for we canuks..... Anti US stuff isn't goin' anywhere, however, NAFTA does allow challenges to be handled by a three person tribunal. Perhaps Corel might consider such a challenge given the judge's statement of facts. We shall see eh?
One must understand that there is a significant financial investment involved in deploying and maintaining these systems. You have all these big computers, submarines, modified satellite networks, etc., etc. This system is a major source of intelligence and its preservation is a major concern-- for example US encryption policy is likely designed with that goal in mind. Politicians like to appear strong and law enforcement agencies like to appear in control. As long as people have the unreasonable demand of insulating us folk from everyone in the rest of the world (including the wackos), we will be spied upon.
One could speculate that after Oklahoma, an organization to spy on US citizens in the US could be established and be separate from the NSA. That would allow authorities to protect against the "threat within" and would not take down existing systems if the political cat got out of the bag. How many years before Echelon was revealed? All is possible!
CSIS is not the organization you are looking for...it is the "Canadian Security Establishment." They once came 'a recruitn' at UBC (University of BC for you non-Canuks) and I remember reading one of their pamphlets.
In it was listed their "corporate" principles. #1 was "lawfulness." Those cheeky bastards figure that there is no difference between altering actions to suit laws and altering laws to suit actions. It is probably a running joke with 'em. : /
PS. You won't find much about where our scarce tax dollars are going from: http://www.cse.dnd.ca/ You'll find a little more from: http://www.ottawacitizen.com/national/990522/263 0510.html
The old standard used 4 bytes, the new standard 128. They said: What to do with all those extras....Why not have one option of sticking the 8 or so Ethernet ID bytes into the end? There's room!
They have dreamed up a number of different options for using the 128 bytes and this is only one.
Because Ethernet card IDs are pretty well unique, this is a 'fingerprint' to one's machine. Part of the Ethernet address is the Vendor ID, part (presumably) is the type of card, then serial number.
The issue is not the option of using it, the issue is that the *capability* exists. It is then possible for some governing body to mandate its use.
That isn't likely in North America or Europe, But in other states which are uneasy with internet related freedoms and privacy, it is much more likely--and dangerous.
3. as a citizen one must be concerned about not simply the "government of the day" but ones 20-30-40 years in the future. Giving today's relatively benine(sp?) government these powers is not such a big deal. 25 years or so down the road, when a nasty government inherits these powers-- *then* we will suffer the consequences... Far fetched? I'd bet that Pakastan's military is busy rounding up those they deem undesirable right now.
Any group (be it country, or whatever) which uses WMD will incur serious political costs. Most sophisticated leaders of such groups who have read Mao, etc., will recognize the benefits of external sympathy, and possibly support.
The difference is this: if a group desires to affect change in a target state, WMD or traditional terrorist methods will rarely work. For instance the IRA has done much to unify and solidify England's stance on Ireland--a dismal failure for the IRA. Those Oklohoma dudes, nor the Japanise Terrorists have not affected change either. A group which is "rational" (eg not waiting for God in a UFO to pick up the chosen, but still willing to use illegal means to alter some government's/corporate policies) will find much more utility in CT.
CT can be targeted to exploit the schisms in any society. In Canada, a group could attact a Bank and gain political support from some quarters--banks are unpopular here. An attack such as this (if the spin was played right) might not force a government to solidify its present policies, because of popular indifference to the victim(s) plight. The "stick it to the Man" effect, if you will.
If the group wants to affect change in a *third* state, then WMD might come into play. Group T destroys something in country A for country WE_HATE_A's support. This only works for a few countries, if at all. Retaliation to supporting states is likely.
As many have said, most companies and states are extremely vulnerable to CT. Though most users cannot check the source of WinNT/Win9X for vulnerabilities, you can bet that there are those hostile to the West who are doing just that.
He said that they could get MS to sign NSA's modules-- I doubt if they'd want MS in the loop. Think of all the people who suddenly become involved and could talk later.
The NSA does not require a _NSAKEY in *all* the world's MS windows, only their internal ones. They would use a utility such as the one posted to simply change MS's key to their own.
Attacking a random number generator would be one of the first things I'd check if I was paranoid enough and writing my own encryption software. Hell, why not bypass MS's random number generator all together?
Sure one can break into Windows and do all sorts of nasties. These points of entry could be found out too by hackers and publicized.
If I was running the NSA and had my morality chip off line (you should in that case all be scared silly), I'd have *many* diverse points of access into MS products, not just one or two. This allows for flexibility of attack and robustness given the slow evolution to more secure OSs.
I'd also get some of my pals deeply involved in Linux, and *BSD but thats another story.
This could be strictly true. However, US crypto software has to be reviewed by the NSA before an export licence is granted. This, to me, means the NSA will still have access to the key.
The fun thing is that no matter what the truth is, in the eyes of most they will never be able to climb out of that hole. Especially after the Hotmail fiasco. Such timing. : ))
I read this story that in the crypto industry there is an expression they use: "Have you ever been visited by " In the US there is this government official who wanders around trying to convince companies to insert back doors into their encryption systems in return for favourable export licences. There is also a Canadian fellow doing this in Canada as well. The NSA_key is a rather elegant method of allowing targeted systems to have their encryted communications compromised without being detectable otherwise. There is an MS employee in serious caucau right now......But bigger caucau will be hitting the fan in much of the world. There are going to be a lot of governments who are pissed -- well, they knew all along -- but now they will want to be seen to be looking for alternatives to MS and indeed US software products. This would be a good time to short some MS stock... Cheers, all.
In a way, I'm glad that US citizens are being targeted, because people outside of the US have little recourse from US snooping and no lobbying influence on US policy making. Its up to you folks!
I see that Germany has reneged on the Wassenaur agreement and relaxed encryption controls. There is hope yet...
I figure that the purpose of making such an example of Mitnik was designed to rally the hacking community.....
You see, it is expensive to protect companies against information warfare from foreign countries, which certain parts of the US Federal Government dearly wants. Companies are not willing to spend the cash for some foreign "boogie man", but they will spend it to protect against more believable evil hackers (many who incidently have a no-damage ethic).
Doing injustice to someone most hackers can identify with encourages solidarity and strengthens the hacking community, encouraging hacking.
This in turn, is a strong motivation for companies to properly secure their systems at their own cost, fulfilling Federal policy objectives.
If this is true, then look for another hacker poster-child to be thrown into the dungeon for seemingly inconsequential reasons, after the Mitnik contriversy dies down.
ok.. Real World. 1) Terrorist Cells do not communicate. They operate independently hence: "cells" 2) Other baddies that require electronic communication will always use encryption regardless of laws. If you want to blow up a US federal building, for instance, you would *not* care about the fines for using encrypted email. Only the good folks in the world will be affected. 3) The US appears quite happy to limit strong non-US encryption but allow strong encryption internally. Germans have just as much right to it as Americans. Perhaps more. 4) LICENCE implies key escrow, which would be dangerous for the companies involved. One could interept the key, or purchase it from a disgruntled government employee. 5) If any state is serious about stopping terrorism, it is better to refine the foreign policy which often incites the problem than spy on all the citizens, companies, diplomates, leaders, and girl guides of the world. This reeks of 'Band-aid' solution. 6) Containment of the Soviet Union and buddies is no longer an issue, and China is comparitively weak. The only security the spy apparatus now cares about is Job Security.
look at some cases cited by the FBI:
1)the Aldrich Ames spy case where Ames was told by his Soviet handlers to encrypt computer file information to be passed to them;
2)the Ramzi Yousef (mastermind of the World Trade Center)/Manilla [sic] Air terrorist case where Yousef and other international terrorists were plotting to blow up 11 U.S. owned airliners in the Far East in which data regarding this terrorist plan was found in encrypted computer files discovered in Manilla after Yousef's arrest; and
3)a child pornography case where the subject used commercially-available encryption to encrypt pornographic images of children that were transmitted to other subjects of the investigation,
http://jya.com/fbi-en60399.htm
In all three of these cases, encryption was used. banning encryption would not have prevented any of these people using it. Can you imagine that nutter Yousef saying, "Golly I certainly shouldn't encrypt these files....ok, now where are the planes..."
7) Learn the lingo: Terrorists and child pornographers are not the only ones which use terrorism or child pornography. Governments routinely use these issues for their own ends--often completely unrelated to the stated issue. Who doesn't hate child pornographers? Since the issue is so distasteful, not many people would question any authority which invokes it. If one does not come on side they might be suspect of having a simpathetic view. It is a modern day communism.
8) 20 years from now people will ask: What did each of us do to prevent the loss of our civil rights and the granting of all the technical tools required for a Orwellian monitoring of society. How we let our governments turn from being the citizen's friend to being decidedly neutral, or in some cases even malevolent.
Sorry 'bout the length of the post, but the trends today give me the willies.
Since griping on./ isn't going to do much, I propose that some literate folks get together and write a small OpenSource program to bring the issues to the public.
Essentially this would be built on an existing packet sniffer but with the added ability to search packets for keywords which the user may input. Once the key word has been found, the IP is placed on a 'watchlist' and all packets will be stored for the user, and rebuilt.
It should have a *very* easy interface for end users, perhaps even a WIN9X port.
Also it should contain statements which implore the user to use it responsibly, but we could also suggest words such as "liberal". ; )
I propose to call it: Santa. Remember-- he's making a list and checking it twice, gonna find out who's naughty or nice..
Then we mass mail copies to government and media people so that they can all spy on each other.
The point is to crystalize to the media and government what issues are at stake with these monitoring systems.
We could spin it so that "individuals ought to have the same rights [to abuse others' rights] as governments currently enjoy."
If interested or have some comments, please drop me an Email, at chappel@home.com
It is illegal in most countries to monitor their own citizens this way. That is the 'beauty' of the current system. I believe that you'll find that Canada (allways happy to wave our flag..) is involved on 'spying' on US citizens. And Vice Versa.
Geographic proximity would be important here--allowing greater access than just trans-continental links. Of course the extent of cooperative spying has never been admitted due to the obvious political problems. Encrypt, Encrypt, Encrypt!
Canadian encryption policy is similar to the US. We can use what we please, but we have fallen in line wrt the Wassenaar agreement (Read US policy) in the relm of exporting. I believe Wassenaaur states: (along with you can't export cool stuff like cryogenic systems for rocket fuel...) Anything open source export is fine. (horsey outa da barn!) 56bits (piddley) fine greater than 56 bits-- must apply on an individidual basis. http://e-com.ic.gc.ca/english/fastfacts/43d7.htm l
For entertainment check out the analysis of the submissions to the feds' policy paper. Of all the groups and individuals *nobody* wanted anything but market/no-restricitons except the police which wanted prefered restrictions and access to your keys. And we still get Wassenaar! http://e-com.ic.gc.ca/english/crypto/631d6.html
Of note is that there were submissions from law enforcement agencies, but no submissions from security agencies. They have other avenues...
Slashdot Mirror
for we canuks.....
Anti US stuff isn't goin' anywhere, however,
NAFTA does allow challenges to be handled by a three person tribunal. Perhaps Corel might consider such a challenge given the judge's statement of facts.
We shall see eh?
bobzibub.
One must understand that there is a significant financial investment involved in deploying and maintaining these systems. You have all these big computers, submarines, modified satellite networks, etc., etc. This system is a major source of intelligence and its preservation is a major concern-- for example US encryption policy is likely designed with that goal in mind.
Politicians like to appear strong and law enforcement agencies like to appear in control. As long as people have the unreasonable demand of insulating us folk from everyone in the rest of the world (including the wackos), we will be spied upon.
One could speculate that after Oklahoma, an organization to spy on US citizens in the US could be established and be separate from the NSA.
That would allow authorities to protect against the "threat within" and would not take down existing systems if the political cat got out of the bag.
How many years before Echelon was revealed? All is possible!
C-Ya,
Bobzibub.
CSIS is not the organization you are looking for...it is the "Canadian Security Establishment." They once came 'a recruitn' at UBC (University of BC for you non-Canuks) and I remember reading one of their pamphlets.
3 0510.html
In it was listed their "corporate" principles. #1 was "lawfulness." Those cheeky bastards figure that there is no difference between altering actions to suit laws and altering laws to suit actions. It is probably a running joke with 'em. : /
PS. You won't find much about where our scarce tax dollars are going from:
http://www.cse.dnd.ca/
You'll find a little more from:
http://www.ottawacitizen.com/national/990522/26
Cheers,
Bobzibub.
One false positive--they get sued.
One false negative--they get sued.
And no test is perfect especially one like this.
Instead, they oughta try a novel Idea:
If a kid gets tormented the teacher should intervene--against the tormenters..
(this idea released under GPL)
-Bobzibub.
One Big Whoops!!!!
I shoulda known better.
-B.
The old standard used 4 bytes, the new standard 128. They said: What to do with all those extras....Why not have one option of sticking the 8 or so Ethernet ID bytes into the end? There's room!
They have dreamed up a number of different options for using the 128 bytes and this is only one.
Because Ethernet card IDs are pretty well unique, this is a 'fingerprint' to one's machine. Part of the Ethernet address is the Vendor ID, part (presumably) is the type of card, then serial number.
The issue is not the option of using it, the issue is that the *capability* exists. It is then possible for some governing body to mandate its use.
That isn't likely in North America or Europe, But in other states which are uneasy with internet related freedoms and privacy, it is much more likely--and dangerous.
Cheers All!
Bobzibub.
'Nobody here's stupid Bob!'
3. as a citizen one must be concerned about not simply the "government of the day" but ones 20-30-40 years in the future. Giving today's relatively benine(sp?) government these powers is not such a big deal. 25 years or so down the road, when a nasty government inherits these powers-- *then* we will suffer the consequences... Far fetched? I'd bet that Pakastan's military is busy rounding up those they deem undesirable right now.
cheers,
Bobzibub.
In my humble opinion,
Any group (be it country, or whatever) which uses WMD will incur serious political costs. Most sophisticated leaders of such groups who have read Mao, etc., will recognize the benefits of external sympathy, and possibly support.
The difference is this: if a group desires to affect change in a target state, WMD or traditional terrorist methods will rarely work. For instance the IRA has done much to unify and solidify England's stance on Ireland--a dismal failure for the IRA. Those Oklohoma dudes, nor the Japanise Terrorists have not affected change either.
A group which is "rational" (eg not waiting for God in a UFO to pick up the chosen, but still willing to use illegal means to alter some government's/corporate policies) will find much more utility in CT.
CT can be targeted to exploit the schisms in any society. In Canada, a group could attact a Bank and gain political support from some quarters--banks are unpopular here. An attack such as this (if the spin was played right) might not force a government to solidify its present policies, because of popular indifference to the victim(s) plight. The "stick it to the Man" effect, if you will.
If the group wants to affect change in a *third* state, then WMD might come into play. Group T destroys something in country A for country WE_HATE_A's support. This only works for a few countries, if at all. Retaliation to supporting states is likely.
As many have said, most companies and states are extremely vulnerable to CT. Though most users cannot check the source of WinNT/Win9X for vulnerabilities, you can bet that there are those hostile to the West who are doing just that.
open source digs appended! : )
Cheers, all.
bobzibub.
He said that they could get MS to sign NSA's modules-- I doubt if they'd want MS in the loop. Think of all the people who suddenly become involved and could talk later.
The NSA does not require a _NSAKEY in *all* the world's MS windows, only their internal ones. They would use a utility such as the one posted to simply change MS's key to their own.
Attacking a random number generator would be one of the first things I'd check if I was paranoid enough and writing my own encryption software. Hell, why not bypass MS's random number generator all together?
Sure one can break into Windows and do all sorts of nasties. These points of entry could be found out too by hackers and publicized.
If I was running the NSA and had my morality chip off line (you should in that case all be scared silly), I'd have *many* diverse points of access into MS products, not just one or two. This allows for flexibility of attack and robustness given the slow evolution to more secure OSs.
I'd also get some of my pals deeply involved in Linux, and *BSD but thats another story.
cheers all.
This could be strictly true. However, US crypto software has to be reviewed by the NSA before an export licence is granted. This, to me, means the NSA will still have access to the key.
The fun thing is that no matter what the truth is, in the eyes of most they will never be able to climb out of that hole. Especially after the Hotmail fiasco. Such timing. : ))
-Bobzibub
I read this story that in the crypto industry there is an expression they use: "Have you ever been visited by " In the US there is this government official who wanders around trying to convince companies to insert back doors into their encryption systems in return for favourable export licences. There is also a Canadian fellow doing this in Canada as well. The NSA_key is a rather elegant method of allowing targeted systems to have their encryted communications compromised without being detectable otherwise. There is an MS employee in serious caucau right now......But bigger caucau will be hitting the fan in much of the world. There are going to be a lot of governments who are pissed -- well, they knew all along -- but now they will want to be seen to be looking for alternatives to MS and indeed US software products. This would be a good time to short some MS stock... Cheers, all.
Agreed.
In a way, I'm glad that US citizens are being targeted, because people outside of the US have little recourse from US snooping and no lobbying influence on US policy making. Its up to you folks!
I see that Germany has reneged on the Wassenaur agreement and relaxed encryption controls. There is hope yet...
Cheers,
Bobzibub.
and get the proceeds? I'd buy his book. I won't see the movie. He may put quill to paper and come out allright after all. -Bobzibub
I have this wacky theory...
I figure that the purpose of making such an example of Mitnik was designed to rally the hacking community.....
You see, it is expensive to protect companies against information warfare from foreign countries, which certain parts of the US Federal Government dearly wants. Companies are not willing to spend the cash for some foreign "boogie man", but they will spend it to protect against more believable evil hackers (many who incidently have a no-damage ethic).
Doing injustice to someone most hackers can identify with encourages solidarity and strengthens the hacking community, encouraging hacking.
This in turn, is a strong motivation for companies to properly secure their systems at their own cost, fulfilling Federal policy objectives.
If this is true, then look for another hacker poster-child to be thrown into the dungeon for seemingly inconsequential reasons, after the Mitnik contriversy dies down.
Wajja think about my latest conspiracy theory?
-Bobzibub
ummm... filegate?
ok.. Real World.
1)
Terrorist Cells do not communicate. They operate independently hence: "cells"
2)
Other baddies that require electronic communication will always use encryption regardless of laws. If you want to blow up a US federal building, for instance, you would *not* care about the fines for using encrypted email. Only the good folks in the world will be affected.
3)
The US appears quite happy to limit strong non-US encryption but allow strong encryption internally. Germans have just as much right to it as Americans. Perhaps more.
4)
LICENCE implies key escrow, which would be dangerous for the companies involved. One could interept the key, or purchase it from a disgruntled government employee.
5)
If any state is serious about stopping terrorism, it is better to refine the foreign policy which often incites the problem than spy on all the citizens, companies, diplomates, leaders, and girl guides of the world. This reeks of 'Band-aid' solution.
6)
Containment of the Soviet Union and buddies is no longer an issue, and China is comparitively weak.
The only security the spy apparatus now cares about is Job Security.
look at some cases cited by the FBI:
1)the Aldrich Ames spy case where Ames was told by his
Soviet handlers to encrypt computer file information to be
passed to them;
2)the Ramzi Yousef (mastermind of the World Trade
Center)/Manilla [sic] Air terrorist case where Yousef and other
international terrorists were plotting to blow up 11 U.S.
owned airliners in the Far East in which data regarding this
terrorist plan was found in encrypted computer files
discovered in Manilla after Yousef's arrest; and
3)a child pornography case where the subject used
commercially-available encryption to encrypt pornographic
images of children that were transmitted to other subjects
of the investigation,
http://jya.com/fbi-en60399.htm
In all three of these cases, encryption was used. banning encryption would not have prevented any of these people using it. Can you imagine that nutter Yousef saying, "Golly I certainly shouldn't encrypt these files....ok, now where are the planes..."
7)
Learn the lingo:
Terrorists and child pornographers are not the only ones which use terrorism or child pornography. Governments routinely use these issues for their own ends--often completely unrelated to the stated issue. Who doesn't hate child pornographers? Since the issue is so distasteful, not many people would question any authority which invokes it. If one does not come on side they might be suspect of having a simpathetic view. It is a modern day communism.
8)
20 years from now people will ask:
What did each of us do to prevent the loss of our civil rights and the granting of all the technical tools required for a Orwellian monitoring of society.
How we let our governments turn from being the citizen's friend to being decidedly neutral, or in some cases even malevolent.
Sorry 'bout the length of the post, but the trends today give me the willies.
-Bobzibub.
Since griping on
Essentially this would be built on an existing packet sniffer but with the added ability to search packets for keywords which the user may input. Once the key word has been found, the IP is placed on a 'watchlist' and all packets will be stored for the user, and rebuilt.
It should have a *very* easy interface for end users, perhaps even a WIN9X port.
Also it should contain statements which implore the user to use it responsibly, but we could also suggest words such as "liberal". ; )
I propose to call it: Santa. Remember-- he's making a list and checking it twice, gonna find out who's naughty or nice..
Then we mass mail copies to government and media people so that they can all spy on each other.
The point is to crystalize to the media and government what issues are at stake with these monitoring systems.
We could spin it so that "individuals ought to have the same rights [to abuse others' rights] as governments currently enjoy."
If interested or have some comments, please drop me an Email, at chappel@home.com
Cheers,
David.
It is illegal in most countries to monitor their own citizens this way. That is the 'beauty' of the current system. I believe that you'll find that Canada (allways happy to wave our flag..) is involved on 'spying' on US citizens. And Vice Versa.
Geographic proximity would be important here--allowing greater access than just trans-continental links. Of course the extent of cooperative spying has never been admitted due to the obvious political problems.
Encrypt, Encrypt, Encrypt!
Canadian encryption policy is similar to the US. We can use what we please, but we have fallen in line wrt the Wassenaar agreement (Read US policy) in the relm of exporting.m l
I believe Wassenaaur states: (along with you can't export cool stuff like cryogenic systems for rocket fuel...)
Anything open source export is fine. (horsey outa da barn!)
56bits (piddley) fine
greater than 56 bits-- must apply on an individidual basis.
http://e-com.ic.gc.ca/english/fastfacts/43d7.ht
For entertainment check out the analysis of the submissions to the feds' policy paper. Of all the groups and individuals *nobody* wanted anything but market/no-restricitons except the police which wanted prefered restrictions and access to your keys. And we still get Wassenaar!
http://e-com.ic.gc.ca/english/crypto/631d6.html
Of note is that there were submissions from law enforcement agencies, but no submissions from security agencies. They have other avenues...
Cheers,
Bobzibub.