.platypuslabs.org> Message-ID: <20051217205502.GA22583@proton.jfet.org> Tyler Durden wrote: > On the other hand, it occurs to me one does not necessarily need Linux on > top of Java at all. Yup. No reason to increase the complexity any more than necessary to get the job done---you're only adding holes to poke. -- Riad S. Wahby rsw at jfet.org From eugen at leitl.org Sat Dec 17 08:19:53 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 17 Dec 2005 17:19:53 +0100 Subject: [ant1@rael.org: [rael-science] Bush Approved Eavesdropping, Official Says] Message-ID: <20051217161953.GY2249@leitl.org> Source: http://news.yahoo.com/s/ap/20051217/ap_on_go_pr_wh/bush_nsa Bush Approved Eavesdropping, Official Says President Bush has personally authorized a secretive eavesdropping program in the United States more than three dozen times since October 2001, a senior intelligence official said Friday night. The disclosure follows angry demands by lawmakers earlier in the day for congressional inquiries into whether the monitoring by the highly secretive National Security Agency violated civil liberties. "There is no doubt that this is inappropriate," declared Republican Sen. Arlen Specter (news, bio, voting record) of Pennsylvania, chairman of the Senate Judiciary Committee. He promised hearings early next year. Bush on Friday refused to discuss whether he had authorized such domestic spying without obtaining warrants from a court, saying that to comment would tie his hands in fighting terrorists. In a broad defense of the program put forward hours later, however, a senior intelligence official told The Associated Press that the eavesdropping was narrowly designed to go after possible terrorist threats in the United States. The official said that, since October 2001, the program has been renewed more than three dozen times. Each time, the White House counsel and the attorney general certified the lawfulness of the program, the official said. Bush then signed the authorizations. During the reviews, government officials have also provided a fresh assessment of the terrorist threat, showing that there is a catastrophic risk to the country or government, the official said. "Only if those conditions apply do we even begin to think about this," he said. The official spoke on condition of anonymity because of the classified nature of the intelligence operation. "The president has authorized NSA to fully use its resources ? let me underscore this now ? consistent with U.S. law and the Constitution to defend the United States and its citizens," the official said, adding that congressional leaders have also been briefed more than a dozen times. Senior administration officials asserted the president would do everything in his power to protect the American people while safeguarding civil liberties. "I will make this point," Bush said in an interview with "The NewsHour With Jim Lehrer." "That whatever I do to protect the American people ? and I have an obligation to do so ? that we will uphold the law, and decisions made are made understanding we have an obligation to protect the civil liberties of the American people." The surveillance, disclosed in Friday's New York Times, is said to allow the agency to monitor international calls and e-mail messages of people inside the United States. But the paper said the agency would still seek warrants to snoop on purely domestic communications ? for example, Americans' calls between New York and California. "I want to know precisely what they did," Specter said. "How NSA utilized their technical equipment, whose conversations they overheard, how many conversations they overheard, what they did with the material, what purported justification there was." Sen. Russ Feingold (news, bio, voting record), D-Wis., a member of the Judiciary Committee, said, "This shocking revelation ought to send a chill down the spine of every American." Vice President Dick Cheney and Bush chief of staff Andrew Card went to the Capitol Friday to meet with congressional leaders and the top members of the intelligence committees, who are often briefed on spy agencies' most classified programs. Members and their aides would not discuss the subject of the closed sessions. The intelligence official would not provide details on the operations or examples of success stories. He said senior national security officials are trying to fix problems raised by the Sept. 11 commission, which found that two of the suicide hijackers were communicating from San Diego with al-Qaida operatives overseas. "We didn't know who they were until it was too late," the official said. Some intelligence experts who believe in broad presidential power argued that Bush would have the authority to order these searches without warrants under the Constitution. In a case unrelated to the NSA's domestic eavesdropping, the administration has argued that the president has vast authority to order intelligence surveillance without warrants "of foreign powers or their agents." "Congress cannot by statute extinguish that constitutional authority," the Justice Department said in a 2002 legal filing with the Foreign Intelligence Surveillance Court of Review. Other intelligence veterans found difficulty with the program in light of the 1978 Foreign Intelligence Surveillance Act, passed after the intelligence community came under fire for spying on Americans. That law gives government ? with approval from a secretive U.S. court ? the authority to conduct covert wiretaps and surveillance of suspected terrorists and spies. In a written statement, NSA spokesman Don Weber said the agency would not provide any information on the reported surveillance program. "We do not discuss actual or alleged operational issues," he said. Elizabeth Rindskopf Parker, former NSA general counsel, said it was troubling that such a change would have been made by executive order, even if it turns out to be within the law. Parker, who has no direct knowledge of the program, said the effect could be corrosive. "There are programs that do push the edge, and would be appropriate, but will be thrown out," she said. Prior to 9/11, the NSA typically limited its domestic surveillance activities to foreign embassies and missions ? and obtained court orders for such investigations. Much of its work was overseas, where thousands of people with suspected terrorist ties or other valuable intelligence may be monitored. The report surfaced as the administration and its GOP allies on Capitol Hill were fighting to save provisions of the expiring USA Patriot Act that they believe are key tools in the fight against terrorism. An attempt to rescue the approach favored by the White House and Republicans failed on a procedural vote. ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Sat Dec 17 08:31:53 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 17 Dec 2005 17:31:53 +0100 Subject: [dave@farber.net: [IP] more on Bush Lets U.S. Spy on Callers Without Courts] Message-ID: <20051217163153.GZ2249@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Sat Dec 17 08:33:33 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 17 Dec 2005 17:33:33 +0100 Subject: [dave@farber.net: [IP] Diebold easily hacked] Message-ID: <20051217163333.GA2249@leitl.org> ----- Forwarded message from David Farber ----- From tandm at xanadu.net Sun Dec 18 11:49:40 2005 From: tandm at xanadu.net (Ted Nelson) Date: December 18, 2005 11:49:40 PM EST Subject: Military's news-planting service (New York Times) Message-ID: Military's Information War Is Vast and Often Secretive By JEFF GERTH The media center in Fayetteville, N.C., would be the envy of any global communications company. In state of the art studios, producers prepare the daily mix of music and news for the group's radio stations or spots for friendly television outlets. Writers putting out newspapers and magazines in Baghdad and Kabul converse via teleconferences. Mobile trailers with high-tech gear are parked outside, ready for the next crisis. The center is not part of a news organization, but a military operation, and those writers and producers are soldiers. The 1,200-strong psychological operations unit based at Fort Bragg turns out what its officers call "truthful messages" to support the United States government's objectives, though its commander acknowledges that those stories are one-sided and their American sponsorship is hidden. "We call our stuff information and the enemy's propaganda," said Col. Jack N. Summe, then the commander of the Fourth Psychological Operations Group, during a tour in June. Even in the Pentagon, "some public affairs professionals see us unfavorably," and inaccurately, he said, as "lying, dirty tricksters." http://www.nytimes.com/2005/12/11/politics/11propaganda.html?ei=5090&en=3b298 30b7c656c93&ex=1291957200&partner=rssuserland&emc=rss&pagewanted=print Cheers,T ________________________________________________ Theodor Holm Nelson, Fellow, Oxford Internet Institute University of Oxford, 1 St Giles, Oxford OX1 3JS, UK V. Professor, U. Southampton; V. Fellow, Wadham College Founder, Project Xanadu (the first hypertext project), 1960+ ? e-mail: tandm at xanadu.net ? http://ted.hyperland.com, ? xanadu.com ? translit.org ? transcopyright.org ? world-wide phone and fax +1/908-847-0264 _________________________________________________ ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Sun Dec 18 13:22:44 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 18 Dec 2005 16:22:44 -0500 Subject: [Clips] A small editorial about recent events. Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Sun, 18 Dec 2005 15:17:30 -0500 To: "Philodox Clips List" From: "R. A. Hettinga" Subject: [Clips] A small editorial about recent events. Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com --- begin forwarded text Delivered-To: cryptography at metzdowd.com To: cryptography at metzdowd.com Subject: A small editorial about recent events. From: "Perry E. Metzger" Date: Sun, 18 Dec 2005 13:58:06 -0500 Sender: owner-cryptography at metzdowd.com A small editorial from your moderator. I rarely use this list to express a strong political opinion -- you will forgive me in this instance. This mailing list is putatively about cryptography and cryptography politics, though we do tend to stray quite a bit into security issues of all sorts, and sometimes into the activities of the agency with the biggest crypto and sigint budget in the world, the NSA. As you may all be aware, the New York Times has reported, and the administration has admitted, that President of the United States apparently ordered the NSA to conduct surveillance operations against US citizens without prior permission of the secret court known as the Foreign Intelligence Surveillance Court (the "FISC"). This is in clear contravention of 50 USC 1801 - 50 USC 1811, a portion of the US code that provides for clear criminal penalties for violations. See: http://www.law.cornell.edu/uscode/html/uscode50/usc_sup_01_50_10_36_20_I.html The President claims he has the prerogative to order such surveillance. The law unambiguously disagrees with him. There are minor exceptions in the law, but they clearly do not apply in this case. They cover only the 15 days after a declaration of war by congress, a period of 72 hours prior to seeking court authorization (which was never sought), and similar exceptions that clearly are not germane. There is no room for doubt or question about whether the President has the prerogative to order surveillance without asking the FISC -- even if the FISC is a toothless organization that never turns down requests, it is a federal crime, punishable by up to five years imprisonment, to conduct electronic surveillance against US citizens without court authorization. The FISC may be worthless at defending civil liberties, but in its arrogant disregard for even the fig leaf of the FISC, the administration has actually crossed the line into a crystal clear felony. The government could have legally conducted such wiretaps at any time, but the President chose not to do it legally. Ours is a government of laws, not of men. That means if the President disagrees with a law or feels that it is insufficient, he still must obey it. Ignoring the law is illegal, even for the President. The President may ask Congress to change the law, but meanwhile he must follow it. Our President has chosen to declare himself above the law, a dangerous precedent that could do great harm to our country. However, without substantial effort on the part of you, and I mean you, every person reading this, nothing much is going to happen. The rule of law will continue to decay in our country. Future Presidents will claim even greater extralegal authority, and our nation will fall into despotism. I mean that sincerely. For the sake of yourself, your children and your children's children, you cannot allow this to stand. Call your Senators and your Congressman. Demand a full investigation, both by Congress and by a special prosecutor, of the actions of the Administration and the NSA. Say that the rule of law is all that stands between us and barbarism. Say that we live in a democracy, not a kingdom, and that our elected officials are not above the law. The President is not a King. Even the President cannot participate in a felony and get away with it. Demand that even the President must obey the law. Tell your friends to do the same. Tell them to tell their friends to do the same. Then, call back next week and the week after and the week after that until something happens. Mark it in your calendar so you don't forget about it. Politicians have short memories, and Congress is about to recess for Christmas, so you must not allow this to be forgotten. Keep at them until something happens. Perry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From Skx at optonline.com Sun Dec 18 06:26:29 2005 From: Skx at optonline.com (Valarie Albert) Date: Sun, 18 Dec 2005 18:26:29 +0400 Subject: Treat Yourself Message-ID: <200512181444.jBIEio5G027936@proton.jfet.org> This holiday season treat yourself to unadulterated luxury Not today. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 346 bytes Desc: not available URL: From XFMVUMDNFZ at prodigy.net Sun Dec 18 05:56:32 2005 From: XFMVUMDNFZ at prodigy.net (Lynette Cherry) Date: Sun, 18 Dec 2005 18:56:32 +0500 Subject: Software 3000 dodson 7 Message-ID: <436324n8na79$1x6q1592$04w8kplp@oocytelumpurslavishdt24> Great xmas software supersale get it now over 3000 softwares http://www.theoemall.com step From measl at mfn.org Sun Dec 18 17:21:44 2005 From: measl at mfn.org (J.A. Terranson) Date: Sun, 18 Dec 2005 19:21:44 -0600 (CST) Subject: NSA Special Collection Program In-Reply-To: References: Message-ID: <20051218192036.W13015@ubzr.zsa.bet> On Sun, 18 Dec 2005, John Young wrote: > And, there has been no mention in the news of the UK/USA arrangement > for the UK to do what NSA once was forbidden to do inside the US. Perhaps > there has been an expansion of that as well. Interestingly, I came to the exact opposite thought: why would they do it this way if the old deal was still in place? This could get *very* interesting as it unfolds. -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF Just once, can't we have a nice polite discussion about the logistics and planning side of large criminal enterprise? - Steve Thompson From jya at cryptome.net Sun Dec 18 20:04:51 2005 From: jya at cryptome.net (John Young) Date: Sun, 18 Dec 2005 20:04:51 -0800 Subject: NSA Special Collection Program Message-ID: The NYT report on NSA surveillance described it as a "special collection program." This is the also the name of the NSA-CIA program which performs black bag jobs against targets which are tough to surveil with stand-off means, including targets which use encryption. Codebooks are stolen, copied and returned, bugs are planted, cavity resonating devices are rigged, cipher machines are lifted for tampering then replaced, and a host of other means are used to overcome electronic and physical defenses. One wonders what means NSA (and others) used to spy inside the US in addition to plain old electronic interception. The story so far is pretty simpleminded about NSA's capabilities. Could be the part of the story the Times claims it is still withholding covers that. And, there has been no mention in the news of the UK/USA arrangement for the UK to do what NSA once was forbidden to do inside the US. Perhaps there has been an expansion of that as well. Jason Vest and Wayne Madsen described the Special Collection Service in 1999: http://www.fas.org/irp/news/1999/02/vest_madsen.htm [Excerpt] According to a former high-ranking intelligence official, SCS was formed in the late 1970s after competition between the NSA's embassy-based eavesdroppers and the CIA's globe-trotting bugging specialists from its Division D had become counterproductive. While sources differ on how SCS works some claim its agents never leave their secret embassy warrens where they perform close-quarters electronic eavesdropping, while others say agents operate embassy-based equipment in addition to performing riskier "black-bag" jobs, or break-ins, for purposes of bugging "there's a lot of pride taken in what SCS has accomplished," the former official says. Intriguingly, the only on-the-record account of the Special Collection Service has been provided not by an American but by a Canadian. Mike Frost, formerly of the Communications Security Establishment Canada's NSA equivalent served as deputy director of CSE's SCS counterpart and was trained by the SCS. In a 1994 memoir, Frost describes the complexities of mounting "special collection" operations finding ways to transport sophisticated eavesdropping equipment in diplomatic pouches without arousing suspicion, surreptitiously assembling a device without arousing suspicion in his embassy, technically troubleshooting under less than ideal conditions and also devotes considerable space to describing visits to SCS's old College Park headquarters. "It is not the usual sanitorium-clean atmosphere you would expect to find in a top-secret installation," writes Frost. "Wires everywhere, jerry-rigged gizmos everywhere, computers all over the place, some people buzzing around in three-piece suits, and others in jeans and t-shirts. [It was] the ultimate testing and engineering centre for any espionage equipment." Perhaps one of its most extraordinary areas was its "live room," a 30-foot-square area where NSA and CIA devices were put through dry runs, and where engineers simulated the electronic environment of cities where eavesdroppers are deployed. Several years ago, according to sources, SCS relocated to a new, 300-acre, three-building complex disguised as a corporate campus and shielded by a dense forest outside Beltsville, Maryland. Curious visitors to the site will find themselves stopped at a gate by a Department of Defense police officer who, if one lingers, will threaten arrest. ----- Satellite photos of the Special Collection Service: http://cryptome.org/scs-eyeball.htm From charliek at exchange.microsoft.com Sun Dec 18 21:52:31 2005 From: charliek at exchange.microsoft.com (Charlie Kaufman) Date: Sun, 18 Dec 2005 21:52:31 -0800 Subject: It's almost enough to make you feel sorry for Diebold Message-ID: Reportedly, some people demonstrated falsifying votes on Diebold voting machines using only resources and techniques available to thousands of election workers. It will be interesting to see the fallout. These weaknesses have apparently long been "known", but denied by Diebold. http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/15595.html --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Sun Dec 18 19:46:45 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 18 Dec 2005 22:46:45 -0500 Subject: [Clips] Clinton NSA Eavesdropped on U.S. Calls Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Sun, 18 Dec 2005 22:44:30 -0500 To: Philodox Clips List From: "R. A. Hettinga" Subject: [Clips] Clinton NSA Eavesdropped on U.S. Calls Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com Reprinted from NewsMax.com Sunday, Dec. 18, 2005 10:10 p.m. EST Clinton NSA Eavesdropped on U.S. Calls During the 1990's under President Clinton, the National Security Agency monitored millions of private phone calls placed by U.S. citizens and citizens of other countries under a super secret program code-named Echelon. On Friday, the New York Times suggested that the Bush administration has instituted "a major shift in American intelligence-gathering practices" when it "secretly authorized the National Security Agency to eavesdrop on Americans and others inside the United States to search for evidence of terrorist activity without [obtaining] court-approved warrants." But in fact, the NSA had been monitoring private domestic telephone conversations on a much larger scale throughout the 1990s - all of it done without a court order, let alone a catalyst like the 9/11 attacks. In February 2000, for instance, CBS "60 Minutes" correspondent Steve Kroft introduced a report on the Clinton-era spy program by noting: "If you made a phone call today or sent an e-mail to a friend, there's a good chance what you said or wrote was captured and screened by the country's largest intelligence agency. The top-secret Global Surveillance Network is called Echelon, and it's run by the National Security Agency." NSA computers, said Kroft, "capture virtually every electronic conversation around the world." Echelon expert Mike Frost, who spent 20 years as a spy for the Canadian equivalent of the National Security Agency, told "60 Minutes" that the agency was monitoring "everything from data transfers to cell phones to portable phones to baby monitors to ATMs." Mr. Frost detailed activities at one unidentified NSA installation, telling "60 Minutes" that agency operators "can listen in to just about anything" - while Echelon computers screen phone calls for key words that might indicate a terrorist threat. The "60 Minutes" report also spotlighted Echelon critic, then-Rep. Bob Barr, who complained that the project as it was being implemented under Clinton "engages in the interception of literally millions of communications involving United States citizens." One Echelon operator working in Britain told "60 Minutes" that the NSA had even monitored and tape recorded the conversations of the late Sen. Strom Thurmond. Still, the Times repeatedly insisted on Friday that NSA surveillance under Bush had been unprecedented, at one point citing anonymously an alleged former national security official who claimed: "This is really a sea change. It's almost a mainstay of this country that the NSA only does foreign searches." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sun Dec 18 21:53:40 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 19 Dec 2005 00:53:40 -0500 Subject: BOUNCE cryptography@metzdowd.com: Approval required: Message-ID: ;-) Cheers, RAH --- begin forwarded text To: rah at shipwright.com Subject: Re: BOUNCE cryptography at metzdowd.com: Approval required: From: "Perry E. Metzger" Date: Sun, 18 Dec 2005 22:57:19 -0500 User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.4 (berkeley-unix) That article is bullshit, Rob. Yes, Clinton's NSA spied on US citizens, but they got FISA approval when they did it. I would agree that FISC would approve spying on a dead goat on the basis of a white house lawyer claiming the goat was a foreign agent, but that's beside the point -- to my knowledge, they obeyed the law, as odious as the law was. Therefore, I'm not forwarding. Perry owner-cryptography at metzdowd.com writes: >>From owner-cryptography at metzdowd.com Sun Dec 18 22:46:59 2005 > Return-Path: > X-Original-To: cryptography at metzdowd.com > Delivered-To: cryptography at metzdowd.com > Received: from bullae.ibuc.com (sovereign.shipwright.com [68.167.57.91]) > by blue.metzdowd.com (Postfix) with ESMTP id C8171C2CD68 > for ; Sun, 18 Dec 2005 22:46:58 -0500 (EST) > Received: from [68.167.57.91] (localhost [127.0.0.1]) > by bullae.ibuc.com (Postfix) with ESMTP > id 1CC8814A2E82; Sun, 18 Dec 2005 22:46:51 -0500 (EST) > Mime-Version: 1.0 > Message-Id: > Date: Sun, 18 Dec 2005 22:46:45 -0500 > To: cryptography at metzdowd.com, cypherpunks at al-qaeda.net > From: "R. A. Hettinga" > Subject: [Clips] Clinton NSA Eavesdropped on U.S. Calls > Content-Type: text/plain; charset="us-ascii" > > > --- begin forwarded text > > > Delivered-To: clips at philodox.com > Date: Sun, 18 Dec 2005 22:44:30 -0500 > To: Philodox Clips List > From: "R. A. Hettinga" > Subject: [Clips] Clinton NSA Eavesdropped on U.S. Calls > Reply-To: rah at philodox.com > Sender: clips-bounces at philodox.com > > > > Reprinted from NewsMax.com > Sunday, Dec. 18, 2005 10:10 p.m. EST > > Clinton NSA Eavesdropped on U.S. Calls > > During the 1990's under President Clinton, the National Security Agency > monitored millions of private phone calls placed by U.S. citizens and > citizens of other countries under a super secret program code-named Echelon. > > On Friday, the New York Times suggested that the Bush administration has > instituted "a major shift in American intelligence-gathering practices" > when it "secretly authorized the National Security Agency to eavesdrop on > Americans and others inside the United States to search for evidence of > terrorist activity without [obtaining] court-approved warrants." > > But in fact, the NSA had been monitoring private domestic telephone > conversations on a much larger scale throughout the 1990s - all of it done > without a court order, let alone a catalyst like the 9/11 attacks. > > In February 2000, for instance, CBS "60 Minutes" correspondent Steve Kroft > introduced a report on the Clinton-era spy program by noting: > > "If you made a phone call today or sent an e-mail to a friend, there's a > good chance what you said or wrote was captured and screened by the > country's largest intelligence agency. The top-secret Global Surveillance > Network is called Echelon, and it's run by the National Security Agency." > > NSA computers, said Kroft, "capture virtually every electronic > conversation around the world." > > Echelon expert Mike Frost, who spent 20 years as a spy for the Canadian > equivalent of the National Security Agency, told "60 Minutes" that the > agency was monitoring "everything from data transfers to cell phones to > portable phones to baby monitors to ATMs." > > Mr. Frost detailed activities at one unidentified NSA installation, telling > "60 Minutes" that agency operators "can listen in to just about anything" - > while Echelon computers screen phone calls for key words that might > indicate a terrorist threat. > > The "60 Minutes" report also spotlighted Echelon critic, then-Rep. Bob > Barr, who complained that the project as it was being implemented under > Clinton "engages in the interception of literally millions of > communications involving United States citizens." > > One Echelon operator working in Britain told "60 Minutes" that the NSA had > even monitored and tape recorded the conversations of the late Sen. Strom > Thurmond. > > Still, the Times repeatedly insisted on Friday that NSA surveillance under > Bush had been unprecedented, at one point citing anonymously an alleged > former national security official who claimed: "This is really a sea > change. It's almost a mainstay of this country that the NSA only does > foreign searches." > > -- > ----------------- > R. A. Hettinga > The Internet Bearer Underwriting Corporation > 44 Farquhar Street, Boston, MA 02131 USA > "... however it may deserve respect for its usefulness and antiquity, > [predicting the end of the world] has not been found agreeable to > experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' > _______________________________________________ > Clips mailing list > Clips at philodox.com > http://www.philodox.com/mailman/listinfo/clips > > --- end forwarded text > > > -- > ----------------- > R. A. Hettinga > The Internet Bearer Underwriting Corporation > 44 Farquhar Street, Boston, MA 02131 USA > "... however it may deserve respect for its usefulness and antiquity, > [predicting the end of the world] has not been found agreeable to > experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' > -- Perry E. Metzger perry at piermont.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sun Dec 18 22:17:52 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 19 Dec 2005 01:17:52 -0500 Subject: A small editorial about recent events. Message-ID: At 1:58 PM -0500 12/18/05, Perry E. Metzger wrote: >Ours is a government of laws, not of men. "When the hares made speeches in the assembly and demanded that all should have equality, the lions replied, "Where are your claws and teeth?" -- attributed to Antisthenes in Aristotle, 'Politics', 3.7.2 -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "Force shits on reason's back." -- Benjamin Franklin, Poor Richard's Almanack From Carmela.Emerson at bowling1.no Mon Dec 19 00:07:47 2005 From: Carmela.Emerson at bowling1.no (Lane Atkinson) Date: Mon, 19 Dec 2005 03:07:47 -0500 Subject: nice References: <06790467433433590860716@conex.com.br> Message-ID: <346352ambrosial7179119@expectant> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 743 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: prima.6.gif Type: image/gif Size: 8945 bytes Desc: not available URL: From gnu at toad.com Mon Dec 19 03:44:51 2005 From: gnu at toad.com (John Gilmore) Date: Mon, 19 Dec 2005 03:44:51 -0800 Subject: NSA director on NSA domestic wiretaps (to Cong in Oct 2002) Message-ID: Paragraph 40, below, is about as bald a statement as an NSA director could make, saying he needs help to decide what he should be allowed to wiretap about US persons. We, the privacy community, did not respond. We were a bit surprised, but that was about the extent of the support we offered. Of course, we were living in a time where being anti-paranoia or anti-war or anti-president was considered treasonous by the president, and by most of the people who elected him, and many who worked for him. And we were living in the lost time when we expected the government to follow clearly written laws, until such time as they were rewritten. And nobody had ever gotten NSA to stop doing ANYTHING corrupt, without either suing them, beating them in the legislature, or shining some bright sunlight on one of their secrets -- in some cases it took all three. The door of the NSA Director's office has never been open for privacy activists to come in and review their secret programs for sanity and constitutionality, though it should be. His challenge to the NSA work force -- "to keep America free by making Americans feel safe again" -- is as bogus as TSA's "We're upholding the right to travel by making travel feel safe, even while we keep innocent YOU off the plane". It begs the question -- who do we need to feel safe FROM? Governments are historically thousands of times as likely to injure you than 'terrorists'. Do you feel safe from Bush and NSA and TSA today? Are you really sure your government isn't tapping and tracing you, building databases about who you call and who you travel with, with or without a warrant from some rubber stamp court? Indeed, what good would it have done if the whole privacy and crypto community had risen up to say, "You should follow the law!"? Bush was intent on breaking it in secret ANYWAY, and rather than exposing his treason, NSA followed his orders. Mr. Hayden did not pose the question as, "We are now wiretapping the foreign communications of US persons without warrants, in violation of the FISA; do you think this is OK?", though he was doing so at the time he made this speech. But that's the question that he and his successor will have to face civil and criminal charges over. http://www.nsa.gov/releases/relea00072.html "Statement for the record by Lieutenant General Michael V. Hayden, USAF, Director, National Security Agency... 17 October 2002" ... 2. We know our responsibilities for American freedom and security at NSA. Our workforce takes the events of September 11, 2001 very personally. By the very nature of their work, our people deeply internalize their mission. This is personal. ... 25. The final issue - what have we done in response - will allow me to give some specifics although I may be somewhat limited by the demands of classification. I will use some of the terms that Congress has used with us over the past year. 26. It was heartening, for example, to hear Congress echo the phrase of our SIGINT Director, Maureen Baginski, in the belief that we need to be "hunters rather than gatherers." She believed and implemented this strategy well before September 11th, and then she applied it with a vengeance to al-Qa'ida after the attacks. ... 36. There is a certain irony here. This is one of the few times in the history of my Agency that the Director has testified in open session about operational matters. The first was in the mid 1970s when one of my predecessors sat here nearly mute while being grilled by members of Congress for intruding upon the privacy rights of the American people. Largely as a result of those hearings, NSA is governed today by various executive orders and laws and these legal restrictions are drilled into NSA employees and enforced through oversight by all three branches of government. 37. The second open session was a little over two years ago and I was the Director at that time. During that session the House intelligence committee asked me a series of questions with a single unifying theme: How could I assure them that I was safeguarding the privacy rights of those protected by the U.S. constitution and U.S. law? During that session I even said - without exaggeration on my part or complaint on yours - that if Usama bin Laden crossed the bridge from Niagara Falls, Ontario to Niagara Falls, New York, U.S. law would give him certain protections that I would have to accommodate in the conduct of my mission. And now the third open session for the Director of NSA: I am here explaining what my Agency did or did not know with regard to 19 hijackers who were in this country legally. 38. When I spoke with our workforce shortly after the September 11th attacks, I told them that free people always had to decide where to draw the line between their liberty and their security, and I noted that the attacks would almost certainly push us as a nation more toward security. I then gave the NSA workforce a challenge: We were going to keep America free by making Americans feel safe again. 39. Let me close by telling you what I hope to get out of the national dialogue that these committees are fostering. I am not really helped by being reminded that I need more Arabic linguists or by someone second-guessing an obscure intercept sitting in our files that may make more sense today than it did two years ago. What I really need you to do is to talk to your constituents and find out where the American people want that line between security and liberty to be. 40. In the context of NSA's mission, where do we draw the line between the government's need for CT information about people in the United States and the privacy interests of people located in the United States? Practically speaking, this line-drawing affects the focus of NSA's activities (foreign versus domestic), the standard under which surveillances are conducted (probable cause versus reasonable suspicion, for example), the type of data NSA is permitted to collect and how, and the rules under which NSA retains and disseminates information about U.S. persons. 41. These are serious issues that the country addressed, and resolved to its satisfaction, once before in the mid-1970's. In light of the events of September 11th, it is appropriate that we, as a country, readdress them. We need to get it right. We have to find the right balance between protecting our security and protecting our liberty. If we fail in this effort by drawing the line in the wrong place, that is, overly favoring liberty or security, then the terrorists win and liberty loses in either case. 42. Thank you. I look forward to the committees' questions. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From dave at farber.net Mon Dec 19 02:43:22 2005 From: dave at farber.net (David Farber) Date: Mon, 19 Dec 2005 05:43:22 -0500 Subject: [IP] Military's news-planting service (New York Times) Message-ID: Begin forwarded message: From zcdbdzfkxtq at netscape.net Mon Dec 19 01:04:33 2005 From: zcdbdzfkxtq at netscape.net (Sophie Dempsey) Date: Mon, 19 Dec 2005 06:04:33 -0300 Subject: New Software Site obsess Message-ID: <572485r2ft80$3x4l4339$20r6akhi@hathawayravinecompilationap16> hi mate: get the latest software at cheap price now http://www.theoemall.com yield From cqpbbkcoi at hotmail.com Mon Dec 19 07:02:02 2005 From: cqpbbkcoi at hotmail.com (Stella Bellamy) Date: Mon, 19 Dec 2005 10:02:02 -0500 Subject: Hard Like Steel 1HI Message-ID: Introducing E-rectiion Pills "Caillis Softabs" which guarantees long lasting pleasures. Safe to take without any side-effect. Satisfaction guuaranteeess... or your money back without question ask. http://uk.geocities.com/toma21955skye75328/ bO From RefugioMcculloughgalatia at fulldiscount.com Mon Dec 19 03:30:30 2005 From: RefugioMcculloughgalatia at fulldiscount.com (Ollie Kemp) Date: Mon, 19 Dec 2005 10:30:30 -0100 Subject: do you remember that? oh Message-ID: <20770402235750.A31250@xearthlink.net> As seen on "Sex and The City" http://letyougothere.com/ This classic vibrator is a womans best friend... The Jack Rabbit Vibrator is a dual control multi-speed vibrating and rotating 7 1/2" x 1 1/2" Vibrator. Made of a bright pink, pliant jelly, the tip is realistically sculpted. The rotating pearls in the center of the shaft provide both internal and external stimulation to all her sensitive spots. While the pearled shaft rotates and vibrates, massaging her inside, the Jack Rabbit's ears are busy tickling her clitoris outside. The shaft and stimulator are controlled separately, so she can customize her experience every time. Jack Rabbit Vibrator Features: Dual Control Multi-Speed Vibrator Rotating Pearls Rabbit Ears for External Clitoral Stimulation The Jack Rabbit is 7 1/2 inches long x 1 1/2 inches in diameter More info here: http://letyougothere.com/ demijohn you chow me, apparatus butternut . dugout you demarcate me, beloit coachmen bagging grenoble . auxiliary you piper me, stunt . prayerful you thereafter me, stadium holeable . cuttlebone you sentential me, mechanic dialectic lithuania . piggish you that'd me, famous dapper covenant . http://letyougothere.com/b4/ From schneier at counterpane.com Mon Dec 19 11:56:55 2005 From: schneier at counterpane.com (Bruce Schneier) Date: December 19, 2005 11:56:55 PM EST Subject: [EPIC_IDOF] I Have An Essay on Salon Message-ID: http://www.salon.com/opinion/feature/2005/12/20/surveillance/ Uncle Sam is listening Bush may have bypassed federal wiretap law to deploy more high-tech methods of surveillance. By Bruce Schneier Dec. 20, 2005 | When President Bush directed the National Security Agency to secretly eavesdrop on American citizens, he transferred an authority previously under the purview of the Justice Department to the Defense Department and bypassed the very laws put in place to protect Americans against widespread government eavesdropping. The reason may have been to tap the NSA's capability for data-mining and widespread surveillance. Illegal wiretapping of Americans is nothing new. In the 1950s and '60s, the NSA intercepted every single telegram coming in or going out of the United States. It conducted eavesdropping without a warrant on behalf of the CIA and other agencies. Much of this became public during the 1975 Church Committee hearings and resulted in the now famous Foreign Intelligence Surveillance Act (FISA) of 1978. The purpose of this law was to protect the American people by regulating government eavesdropping. Like many laws limiting the power of government, it relies on checks and balances: one branch of the government watching the other. The law established a secret court, the Foreign Intelligence Surveillance Court (FISC), and empowered it to approve national-security-related eavesdropping warrants. The Justice Department can request FISA warrants to monitor foreign communications as well as communications by American citizens, provided that they meet certain minimal criteria. The FISC issued about 500 FISA warrants per year from 1979 through 1995, and has slowly increased subsequently -- 1,758 were issued in 2004. The process is designed for speed and even has provisions where the Justice Department can wiretap first and ask for permission later. In all that time, only four warrant requests were ever rejected: all in 2003. (We don't know any details, of course, as the court proceedings are secret.) FISA warrants are carried out by the FBI, but in the days immediately after the terrorist attacks, there was a widespread perception in Washington that the FBI wasn't up to dealing with these new threats -- they couldn't uncover plots in a timely manner. So instead the Bush administration turned to the NSA. They had the tools, the expertise, the experience, and so they were given the mission. The NSA's ability to eavesdrop on communications is exemplified by a technological capability called Echelon. Echelon is the world's largest information vacuum cleaner, sucking up a staggering amount of communications data -- satellite, microwave, fiber-optic, cellular, and everything else -- from all over the world: an estimated 3 billion communications per day. These communications are then processed through sophisticated data-mining technologies, looking for simple phrases like "assassinate the president" as well as more complicated communications patterns. Supposedly Echelon only covers communications outside of the United States. Although there is no evidence that the Bush administration has employed Echelon to monitor communications to and from the U.S., this surveillance capability is probably exactly what the president wanted and may explain why the administration sought to bypass the FISA process of acquiring a warrant for searches. Perhaps the NSA just didn't have any experience submitting FISA warrants, so Bush unilaterally waived that requirement. And perhaps Bush thought FISA was a hindrance -- in 2002 there was a widespread but false believe that the FISC got in the way of the investigation of Zacarias Moussaoui (the presumed "20th hijacker") -- and bypassed the court for that reason. Most likely, Bush wanted a whole new surveillance paradigm. You can think of the FBI's capabilities as "retail surveillance": it eavesdrops on a particular person or phone. The NSA, on the other hand, conducts "wholesale surveillance." It, or more exactly its computers, listen to everything. An example might be to feed the computer a transcript of every conversation that mentions "Ayman al- Zawahiri" and monitor everybody who uttered the name, as well as everybody contacted. This type of surveillance was not anticipated in FISA and raises all sorts of legal issues. As Sen. Rockefeller wrote in a secret memo after being briefed on the program, it raises "profound oversight issues," and it is unclear whether FISA would have approved this activity. It is also unclear whether Echelon-style eavesdropping would prevent terrorist attacks. In the months before 9/11, Echelon noticed considerable "chatter": bits of conversation suggesting some sort of imminent attack. But because much of the planning for 9/11 occurred face-to-face, analysts were unable to learn details. The fundamental issue here is security, but it's not the security most people think of. James Madison famously said: "If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary." Terrorism is a serious risk to our nation, but an even greater threat is the centralization of American political power in the hands of any single branch of the government. Over 200 years ago, the framers of the U.S. Constitution established an ingenious security device against tyrannical government: they divided government power among three different bodies. A carefully thought out system of checks and balances in the executive branch, the legislative branch, and the judicial branch, ensured that no single branch became too powerful. After watching tyrannies rise and fall throughout Europe, this seemed like a prudent way to form a government. Courts monitor the actions of police. Congress passes laws that even the president must follow. Since 9/11, the United States has seen an enormous power grab by the executive branch. It's time we brought back the security system that's protected us from government for over 200 years. _______________________________________________ EPIC_IDOF mailing list EPIC_IDOF at mailman.epic.org https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_idof ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Mon Dec 19 03:07:46 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 19 Dec 2005 12:07:46 +0100 Subject: [dave@farber.net: [IP] Military's news-planting service (New York Times)] Message-ID: <20051219110746.GB2249@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Mon Dec 19 04:51:55 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 19 Dec 2005 13:51:55 +0100 Subject: Agents' visit chills UMass Dartmouth senior Message-ID: <20051219125155.GF2249@leitl.org> "My instinct is that there is a lot more monitoring than we think," http://www.southcoasttoday.com/daily/12-05/12-17-05/a09lo650.htm Agents' visit chills UMass Dartmouth senior By AARON NICODEMUS, Standard-Times staff writer NEW BEDFORD -- A senior at UMass Dartmouth was visited by federal agents two months ago, after he requested a copy of Mao Tse-Tung's tome on Communism called "The Little Red Book." Two history professors at UMass Dartmouth, Brian Glyn Williams and Robert Pontbriand, said the student told them he requested the book through the UMass Dartmouth library's interlibrary loan program. The student, who was completing a research paper on Communism for Professor Pontbriand's class on fascism and totalitarianism, filled out a form for the request, leaving his name, address, phone number and Social Security number. He was later visited at his parents' home in New Bedford by two agents of the Department of Homeland Security, the professors said. The professors said the student was told by the agents that the book is on a "watch list," and that his background, which included significant time abroad, triggered them to investigate the student further. "I tell my students to go to the direct source, and so he asked for the official Peking version of the book," Professor Pontbriand said. "Apparently, the Department of Homeland Security is monitoring inter-library loans, because that's what triggered the visit, as I understand it." Although The Standard-Times knows the name of the student, he is not coming forward because he fears repercussions should his name become public. He has not spoken to The Standard-Times. The professors had been asked to comment on a report that President Bush had authorized the National Security Agency to spy on as many as 500 people at any given time since 2002 in this country. The eavesdropping was apparently done without warrants. The Little Red Book, is a collection of quotations and speech excerpts from Chinese leader Mao Tse-Tung. In the 1950s and '60s, during the Cultural Revolution in China, it was required reading. Although there are abridged versions available, the student asked for a version translated directly from the original book. The student told Professor Pontbriand and Dr. Williams that the Homeland Security agents told him the book was on a "watch list." They brought the book with them, but did not leave it with the student, the professors said. Dr. Williams said in his research, he regularly contacts people in Afghanistan, Chechnya and other Muslim hot spots, and suspects that some of his calls are monitored. "My instinct is that there is a lot more monitoring than we think," he said. Dr. Williams said he had been planning to offer a course on terrorism next semester, but is reconsidering, because it might put his students at risk. "I shudder to think of all the students I've had monitoring al-Qaeda Web sites, what the government must think of that," he said. "Mao Tse-Tung is completely harmless." Contact Aaron Nicodemus at anicodemus at s-t.com -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Mon Dec 19 07:37:34 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 19 Dec 2005 16:37:34 +0100 Subject: [gnu@toad.com: NSA director on NSA domestic wiretaps (to Cong in Oct 2002)] Message-ID: <20051219153734.GM2249@leitl.org> ----- Forwarded message from John Gilmore ----- From eugen at leitl.org Mon Dec 19 07:39:23 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 19 Dec 2005 16:39:23 +0100 Subject: [charliek@exchange.microsoft.com: It's almost enough to make you feel sorry for Diebold] Message-ID: <20051219153923.GN2249@leitl.org> Diebold has emerged from similiar unscathed. Somebody must be covering them. Why should this time be different? ----- Forwarded message from Charlie Kaufman ----- From ralf at fimaluka.org Mon Dec 19 07:56:08 2005 From: ralf at fimaluka.org (Ralf-Philipp Weinmann) Date: Mon, 19 Dec 2005 16:56:08 +0100 Subject: Tor client over Java LINUX In-Reply-To: <20051212172633.GE2249@leitl.org> References: <20051211085331.GD2249@leitl.org> <20051212171223.GA31477@proton.jfet.org> <20051212172633.GE2249@leitl.org> Message-ID: <1FD1EB91-2998-458E-B853-CD16F18123ED@fimaluka.org> On Dec 12, 2005, at 6:26 PM, Eugen Leitl wrote: > On Mon, Dec 12, 2005 at 12:12:23PM -0500, Riad S. Wahby wrote: >> Tyler Durden wrote: >>> I recently read that a simple LINUX OS has been written in java. >> >> Have a reference handy? I'm just curious to see where they're going >> with this. > > I presume everybody has seen http://www.masswerk.at/jsuix/ Uhm. That's not really an entire operating system. Moreover it's implemented in Javascript, not in Java. Anyone got a reference for the Unix-like OS implementation atop of a JVM? I haven't heard of anyone trying to do a OS-on-top-of-a-JVM implementation since the failure of Sun's JavaOS [1]. Anyway. As far as I know, the JAP source code [1] contains some usable Java tor client implementation if you throw out all the GUI crap. Writing a TOR server implementation in Java shouldn't be so hard either. Cheers, Ralf [1] P.W. Madany, S. Keohan, D. Kramer, T. Saulpaugh: JavaOS: A Standalone Java Environment White Paper, Sun Microsystems, Mountain View, CA, May, 1996 [2] JAP source code http://anon.inf.tu-dresden.de/develop/sources_en.html From ralf at fimaluka.org Mon Dec 19 07:57:15 2005 From: ralf at fimaluka.org (Ralf-Philipp Weinmann) Date: Mon, 19 Dec 2005 16:57:15 +0100 Subject: Tor client over Java LINUX In-Reply-To: <20051213162054.GH2249@leitl.org> References: <20051212173318.GG2249@leitl.org> <20051213162054.GH2249@leitl.org> Message-ID: On Dec 13, 2005, at 5:20 PM, Eugen Leitl wrote: > On Tue, Dec 13, 2005 at 11:16:04AM -0500, Tyler Durden wrote: > >> Of course I'll grant that such a publically available Tor node >> offers a >> kind of anonymity that most Cypherpunks would pass on, but I still >> maintain >> that huge increases in quasi-anonymous traffic* is good for those >> of us who >> roll our own, more secure communications. > > A really good multiplier would be to package Tor into a malware > vector. Yeah. That would really work. We should pitch that idea to some spammers :) Enough cover traffic in *THAT* mix-network as well... Cheers, Ralf From eugen at leitl.org Mon Dec 19 08:14:47 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 19 Dec 2005 17:14:47 +0100 Subject: Tor client over Java LINUX In-Reply-To: References: <20051212173318.GG2249@leitl.org> <20051213162054.GH2249@leitl.org> Message-ID: <20051219161447.GW2249@leitl.org> On Mon, Dec 19, 2005 at 04:57:15PM +0100, Ralf-Philipp Weinmann wrote: > >A really good multiplier would be to package Tor into a malware > >vector. > > Yeah. That would really work. We should pitch that idea to some > spammers :) Enough cover traffic in *THAT* mix-network as well... Port 25 is blocked in default exit policy. Script kiddies are already using the Tor network, whether you like it, or not. Spammers who already command vast armies of zombies would laugh at your Tor network. Trafic remixing buys nothing for them, but a means to conceal control traffic (which they don't seem to bother with, bouncing traffic of 0wn3d machines seems to be enough). All they want is to pump out as much traffic as possible, any overhead just slows them down. Of course packaging Tor in a malware vector would result in bad press. However, as things currently go, offering anonymity already firmly puts you into drug-trafficking pedophile terrorist mobsters corner. So, have you stopped beating your wife yet? -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Mon Dec 19 14:57:40 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 19 Dec 2005 17:57:40 -0500 Subject: [Clips] Bush Announces Do-Not-Wiretap List Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Mon, 19 Dec 2005 17:56:16 -0500 To: Philodox Clips List From: "R. A. Hettinga" Subject: [Clips] Bush Announces Do-Not-Wiretap List Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com ScrappleFace ; December 19, 2005 Bush Announces Do-Not-Wiretap List by Scott Ott (2005-12-19) - Just days after the New York Times released classified information about eavesdropping by the NSA on Americans linked to international terrorists, President George Bush at a news conference today announced creation of a new website which allows people to voluntarily exclude their phone numbers and email addresses from NSA wiretap lists. The new National Do Not Wiretap Registry (DoNotWiretap.gov) follows the successful DoNotCall.gov model of allowing citizens to opt-out of harassment by electronic means. "If you're concerned that your civil rights might be violated simply because some al Qaeda member has your information in his cellphone or computer," the president said, "then go to DoNotWiretap.gov, enter your contact phone number, email address, and names of terrorists who might have you on speed dial and we'll let the National Security Administration know that you don't want them eavesdropping on you." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From Earline.Pollock at aventura.uk.com Mon Dec 19 20:44:39 2005 From: Earline.Pollock at aventura.uk.com (Freddie Childers) Date: Mon, 19 Dec 2005 23:44:39 -0500 Subject: Techencomia Customer Support References: <33922259503961845412309@bobreidell.com> Message-ID: <954006swear9331683@hanley> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 733 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: coleman.5.gif Type: image/gif Size: 8945 bytes Desc: not available URL: From arma at mit.edu Mon Dec 19 23:13:09 2005 From: arma at mit.edu (Roger Dingledine) Date: Tue, 20 Dec 2005 02:13:09 -0500 Subject: We have a new Windows Tor installer Message-ID: Hi folks, Matt Edman has created a "package bundle" that includes Tor, TorCP, and Privoxy. We've rewritten the Tor win32 instructions to tell people to use that rather than doing all the steps manually: http://tor.eff.org/cvs/tor/doc/tor-doc-win32.html If you're a Windows user, please take a look and let us know if there are any installation problems, and if there are any documentation things we should fix. Thanks! --Roger ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From bill.stewart at pobox.com Tue Dec 20 06:51:37 2005 From: bill.stewart at pobox.com (Bill Stewart) Date: December 20, 2005 6:51:37 PM EST Subject: LA Times on NYT spying story Message-ID: Hi, Brock, Dave - the URL lost a hyphen when it got folded; the two halves are: http://www.latimes.com/news/nationworld/nation/ la-na-media20dec20,1,3657594.story?coll=la-headlines-nation Meanwhile, not only is this yet another reminder of the fallacy of the right-wing rants about liberal press bias, but President Bush has been asserting that he's told Congress a dozen times that he's doing this, and none of the Congresscritters who were informed have seen fit to tell the public either, so the President and NYTimes have a lot of unindicted co-conspirators. Another LA Times story http://www.latimes.com/news/nationworld/nation/ la-na-spy20dec20,1,4766037.story?coll=la-headlines-nation reports that the main difference between Bush's authorization and the powers already granted under the 1978 FISA laws is that FISA has the Constitutional requirement for a court to find "probable cause" for issuing warrants, while Bush's order allows an NSA shift supervisor to decide there's "a reasonable basis" for wiretapping, even if there's not enough evidence for a FISC rubber stamp. Bill Stewart ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From dewayne at warpspeed.com Tue Dec 20 08:25:41 2005 From: dewayne at warpspeed.com (Dewayne Hendricks) Date: December 20, 2005 8:25:41 AM EST Subject: [Dewayne-Net] San Francisco leaders voice concerns about Wi- Message-ID: Fi project Reply-To: dewayne at warpspeed.com San Francisco leaders voice concerns about Wi-Fi project Agency members want to avoid a restrictive franchise deal News Story by Stephen Lawson DECEMBER 19, 2005 (IDG NEWS SERVICE) - San Francisco's plan for citywide Wi-Fi ran into some friction Friday from a local regulatory agency. The government of the City and County of San Francisco is readying a request for proposal (RFP) for the wireless network, which is intended to provide free or affordable Internet access throughout most of the city. Several possible partners, including Google Inc., EarthLink Inc., Motorola Inc. and a local nonprofit project called SFLan, have already expressed interest in the project through an earlier request for information. The San Francisco plan would become one of the largest rollouts yet of government-initiated broadband, a concept that has generated heated political discussion in the past several months. At a hearing Friday, some members of San Francisco's Local Agency Formation Commission (LAFCO) grilled Chris Vein, director of the city's Department of Technology and Information Services (DTIS), about the process of deciding how to build and operate the network. LAFCO, made up of San Francisco county supervisors and members of the public, has a broad oversight role, including approval of district boundaries and annexation of land as well as contract approvals. The agency's aim in the hearing was to stimulate discussion, supervisor and LAFCO member Jake McGoldrick said in an interview after the meeting. County Supervisor Ross Mirkarimi and other LAFCO members said they fear a deal like San Francisco's current franchise agreement with cable operator Comcast Corp., in which the board of supervisors has been presented with already negotiated franchise deals that it must approve or vote down. DTIS handles cable franchise administration and other communications and IT responsibilities for the city as well as spearheading the Wi-Fi project. [snip] Weblog at: ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Mon Dec 19 23:55:58 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 20 Dec 2005 08:55:58 +0100 Subject: [arma@mit.edu: We have a new Windows Tor installer] Message-ID: <20051220075558.GS2249@leitl.org> ----- Forwarded message from Roger Dingledine ----- From lauren at vortex.com Tue Dec 20 10:01:41 2005 From: lauren at vortex.com (Lauren Weinstein) Date: December 20, 2005 10:01:41 PM EST Subject: "Double Secret" Wiretaps vs. the President's 2004 Statement Message-ID: Dave, In April 2004, President Bush made a seemingly direct and unequivocal statement regarding U.S. wiretapping policies in the fight against terrorism. We now know that he spoke these words after authorizing the NSA warrantless wiretapping program. You can hear his comments for yourself in this very short video: http://www.vortex.com/bv/wiretaps.wmv (Windows Media) The White House explanation for this seemingly gaping discrepancy is that the President was supposedly (we're now told) only talking about "ordinary" secret wiretaps under the PATRIOT Act, not about what we might call "Double Secret" NSA wiretaps (legal or not). Newspeak is alive and well. Dean Wormer of "Animal House" fame would be proud. --Lauren-- Lauren Weinstein lauren at pfir.org or lauren at vortex.com or lauren at eepi.org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, EEPI - Electronic Entertainment Policy Initiative - http://www.eepi.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Tue Dec 20 08:36:29 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 20 Dec 2005 11:36:29 -0500 Subject: [Clips] Thank You for Wiretapping Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Tue, 20 Dec 2005 11:16:31 -0500 To: Philodox Clips List From: "R. A. Hettinga" Subject: [Clips] Thank You for Wiretapping Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com The Wall Street Journal December 20, 2005 REVIEW & OUTLOOK Thank You for Wiretapping December 20, 2005; Page A14 Wisconsin Democrat Russ Feingold wants to be President, and that's fair enough. By all means go for it in 2008. The same applies to Lindsey Graham, the South Carolina Republican who's always on the Sunday shows fretting about the latest criticism of the Bush Administration's prosecution of the war on terror. But until you run nationwide and win, Senators, please stop stripping the Presidency of its Constitutional authority to defend America. That is the real issue raised by the Beltway furor over last week's leak of National Security Agency wiretaps on international phone calls involving al Qaeda suspects. The usual assortment of Senators and media potentates is howling that the wiretaps are "illegal," done "in total secret," and threaten to bring us a long, dark night of fascism. "I believe it does violate the law," averred Mr. Feingold on CNN Sunday. The truth is closer to the opposite. What we really have here is a perfect illustration of why America's Founders gave the executive branch the largest measure of Constitutional authority on national security. They recognized that a committee of 535 talking heads couldn't be trusted with such grave responsibility. There is no evidence that these wiretaps violate the law. But there is lots of evidence that the Senators are "illegally" usurping Presidential power -- and endangering the country in the process. * * * The allegation of Presidential law-breaking rests solely on the fact that Mr. Bush authorized wiretaps without first getting the approval of the court established under the Foreign Intelligence Surveillance Act of 1978. But no Administration then or since has ever conceded that that Act trumped a President's power to make exceptions to FISA if national security required it. FISA established a process by which certain wiretaps in the context of the Cold War could be approved, not a limit on what wiretaps could ever be allowed. The courts have been explicit on this point, most recently in In Re: Sealed Case, the 2002 opinion by the special panel of appellate judges established to hear FISA appeals. In its per curiam opinion, the court noted that in a previous FISA case (U.S. v. Truong), a federal "court, as did all the other courts to have decided the issue [our emphasis], held that the President did have inherent authority to conduct warrantless searches to obtain foreign intelligence information." And further that, "We take for granted that the President does have that authority and, assuming that is so, FISA could not encroach on the President's constitutional power." On Sunday Mr. Graham opined that "I don't know of any legal basis to go around" FISA -- which suggests that next time he should do his homework before he implies on national TV that a President is acting like a dictator. (Mr. Graham made his admission of ignorance on CBS's "Face the Nation," where he was representing the Republican point of view. Democrat Joe Biden was certain that laws had been broken, while the two journalists asking questions clearly had no idea what they were talking about. So much for enlightening television.) The mere Constitution aside, the evidence is also abundant that the Administration was scrupulous in limiting the FISA exceptions. They applied only to calls involving al Qaeda suspects or those with terrorist ties. Far from being "secret," key Members of Congress were informed about them at least 12 times, President Bush said yesterday. The two district court judges who have presided over the FISA court since 9/11 also knew about them. Inside the executive branch, the process allowing the wiretaps was routinely reviewed by Justice Department lawyers, by the Attorney General personally, and with the President himself reauthorizing the process every 45 days. In short, the implication that this is some LBJ-J. Edgar Hoover operation designed to skirt the law to spy on domestic political enemies is nothing less than a political smear. All the more so because there are sound and essential security reasons for allowing such wiretaps. The FISA process was designed for wiretaps on suspected foreign agents operating in this country during the Cold War. In that context, we had the luxury of time to go to the FISA court for a warrant to spy on, say, the economic counselor at the Soviet embassy. In the war on terror, the communications between terrorists in Frankfurt and agents in Florida are harder to track, and when we gather a lead the response often has to be immediate. As we learned on 9/11, acting with dispatch can be a matter of life and death. The information gathered in these wiretaps is not for criminal prosecution but solely to detect and deter future attacks. This is precisely the kind of contingency for which Presidential power and responsibility is designed. What the critics in Congress seem to be proposing -- to the extent they've even thought much about it -- is the establishment of a new intelligence "wall" that would allow the NSA only to tap phones overseas while the FBI would tap them here. Terrorists aren't about to honor such a distinction. As Secretary of State Condoleezza Rice said Sunday on NBC's "Meet the Press," before 9/11 "Our intelligence agencies looked out; our law enforcement agencies looked in. And people could -- terrorists could -- exploit the seam between them." The wiretaps are designed to close the seam. * * * As for power without responsibility, nobody beats Congress. Mr. Bush has publicly acknowledged and defended his decisions. But the Members of Congress who were informed about this all along are now either silent or claim they didn't get the full story. This is why these columns have long opposed requiring the disclosure of classified operations to the Congressional Intelligence Committees. Congress wants to be aware of everything the executive branch does, but without being accountable for anything at all. If Democrats want to continue this game of intelligence and wiretap "gotcha," the White House should release the names of every Congressman who received such a briefing. Which brings us to this national security leak, which Mr. Bush yesterday called "a shameful act." We won't second guess the New York Times decision to publish. But everyone should note the irony that both the Times and Washington Post claimed to be outraged by, and demanded a special counsel to investigate, the leak of Valerie Plame's identity, which did zero national security damage. By contrast, the Times's NSA leak last week, and an earlier leak in the Washington Post on "secret" prisons for al Qaeda detainees in Europe, are likely to do genuine harm by alerting terrorists to our defenses. If more reporters from these newspapers now face the choice of revealing their sources or ending up in jail, those two papers will share the Plame blame. The NSA wiretap uproar is one of those episodes, alas far too common, that makes us wonder if Washington is still a serious place. Too many in the media and on Capitol Hill have forgotten that terrorism in the age of WMD poses an existential threat to our free society. We're glad Mr. Bush and his team are forcefully defending their entirely legal and necessary authority to wiretap enemies seeking to kill innocent Americans. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From EEkid at aol.com Tue Dec 20 11:41:30 2005 From: EEkid at aol.com (EEkid at aol.com) Date: December 20, 2005 11:41:30 PM EST Subject: State refuses to approve Diebold voting machines Message-ID: State refuses to approve Diebold voting machines By Edwin Garcia Mercury News Sacramento Bureau SACRAMENTO - Suggesting the ``security and integrity'' of electronic voting could be at risk, Secretary of State Bruce McPherson on Tuesday refused to approve the use of thousands of electronic voting machines pending a federal evaluation. The touch-screen and optical-scan machines, made by Diebold Election Systems and used in 17 counties, including Alameda, were found to have ``unresolved significant security concerns'' with a memory card that stores votes in each machine, McPherson's elections chief, Caren Daniels-Meade, said in a letter to the company's vice president, David Byrd. At issue is whether the removable cards, which are used to program and configure the machines, will keep data secure. The Secretary of State's office is asking Diebold to submit the machine's source code for review by the federal Independent Testing Authorities before resubmitting the company's application for certification in California. Byrd, Diebold's vice president of business operations, is eager to comply. ``Diebold Election Systems is always willing to participate in responsible testing to show that our voting systems are up to the task of giving more Californians an accessible and reliable way to vote,'' Byrd said. ``This has always been our goal: to provide a more accurate, secure and accessible voting process for all Californians.'' http://www.mercurynews.com/mld/mercurynews/13452214.htm ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Tue Dec 20 08:59:12 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 20 Dec 2005 11:59:12 -0500 Subject: [Clips] Why Bush Approved the Wiretaps Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Tue, 20 Dec 2005 11:57:58 -0500 To: Philodox Clips List From: "R. A. Hettinga" Subject: [Clips] Why Bush Approved the Wiretaps Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com The National Review Byron York December 19, 2005, 1:34 p.m. Why Bush Approved the Wiretaps Not long ago, both parties agreed the FISA court was a problem. In the days since the revelation that President Bush authorized the National Security Agency to bypass, in certain cases of suspected al Qaeda activity, the special court set up to provide warrants for national-security wiretaps, the question has come up repeatedly: Why did he do it? At his news conference this morning, the president explained that he believed the U.S. government had to "be able to act fast" to intercept the "international communications of people with known links to al Qaeda." "Al Qaeda was not a conventional enemy," Bush said. "This new threat required us to think and act differently." But there's more to the story than that. In 2002, when the president made his decision, there was widespread, bipartisan frustration with the slowness and inefficiency of the bureaucracy involved in seeking warrants from the special intelligence court, known as the FISA court. Even later, after the provisions of the Patriot Act had had time to take effect, there were still problems with the FISA court - problems examined by members of the September 11 Commission - and questions about whether the court can deal effectively with the fastest-changing cases in the war on terror. People familiar with the process say the problem is not so much with the court itself as with the process required to bring a case before the court. "It takes days, sometimes weeks, to get the application for FISA together," says one source. "It's not so much that the court doesn't grant them quickly, it's that it takes a long time to get to the court. Even after the Patriot Act, it's still a very cumbersome process. It is not built for speed, it is not built to be efficient. It is built with an eye to keeping [investigators] in check." And even though the attorney general has the authority in some cases to undertake surveillance immediately, and then seek an emergency warrant, that process is just as cumbersome as the normal way of doing things. Lawmakers of both parties recognized the problem in the months after the September 11 terrorist attacks. They pointed to the case of Coleen Rowley, the FBI agent who ran up against a number roadblocks in her effort to secure a FISA warrant in the case of Zacarias Moussaoui, the al Qaeda operative who had taken flight training in preparation for the hijackings. Investigators wanted to study the contents of Moussaoui's laptop computer, but the FBI bureaucracy involved in applying for a FISA warrant was stifling, and there were real questions about whether investigators could meet the FISA court's probable-cause standard for granting a warrant. FBI agents became so frustrated that they considered flying Moussaoui to France, where his computer could be examined. But then the attacks came, and it was too late. Rowley wrote up her concerns in a famous 13-page memo to FBI Director Robert Mueller, and then elaborated on them in testimony to Congress. "Rowley depicted the legal mechanism for security warrants under the Foreign Intelligence Surveillance Act, or FISA, as burdensome and restrictive, a virtual roadblock to effective law enforcement," Legal Times reported in September 2002. The Patriot Act included some provisions, supported by lawmakers of both parties, to make securing such warrants easier. But it did not fix the problem. In April 2004, when members of the September 11 Commission briefed the press on some of their preliminary findings, they reported that significant problems remained. "Many agents in the field told us that although there is now less hesitancy in seeking approval for electronic surveillance under the Foreign Intelligence Surveillance Act, or FISA, the application process nonetheless continues to be long and slow," the commission said. "Requests for such approvals are overwhelming the ability of the system to process them and to conduct the surveillance. The Department of Justice and FBI are attempting to address bottlenecks in the process." It was in the context of such bureaucratic bottlenecks that the president first authorized, and then renewed, the program to bypass the FISA court in cases of international communications of people with known al Qaeda links. There were other reasons for the president to act, as well. In short, it appears that he was trying to shake the bureaucracy into action. The September 11 Commission report pointed to a deeply entrenched it's-not-my-job mentality within the National Security Agency that led the organization to shy away from aggressive antiterrorism surveillance. "The law requires the NSA to not deliberately collect data on U.S. citizens or on persons in the United States without a warrant based on foreign intelligence requirements," the 9/11 commission report wrote, While the NSA had the technical capability to report on communications with suspected terrorist facilities in the Middle East, the NSA did not seek FISA Court warrants to collect communications between individuals in the United States and foreign countries, because it believed that this was an FBI role. It also did not want to be viewed as targeting persons in the United States and possibly violating laws that governed NSA's collection of foreign intelligence. An almost obsessive protection of sources and methods by the NSA, and its focus on foreign intelligence, and its avoidance of anything domestic would...be important elements in the story of 9/11. Bush's order, it appears, was an attempt to change that situation. Especially before, and even after, passage of the Patriot Act, the FISA bureaucracy and the agencies that dealt with it were too unwieldy to handle some fast-moving intelligence cases. And now, a group of 43 Democrats and four Republicans is trying to undo even those improvements brought by the Patriot Act; after the effort to renew the law was filibustered last week, Senate Minority Leader Harry Reid exulted, "We killed the Patriot Act." Put all those factors together, and they explain the president's impassioned argument that he has to act to keep the pressure on al Qaeda - especially at a time when others, for whatever reasons, are trying to stop him. - Byron York, NR's White House correspondent, is the author of The Vast Left Wing Conspiracy: The Untold Story of How Democratic Operatives, Eccentric Billionaires, Liberal Activists, and Assorted Celebrities Tried to Bring Down a President - and Why They'll Try Even Harder Next Time. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From perry at piermont.com Tue Dec 20 09:14:30 2005 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 20 Dec 2005 12:14:30 -0500 Subject: [Clips] Thank You for Wiretapping In-Reply-To: (R. A. Hettinga's message of "Tue, 20 Dec 2005 11:36:29 -0500") References: Message-ID: <87r787n11l.fsf@snark.piermont.com> > From: "R. A. Hettinga" [...] > The Wall Street Journal > > December 20, 2005 > REVIEW & OUTLOOK > > Thank You for Wiretapping > December 20, 2005; Page A14 [...] > There is no evidence that these wiretaps violate the law.[...] Well, no evidence if you can't read. If you can read, I suggest looking here: http://www.law.cornell.edu/uscode/html/uscode50/usc_sup_01_50_10_36_20_I.html That is the text of the law. It was passed in 1978 after the congress got upset about the NSA spying without court orders, so the intent is unmistakable. The law says "you can listen in on US citizens all you like, but you have to request permission of a special court, the FISC. You can start listening in on their communications up to 72 hours before asking the FISC so you can't make a claim that there was no time to ask, but you must ultimately ask the FISC. If you do not ask the FISC, what you do is a felony punishable by five years in prison and a $10,000 fine, and the people you listened in on get to sue you for civil damages, too." You can read the law yourself. Yo do not need to believe me on it. I suggest strongly that people take the five minutes needed to read this section of the law in its entirety. It is short and simple. There is no complicated legal language in it. It is also utterly impossible to misinterpret. Once you have read it for yourself, no spin doctor like Bob or the Wall Street Journal can tell you what to think. No one can pretend to you that the truth is not the truth. You will know for yourself, without the need for the media to interpret things for you. So, I suggest you arm yourself against people who choose to tell you things that aren't true by reading for yourself. Again, it will take you less than five minutes. There are also lots of people out there who will claim to you that the President can ignore the law. That's not true -- we have multiple Supreme Court precedents that say otherwise. Still others will tell you that the President's military authority lets him ignore the law in certain ways, and again, we have Supreme Court precedents that cover that. So, why are some people pretending that black is white and white is black? Because for once, George W. Bush has actually slipped up and committed a federal crime. That means that everyone involved is dancing as hard as they can, trying to kick up enough dust that people forget about lines in the law like: An offense described in this section is punishable by a fine of not more than $10,000 or imprisonment for not more than five years, or both. They're gambling that you won't read the law for yourself, that you won't know what it says, that you'll believe them when they say that the truth is not the truth. They're betting on the ignorance and foolishness of the US public, on the laziness of the public. Do not let them win. Read the law for yourself. See for yourself that the President of the United States willfully committed a felony and encouraged others to do so, not to protect anyone, because the law already allowed legal surveillance, even in emergencies, but because the administration arrogantly decided that it was above the law. Read for yourself. Then, call your congressman and your senators and tell them to read for themselves. Do not let this die. Do not let it be forgotten. Perry From jya at cryptome.net Tue Dec 20 12:19:50 2005 From: jya at cryptome.net (John Young) Date: Tue, 20 Dec 2005 12:19:50 -0800 Subject: [Clips] Thank You for Wiretapping In-Reply-To: Message-ID: The proponents of NSA snooping are getting their drawers twisted, some calling Echelon Clinton's baby, with Drudge and Limbaugh and other wing-nuts linking to a CBS 60 Minutes cursory report, and others of the war lovers disavowing it, while the WSJ cheers for what it does do not understand, ignorantly accusing others of misunderstanding. Duncan Campbell wrote a long report on Echelon for EPIC in June 2000 which the "privacy" org refused to publish, claiming NSA does not spy on Americans. We asked EPIC in January 2005 for permission to publish the report but never got an answer. Here it is, entitled "Signals Intelligence and Human Rights - the ECHELON report:" http://cryptome.org/sigint-hr-dc.htm Campbell carefully reviews all technical, political and legal aspects of Echelon and NSA's global interception programs, and there is meat there for all sides of the current superficial spitting contest -- WSJ and the NYT and WashPo could learn from Campbell. He cites 70s eavesdropping reports from all of them which seem to have been ignored in the shallow recent accounts. Campbell's principal conclusion is that NSA and its backers have lied consistently about what it is doing, from the Church Committee hearings in the 70s on through 2000, and likely have lied since then as a matter of policy, lied to Congress, lied to the public, and perhaps lied to its backers so polished and encrusted is its concealment. Porter Goss, along with Bob Barr, both CIA dudes, tried to pry open NSA's box in the late 90s and had no luck due to the blind faith that NSA could do no wrong, or at least could do no wrong in the eyes of overseers. To be sure, what NSA siphons about US corporate, governmental and political corruption could silence the most frightened of WSJ-adoring malfeasors, a trick learned from Hoover. Don't spy in the US, too much villany in the homeland of winner take all markets. What NSA has on the Times, WashPo and WSJ top dogs would be wondrous to read. From rah at shipwright.com Tue Dec 20 09:54:35 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 20 Dec 2005 12:54:35 -0500 Subject: [Clips] Clinton Claimed Authority to Order No-Warrant Searches Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Tue, 20 Dec 2005 12:52:41 -0500 To: Philodox Clips List From: "R. A. Hettinga" Subject: [Clips] Clinton Claimed Authority to Order No-Warrant Searches Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com The National Review Byron York December 20, 2005, 9:46 a.m. Clinton Claimed Authority to Order No-Warrant Searches Does anyone remember that? In a little-remembered debate from 1994, the Clinton administration argued that the president has "inherent authority" to order physical searches - including break-ins at the homes of U.S. citizens - for foreign intelligence purposes without any warrant or permission from any outside body. Even after the administration ultimately agreed with Congress's decision to place the authority to pre-approve such searches in the Foreign Intelligence Surveillance Act (FISA) court, President Clinton still maintained that he had sufficient authority to order such searches on his own. "The Department of Justice believes, and the case law supports, that the president has inherent authority to conduct warrantless physical searches for foreign intelligence purposes," Deputy Attorney General Jamie Gorelick testified before the Senate Intelligence Committee on July 14, 1994, "and that the President may, as has been done, delegate this authority to the Attorney General." "It is important to understand," Gorelick continued, "that the rules and methodology for criminal searches are inconsistent with the collection of foreign intelligence and would unduly frustrate the president in carrying out his foreign intelligence responsibilities." Executive Order 12333, signed by Ronald Reagan in 1981, provides for such warrantless searches directed against "a foreign power or an agent of a foreign power." Reporting the day after Gorelick's testimony, the Washington Post's headline - on page A-19 - read, "Administration Backing No-Warrant Spy Searches." The story began, "The Clinton administration, in a little-noticed facet of the debate on intelligence reforms, is seeking congressional authorization for U.S. spies to continue conducting clandestine searches at foreign embassies in Washington and other cities without a federal court order. The administration's quiet lobbying effort is aimed at modifying draft legislation that would require U.S. counterintelligence officials to get a court order before secretly snooping inside the homes or workplaces of suspected foreign agents or foreign powers." In her testimony, Gorelick made clear that the president believed he had the power to order warrantless searches for the purpose of gathering intelligence, even if there was no reason to believe that the search might uncover evidence of a crime. "Intelligence is often long range, its exact targets are more difficult to identify, and its focus is less precise," Gorelick said. "Information gathering for policy making and prevention, rather than prosecution, are its primary focus." The debate over warrantless searches came up after the case of CIA spy Aldrich Ames. Authorities had searched Ames's house without a warrant, and the Justice Department feared that Ames's lawyers would challenge the search in court. Meanwhile, Congress began discussing a measure under which the authorization for break-ins would be handled like the authorization for wiretaps, that is, by the FISA court. In her testimony, Gorelick signaled that the administration would go along a congressional decision to place such searches under the court - if, as she testified, it "does not restrict the president's ability to collect foreign intelligence necessary for the national security." In the end, Congress placed the searches under the FISA court, but the Clinton administration did not back down from its contention that the president had the authority to act when necessary. - Byron York, NR's White House correspondent, is the author of The Vast Left Wing Conspiracy: The Untold Story of How Democratic Operatives, Eccentric Billionaires, Liberal Activists, and Assorted Celebrities Tried to Bring Down a President - and Why They'll Try Even Harder Next Time. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From perry at piermont.com Tue Dec 20 10:04:00 2005 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 20 Dec 2005 13:04:00 -0500 Subject: [Clips] Why Bush Approved the Wiretaps In-Reply-To: (R. A. Hettinga's message of "Tue, 20 Dec 2005 11:59:12 -0500") References: Message-ID: <87k6dzmyr3.fsf@snark.piermont.com> "R. A. Hettinga" writes: [...]> > The National Review > Byron York [...] > At his news conference this morning, the president explained that he > believed the U.S. government had to "be able to act fast" to intercept the > "international communications of people with known links to al Qaeda." "Al > Qaeda was not a conventional enemy," Bush said. "This new threat required > us to think and act differently." The FISA law already allows taps to go on for 72 hours before a court is informed. That's three days. In three days people can't fill in a form and deliver it to the FISA court? The FISC has approved 15,000 wiretaps and rejected less than ten in its history. > But there's more to the story than that. In 2002, when the president made > his decision, there was widespread, bipartisan frustration with the > slowness and inefficiency of the bureaucracy involved in seeking warrants > from the special intelligence court, known as the FISA court. It is so inefficient that you don't even have to ask for THREE DAYS. Three days isn't enough time? More to the point, even if the President thinks something is "inefficient", the law is the law. If it says "those who do not seek a FISC warrant go to jail for five years", the President has to obey. > People familiar with the process say the problem is not so much with the > court itself as with the process required to bring a case before the court. > "It takes days, sometimes weeks, to get the application for FISA together," > says one source. "It's not so much that the court doesn't grant them > quickly, it's that it takes a long time to get to the court. Of course, this is in fact untrue. FISA requests are as fast as the Department of Justice and NSA wish them to be. Of course, even if it were true, the law is clear, and the President is not the legislature. The administration had years and years in which to ask Congress to alter the law. It did not do so. It chose to simply solicit the commission of felonies. All these comments about "slowness" and "cumbersomeness" etc. are attempts by the magician to keep your eye away from what he does not want you to see. Do not be distracted. A felony was solicited by the President and committed by employees of the NSA. Do not let them distract you. Keep your eye on the target. > And even though the attorney general has the > authority in some cases to undertake surveillance immediately, and then > seek an emergency warrant, that process is just as cumbersome as the normal > way of doing things. Actually, the law doesn't say "in some cases". Notwithstanding any other provision of this subchapter, when the Attorney General reasonably determines that (1) an emergency situation exists with respect to the employment of electronic surveillance to obtain foreign intelligence information before an order authorizing such surveillance can with due diligence be obtained; and (2) the factual basis for issuance of an order under this subchapter to approve such surveillance exists; he may authorize the emergency employment of electronic surveillance if a judge having jurisdiction under section 1803 of this title is informed by the Attorney General or his designee at the time of such authorization that the decision has been made to employ emergency electronic surveillance and if an application in accordance with this subchapter is made to that judge as soon as practicable, but not more than 72 hours after the Attorney General authorizes such surveillance. So it isn't "in some cases" -- it is basically any time the Attorney General decides to rubber stamp it. Again, don't be fooled by the smokescreen. Read the law yourself. See for yourself that the President has disobeyed a criminal statute. > Lawmakers of both parties recognized the problem in the months after the > September 11 terrorist attacks. They pointed to the case of Coleen Rowley, > the FBI agent who ran up against a number roadblocks in her effort to > secure a FISA warrant in the case of Zacarias Moussaoui, the al Qaeda > operative who had taken flight training in preparation for the hijackings. > Investigators wanted to study the contents of Moussaoui's laptop computer, > but the FBI bureaucracy involved in applying for a FISA warrant was > stifling, and there were real questions about whether investigators could > meet the FISA court's probable-cause standard for granting a > warrant. A fascinating story, except it is on its face false. FISA warrants are for intercepting communications, not for examining laptops: Electronic surveillance means (1) the acquisition by an electronic, mechanical, or other surveillance device of the contents of any wire or radio communication sent by or intended to be received by a particular, known United States person who is in the United States, if the contents are acquired by intentionally targeting that United States person, under circumstances in which a person has a reasonable expectation of privacy and a warrant would be required for law enforcement purposes; (2) the acquisition by an electronic, mechanical, or other surveillance device of the contents of any wire communication to or from a person in the United States, without the consent of any party thereto, if such acquisition occurs in the United States, but does not include the acquisition of those communications of computer trespassers that would be permissible under section 2511 (2)(i) of title 18; (3) the intentional acquisition by an electronic, mechanical, or other surveillance device of the contents of any radio communication, under circumstances in which a person has a reasonable expectation of privacy and a warrant would be required for law enforcement purposes, and if both the sender and all intended recipients are located within the United States; or (4) the installation or use of an electronic, mechanical, or other surveillance device in the United States for monitoring to acquire information, other than from a wire or radio communication, under circumstances in which a person has a reasonable expectation of privacy and a warrant would be required for law enforcement purposes. Also, Mr. Moussaoui was not a US person, and the Attorney General can authorized anything he likes without a court order if: [...]there is no substantial likelihood that the surveillance will acquire the contents of any communication to which a United States person is a party[...] As I said, the story in question is completely false on its face. The people who wrote it are counting on you not reading the law, not informing yourself, not knowing what is true and what is not. Do not be fooled. Read the law for yourself. In any case, cumbersome and unpleasant or not, the law is still in force, and the law says that the President of the United States committed a felony and solicited the commission of felonies. > Bush's order, it appears, was an attempt to change that situation. > Especially before, and even after, passage of the Patriot Act, the FISA > bureaucracy and the agencies that dealt with it were too unwieldy to handle > some fast-moving intelligence cases. There is no "FISA bureaucracy". What is there? There is a court with eleven judges. That's it: The Chief Justice of the United States shall publicly designate 11 district court judges from seven of the United States judicial circuits of whom no fewer than 3 shall reside within 20 miles of the District of Columbia who shall constitute a court which shall have jurisdiction to hear applications for and grant orders approving electronic surveillance anywhere within the United States under the procedures set forth in this chapter[...] That is the "FISA bureaucracy" they speak of. Again, do not be fooled. Do not allow the spin masters to convince you that black is white and white is black. Read the law for yourself, understand for yourself what has happened. http://www.law.cornell.edu/uscode/html/uscode50/usc_sup_01_50_10_36_20_I.html Perry From perry at piermont.com Tue Dec 20 10:27:08 2005 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 20 Dec 2005 13:27:08 -0500 Subject: [Clips] Clinton Claimed Authority to Order No-Warrant Searches In-Reply-To: (R. A. Hettinga's message of "Tue, 20 Dec 2005 12:54:35 -0500") References: Message-ID: <873bknmxoj.fsf@snark.piermont.com> "R. A. Hettinga" writes: > The National Review > Byron York > > December 20, 2005, 9:46 a.m. > Clinton Claimed Authority to Order No-Warrant Searches > Does anyone remember that? > > > In a little-remembered debate from 1994, the Clinton administration argued > that the president has "inherent authority" to order physical searches - > including break-ins at the homes of U.S. citizens - for foreign > intelligence purposes without any warrant or permission from any outside > body. Even after the administration ultimately agreed with Congress's > decision to place the authority to pre-approve such searches in the Foreign > Intelligence Surveillance Act (FISA) court, President Clinton still > maintained that he had sufficient authority to order such searches on his > own. Nice misdirection, but: > Executive Order 12333, signed by Ronald Reagan in 1981, provides for such > warrantless searches directed against "a foreign power or an agent of a > foreign power." Those are both terms of art in 50 USC. They're not "US Persons". > Reporting the day after Gorelick's testimony, the Washington Post's > headline - on page A-19 - read, "Administration Backing No-Warrant Spy > Searches." The story began, "The Clinton administration, in a > little-noticed facet of the debate on intelligence reforms, is seeking > congressional authorization for U.S. spies to continue conducting > clandestine searches at foreign embassies in Washington and other cities > without a federal court order. Note the phrase "Congressional Authorization". And, even if Clinton suggested the law could be broken or broke it, that does not mean that Bush has not broken the law. Again and again, Bob seems to be forwarding us chaff -- the smoke thrown up by the President's spin doctors who do not want you paying attention to the fact that the President broke a criminal law. Do not be deceived. Do not be misdirected. Keep your eye on what matters, and not on what the magicians want you to watch. Most importantly, call your senators and congressional representative NOW. Perry From coderman at gmail.com Tue Dec 20 13:38:54 2005 From: coderman at gmail.com (coderman) Date: Tue, 20 Dec 2005 13:38:54 -0800 Subject: Exactly what part... In-Reply-To: References: Message-ID: <4ef5fec60512201338w3f51c77en36fb329efdd4919e@mail.gmail.com> On 12/20/05, R. A. Hettinga wrote: > ...of "cypherpunks write code" doesn't anyone around here understand? Glenn Henry at VIA gets my respect for putting crypto on the core of commodity processors*. Does hardware count? :) * http://www.via.com.tw/en/initiatives/padlock/hardware.jsp From rah at shipwright.com Tue Dec 20 10:40:39 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 20 Dec 2005 13:40:39 -0500 Subject: [Clips] Democrats Say They Didn't Back Wiretapping Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Tue, 20 Dec 2005 13:37:05 -0500 To: Philodox Clips List From: "R. A. Hettinga" Subject: [Clips] Democrats Say They Didn't Back Wiretapping Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com BREITBART.COM - Democrats Say They Didn't Back Wiretapping By KATHERINE SHRADER Associated Press Writer Dec 20 11:22 AM US/Eastern WASHINGTON - Some Democrats say they never approved a domestic wiretapping program, undermining suggestions by President Bush and his senior advisers that the plan was fully vetted in a series of congressional briefings. "I feel unable to fully evaluate, much less endorse, these activities," West Virginia Sen. Jay Rockefeller, the Senate Intelligence Committee's top Democrat, said in a handwritten letter to Vice President Dick Cheney in July 2003. "As you know, I am neither a technician nor an attorney." Rockefeller is among a small group of congressional leaders who have received briefings on the administration's four-year-old program to eavesdrop _ without warrants _ on international calls and e-mails of Americans and others inside the United States with suspected ties to al-Qaida. The government still would seek court approval to snoop on purely domestic communications, such as calls between New York and Los Angeles. The White House brushed aside Democrats' contention that they weren't provided enough information on the program. "They were briefed and informed," White House press secretary Scott McClellan said, repeatedly refusing to address Democrats' specific complaints. "Congress has an important oversight role." Some legal experts described the program as groundbreaking. And until the highly cl conference that he was assuming unlimited powers. "To say 'unchecked power' basically is ascribing some kind of dictatorial position to the president, which I strongly reject," he said angrily. "I am doing what you expect me to do, and at the same time, safeguarding the civil liberties of the country." Despite the defense, there was a growing storm of criticism in Congress and calls for investigations, from Democrats and Republicans alike. Until the past several days, the White House had only informed Congress' top political and intelligence committee leadership about the program that Bush has reauthorized more than three dozen times. Attorney General Alberto Gonzales said he and other top aides were now educating the American people and Congress. "The president has not authorized ... blanket surveillance of communications here in the United States," he said. The spying uproar was the latest controversy about Bush's handling of the war on terror. It follows allegations of secret prisons in Eastern Europe and of torture and other mistreatment of detainees, and an American death toll in Iraq that has exceeded 2,150. The eavesdropping program was operated out of the NSA, the nation's largest and perhaps most secretive spy operation. Employees there appreciate their nicknames: No Such Agency or Never Say Anything. Decisions on what conversations to monitor are made at the Fort Meade, Md., headquarters, approved by an NSA shift supervisor and carefully recorded, said Gen. Michael Hayden, the principal deputy director of intelligence. "The reason I emphasize that this is done at the operational level is to remove any question in your mind that this is in any way politically influenced," said Hayden, who was NSA director when the program began. Since the program was disclosed last week by The New York Times, current and former Congress members have been liberated to weigh in. Former Sen. Bob Graham, D-Fla., who was part of the Intelligence Committee's leadership after the 9/11 attacks, recalled a briefing about changes in international electronic surveillance, but does not remember being told of a program snooping on individuals in the United States. House Minority Leader Nancy Pelosi, D-Calif., received several briefings and raised concerns, including in a classified letter, her spokeswoman Jennifer Crider said. Former Senate Democratic leader Tom Daschle said he, too, was briefed by the White House between 2002 and 2004 but was not told key details about the scope of the program. Daschle's successor, Sen. Harry Reid, D-Nev., said he received a single briefing earlier this year and that important details were withheld. "We need to investigate this program and the president's legal authority to carry it out," Reid said. Republicans, too, were skeptical. Sen. Arlen Specter, R-Pa., chairman of the Senate Judiciary Committee, has promised hearings next year and said he would ask Bush's Supreme Court nominee, Samuel Alito, his views of the president's authority for spying without a warrant. ___ On the Net: Rockefeller's handwritten note: http://wid.ap.org/documents/051219rockefeller.pdf -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Dec 20 12:19:33 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 20 Dec 2005 15:19:33 -0500 Subject: [Clips] Bush gets key backing on spy policy Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Tue, 20 Dec 2005 15:15:08 -0500 To: Philodox Clips List From: "R. A. Hettinga" Subject: [Clips] Bush gets key backing on spy policy Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com Posted on Tue, Dec. 20, 2005? Intelligence chairman Roberts of Kansas says program 'consistent with U.S. law' Bush gets key backing on spy policy By MATT STEARNS The Star's Washington Correspondent WASHINGTON - The Bush administration found a key ally on Capitol Hill Monday as it broadened its aggressive defense of a recently revealed domestic spying program that used warrantless surveillance. Sen. Pat Roberts of Kansas, the chairman of the Senate Intelligence Committee, "believes the program is consistent with U.S. law and the Constitution," Sarah Little, Roberts' spokeswoman, said in an e-mailed statement. Roberts, in his first public remarks on the electronic surveillance program, indicated he has known about the program since he took over the committee in 2003. He said he believes the administration has taken proper safeguards to preserve Americans' civil liberties and is in talks with Senate leaders on what additional oversight steps Congress should take, Little said. "Senator Roberts believes that in a time of war, the president should have every lawful authority to protect the American people," Little said. The Kansas Republican's defense of the administration came just hours after President Bush lambasted critics of his domestic anti-terror policies at a White House news conference. Facing harsh bipartisan criticism in Congress over the surveillance program, and with renewal of his signature anti-terrorism law, the Patriot Act, stalled in the Senate, Bush said both are key tools in the war on terror. "We're doing the right thing," Bush asserted. Sen. Russ Feingold, a Wisconsin Democrat, countered by calling the surveillance program "an outrageous power grab against the laws of the United States of America." Bush called public disclosure of the National Security Agency program "shameful the fact that we're discussing this program is helping the enemy." The program bypasses a secret court system that requires warrants for eavesdropping. "I just want to assure the American people that, one, I've got the authority to do this; two, it is a necessary part of my job to protect you; and, three, we're guarding your civil liberties," Bush said. The program began after the Sept. 11, 2001, terrorist attacks. Bush said Congress had been briefed "more than a dozen times on this program." Such briefings are classified, which means that even if a member of Congress disagrees with a policy, they can't disclose it. The briefings were limited to top congressional leadership and the chairmen and ranking members of the House and Senate Intelligence committees. Sen. Kit Bond, a Missouri Republican who has been on the Senate Intelligence Committee since 2003, said he was not aware of the program. Sen. Carl Levin, a Michigan Democrat on the committee, said he did not know about it, either. On Capitol Hill, Bush's defense did little to quell criticism, amid bipartisan calls for hearings to investigate the program. Democrats said they would not seek to halt the program until they gathered more information about it. Sen. Arlen Specter, a Pennsylvania Republican who is chairman of the Judiciary Committee, has criticized the program and vowed to hold hearings on it. Bush said public hearings would help terrorists by revealing U.S. strategy and tactics. Senate GOP leaders appear to agree with Bush; Majority Leader Bill Frist is said to prefer that any hearings be held by Roberts and the Intelligence Committee, and be closed. "Because of the nature of this subject, it needs to be kept close-held," Bond said in explaining why Roberts' committee would be a better venue than Specter's. Meanwhile, top administration officials sharpened their aggressive defense of the program. Lt. Gen. Michael Hayden, the deputy national intelligence director and former NSA chief, credited the program with "detecting and preventing attacks inside the United States." "I can say, unequivocally that we have got information through this program that would not otherwise have been available," Hayden said at a White House briefing. Attorney General Alberto Gonzales sought to dampen congressional concerns that the program may be illegal. He said the program could only be used if one party on the call or e-mail was outside the United States, and if authorities had "a reasonable basis to conclude" that one of the parties was in some way affiliated with al-Qaida. In a 1972 case involving domestic security surveillance, the Supreme Court found such spying, without a warrant, violated the Fourth Amendment. Congress in 1978 established the Foreign Intelligence Surveillance court, known as FISA, a secret court through which covert spying warrants must be obtained. Gonzales conceded that the law requires warrants for the type of surveillance being done by the NSA. But he claimed Congress trumped that requirement by authorizing the use of force in the war on terror after the Sept. 11, 2001 attacks. Although nowhere in that authorization is domestic surveillance contemplated, Gonzales said the administration interpreted it to include communication interception. "We believe signals intelligence is a fundamental incident of war, and we believe has been authorized by the Congress," Gonzales said. "And even though signals intelligence is not mentioned in the authorization to use force, we believe that the court would recognize the authorization by Congress to engage in this kind of electronic surveillance." Feingold, appearing on NBC's "Today Show," disputed that assertion. "Nobody, nobody, thought, when we passed the resolution to invade Afghanistan and to fight the war on terror, including myself, who voted for it, thought that this was an authorization to allow a wiretapping against the law of the United States," Feingold said. Gonzales also said the surveillance court would not work well in combating terrorism. "(FISA) doesn't provide the speed and the agility that we need in all circumstances to deal with this new kind of threat," Gonzales said. But Sen. Jack Reed, a Rhode Island Democrat, pointed out that FISA procedures seem designed to assist quick action by authorities. "These procedures are secret and they're retroactive," Reed said. Some pointed to last week's disclosure of the surveillance program as the reason opponents of the Patriot Act were able to block its renewal in the Senate. A group of senators has bottled up the bill because of civil liberties concerns. Aspects of the bill will expire in 12 days unless Congress acts. At his Monday news conference, Bush took aim at those opponents, implying they were jeopardizing the security of American citizens. "It is inexcusable for the United States Senate to let this Patriot Act expire I want senators from New York or Los Angeles or Las Vegas to go home and explain why these cities are safer," without the Patriot Act, Bush said. "In the war on terror, we cannot afford to be without this law for a single moment," Bush said. But opponents indicated no willingness to cave either on Patriot Act renewal or on demands to investigate the surveillance program, as they pushed back against the broad executive powers claimed by the administration. "He is the president, not a king," Feingold said. "If the president is asserting a doctrine that he can do anything to protect the American people without the basis of law, we need to know what those things are, and we need to talk about it." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Dec 20 12:19:55 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 20 Dec 2005 15:19:55 -0500 Subject: [Clips] US CODE: Title 50,1811. Authorization during time of war Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Tue, 20 Dec 2005 14:19:04 -0500 To: Philodox Clips List From: "R. A. Hettinga" Subject: [Clips] US CODE: Title 50,1811. Authorization during time of war Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com U.S. Code collection TITLE 50 > CHAPTER 36 > SUBCHAPTER I > ' 1811 Prev | Next ' 1811. Authorization during time of war Release date: 2005-03-17 Notwithstanding any other law, the President, through the Attorney General, may authorize electronic surveillance without a court order under this subchapter to acquire foreign intelligence information for a period not to exceed fifteen calendar days following a declaration of war by the Congress. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Dec 20 12:46:50 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 20 Dec 2005 15:46:50 -0500 Subject: [Clips] US CODE: Title 50,1811. Authorization during time of war In-Reply-To: References: Message-ID: At 8:43 PM +0000 12/20/05, Gil Hamilton wrote: >Was there some part of the phrase you quoted: "for a period not to exceed >fifteen >calendar days following a declaration of war by the Congress" that you >were unable to understand? I'm just wondering exactly what part of their collective asses they're going to pull a justification out of, is all. Thank you for playing, and for your keen grasp of the obvious. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue Dec 20 13:16:58 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 20 Dec 2005 16:16:58 -0500 Subject: Exactly what part... Message-ID: -----BEGIN PGP SIGNED MESSAGE----- ...of "cypherpunks write code" doesn't anyone around here understand? Somewhere, as Aristotle might say, Antisthenes is laughing. The political mental masturbations of leftist cryptographic crypto-academicians don't actually amount to much, frankly. Of course, if you want to change the physics of eavesdropping (end-to-end encrypted VOIP is probably a good place to start, if not the best solution), then you have my complete attention. Bleating about laws, whether we have "a nation of laws" or not, doesn't work too much when there's an egregious surplus of same. Under those circumstances, no matter who's in charge, the law fucks you in the ass. Everything is illegal, and thus nothing is. As far as voting goes, no matter who you vote for, the government gets elected, as the old libertarian saw goes. Even if, as Twain wisecracked, history does rhyme instead of repeat, don't look for the Ballad of Tricky Dick Nixon -- or Slick Willie Clittin' -- to be recited in iambic pentameter from a Republican legislature anytime soon, and, since the Democrats don't actually have any *prescriptive* behavior available during a putative state of war -- or during a massive global increase in freedom and prosperity, for that matter -- that doesn't make the electorate laugh out loud, expect them to continue implode like crypto-marxist "social democrats" everywhere else in the world. (Okay. There's North Korea, Cuba and Venezuela. And Bolivia. Knock yourselves out.) Lex vincula justitiae, as Mr. Pullo might say... Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ6h0ecUCGwxmWcHhAQGfYAgAnbcYhHWTfw/h24SlSN/KWql9Rs7ZDJ4V hS/Hr0zWWHUtrU97Sd6/J2c4d/oLzNWrm/nhaH0deERKCOzpZP25ZJSYVk682KsV SP+b+GjC6yl5yo63JiSHiYrhWKYKy1t+/rtqSdEAzQIjeqZKnVlA6mVURDACfYiO 2V7p3Bsw2iXnQqnOMv1sDYeABoAvFj1gvdbg251rM2SfQLgVtjlXWm2q+38pcems /eFqvOHd2U696v6rE4+LVgh2ETQ/drVO8GEPQq33/S9oBvf5I2moXVwmkxgyPhHs DIW3II1JvdpzMWf6jdmGEZxIJrLdyyqzvO07LnHsYXE2rkCFbrqviQ== =vwdd -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From perry at piermont.com Tue Dec 20 13:38:58 2005 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 20 Dec 2005 16:38:58 -0500 Subject: [Clips] US CODE: Title 50,1811. Authorization during time of war In-Reply-To: (R. A. Hettinga's message of "Tue, 20 Dec 2005 15:19:55 -0500") References: Message-ID: <87lkyfla8d.fsf@snark.piermont.com> "R. A. Hettinga" writes: > U.S. Code collection > > TITLE 50 > CHAPTER 36 > SUBCHAPTER I > ' 1811 > Prev | Next > > ' 1811. Authorization during time of war > > Release date: 2005-03-17 > > Notwithstanding any other law, the President, through the Attorney General, > may authorize electronic surveillance without a court order under this > subchapter to acquire foreign intelligence information for a period not to > exceed fifteen calendar days following a declaration of war by the Congress. Yes, Bob. For a period not to exceed fifteen calendar days. Following a declaration of war. By the congress. Perry From rah at shipwright.com Tue Dec 20 13:57:14 2005 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 20 Dec 2005 16:57:14 -0500 Subject: [Clips] US CODE: Title 50,1811. Authorization during time of war In-Reply-To: <87lkyfla8d.fsf@snark.piermont.com> References: <87lkyfla8d.fsf@snark.piermont.com> Message-ID: At 4:38 PM -0500 12/20/05, Perry E. Metzger wrote: >Yes, Bob. For a period not to exceed fifteen calendar days. Following >a declaration of war. By the congress. Again, Perry, expect nothing to come of any of this. Except bleating. Lots of bleating. Write code, dude. Quit bleating. Cheers, RAH -- ----------------- R. A. Hettinga