Slashdot Mirror
Cryptome Log Subpoenaed
PaulBu writes "Stopped by on Cryptome tonight... It seems that their logs have been subpoenaed by Massachusetts Assistant Attorney General
Chief, Corruption, Fruad (sic) &
Computer Crime Division. Cryptome's answer was that "logs of
Cryptome are deleted daily, or more often during heavy traffic, to
protect the privacy of visitors to the site." (Good job!)
See here"
Not that I support the government's position on this: "It's secret - national security, you know. Nothing to see here, move along."
I'm glad that Cryptome deletes log files. Though most here probably support Cryptome's stance, I doubt that today's slashdotting is going to be welcome.
If the log files were deleted all along that is okay, but if they deleted the logs after the subpoena they were destroying evidence. I know some of the machines I maintain generate 2GB of logs in a week. So I don't doubt that a higher traffic site like that would be rotating their logs out often.
Logs are useful. I'd also think like with a site like that, they may get some DoS attempts and the like, so it is useful to see where things are coming from.
When I used to work at an ISP, whenever we were summonsed for log files they'd always be for records that were weeks or months old. Most of them were from the "CyberSmuggling" division of US Customs.
Right now I maintain a high traffic site that doesn't store more than 4 days worth of logs on each web server (each day is about 2GB). One time they subpeona'd us for logs that were literally 3 months old. Hah.
DSL-Admin, are you trying to tell me that you could not judge a barrel of apples without at least a single rotten one in it? "I don't know if these apples are good or not; there's nothing to compare them to!"
Light/dark, good/evil: they are NOT opposite sides of the same coin, no matter what Superfriends or the Masters of the Universe taught you.
BADNESS isn't something in its own right that must "balance" goodness, as if "too much" goodness would be a bad(!) thing. QED.
You'd probably say that if everything in the world were red, there'd be no color in the world.
(I think IHBT)
Yes/No. Everything isn't black and white.
What if the logs were to enforce the dmca (dcma, whatever)? What if it was used to help track down a person who was stalking someone else? What if it was used to track down a terrorist?
What about a law that bans all guns? One place did it and gun usage went up. Old addage of banning one thing makes all users outlaws or something.
Point is, Preventing one crime can cause another.
-
ping -f 255.255.255.255 # if only
Because, sometimes we have to prevent even the smallest of our liberties from being taken away. Otherwise, we may miss them, or worse, have more taken away. Not saying that everyone who overreacts is bad, but sitting idly and not speculating is much much worse.
Do you trust the travelling salesman?
-
ping -f 255.255.255.255 # if only
As already noted by another poster, this is inpertitent to the matter at hand, but raises an interesting question:
If you have a cron job that just happens to delete your logs, say, every 7 days, and you don't do any backups of said logs, and you receive a subpoena, oh, 20 minutes or so before that cron job is scheduled to run...exactly how fast are you obligated to walk over to the machine room to turn that thing off? How liable are you legally for taking your coffee break around then? What is the burden of proof on the prosecutor in such a case?
You like splinters in your crotch? -Jon Caldara
A good way to do this (which the above guys might be using) is to translucently log critical information, much like the techniques in the Translucent Databases book. In this case, information like the client IP address can be md5 hashed before being logged. In this way, if you need to investigate a particular IP address because of a court order or an attack, you can md5 the neccesary address and know what to search for. And if you're just analyzing patterns in your logfiles, the md5's will still uniquely identify client IPs so that you can see the real flow of events. You can also store the logs a while and not have privacy concerns. The md5'd addresses prevent the logs from being used as a wholesale database of private information, since you'd have to reverse md5 (computationally infeasible) seperately for every customer IP to get the original data back.
Of course I'll play devil's advocate to myself here. There's only 2^32 IP addresses (less than that because of private space and whatnot, but it's good to overestimate anyways), and each takes 4 bytes to store. If you stored the full md5 hashes with offsets as IPs, you'd be looking at a 64GB fool-proof solution. 64G of disk space in a database is not a hefty requirement by any means. Pre-computing 4 billion md5 hashes of 4 byte strings and writing them all to disk would take some time, but not an excessive amount. If I had the free space at home I could probably build this pre-cache of IP md5's in a few weeks tops. So the government could definitely do it.
A potential stop to this sort of precaching would be to mix in more data before hashing. For instance, store the current datestamp down to 1-hour resolution into the hash as well as the IP. You'll then need to know the horu you're looking for to index a specific IP address, and they'd have to do all the same computation and storage once per hour forever to keep the ability to index your hashes back to IPs. While you're at it, each site could also through their own primary IP address into the hash, so that several sites using this same scheme would have to be indexed seperately by the government. Toss in a random tidbit that nobody knows, like the programmer's dog's name or something, and you're set.
11*43+456^2
Sue your teachers.
There is, at its heart, no difference between philosophy and politics.
A government which infringes on basic human rights loses its legitimacy. Ergo the founding of our republic. Need I refer you to the source material?
You are saying that there is no arguing with whatever is written in whatever document is held to be the law of the land. However, our history tells us otherwise. Common sense, and a shared sense of basic principles overrides any governmental decree.
You may claim this means moral relativism, or leads to anarchy, but yet I am right, and it has not. Rather, it led to the founding of our country. The principles and mechanisms by which such basic priority operates are fluid and unreliable, but the world is not a CPU.
I'll repeat what Malor said, because it's absolutely correct, and understanding its meaning in the very core of your being is essential to your dignity as a human being. "[basic] freedoms ARE NOT GRANTED BY THE GOVERNMENT."
I'll reiterate my earlier point, because I can already hear the pedants clawing at their cages. This does not mean moral relativism. Just merely that we are never "bound" in any legal sense by a "government" which infringes on basic human rights which have been held, across most of earth's cultures, to be fundamental and universal. If you want to pretend there is no agreement on what a human right is, don't waste our time, or pretend it matters that there is no absolute agreement. Take a look at, for instance, The Universal Declaration of Human Rights if you're confused.
Want to Know How to Cheat the GPL? Read On!
I could be mistaken, but I think there is a common feeling that web logs are a sort of "inadvertent" tracking of people. Nobody I've ever met feels comfy with the idea that anybody can know everything they do.
People keep weblogs for a good reason, but that reason isn't to tattle on visitors. That weblogs can be used for that purpose is repugnant to many that keep such logs. This would then be perceived to be a corruption, by the government, of something that otherwise is relatively harmless.
Of course, in tune with your comment, there isn't currently (in the united states) any requirement that people maintain logs. However, those that do must legally provide them, should they be subpoena'd. That this is so is probably the point of contention, as it could be perceived as government snooping, especially since a site like cryptome is bound to have a wee bit of traffic that disagrees with the current administration's invasive tactics.
Unbreakable toys can be used to break other toys.
2. What is Cryptome doing on Verio anyway? It's a filthy spammer host.
Why bother? Pass legislation that requires ISPs log all traffic instead. They're more likely to comply with such a law (and unlike most laws, such as the anti-spamming and anti-telemarketing laws, this is a law where the Government does want compliance!) than end users.
Better yet - why burden the ISP with the added expenses (and bad PR!) of logkeeping at all? This solution would require no new laws; it'd merely have HomeSec allocate a portion of its budget to install a packet sniffer with a hella-fast RAID array at the chokepoints - and log the URLs (and SMTP headers, and USENET headers, and P2P requests, and Freenet requests) themselves.
China's doing it all wrong - the way to deal with threats to internal security isn't to block citizens' access to information, it's to allow access to information - and log the hell out of it! I mean, knowing that Xin Sixpack typed "Falun Gong" at google.com and got blocked when he tried to visit the front page of some website isn't nearly as useful as letting him go to the site, and then watching every click he makes, to find out what (specifically) he's interested in.
As soon as I received the subpoena I took it to my lawyer to decipher the legalese and determine what action was necessary.
Soo.. when a subpoena is served, do they read it to you, and are you obligated to understand it?
In my opinion, if your intent is to protect the privacy of your users, then logging should be turned off in the first place.
Unfortunately, the government here will under no circumstances take responsibility for the present situation. Right after the attack I was scoffed at for suggesting that this just might have been our fault, and that chasing terrorists was just treating the syptoms and not the cause. In all the media hoopla since then, not ONCE have I see US foriegn policies questioned. Not once.
If you stick your nose in other people's business long enough, it will get bloodied. Ours got broken, but we still haven't learned our lesson...
Murphy was an optimist.
Getting off topic here; my original post was to point out the fact that we are attacking the symptoms of a larger problem. Oh well, in for a penny...
9/11 was a direct result of religious whackos hi-jacking planes on suicide missions. Blaming the US is like blaming rape victims for wearing short skirts
Excuse me? Haven't you asked yourself by these terrorists hate America pretty much exclusively? Not Canada, Austrailia, pretty much all of Europe, who all have similar ideals and economic and political to the USA. Why is that? It certainally doesn't tie in with the "freedom and democracy hating" nonsence we are being fed.
All the US wants is for other countries to be free so they'd buy more goods and services
Bin Laden has gone on record stating that his aim is to remove the US troops from Saudi Arabia. The troops there are backing up a dictatorship government, hated by most of the people. Where does this fit in with your "US wants other countries to be free"? Why have they done the opposite in more places than they have created freedom? I understand that you may actually believe that, given that you probably haven't read much history. You really should try to get out of that self-delusional world though. We aren't the good guys are represented in the movies. Sure, if you spend your whole life watching them, growing up with images of our troops liberating people and Bruce Willis saving the world, but the historical facts do not match that image. Remember, the Nazi's used films of the same type with the same purpose.
As for the terrorists, they have no other recourse, if they complain about their country they disappear, get tortured then are never seen again. They want the freedom we take for granted. Unfortunatly, they have gone down the route of terrorism to attempt to achieve that goal.
The Saudi dictatorship was put in place by a military coup supported by the USA. The democratic government was ousted to make way for one that was more willing to work with the US. Note that the Saudi women are treated exactly the same as the Taliban treated them, yet you don't see a call for a war in Saudi Arabia. However, Afganistan is now being controlled by people who used to work with George Bush in a private company, but yeah!, we went there to free the women, right!?! The recent Afgan war was to remove the Taliban because they weren't giving the US concessions on anything, such as the construction of a pipeline to a neighbouring country with vast oil reserves. The Taliban were friendly with the US for a very long time, the top officials were over in Texas and Washington on many occassions. It is only when the contract to build this pipeline went to Argentina instead, that the Taliban suddenly became "evil" in the public eye. The war in Afganistan had been hinted at prior to 9/11, and using that tragedy as propaganda to have this war is downright disgraceful and an insult to the thousands of innocents who lost their lives that day.
Other examples of immoral acts...how about creating Saddam Hussain? Again, a perfectly valid government was dispossed with US assistance to put him in power. The idea was that he would fight Iran, who were not very friendly to the US. He was supplied with weapons, vast amounts of credit and the equipment to make weapons of mass destruction. Again, the idea was that he would attack Iran. When Iraq invaded Kuwait, they asked the US Ambasidor what their opinion was on the matter, to which they were told that "the US has no opinion on that".
I suggest you learn some world history before engaging in these discussions. History is not what happens in movies, nor is the education received in school of much use. You ain't gonna get this stuff from your leaders either, and more worryingly, the media seem to be "ignoring" it.
This is what pisses me off most about the west, but more so the USA. We claim to be bastions of "freedom", "truth", "democracy", but we live in a place where the goverment can look at your web/e-mail usage (remember Nixon? How could you forget that lesson so soon?), politicions openly lie about the causes of these terrorists (so much for "truth") and where the leadership of a country is controlled by how good their advertising campaign was, funded by private individuals who's interests become a part of national policy.
I put it to you that west as we see it is merely an illusion. We are just as regressive as many of these "evil" countries, and the population is led around using hate and fear. Go watch Bowling for Columbine, although it does focus on the issue of firearms, it makes good points on the use of "fear" in the US (the UK is pretty much the same) as well as some US indiscressions that our leaders would rather you didn't know about.
I'm glad that there are people out there with the same thoughts as me, e.g. Michael Moore, the creator of the above film. The one great thing about our society is that myself and others have the freedom to discuss these issues, without fear of reprisal. Well, guess what...with all this new net monitoring trends, that freedom will soon be gone. Right now, this post will probably be getting modded as "interesting" by these spy systems. And I'll bet that in a few years, people will be afraid to speak their minds on these sort of subjects as it will become a permanent entry on their file, which will give them all sorts of problems getting visa as they may have "terrorist tendancies". Sounds a lot like the Soviet Russia system we were brought up to hate.
So, if you want to shoot me down and stick your head in the sand on this stuff, fine. Don't expect me to be happy about your apathy, and don't come asking for help when pretty much all the freedoms you used to enjoy are gone or you have lost a family member with all the violence going on.
First of all, the document in question is NOT a search warrant, it is a subpoena, which lacks MANY of the protections built into a searchwarrant. In fact, in many jurisdictions, the issuance of a subpoena does not require ANY judicial action or even a sworn statement that supports a finding of probable cause that the material sought is even relevant evidence of the crime under investigation.
In short, this IS a fishing expedition and cryptome SHOULD obtain Massachussetts counsel to put in a "special appearance" to contest the jurisdiction of the Grand Jury over itself and to prosecute a motion to quash the subpoena for lack of 1) personal jurisdiction, and 2) relevance of the logs to the investigation.
utter rubbish