Slashdot Mirror
UK Building Eavesdropping Infrastructure
This Sunday Times story about a new office under MI5 scheduled to open later this year with the innocuous name of "Government Technical Assistance Centre" to oversee the content of e-mail sent by and to Britons ought to give pause to anyone interested in online privacy. Though governments will always be several steps behind determined privacy seekers, this bodes ill for anyone who'd prefer to keep the contents of their e-mail even nominally secret. "The security service and the police will still need Home Office
permission to search for e-mails and internet traffic, but they
can apply for general warrants that would enable them to
intercept communications for a company or an organisation," says the article. How comforting.
>That example does little to disprove my point, though I accept yours that a vigilant >eye must be kept on local authorities.
/. is less important than that paper.
>The victim was a target of surveillance for an intelligence unit of a local police
>force. I can't imagine any/every local police force instituting a
>national internet screening project. There are not enough law enforcement officials >in the world.
You're lacking the background of the case, which I've been following for a while (and the Choudry SIS break-in case that prompted it). The details are more disturbing than what was reported in that "latest development" article in what is highly regarded as a conservative and reputable newspaper, not some tabloid out for attention.
>Furthermore, this article's headline claims that the victim was surveyed for 15 years, but the evidence presented later in the article only seems to
>suggest that the person's picutre was taken once about 12 years ago, and that a decetcive had become aware of his existance 15 years ago,
>and with no explicit or implicit surveillance in between. I'm not saying it didn't happen, just that the article didn't report it. To me, this smacks of
>a sensational headline without the article containing anything to support it.
Like I said, I just provided the article as a recent example and a starting point. While that one brief article does not mention a lot of the things that happened, if you look into the whole sordid affair, you will find a lot of the sorts of things I talk about.
>Furthermore, you missed my point entirely.
No, I vehemently disagree with your point, and consider it a simple naivety that is uttery belied by some of the evidence on public record.
The invasions of privacy do not need to be justified because in the real world, the only people with clearance to access the documents are those working for the agencies. Theoretically the courts can get to them in extreme cases, but this rarely happens. Thus an intelligence officer can go their entire career without obtaining the necessary warrants and have little chance of getting caught. As there is no fear of getting caught by the law, there is no need to comply with it, and what the courts have managed to reveal (in most countries) is that these agencies operate outside the law on a normal, routine basis. On what grounds can you claim this is not going to continue?
>Maybe what I did not make clear is that over time, the economic justifications will >be less immediately correlated to the true justification, and
>that members of protest groups and "peace-loving organizations" will soon be >typical targets of the economically-justified surveillance because
>their actions will be counter to the capitalist will.
I don't understand this - are you suggesting that voicing a opinion on economic policy can somehow be damaging to a society? Isn't the whole point of our societies that such ideas must always be challenged?
I agree that Choudry's home was (illegally) invaded because the SIS didn't like his economic views (the event that led to the search of Dr Small's home), but I can't understand how this can possibly be economically justified - if the people chose to change economic policy, even for the worse, that is their right. Using intelligence agencies to intimidate people who don't fall in line with the dictated ideology is a far greater threat to the wellbeing of a society.
Are you suggesting that such abuse is not in fact economically justified, but rather justified in terms of directly serving the interests of a select group, regardless of whether this is to the detriment of the nation (eg Disney)?
You say "economically justified", but this infers "justified for the good of the nation on economic grounds" (which I disagree with) as opposed to "justified to a select group on the grounds of maintaining their wealth", which seems to better fit what you're saying.
>You don't have to be planning to DOS Yahoo to be an economic terrorist, you can be
>planning a rally at your local Daytons against fur, or publishing material informing
>consumers what practices Disney uses to produce movies...
Can you explain how these actions can possibly be economic terrorism? Not buying someone's goods is not terrorism. Publishing true information about the past actions of someone is not terrorism (though in some cases it might constitute espionage, but not the cases we're talking about)
>Lastly, I never said I was okay with a national eavesdropping project, so I don't
>know what gave you that impression.
I didn't actually have that impression, I just get irritated at the whole "you've got nothing to fear unless you're a terrorist" myth. I know good people who have been at the wrong end of intelligence prejudice. It might seem implausible that normal people get watched because it wouldn't make sense to watch them, but that's only because you assume these inbred, isolated, paranoid institutions operate with anything resembling common sense, intelligence, or competence. They are entirely free from scrutiny. Since when has that been a breeding ground for anything but incredible ineptness. Since when has anything forced out by the courts shown anything except appalling negligence (giving them the benefit of the doubt)?
>You, sir, should wake up, because no one is out to get you. Not as long as you're a >good consumer.
I'm not a good consumer, and I didn't suggest anyone was out to get me.
James Rusbridger once wrote a letter to the editor of his rural paper critical of MI6. Not political, critical of their performance and competence. Two weeks later a meterman appeared to check the power, asking a few friendly political questions - but a meterman had already been a few weeks earlier. When ID was demanded, he made his excuses and hurridly left. The licence plates disappeared from police records the next day. All he did was write a damn letter to the paper.
Hopefully
But like I said, I'm not at all worried about me, it's the myths that these agencies actually work, and that they are responsible, and that ordinary people have nothing to fear, and so on, that annoy me. By them, the victims are doubly denied justice - they cannot get any from the law (except in incredibly rare cases), and they cannot get sympathy or even acknowledgement from other people that a wrong has even been done to them - they get condemnation and derision instead. Derision born of ignorance, naivety, and gullibility, pure and simple.
What could you do if as soon as you try to say anything of the crime committed against you, people write you off as a paranoid idiot. It's like being put into the metaphorical mental ward when sane and trying to reason your way out - yes of course you're sane dear, now take your pills and be a good patient. Better to suffer in silence. That's not a good state of affairs.
I'm 100% with you on this, however for this to have any sort of effect the mass media would have to make it an issue so that everybody, not just the people on /. , hear about it. Since this would be largely against their interests I doubt that they would talk about it. Untill or unless the general population starts educating themselves about these issues and the implications that they will have, we will all see our hard fought freedoms start slipping away.
Engaging in industrial espionage might get the UK government in political hot water if proven (the European Parliament seems to be taking an interest in this area) but that wouldn't necessarily stop them doing it. Companies would have the option of pulling out of the UK -they always have that option - but there have been very few (if any) cases of companies giving up a market for such reasons.
It is very unlikely that the WTO would become involved. I am unaware of any section of the General Agreement on Tariffs and Trade (GATT) or it's side agreements which prohibits industrial espionage (and yes, I have studied them). In fact the GATT has a national security exemption so one can probably forget that too.
Your scapegoating of corporations as the source for all evil in the world is unfortunate, if only because of the vulnerability it gives you.
I'll cheerfully agree that various corporations have supported and lobbied for many disgusting government actions. Some of these are relatively minor and fail, such as Ben & Jerry's attacking competitors for having tiny trace amounts of dioxins in the paper cartons used to wrap ice cream (and lobbying for tighter controls that would have harmed their competitors) until it became public that Ben & Jerry's ice cream itself had higher (but still harmless) levels of dioxin. Some are far more successful and broad of scope, such as the use of Echelon for espionage on behalf of some American corporations.
However, to adopt the mindset that corporations are the only interests governments act on, and that governments themselves lack interests, is to blind oneself to very genuine dangers. Governments routinely act to protect political, religious, social, racial, and even sexual power groups - and to harm their enemies. They also often act to serve the personal interests and advancement of office-holders or even employees of the government. On a broader level, governments are not robotic entities without their own interests. Governments are groups of people that have one very interesting thing in common - naked, ready power over other people. Governments and agencies within governments act to increase their power, preserve their funding, enhance their public image, and, above all, maintain control.
Your mistake is to see one impetus for government transgression and label that the target to fight. (I have to wonder if you've missed such things as the Communications Decency Amendment, or recent revitalization of the efforts to "child-proof" the Internet, which, considering how large the adult entertainment industry is, and how many rather large corporations have fingers in that pie, doesn't strike me as the handiwork of the Corporate Overlords.) If you want to protect your freedoms, you have to catch the threat at the source - the government. Corporations, churches, unions, political factions, and grass-roots organizations all have the ears of government. However, the fist - the laws, regulations, and programs - is that of the government, and is the only thing you can grab.
Basically, somebody can send you an encrypted e-mail, for which you have no key, they can dispose of the key, but you can go to jail for having this encrypted data
Though the first people likely to end up in this situation would be the politicians foolish enough to pass such a silly law.
The sad thing is that this isn't going to stop the people its meant to catch. The "bad guys" will resort to other means of communication, steganography being one obvious choice, I'm sure they will find others...
Actually a rather more obvious one is a good code though cyphers can be attacked mechanically codes cannot. Also a coded message can be either deliberatly misleading or completly innocent.
That was very interesting.
I'm surprised it hasn't been moderated up.
Of course, I think most of us know that intelligence agencies are not our friend. If they were, they wouldn't be spying on us.
The German government actively promotes the use of strong encryption for both corporate and individuals. They even donated a pile of money for the development of GnuPG. And IIRC, the policy of the EU commission is quite similar to that. So, the UK policy would go against EU policy which wouldn't last very long, since EU law takes precedence over national law.
But then again the UK operates Echolon thus spying on its friends. Plus, the EU parliament is against anynomity on the internet. There are weird time we live in.
Free Manning, jail Obama.
The law is called the "Regulation of Investigatory Powers" Bill, normally abbreviated R.I.P., which is, at least, ironic.
Not only can they force you to hand over a key, but it is an offence under the bill to tell anyone that you have handed over the key - so you legally required to keep using your old key! Worse if you are not the key issuer - they just get it off your company / key provider, and no-one tells you.
"But, Sir, I've lost the key." NT problems have meant, for example, that I have had to change PGP keys twice in the past 12 months. Oh dear, under the current proposal, the burden of proof that you do not have access to the key is on you, not them.
So, I send an email with some {kiddie porn, spoof drugs information, death threats etc} to you, using the public key of a key pair I generated just to get you into trouble. I then bin the keys and the spooks raid you and demand the private key. You must prove (logically impossible that it it) that you do not possess the key.
Or, an ex-employer of yours is involved in something dodgy (after you have left, of course.) You hand back your corporate laptop, having deleted your private key. 12 months later, you are required to produce that key!
Them: "Where is the backup?"
Us: "Oh, I think I used that disk to try out a new Linux distro - its been reformatted."
Them: "Prove it!"
This bill is scarey. Fortunately, it is not yet law. Mind you, it isn't ?UCITA?, so it is only the government cracking your computers, not every Corp who wrote any piece of software you use.
Last rant: the ISPs are being made to pay for installing their ends of this system. They reckon it is going to cost between $75k and $250k per year for them to snoop for the Govt. They are not happy.
>Well it was bound to happen, now it's just a matter of time before
>more countries follow suit. PGP is looking better and better all the
>time. Now we need to start educating people quicker and more often on
>the advantages of PGP so we don't make it as easy for the governments
>to read our e-mails.
PGP and similar schemes are nothing but a pain-in-the-ass. There's a far more easier and effective solution to the problem. If you are afraid your email address is being monitored, then don't use it to disccuss sensitive subjects. See how simple it is?
We all know that government invasion of privacy is nothing to fear. Instead, we must protect ourselves from web telemarketers, the real threat!
People, get real. Corporations may piss us off from time to time, but nothing is as bad as a government out of control. You can go to great lengths to protect yourself from both corporate and government spying, but only governments have the power and the gall to demand that you reveal your secrets to them - or else.
And for the insanely gullible who buy the "it's only going to be used with a search warrant" and "if you have nothing to hide, you needn't be afraid" arguments, note that pretty much each and every government organization in the United States that has been authorized to conduct wiretapping has been caught making wiretaps illegally, often in huge numbers. (This, yet, is in a country with a legally recognized right to privacy!) Even if, by some miracle, this new office only conducts wiretaps based on warrants, it's been given the power to monitor every communication to and from any person in an organization. So, make sure you never are part of a church, company, political organization, or club that the authorities get suspicious about...
it seems the U.K. will probably win [a race to see who becomes a police state first]
Our government is doing its best to make the UK the best place in the world to host e-commerce (or so they tell me). Has anyone seen any evidence of this ?
So far I've seen the IR35 tax changes making freelance contractors extinct, or driving us abroad. We have Jack Straw's bill to make us surrender passwords, for the strong crypto they don't want us to have anyway. Now we have a tax on ISPs to not only spy on us, but to make us pay for doing so !
Feel like complaining ? Take a look at http://www.stand.org.uk/ and join in
It wouldn't do you any good. The Fifth applies to the state's compelling you to testify against your self. It says precisely nothing against your case. There is no Fifth Amendment right to refuse to comply with a search warrant.
In the same vein, while the U.S. wiretapping legislation CALEA is forcing ISPs to install the capability for law enforcement to conduct digital surveillance of selected customers (supposedly only with warrant, but you and I both know the reality)
No, I don't know the reality that you're talking about. Of course, I'm just a ticket-writing donut-chomping cop, so I'd have no idea what law enforcement officers would do.
I mean really, this is just an excuse for the government to infringe upon the average joe's basic right to privacy, once again.
But the question remains, who were these men? And why were they all called Brian? And why the hell wasn't this in any of my History classes?!
First, in the UK as well as the countries that more or less inherited their constitutional structures from it, the doctrine of crown immunity means that it is not, in general, possible to sue the executive government. There is legislation specifically allowing many sorts of legal action against governments in all the relevant jurisdictions however I would be very surprised if the UK Government has passed legislation permitting the intelligence services to be sued - this would be very out of character in the home of the Official Secrets Act and oversight-free intelligence organisations.
Second, even assuming that the UK Government may be sued for the actions of the Security Service (commonly referred to as MI5), they would have to have done something illegal, and the illegality would have to be proven. Given that the Security Service can get warrants to read people's email, the whole process would presumably be above board. Even assuming the action was illegal (ie the proper permissions had not been sought) given the high level of secrecy surrounding Security Service operations, one probably have the greatest of difficulty proving anything useful.
Third, you can forget about going to court and complaining that the legislation is unconstitutional or otherwise beyond the power of parliament - this is a concept foreign to the UK constitutional arrangement. The parliament has power to pass any law. The only check on this might be an appeal to the European Court of Human Rights. If you are not from a Council of Europe country I don't think you have standing before that court and, even then, the court does not have a record of intervening in areas of "National Security".
On the issue of the right of the British Government to listen to the communications of non-Brits outside Britain, the British government has always maintained that the Royal Prerogative of the Security of the Realm (or national security - the name changes) permits it to operate overseas intelligence services. This right is also claimed by other countries. While it doesn't legalise under the local law anything that the SIS may do outside Britain, it does mean that the electronic spying done by GCHQ and this new outfit from within the UK is unassailable under UK law and, since it occurs in Britain, not covered by anyone else's law.
-ryan
"Any way you look at it, all the information that a person accumulates in a lifetime is just a drop in the bucket."
And absolute power corrupts absolutely. There are quite a few tools in the Fascist toolkit, such as propaganda, censorship, the military, and evesdropping by "the man". When police forces start showing up more frequently, or there's more news about the armed forces, or when you hear stories of rampant censorship and evesdropping, you know that your government is heading towards fascism. And there's very little we can do right now about it... Except move to our own little deserted isles and live without the technology that improves our lives - and enhances the forces of the world's many evil empires. Right now, revolution would be futile, but if we just started working together... Who knows, one day we might start the perfect system...
When the pack animals stampede, it's time to soak the ground with blood to save the world. We fight, we die, we break our cursed bonds.
Chris 'coldacid' Charabaruk Meldstar Entertainment
You're not listening. The UK government will send anyone to prison who does not hand over their encryption keys on demand.
Thus one of the ways of challenging this proposed law is to make it clean to the politicians how they are building their own "petard".
/.The British government probably let the information out on purpose, and most likely have moved onto a deeper and more "privacy diminishing" project. They have been involved in the Echeleon project for a long time. Searching for keywords in emails and phone calls (in theory) for years. They then would share the information with a huge NSA database in some underground place which stored the information for all the countries involved. (I believe they were New Zealand Britain and US)...well its old news./
Somebody will figure out (not if, but when) how to spoof the system and send phony information that incriminates innocent people.
Far more "fun" if this gets used against government ministers, senior civil servents, police offices, etc...
- Laws keep changing anyway
- Precedents in other areas keep getting set (I thought Germany had fairly sane laws until some quibble about Demon Internet there, IIRC)
- Where's a nice place to live, generally?
- Cost of moving
- Cost of living, taxation, others
All in all, it's not an easy choice to move. It is one that I am thinking about, but as to where I would go, I'm not sure yet. I've got at least another year at University in which time all sorts of stuff could happen - who knows - maybe the UK will sane up its laws (though I won't hold my breath!) and people will want to move here! Then there's the problem of moving again if the country you move to suddenly goes all stupid again...-- Maz
Living a nomadic lifestyle with a laptop
What if mankind commited no sin? If we do nothing wrong then a need for a big brother would not arise.
Elijah Chancey www.elijahsadventure.com nomadic IT consultant, bicycling across america "all that you touch / and all
Telephone calls aren't monitored as much as e-mail because it's just no as practical. E-mail can be filtered and sorted and narrowed down to a few that need investigated. To do that with the human voice would require exponentially greater processing power and therefor money. E-mail is just (relatively) easy to monitor so it IS monitored.
How am I supposed to hallucinate with all these swirling colors distracting me?
of course emails are allowed to be encrypted.
if the email is encrypted the enforcement agencies can demand the key, and if you don supply it you are liable to a two year prison sentance ( this is the proposed RIP bill not yet an act of parliament)
This is, strictly speaking, off-topic, but I think the question is interesting enough to be asked here.
I know next to nothing about encrypting e-mail, but am beginning to think that it might be wise to at least know how to do it and to have a PGP key so if someone wants to send me something private, they can do so (and if nothing else, I'd be s00p3r-d00p3r 31337, or something).
Is there, like, a "PGP for Dummies" page out there, which would explain the system in such a way that a newcower can understand it?
Thanks, and sorry for the WOB. And I was just kidding about the "1337" stuff.
Steve
========
Stephen C. VanDahm
In Britain they cannot force you do decrypt data - but they are about to pass legislation that will make this so see www.stand.org.uk for more information.
the tHing that yOu musT not forGet is human Rights are Inalienable. GovernmenTs are there for uS, not that other way arounD. By nOt respecting our rights, govts Will iNcur the wrath of Millions of Youthful, PoliticAlly coNcerned TechnocratS.
Just a thought
actually the Uk has been doing his fair share eavesdropping since second world war in conjunction with USA, in what was in those days called the supersecret BRUSA agreement, that later one became the internationally known UKUSA, invvolving some more countries, thats all part of the ECHELON network tho. Wonder if all this goes back to that? or im just over-paranoid?? check Duncan Campbell's report online, http://www.gn.apc.org/duncan/interception_capabili ties_2000.htm
Istigkeit -"is-ness" being and becoming & i'dfiying it with the mathematical abstraction of the idea
This is the Sunday Times of London, which among
other stories has spoken of nuclear landmines, genetically selective antipersonnel weapons, and has the inimitable John Ungoed Thomas for a reporter.
Oi, Britons!
Could we have some confirmation, please?
Actually the UK (and I suspect US) intelligence agencies are under ratehr than over stretched. Since their pals on the other side of the iron curtain stopped playing they have been thrashing around looking for a role (ie a way to avoid having to go out and get real jobs). MI5 is trying to convince us it is useful for dealing with terrorists and criminals. This new centre is just another stage in that.
First off, YOU (yes, YOU) are not interesting enough for them to watch you.
How do you know? As it happens this week's enemies of society of choice are refugees and people seeking asylum and I don't fit that bill. However next week it could be me.
Besides which I am more worried about `them' using this kind of infrastructure to peek at those they consider political threats. Anything which gives the government of the day the ability such a huge political tool not available to their oponents is a big step towards a de-facto one party state.
Your system administrator should be feared much more than any "global eavesdropping network"
This is no problem for the sane. I wouldn't do anything even vaguely interesting on a system where I didn't trust the admin. Much beyond `vaguely interesting' I'd want to be the admin.
_O_
.|< The named which can be named is not the true named
The point, surely, is that a law to put in place such a rule would change the rubric of search warrants. It would add decrypting your data allongside opening locked cupboards to the list of things the searching officers could demand of you.
_O_
.|< The named which can be named is not the true named
Hmm .. yes, I was unaware .. I was aware that Netscape had it; but regarding OE I just assumed that even if MS did put it in, it would be weak encryption (i.e. no encryption.)
The "it'll allow us to catch more criminals" is the usual catch-all phrase that suckers the sheeple into supporting bills that destroy their rights. Throw in a few choice keywords like "child pornography" or "terrorism", get the puppy-dog media to publish it, and you've got the support of probably 3/4 of the US. Sometimes I get the impression that most people would actually prefer to live like domestic animals, controlled and "protected" by the government - no rights, but at least they wouldn't have to think for themselves.
Last time /. screwed up MI5 vs. Mozilla, it was http://slashdot.org /article.pl?sid=00/03/24/2120256&mode=thread
Will I retire or break 10K?
>I hope that was a troll. Surely there aren't people that stupid in
>the real world.
What's stupid about it? It's common sense. You don't blab details concerning your personal life in a room full of strangers do you? So why should you even consider doing the same thing via email when you *KNOW* there's a very good chance it's being monitored? Because email is the latest techno-dweeb plaything? Give me a break.....
Use an offshore email account only, or maybe even to leave, they really know how to make us feel unwanted, the future of the country is starting to look very bleak in the hands of Herr Blair and his bunch.
Any sufficiently advanced man is indistinguishable from God
Encrypt your email. Litter the message body with words like bomb fire terrorist nuke gun clinton and attach the actual text in an encrpyted file. If they try and make you decrpyt it just say you forgot the password in all the fuss.
Only the State obtains its revenue by coercion. - Murray Rothbard
Yes, cops are human too. In fact, one of the best ways of preventing police excesses is to recognize that policemen are part of the community. Let them in, don't react like they are some sort of external force. A law enforcement officer who feels a part of the community s/he polices is far less likely to betray that community.
So, smile at the next cop you see on the street.
It probably looks for number of keywords over number of total words in a message. After the first "Jam Echelon Day", they probably revised the filter so that it used somewhat more advanced lexical analysis on messages that fell within boundaries for keyword frequency (ignoring messages with too many keywords next to each other), and that would reject your typical "jam Echelon" message as "Score:-1, Nonsensical" to put it in /. terms.
Will I retire or break 10K?
Seems like it would be fairly easy to write some sort of ssh solution. Can ssh be used with services without a password?
.rhosts entries to completely automate login.
In a word, yes.
It's not something you'd want to set up both directions if you don't own both servers, though.
ssh can use a combination of RSA keys and
HOWEVER, it's only secure if you tightly control both ends, which is not the case with, say, your ISP.
--
Actually, I feel that domestic intelligence agencies are my friend.
.... and I didn't....", because there isn't a "They." It's our people out there collecting the intelligence so it's "Us", not "They."
I don't view it as "spying on me" anymore than I view a doctor examining my body to make sure I am healthy as "spying on me."
If I was committing wholesale violations of the law left and right I might feel differently.
And don't try and bunch me and all of society with a bunch of criminals by chanting that old bromide about "They came for
-----------------------
Nicotine free Amish .sig.
As the above commenter stated, you are showing symptoms of a serious problem. The general purpose solution to any of life's problems is not to run bawling to a lawyer.
Yeah I can see it now, "Alright lads, we aren't getting a raise, down emails, its a walkout!"
Any sufficiently advanced man is indistinguishable from God
I'm sure it will violate the Human Rights bill, so we can get rid of this government, its really becoming very fascist in its outlook what with this and the arrest of the student for allegedly getting email from a former MI5 officer, Hilter would be proud of the government propaganda and suppression of discent.
Any sufficiently advanced man is indistinguishable from God
A new office under Milestone 15?? I'm baffled!
Mike Roberto (roberto@soul.apk.net) -GAIM: MicroBerto
Berto
Well it was bound to happen, now it's just a matter of time before more countries follow suit. PGP is looking better and better all the time. Now we need to start educating people quicker and more often on the advantages of PGP so we don't make it as easy for the governments to read our e-mails.
I occasionally send email to people in Britain and I am an American. Can I sue the British government for this?
Today we take it for granted that when you buy something on the net, you are using encryption for security. It wasn't always this way, but the need arose and transaction encryption is now common place.
Within a few years, most email will be PGP encyrpted. Companies will definitely use it and most individuals will as well.
The real question is will governments have the ability to routinely crack 1024 & 2048 bit PGP messages. If they can decrypt any message in real time, then this becomes a real issue. Otherwise, communication will still be secure.
nuclear iraq bioweapon encryption cocaine korea terrorist
I am very confident in the idea that enctyption technology and the sheer volume of information to decrypt will eventually overload any decryption mechanism put up by snoopers (from a government or not).
This was tried with echelon in the past and didn't seem to make a difference. We just don't know what keywords the look for or how they filter the e-mail. We can only guess. My guess is that most of the keywords on peoples' lists are wrong. Unless we get some more information, the only thing we'd overload is our own bandwidth.
How am I supposed to hallucinate with all these swirling colors distracting me?
if someone with moderator access sees this, Fix Archie Bunker's comment. Only a crackhead would mark comment #1 as redundant!!
Take care,
Steve
========
Stephen C. VanDahm
I disagree that a police state is a stable form of government. Police states inevitably make a large portion of the popultion (and worse a large portion of the intelligent population) into criminals of some kind. The power of the government is preserved by the threat of incarceration so the government must have the power to criminalize those who would challenge the system.
This leads to enforcement problems. Criminals are caught for three reasons, stupidity, guilt and societal censure. The guilt causes the crimes to be planed less perfectly (no perfect murders etc,,) and the societal censure means they are turned in by the community recieve no help hiding etc.. Without these factors the police have a very difficult time catching perpratrators for example the IRA. Shielded by like minded people a dissident is very hard to catch.
Thus there is a large possibility to get away with a crime against the government. In order to prevent crime the government must make the penalties draconian. This then provides rallying points for the citezenry against the government. Unlike in other countries where these punishments are conducted exclusively against a less powerful group (the arabs in isreal) by a large racial/socia group in power these indignities would be perpratrated on the american people as a whole thus fermenting rebellion
If you liked this thought maybe you would find my blog nice too:
You know, you have some pretty idealistic thoughts there that sound nice on paper (so to speak), but I really don't suspect they'd hold up in court!
For one thing, you claim you wouldn't have to decrypt a message because you can claim self-incrimination.... Well, while I'm no lawyer, it seems to me that if you had an incriminating document (letter, files, etc) locked up in your house or office, the police can obtain a search warrant and force you to open up the lock and let them search the house or office and get that document and use it against you. It's done every day! Well, all encryption is, is a fancy lock!
So, I don't think your theory would hold up in the real world!
Now, second point... (and one that most people seem to forget!) In the case of e-mail, when you encrypt an e-mail and send it to someone, THEY have the ability to decrypt it! So, certainly, even if the self-incrimation laws DID apply, it would not apply to THEM and then THEY could be forced to decrypt it!! And while YOU might be willing to sit in jail for a few months for contempt of court for not decrypting it, do you really think all of your friends would feel that strongly that THEY would go to jail to protect your precious rights?! I doubt it!!!
Just food for thought.... Remember, encryption is like a lock....it's only as secure as the people who have the keys!!!
-Ken
(my thoughts...my opinions...nobody else's.)
But I think we're arguing the same thing from opposite sides.
You say that anyone can be investigated by Authorities and they don't have to be a terrorist, I say that everyone who's investigated by Authorities is by definition a terrorist and it can include anyone who it is in fashion to fear or suspect.
I disagree that he government doesn't have to justify their actions, though. This is the information age. It is too easy to communicate a message or political idea (my American biases are seeping). An Authority could go and cover a violation of their own laws and practicies, but I argue that that is the act of an immature/dumb authority. The more elegant, easy and nonparadoxical way to go about it is to have a justification ready that sounds plausible. It is similar to a Somebody Else's Problem field. You don't allay fears about corrupt Authorities by encouraging the possibilities that they are internally conflicted and violate their own guidelines, you do it by denying that such paradoxes exist. Everything is going as planned, nothing more to see here. Consumers crave that. As long as someone is telling them everything is OK (maybe it can be a law! Consititutional Amendment: Everything is OK!) it is so, doubly so if it is an Authority telling them.
I admit, though that I have no background on the case. I just read the article you linked me to and treated it with the standard skepticism.
I don't need large brains to have a good time.
Becaue it is only when you threaten the pocketbooks do people react. This is the same everywhere. Only in America is it feasible.
>> For example, in Britain they can legally force you to decrypt data,
:-O
>> while in the U.S. all I would have to do is invoke my fifth amendment
>> right against self-incrimination.
>
> It wouldn't do you any good. The Fifth applies to the state's compelling
> you to testify against your self. It says precisely nothing against
> your case. There is no
> Fifth Amendment right to refuse to comply with a search warrant.
You cannot order up a search warrant in the U.S. to force a person to decrypt his own encrypted messages or data files. That doesn't fall under the rubric of a search warrant. Now, you could be ordered by a Court to produce the plaintext as part of testimony, under the threat of contempt of Court, *BUT*--and *here's the important part*, if the contents of the encrypted files would be self-incriminating, you don't have to decrypt them. Just say the magic words "On the advice of counsel I decline to answer, invoking my rights under the Fifth Amendment to the U.S. Constitution" and they can't make you decrypt the messages or data. But, the real kicker is, a defendant doesn't have to testify at his own trial. So, unless there were some other compelling reason for a defendant to testify, he wouldn't even have to utter those words (which a jury wouldn't like very much). Now, the prosecutor could in theory ask the judge to order decryption of the materials as part of the discovery process, but again the magic words come into play. If a police officer, however, executed a search warrant and seized my computer files, and told me to decrypt them, I'd say, "Fuck off porkmeister, and by the way I want an attorney so the questioning ends until I'm provided with one. And by the way, my drives are encrypted with 256-bit Blowfish *and* Triple-DES, and my RAM and swap partition are wiped with 32 pass extended character rotation on shutdown, so good luck." That is, they would be encrypted to that extent if I were a computer cracker, drug trafficker, arms dealer, etc. etc. As it is, the only encryption I use regularly is PGP, since I like to set a good example and to keep my conversations private, and a Windows program called Scramdisk which I use to keep my little sister and other users of my computer from accidentally tripping over my collection of bestiality pr0n.
>> suppodedly only with warrant, but you and I both know the reality
>
> No I don't know the reality that you're talking about. Of course,
> I'm just a ticket-writing donut-chomping cop, so I'd have no
> idea what law-enforcement officers would do.
That would be the reality--I wish it were an alternate one, but it isn't--in which some law enforcement types get an "us-vs.-them" attitude about suspects, forgetting for the time being that such suspects are in fact innocent until proven guilty and still enjoy the protections afforded by a Constitution which our ancestors fought for. Not all cops are like that, but quite a few are. I have first-hand experience with police officers who are willing to engage in extortion and violate the rights of suspects. I won't re-hash the particular charges since they can be found in a prior posting, but suffice it to say that the arresting officer attempted to extort a confession by threatening to say that I was violent and un-cooperative unless I told him what he wanted to hear, resulting in a very high bail. Naturally, he said, if I told him what he wanted to hear then he'd say I was cooperative and the magistrate would set a low bail, but if not, he'd say I was violent an un-cooperative. He then lied to the magistrate when I refused to confess, resulting in excess bail--which in itself is a violation of Constitutional rights to a reasonable bail. I checked the statutes in my state, and that qualifies as extortion, a worse felony than the one I was arrested for. The case against me was eventually dismissed, BTW.
This isn't even that far off-topic, since the essence of our fears when broad surveillance initiatives like this new UK legislation is that these surveillance powers will be abused. If it were all about catching terrorists and kiddy porn traffickers and people like that, there wouldn't be much uproar. The problem is that the potential to abuse this system is inherent. Corrupt or misguided LEA officers could use such broad powers to open Hoover-esque files on citizens who aren't doing anything really illegal, but who go against the grain of society in moral or (ir)religious ways. LEA could intercept e-mail and read it for fun, or worse agents could surveil against people they personally don't like or knew in some other capacity. Government agencies could monitor dissidents or people who have libertarian values, just waiting for someone to make a small slip like mentioning pot use to give them an excuse to pounce or discredit. Agencies also have a tendency to hold grudges--in the US the IRS, for example, has been shown to repeatedly audit and harass people it doesn't like, like whistleblowers and people who have beaten them in tax court. The potential for abuse is limitless, and that's why such systems are inherently bad--not because of the system itself, but because of the people who use and abuse it.
Just one quick quote: "The mushrooming of surveillance has been explained by the sense of panic
and crisis felt throughout the government during this period of extremely
vocal dissent, large demonstrations, political and campus violence, and
what at the time seemed the inauguration of a period of wide- spread
anarchy. While officials... suggested that these crises justified the
surveillance, they failed to recognize that the rights guaranteed by the
constitution are constant and unbending to the temper of the times..."--Senate Subcommittee on Constitutional Rights, 1973
"The more corrupt the state, the more numerous the laws."--Tacitus, *The Annals*
"Look at how much we bitch and moan about frivolous lawsuits, and even not so frivolous ones like the DeCSS, Napster, and Microsoft suits. How come the first idea for action has to be a lawsuit? Would a lawsuit even help in this case?"
Well if the person above was filing a lawsuit obviously they would not think it's frivolous, and think it would help in some way or another. I'm not quite sure what logic your using there. "Hey don't do that because you think you should do that, and I don't think you should, but I'm going to question it by asking you if you think you should do that." What?
"Why must all problems be solved with a lawsuit?"
Mainly because the NSA, MI5 and several other orgs reading my mail do not reply to the polite letters I've sent them asking them to respect my privacy. Oddly enough the French have replied and noted they put me on the "Do not violate his/her privacy list". So I guess not all problems must be solved with a lawsuit.
Seriously though:
Regarding the PGP solution I think that is somewhat dangerous. Granted it's something I would do in the very short term, however that does not address the real problem. Addressing the root cause is much more important. Saying "Britain (or any other country, company, person, or machine for that matter) can look at my encrypted e-mail all the want for all that I care." just seems far too passive a response. Years later after they've taken it farther than e-mail and demand your key and it's an established and accepted practice to read e-mail you'll be in a bad position. Like saying "Sure you have a search warrant for my home, but you can't look in my safe!" In fact, in the US, if they have a search warrant for your home and your safe is in it you have to turn over the key in a timely manner or they can break into it legally. If they can not break in it and you do not turn over the key or "lost it" your criminally responsible. As you said picking a fight is not a good response, but picking one when it's too late is bad too.
Yes, this is possible, there is software out there to make it feasible, for example something like Autonomy. In fact when I was on a training with that company last week they freely admitted having sold their product to some unnamed British intelligence agency...
You could always send your MP an encrypted email without a key, then call M15 (though they're less likley to listen to you if you're outside Northern Ireland, where there's even a freephone number)suggesting the email contained illegal information. The MP can't decrypt it, so must be withholding the key and can be prosecuted.
The only question is: will this sendmail be included in the next RedHat. The issue is not the availability of cryptography, but making cryptography the default.
Actaully, it would be cool to write a convincing form letter saing "I'm sorry this server refuses to process any non encrypted emails. Here is how you get encypted email." This would not really be true, but people could reply with this message when they did not want to recieve the email. It might convince more people to switch to this sendmail (even if it was not true).
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Can I sue the British government for this?
This is a typical American response. Why must all problems be solved with a lawsuit? Look at how much we bitch and moan about frivolous lawsuits, and even not so frivolous ones like the DeCSS, Napster, and Microsoft suits. How come the first idea for action has to be a lawsuit? Would a lawsuit even help in this case? Could it prevent the British government from doing anything (especially since it doesn't appear that anyone has an concrete evidence of exactly what they're doing).
A better solution than figuring out someone to put some sort of blame on in an effort to make a little side cash is to encrypt your e-mail using PGP or GPG or some such utility. Britain (or any other country, company, person, or machine for that matter) can look at my encrypted e-mail all the want for all that I care.
Picking a fight is never the best way to solve anything. The best defense is a tactic which renders the opponent's offense useless, not one that fights back.
NOTE: I am an American
Wizard's First Rule: People are Stupid.
MI5 employed convicted IRA terrorists build the building for them.
.oO0Oo.
They had to blow up some of the walls to make sure the builders didn't leave them any presents.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Many of you have mentioned that encrypting our e-mail would be a simple solution to this problem. However, when dealing with a big government, that does not give me any more feeling of security. I know that the US government has encryption algorithms that are much stronger than the standard ones available to us (i.e. standard 1024-bit public key encryption). They have the computing power to run these algorithms and break easier ones. They have contracts with supercomputer manufacturers so that only the government is allowed to buy supercomputers.
Now, I realize that all these facts are about the US government. However, if all this is true about the US government, how far behind could the UK government be? And we also must consider the possibility that the US would help the UK. It wouldn't be terribly surprising.
Now, knowing this, how many of you still feel that just encryption is a solution that would let you rest easy?
No, preferably the encryption keys would be regenerated every day or so deleting the old secret keys. Thus they can only get the info if
you havent deleted your mail and they come into your house and physically invaded your computer.
The danger is covert/massive survelance of the population not serving individuals with good cause search warrants. Hell having to tell the government your secret key returns the world to the way it was 20 years ago no big deal.
If you liked this thought maybe you would find my blog nice too:
I work for a company whose named shall remain... Alstom Power.
Their directive is to have a single Internet Firewall in the whole world. This firewall will be located in the UK. This means that all internet access from every Alstom Power office will be through the firewall in the UK. This also means that all email coming into Alstom Power and going out of Alstom power will pass through the UK.
Now, the British Government will have access to all coorespondance the Alstom Power employees are having with their clients, vendors, and competition.
Why do I have a really really *bad* feeling about this?
Feed The Need[goatse.cx]
I take your point about emigration: many countries are currently going crazy on this issue.
However, maybe it will become like tax: a reason to move to one country over another. Since highly skilled IT people seems to be more mobile than others (except, perhaps, in the UK wher a study showed that 80% of the population lived within 5 miles of their birthplace) that could give a competitive advantage to such countries. Assuming, of course, that you belive in the "new e-conomy" and think that the stupid governments will not manage to shut the internet down completely.
So like we have tax exiles in Spain and other sunny places, could we have "Freedom Exiles" in the future?
If so, where would you go?
Hi!
I'd say it's rather naive to assume that governments will always be behind what suitably paranoid people utilize for privacy. If you look through history you will find that more often than not cryptanalysts have had the edge on cryptographers. More often than not, said cryptanalysts were employed by governments, and more often than not, they kept secret the fact that they could decrypt messages.
sigs are a waste of space
*RANT alert*
.........
Would this be the same MI5 building that needed pulling down and rebuilding, because the contractors had hired IRA sympathisers to help build it ? I wonder
Will there be special lap-top docking stations, linked to an alarm system making 'whoop whoop' noises when a lap-top is unaccounted for ?.
I am a UK citizen. Henceforth, I will be using encryption on *all* my personal e-mails, irrespective of content. If they are snooping on me, I'll find out when some policeman or some chinless wonder from the spook bureau (Cambridge educated - works part-time for the KGB) arrives on my doorstep with a warrant for my encryption key.
I thought Margaret Thatcher was a right wing extremist. This Labour government will do more in one term of office to destroy civil liberties in the UK than three terms of Thatcher ever did. May all these New Labour dictators, thugs, MI5 spooks and lackeys all spin in hell. They want to build the e-economy in the UK - no f**king way !!!! It will emigrate ! BTW MI5 - did you get this ?
*end of rant*
Stephen Hawking has written another book. It's about time as well.
Now that they are still working at it, why don't they put in a charter for "the use of coercive methods in extracting encryption keys from uncooperative suspects" as well...
Because encryption doesn't work like that.
Any public-key cryptosystem is going to have roughly the same amount of complexity in the user interface regardless of how few or how many bits you use. So you may as well go with more bits.
Any "normal" cryptography has a huge problem: how to securely transmit the key! And you still run into user interface issues.
What we should be focusing on is making the user interface to strong crypto easier to use, rather than trying to make the crypto weaker. You brought up the passphrase issue. Perhaps the passphrase could be stored in RAM for the duration of your E-mail session at your option? (You'd have to do some work to get it to not be swapped out to disk, but that's easy enough to solve.)
People who really didn't care too much could have the passphrase stored on disk. This would solve the problem of unencrypted data on the network, but you're hosed if your computer gets seized by MI5 or the FBI. Of course, if all you have is E-mail from Mom with her recipe for chocolate chip cookies... but if you're seriously worried about that kind of thing, you DO want to type the passphrase in every time.
It's basically a tradeoff of security vs. convenience. The user interface should provide for all three options, and this is fairly simple programming.
---
How am I supposed to fit a pithy, relevant quote into 120 characters?
i hate to dissapoint people, but the dictionary thing of putting random words and emailing DOES NOT WORK, on the NSA site, and even on the pattent records they allegdly say there is a technology to search for certain patterns that relies on examples, and documents... dictionary lits -aparently so- where deprecated long time ago
Istigkeit -"is-ness" being and becoming & i'dfiying it with the mathematical abstraction of the idea
You only need a police state when you haven't succeeded in brainwashing the vast majority of the public. Luckily the majority of people living in the U.S. think that they're living in "The Land of The Free" and that it's a democracy here. Overt police states in the U.K. will only encourage the misperception that everything's OK.
Really though it's all one large system which needs the constituent parts - poor 3rd world police states(Asia,U.K.E.Europe), militarily advanced 1st world states (U.S., Japan, Germany) with a large technically adept brainwashed middle-class. And profiting from the whole thing at the top - a few tens of thousands of the genuinely wealthy
Nominal privacy would offer some protection for such mildly sensitive data.
-- Diana Hsieh
-- Diana Hsieh
GeekPress: The Weirder Side of Tech News
this would be a great way to eradicate unemployment! Just hire everyone possible to read email! It would also self sustaining..anytime a questionable email was found, the employee would send that email to a supervisor (via email of course), but another employee would have to read that to make sure it was on the up-and-up..that employee would see the questionable material in the original email, and forward it to their supervisor, .... and it would happen forever!!
dude. You just solved just about every economic problem that exists today. Congrats.
=P
The basic sleazeware produced in a drunken fury by a bunch of UCBerkeley grad students was still the core of BIND. --PV
Sure, it may be to costly for the UK to filter messages which are transmitted by voice, but if you weren't aware, the NSA's "Echelon" allegedly does exactly what you described.
I noticed that the article also said that the UK is also going to implement some sort of key-escrow system so that you won't be able to just use PGP to get around it. Will it be illegal for any British Citizen to encrypt their email, even if the key originates outside of the UK? Will they be prohibited from using encryption if they can't deliver the secret keys of the other party?
Under new powers due to come into force this summer, police will be able to require individuals and companies to hand over computer "keys", special codes that unlock scrambled messages.
Is there a new Brittish law on this? Whats the penalty for not handing a PGP key over?
This sort of crap would not fly in the US or Canada. Imagine getting a visit from the authorities stealing your computer and when they can't find your PGP key from some old e-mail you sent (you deleted it) they imprison you because you are no longer able to decode an old e-mail that was completely innocous.
Major potential for abuse! If I was a Brittish voter I'd be on the phone now. Does anyone know the details of this new law here?
no sig.
If you believe that a police state isn't a stable form of government, then ask yourself this: how did the Soviet Union and other Eastern Bloc governments remain in power for more than 60 years without being overthrown through popular revolution? Remember: the people most likely to rebel are those who remember what it was like before the police state came into being.
What killed the Soviet Union and other Eastern Bloc countries was economic competition from the outside. But that wouldn't exist in a world police state. Nor would references to other, better systems, except in the hands of a few: remember that a police state has to control information in order to control people. The way to make that happen is for the state to control the education systems and the means of information dissemination. Hence, controls on the communications infrastructure.
It should be obvious that you can't build a police state in a single generation, because the contrast would be too great. You have to build it a little at a time, slowly enough that people won't notice. A right removed here, a privilege revoked there, a restriction put somewhere else. Rebellion can only happen if the people believe that what they have isn't good, but whether or not they believe that is largely determined by what they can contrast their current condition against. That's why the "ruling class" has to remain untouchable and mysterious: the populace has to believe that there's no way for them to get from where they are to where the ruling class is, otherwise they'll yearn for it and become dissatisfied with their own conditions.
Also, one needn't formally try, convict, etc., a "criminal". One need only make something happen to them. A car accident, a heart attack, etc. A police state has no need for leniency, as long as the fact that the troublemaker died can't be traced back to the source. Obviously this works best when it's not obvious that the person in question was making trouble to begin with.
Lastly, a dumb populace is an easily managed populace. So a police state will be on a sharp lookout for those with above-average intelligence, so that they can deal with the issue, either by relocating them such that they have no more communiction with the rest of the population (this can be explained away by the government by saying that the person is going to a special school or something) or by arranging for an "accident" to happen to them.
Oh, well. I'm just rambling now. But it seems obvious to me that there are lots of ways that a police state can maintain itself indefinitely.
--
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
We laugh at your primative technology, and taunt you! We've been doing that for years! Your James Bond is no match for us! Muahahahahaha!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
A smart police state wouldn't make intelligent people disappear, it would just make them part of the ruling class. This would give them a smarter ruling class and a dumber (and more easily controlled) ruled class.
"Educating people" about PGP will never work; most people aren't bothered to make the effort required to learn. Also you have the "it sounds too complex" attitude. A great number of people think that it sounds too complex to download and install *any* third party software (eg Netscape Navigator), or they're afraid to ("I heard you get viruses from downloading software") etc etc. What are the chances you're going to convince these people to figure out PGP?
The only way to make email encryption widely used and easily accessible is to have all popular email programs support strong encryption natively and in easy-to-use manner. That means Outlook Express, Netscape, Pegasus mail etc. It must basically come installed with the email program (remember, number 1 reason that people "choose" IE over NN is "it came with my computer").
I find it disturbing that major email programs don't already have strong encryption support, considering that privacy is such a basic right, and considering how much communication is in the form of email these days.
Actaully, it would be cool to write a convincing form letter saing "I'm sorry this server refuses to process any non encrypted emails. Here is how you get encypted email."
This could be done, with procmail.
I'm not sure that it's a good idea, but it could be done.
Let me rephrase that; I'm sure it's *NOT* a good idea.
Just as there is a place for envelopes in this world, so is there a place for postcards. And even skywriting.
--
I have written a gibberish generator, called Slashdot.org. For every email you send to a person in Great Britain you should also send five or six extra messages generated by the gibberish generator. Encrypt all messages with a different key, agreeing on a secret key with your party in GB in advance. The gibberish message should give the lads and lasses of MI5 plenty of fun, since they're machine won't be able to tell if its had a successful decode, 'cause the plaintext is gibberish.
X v5@'C>CN,VBDji8leD;q5FO{c&bI^Z
Or, you could use my other gibberish generator that can produce reams of this:
[mT0UYP8T(5KUb0Rn0Ng0-};+l3r73Gr"{$WUUp*]&U3hfe
Send that as plaintext, they'll think its encrypted and waste many hours trying to decode it.
Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
Time to do some installing and just hope others do the same. BTW how much processor time does this cost? Is it enough that adopting this as a universal standrard would cause problems for spamers?
If you liked this thought maybe you would find my blog nice too:
The bill has an explicit defence where "the tipping-off occurred entirely as a result of software designed to give an automatic warning that a key had been compromised".
Does such software exist? Or could we write it, and how would it work?
It sounds like a nifty idea.
Hi!
>I don't view it as "spying on me" anymore than I view a doctor examining my body to
>make sure I am healthy as "spying on me."
>If I was committing wholesale violations of the law left and right I might feel differently.
You might also feel differently if your business was run into the ground, or you lost your job, or you had to choose between bankruptcy or having no chance at all of ever clearing your name.
Just because "I'm Fine Jack" doesn't mean there aren't innocent victims who are paying the price for your lack of vigilance. Abuses (and incompetence) of power does happen, and it has real victims - some of whom were _killed_.
As to your Doctors analogy of it necessary for good health, the Rainbow Warrior incident in the previous post makes a convincing counter-example - the Doctor gives you painful enemas because he has an enema fetish rather than because you need it, and as a result of his obsession, he fails to diagnose a cancer that posses a lethal threat to you. But that doesn't matter because his constant barium enemas have given you another cancer anyway.
Who exactly are the intelligence agencies protecting you from? It's obviously not the other intelligence agencies (see Echelon, or the Rainbow Warrior example again). It's obviously not Rogue States (learn something about how Iraq's intentions prior to the gulf war were in hindsight practically broadcast broadband, yet still took the CIA by complete surprise), it's obviously not the evil hackers (though like the rogue states, this is the result of extreme incompetence as much as anything).
The thing that intelligence agencies are most adept at is blocking off information from the public. The problem is that so much of this information is the political duplicity and screw-ups that the people have every right to know about, but which is awfully convenient to keep classified.
Or you could just accept the reassurances that it's all for your own good, and the world will end overnight if their powers were restricted. But it would be better to hear both sides of the story so that an informed decision can be made. Try "The Intelligence Game - Illusions and delusions of International Espionage" by James Rusbridger. Or just take a look at the record these agencies have.
The price of having these inept organisations is extremely high. We will probably never know if it comes even close to worth it.
1. I'm willing to bet that most Americans, and even most government officials have at least one skeleton in their closet. Electronic evesdropping offers the potential for blackmail, and it does so unevenly. Inevitably those in power can use evesdropping to hurt those challenging their position, while their opponents have less potential to retaliate. Closer controls of evesdropping eliminates this potential for the unethical to prosper.
The truth of this proposition can be trivially seen in the FBI's attempts to blackmail Martin Luther King by threatening to expose his extramarital affairs unless he stopped his involvement in the Civil Rights movement. If one wishes to venture into the realms of (fairly well-supported) rumour, consider the suggestion that the Mafia was allowed to prosper in the United States, untouched by the FBI, largely because they threatend to expose J. Edgar Hoover's penchant for cross dressing and male "companions".
The Roman Empire was a pretty serious police state and it lasted quite a while.
Oooo, good catch, I missed that one.
How much processor time? A lot, but presumably it could be sped up with a hardware SSL card, just like web servers do.
However, adopting it as a universal standard wouldn't cause any problems for spammers, because if most used it, they'd still also use "in the clear" protocol.
Why?
Because not everyone would use it, not everyone COULD use it, and because it is indeed expensive in terms of processor or buying that card.
--
Steganography is the art of embedding messages into other data so that it becomes difficult for the intercepting party to _detect_ whether there is an embedded message. For example, you might embed a message into the background noise of a digitized photograph. Of course it is a lot more trouble than just passing the message through PGP, but this kind of techniques could be one way of making the big brother's work a bit more difficult.
I would think since it's a monitoring devises for the gov't, they would be required to pay for it all. And if the ISPs have to pay for some of it, would they be able to start monitoring the users of the ISPs since it's their money that is helping pay for it? While I would assume no, the fact that they may be helping to pay for it would possibly make them part owners. I would like to know what that could mean legally for everyone, because while I'm not fond of a goverment reading my emails, some random ISP owner reading my email makes me just plain upset.
Wizard's First Rule: People are Stupid.
societal censure means they are turned in by the community recieve no help hiding etc.. Without these factors the police have a very difficult time catching perpratrators for example the IRA. Shielded by like minded people a dissident is very hard to catch.
So how about the E.German police state where it seems that everyone was informing on everyone else - even husband/wife to the Stasi? Petra Kelly and the Greens etc? Seems like they had a good few dossiers on just about anyone who did anything. Do you think that everyone there was secretly in agreement with the govt?
Experience has shown that government doesn't give up its power; it expands its power. Causes that may seem good or justifiable at first turn ugly once future politicians modify them. That's why someone should be worried.
gee... I wonder how long it'll be before they start peeping in on all the companies that route the internet traffic. They'd only be interfering with the organization's traffic... not the individual's e-mail, they could say. Just evesdrop on the Inet traffic that place routes..
"First they came for the Jews,
But I did not speak out,
Because I was not a Jew.
Then they came for the Communists,
And I did not speak out,
Because I was not a Communist.
Then they came for the trade-unionists,
And I did not speak out,
Because I was not a trade-unionist.
Then they came for the Catholics,
And I did not speak out,
Because I was not a Catholic.
Then they came for me,
And there was no one left to speak out for me."
- Pastor Niemller (Anti-Nazi Resistance Movement)
Or how about just:
"We must all hang together, or assuredly we shall all hang separately."
- Ben Franklin
Naturally, anyother compression scheme could be used, but what's the point, gzip is the best.
Spring is here. Don't believe me, look outside!
Using advanced context-based semantics, vast quantities of data can be filtered through the system continuously. That's what the Echelon system does. I can't seem to find the past Slashdot article, though I've searched, about the NSA patent on certain advanced ways to filter data, and its offer to sell some of those means to corporations which have the need to filter and categorize large databases of information, but there was such an article late last year.
In reality, the system could be set up to begin the filtering process at the level of large ISPs--easy enough in Britain since there are fewer ISPs than in the States. Also, it's been shown amply that, despite the U.S.'s prudishness and stupidity about sex and progressive social issues, we do have far more privacy protections in place than Britain and many other EU nations. For example, in Britain they can legally force you to decrypt data, while in the U.S. all I would have to do is invoke my fifth amendment right against self-incrimination. In the same vein, while the U.S. wiretapping legislation CALEA is forcing ISPs to install the capability for law enforcement to conduct digital surveillance of selected customers (supposedly only with warrant, but you and I both know the reality), I can see the UK pushing through a measure to force large ISPs to install government servers which would have all e-mail traffic pass through them practically transparently while simultaneously using the NSA's advanced context-based semantic filtering capabilities to forward copies of those selected e-mails to government computers for further analysis. Since the UK is the US's closest ally, seeing as Echelon was originally a US-UK joint operation into which the Aussies and Canadians were brought, you can bet that British Intelligence has the same advanced filtering technology that the NSA does. The key here is that, the UK intelligence services can get away with doing this openly, and might even get to force ISPs to install their monitoring equipment for them, but in the US no one would even think of openly proposing that all e-mails be subject to such snooping.
Lastly, if someone can find the older story I mentioned above, please give the link. I don't know why I can't find it, but I know it's there...
"The more corrupt the state, the more numerous the laws."--Tacitus, *The Annals*
I think that'd be an easy piece of software to write, and it could probally be made into a hidden feature of any firewall. Firewalls look at sources and destinations, sure as hell they can just happen to filter all mail content. Certain keywords could be blocked etc, or replaced... just a scarry thought. Saying that nobody will ever figure out how to do that has been done. Very badly. "640k should be enough for everyone."
Spring is here. Don't believe me, look outside!
If HMG want to read my email , then why do I care, they isn't really anything interesting in it!
At the end of the day its security vs freedom, if this prevents someone blowing me up next time I walk down oxford street, then its a small price to pay.
F
I hate to say it but things such as this make me wonder about government egos. I recognize that anything they spend 25m on would have to be made public, but come on! Don't they realize the kind of mass heckling, discouragement, harassment, or even hysteria that something like this is going to cause? I could only guess when the first malicious hack/attack would be and what it would cause for these people. There is only so much that a government can do in light of national security or intelligence gathering before it ceases to have the support of the people it governs. What next? Audio and video surveillance at every public building and event? Oh wait, they already have that...
To do this they would have to put filters that grab out stuff just about everywhere, let alone have a ton of bandwidth, and what kind of computer can sort this stuff?
.. Possibly mail turning into a multiple port system? There are lots of ways.. The internet can bend to accomodate annoyances .. most of the time.
Furthermore this is just total crap, because nobody should be peeking into other people's business, I bet more crack and drug deals are made with cell phones, why don't they monitor those?
I'm sure someone will come up with something to change this
-meff..
Two words:
steganography
(The second word is encrypted within the word steganography, but you'd never know that there was another message there unless I told you that there was.)
If tits were wings it'd be flying around.
I don't know exactly but there were some articles in a few European computer magazines about Echelon half a year ago. These articles quickly got copied by the major news agencies.
Maybe the UK simply fears that the EU might outlaw Echelon, so they want to have a way of scanning email traffic, which still works when/if Echelon has to leave Europe.
First off, YOU (yes, YOU) are not interesting enough for them to watch you. Sure, they could, but why would they? Did you e-mail this guy something the secret service didn't like? Do you have a small catchet of U-238 that you keep under your bed "for emergencies"? Arms dealer (no, supercomputers don't count)? Okay then, why are you worried?
Your system administrator should be feared much more than any "global eavesdropping network" - he can read your e-mail, see what pr0n sites you've been looking at, hell.. he can even let the president know what you think of him (using your own e-mail addy, how nice!). Why the hell do you care - as long as they aren't spying on domestic stuff I'm not worried. Let the boys have their toys.
Now, *clickity-click* what was your username?
that they will 'monitor' all email.. the point is, it's an eavesdropping infrastructure, similar to what the telephone system has, to a degree, now.
Equipment was added to allow the feds to (with proper warrants) eavesdrop. It's simply to make it easier for them to eavesdrop when they have a legal right to.
Find a free ISP in Holland or France that allows you to sign up and get your login & password over the web. Make up a name and address if you have to. Set up a cheap international calling account, and dial in from the UK. If they still want to eavesdrop on you, they have to tap your phone.
Wow, that's a brilliant idea. Someone needs to make an RFC for that.
And the men who hold high places must be the ones who start
To mold a new reality... closer to the heart
Part of the problem is that there is no method for achieving low-cost "nominal privacy." I have two basic options: (1) I can send e-mail as plain text. I don't get privacy, but there's no extra overhead in either sending or receiving messages. (2) I can PGP encrypt my e-mail. I get boatloads of privacy, but it's no small task to set up PGP for either the user or recipient. (I've done this before for Eudora and it was a big pain.)
I want a third option, where my messages are lightly encrypted (so as to prevent keyword fishing) and the recipients of my mail can decrypt those messages without any hassle. My e-mails aren't secrets, so I don't really care if someone decrypts them. I just want it to be a bit more difficult for them to do so.
This third option would be "nominal privacy." It would be equivalent to putting a letter in an envelope, where someone can read it if they want to, but it's just a bit harder. (Current e-mail, as I recall Zimmerman pointing out, is like sending a postcard that anyone can read. PGP, in my view, is more like sending a letter via armed courier than sending it in an envelope.)
This nominal privacy of option 3 is not something that exists at the present time. Why not?
-- Diana Hsieh
-- Diana Hsieh
GeekPress: The Weirder Side of Tech News
Amerika is a police state.
3 8496-2000Apr29.html
http://www.washingtonpost.com/wp-dyn/articles/A
As technology progresses, we find better more efficient ways of taking care of the necessities of life. We set out to improve the quality of living so that we can accomplish more and have more time left over. So what do we do with this time? We start getting paranoid and monitoring each other to make sure nobody does anything we don't want them to do. If you ask me, this is a bit counterproductive, and an excellent example of how mankind can waste huge amounts of productivity if it wants to.
Seems like it would be fairly easy to write some sort of ssh solution. Can ssh be used with services without a password?
Somebody will figure out (not if, but when) how to spoof the system and send phony information that incriminates innocent people. Kind of the opposite of a packet sniffer. This tool, once implemented, can be employed by a variety of individuals: bad guys, nasty neighbors, gov't officials. I can hear the MI5 guys flexing their obscurity muscles already..."nobody will ever figure out how to do that". Yeah, and nobody thought LAPD would toss innocent people in jail either.
cat
As someone who has been privy to 'classified' information, I wholehearteldy agree with this statement.
-jerdenn
Thats like saying a search warrant compells you to hand over documents so you need to have that letter you threw away last year. If you don't have it they wont throw you in jail
If you liked this thought maybe you would find my blog nice too:
I'm pretty ignorant about the structure of the internet as a whole, but is there a concern about communications that pass through Brittain?
Say some major e-mail router is in Brittain, and two people who live outside Brittain send mail (probably unknowingly) through that router. Will this infrastructure make it easier to intercept that sort or communication? What are jurisdiction concerns?
---
Dammit, my mom is not a Karma whore!
Just as there is a place for envelopes in this world, so is there a place for postcards. And even skywriting.
Well it would probable be a good thing to make ALL email encrypted. It's no more bandwidth and it's not really that much processor time. The only real bad thing about sendmail doing the encryption is that the system's sendmail can spy on users, but I can not think of a better way to do it.
I'm sure it's *NOT* a good idea.
Well it's never a good idea to lie to people when you don't need to, but it's not like you would send these messages to everyone who sent you unencrypted email. You would send these messages to people who you do not care about. Clearly, you will send a friend a personalized email mssage suggesting that they install an encrpyted email program (and you would not harass them). This would just be a clever way to delete a mail which you were not going to reply to anyway.
Actually, once I start TAing for calculus classes I think I'll write myself a little script to email students their grades after tests, but only once they submit a PGP public key.
Anywho, my point is that we should try to "descriminate" against the people who do not use encryption when it seems likely to make mre people use encryption.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
You're both sorely in need of catching up with the program:
/. back in the day.
RFC 2246 defines (and has for well over a year now) the protocol, and the latest commercial releases of sendmail implement it.
So does the Sun Internet Mail Server
Finally, Weitse Venema's postfix MTA has a freely-available TLS patch that implements SMTP encryption for those of us who don't want to pay for it.
There's even an RPM available.
Postfix, BTW, which used to be called vmailer, is the IBM Alphaworks free MTA project that was covered here in
As, indeed, was this entire portion of this thread.
--
To avoid scrutiny, this is what the government is doing to save all those workers at the potentially closed Longbridge auto plant (which BMW might close (for all you outside the UK))... Imagine that, 11000 people filtering emails ;-)
Miska
-
See stand.org.uk for more details.
Basically, somebody can send you an encrypted e-mail, for which you have no key, they can dispose of the key, but you can go to jail for having this encrypted data. Finland here I come...
The sad thing is that this isn't going to stop the people its meant to catch. The "bad guys" will resort to other means of communication, steganography being one obvious choice, I'm sure they will find others...
Hopefully the European Court of Human Rights will stop it ever happening, but some poor guy is going to have to go through hell for them to get involved.
The RIP Bill is certainly one of the most controversial bills I've noticed in my time. For those who can be bothered reading them:
Stand.org.uk
Bills before Parliament currently
What is scary to notice is this particular set of bills, all called to the Houses of Commons (and Lords) by Mr Jack Straw (the man who seems to be getting the blame for the RIP bill):
The [T] bill grants full powers to the police, without warrant, without "Innocent Until Proven Guilty" if they suspect you of terrorism. Terrorism now can include environmental and anti-capitalist demonstrations.
The [CaT] bill makes owning software which removes copy-protection illegal (I have no idea what this would mean to anyone with a copy of the source for DeCSS, which could be seen as a form of copy-protection).
[RIP] bill has enough people ranting about it to be ridiculous. Some people think that the government can't afford to enforce this bill (estimates of tens of millions for a year), and that the bill won't be passed. That said, the bill is already at the stage where it needs a lawyer to write a formal document to get changes made to it. I guess we'll know the truth around 4th October (unless the date has changed) which is when the bill is to come into action.
Given that list of bills that are being changed, and the changes that have come to light, it seems as though the UK government is heading towards a semi-police-state sort of arrangement? Check out this site for their latest ideas on censorship:
School Internet Access
What I think has to be borne in mind is that most countries (all of them that I've come across) do not give you "Privacy" as a right. All legal systems seem to rely on the fact that the citizens will be open about certain things - namely they will give the police access to their homes when presented with a warrant. In many ways, the RIP bill is fair in asking for you to hand over your keys. However, what are not fair, or well thought through, are the consequences for not doing so.
Stand's website already mentions one major problem with the "Give us your keys or go to jail" mentality - any hard-core terrorist group would rather go to jail for 2 years for obstruction of justice than face life imprisonment because their encrypted mails had their keys given out. This applies to paedophilia (another of the crimes that the government is trying to tighten up on), where the Department of Trade and Industry provided a "brochure" on cryptography/legislation in the UK:
Encryption and Law Enforcement
To me, that brochure summarises the way the government believes it can (and actually manages to) control its people - for the most part, the general population in this country is willing to believe that paedophilia == bad, paedophiles use crypto, terrorists use crypto, ergo: crypto == bad and we must do everything in our power to make sure that the Finally, I see two or three ways around these problems (which seem to be caused by men-in-suits who have no idea about what they are legislating):
Well, that's my four-quid's worth.
-- Maz
__
It seems to me that the U.S., the U.K., and other countries are in a race to see who becomes a police state first. At the current pace, it seems the U.K. will probably win.
Personally, I wish the U.K. would get on with it, so that there will be enough time for the rest of the world to see firsthand that a police state can easily emerge from a "democracy" (as loosely as that may apply), and so that the citizenry of the rest of the world can prevent the U.S. and other countries from also becoming police states.
It'll be a real bad deal if the U.S. gets there first...it has enough power that the rest of the world will probably descend into a police state, also. Unfortunately, a world police state may be the most stable government structure we know since there will be nobody on the outside to overthrow it, and it may even be that a descent into that is inevitable.
Sigh...
--
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
So why doesnt everyone encrypt their emails now?
It is too difficult and time consuming to gather public keys from all your associates esp. people who don't know about PGP etc..
Even when you have the public key it is too much hassle to type in your passphrae for routine email making encrypted mail stand out all the more.
But the truth is we don't need to have passphrase protected emails all the time. Only when we are leery of government search warrants do we need to protect the content at the source/destination. Insteed what is necessery is a encapsulation of the email as it travels the internet. This way it can't be picked up by packet sniffers and it will be impossible to ferret out the real encrypted email.
To this end I suggest a addition to sendmail. Every time it delivers a message to the recieving computer a one time key (diffie-hellman) is generated so the message text is unreadable as it travels the internet.
Before we couldn't do this but now with the loosining of laws this is possible...not perfect but better than the status quo
If you liked this thought maybe you would find my blog nice too:
Okay, here's what I see... Sids 2, 3, and 6 (sorry, too lazy to link them), are all claiming to be "first post", with all the usual crap, and the REAL first post, which I concede is not all that jam-packed with info, is marked redundant.
First and foremost, there's no such thing as a first post, unless it quotes the majority of the article itself, or the headline itself.
I can understand somebody wanting to moderate someone else down because they posted a short first post. WHO CARES?!? Please, we need to realize that moderating people DOWN is just stupid. Moderate the good stuff UP, and I'll see it first. Even browsing at -1, I'll still see the good stuff first. If I'm not bored of the topic by the time I get that low on the list, then I may as well be reading -1 scoring comments.
Done flaming, moderate down.
I'm well aware of that. As to your comment that sys-admins are "just custodians", I would reply to that by saying that maintinence of the system is part of the job.
That includes installing security patches as they become available.
Unfortunatly, many sys-admins take the attitude of "if it isn't broken, don't fix it". This is the whole reason why DoS attacks like smurf still work - too many sys-admins who won't upgrade their machines.
As to security in general, same thing. It isn't enough for a sys-admin to wait for trouble. You must be proactive and regularly monitor the system.
You might be strangling my chicken, but you don't want to know what I'm doing to your hampster.