Re: Gnutella scanning instead of service providers.
On Sat, 25 Aug 2001, Gary Jeffers wrote: My fellow Cypherpunks, Ray Dillinger believes that scanning would assist oppressors as much as regular users. Joseph Ashwood agrees with this and further thinks that the Internet overhead of a scanner would be a serious problem. Not really. To that extent, a gnutella scanner is probably already in the hands of any law enforcement types that are interested, and there's no reason gnutella itself ought not benefit from the same technology. Better points, since I need to spell them out, are: (a) If scanning is done in a clumsy way it generates a lot of network traffic and twangs a lot of alarms at various firewalls. (b) scanning is a hot button issue with a fair number of people and could generate complaints. (c) complaints about gnutella scanning would be legal ammo for people who wanted to shut it down. I think that all network applications ought to be able to find other nodes running other copies of the application - but be very careful how you design it, so as not to piss people off. As far as Joseph Ashwood's claim that the Internet overhead would be too much. Is his point exaggerated? Would it be possible to write low overhead scanners? I do not have the skill set to say. Maybe he is right, maybe not. Anybody got something definitive to say on this? A nice low-overhead scanner that doesn't generate complaints, would be a request and response on some other protocol. If you write a little cgi program, say IsGnutellaThere.cgi, and have gnutella users drop it into their apache (or iis, or whatever) directory, then you can make an HTTP request on port 80. IsGnutellaThere.cgi would run and check to see if the gnutella server is up and what port it's on, maybe check a table to find other gnutellas that it knows about, and return that information in an http response. Then gnutella users who wanted to be scannable (and not all of them will) could drop the program into their CGI directory, and scan-enabled gnutellas could just learn how to make a simple HTTP request and keep that table up-to-date for IsGnutellaThere.cgi to access. HTTP is low-overhead and innocuous, and there's already a hole for it in most firewalls. It won't generate alarms. A straight-up scanning approach most definitely will. Bear
Re: Jim Bell sentenced to 10 years in prison
On Sat, 25 Aug 2001, John Young wrote: See 9-page judgment in TIF format: http://cryptome.org/jdb-hit.tif (262KB) In addition to 10 years Jim was also fined $10,000 due immediately and faces three years of probation. No computer use and a long list of other prohibitions including no direct or indirect contact with the victim in this case, Special Agent Jeff Gordon. Motherfucking sonsofbitching shiteaters. Interesting that JeffG should have his name included in those documents. Isn't he afraid that that order, and his involvement in this case generally, is going to stick up like a lightning rod and attract the attention of lots of folks who would otherwise have ignored him? Bear
Re: FBI Tries to Set Up Brian K. West
On Sat, 18 Aug -1 [EMAIL PROTECTED] wrote: Will someone publish the home address of the prosecuting attorney and judge issuing the warrant? There are serious risks in doing so. Having such a post linked to your meatspace identity could result in persecution - and most likely eventually prosecution as well. Bear
Re: NRC asks for reviewers for forthcoming Internet porn report
On Wed, 15 Aug 2001, Jim Choate wrote: On Thu, 16 Aug 2001, Sampo Syreeni wrote: Maybe, maybe not. I'm the first to agree that porn *should* be treated as equal to other speech, But 'porn' is no more speech than 'murder' is. What makes porn so offensive isn't the pictures, but the ACTS that had to be commited to create the speech. You mean acts which consenting adults perform voluntarily? In most off-camera cases, acts which signify love and trust with a life partner? Acts on some of which the continuation of the species depends? The idea that such acts are somehow wrong or criminal is ridiculous. And you are asking us to believe that the images or descriptions of such acts are heinous because they inherit wrongness or criminality from the acts themselves? Go soak your head. Bear (Who happens to enjoy sex)
Free kiddie porn would save a lot of kids from being abused.
On Wed, 15 Aug 2001, Jim Choate wrote: The desire to get the 'speech' is what drives the act. To address one and ignore the other is simply not reasonable. The images should be taken as evidence of the act and then destroyed. They should not in and of themselves be left in circulation to promote further acts. Your assumption here is that leaving them in circulation will promote further acts against children. I do not believe that this is the case. In fact, if anything promotes further acts against children, it is taking such images *out* of circulation. If the desire to get the 'speech' (ie, photos) is what drives the abuse of children, do we not owe it to those children to minimize the motive to harm them? And if the motive is financial, how better to minimize it than to flood the market with public-domain computer- generated kiddie porn? If you saturate the market, then there is no more financial motive to abuse kids. It's plain old supply and demand, right? It's totally obvious to anyone whose motive is actually protecting kids rather than suppressing speech. Which would explain why the american legal system has been missing it so consistently; protecting kids, whatever the rhetoric they use, is not what they want to do. Bear
Re: Organized crime groups going online, report says -- beware!
On Tue, 14 Aug 2001, Declan McCullagh wrote: - Forwarded message from Declan McCullagh [EMAIL PROTECTED] - In addition, of course, organized crime groups use the Internet for communications (usually encrypted) and for any other purposes when they see it as useful and profitable. Indeed, organized crime is proving as flexible and adaptable in its exploitation of cyberopportunities as it is in any other opportunities for illegal activity. Just a note here, but this is one of the most common stereotypes about organized crime figures, and it's just not true. These guys are businessmen -- they won't turn down a deal just because it happens to be legal. Organized crime figures are proving flexible and adaptable in their exploitation of opportunities to make a profit -- they are not interested in illegal activity exclusively, they just don't give a damn whether a given opportunity happens to be legal or not. Bear
Re: Products Liability and Innovation. Was: Re: Traceable Infrastructure is as vulnerable as traceable messages.
On Mon, 13 Aug 2001, Black Unicorn wrote: Do I think that software should have products liability attached to it? No. Do I think strict liability stifles innovation? No. I would actually like to make a smaller point here. Broadly I agree with BU, but I'd like to analyze it a little. If software actually cost money per every unit produced, products liability would make more sense because then it could become part of the production costs. However, given that copying bits is in fact free (copyright issues aside), adding a real per-unit expense has the potential to *dominate* the production cost. Open-source software would become impossible to produce, because the whole open-source paradigm depends on copying bits being free. I think MS would like nothing better than having products liability attached to software in general; it would solve a massive problem for them by putting open-source stuff out of production. Even though the open-source stuff is better from a security standpoint, there is effectively no one who is making enough money from it to bear the costs of product liability. Some security consultants *do* bear the cost of product liability on software they install and configure; they are paid obscene amounts of money to take that risk and do the solid configurations that minimize it, and that is as should be. The effect of product liability on the industry as a whole would be to remove the only secure products available (open-source products), making it effectively impossible for security consultants to do their jobs. Bear
Re: Advertisements on Web Pages
On Tue, 7 Aug 2001, Tim May wrote: (I'm surprised no one has urged me to use Lynx. Is it still being used?) Some of us still use it, but we tend not to recommend it to anyone - it has become fairly obscure and, to be honest, lots of webpages suck pretty hard when viewed through lynx. I find it particularly handy though as a route around some firewalls. If I find myself on a machine where HTTP requests are filtered or published, I can ssh to a machine where they're not and use lynx from there. Bear
Re: Advertisements on Web Pages
On Tue, 7 Aug 2001, Tim May wrote: ( I expect 98% of the readers here have no idea what a Symbolics is or was.) Heh. I would cheerfully commit a felony or two to get my hands on a Symbolics Ivory chip fabbed using modern technology and running at a GHz or so. When I was a student, we had six Lisp Machines in the AI lab. Bear
Re: Advertisements on Web Pages
On Tue, 7 Aug 2001, Tim May wrote: To all who have contributed ideas about turning off Java, blah blah, l wasn't really _complaining_ about my personal situation. I was noting the bizarre world of online advertising in which the right third of a page is filled with ads, the top third is filled with ads, and now there are pop-up windows covering the main page...and which pop-up several times. Newspapers are usually over 60% advertising. But at least in newspapers, the ads don't wiggle. Bear
Re: Advertisements on Web Pages
On Wed, 8 Aug 2001, Tim May wrote: (Ads could be tied-in to the content, with some light crypto or copright protection. A circumvention of this liight crypto could be a DMCA violation. I would not be surprised to see this already impicated in the DVD cases: that 5 minute period of trailors that cannot be fast-forwarded past...it's probably a violation of the DMCA to build devices which circumvent the copyright holder's plans and intents.) They're sticking *trailers* on movies that people *pay for??* Geez.. talk about destroying the value of the merchandise they're trying to sell. Bear
Re: Advertisements on Web Pages
On Mon, 6 Aug 2001, Tim May wrote: Just a note about what's happening with Web advertising. Went to a site, www.imdb.com, to check something about a film. Up popped a doubleclick.net ad. In front of the main page, obscuring it. I clicked the close box. Up popped a _different_ ad. I clicked the close box. Yep, up popped a third ad box. I closed it. I think it stopped at this point. Simple answer: turn off javascript and java. It is generally not used except to make ads more annoying. If your browser allows it (I gotta put in a plug for the registered version of Opera here) turn off animated graphics. These three simple acts will kill over 90% of web advertising. If you're actually after *content*, you can usually turn off autoloading of images as well, and that will kill almost 100% of web advertising. Bear
Re: Traceable Infrastructure is as vulnerable as traceable messages.
On Mon, 6 Aug 2001 [EMAIL PROTECTED] wrote: re: driving remops out of business I'm quite aware of the attack. It's not guaranteed successful yet. True. But it beats the snot out of guessing keys. Offhand, I'd estimate that if three US remops were taken down forcefully, and the federal law looked as though any other could be, all but two or three hardcases would cease operating remailers in the USA. That would wipe out well over 70% of the remailers, leaving a very small universe indeed to monitor. Bear
Re: Space War
On Mon, 6 Aug 2001, Jim Choate wrote: On Mon, 6 Aug 2001, Ray Dillinger wrote: Second, it pretty much means the US is going to have to withdraw from the space treaty of 1965, which bans space weapons. This latter is actually more interesting to me, because that treaty also bans national claims of sovereignty over off-earth property (or else Neil Armstrong would have been saying the ancient incantation, we claim this new land in the name of when he planted that American flag on the moon in '69) and, more importantly, private claims of ownership on off-earth property. He did do that you silly goose. He claimed it in the name of the US for 'All mankind'... Check the web. I did, actually. Turns out I got the year wrong, it was 1967 not 1965. But the Outer Space Treaty of 1967, to which the US is a signatory, has a big fat anti-sovereignty clause, stating that no nation can claim off-earth territory. Discussion can be found at http://www.spacepolicy.org/page_mw0799.html Although I found this guy far too optimistic about the role of government, I believe he has his facts straight regarding the treaty. Bear
Re: Apollo 11 - For all mankind
On Mon, 6 Aug 2001, Jim Choate wrote: Note the commentary about changing the budget to prevent other flags from being planted... http://www.harmonize.com/swdroundup/Apollo11.htm Note the commentary that it was strictly a symbolic activity, as the United Nations Treaty on Outer Space precluded any territorial claim. Bear
Re: Gotti, evidence, case law, remailer practices, civil cases, civilit
On Thu, 2 Aug 2001, An Metet wrote: Your complaints about free research suggest that you have the sense that you are more valuable than or superior to other contributors. He is not superior in any substantial way; however, his expertise in law, combined with a willingness to actually discuss it, are in short supply here. That same expertise is extremely valuable to people designing systems, and for the sake of such people, please do not discourage him in any way from sharing it. The discussion of legal spoilation has been particularly enlightening; Before this discussion started I knew that it was possible to get in trouble for destroying documents before charges were filed or a subpeona was served. But before an investigation is even under way? Before a complaint is even filed? The mind boggles. I'd never have known that without reading the caterpillar cite, and as one who is not of the Priveleged Caste in terms of access to legal information, (ie, willing to pay thousands of bucks to Westlaw or whoever each year) I am grateful to him for passing it on. A worthwhile question for Cypherpunks -- all of the court decisions and cites are, technically, public domain information. And yet access to that information, in terms of legal databases, remains either extremely expensive, or the province of a Priveleged Caste (to whom extremely expensive looks like normal business expenses). Westlaw owns some of the most expensive copyrights, per-copy, of any entity -- and all they've done is number the pages and paragraphs and provide an index on public domain information. I think that there is, or ought to be, a good cypherpunk solution to making legal cites available for everyone. A distributed law library, hosted on many servers? Legal cites on Freenet? After all, what good is crypto anarchy if we can't break a copyright monopoly (or at least a case of non-competitive pricing) imposed on public domain information? Bear
Re: Traceable Infrastructure is as vulnerable as traceable messages.
On Fri, 3 Aug 2001, Jim Choate wrote: But the only place they can trace messages in a 'small world' model is at source/destination link, which means they're already on top of you. If they're out fishing all they'd see is a bunch of packets sent between remailers with the body encrypted several layers deep with keys held by a variety of people. the point is, that's enough. Both endpoints on such a packet's route are participants, obviously. If they want to shut it down, and they have seen such a packet, they have two people they can shut down. Repeat ad nauseam, and the infrastructure is destroyed. They don't have to trace individual messages if they can make the software illegal. And in an agent provocateur mode, the software is illegal the minute they want it to be -- all they have to do is show a DMCA violation (which they can manufacture at will) and declare the software illegal as a circumvention device. With Plan 9 that would require them to outlaw using a particular OS. Maybe in a lot of places, but not in the US. Really? I guarantee you that if a particular OS gets in the way of those with power, they can declare it a circumvention device the same as any other software. That is the threat model I'm concerned about, and given that network monitoring is now automatable and cheap, it is entirely do-able. If you stick with current paradigms. Bingo. That is absolutely the point. The current paradigm being the Internet as we know it. Bear
Re: Crypto instructions = Bomb-making instructions
On Tue, 31 Jul 2001, Tim May wrote: The critical point is that Congress is now in the business of criminalizing mere speech. mere research. Whether one quibbles about whether hackers understand the instructions on how to bypass crypto protections, or whether bombz d00dz understand the chemistry and physics of their bombs, the new outlawing of crypto instructions and bomb-making instructions is the issue. You are absolutely correct. From a human-rights point of view, that is exactly the problem. There are now thought-crimes. However, just because the law happens to be wrong, does not mean that specious crap can prevent a conviction on it in court. It says that circumvention devices are illegal, and the opinion of the court is that code -- source *or* executable -- is a device. At the same time, it says that other information, which promotes *understanding*, but which is not a device, is legal. At least for now. You can argue about gray areas and fine points all you want in this forum, but if your butt lands in court it will be dismissed as specious crap. Bear
Stegotext in usenet as offsite backup
On Tue, 31 Jul 2001 [EMAIL PROTECTED] wrote: If it's a crime to take actions specifically for the purpose of later rendering you unable to comply with a judge's order (is it?), how is escrowing it on the isle of man any different? Oddly, I've been watching this one with some interest. The other day I got worried about potential disk drive crashes, since with one thing and another I'm starting to accumulate a lot of unreleased original source code on my main machine. After the work I've put into it, I'd hate to lose it. But it's not an application that does anything useful yet. It would be handy, from my point of view, to use usenet as an offsite backup solution -- posting encrypted source for work-in-progress on binary newsgroups so I could just go back and nab it out of the archives if I ever have a disk crash or in case the computer gets stolen. If I want to increase the odds of its getting archived, I would just embed it in a sound file or a movie file using stego (original sound and movies, so as to avoid DMCA hassles, of course). Stegograms present an interesting copyright question for the legally inclined; if I'm using usenet archives as offsite backup via stegograms, I'm okay with the release and public use of the stegogram, which most folks will interpret as being the same as the covertext. But would that entangle the copyright on the stegotext as well? Or if somebody took the stegogram and figured it out, would I have legal recourse to stop them from doing anything with my code? (I was considering going to a lawyer with this one, but since the odds against anyone hacking the password on the encrypted data in the stegotext are literally astronomical, I figure the point is sufficiently moot to be not worth answering except as an intellectual curiosity.) Bear
Re: Criminalizing crypto criticism + 802.11b access
On Fri, 27 Jul 2001, David Honig wrote: You can create an executable, with source code, package it up and send it to the copyright owner with a note that says your protection is broken: here's the proof. How about dropping them a note to send an engineer to DefCon? Not a problem -- as long as what you're making available to the public at DefCon is not a program that script kiddies can download and use to break stuff. You can shout at the top of your lungs that their crypto is broken, on all kinds of forums. Might be libel if not true. Oh, yeah, feature them suing you for libel, and then watching aghast as you enter exhibit A -- the source code -- into the trial and the public record. If it successfully decrypts their stuff, it proves that what you said is true. It also goes all over the internet within about twenty minutes. Bear in mind that these people are not dealing from a position of strength, as long as their crypto is actually broken. The only evidence you need is precisely the evidence they don't want on the public record. And if it's produced for the first time in your own defense, in a court of law, I don't think they can press criminal charges on you for producing it. Bear
Re: Weird message from someone named NIPC
On Thu, 26 Jul 2001 [EMAIL PROTECTED] wrote: Declan wrote: # # Yes, clearly I was wrong and this must be the real thing. # I urge you to start an online campaign straightaway! I'm stunned you think this is a joke. You misspelled hoax. Think about it. You know how secure SMTP isn't? Go read the RFC, then you can telnet to the SMTP port of any open relay and create a message that appears to come from anywhere or anyone you like. Choate even still runs an open relay for your convenience. There is *NO* evidence that this isn't a hoax. Making a hoax would be so damn easy it isn't even funny. All that has to happen is for some monkey out there to read the sircam story and the dmitry story and decide he wants to yank the cypherpunks' collective chain (and/or discredit a reporter). There is a (remote) possibility that it could be real. But if so it is totally deniable and reporting it would cause a loss of credibility. The only way to find out if it's real is to save it, wait for more facts about FBI operations and structures to come out, and then the smoking gun would point at it only if it refers to or confirms any things that are true at this time but wouldn't be known to a hoaxer at this time. Bear
Re: A question of self-defence - Fire extinguishers self defence
On Thu, 26 Jul 2001 [EMAIL PROTECTED] wrote: -- The rear window had been smashed in when they whacked the cop with the four inch steel pipe, or when they whacked the cop with the two by four timber. so there was no problem with chucking it underhand and sideways. Plenty of room. One is naturally inclined to chuck large heary objects in this fashion, because it is difficult to sling them overhand. In order to sling it in frontwards, he would have had to chuck it in one handed, and it was too heavy for that. In order to chuck it, he needed both hands, and in order to chuck it with both hands, he needed to chuck it sideways. You try chucking a great big fire extinguisher. Unless you are Arnold, you will chuck it in the same fashion. I have two brothers. Early in their college career, one of them got drunk, and for the sheer hell of it started bowling overhand. The manager of the lanes at the student union was disinclined to try kicking him out personally, so he called my other brother to come get him out... This was possible because at that time all three of us had a lot of experience chucking large heavy objects (and the arms/shoulders to prove it) because we had been operating a firewood business to pay for tuition. If you can get a grip on a large, heavy object which is long (like a chunk of a log, or a fire extinguisher) You can often throw it further and harder one-handed and underhand than you can two-handed and sideways, because the swing gets the far end going a lot faster and that translates into a lot of power for the throw. You can also throw the sucker overhand, but you have to start by lifting it high in front of you, then swinging it down, turning sideways, bringing it up behind you, and releasing it over your head - as my brother discovered he could do with bowling balls. This guy holding up the fire extinguisher two handed, on the other hand, looks like he was intent on using it for a battering ram -- to push in someone's face with it or something. He didn't have room for the big underhand swing, nor the full-circle followed by overhand release, nor even really for the sideways chuck. One thing that his arms and posture suggest to me is that it's actually lighter than you've been guessing -- if it were heavy I'd expect to see a little more tension. Perhaps it was already discharged, thus only about 5-7 pounds? Bear
Re: Criminalizing crypto criticism + 802.11b access
`(3) FACTORS IN DETERMINING EXEMPTION- In determining whether a person qualifies for the exemption under paragraph (2), the factors to be considered shall include-- `(A) whether the information derived from the encryption research was disseminated, and if so, whether it was disseminated in a manner reasonably calculated to advance the state of knowledge or development of encryption technology, versus whether it was whether it was disseminated in a manner that facilitates infringement under this title or a violation of applicable law other than this section, including a violation of privacy or breach of security; My reading of these paragraphs is that basically, you don't start out by releasing a program that script kiddies can download and use to break stuff. You can present your paper at defcon, as long as there's not an executable. You can create an executable, with source code, package it up and send it to the copyright owner with a note that says your protection is broken: here's the proof. You can shout at the top of your lungs that their crypto is broken, on all kinds of forums. You can engage in your right to fair use using your own executable, ie, taking a five-second clip and using it in an original work where it's seen in the background as your protagonists stroll by arguing about the new sushi restaurant. But what it looks like is, you cannot publish that executable, nor make it possible for anybody else to engage in their right to fair use. Something may appear in an anonymous channel, and if it's not traceable to you -- or downloadable from your website, etc -- then they may sue you for having done the research that made it possible, but they will lose. Of course, there is life outside the USA, and I'm sure some kid in Italy or Finland or Russia will cheerfully read your paper and implement the thing you describe and release it. But that kid better not visit the USA anytime real soon unless that kid publishes anonymously. I think a lot of the flaws with the DMCA could be fixed by allowing an exemption for a notice period -- one year after you notify them that their crypto is broken, they've had enough time to fix it -- and if they haven't fixed it, they deserve what they get. Bear
Re: So, what do the Russians think?
Good point. A Russian cryptographer was grabbed, unable to talk to his consulate for at least three days, and the Russians don't say anything? I smell a rat. Perhaps Dmitry was sold down the river. (Note for non-USA readers: sold down the river is an americanism for betrayal. It dates from the days of slavery, where the conditions for slaves were worse the further down the (Mississippi) river they were. It was common for slaveowners to promise to sell their slaves upriver to gain their goodwill, and then sell them downriver for more money than they could get upriver. Since slaves' communication was tightly controlled, lying to the ones left about where their buds had gone was also common, and usually undetected. Parallels to the current situation are left as an exercise for the reader.) Bear
Re: IP: The Postal Service Has Its Eye on You (fwd)
On Tue, 24 Jul 2001 [EMAIL PROTECTED] wrote: Does anyone have a link to this B form, or more exact data on it's contents? It seems a little pointless to fill out a form saying that Unknown person refused to ID for a transaction of $3000.00. This suspect was 5'8 and 125#, brn hair, brn eyes and wearing jeans and a tee-shirt It probably notes time of day and gets submitted along with videotape from the cameras, so the lions can run it through their mugbooks. Bear
RE:
On Mon, 23 Jul 2001, Petro wrote: At 11:30 PM -0700 7/22/01, Ray Dillinger wrote: On Sun, 22 Jul 2001, Sandy Sandfort wrote: The pressures of commercial advertising--in the sense of mass media--have been with us for as long as there has been mass media. You either deal with it as an adult, or you deal with it as a child. To complain that people are making you want something and they should stop is definitely in the realm of the latter. I was never really socialized enough for it to work all that well. But I had to just stop listening, because it made me angry day after day. I say this as someone who has a bit more credit card debt than he really should, so I understand the consumeristic drive, but it's really all about self-disipline, now isn't it? Self-discipline in an arms race with techniques designed to suppress or defeat it, yes. And that's only on the personal level. On the personal level, I'm now pretty insulated from most marketing campaigns, so that's not all that relevant to me. However, the societal effects are nasty, because the *widespread* suppression of self-discipline leads to a lot of stupid, wasteful, or harmful effects that are very widespread, and which I can't get away from. Personally, I am debt-free, and frankly loving it. It is hard to understand how much debt sucks until you get the opportunity to live without it. I highly recommend it. gets a little stifling when people can't or don't control how much pressure (as advertising etc) they are exposed to. You left out one word in there. Won't. Bingo. Won't. And are intentionally maintained in a condition where they won't, at least until they break away from the herd and strike out in their own direction. Let's put it this way; why would a rational person or even a sane person purchase a furby? It is useless; it is annoying; its expected Mostly to stop their children from wailing about wanting one. Children are, almost by definition, not sane people. Bingo. Family pressure, brought about by marketing. That's part of the whole crazy-making cycle. 'Mommy's not home for dinner, sweety, because she's working overtime to buy you a furby she's on the fucking treadmill, and you helped put her there. Want some pie?' But the science of marketing is increasingly about arresting the processes of rational thought, and even the processes of mental health, in order to induce people to buy crap which they don't need, won't or can't use, or can't get any real satisfaction from. Advertising only works on adults (or rather rational people) when it shows them something they already want. You are correct; and therefore, it is in the best interests of marketers to make sure that everything is as banal and bland as possible, and that all the ideas are prepackaged - specifically in order to prevent people from growing up emotionally, or becoming rational. They're doing an increasingly effective job of it and whether we're directly included/affected ourselves or not, whether we are consumerist zombies or critical-thinking adults, we have to live in the sick society that results from their handiwork. Marketing has not gotten anywhere near that personal. Yes, it has. I don't receive car commercials with a picture of a buxom oriental woman wearing red PVC undergarments, while my neighbor get his with a picture of one of maplethorpe's models. Now, granted part of this is because it's not commercial feasible, and I doubt it ever will be. Trust me on this; it will be. Men known to be gay are already getting car adverts featuring leather-clad men instead of the customary bikini babes, and offered accessories like rainbow stickers direct from the dealers. From here out, it's only a matter of refinement. Ultimately, if the car dealers find out enough, the question is only about whether the marginal sales to people who like busty oriental babes in red PVC underwear will pay for the photo shoot, ad composition, and printing costs. Digital imaging and poser software drives down the cost of the first, Expert Systems are driving down the cost of the second, and printing costs are already pretty damn minor. No, the most that modern advertising science has been able to do is to direct clients NOT to advertise in places where they won't get a ROI, in favor of places that WILL. With the result that practically *every* ad you see causes pressure, because all the ones that wouldn't get an ROI (which wouldn't cause pressure) are elsewhere. The total pressure on each and every consumer has dramatically increased. Bear
RE:
On Sat, 21 Jul 2001, Sandy Sandfort wrote: It should be obvious that these riots are not so much ideologically motivated (though that's the pseudo-rational), but testosterone motivated. Most of these monkeys couldn't spell anarchy let alone understand it philosophically. Let's not confuse the cover story with the real motive--fucking stuff up for the fun of it. Hmmm. I was digging after this for a while, trying to figure out why these people were rioting. As you note, there's no real coherent message from the protesters, not even a thread of unifying platform or goals. But then, the information content of what comes out of the mouth of someone who's just hit his/her thumb with a hammer is pretty low, too. It doesn't mean s/he doesn't have a real concern. This is just a guess, but what *I* think motivates these people is frustration and disenfranchisement. It's not that any substantial group of them want any particular thing, it's just that the whole bunch of them feel that they don't have a voice in what's happening any more. The globalization people are consulting *each other* instead of the people affected by the laws to figure out what laws they should pass, and the people are pissed off because they don't feel that they have any input into the process. Also, the personal pressure on them is a little higher every year as the forces of capitalism get more ruthless and efficient at exploiting them as a market and as cheap labor - and the barriers to actually starting a business of one's own seem to be going nowhere but up - so they're also frustrated by the fact that even though they may be making more money, they're still working for other people and at the end of the day they're still poorer. Capitalism from the worker's perspective means working longer hours, getting paid more, and winding up under family pressure (because your family is an intensely and effectively targeted market) to spend it all on stupid stuff. Furbys, TV's, and barbie dolls, for god's sake. So at the end of the day they have more stupid crap but they're poorer and more tired and have less time to spend with their family - and after a while they get frustrated. But none, or few, of them see it in exactly those terms. They're just angry and frustrated and they don't really know why. The few issues they believe in are getting ignored, so they go protest about those few issues and it turns into a chaotic mess because everybody has different issues and different degrees of how pissed- off they really are. More frustration. Bear
Re: CNN.com - Family remembers G8 protester - July 21, 2001
On Sat, 21 Jul 2001, Declan McCullagh wrote: I'm sympathetic to the deceased's family. But it strikes me that if you assault a police vehicle with armed cops inside with the evident intent to do physical harm, you'd better be wearing a bulletproof vest. ^^^ I think you misspelled Armored Personnel Carrier. Bear
Re: [free-sklyarov] Re: Rallies on Monday
On Sat, 21 Jul 2001, Morlock Elloi wrote: So Adobe thugs will pour out of the building sprayng crowd with machine-gun fire ? Corporate commandos will make arrests and cart them to software sweatshops ? What exactly peaceful banner-carrying demonstrators on the public grounds should be afraid of ? The police, and possibly military presence, responding to Adobe executives panicked calls that they are under attack by an armed mob of anarchists bent on the utter destruction of our building and grounds and possibly the murder of our employees and executives... Adobe security guys behind a window on the third floor of the building, scanning the crowd with a high-resolution camera, and the $MILLIONS they are willing to spend to hire a private investigator to find out who each and every one of the people in the picture is so that police complaints can be filed against each and every one, and charges brought for criminal trespass, even if it takes months And of course the money spent tracking them all down will be on the bill of damages they try to recover Illegal sweetheart deals that have been worked out with police officials and/or private security whereby they've pretty much agreed in advance that if Adobe puts out the right codeword, a bunch of muscular men in riot gear will show up to HURT the attackers - this could involve the deployment of tear gas or pepper spray. Miscellaneous water cannon, rubber bullets, and, worst of all, thundering herds of lawyers both for attack and defense. I'm pretty sure attack dogs are effectively banned in California due to astronomical liability settlements, but otherwise you'd have to worry about that. Make no mistake, an american company with a really paranoid bent can make life sheer hell for any who have the temerity to show up protesting on its grounds. It costs them a lot of goodwill though -- if they pull out all the stops more than once every few years, it's going to seriously hurt their reputation and their business. I doubt that Adobe will go the whole route here: I bet they'll go as far as meeting the protesters with a full cordon of armed law officers, but if things stay peaceful, the two groups will probably be able to just stand a respectful distance apart and wave at each other politely. They'll probably scan the crowd with a high-res camera, but probably won't bother to file charges unless someone throws a rock or something. And we're not likely to see water cannon or pepper spray used unless someone actually gets inside one of the buildings. Bear
Re: What NAI is telling people
On Mon, 16 Jul 2001 [EMAIL PROTECTED] wrote: Back to the original question: It's obvious that NAI is operating under the belief that some ISPs are complying with some unspoken BXA idea/wannabe-law and blocking encrypted messages from no-no originating domains. Is this really the case, or is NAI also full of it on this one? Well, the easy way to find out would be to spoof the headers of an encrypted email so it appears to originate from one of those countries, send it to a tentacle or an anonymous account, and see if it falls into a black hole somewhere. Bear
Re: Big Brother the toilet troll
On Thu, 12 Jul 2001 [EMAIL PROTECTED] wrote: Um, what would the price premium be for a toilet that operates as a stoolie? 10X? 20X? Don't hold your breath waiting for it to become a standard. The hell of it is, this provides a useful function. The only thing that makes it invasive is that it communicates with people OTHER than the one whose poop it's analyzing. I'd actually pay a substantial amount of money to have a health monitor system in place -- to alert *me* to any problems or parasites in my gut, so that *I* could take appropriate action (or not, as I choose). Why the hell does this guy want it to talk to people other than the one with the health interest? Bear
Re: Taxifornia becomes interplanetary menace (fwd)
On Wed, 11 Jul 2001, Eugene Leitl wrote: clip L.A. May Be Shot Down in Bid to Tax Satellites By Dan Whitcomb clip Auerbach insisted that he was not pushing for a tax on the satellites but was simply doing his job and trying to determine whether they should be taxed. ``I'm neutral on the whole thing,'' he said. ``My job is to make sure all property that's taxable gets assessed and I'm going to follow the law. If the law says its not taxable it's not taxable. If it is taxable I will assess it.'' Just imagine what things would be like if assessors were paid on commission. Tax Farming, anyone? Bear
Re: lawyer physics (was taxing satellites)
On Tue, 10 Jul 2001, Dynamite Bob wrote: quoting someone who is not participating in this discussion The property in question here is geostationary, said Larry Hoenig, a San Francisco attorney representing Hughes Electronics. Geostationary satellites sit above the equator in a fixed position; they do not rotate around the Earth. So the satellites we're talking about here are not movable property. Since the equator does not pass through California, it follows that any property hanging above a point on the equator is NOT within the borders of California -- no matter how far up you extend them. So I doubt the claim of jurisdiction. Hmmm. Maybe their theory is that because it's not within another nation's border, property owned by US citizens is subject to American Taxes. That would be bad. Or maybe they're attempting to establish a doctrine that Americans can be charged property tax on property they hold outside the borders of the US regardless of whether it's in the borders of another country. That would be worse. At the very least it would provide substantial disincentive to retaining American citizenship. Now, if Sri Lanka wanted to charge property taxes for some prime orbital real estate, it might be able to make a better case -- it actually *has* prime orbital real estate. Bear
Re: Dropping out of the USA
On Tue, 10 Jul 2001, Jim Choate wrote: Seems to me the only answer is to keep moving, don't settle in any one country (or store your possessions in any one jurisdiction) for a lengthy stay. A couple of years max. Um, no. A couple of years would have been fine a decade ago, but these days if you piss off The People Who Must Not Be Pissed Off, extradition - from anywhere you'd remotely want to be - happens really fast. And getting faster, at least until the US sets off a backlash of sentiment among its current supporters. I guess it depends on what you're up to. If you really want to avoid attracting their attention -- then you're not posting to this list ever again and you're *definitely* not doing anything like Phil Zimmerman and several others we could name did. In short, you abandon cypherpunk ideas to all outward appearances and do not contribute anything to the freedom of our descendants. You just sit there like a nice little shitbag and quiver when they tell you to quiver, and they'll leave you alone. For now. At least until they run out of people who make them more nervous. On the other If you *do* attract their attention, then international travel will make them even more nervous about you -- and we all know (from Bell's case) what happens when Those Who Must Not Be Pissed Off get nervous about a particular person. A Kangaroo trial and a long sentence, natch. Same as anywhere else in the world. I think maybe the most effective path is a middle path; do things that help the situation of everybody, publish good subversive software if your talents run that way, and you'll definitely attract their attention. But as far as you can avoid it, never *frighten* them I guarantee that if Phil Zimmerman had had an impressive collection of guns or a stockpile of chemical reagents in his posession when he released PGP, he would be rotting in jail today and the rest of us wouldn't have PGP, nor its lineal descendants. Basically, you're allowed to piss them off a little, and they still need some kind of excuse to arrest you. But once you've pissed them off, any excuse will do, even (as Bell's case teaches us) the legal exercise of a constitutionally protected right. I think a lot of international travel would be more likely to give them the excuse they need to arrest you, if they were looking for one, than it would do to keep them off your back. And when you go travelling internationally, the opportunities for setups of various types multiply exponentially. What if somebody blackbags your luggage and a pound of dope shows up in turkish customs? Now add in a hefty bribe to the judge in the case and your innocent ass can be sitting in jail in Turkey for decades at no PR cost to the USA. Bear I used to feel like a flea on the back of a dinosaur -- But lately, I've felt that that may have been a misassessment. Maybe I'm more like a small, yapping poodle on the back of a dinosaur -- Philip Zimmerman (paraphrased no doubt by my faulty memory)
TV as an indicator...
I turned on a television set last night, for the first time in many months. I was watching videotapes, but I caught fragments of shows while tapes were rewinding, etc. American TV has taken a definite turn for the vicious since I last watched. It's still pablum-and-opiates, but someone has spiked it. We're seeing an increasing focus on elitism, survival of the fittest, etc -- shows that present the elimination of the weak as a virtue, and where game-show hosts masquerading as intellectuals intentionally humiliate contestants. We are seing a separation of moral responsibility from action and being conditioned to accept viciousness in authority figures. We are also being conditioned to accept the idea that some form of pseudo-intellectual correctness excuses viciousness. The tone is very similar to entertainment or public education films that were produced by the propaganda arm of the german National Socialist party in 1936-1938, which I remember from school but which folk in Germany, or those who attend current-day American schools, will not recognize due to censorship. We forget history, believing that this will prevent us from repeating it rather than the other way round The progression was reasonably simple, as I recall. First, the people are conditioned to accept harsh reality, survival of the fittest, etc. Second, the people are conditioned to accept that, these things being inevitable, hurrying them along is a virtue. Third, some class of people are identified as being inferior and pseudoscience upholding the claim is advanced. The shows I saw last night were deep into the second stage, and universal public monitoring is now more pervasive here than it was then and there, and our schools are raising a generation of people who think monitoring and draconian weapons laws are normal, and ideas not politically correct are being persecuted as vigorously here as they were in Nazi Germany. The parallels continue... The new media must be controlled of that era was radio and television -- now it's the internet. Same basic debates going on -- most of the same outcomes happening. I am scared. Bear
Re: Meatspace anonymity manual
On Sat, 7 Jul 2001, Sampo Syreeni wrote: the protection afforded by Black Blocs is quite thin (just indict them under organized crime or gang laws), The similar clothing is enough to charge with gang membership and invoke RICO. Also, the 'black bloc' tactic has 'premeditated' written all over it. I'd say these kids haven't provided more protection for themselves; on the contrary, they've raised the stakes. The cops will have to arrest *more* people in order to deal with the bloc, but the people arrested when it happens are going to be charged with more serious crimes, like racketeering, conspiracy, and membership in a corrupt organization, than if they'd stuck with the simpler tactics. And most of what they might otherwise have claimed as defenses are going to crumble under that 'premeditation' thing. I'm not a lawyer, and I don't play one on TV, but this just looks like a silly mistake that's going to bite them in the butt to me. Bear
Re: Can I reproduce out of print books?
On Sun, 11 Mar 2001, A. Melon wrote: Does anyone know the law regarding duplication of out of print books/other works? It's the same law as the law regarding duplication of in-print books/other works. There are places and situations in which the enforcement varies depending on whether it's out of print, but in the US anyway, it's the same law. E.g. Stephen King withdrew his book 'Rage' (support your neighborhood second-hand bookstore) about a schoolkid who holds his class hostage at gunpoint, shortly after the Littleton shootings. King _does not_ want this book to be available to the public until the mess blows over. If I distributed this book in electronic format for free, I would not be costing him a single penny. Would I still be violating the DCMA and which other laws would I violate? Yep, you would still be violating copyright, including the DMCA. Also, what if I claimed that books like King's were in some way responsible for the current spate of shootings? Would I be able to reproduce the book (so my quotes can be judged in the context of a whole work) in order to campaign against it? Or can he legally suppress his own works? You can quote from it, subject to the rules on fair use - but you can't reproduce the whole of it. However, if the text of the book is submitted as evidence, in a civil or criminal trial, there are some different rules that apply. I recall a circumstance in which a reporter for the Topeka newspaper, while on vacation on his own nickel, researched a story on a local foaming-at-the-mouth minister named Fred Phelps, going to Phelps' hometown and interviewing people who'd known him as a kid etc. He then wrote an article and handed it to his editor at work, at the Topeka Capitol Journal. As it turns out though, when the Journal had changed ownership a year or so earlier, Phelps and his goons had started picketing the owner's house. Loudly and continuously, until they started getting good press. The owner, effectively in Phelps' pocket, quashed the story. The reporter notified them that he intended to publish an article using the research he'd done for the quashed article elsewhere, and the newspaper (acting more or less on orders from Phelps' goons) sued to stop him. The reporter entered the text of the submitted article as Exhibit A in the lawsuit, and the research he'd done as Exhibit B. His case was to show that the article he intended to publish elsewhere used different parts of his research than the article that the Capitol Journal had refused to publish. But when it was submitted as evidence, it became public information and went out on the internet within two hours. I don't remember whether he won or lost the suit. But it seemed kind of moot after that. Bear
Re: Shooting down 'Bandit Satellites'
On Thu, 1 Mar 2001, An Metet wrote: Suppose can-sats WERE launched illegally, and then started broadcasting time synchronisation signals/OTP/other cypherpunk related signals, along with a spoken commentary by Radio Free North America (so Joe Sixpack has an excuse when those nice detector van gentlemen knock on his door and ask why he's listening to 128.0 FM) Would they be able to physically shoot at it, jam its signal or burn out its electronics from the ground or aircraft altitude? Assuming the can-sat were in low earth orbit, yes, they could easily shoot it down. The air force has a few extreme high-altitude craft that can launch long-range missiles. These can actually reach the same altitude or nearly, as low-earth-orbit satellites. (They cannot reach low earth orbit; that would require them to be at that altitude but going much much faster.) They can't launch a missile fast enough to get low earth orbit, either -- but in the final analysis, it doesn't really matter whether the satellite hits the missile or the missile hits the satellite. Could someone put up enough disposable 'bandit-sats' (expecting to make less orbits than Sputnik) over time to make it uneconomical to keep shooting them out of the sky? if you're getting one bandit-sat per launch, then the answer is plainly no. Because the missiles or planes don't have to reach orbital velocity at all, they are much cheaper to shoot down than to put up. However, if you get a thousand bandit-sats per launch, and they scatter all over the sky once they're up there, it becomes much more viable. It could take weeks or months to shoot them all down, and since they wouldn't be clumped together you'd have to fly a separate mission for every one of them. In that scenario they are cheaper to launch than to shoot down. But still, the launch costs would be a substantial fraction of the shootdown costs, and unless you can spend a substantial fraction of what the US government would be willing to spend on it, I think that's cold comfort at best. If you go for higher orbits, we might get to see some of the stuff the "star wars" research paid for... At the very least, I'm betting on a satellite with a laser which, given a few minutes at a hundred-kilometer range, could probably burn through a can-sat. Probably something faster than that. Possibly a bunch of can-sats with "intercept and collide" or "get close and explode" missions. Would directional transmissions from ground to satellite be traceable (and would this depend on whether there are other birds in the part of the sky I want to send to)? depends on how tightly focused. If you're using radio, you cannot focus that tightly, and yes your signal to the satellite can be traced. If you're using laser, it would require them to have a satellite with some appropriate directional sensor within a few degrees of the satellite. Hmm, as I think about it, unless your laser doesn't illuminate dust in the atmosphere, it might not require that much to detect it after all. Would retrieval of a returned film capsule be possible before Air Force helicopters descended on the landing site? Interesting question. If the film capsule is tiny, nonmetallic, and contains no radio equipment, it might be possible for it not to show up on radar, in which case it's much less detectable than radio etc. Bear
Re: Consensus Actions in Cipherspace?
On Sat, 13 Jan 2001, dmolnar wrote: 1) To post a message, sender S takes a 2-dollar coin and then uses some kind of verifiable secret sharing protocol to split it into shares. snip 4) If a group agent thinks the message is spam, it sends its share to Engineers Sans Frontiers or whoever. No central server now, just needs a verifiable secret sharing scheme. Pedersen has one, Cite, or URL? A verifiable secret sharing protocol could solve a *LOT* of protocol problems and I want to read it closely. (Thanks in advance for any pointers...) and another is part of the Proactive Security work I mentioned previously. On Byzantine Agreements? I have run into references to the topic, but it was never really clear what Byzantine Agreement really means. Bear
Re: Consensus Actions in Cipherspace?
On Fri, 12 Jan 2001, David Honig wrote: the server could simply use a voting protocol to get (or timeout) permission to do proposed actions. We are assuming that the server is trusted, right? Actually, no. That creates a single priveleged machine, which is also a point of failure, which is also a point of attack, which is also subject to subpeonas or outright theft. Ideally, this is something that runs on the distributed machines of the participants. I think that's the only way to be safe from the "lawsuit attack". Perhaps I'm not clear on what constitutes an action that could be distributed without relying on a trusted actor (server). For example, consider a robo-moderated mailing list formed by cat owners. They have a "posting protocol" that requires you to submit a digital coin worth a dollar or two along with your letter. If enough people click on the "this is spam" button, the group agents donate the coin to an animal shelter and you can't spend it. Otherwise, you get your coin back when your message expires. The posting protocols etc. are wrapped in scripts, of course; on your end you get a message box that says "Are you willing to post a two-dollar bond that says most of the people on the list don't think this is spam?" and yes/no buttons. The subscribers just have another little button on their mail reader - So it goes Next message, delete, reply, reply all, spam. I'd really like it if somebody has figured out a way for a group to form consensus and act on that consensus as though it were a single individual -- capable of participating in general protocols. But individual solutions to problems like the above would be a great start. Bear At 06:01 PM 1/12/01 -0500, Ray Dillinger wrote: Crucial facts about a protocol that does the right thing would be: 1) DOES NOT create any single priveleged user or machine. 2) Resistant to denial-of-service attacks and attempts to "stack the vote." (Requires user authentication) 3) No altered versions of the agent ought to be able to gather enough information to force an action as long as at least the majority of agents are unaltered. 4) Once a consensus is reached, a majority of the agents acting together should be able to take whatever action is found even if the dissenters' agents don't cooperate with them. (a consensus reassembles a key? But then that key can't be used again, what's the next key?) Interesting idea. Starting with 1 user who can admit (by virtue of having 100% of the vote) and then letting the users vote to add others. I don't think reassembling the key is the final stage. I think the server could simply use a voting protocol to get (or timeout) permission to do proposed actions. We are assuming that the server is trusted, right? The server could send signed PGP-encrypted email to all members saying: "The following script has been proposed to be run by GroupServer for your Group.. to vote yes or no, sign a yes or no message and encrypt and send it to GroupServer. This vote closes in 3 days, and votes are acknowleged immediately." (Thinking out loud) Maybe the actions require access to a distributed N-of-M database? How do you prevent someone from reusing the reconstructed database? Or uncooperatives refusing to update their slice of the DB?
RE: cell phone anonymity
On Mon, 8 Jan 2001, Phillip Zakas wrote: Just a minor correction to the below posting: cell phone locations are NOT calculated using GPS. They're triangulated via the three nearest cell sites reading the cell phone signal. Accuracy is much lower than with GPS, but good enough for cops to, say, find a stranded motorist on a highway. I believe resolution is somewhere around 40 meters in densely populated areas (where there are many cell phone towers). This resolution figure varies from region to region. Hm. Okay. I knew there were locators in them, and had assumed that they were GPS. My mistake. Does anyone know any particulars about whether these phones can be queried for their locations while not in use? IMHO, the real privacy issue with cell phones is the security of a conversation. Yes indeed. Privacy is a tougher thing to achieve than anonymity, at least with cell phones. Bear
RE: cell phone anonymity
This pretty much kiboshes the idea that they might be continuously broadcasting; I'm more concerned about the idea that there may be some signal they're passively listening for, to which they will *respond* with a pulse signalling their location. Bear On Mon, 8 Jan 2001, Phillip H. Zakas wrote: Hi, I don't believe cell phones can be queried while they're off. The phone has to xmit a pulse (to hear a pulse, crank up your PC speakers, turn on your cell phone and place it within 3 inces of a speaker...you'll hear the speakers produce static at a regular interval [about every 30 seconds or so with my startac]). In an unscientific study, I've placed my cell phone, turned off, next to the speakers and not heard the familiar pulse. Also since you posed the question I ripped open my recently acquired Motorolla Timeport. Not seeing any activity in the xmit circuitry when the battery is plugged in and the power is turned off. Of course I'm having trouble putting the case back on the phone correctly but I'll figure that out later ;) phillip zakas -Original Message- X-Loop: openpgp.net From: Ray Dillinger [mailto:[EMAIL PROTECTED]] Sent: Monday, January 08, 2001 11:10 AM To: Phillip Zakas Cc: Multiple recipients of list Subject: RE: cell phone anonymity On Mon, 8 Jan 2001, Phillip Zakas wrote: Just a minor correction to the below posting: cell phone locations are NOT calculated using GPS. They're triangulated via the three nearest cell sites reading the cell phone signal. Accuracy is much lower than with GPS, but good enough for cops to, say, find a stranded motorist on a highway. I believe resolution is somewhere around 40 meters in densely populated areas (where there are many cell phone towers). This resolution figure varies from region to region. Hm. Okay. I knew there were locators in them, and had assumed that they were GPS. My mistake. Does anyone know any particulars about whether these phones can be queried for their locations while not in use? IMHO, the real privacy issue with cell phones is the security of a conversation. Yes indeed. Privacy is a tougher thing to achieve than anonymity, at least with cell phones. Bear
Re: Anglo-American communications studies
On Mon, 8 Jan 2001, David Honig wrote: At 08:17 AM 1/8/01 -0500, Ken Brown wrote: and there are very few opportunities for real misunderstanding. We know The meaning of 'billion' differs by three orders of magnitude across the pond. That's plenty of room for confusion :-) And in the US, "billiards" is a game played with cues and balls on a felt-covered slate table. In the UK, it's also a very large number. Thankfully, so large that that definition rarely comes into conversation. As I understand cross-pond conversions, it goes like this USA UK Scientific Thousand Thousand 1E3 Million Million 1E6 Billion Milliard 1E9 Trillion Billion 1E12 Quadrillion Billiard 1E15 Quintillion Trillion 1E18 Sextillion Trilliard 1E21 Septillion Quadrillion 1E24 OctillionQuadrilliard 1E27 etc etc etc This silliness seems regular, and has no good reason not to extend indefinitely. But perversely, both dialects use the same word for googols and larger quantities. This is one reason why I tend to just say "screw it" and go to scientific notation when writing. That way it's clear what I mean no matter where the reader is from. Bear
Re: cell phone anonymity
On Mon, 8 Jan 2001, Tim May wrote: Ray, you seem knowledgeable in some areas. But your pontifications on California basements, cellphone GPS, etc., are very "Choatean" in nature. Something you might want to look at. You can trust anything I say about Math or Programming (especially AI and LISP programming -- ie, my job). A lot of my "rants" in fields like architecture, state government, etc, come from situations in Kansas, many of which do not apply to California, and I need to think twice before speaking once. Much of the rest (including GPS chips in cell phones "within the next couple of years," heard a couple of years ago) is gleaned from mainstream media and evidently has its share of distortions. Bear An aside -- Contractors are now building uninsulated homes in Kansas (a climate where temperatures range from about 110 fahrenheit to -3 fahrenheit over the course of an average year) on floodplains, with slab foundations, not even buttressed down to the heave line and with no provision for airflow to mediate temperature - and people are buying them! This monumental stupidity was a feature of the circus of fools around me for many years, and is still where my mind goes by reflex action whenever I hear about electricity supply difficulties, power costs and escalating home insurance prices -- however irrelevant it may be to the situation in California. California, it seems, has its own set of completely different acts in the circus of fools, and I'm still learning them
Re: CIA proctologists
On Wed, 15 Nov 2000 [EMAIL PROTECTED] wrote: US Citizenship is required, as is successful completion of a medical evaluation, polygraph interview and an extensive background investigation. A "medical evaluation"?? http://www.odci.gov/cia/employment/jobpostings/architectstud.htm Pretty standard procedure. A medical evaluation can detect drug users, alcohol users, people whose brain chemistry is different, etc. It can also detect people who are likely to be more or less expensive to insure, people who need drugs (from insulin to psychopharmaceuticals) to function normally, and people with more than a "reasonable" number of knife-fight scars, which might indicate that someone is too rash or hotheaded. It also gets them DNA samples etc, which they can later use to positively identify you if you ever get implicated in anything criminal or controversial. And finally, they will wind up knowing all about your tattoos and brands if any, which will point out people who were in certain gangs and societies during certain time periods. That's just part of the job. If you're going to handle secret material for any government, that government will want to know everything about you no matter how invasive, and they will want to own every possible bit of leverage anyone can have on you, and they want to be damned sure that no one else has any leverage on you that they don't know about. Medical examinations are just one aspect of that. I bet they audit someone's taxes for the last six years before they hire them, too. Bear
Re: Zero Knowledge changes business model (press release)
On Wed, 1 Nov 2000, David Honig wrote: Although its hazardous if done wrong [cf recent PGP problems], is tarnished by the Fedz/Denning/etc, and might have no use in a personal privacy tool (your diary dies with you), isn't it too dogmatic to rule out key escrow for tools intended for use by groups? Are there equivalent methods which don't use escrowed keys, which I am unaware of? First, I think the people who've spoken about document escrow are right. A much safer approach than key escrow. But I'm going to talk about key escrow, because there *are* decent ways to do it. There are methods for key escrow that don't involve a single trusted party having all the keys. For example, you can generate a dozen random strings of bits, XOR them together, then XOR the result with your key. Take the result of that operation and it's your thirteenth string. Now you can hand the thirteen strings out to thirteen different people. Now if you get hit by a bus, or if they are *ALL* ready to subvert the protocol by working together, they can get together, XOR all the strings together, and produce your key. A reasonable protocol for a company with fourteen board members, perhaps. There would be no way to serve thirteen out of fourteen board members with subpeonas and still have the investigation of the fourteenth board member be a secret to the company. Third, there are methods for key escrow with a single escrow agent that don't allow the escrow agent access to the key while it's still live. Take your August key on August First, and use a digital timelock to put one solid month of computing between the company escrow officer and the key. Hand the escrow officer the resulting blob, and use your key with impunity until August 30. On the 30th, you encrypt everything with your September key. On September 1, if she's put the fastest available machine to work on it the whole time, the escrow agent gets your August Key. Now, if you get hit by a bus during august, the escrow officer will be able to get stuff from your drive after august -- but will never have your key while that key is still in use. Fourth, the trusted third party doesn't need access to your keys. I could set up a web service that generated complementary asymmetric key pairs and published them thirty days apart. Now when Alice wants to put her key in storage for the company escrow officer, she can come to my site, pick up the key of the day, encrypt her key with it, and hand it to Bob the escrow officer. If Bob needed to use the key, and it were more than a month later, he could come to my site and get the complementary key and decrypt Alice's key. With this setup, I'm the only one that knows the decryption key, and I don't know diddley about what's encrypted under it or where anything encrypted under it is stored. Bear
Filters
On Wed, 25 Oct 2000, David Honig wrote: At 08:06 PM 10/24/00 -0400, Ray Dillinger wrote: If nobody comes up with some filterware that works, then there will probably be continuing pressure to regulate content. Its called 'parenting' but most are too busy, so they ask the State, or machines (censorware, v-chips, rating systems, etc.) under others' control, to do it instead. Machines under *others* control? I think we have different ideas of what "filters" mean. I support the right of people to not see what they don't want to see, provided they can do it without restricting what the rest of us see. If they can buy software that blocks out the things they don't want to see, and run it, good for them and good for the software provider. Ditto Privately owned libraries - but probably not public ones, at least not unless they also maintain an *UN*censored connection. The v-chip does *not* prevent programming from reaching my home - it doesn't even prevent programming from reaching the homes of those who've willingly purchased and installed it, but it prevents stuff they'd find objectionable from being displayed on their screens. This is their right. After all, we're talking about *their* screens. Bear
Re: judges needing killing...
On Thu, 19 Oct 2000, jim bell wrote: Naturally, a chemical solution (pun not directly intended...but I'll take it anyway) becomes apparent. If the ultimate motivation of the car siezures is to sell them and keep the money, what would happen if somebody acquired a few ounces or gallons of PCB's (poly-chlorinated biphenyls; common in 20+year-old (non-electrolytic) capacitors), and sprayed them (only a very tiny amount per car should be necessary, maybe 1 milliliter or so?) into those siezed cars though a broken window (or injected through door seals). Naturally, it would be important to anonymously call the local newspaper or TV stations and report on what had occurred, possibly the EPA as well. That car would suddenly change from a $10,000 asset into possibly a $100,000 liability for the agency which siezed them.. Just a thought A thought, however, requiring people to handle PCB's -- which are no fun whatsoever, heavily regulated, hard to acquire (albeit relatively easy to synthesize), and all-around poisonous. That's damaging more than just the criminals in this case. That's damaging the planet. Instead, consider the possibilities of putrescine -- it's easier to synthesize, totally harmless ecologically speaking, legal to own (and legal to spill on your *own* property prior to seizure) and while it doesn't actually make the car into a 100K liability, it does make it so that nobody except a scrap metal dealer would ever pay any money for it. Don't inhale anywhere nearby after you open the vial though; If you do, you *will* puke. The stuff *NEVER* comes out, either. Bear
Re: Burglar Politics, Tempesting PC's that watch TV and DVD regions
On Wed, 11 Oct 2000, jim bell wrote: A popular, but false, myth. The video cards radiate more than the CRT's. Laptops tend to be the worst offenders. --Lucky Green [EMAIL PROTECTED] As to the video cards... Sorry, Lucky, but you're going to have to support this a little better. Emissions are a function of the signal voltage in a conductor, and the extent that this conductor is free to emit. Given that a laptop uses an LCD display, there's really no good reason, electronically speaking, why its video hardware should have to do the ((scan+horizontal_retrace)*+vertical_retrace) sequence that the technology for getting a coherent signal relies upon. But the fact is, laptop hardware does write bits in a predefined order, (in fact the same order as CRT-based machines) so it's a worthwhile question whether anyone can figure the order and pick up the emissions from the video hardware. This looks like the sort of thing that can be resolved by experiment though; Anybody got enough DSP smarts to put an induction coil next to a laptop monitor and *see* whether they can read the darn thing? Also, it looks like the sort of thing that could be designed around. If someone were building a "secure laptop" they could make a video system and drivers that wrote the bits in a different, randomized order each time, and which only wrote the changed bits. If anybody is actually making a product like this, it would be a strong indication that *somebody* with money to spend on RD considers it a valid threat model, because nobody makes products without a market. Bear
Re: Rijndael Hitachi
On Wed, 11 Oct 2000, Arnold G. Reinhold wrote: The fact that some people put Medeco's in glass doors, doesn't mean Medeco should never develop a better lock. I don't have a problem with people who manufacture locks. I have a problem with the people who sell them. A sign of irrational fear is when the thing that is the *symbol* of security -- in this case the lock, or the cipher, is made very strong -- but used in a way that does not afford good *actual* security. If the fear of being burgled weren't at least partly irrational, meaning if it were based mostly on experience rather than mostly on fear -- we'd be seeing doors with half-inch thick steel plates in them to provide the same level of security as the medeco lock -- and reinforced concrete walls to provide the same level of security as the door. Ditto ciphers. A strong cipher is like that Medeco lock, or even better - but if the "door" is a dumb key management policy, or the key is easily guessable, then what has been gained? Because what is a lock, really? It makes it harder to get in *without breaking anything*. But actual burglars could really care less whether they break some of your stuff -- provided it's stuff they can't steal. So if actual burglars were as common as the people who sell these fancy locks tend to make out in their sales pitches, most folks would know, from experience, that burglars who break a window or a door are far more common than burglars who pick a lock -- and would be demanding *actual* security, meaning windows, doors and walls made of unbreakable stuff, rather than just *symbolic* security, of a strong lock or a strong cipher. If you want to propose a "Paranoid Encryption Standard", IE, a system for people who actually *DO* expect people to spend several million bucks and hundreds of man-years and thousands of CPU-years trying to break it, then it's going to have to encompass a hell of a lot more than ciphers. Start with physical machine security -- put the box in a concrete bunker with armed guards, give it a flat-panel monitor and roll your own drivers and video hardware. Stick a thermite grenade with a photosensitive fuse in the hard drive box. Make a continuous circuit through all the case components, that will detect anybody taking the case off, and blow the HD if the circuit's broken. Do a couple dozen other things along this line, and you'll have the physical security thing covered about as well as your cipher protects the data. But you're not through yet -- you've got the lock and the door, but burglars can still come in through the windows and the walls. You've got to do some real serious data security as well. First of all, nothing unencrypted is EVER written to the hard drive except a bootstrap loader that prompts for a cipher key. When it gets the cipher key, it reads and attempts to unencrypt the rest of the boot record. There is NO swap partition, and no swapping OS is to be used. The system computes a new cipher key every day using a cryptographically strong random number generator, and notifies you of it in a pencil-and-paper cipher that you can solve. (on high-entropy binary data, pencil-and-paper ciphers are actually quite strong) That's the key you would need to use the following day. If you don't log on for one day, you will not have the key for the following day, period. Thus, if someone seizes your box and you can hold out for *one* day, the data is GONE. But the burglars can still come in, maybe, through the roof. So just to make sure of it, put a timer in there that blows the HD if it's ever been more than 24 hours since you were last logged on. *There's* your paranoid encryption standard. Use blowfish for the cipher, and the cipher won't be the weakest point. Bear
Re: stego for the censored
On Fri, 6 Oct 2000, Tom Vogt wrote: I'm currently thinking of whether or not it is feasable to put stego data into EVERY .mp3 downloaded. just put random data into those not intended to carry a message. On Fri, 6 Oct 2000, Ray Dillinger wrote: You're talking about making the audio channels a bit (more or less) thinner, but they're too thin already. On Sat, 7 Oct 2000, petro wrote: But if you make them a little "thinner" won't that mean that it will sound worse to more people, thus making the push for a better format? Um, possibly if *all* MP3's were made with stegodata. If there is *one* source of MP3's that's stego'd and a bunch of other people trying to make them sound as good as possible, the one supplier with consistently poor sound quality will stand out when someone goes looking for stegograms. One thing, which you pointed out in a comment I snipped above, is that some music adapts better to MP3 compression than other music. There is plenty of room for stegodata in synthesizer- pop bands like "Yes" and "The Eurythmics", but almost none in layered atmospheric music like "Enya". If you pick and choose which plaintexts to stego, you can probably be less obtrusive about it. Bear
Re: stego for the censored
On Fri, 6 Oct 2000, Tom Vogt wrote: I'm currently thinking of whether or not it is feasable to put stego data into EVERY .mp3 downloaded. just put random data into those not intended to carry a message. For the sake of us audiophiles, please don't. MP3 is tinny and flat at best; it ticks me off that most folks seem to hear it as "good enough", because if most folks hear it as "good enough" it means we're not going to get a better sound format widely used. You're talking about making the audio channels a bit (more or less) thinner, but they're too thin already. Bear
Re: Spam free secure email accounts.
On Wed, 4 Oct 2000, Tom Vogt wrote: same problem here: how do you find out whether or not a message is encrypted? Plaintext looks like plaintext. This isn't even a "real" problem, once you look at the text produced by, eg, PGP, GPG, and whatever else you allow on the system. You don't even have to have a human look at it; a simple program to count character distributions, character contacts, and line lengths can identify something as being the legitimate output of PGP, or whatever encryption program, with a margin of error so flat it's only theoretical. It would need to make a "profile" for PGP, another one for GPG, etc -- then look at incoming messages to see if they match the profile. I mean, yeah, people could theoretically get stuff past it, or it could theoretically bounce encrypted messages -- but people can also theoretically guess a 128-bit encryption key on the first try, and I wouldn't expect that to happen. Ray
Re: CDR: Re: Spam free secure email accounts.
On Wed, 4 Oct 2000, Jim Choate wrote: On Wed, 4 Oct 2000, Ray Dillinger wrote: Plaintext looks like plaintext. Yeah, if the only thing you right is simple English. Most of the planet doesn't speak English and their plaintext doesn't necessarily look like plaintext. This is a xenophobic view. No, it's not. Every natural language has a detectable frequency distribution and contacts. *ALMOST* every cipher does not. Someone could be writing martian using the cyrillic alphabet, and you could still look at it and say "this character occurs seven times as often as average and is never followed by that character. This other character is preceded by the same character fully half the time it appears. And over here we have a set of characters one of which *always* follows any appearance of any member of this other set of characters (which is a constant in almost all languages with plosive consonants -- the only thing that normally follows a plosive consonant is a vowel...) You don't have to know what it says or what language it is. Plaintext looks like plaintext, and by the time you have more than 50 characters the probability curve of mistaking it for anything else is flat as a goddamn strap. This isn't even a "real" problem, once you look at the text produced by, eg, PGP, GPG, and whatever else you allow on the system. Ah, here's the rub. Here we are trying to stop the government and other organizations from dictating 'standards' and yet here you are wanting to impose another one. Did I say someone else couldn't set up a crypto-only mailer using DES and AES? You always get to dictate 'standards' for systems you own. I always get to dictate standards for systems I own. And the government rightfully gets to dictate standards for systems it owns. Sometimes it tries to do more than is rightful, but that is another question. The function of an anonymous remailer should NOT be context/content sensitive. Uh, now who's trying to impose a standard? You want a system that _someone_else_ runs to conform to _your_ ideas of what it ought to do. You get to dictate standards on systems _YOU_ own -- not on anyone else's. Bear
Re: one time pad and random num gen
On Tue, 3 Oct 2000, Kevin Elliott wrote: A cryptographically strong PRNG would then be a PRNG with a very large period and some way of reinjecting randomness to guarantee the device never begins to recycle. -- Isn't that a misnomer though? If randomness is reinjected to prevent the system from falling into a period, then it won't be possible to generate the same sequence of bits twice -- so you can't use such a system for a PSEUDO-random generator, in applications like a stream cipher or whatever. Programs rely on the same sequence coming out of the same initial state with a PRNG -- otherwise things like stream ciphers can't be decrypted. What you describe above, I'd have termed an RNG - not a PRNG. Bear
Re: one time pad and random num gen
On Tue, 3 Oct 2000, Kevin Elliott wrote: Actually if you can pull that off you've got yourself a darn fine real random number generator- any PRNG has to have some period after which it will begin to recycle (assuming no other randomness in introduced into the system), in which case you just set ithe period and read off future states using current state +1 = current state - period + 1. True, but the period can be made such that the last star in the universe will die and grow cold first. If you have for example a 256-byte internal state, and your PRNG is a full permutation (ie, eventually every possible state is on the path of the "cycle") you don't really need to worry about it. Bear
Re: New email could confound law enforcement
On Sun, 24 Sep 2000 [EMAIL PROTECTED] wrote: Rival products include HushMail, ZixMail, Disappearing Inc. and Authentica. I own Disappaering Inc. We have no such product and we have no such product under development. Ray Dillinger
Re: New email could confound law enforcement
ownloaded from a website, I would have to suspect since it's made in the US that somewhere in the headers or trailers, the message bears a block that contains most of the key (all but the last 40 bits) encrypted in a form the NSA (and whomever else has their key) can read. -- This is the same thing that happened to Netscape after v4.07 for example, and Internet Explorer after v4. If it can't be exported, that would be a good sign. Aside from that, I don't know the particulars of the encryption they use - they claim to use a product cipher, but so far I haven't seen what the components of the product cipher are, what the key lengths are, how they do key management, etc etc etc. Ray Dillinger Disappearing Inc
Re: New email could confound law enforcement
Correction: After a web search through USPTO, I find that there is another company also named Disappearing Inc, on Howard street in San Francisco. This is probably the company that was referred to. To clarify: I have done business as "disappearing inc", and I am the owner of the domain name "disappearing-inc.com", which I have not yet used. This pisses me off now they'll probably try to evict me as a cybersquatter. Ray Dillinger On Mon, 25 Sep 2000, Ray Dillinger wrote: On Sun, 24 Sep 2000 [EMAIL PROTECTED] wrote: Rival products include HushMail, ZixMail, Disappearing Inc. and Authentica. I own Disappaering Inc. We have no such product and we have no such product under development. Ray Dillinger
Re: New email could confound law enforcement
Well, after a short conversation with the USPTO's server, I now have an application on file for a trademark which I can use to defend my business' web address. Unfortunately, after a short discussion with the California Corporation Commission, it appears that I cannot now incorporate under the name "Disappearing Inc" because these guys already did. As it turns out, all the trademark applications they've filed that would interfere with the application I filed are being disputed by the USPTO as being too general -- they are mainly just descriptive words. So they don't actually have trademarks they could use to kick me off my domain name yet. Anyway -- the way it looks now, there's a decent chance of my application being approved, and if that happens, then it will conflict/interfere with the trademark applications they've filed and those applications will have to be refused. There is also a chance that the trademark applications they have filed will be approved, and if that happens then mine will be refused as it will be found in conflict with theirs. And the wheels grind on Sigh. I ordered DSL service so I could put this site up on my own server way back in April. It's scheduled to be installed on October 3. Argh, Argh, Argh Ray On Mon, 25 Sep 2000, Ray Dillinger wrote: Correction: After a web search through USPTO, I find that there is another company also named Disappearing Inc, on Howard street in San Francisco. This is probably the company that was referred to. To clarify: I have done business as "disappearing inc", and I am the owner of the domain name "disappearing-inc.com", which I have not yet used. This pisses me off now they'll probably try to evict me as a cybersquatter. Ray Dillinger On Mon, 25 Sep 2000, Ray Dillinger wrote: On Sun, 24 Sep 2000 [EMAIL PROTECTED] wrote: Rival products include HushMail, ZixMail, Disappearing Inc. and Authentica. I own Disappaering Inc. We have no such product and we have no such product under development. Ray Dillinger
Re: A cool idea that didn't hold up under cryptanalysis.
On Thu, 21 Sep 2000, Marcel Popescu wrote: Would you mind writing a "tutorial for the beginner cryptanalist"? Mark Maybe in a year or so. Right now I'm working on a reference book on cryptographic protocols, and it's looking like it's gonna take a pretty major chunk of work. Meanwhile, if you read "The Codebreakers" by David Kahn, you will find a few gems of pencil-and-paper cryptanalytic technique in there sandwiched by lots and lots of history. The history is interesting though, so it won't be a boring or frustrating hunt. Bear
Can we PLEASE discuss free speech instead of content?
On Tue, Sep 19, 2000 at 01:52:54AM -0400, Jodi Hoffman wrote: And more from this "only TEENAGERS and adults" website... MASSIVE SNIP Ms. Hoffman, please stop posting this crap to the Cypherpunks list. It won't help. It is damned insulting to everyone here that you seem to expect us to confuse content with context. Although you seem to demand it, and although several people have allowed themselves to get dragged down to that level by your hyperbole and your refusal to talk about anything else, the content of the site is utterly irrelevant to this discussion. Please understand, the content of the site is NOT what the argument is about, and you constantly dragging it back into the discussion is unproductive, not to mention infuriating. The argument is about context -- whether it is tolerable to have laws that constitute prior restraint of speech. It is NOT. The content of the site is utterly irrelevant to this question, and posting chunks of it as though it were is only insulting the other subscribers of this list. Speech MUST remain free, even if the actions it advocates are both odious and illegal. Speech is not action. Suppressing speech on the basis of content, as though it were action, is intolerable. Content is not Context. Bear --- "And even though I say 'Fuck you', enthusiastically enough, it's not as though I ever would, not in a million years... Well, maybe if I was stoned off my ass, but that doesn't count...' Hunter S Thompson
Re: VISA to smartcard the US
Hmmm. These devices could be useful, even without using them as credit cards. I wonder if you could buy a batch of them from the manufacturer with custom software installed? It would sure be nice if I could make a physical key token that would render my system completely useless if the key were, say, in my wallet at work, and the computer found its way to, say, the hands of someone carrying out an illegal search and seizure. likewise it would be nice to store PGP keys on, etc -- bits of data that you want to maintain complete physical control of at all times. "Oppression is sometimes best fought with the tools that the oppressors have built for their own use." I want a PGPdisk you can boot from. Bear On Tue, 12 Sep 2000, A. Melon wrote: Sep 12, 2000 - 07:27 PM Visa USA to Launch Smart Card in the U.S. The Associated Press NEW YORK (AP) - After success with its smart card in Europe and Japan, Visa is aiming squarely at the U.S. market with an upgraded version that contains more memory. Over the next couple of weeks, Visa USA, the companys U.S. division, will be launching smart cards - microprocessors embedded in plastic -that will offer prepackaged services to be determined by its issuers. Customers will be able to download information from their computers via special card readers. Over the next year or so, they will be able to store airline tickets, for example, and eventually use the cards as keys to their cars and homes. The card, which has 32 kilobytes of memory, is different from Visas original version, which has mainly served as a "monetary value card," said Al Banisch, senior vice president of consumer credit products. The new card will be available free to Visas 350 million cardholders.
Re: Breaking eggs
I'm of the opinion that an *attempted* crime should probably be punished as a crime. The question is of action, knowledge, and intent, rather than result. I'm also of the opinion that people do not have the right to take reasonably foreseeable risks with other people's lives or property, and that doing so is reasonable to define as a crime. A man who fires a gun into a crowd, without the permission of the people in that crowd, has committed a crime by risking the lives and well-being of others. A man who merely waves a gun around has not yet committed a crime, but the police probably ought to stop him anyway. I don't say he should be tried, convicted and found guilty of something, but a police entity of some sort seems to be the most effective means at society's disposal for defusing the situation. And that's a distinction that a lot of folks never think about; there is a lot of ground between "Needs to be stopped before someone gets hurt" and "Has Committed a Crime." Sometimes a police officer has more knowledge of the situation than someone else does; the guy throwing rocks into the water off the cliff may not know that it's a pearl bed and there are a lot of pearl divers down there at this time of morning. The police officer who knows that, needs to stop the guy from throwing rocks. Has the guy committed a crime? Probably not, but if he's hurt someone he ought to be responsible to that person or that person's family. But if he goes on throwing rocks after the police stop him the first time, he has committed a crime and needs to be charged, tried, and convicted. It's popular to debate clear, bright lines of law and ethics, but the fact is that we make the police responsible both for things that are crimes and for things that are not, and that sometimes the same act can be a non-crime that just needs to be stopped, or a crime whose perpetrator requires arrest, depending on the knowledge and intent of the actor. So, we don't really have clear bright lines that give themselves to absolutist interpretation. Bear
Re: CARNIVORE HEARINGS NOW ON C-SPAN 10:30PM PDT
Declan McCullagh wrote: When it comes to maintaining the size of government or giving more money to police, there is rarely gridlock. Look at the ever-increasing FBI budgets, for instance. This should be expected, actually; In the presence of strong crypto and really good surveillence equipment (such as spy satellites), War as such is obsolete -- it means too big a cost in terms of infrastructure. Instead, you can get your intel *out* of the country (using strong crypto) or *about* the country (using surveillence equipment), learn about exact targets, and send your operatives in. No muss, only a little fuss, and you often wind up in control of infrastructure that you'd have had to destroy otherwise, usually with whatever remains of the original government acting as your puppet, er, your proxy. Sometimes the naibs get upset and refer to your operatives as "terrorists". Heck, sometimes that's exactly what they are. If the best way for you to change the policy of a foreign country to something you like better is to terrify them, then that's the kind of operation you'll send your guys over to do. Anyway, one of the FBI's major jobs is to keep countries and other terrorist organizations from doing this to the USA -- as this type of thing becomes the dominant mode of last-resort diplomacy (as it assumes the position formerly occupied by war) you will be seeing the army's budget decline and the FBI's (and CIA's, and NSA's) budget get bigger. Our problem is that the FBI cannot stop these guys in a free country. So it will be asking for more and more resources, and occasionally doing really silly crap like this; Carnivore is not going to allow the FBI to catch any terrorists working for nation states, or other dangerous organizations - those guys have training. It will probably allow them to catch future generations of Tim McVeigh's crowd (assuming they use the 'net at all) but that's not nearly as important, because those organizations have no plan or unified agenda - their actions are merely white noise, as opposed to orchestrated campaigns likely to accomplish any specific purpose. The thing is, they're *pretending* that it will allow them to catch the dangerous ones, because they're under such tremendous pressure to produce something, anything, that will be effective against them. Ray