Slashdot Mirror
Which ISPs Are Spying On You?
firesquirt sends us an article from Wired about a survey they conducted to determine major ISPs' data retention and other privacy practices. Over a period of two months, four national ISPs would not give Wired the time of day; and another four answered some of their questions in a fashion not altogether reassuring.
All of them (in the US) are spying on you, thanks to government data-retention requirements. Y'know, in case a turrist or pedophile happens to use the intarwebs.
If you live in a muslim country ... all ISPs. See Iran, Saudi Arabia, Pakistan ...
NO CARRIER
You see? You see? Your stupid minds! Stupid! Stupid!
Actually, in the European Union, such spying practices are _mandatory_.
Here's an idea: Develop a web browser extention that does a random web crawl. I don't mind letting my ISP sell marketeers, give to the government, keep on file, ect a clickstream that is 99% chaff and 1% my actuall surfing. Yes, I realize that if someone puts in enough effort and analysis, they could probably sift out the false signal, but it's that very effort that makes it cost prohibitive to do it across a broad scale. And of course there is always the defense: I didn't visit that web site, my computer constantly does a random walk of the internet. And to help keep the ISPs in line, it ups the volume of records they have to keep by 500 fold.
As for the other things such as IM's, emails, torrents, ect I can encrypt those should I feel the need. Yes, I could start using TOR, but it's slow and watching a web crawler do a random walk can be entertainment all by itself.
I would think all they need to do is show they warned their users they are 1. being watched 2. downloading illegal data. Actually providing the authorities with a history of the data is not their job and should only be the acquired by the authorities with their own equipment and only under a court order.
At the least the ISP's should give their users the ability to opt-out of their "data retention" programs.
Namaste
My Canadian ISP, Rogers, is not on the list but if I were to hazard a guess I'd reckon they'd sell my tracks six ways from Sunday as soon as sneeze.
These are, after all, the goons who think just about any kind of encrypted traffic coming out of your box is a terrorist threat to the movie industry -- even if it's just a VPN connection.
Does anyone know what Rogers retention policies actually are?
These stories are free but worth money.
So much for saying "In Soviet Russia, ISP watches you"
You are reading a sig. Cancel or allow?
because as a Sr. Network Eng for an ISP with thousands of users I have oh so much time to devote to tracking down every website you visit. Please, even if packet sniffing and tcpdumps are used, most ISPs can't afford manpower for intensive tracking... Maybe the big ones, but medium to small...
Its time to encrypt EVERYTHING. ( at least until the government bans it )
Sure they know where you went, but not what you viewed or 'said' while there.
---- Booth was a patriot ----
What info do advertising and spyware companies get from their adverts on websites and pass on to the authorities, record companies etc.,
Yes we all know that you can block adverts/spyware delete cookies etc., but how many users block 100%
If by spying, you mean conducting your communications via the interweb and invariably having copies of said communications either in deliberately or not deliberatley maintained logs... Its a bit like asking someone to tell your mate down the street 'it rains on Tuesdays' and then complaining when the intermediate seems to know your secret weather-forceasting tip.
YUO FA1L TEH INTERNEZT
As far as you know.
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
Shaw.ca does!
t icleid=41095&cpage=199#feedbackAnchor
See here about an "article writer" (arstechnica derivative drivel fits the bill far better), Jeremy Reimer:
http://www.windowsitpro.com/articles/index.cfm?ar
Jeremy Reimer was caught:
1.) Email harassing others
2.) Impersonating others on his website
3.) Libelling others numerous times in edited photos and songs ripped off from SouthPark (no originality, the trademark of the arstechnica bunch)
4.) Then had his website removed from his hosting provider Shaw.ca along with his crony in Jay Little from CrystalTech.com
5.) They tried to lie about it no less, but the evidence is there posted for anyone to see.
6.) Then, they got their behinds handed to them on 15 different technical points (and, arstechnica is supposed to have this 'great computer guru user base' on its forums? NOT!) they could not disprove for over 3 years now.
Shaw.ca did the 'great article writer' Jeremy Reimer (plagiaristic buffoon) right on that one. The fool is still keeping it up no less. He has no respect for law, and not even for making his fellow arstechnica people look like fools as well.
A slashdot user named Starkruzr joined them there as well:
http://slashdot.org/~StarKruzr
And, like his idol Jeremy Reimer? Had his butt handed to he as well and is probably heading for trouble along with his fellow arstechnica friends, because it is cyberstalking they are doing (following a person around, off topic and looking stupid on their parts, online to many forums listed there for years on end).
You people @ slashdot are supposed to be good - but you post derivative drivel articles from this fool Jeremy Reimer?
Jeremy Reimer has no degree or certification in computer sciences, no professional hands on experience in them (much less years or decades thereof), & obviously, no skills whatsoever, except making his arstechnica bunch look terrible!
Slightly offtopic, but ...
I seldom spend time on IRC.
Two weeks ago I was on #debian.
I asked the people if the conversations get logged.
Nobody present could tell me.
Is there a place when you can look up such things?
If you mod this up, your slashdot background will turn into a beautiful sunset!
Even though I never had an account with them, for the longest time they always seemed to know where I lived because they kept sending me CDs. Spooky.
If brevity is the soul of wit, then how does one explain Twitter?
Aren't there VPN ISPs that terminate in neutral countries that can circumvent spying?
I've seen you post this response before. Do you sit also here at slashdot all day and night, with no life, no girlfriend etc?
A Good Troll is better than a Bad Human.
It's not just MAFIAA. Botnets, dymanic-IP network-ban evasion, and other such mockeries go across a network. Would you like to stop this kiddie who keeps spamming your IRC channel with goatzee links and evading your bans by merely unplugging his modem to keep doing it every single day for the existance of the channel? That's why abuse@ exists, and that's why they keep IP logs.
Its time to encrypt EVERYTHING. ( at least until the government bans it )
Sure they know where you went, but not what you viewed or 'said' while there.
Back when I was operating a mailing list on a controversial topic on my home machine, I had a couple rules:
- No postings soliciting or admitting to breaking laws.
- No encrypted traffic (not just on the list: All traffic (except passwords) to-from the machine was in the clear).
The thinking was like this:
- Police, other government investigative agencies, and various unofficial snoops have a long track record of ignoring laws against various kinds of eavesdropping. So you have to assume that the line might be tapped.
- If the police became interested they could always get a warrant and tap the line. (Or illegally tap the line without a warrant to see what's going on, then (if it looked interesting) get a warrant to tap it legally.)
- If the data was encrypted they could STILL get it - by getting a warrant and seizing the computer (and everything else of interest in the house).
- If the data was UNencrypted they would want to keep a low profile to avoid scaring off any "bad guys", would eventually see that there was nothing to go after, and thus would probably switch to hunting real bad guys elsewhere and go away WITHOUT breaking in and trashing stuff.
"Encrypt everything" seems like a nice solution. But if only a few are doing it, just the fact that their traffic is encrypted makes them targets. It's easy to trump up enough stuff to get a warrant and go after the machine.
Once a LOT of people are all swapping lots of encrypted traffic (as the default way of "sealing" the "envelope" on the datagrams) the fact of encryption will stop making the users targets. (The police can still get a warrant and grab the machines. But with so many potential machines to grab they'll have to find some other way to pick the ones to hit - like by bothering to dig up real "probable cause" from other evidence, like they're supposed to.)
Fortunately we don't need to construct a "shelling point" for this: The internet is gradually moving toward pervasive encryption, as the legitimate need to encrypt for personal and corporate security becomes broadly understood. Once that becomes the norm our electronic "papers" will be about as secure as our physical ones. We're starting to get there. But IMHO we're not there yet.
Unfortunately we WON'T be fully safe using encryption until the typical machine configurations are such that, if the machines are seized, it will be impossible to recover incriminating data from them - even with passwords browbeaten out of their owners. Until that time it will still be useful to bypass encryption by raiding one of the machines at the endpoints.
= = = =
Re the list and "no encrypted traffic": When one of the regulate-the-internet laws was about to make it too much hassle to continue, we closed down the list (after finding volunteers to run its successor and - since the participants hadn't agreed to have their info forwarded - announcing the successor on the original list and giving people time to sign up.
Now I regularly use SSH to telecommute or to access the primary house machine from the vacation house. But that's still low-profile: It's clear from the IP addresses that the SSH connections are going to the company, coming from it, or coming from a single external dialup machine via a particular service provider.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
But...does it really matter? With the government (i.e., the Busheviks) having dropped SilentRunner apps at each IXP location in North America, what does it really matter what those ISPs do.....
At http://www.net.tv/ you watch the ISP.
The only thing new in this world is the history that you don't know.[Harry Truman]
fdD87d
W Q544ASdf455saSA1dfF3AS5D5WQsEa5dr413L50fSAdDsA3QW5 DsfDfdALJd99AD09asdfK9J00aUIOsdfOU9I0dIaOU46IOsCVd Xf61S
DF325eLJw5LKljLk3kjl18dfaw3F3DSADFsdfYDOewrs313aSS dfADuy5SA135D1H155yipHoiSDAjnkml51151LHHkmfSASd217
64F5F6sAS4Dd46KJfUYd0NsafH54UJ6Y35U135KdYUsU1Jf35
JD3hFdJf8o
SD45uio5K2o
There's a little more to it than that.
Most ISPs assign dynamic IP addresses to the majority of their customers. Where I used to work, we used RADIUS to provide dynamic IP addressing to our customers, and we would keep logs that would let us determine which customer had any given IP address on any given day and time. This data was used to help troubleshoot customer login problems, resolve billing disputes with customers, suspend and/or warn customers who had violated our terms and conditions of use, and yes, to fulfill subpoena requests.
However, we absolutely, positively refused to provide subscriber information without a court order of some kind, however. I would like to think that most ISPs operate to the same standards we did.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
A whole lot more TOR servers to sprout up. When everyone switches to encrypted traffic on all the normal ports, your connections might be logged and the data transferred between you and the onion network copied, but how long would it take to sift through the internet's traffic if it were all encrypted?
What idiot moderated that post as Score:4, Informative? There is nothing in it whatsoever.
... consider what your reaction to this is going to be.
Suggested Search terms:
"Well damn, if I look at crack sites, am I going to be busted for attempted piracy" when I was really looking for a download 30 trial of autodesk Inventor 2008. Its also interesting that directly after the last law related passed, all crack sites are asking for some small amount of payment --- so as to verify identity....
I'm absolutely certain that search terms can be made to communicate to the spys well enough to cause a "MAD - Spy vs. Spy" episode in real life internet.....
I also discovered that AT&T (bellsouth) can see even my passwords to email accounts not on their network if I use their network to access it. And note even I don't get to see the password I type in......
There is a whole bunch of shit going down so it should be real easy to cause such a spy vs spy event... perhaps one dealing with the fraud of software patents.
In Soviet Russia, Internet browse YOU.
Unfortunately, this doesn't cover my ISP, Optimum Online. :-(
Brick and mortar businesses are required to make sure that their customers don't smoke or drink in the wrong places, that they aren't buying for someone who is underage, that they are not selling drugs, or even whether their driver's license is expired. If you own a business, you can be fined or worse for not enforcing these laws. Why shouldn't the ISPs also be turned into unwilling, unpaid police officers.
four national ISPs would not give Wired the time of day
What, they blocked port 123?
http://www.rsync.net/resources/notices/canary.txt
In addition to a stated policy of "No data or meta-data concerning the behavior of our customers or filesystem contents will ever be divulged to any law enforcement agency without order served directly by a US court having jurisdiction. All such orders will be reported to our entire customer base."
You should read their philosophy page.
but it's that very effort that makes it cost prohibitive to do it across a broad scale
That's a good idea. Poisoning the data well.
I'm wondering if a secure proxy would defeat your ISP's snooping? For some reason I was thinking it's possible to snoop https traffic. Difficult, but possible. It would certainly be a pain the rear and an ISP would need a good reason to go to all the trouble. Especially with so many, many people who wouldn't bother. All the search engine would have is the proxy IP, all your ISP would have is one IP address. It would be possible to match up those records, but who has the resources for that effort?
You think it's worth what it takes to set up?
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
"... All such orders will be reported to our entire customer base."
:(
Ummm... dream on about this part (at least), as "Patriot Act"-backed demands (with or without a warrant) can forbid the disclosure of said demand.
And while an especially conscientious service provider might insist on dotting i's and crossing t's, it is doubtful any of their personnel (or bosses) will be willing to be jailed as a "terrorist".
However, we absolutely, positively refused to provide subscriber information without a court order of some kind, however. I would like to think that most ISPs operate to the same standards we did
I would like to think that no ISP would ever spy on me or keep records of my activities. I would like to think that no ISP would provide data without a court order. Unfortunately, what I would like to think bears little relation to what actually is. And my understanding is that the (US) government no longer requires a court order to demand such things.
Read this again:
rsync.net warrant canary
If they are served with a secret warrant, they simply stop updating the warrant canary...
TOS aside, you still can't trust your ISP. They may be gagged, or commandeered by the law (or illegally for that matter). Think Echelon, Carnivore, etc. Trustno1 is not just a password, my friend!
You see? You see? Your stupid minds! Stupid! Stupid!
It seems to me that there are a whole lot more "major" ISPs than those listed in the article as being contacted. IMHO, it isn't a very complete study.
Oh yeah, let's ignore the Average American Citizen's role in bringing this all about.
-Stare at the TV 4 hours a day
-Stop participating in your Government.
-Allow Civics/government programs to be gutted.
-Turn away from reason to embrace The Lord.
It's _soo_ easy to whip off comments like yours. But it's more patriotic to be labled a Democratic (as in democracy) nut job.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Read this again:
rsync.net warrant canary
If they are served with a secret warrant, they simply stop updating the warrant canary...
Which, since everyone knows what it means, effectively functions as a way of disclosing that they've been served with a warrant demanding nondisclosure. I hope they're not relying on whatever lawyer told them that this was a good idea to bail them out after the fact, or they may be in for a rather rude surprise.ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
http://duplicity.nongnu.org/
Call Detail Records - ISPs tend to hang on to them for at least a years time. This has been going on since the dawn of time and in several areas there are local regulations governing CDR retention for assisting legitimate LEA activities. They are typically also used for billing purposes and are sometimes quite useful for customers to access their own call records to see in their family...etc is using their accounts. IMHO NBD
Selling traffic analysis of customers is not cool and if I knew my ISP was selling my traffic stats I would immediatly cancel my account and go with one who wasn't. Crap like this should not be tolerated.
The surveillance CALEA issue is sad -- nothing like giving yourself more power by reinterpreting the english language in the face of explicit wording from congress in the public record to the contrary.
Why go to congress to mess up your country with a new law when you can do it yourself by rewriting the english language.
Its not like there were not laws already on the books covering assistance with investigations and court orders. ISPs were never in a legal position to say no to a legit court order.
--J
J
We all saw this coming. I prefer to do something about it. http://www.mysecureisp.com/ http://www.blackboxsearch.com/
We all saw this coming.
I prefer to do something about it.
http://www.mysecureisp.com/
http://www.blackboxsearch.com/
01000011011011110110110101101101011101010110111001 10100101100011011000010111010001100101001000000110 10010110111000100000011000100110100101101110011000 01011100100111100100101110001000000101010001101000 01100101011110010010000001110111011010010110110001 10110000100000011000100110010100100000011101010110 11100110000101100010011011000110010100100000011101 00011011110010000001100100011010010111001101110100 01101001011011100110011101110101011010010111001101 10100000100000011110010110111101110101011100100010 00000110110101100101011100110111001101100001011001 11011001010010000001100110011100100110111101101101 00100000011000010110110001101100001000000111010001 10100001100101001000000110111101110100011010000110 01010111001000100000001100010010011101110011001000 00011000010110111001100100001000000011000000100111 01110011001011100010000000100000010000110110110001 10010101110110011001010111001000101100001000000111 01010110100000111111
Ronald said nothing. He flung himself from the room, flung himself upon his horse, and rode madly off in all directions.
See here: http://www.bash.org./
Ok so maybe I'm being a smartass but you have to assume that everything on IRC is logged. Many users log everything just as a matter of course, or because their software does it automatically. I doubt servers normally keep logs as they'd be rather large, but nothing legally or technically is stopping them.
IRC is essentially a public forum.
Sort of. But it's an interesting idea. The law *does* prevent them from stating that they've been raided, in certain situations anyway.
But does the same law have the power to force them to continue publishing signed lies ? That's what they'd be doing if they continued to claim that they have never been raided after they where indeed raided.
I don't know enough US-law to know the answer, but atleast it's not obvious that it wouldn't work.
...which roughly translated means don't stand around jabbering when your life is in mortal danger
I have no sig yet I must scream.
Heh... so it seems like they should publish a weekly message saying that they have been raided, even though it would be a lie. Then, if ever they are raided, they would be required to stop publishing it... unlike the situtation now, where they could just keep posting these messages :)
As a general rule, judges don't appreciate people playing games to obey the *letter* of the law while breaking the spirit of it.
Communicate in binary. They will be unable to distinguish your message from all the other 1's and 0's. Clever, uh?
At least I can't. The article in question has a giant AT&T ad that pops up and covers almost the entire article, and it doesn't go away when you click it. At least in IE6. Don't post this shit if it's unreadable due to advertising.
It's similar in the UK, I think. Most ISPs hook into the national broadband infrastructure provided by BT (unless they're using LLU). BT represent this internal infrastructure as a cloud, with no explanation of what's happening between BT and the ISPs.
Use encryption. PGP, IPSec, IPv6 for that matter. Please, for (insert random name here)'s sake, just use the technology your PC already provides. Sure, it won't stop the FBI knocking down your door, but encrypting every connection you can is better than doing everything in the clear.
Encrypt your E-mails, use secure storage options, etc. There is a lot of security available out there, its just that people are too lazy to use it.
- Michael T. Babcock (Yes, I blog)
As a general rule, judges don't appreciate people playing games to obey the *letter* of the law while breaking the spirit of it.
Unless those people are large corporations, rich people or politicians, right? That's what you meant to say, right?
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
So what's the difference here between the illegal wiretapping that mr. bush is doing now, and recording all of your activity and voip calls over the net. Looks like we now have a new invasion of privacy called, virtual wiretapping. It's not like we have a choice of internet providers that we can select from; it's already a monopoly in most areas, and it's not being deregulated, to give us competitions and lower prices, because the government is happy being able to go to one warehouse to get all their information. Slowly but surely, our liberties fade. I use to think the people ran the government, but it's clearly a society of people run by the government(*cough* corporations).
I'm more worried about ISPs that have DPI (Deep Packet Inspection) devices in place along with the retention times on THAT data. Just knowing someone's IP and what IP they connected to is essentially getting a list of phone numbers you dialed. DPI allows the provider to hear the first 5 words of every sentence in that phone call.
I can think of one ISP that already has this in place...
Then the law needs to be clarified, and a jury can notify the judge of this with a 'not guilty' verdict.
I'm running a pirated copy of Linux.
I believe that's being challenged right now. Wasn't there a guy recently arrested for refusing to turn over information requested in a National Security Letter and for contacting a lawyer to have the NSL challenged? I'm too lazy to look it up right now, but I believe I read that here on /. The bottom line is, until SCOTUS rules on the legality of NSLs, their validity is in question. So, for now, my response to an NSL would be: http://www.gecko-ak.org/SpecialPurposeSigFile.txt :)
In any case, your point is taken -- there are plenty of people who will cave under even the slightest pressure, unfortunately.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
Here in Canada the largest ISP is Bell Sympatico (alias: bell nexxia).
They are pure evil when it comes to privacy. Less than a year ago they ammended their terms of service to give themselves the right to monitor (content included) anything and everything you do on the internet at their whim and share the information with any government agency that asks for it. (no stipulations that the agency must be Canadian or be making a legal request for information).
That was presumably an attempt to protect themselves from lawsuits because of what they've been doing for fracking years.
Bell routes almost all their traffic through new york and/or boston!
Thus all Canadian Internet traffic carried by Bell is snooped by the out-of-control american spy agencies.
It is shocking really, to get a packet literally across the street here in Ottawa Bell will route you through New York.
I have not been able to think of a reason for this behaviour other than for the express purpose of facilitating privacy violations.
Furthermore, our national security agencies have to be aware of this and the ramifications for Canadian citizens.
(unless they are shockingly incompetent) Thus I have to conclude that our own government is complicit. Perhaps our government is receiving some of the fruits of this spying.
Such a scheme would be consistent with historic agreements between our countries.
In fact, this could even be happening as part of one of our existing co-spy agreements.
Regardless of what their actual policy is, it disturbs me that these companies wouldn't even care enough about user privacy to respond to the questions. Especially Verizon, because Verizon provides my Internet service. Surely they could at least must enough decency to say "No comment." Unfortunately, that quote appeared 3 times in the article.
This space reserved for administrative use.
So what about Speakeasy?
They might not appreciate it, but they often go along with it.
I've worked for 4 ISPs and I agree there isn't man power to track down every users activities. However it is quite feasible to capture a network stream from anywhere in our network for further analysis. It's also quite trivial to locate and filter out certain types of traffic.
Please remember that the provider of the IM network is court mandated to keep all IM chat's on file for 6 years. Your email goes through an email server which was once snooped by a project called carnivore, but has been replaced with a new system that sits on the internet backbone. As far as web surfing histories, their stored in two places, your browser history and webcaches. Activity on a file sharing network can be monitored by joining as a leaf node.
Are you still feeling like your not being watched, then go take a look at the great firewall of China.
...gives you 164 words that can be boiled-down to two: "pound sand".
______________
How long does Charter maintain personally identifiable information?
"Charter will maintain personally identifiable information about Customer only as long as Customer is a subscriber to Charter's services, or as long as necessary for the purpose for which it was collected. If Customer is no longer a subscriber to Charter's services and the information is no longer necessary for the purpose for which it was collected, Charter will only keep personally identifiable information as long as necessary to comply with laws governing our business. These laws include, but are not limited to, tax and accounting requirements that require record retention. Charter will also maintain personally identifiable information to satisfy pending requests or orders for access by a subscriber to his/her information or pursuant to a court order. Charter will destroy Customers' personally identifiable information when the information is no longer necessary for the purpose for which it was collected, when there are no longer pending requests for such information, and when it is no longer necessary to retain the information under applicable laws."
When it comes to spying, there are several types:
1) What gov't/law enforcement does (whether legally or nsa-style). This is done to enforce the law or for political control.
2) What HP's Patti Dunn or other private entities do to further a specific interest. Marginally legal at best.
3) What ChoicePoint, Axciom, etc. do. Amassing databases of identity and transactional information and selling datamining services usually for business purposes (and now also for gov't purposes). Still legal but mostly under-the-radar of public awareness.
4) What doubleclick and possibly some ISPs do -- the datamining of clickstreams mainly for the purpose of marketing.
#4 in particular is addressed by TFA, and encryption is not a real solution to that issue.
If my ISP is collecting clickstreams (i.e. the list of websites you visit) and using them for marketing purposes, I want to know about it.
dont worry guys i know for a fact that comcast is comcastic and you should run for your life to comcast.com its out to get you comcastic and they are monitoring me noone right now!!!! help me yourself with triple play!
No. Even then the judges don't appreciate it. They may in certain cases have to put up with it for sligthly longer, to guard against the possibility that judgements are overturned on appeal as a result of rushing things.
Still, willfully ignoring the spirit of law or the orders of the judge, while nominally complying with the *letter* of it, is a great way to annoy most judges. It's unlikely to benefit you in the medium term, and not something I'd recommend.
Witness SCO. True, it does take ridicolosuly long times in the US court-system before the shit really starts hitting the fan, and that is regrettable, because it means *stalling* can indeed be effective for literally a *decade* which imho is totally unacceptable.
But inevitably, the shit *will* hit the fan. And when it does, it tends to end up grinding the abuser into very fine dust-particles. SCO will certainly go bust. Only a pity that they don't have more money. As it is, those investing in SCO will (collectively) lose every cent they invested. That is as it should be. Only a pity that didn't happen 5 years ago. It allowed some people to get out with a rest-value, probably some people even got out with a profit, those that sold very soon after the initial filing of the case, before it became obvious how full of crap it is.
Still, the lesson is likely to be instructive. I doubt we'll see repeat-performances soon. We may see a variant where patents are used instead of copyrigths, though.
It's not possible to write totally unambigously. Furthermore, trying to hard, by explicitly stating things which are common sense makes the situation *worse* because there's a tendency to be more loopholes in 10000-word laws than in 1000-word laws. Furthermore increased complexity of law benefits those with the most resources, because they're the ones with the most hope of finding and understanding every last detail.