Minnesota court takes dim view on encryption
A Minnesota appeals court has ruled that the presence of encryption software on a computer may be viewed as evidence of criminal intent. http://news.com.com/Minnesota+court+takes+dim+view+of+encryption/2100-1030_3-5718978.html __ Do you Yahoo!? Make Yahoo! your home page http://www.yahoo.com/r/hs
/. [CIA's Info Ops Team Hosts 3-Day Cyber Wargame]
Link: http://slashdot.org/article.pl?sid=05/05/26/044209 Posted by: samzenpus, on 2005-05-26 06:03:00 from the do-you-want-to-play-a-game dept. ScentCone writes The CIA has booked some conference rooms and is [1]working through a simulated 'digital Pearl Harbor' to see how government and industry handle a monster net attack from an imaginary future foe composed of anti-American and anti-globalization hackers. Having been accused of lacking imagination about potential terror attacks, they're using the exercise to better shape the government's roles in a variety of attack scenarios. The networking industry, it seems, is expected to always play a big part in detecting and thwarting such threats, as 9/11-scale economic disruption is a likely bad-guy objective. References 1. http://apnews.myway.com/article/20050525/D8AAFUIO2.html - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
[declan@well.com: [Politech] Are the encryption wars really over? Maybe not [priv]]
- Forwarded message from Declan McCullagh declan@well.com - From: Declan McCullagh declan@well.com Date: Wed, 25 May 2005 22:09:53 -0400 To: politech@politechbot.com Subject: [Politech] Are the encryption wars really over? Maybe not [priv] User-Agent: Mozilla Thunderbird 1.0 (Macintosh/20041206) Whether the crypto wars are over depends on what you consider the dispute to be about in the first place. In the export-control sense, yep, we've won. We may not have had a resounding Supreme Court victory on First Amendment grounds, but the original regs proved politically untenable. How about domestic restrictions? That never really got off the ground in the U.S., even in the darkest days of the 1990s. But either could return swiftly. All it would take for a bill to be introduced is for Al Qaeda to have encrypted information that could have saved thousands of American lives were it decrypted in time. (Life does not follow the TV show 24.) See: http://www.politechbot.com/p-02509.html http://www.politechbot.com/p-02550.html I wouldn't be surprised if such a law would permit non-escrowed crypto to be used to secure communication streams while requiring .gov backdoors in crypto used for hard drive or file encryption. In other words, GPG and PGPdisk might become verboten. Programmers might sensibly scoff, but that's the way the Feds think. How about other restrictions? I don't think the crypto-in-a-crime idea ever got enacted into law, but a Minnesota court this month moved in that direction: http://news.com.com/2100-1030_3-5718978.html In other words, the war is probably not over. It's just in a multi-year lull. The correct preventative tactic to employ right now is to follow the IPv6 model and seed both disk and communication-stream encryption wherever it makes sense. Then it becomes more politically difficult to outlaw. Previous Politech message: http://www.politechbot.com/2005/05/24/crypto-wars-are/ -Declan Original Message Subject: RE: [Politech] Ross Anderson: Crypto wars are over,and we've won! [priv] Date: Wed, 25 May 2005 18:11:25 -0400 From: Pyke, Gila [EMAIL PROTECTED] To: Declan McCullagh declan@well.com Hi Declan, This email generated a fair amount of discussion amongst my peers. The assertion by someone so well known and respected that the crypto wars are over was met with quite a bit of skepticism. A coworker (who wishes to remain nameless) said it best: The battles over key escrow and export controls aren't the hot topics that they used to be. But that's not because the fight is over, morethat it has moved on to other things like digital IDs, biometric passports, and the other hot topics that circulate on this list. Projects like the Clipper chip died not because of politics, but because it was difficult and impractical to deploy and get industry to adopt it (similar to the problems facing technologies such as PKI and smart cards). There are still (smaller) legal battles going on over giving law enforcement the right to decrypt a suspect's hard drive, or ISPs handing out passwords to their users' accounts, or cryptographers facing prosecution for publishing cryptanalytic results, and on and on. It has become more of a privacy battle than an encryption issue, but the battle is still there. And of course, there is still the prevailing paranoia that the NSA and other intelligence agencies have already cracked the crypto algorithms currently in circulation. This isn't too far-fetched considering the number of algorithms that have been broken and retired in recent years. As far as many of us are concerned, cryptography always was and always will be a controversial science. I don't think the government's interest in controlling it will ever go away, although the face on it may change. Incidents like this one: --- --Hackers Holding Computer Files 'Hostage' (23 May 2005) A new type of extortion plot has been identified, unlike any other cyber extortion, according to the FBI. Hackers used an infected website to infect computers with a program that encrypts the users file. Then the criminal demanded money for the key to decrypt the files. Enhanced versions of this attack threaten large numbers of users with loss of important data, loss of money, or both. http://news.yahoo.com/s/ap/20050524/ap_on_hi_te/internet_ransom --- ...will make sure of that. Efforts like TOR will always feel threatening to some of the people in power, and excuses like the war on terrorism will always give those people a well-hyped excuse to do what they think is necessary. But that is just my fundie, cynical, tired opinion. Gila Pyke Policy Analyst Privacy and Security Division Smart Systems for Health Agency 416-586-4257 ___ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) - End
RE: /. [CIA's Info Ops Team Hosts 3-Day Cyber Wargame]
Other versions of the press release are fairly amusing, and can be paraphrased as follows: Imagining a world where most nations are allied against the United States, the CIA is currently... -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: /. [CIA's Info Ops Team Hosts 3-Day Cyber Wargame] Date: Thu, 26 May 2005 13:18:28 +0200 Link: http://slashdot.org/article.pl?sid=05/05/26/044209 Posted by: samzenpus, on 2005-05-26 06:03:00 from the do-you-want-to-play-a-game dept. ScentCone writes The CIA has booked some conference rooms and is [1]working through a simulated 'digital Pearl Harbor' to see how government and industry handle a monster net attack from an imaginary future foe composed of anti-American and anti-globalization hackers. Having been accused of lacking imagination about potential terror attacks, they're using the exercise to better shape the government's roles in a variety of attack scenarios. The networking industry, it seems, is expected to always play a big part in detecting and thwarting such threats, as 9/11-scale economic disruption is a likely bad-guy objective. References 1. http://apnews.myway.com/article/20050525/D8AAFUIO2.html - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Anonymous Site Registration
OK, what's the best way to put up a website anonymously? Let's assume that it has nothing to do with national security...the Feds aren't interested. BUT, let's assume that the existence and/or content of the website would probably direct a decent amount of law-suits. Presumably there's no way to hide the ISP from the world, but one should hopefully be able to hide oneself and make legal action basically useless. Egold + fake address for registering agency seems a little problematic. And there's the question of updating the site... -TD
The Gmail invite you requested
Thank you for using isnoop.net's Gmail invite spooler. Use the following URL to activate your Gmail account: http://gmail.google.com/gmail/a-67c4b62cb2-b54980148e-5673b3420d If the above URL did not work, please click the following: http://isnoop.net/gmail?badinvite=bc2599-3b85ba0bd6d7-bd6d Now that you've gotten your very own Gmail account, please return the favor by sending invites back to [EMAIL PROTECTED] when you get them. Also, please share the love and send a thank-you email to the person who provided you the invite. This kind person will be added to your gmail address book once you create your account.
Re: Anonymous Site Registration
On 2005-05-26T13:17:38-0400, Tyler Durden wrote: OK, what's the best way to put up a website anonymously? Tor? It's not immune from traffic analysis, but it's nearly the best you can do to hide the server's location/isp from clients. Let's assume that it has nothing to do with national security...the Feds aren't interested. BUT, let's assume that the existence and/or content of the website would probably direct a decent amount of law-suits. Hosting in a country that would laugh at lawsuits, like Sealand? Presumably there's no way to hide the ISP from the world, but one should hopefully be able to hide oneself and make legal action basically useless. Egold + fake address for registering agency seems a little problematic. You can try, but good physical anonymity for commerce is difficult unless you construct a fake identity good enough that you can use it to open bank accounts... without leaving any compromising fingerprints that your bank can turn over to the authorities. And there's the question of updating the site... Tor+rsync? -- Unable to correct the source of the indignity to the Negro, [the Phoenix, AZ public accommodations law prohibiting racial discrimination] redresses the situation by placing a separate indignity on the proprietor. ... The unwanted customer and the disliked proprietor are left glowering at one another across the lunch counter. -William Strom Rehnquist, 1964-06-15
Re: Anonymous Site Registration
Justin wrote: On 2005-05-26T13:17:38-0400, Tyler Durden wrote: OK, what's the best way to put up a website anonymously? Tor? It's not immune from traffic analysis, but it's nearly the best you can do to hide the server's location/isp from clients. i2p is another possibility. You can try, but good physical anonymity for commerce is difficult unless you construct a fake identity good enough that you can use it to open bank accounts... without leaving any compromising fingerprints that your bank can turn over to the authorities. Assuming you want your own SLD name, yes. But if you can be satisfied with a third-level, there are a lot of domains at freedns.afraid.org that will let you tag on a subdomain with just a registration (and you can probably supply a @dodgeit.com address). Then just add a web forward pointing to the Tor gateway. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
Events For September
Title: Dear , Dear Sir/ Madam, Some events that you or a colleague may be interested in: The Future of Nuclear in Europe Brussels - Oct Public Service Broadcasting Brussels Sep Coming in September: Sustainable Communities series 1st event - Sustainable Mobility Brussels - Sep Transport infrastructure in Central and Eastern Europe Hungary Sep 2nd Annual Obesity Conference Brussels - Sep www.euconferences.com We are less than 30 days from our very popular summer workshop EU Conferences Lobbying Workshop 20th June - 22nd June 2005, The Stanhope Hotel, Brussels A series of 3 workshops that can be taken individually or collectively Day 1: Lieselotte Feldmann brings her past experience of working in the Commission and introduces the Attendee to the functioning of the Commission, how you can be effective in co-decision processes and dealing with Commission proposals. Includes a Tour of the Commission Day 2: Lieselotte Feldmann Examines the European Parliament and how to approach this institution. This includes the possibility of Lunch at the Parliament with invited MEPs for a more interactive understanding. Day 3: Russell Patten from Grayling Political Strategy looks at creating and implementing a successful Lobbying Campaign. Includes an interactive simulation exercise and a look at the current lobbying climate. An excellent package for understanding and preparing for the Brussels Lobbying Environment. Enter LOB1948 in registration form 2 and you will have a one week extension from the date of this email to register for the early bird. For further information on this workshop, please contact andria.shiner@euconferences.com +44 1495 300013 www.euconferences.com If the content is useful to your site as event content, you may include it on your site. For our email update that is soon to include events, news, interviews and selected event presentations, please go to: www.euconferences.com/email.htm or [EMAIL PROTECTED] mentioning remove to be excluded from this info. Kind regards, Mark Kinloch +44 1495 300012 www.euconferences.com
Look better today
Let's face it, Age should be nothing more than a number It's okay to want to hold on to your young body as long as you can With increasing longevity for an increasing segment of the population, this is THE frontier for the new millennium-Dr Virgil Howard http://fag.63tt.pureitemfreebenefits.com/s/ View more about a new lifespan enhancement press here we care about your health cool idea but no Fatality was not significantly different Failures were significantly more common with combination therapy Among all trials we found no evidence for any potential prevention of infection by resistant isolates with combination therapy Rob determined to take no chances, so he left the machine attached to the Turk and turned the indicator to zero and then to East, for he did not wish to rejoin either his enemies the Turks or his equally undesirable friends the Tatars
[Politech] HP announces National Identity System for governments [priv] (fwd)
For those of you who missed this little gem... -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Never belong to any party, always oppose privileged classes and public plunderers, never lack sympathy with the poor, always remain devoted to the public welfare, never be satisfied with merely printing news, always be drastically independent, never be afraid to attack wrong, whether by predatory plutocracy or predatory poverty. Joseph Pulitzer 1907 Speech -- Forwarded message -- Date: Thu, 26 May 2005 19:27:38 -0500 From: Declan McCullagh declan@well.com To: politech@politechbot.com Subject: [Politech] HP announces National Identity System for governments [priv] http://news.com.com/2100-7348-5722206.html HP aims to help governments check IDs May 26, 2005, 4:16 PM PDT By Alorie Gilbert Hewlett-Packard plans to launch a product on Friday that helps governments check the digital identity of citizens. The technology, called the HP National Identity System, is designed to be used in conjunction with a number of Microsoft products, including its .Net line of server, database and middleware programs. The companies plan to jointly develop, market and offer training for the authentication system. [...remainder snipped...] ___ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
Delivery Status Notification
- These recipients of your message have been processed by the mail server: [EMAIL PROTECTED]; Failed; 5.2.2 (mailbox full) Remote MTA ims4a.libero.it: SMTP diagnostic: 552 RCPT TO:[EMAIL PROTECTED] Mailbox disk quota exceeded Reporting-MTA: dns; smtp2.libero.it Received-from-MTA: dns; minder.net (218.12.10.186) Arrival-Date: Fri, 27 May 2005 04:08:05 +0200 Final-Recipient: rfc822; helen@libero.it Action: Failed Status: 5.2.2 (mailbox full) Remote-MTA: dns; ims4a.libero.it Diagnostic-Code: smtp; 552 RCPT TO:helen@libero.it Mailbox disk quota exceeded Return-Path: cypherpunks@minder.net Received: from minder.net (218.12.10.186) by smtp2.libero.it (7.0.027-DD01) id 41BF65E407C4DBBF for [EMAIL PROTECTED]; Fri, 27 May 2005 04:08:05 +0200 From: cypherpunks@minder.net To: [EMAIL PROTECTED] Subject: HI Date: Fri, 27 May 2005 10:06:33 +0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0014_40A4D780.6351A190 X-Priority: 3 X-MSMail-Priority: Normal
RE: /. [CIA's Info Ops Team Hosts 3-Day Cyber Wargame]
Other versions of the press release are fairly amusing, and can be paraphrased as follows: Imagining a world where most nations are allied against the United States, the CIA is currently... -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: /. [CIA's Info Ops Team Hosts 3-Day Cyber Wargame] Date: Thu, 26 May 2005 13:18:28 +0200 Link: http://slashdot.org/article.pl?sid=05/05/26/044209 Posted by: samzenpus, on 2005-05-26 06:03:00 from the do-you-want-to-play-a-game dept. ScentCone writes The CIA has booked some conference rooms and is [1]working through a simulated 'digital Pearl Harbor' to see how government and industry handle a monster net attack from an imaginary future foe composed of anti-American and anti-globalization hackers. Having been accused of lacking imagination about potential terror attacks, they're using the exercise to better shape the government's roles in a variety of attack scenarios. The networking industry, it seems, is expected to always play a big part in detecting and thwarting such threats, as 9/11-scale economic disruption is a likely bad-guy objective. References 1. http://apnews.myway.com/article/20050525/D8AAFUIO2.html - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Anonymous Site Registration
OK, what's the best way to put up a website anonymously? Let's assume that it has nothing to do with national security...the Feds aren't interested. BUT, let's assume that the existence and/or content of the website would probably direct a decent amount of law-suits. Presumably there's no way to hide the ISP from the world, but one should hopefully be able to hide oneself and make legal action basically useless. Egold + fake address for registering agency seems a little problematic. And there's the question of updating the site... -TD
Re: Anonymous Site Registration
Justin wrote: On 2005-05-26T13:17:38-0400, Tyler Durden wrote: OK, what's the best way to put up a website anonymously? Tor? It's not immune from traffic analysis, but it's nearly the best you can do to hide the server's location/isp from clients. i2p is another possibility. You can try, but good physical anonymity for commerce is difficult unless you construct a fake identity good enough that you can use it to open bank accounts... without leaving any compromising fingerprints that your bank can turn over to the authorities. Assuming you want your own SLD name, yes. But if you can be satisfied with a third-level, there are a lot of domains at freedns.afraid.org that will let you tag on a subdomain with just a registration (and you can probably supply a @dodgeit.com address). Then just add a web forward pointing to the Tor gateway. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
Re: Anonymous Site Registration
On 2005-05-26T13:17:38-0400, Tyler Durden wrote: OK, what's the best way to put up a website anonymously? Tor? It's not immune from traffic analysis, but it's nearly the best you can do to hide the server's location/isp from clients. Let's assume that it has nothing to do with national security...the Feds aren't interested. BUT, let's assume that the existence and/or content of the website would probably direct a decent amount of law-suits. Hosting in a country that would laugh at lawsuits, like Sealand? Presumably there's no way to hide the ISP from the world, but one should hopefully be able to hide oneself and make legal action basically useless. Egold + fake address for registering agency seems a little problematic. You can try, but good physical anonymity for commerce is difficult unless you construct a fake identity good enough that you can use it to open bank accounts... without leaving any compromising fingerprints that your bank can turn over to the authorities. And there's the question of updating the site... Tor+rsync? -- Unable to correct the source of the indignity to the Negro, [the Phoenix, AZ public accommodations law prohibiting racial discrimination] redresses the situation by placing a separate indignity on the proprietor. ... The unwanted customer and the disliked proprietor are left glowering at one another across the lunch counter. -William Strom Rehnquist, 1964-06-15