Slashdot Mirror
FBI Confirms Magic Lantern Existence
The_THOMAS (and many others) writes: "A day after major
anti-virus firms waffle on their support for 'Magic Lantern', and nine days
after Thomas C Greene of The Register tried to throw cold
water on it's existence,
the FBI Confirms
the 'Magic Lantern' Project Exist. Welcome to a Brave New World!"
I'm not worried about Magic Lantern. I'm worried about the stuff we haven't heard about yet. Really, if the FBI wants to spy on citizens (or criminals for that matter) there is no way they would let their ideas be known.
Everytime you look at porn a devil gets their horns.
Viruses spread because each time a user is infected they spread the infection to an average of more than one user. Most viruses die very quickly. Of the thousands launched each day only a handfull infect more than a few hundred sites. The probability of infecting a particular machine is actually quite low. It is going to take rather more effort to spread the trojan payload than the FBI expect.
Simply sending out random spam and hoping the target opens an executable that installs the trojan is not likely to work. A more likely means of succeeding is to attach the trojan to a downloaded executable.
A much easier solution with lower downside risk is simply to install a good old fashioned room mike or to use CRT radiation to snoop on the screen.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
You know, this Magic Lantern thing will sure make life boring. Whatever happened to the good ole days when the feds actually had to sneak in your house and plant a bug inside your coffeemaker (like in all those cool 80s action movies)? Man the feds are sure getting lazy.
So now the FBI will be able to catch terrorists even better!
What this country needs is more power and oversight by police agencies - East Germany had it right when "smell samples" were collected in jars so dogs could hunt down disenters.
Of course, this will mean nothing to civil rights because as we all know that the FBI is a trust worthy organization that would never do things that would jeopardize our civil rights by installing key loggers via internet virus (because that would not exactly be targeted eh?.
The FBI is also trust worthy, they would never, for example, abuse the justice system by, say using RICO (anti-organized crime) laws to punish pesky protesting environmentalists, or arbitrarily ask nearly all muslim students in the USA to come in for interviews (and chase them down if they don't come by) - or even threaten to reveal that a person charged with a crime is gay (and cause his suicide)
And they would never do anything like compile a list of "persons of interest" and maintain a dossier on each person in the USA that has been charged (not convicted) of a crime), as well as all immigrants in the USA (they did a mighty fine fucking job lately eh?)
Don't worry, the FBI will protect you in the future because of their new powers!
BTW, would it be in a anti-virus company's best interest to reveal that their software has programmed defects? I dunno. . .
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
Look, guys. It's simple.
Get a warrant. I'll show you anything you want to see, but show me your goddamn warrant first. Until you have it, you have no right whatsoever to search my, or anyone else's computer. I don't care what your reason is. This is not acceptable.
Shaun
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
Why were they honest about it now? Simple: this is the best political climate the FBI could have asked for to reveal something like this.
:grin:
Surveys show that most people, given the 9-11 attacks, are more than willing to trade freedom for security.
"A recent ABC/Post survey found two out of three people expressing willingness to surrender 'some of the liberties we have in this country to crack down on terrorism.' Cole attributes this not only to a heightened concern for safety, but to the fact that the majority are not generally affected--that is, it's not their relatives being detained and questioned." (Taking Liberties: Fear and the Constitution)
"At times like this, a democracy must balance its need to protect itself with the freedoms that define it. Last week's terrorist attacks have raised the debate pitting homeland defense against civil liberties to a level not seen since World War II." (For now, security trumps liberties)
"From the very first surveys after the World Trade Center and Pentagon attacks, most Americans told pollsters that the country would have to give up some rights to fight terrorism (79 percent in a CBS/New York Times poll in September). A Gallup survey conducted Nov. 26-27 found six in 10 Americans who said the Bush administration has been 'about right' in its limits on civil liberties, as opposed to 10 percent who said the administration had gone too far and 26 percent who think it hasn't gone far enough." (Public Supports Domestic Crackdown on Terror)
After all, if you're innocent, what do you have to worry about anyway?
Most major vendors (with the notable exception of Debian =( ) sign packages using GNuPG. You can check these signatures using rpm. There is no need to get Eric raymond to sign stuff (and he's supposed to read all the source code, then build all the packages on his own machines? excuse me?). I suggest reading the following two security advisories, which point out some mistakes that have been made, and one possible attack, but also largely corrected by vendors, and can be easily verified by users with minimal effort.
Devil in the details - why package signing matters
Red Hat 7.2 GnuPG signed RPM verification fails on distribution files
RPM PGP/GnuPG verification bug
You, sir, are not merely a troll, but an expert troll, and I applaud you for a job well done! Thanks for the best laugh I've had this thread.
References: Slashdot article: Don't Trust Code Signed by 'Microsoft Corporation'
Microsoft bulletin detailing story of VeriSign issuing two Class 3 code-signing digital certificates to an individual fraudulently claiming to be a Microsoft employee: Erroneous VeriSign-Issued Digital Certificates Post Spoofing Hazard
I wish more people would actually read Huxley's "Brave New World" before applying that phrase everytime government gets a little out of control.
Seriously, "Magic Lantern" and all the other privacy-invasive technologies used to snoop on private citizens are still a far cry away from the world of "Brave New World." After all, we still possess enough of our wits to question whether these steps are necessary, legal, and ethical. The folks in "Brave New World" didn't even go that far.
We are much closer to Orwell's "1984" then we are to "Brave New World." And I'm not sure which is the more frightening.
In 1984, the government had to force people to behave using the classic methods of tyranny. In Brave New World, the citizens were kept so damn happy that they would never question that the government didn't have their best interest in mind, regardless of what it did.
Remember: in 1984, our protagonist was someone from withen the society who began to realize what a living hell he was in and began to try to do something to better his condition. In brave new world, our protagonist was someone how came from outside of the society, having been raised on a "reservation". It was only because of this distance from the reality of the "Brave New World" society that he was able to see how awful it truly was.
And in 1968, the Hugues Glomar Explorer was looking for nodules on the pacific floor ...
Seriously though, how plausible do you think the following scenario is :
McAfee receptionist : Hello gentlemen, how can I direct you ?
Men in black : [showing their IDs] We work for the department of Homeland security. We need to speak to the CEO at once. You also are not to mention our visit to anyone by measure of national security.
MR : [picking up the phone] Mr. Sampath, important visitors for you.
Srivats Sampath : What can I do for you folks ?
MIB : Your company is under strict orders from the FBI and the department of Homeland security to provide appropriate backdoors in the software it produces. These backdoors are confidential-defense and must be revealed to the following persons only : [list of persons]. Any of you or your employees who have knowledge of these backdoors who reveals the existence of the backdoors will be detained and judged by a military court. Any question ?
SS : [going into brown alert] Yes yes Mister, anything you say. Have a good day Sir.
SS : [later, talking to the PR guy] John, write the following press annoucement and send it immediately to PRNewsWire : McAfee will NOT NEVER EVER UNDER ANY CIRCUMSTANCES NOT ON YOUR LIFE install any backdoor ever in our software. Never ever. Promise.
You think I'm paranoid ? Heck yes I am. The above is a bad fiction, and if nothing else, it certainly shows that I have no knowledge of who does what in the government, but my point is : none of these anti-viruses are open-source, how the hell are we supposed to know they're saying the truth ? especially nowaday, can you really trust anybody even remotely involved in computer security to tell you the truth ? Well, I'm taking the easy way out of that dilemma and I'm sticking to "alternative operating systems" that don't require proprietary anti-virus softwares in the first place, and that are known not to contain backdoors as long as the user administers the box properly.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
As a matter of comparison, my Windows 2000 box has no such vulnerability. The first time I went to Windows Update, I checked the box that said "always trust content from Microsoft Corporation." Therefore, only Microsoft's real certificate will be accepted by my machine. Even if the FBI forces Verisign to issue an impostor certificate, it will be detected and thwarted.
Why can't the FBI use Microsoft's real certificate? Why wouldn't Microsoft work with them? Are you so certain that "always trust content from Microsoft Corporation" is such a good idea?
Even then, the code which checks a newly-downloaded package against the MS certificate is on your computer, right? It could be modified by anything (say, a virus) which had the right permissions to do something different, like checking against a certificate on microsoft.fbi.com, correct? Perhaps this will be the next "I Love You" payload (or the last one).
(Flippant answer: "Look, it's the Fourth Amendment we're getting rid of, not the First! Get yer Amendments straight, duuuh!" ;-)
But I think that deserves a serious answer, and since it's the Constitution you're so worried about, I'll have at it.
Ashcroft's actions are highly constitutional. He's fulfilling his obligations as part of the Executive Branch as specified in the Constitution, namely to use the powers granted to him by Congress to fulfil his mandate. Once something gets passed by the Legislative branch, it's law, and the Executive is obliged to work within the (ever-shifting confines of the) law until the Judicial branch (after due prodding) says it did otherwise.
So if you have a beef with the changes going on lately, it's with your Congresscritters for passing bad law.
But please, if you're gonna go Constitutional on us, don't trash the Executive for doing what the Constitution says it has to do -- namely doing the things your representatives in the Legislature told it to!
There's a homily about how, when everyone is a lawbreaker, government has total control over everyone -- there will always be a pretext for detaining any person.
As another poster mentioned, it is quite likely that none of us would like to have all of our keystrokes made public -- some of our innermost thoughts go right through our keyboards, and Magic Lantern wouls apparently make no distinction between keystrokes that you intend to publish on the web, and those intended to stay private (financial info, personal letters, diaries, medical correspondence). If you think this sort of tapping would only occur under warrant, you aren't following the latest news.
Since 9/11, we already see our government detaining people for more extended periods of time even when the detaineee has not been accused of a crime, refusing to share the evidence against those detained, and the Dept of Justice is even, per AG Ashcroft, allowed to monitor conversations between people in custody and their lawyers. That last one applies to everyone, and is not limited to suspected illegal immigrants.
This is the top of a very slippery slope. If we give away rights to privacy in our homes and with our legal counsel, we will never get these rights back.
"A man who gives up some of his liberty for a little temporary safety deserves neither liberty nor safety." - Benjamin Franklin
"Whether or not legislation is truly moral is often a question of who has the power to define morality." -- Jerome Skolnick
It seems to me that keeping Magic Lantern from working should be fairly easy for any terrorist who knows that much about it. He could have the computer that he writes and encrypts whatever it is he wants to send out disconnected from any network. Once the (let's say) email is written and encrypted he puts it on a disk goes over to another computer hooked up to the web and sends it off. Terrorist number two recieves it on one computer, puts it on a disk, loads it onto a disconnected computer, and decyphers the message using his key for the encryption scheme they used. This way, no computer that has the encryption on it (and thus the keystrokes) is hooked up to the internet and so can't get magic lantern. And if it somehow was infected, magic lantern would have no way of sending the info back to the FBI. Am I wrong? Shouldn't this work?
"A witty saying proves nothing." - Voltaire
"That's like telling a cop that you refuse to give him access to your home to search it without a warrent. All you're doing is causing a bigger hassle for yourself."
You are under the misguided beleifs that:
1. Only guilty people exercise their right to privacy
2. Only guilty poeple have items seized as evidence upon a voluntary search.
Lets say for example, the FBI knocks on your door saying they suspect someone has been sending death threats to the president from your computer. They are mistaken. They want in to "look around" and walk out with your computer. Good luck getting it back, cause it will be in a "evidence" vault till you die, regardless of innocence or charges being sought. They could do that with ANY item in your house that MIGHT be tied to the crime and odds are you won't get it back, ever.
Reminds me of a county n Texas, all traffic violators were searched and anything that the searchers thought was "drug related" was seized. Well, a buisness man was speeding though said county, pulled over and lost 10-15K (I don't remember the exact figure) in cash he was taking to his son as a loan, all of which he could prove was legally earned. He ended up sueing, and getting little more than half of it back.
So, my legal advice to you (IANAL-Lawyer) is to NEVER ever for any reason let any cop search any of your property, unless they have a court approved warrent.
Burn Hollywood Burn
Once again the old adage proves true. If we fund fundamentalist, paramilitary, or resistance groups in far-off countries, they're "freedom fighters." If someone else funds them, they're "terrorists."
If someone puts a trojan or virus on your machine to spy on you, it's "cyberterrorism."
If the government puts a trojan or virus on your machine to spy on you, it's "domestic security."
Send all your mail (and I mean all: cheques, kiss-ass late notice replies, love letters, porn orders, everything) in clear ziploc sandwich baggies for a while (at least 3 or 4 months).
If, after all that, you come back and say "It made no difference. I had nothing to hide" then I'll believe you. No cheating by self-censorship allowed.
'Till then I bet you're just like everyone else -- you have at least one skeleton in the closet.
Remember, the FBI are people too. What interests the mailman that's in those baggies interests an FBI agent just as much. The only difference is that the mailman is under special orders not to read your mail.
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
Maybe I enjoy surfing porno websites. Maybe I work for a Fortune 100 company and have trade secrets on my computer. Maybe I'm secretly gay and that fact could be gleaned from my online habits. Or, hell, maybe I run the world's biggest cocaine trafficking ring over the internet. (Obligatory disclaimer, all of these situations are bogus.) It doesn't matter what I'm doing; without a warrant, the government has no more of a right to come in my house or my computer than a bum off the street.
The problem I see with Magic Lantern, vis a vis conventional searches, is that the potential for abuse is far too great. When the FBI raids a house, it's rather obvious. Maybe the person is at home, or the neighbors see it going down, etc. Makes it pretty difficult for them to just bust in any old house they want, without a warrant; and makes it pretty embarassing if they happen to screw up and raid the wrong house. This is (at least in my mind) a fairly good check and balance to ensure that the FBI isn't raiding houses on a whim.
What happens, though, if they bungle and put Magic Lantern on the wrong person's computer? It's a valid threat; if fucking bomb coordinates can be transposed, so can a suspect's IP address. What if Magic Lantern winds up on your computer or mine, even though we aren't doing anything illegal? There are no neighbors to see it happening, there is no embarassing story on CNN about the snafu, but before I know it, those corporate trade secrets on my computer are now in the government's hands. (IIRC, it was objection to exactly this type of risk that got France in a mess when they banned encryption.)If there are terrorists at the mall, I at least have the choice to stay home and avoid them.
Shaun
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
Of course, I wonder just how far the Fibbies will actually go in doing this. Most criminals are stupid. Hell, al Qaeda stood out like a sore thumb, it's just that most modern Americans have had their senses so dulled by television and government schools that nothing makes them paranoid anymore....
Sure, our hero slapped something together that dropped a back door in nothing flat. How many guys that smart are going to go work for what Uncle Sugar pays? How many of the ones that are smart enough actually know something about Linux?
And then there's the question of sheer manpower. Sure, they can tap your data, but who's going to go thru all that crap? They simply don't have THAT many Beowulf clusters....
If I was Ashcroft, I'd settle for netting all the Windows users, and worry about all those other OS's if and when I had a specific hard target. Once they hard-target you, you're a goner anyway; if they can't get what they want by giving you a Windows virus, they're just gonna come bust your door down. Meanwhile, I think most of us non-Windows users are relatively safe from any fishing expeditions the Fed might want to do on our hard drives.
And so it is that the umpteen zillion different distros of Linux becomes one of its advantages....
Besides, Red Hat has already let on that it's not going to play ball; remember that early release of a security patch (was it wu-ftpd?) that caused the flap a few weeks back? I think Bob Young and company had a lot of balls for doing that; it shows that his loyalty is to his users, and not to some calbal in some smoky chat room... I hope and pray and offer virgin sacrifices that it stays that way. Of course, there's also OpenBSD; Theo, cagey bastard that he is (and I *like* cagey bastards in these situations), isn't going to play cloak and dagger with *anyone*. I figure if anyone *tried* he'd raise six kinds of hell.
Bottom line, folks, there are more of us than there are of Them; they can't get to us all. And try and remember, if they do try to get to you, your first obligation is to escape and warn the rest of us. We have to hang together... lest we all hang separately.
Magic Lantern is nothing new.
It's the networked computer-version of a phone wiretap.
In both cases, permission to use either information-collecting method has to be authorized first by a court-order. From the article [news.excite.com]:
When asked if Magic Lantern would require a court order for the FBI to use it, as existing keystroke logger technology does, Bresson said: "Like all technology projects or tools deployed by the FBI it would be used pursuant to the appropriate legal process."
...which is legalspeak for "Yeah, as long as wiretaps require court orders, so does Magic Lantern."
I can't believe the number of posts comparing the introduction of Magic Lantern to a civil liberties meltdown getting +1 Insightfuls. They're about as insightful as the patriotic idiots who'd allow government agencies unchecked freedom to invade private citizens' lives in the name of antiterrorism.
The citizens of the US have a responsibility to watch over the actions of its government, to serve as a check against the growth of abuse of power. Melodramatic statements like "Welcome to a Brave New World!" and knee-jerk antigovernment statements like "Trust the FBI to abuse this the minute they get it" merely serve to marginalize and decrease the credibility of those that speak out against government agencies becoming too unfettered.
Am I afraid that Magic Lantern may someday be abused? Well, yeah, but I'm a lot more frightened by the potential abuse of "old-fashioned" things like the aforementioned wiretaps and unwarranted searches and seizures than I am of the FBI emailing me an easily detectable and easily deletable script or executable virus. Magic Lantern doesn't strike me as a shadowy menace so much as the amateurish nature of a government agency still in the first steps of dealing with a wired world.
The key to preventing abuse by the FBI and other agencies is not by depriving it of tools to work with, such as wiretaps or Magic Lantern, but to ensure that adequate oversight exists and continues to do so in the future. Spending time and energy protecting and advocating the transparency and accountability of the FBI is infinitely more effective, and more likely to work, than seeking to deprive the FBI of intelligence-gathering tools to work with.
Light a fire for a man and he'll be warm for a day. Light a man on fire and he'll be warm for the rest of his life.
What's even worse:
It's an American idea, an American problem and based on American laws... and you are enforcing it on the rest of the world
What's left to us rest-of-the-world-westeners is to stop buying US software because otherwise we risk that our secrets will be sold to American businesses by the CIA/FBI gang... as it has happened before on numerous occassions where European companies (Siemens, for instance) suddenly lost deals in the middle east. Not enough that they eversdrop on our mobile phone communications (Echolon), now they bug our software...
Why hasn't anyone thought of this before?..
Its a bit insane but think about it..
This would ideally be applied to jxtra (www.jxta.org) - suns peer to peer protcal layor (different things can be put ontop, like a web browser, a IM message,file sharing, etc).
Have the a key/checksum on the file itself. Then to authenticate, connect to the p2p network. Each host would have their own UNIQUE key. The longer a machine is up the more trust. Nearby machines get the key as well.
So, to authenticate the program goes and finds a bunch of random machines, asks what their keys are and what the key is for the package file. Then, you check the machines keys with other machines to make sure they can be "trusted". This would be a cross between the gpg signing "web" and p2p networking.
So the machines that have been on longer can be trusted more. This is to prevent a machine at the isp to generate new keys on the spot (or use the same one over and over again). It would have to be around for a resonable amount of time (24 hours?).
So each time you check package x, at random a series of "hosts" are asked what their checksums are for package x. For the paranoid, could add some route/different isp checking as well. Let say it asks 20 machines. If all match, then odds are pretty good its correct. Also, each host's key would have to be unique and "trusted". Then you can go out onto 100's (even more?) of hosts to check.
True, (in theory) it would be possiable to fiter for those specific requests, generate a seperate key for a bunch of ip's RANDOMLY and have them authenticate with each other, but that would be quite difficult. In order to do that, they would essentially have your connection severed from the net, with no direct path and on a "virtual" network, in which case your screwed anyway.
It isn't the most efficent way, but probably about as secure as you could get. Well, without being the govenment itself ^_^.
It isn't hard to read. It is available online for free reading. Have a look. I took the time out to read it - and now I know what the parent to this post is on about.
In both cases:
Writing letters to your representatives and starting petitions about strengthening the oversight mechanisms over the FBI makes a lot more sense, just like the FBI using other methods to gather intelligence on criminals makes more sense than banning strong encryption.
Light a fire for a man and he'll be warm for a day. Light a man on fire and he'll be warm for the rest of his life.
This post will probably never be seen since I'm a latecomer to the conversation, but I knew a fellow a few years back that would never be affected by a keylogger. His method would work for bypassing any keylogger, but would probably be most useful to touch-typists as a way to not use the keyboard for entering passwords.
He claimed he was a terrible typist. I couldn't tell though, because he didn't touch the keyboard. He would literally copy and paste every character he entered. While this would be tedious for all typing, it strikes me that would be a good way to enter passwords if you're concerned about a keylogger.
That generally wouldn't work for whole-system logins, but it would work for encrypted files and other "lesser" logins. Copy a letter from this page, a letter from that, paste it in your password box, and I doubt seriously even a macro recorder could follow what you're doing.
I am Australian. I use American antivirus software. There is no indication that Symantec or McAfee are going to protect their Australian consumers from the American government.
Most of this discussion has centred on the FBI invading domestic computers. I am more concerned, not personally, but ethically as a global citizen, with the CIA or another US body using this technique to invade my country's rights.
I have no recompense, short of diplomatic channels, or through whatever (uberexpensive) international anti-espionage laws , at stopping this.
Magic Lantern is a very blunt intelligence instrument. Right now (and the irony is NOT lost on me) all I have to be thankful for is that my sychophantic Prime Minister has been licking Dubwya's scrotum so much lately that Australians are probably far down the list of suitable intelligence targets.
"If you create user accounts, by default, they will have an account type of Administrator with no password." KB Q293834
With all of that in mind, I decided to find out just how vulnerable I was. I set up a stock Debian 2.2r3 box... I went to the Debian box and typed 'apt-get update ; apt-get upgrade'. After a few routine prompts, none of which triggered security alerts, the box was rooted by my "custom" package.
Progeny Linux Systems wrote, tested, deployed, and submitted as patches to Debian, code to implement cryptographic package signatures. Some of the patches now exist in dpkg CVS, but Wichert Akkerman rejected others. Part of it had to do with a command that would prompt you (package maintainer) for your GPG passphrase and cache it so that it could be applied to each binary package (consider how tedious it would be to re-type the passphrase for each binary package in a package like XFree86, which has dozens; moreover, you're no *more* susceptible to a keystroke logger if the passphrase is cached). Anyway, this tool was written in C for security (locked memory pages), but Wichert wanted a version in Python instead, so he never accepted the code.
I never have quite figured that one out.
Anyway, since Progeny ceased development on its own distribution, not much work has been done on our signed package implementation. The code has already been publicly released; maybe it's time for people in the Debian community to take up the fight?
The specification, authored jointly by Ben Collins and John Goerzen, allows for multiple signatures per package. I wrote a policy administration tool called apt-checksigs that would let the user configure the strictness of signature checking on a per-repository basis.
Is anyone interested in this stuff?
Address-collecting spam robots don't know how to crack ROT13. Do you?
The funny thing is, Congress didn't tell Janet "the Waco wacko" Reno to create and deploy Carnivore and to authorize development of Magic Lantern. And Congress didn't tell John "junior Fuhrer" Ashcroft to continue deploying the former and developing the latter.
We know this because even the Congressional leadership didn't know about them, as evidenced by the hearings certain privacy-conscious sons of liberty among them demanded once Carnivore became known. The fact is the executive branch does most of what it does without any Congressional approval at all. Or what would you call President Bush's fiat about using military tribunals, an order which the Legislative branch did not authorize and, though most support it, almost all complain that they weren't even consulted.
You're quite naive if you believe this nation still operates as the Constitution intended it to. Instead of the Legislative branch setting things into motion through passing laws, the Executive branch carrying those laws out, and the Judicial branch overturning laws when necessary and interpreting them in just ways, it now works like this:
The Executive branch sets things into motion by executive order and abuse of over-broadened discretion; the Legislative branch quite rarely then puts the Executive back in its place by passing laws to curb its abuses, but much more often is too busy setting other abuses into motion through its own powers, such as CDA, COPA, DMCA, SSSCA, etc., which generally serve to magnify and reinforce the abuses of the Executive branch; meanwhile the Judicial branch occasionally slaps down a particular abusive law or executive practice only to be largely ignored and "worked around" by those other two branches who just keep hawking the same old abuses of liberty under new bills of sale, ceaselessly, since the actions of the Judicial have no bearing at all on what the Legislative and Executive branches have the power to do--write the same policy up into different words and all of a sudden it's a new law or executive order, which has to be nullified by a Court again through the same long and painful process, even though it's essentially the same abuse. Not that the Judicial branch can be trusted to defend liberty much better than the other two, though--cf. the insane decision upholding anti-sodomy laws by the High Court in *Bowers v. Hardwick*, which boils down to "your right to privacy doesn't include the right to go against mainstream moral teachings." Read the text of the decision--it actually uses the word "morality," as if the Judicial branch is there to enforce subjective Christian moral concepts rather than invoke objective attempts at justice.
To put it simply, the FBI has a Congressional mandate to arrest people for breaking laws, but it does not have a Congressional mandate to do whatever it wants and invent any methods of snooping it wants while investigating people it desires to arrest. The unfortunate part is that the Legislative branch is too busy violating our other rights and taking corporate perks to ever use its power to restrain the FBI by law, while the Judicial branch is so slow and addlepated that multitudes of people will have the FBI's Orwellian thoughtcrime-control toys unleashed on them before it ever decides to uphold or invalidate these invasions. Not that we can trust it to make the right decision anyway, considering that it won't even let me lick my adult and consenting wife or girlfriend's pussy in private.
Thomas Jefferson was right, my friends--"An elective despotism was not the government we fought for."
Chasing Amy
(We all chase Amy...)
"The more corrupt the state, the more numerous the laws"-Tacitus
Can I sue the US Government for privacy infractions and computer crimes if I find this program on my PC? Can my government sue the US Government for the same?
Don't worry, noone will ever accuse Australians of having any intelligence to target.
*rimshot*
It seems to me that sooner or later these two government projects are going to come into conflict and it will be very interesting to see who comes out on top.
Commercial antivirus companies have already bent over and prevented their products from showing COMMERCIAL spy-trojans on scan... (ie, the ones used to spy on employees)
What makes anyone think they won't do the same for the FBI? Simply put, they will.
The answer, of course, is free software. If we had a free software virus scanner/remover, that was completely open source, such tomfoolery would be impossible (so long as you knew how to read the code, or could get someone to do it for you, not that hard to do in the Linux community)
Open source=accountability.
This is why I'm concerned that this sort of thing will end up playing into Microsoft's hands, in getting an increasingly paranoid government, that is absolutely determined to outgun it's citizens in every aspect of life, to get free software made illegal..
Imagine it being ILLEGAL to posess a true open source operating system because it would be the legal equivalent of having a private nuclear bomb.
This is not so farfetched, as a networked computer that the government cannot monitor nor break into is as great a threat to our ever paranoid government AS a nuclear bomb in the hands of a private citizen. The precedent proof is in the fact that the government has made the ownership of weapons that would allow resistance to it illegal (had the same been true in 1776 the revolution would never have suceeded).
I think all who value freedom should oppose a government from being able to impose restrictions on citizens that it will never place on itself, IE, the fact that the GOVERNMENT is allowed to have strong encryption, unhackable (or so they think) computers, networks, etc, to hide information, but that private citizens should not.
How many crimes comitted by our government are hidden in encrypted files on government computers that will never EVER be discovered? Why should we trust a "justice system" that in the past decade has massacred more people without cause (Waco, Ruby Ridge) than at any point since the civil war?
Unlike the days of Woodward and Bernstein, it's likely our government's worst crimes aren't written on paper to find, they are stored encrypted in a computer somewhere. Which means, unless the citizens are allowed to install trojans to go on "fishing" expeditions through our government computers, we will never know.
But, as our government is saying to us, I'll say to them "if you've done nothing wrong, you have NOTHING to fear, right?"
In this, the government is non-partisan. Janet Reno presided over those aforementioned massacres, and John Ashcroft is pushing the current horror. All the more reason to abandon our one-party Demopublicans and vote Libertarian.
=== The price of freedom is eternal vigilance
Interested parties should read this article... Ken Thompson created one of the coolest back doors ever... Compile the compiler to introduce code that creates a login backdoor every time login is compiled, and code so that everytime the compiler itself is compiled, the hack goes into the binary... after one compile, the hack isnt in the source... "Reflections on Trusting Trust"
My Stuff: pspChess and foobar2000 plugins
make sure the publisher's public key is really the publisher's
Aye, there's the rub!
It really takes an independent confirmation route to verify the veracity of some random downloaded package.
It galls me to no end seeing a download site providing "one-stop" authentication: here's the package, here's the signature, here's the key!
Proving identity and authenticity in this kind of environment would be improved if there were multiple authorities for one to use. Anything else subjects you to the risk of living in Dr Morarty's HollowDeck, if you remember that particular episode of Star Trek TNG.
The network downloaded packages have to be verified independently, using
- public keys burned on the CD distro you bought for cash, on impulse, in a random location,
- additional public keys on floppies that you wrote from an entirely different computer and network connection,
- phone calls verifying fingerprints of keys
- many, many open certifying authorties that are not run by governments or corporations with vested interests that would be harder to compromise en masse,
- users that are less inclined to sacrifice security for convenience
Nothing is perfect, but you can tighten things down to the point where your spoofability risk is less."Provided by the management for your protection."
Now, if they ( the ever ubiquitous "they" ) were putting drugs ( got soma? ) into the water, then it'd be more similar to BNW, but instead it's the Government furthering it's ability to monitor the activities of it's citizen's, which strikes me as much more Orewllian.
Okay, back to your regulary scheduled MS sucks/Linux rules/I hate Katz ranting.
Remember, "a gramme is better than a damn!" :)
---
Segmentation Fault ( core dumped )