Re: Fornicalia Lawmaker Moves to Block Gmail
On Wed, Apr 14, at 08:22PM, Justin wrote: | I'm not concerned with the advertising itself. My concern is that the | Gmail service would provide an unacceptable level of detail on message | content to whoever's monitoring the advertisement logs. I only say something because I have seen this point before and find it ludicrous. How much more detail than the message itself does the advertizing agency need? Google is the one targetting the adds at its customers. Google is the organization with all the emails. If they want to know what's in your emails, they don't need to bother to come up with an elaborate scheme for it... You never have to delete email doesn't have to be an advertizing pitch for customers. Rather, it can be a nice nifty advertizing pitch for the feds. Why subpeana the advertizing logs when you can subpeana the emails themselves?
Re: Fornicalia Lawmaker Moves to Block Gmail
At 01:22 PM 4/14/2004, Justin [EMAIL PROTECTED] wrote: I'm not concerned with the advertising itself. My concern is that the Gmail service would provide an unacceptable level of detail on message content to whoever's monitoring the advertisement logs. Unacceptable to whom, and what should they do about it if they don't accept it? If Joe Sixpack to trade the privacy issues for the convenience, because like most of the public his value systems prefer dancing pigs to security, that's his business, and if he doesn't, that's his business too. But if Liz Figueroa doesn't accept it, and makes laws banning it, because she knows better than Joe what's good for him, well that's typical tacky legislator behaviour, and she need to be educated on why the free market really does make people more free. It would be especially tacky if she argued that Google was somehow abusing their quasi-monopolistic powers here - after all, there are probably over 1000 different free or cheap email providers out there, and you can look them up in Google, and of course many of them are out of her jurisdiction. Personally, I'm also concerned about the depth of detail that might or might not be visible to the advertisers. Do they get queries on keywords or phrases the way banner ads do? How much user information gets passed along with them? Does it only get passed if you click on the ad, or on all queries? Do the advertising calculations get done when the mail is received, or only when you read any given message, or also when you search your inbox for keywords? I'm guessing they don't do the former, because you'd otherwise see lots of banner ads for things you receive email about, and I get enough spam already, thank you :-) Bill Stewart [EMAIL PROTECTED]
OHP's Col. Paul McClellan Makes Misleading Statements about MATRIX Database?
Note from Matt Gaylor: Ohio Highway Patrol Superintendent, Colonel McClellan says in the below article that the availability of the Matrix database could have brought more law-enforcement attention sooner to the recent Columbus-area car shootings that included the killing Nov. 25 of Gail Knisley on I-270. Additionally, Colonel McClellan commented that he can get better Intel from the public library than he can at his office. Col. McClellan's statements are somewhat strange given the fact that Ohio had already been enrolled in the MATRIX database surveillance system during the sniper shootings. This raises the question of the usefulness of the MATRIX system in general or the Patrol's ability to use the system. Col. McClellan gives the impression that Ohio does not have access to the MATRIX system, when in fact Ohio does. --- Article published Friday, April 9, 2004 Database search system debated Police agencies, civil libertarians divided over online records access By DAVID PATCH BLADE STAFF WRITER http://www.toledoblade.com/apps/pbcs.dll/article?AID=/20040409/NEWS03/404090385/-1/NEWS Information in a controversial database searching system already is publicly available but not coordinated so law-enforcement officials can easily use it to investigate crimes or thwart terrorism, the head of the Ohio Highway Patrol told a local trucking group yesterday."Right now, the public library has better information than we do," Col. Paul McClellan, the patrol's superintendent, told the Toledo Trucking Association at the Toledo Club. "When I go home at night, I can find out more about people by surfing the Internet on my home computer than I can in my office." The MATRIX search system, which combs public records like driver's licenses, vehicle registrations, court records, and land transaction information, is available only to law-enforcement personnel with a specific investigative purpose, the colonel said. The system, whose name stands for Multi-State Anti-Terrorism Information Exchange, is managed by a Florida firm under contract to five states that are piloting it, including Ohio and Michigan. So far, however, Ohio is not fully participating by contributing photos or Social Security numbers from its licensing records, the colonel said. Civil libertarians argue that the system is an open invitation for police to track the behavior of ordinary citizens, regardless of their involvement in criminal or terrorist activities. MATRIX effectively is "an advanced surveillance system" designed not only to "build dossiers on all of our lives," but also to allow rapid mathematical searches for supposed irregular patterns that might identify troublemakers, according to the American Civil Liberties Union. "Judgments about reasonable suspicion of criminal activity are fundamentally human judgments that cannot now be made accurately by computers," the ACLU said in a recent position paper on the subject. "They make it sound like such an ominous project, but it's not. It's very open," responded Sal Hernandez, vice president of Seisint, Inc., a Boca Raton, Fla.-based information services firm that pioneered the system and manages it for its multistate clients. MATRIX data represent "things the cops already have, but it's putting it all in one place and letting the police access it faster." Dean Kaplan, the trucking association's president who, with his wife, operates a local trucking firm specializing in hazardous materials transport, said his main concern about the system would be if its capability "gets into the wrong hands." Seisint asserts that the system is protected by the most advanced online security available. Colonel McClellan, meanwhile, said that availability of such a system could have brought more law-enforcement attention sooner to the recent spate of Columbus-area car shootings that included the killing Nov. 25 of Gail Knisley on I-270. Only after Mrs. Knisley's death did area police start comparing notes and realize that each had received similar reports of gunshots hitting vehicles on I-270 and other nearby roads, he said. A system like MATRIX would have allowed various agencies to enter what they knew about the case and start narrowing the field of suspects sooner, he said. Charles C. McCoy, Jr., 28, who was arrested March 17 in Las Vegas, pleaded not guilty Monday to charges accusing him of 12 of 24 shootings dating to May, 2003. Contact David Patch at: [EMAIL PROTECTED] or 419-724-6094. ### Distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. ---
Re: legally required forgetting
At 07:20 PM 4/10/04 -0400, An Metet wrote: .. BlackNet thwarts such limitations on the reporting of consumer credit. Clearly, providing access to this data harms individual privacy. Yet Cypherpunks traditionally have supported this concept. A privacy advocacy group promotes technology which would aid the compilation of individual dossiers and allow access to personally identifying data about past financial transactions. All that's needed is for a creditor to publish the names and addresses of his 180-day overdue accounts in some public forum, or to file lawsuits that become public record. Web-accessible archives will do the rest. It's not like the credit reporting rules would necessarily keep a private investigator now from finding out that you declared bankruptcy twenty years ago. .. Today, the Cypherpunks list is but a shadow of its former glory, with anarcho-capitalism all but forgotten in favor of fashionable nihilism, libertarians replaced by liberals. Perhaps it is not too late to resurrect the ideals of the past, but it will require hard work and open mindedness on the part of all. Well, some of the ideals, or at least assumptions, haven't survived encounters with the facts too well. Moore's law has continued apace, strong crypto is widely available, but would anyone claim we have more privacy now than in 1990? Nor is this only because of 9/11 (asymmetric warfare apparently *does* work pretty well, though it's hard to see how that's done anything for the cause of freedom in the US); surveilance cameras, OCR, biometric readers and data mining techniques are all getting cheaper. The split seems to be that most people lose privacy, while those who really care a lot gain a little privacy, albeit by standing out as obvious people-with-something-to-hide, activists, or cryptographers. The math behind anonymous payment schemes is well-understood, and processors are fast enough to do signatures and blinding and all the rest pretty painlessly, now. But e-commerce is still all about credit cards over SSL (on a browser that is manifestly *not* a piece of security software!), if that. It's ironic. All the things that seemed like barriers to serious privacy for the masses--Clipper, export controls, the RSA patent, processors barely powerful enough to do serious public key operation before the user lost patience--are either gone or much-diminished. But we still don't have serious privacy for the masses, or even widespread use of crypto in a way that protects communications privacy. It's not like I expected my mom to be making her money trading gold-denominated Burmese opium futures[1] by now. But I at least expected my phone calls and e-mails to her not to be trivially tapable! [1] Classical reference --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
RE: voting
At 11:05 AM 4/9/04 -0400, Trei, Peter wrote: .. 1. The use of receipts which a voter takes from the voting place to 'verify' that their vote was correctly included in the total opens the way for voter coercion. I think the VoteHere scheme and David Chaum's scheme both claim to solve this problem. The voting machine gives you a receipt that convinces you (based on other information you get) that your vote was counted as cast, but which doesn't leak any information at all about who you voted for to anyone else. Anyone can take that receipt, and prove to themselves that your vote was counted (if it was) or was not counted (if it wasn't). (This is based on attending a presentation of David's scheme at George Washington a few months ago, a conversation I had with a VoteHere guy, and some conversations and documents given to me by each. I haven't tried to verify the protocols or proofs, but I'm convinced that all this is possible, modulo various assumptions. There may be a dozen other people doing similar things, that I've simply not heard of.) .. 1. How does this system prevent voter coercion, while still allowing receipt based recounts? Or do you have some mechanism by which I can personally verify every vote which went into the total, to make sure they are correct? The way I understood these schemes, you can see the initial encrypted ballots (they're published), and then there are several rounds of publically verifiable shuffling and decryption by different TTPs. After the last round of shuffling and decryption, you have raw votes. So anyone can verify the count, assuming the set of initial encrypted ballots are legitimate. And anyone can produce a receipt that can be shown to be one of those encrypted ballots, if it was counted. That doesn't keep someone from stuffing the ballot box, but it does mean that anyone who throws away unfavorable votes is going to leave behind evidence, which can potentially call the whole vote into question. The way I saw these schemes described, there was no recount capability, but the count was done in a completely public way. It seems to me that this kind of scheme has a lot of potential for disruption attacks, since one compromised voting machine can be used to call any election into question. But I could be missing something, as this is really not something I've spent a lot of time on 2. On what basis do you think the average voter should trust this system, seeing as it's based on mechanisms he or she cant personally verify? I see your point, but there's an awful lot of any voting system that isn't being closely observed by the voters, or that isn't really well-understood by most of them. It's not so clear to me that the average voter is going to walk away convinced that a voter-verified paper ballot, or a mark-sense ballot, or whatever other thing isn't going to somehow be subject to attack. Or that if they do walk away convinced, that this has much to do with whether they *should* walk away convinced. 3. What chain of events do I have to beleive to trust that the code which is running in the machine is actually and correctly derived from the source code I've audited? I refer you to Ken Thompsons classic paper Reflections on trusting trust, as well as the recent Diebold debacle with uncertified patches being loaded into the machine at the last moment. Yep, this is a big issue. Which is why I think everyone with any sense agrees that we need some kind of independent audit trail, regardless of whether we're doing voting with computers, or with pens for punching out holes. There are a bunch of ways to do this, one obvious and pretty easy-to-field choice being voter-verified paper ballots. This last is an important point - there is no way you can eliminate the requirement of election officials to behave legitimately. Since that requirement can't be done away with by technology, adding technology only adds more places the system can be compromised. Huh? Do you think the same is true of payment systems? Those also ultimately require some humans to play by the rules, but it sure seems like a well-designed payment system can remove a lot of the ambiguity about who has violated the rules, and can outright prevent other kinds of rule violations. And it seems to me that this is very similar to the situation with voting. Touch screen voting (with the audio extensions) has at least one huge advantage over pen-and-paper schemes, because blind people can vote with them. The VoteHere and Chaum schemes provide other benefits (a lot of kinds of misbehavior by the authorities are prevented by the design, though of course, not *all* possible misbehavior), at various costs in system complexity, dependence on lots of interacting systems that might not be all that reliable, ability to recover from some low level of fraud, etc. Paper ballots printed behind glass provide a different set of tradeoffs. And you could design
RE: voting
One area we are not addressing in voting security is absentee ballots. The use of absentee ballots is rising in US elections, and is even being advocated as a way for individuals to get a printed ballot in jurisdictions which use electronic-only voting machines. Political parties are encouraging their supporters to vote absentee. I believe that one election in Oregon was recently held entirely with absentee ballots. For classic polling place elections, one strength of an electronic system which prints paper ballots is that there are two separate paths for the counts. The machine can keep its own totals and report them at the end of the election. These totals can then be compared with the totals generated for that precinct by counting the paper ballots. This redundancy seems to me to provide higher security than either system alone. Cheers - Bill - Bill Frantz| There's nothing so clear as a | Periwinkle (408)356-8506 | vague idea you haven't written | 16345 Englewood Ave www.pwpconsult.com | down yet. -- Dean Tribble | Los Gatos, CA 95032
Re: voting
John Kelsey wrote: At 11:05 AM 4/9/04 -0400, Trei, Peter wrote: 1. The use of receipts which a voter takes from the voting place to 'verify' that their vote was correctly included in the total opens the way for voter coercion. I think the VoteHere scheme and David Chaum's scheme both claim to solve this problem. The voting machine gives you a receipt that convinces you (based on other information you get) that your vote was counted as cast, but which doesn't leak any information at all about who you voted for to anyone else. Anyone can take that receipt, and prove to themselves that your vote was counted (if it was) or was not counted (if it wasn't). The flaw in *both* cases is that it reduces the level of privacy protection currently provided by paper ballots. Currently, voter privacy is absolute in the US and does not depend even on the will of the courts. For example, there is no way for a judge to assure that a voter under oath is telling the truth about how they voted, or not. This effectively protects the secrecy of the ballot and prevents coercion and intimidation in all cases. Thus, while the assertion that Only if all the trustees collude can the election be defrauded may seem to be reasonable at first glance, it fails to protect the system in the case of a court order -- when all the trustees are ordered to disclose whatever they know and control. Also, the assertion that All of this is possible while still m aintaining voter secrecy and privacy essential to all public elections is incorrect, for the same reason. Moreover, the assertion that Vote receipts cannot be used for vote selling or to coerce your vote is also incorrect, for the same reason. These shortcomings do not depend on any specific flaw of a shuffling process, a TTP, or any other component of either system. Rather, it is a design flaw. A new election system should do no harm -- reducing the level of voter privacy and ballot secrecy should not be an acceptable trade-off for changing from paper to electronic records, or even electronic verification. Court challenges are a real scenario that election officials talk about and want to avoid. Without making voter privacy inherently safe from court orders, voter privacy and ballot secrecy are at the mercy of casuistic, political and corruption influences -- either real or potential. When the stakes are high, we need fail-safe procedures. Now, you may ask, is there any realistic possibility of a court order for all trustees to reveal their keys? Yes, especially in a hot and contested election -- and not only Bush vs. Gore. Many local elections are very close and last year an election in California was decided by *one* vote. For example, the California Secretary of State asked this as an evaluation question, when they were testing voting systems for the 2000 Shadow Election Project. The question was whether and to what extent the voting system could be broken under court order for example, if some unqualified voters were wrongly allowed to vote in a tight election and there would be a court order to seek out and disqualify their votes under best efforts. Perhaps a trustee could be chosen who would be immune even from a US court order? Well, not for a US election, which is 100% under state and/or federal jurisdiction. But there are additional scenarios -- a bug, Trojan horse, worm and/or virus that infects the systems used by all trustees would also compromise voter secrecy and, thereby, election integrity. Cheers, Ed Gerck
US Brings Freedom of Expression to Iraq
For extra credit, try to find even one mainstream newspaper in AmeriKKKa's Rah Rah free press in which this international wireservice story is printed. See the Neocons argue that because the story only appears in the Arab press, it can't be true. Hey, it worked with Accused Jewish War Criminal Ariel Sharon's The Jewish people control AmeriKKKa remarks. Somehow, I don't think beating people and bulldozing their houses and businesses every time some writing or image the US chooses to characterize as anti-Coalition is spotted, does much to further the US message that we are bringing democracy to Iraq, and that those opposed to our behavior hate our freedoms. It's too bad an alien power can't just lift all 157,000 US troops and associated military hardware from Iraq, compact it into a cube, and drop it on the White House lawn for Shrub to explain to the AmeriKKKan people. I once said there are no civilians in Israel, not even the babies after the Jewish people re-elected Accused War Criminal and Egregious Human Rights Violator Ariel Sharon in an overwhelming landslide, enthusiastically supporting his defiance of International Law, and deliberate oppression of the Palestinian people. If the AmeriKKKan people re-elect George W. Bush, who has made a mockery of the UNited Nations, started a war of conquest based on deliberate lies, in violation of International Law, with complete contempt for the wishes of the world community, I don't suppose there'll be any civilians in AmeriKKKa either, and therefore, it will be impossible to label any destructive act committed against the US, either at home or abroad, as terrorist. - KUT, Iraq (AFP) - An Iraqi has died of his wounds after US troops beat him with truncheons because he refused to remove a picture of wanted Shiite Muslim leader Moqtada al-Sadr from his car, police said Wednesday. The motorist was stopped late Tuesday by US troops conducting search operations on a street in the central city of Kut, Lieutenant Mohamad Abdel Abbas told AFP. After the man refused to remove al-Sadr's picture from his car, the soldiers forced him out of the vehicle and started beating him with truncheons, he said. US troops also detained from the same area five men wearing black pants and shirts, the usual attire of al-Sadr's Mehdi Army militiamen and followers. Qassem Hassan, the director of Kut general hospital, identified the man as Salem Hassan, a resident of a Kut suburb. He said the man had died of wounds sustained in the beating. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division Do What Thou Wilt Shall Be The Whole Of The Law
RE: US Brings Freedom of Expression to Iraq
I don't suppose there'll be any civilians in AmeriKKKa either, and therefore, it will be impossible to label any destructive act committed against the US, either at home or abroad, as terrorist. Ah shit I hate hearing this. Is it possible to retroactively re-cast a terrorist attack (eg, World Trade Center) into regular old, 'valid' warfare? Bush policies seem to be doing this. Meanwhile, it seems Al Qaeda has offered some kind of bizarre 'treaty to the Europeans while hardening their stance on the US. SOunds like there getting smarter... -TD From: Eric Cordian [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: US Brings Freedom of Expression to Iraq Date: Thu, 15 Apr 2004 11:02:53 -0700 (PDT) For extra credit, try to find even one mainstream newspaper in AmeriKKKa's Rah Rah free press in which this international wireservice story is printed. See the Neocons argue that because the story only appears in the Arab press, it can't be true. Hey, it worked with Accused Jewish War Criminal Ariel Sharon's The Jewish people control AmeriKKKa remarks. Somehow, I don't think beating people and bulldozing their houses and businesses every time some writing or image the US chooses to characterize as anti-Coalition is spotted, does much to further the US message that we are bringing democracy to Iraq, and that those opposed to our behavior hate our freedoms. It's too bad an alien power can't just lift all 157,000 US troops and associated military hardware from Iraq, compact it into a cube, and drop it on the White House lawn for Shrub to explain to the AmeriKKKan people. I once said there are no civilians in Israel, not even the babies after the Jewish people re-elected Accused War Criminal and Egregious Human Rights Violator Ariel Sharon in an overwhelming landslide, enthusiastically supporting his defiance of International Law, and deliberate oppression of the Palestinian people. If the AmeriKKKan people re-elect George W. Bush, who has made a mockery of the UNited Nations, started a war of conquest based on deliberate lies, in violation of International Law, with complete contempt for the wishes of the world community, I don't suppose there'll be any civilians in AmeriKKKa either, and therefore, it will be impossible to label any destructive act committed against the US, either at home or abroad, as terrorist. - KUT, Iraq (AFP) - An Iraqi has died of his wounds after US troops beat him with truncheons because he refused to remove a picture of wanted Shiite Muslim leader Moqtada al-Sadr from his car, police said Wednesday. The motorist was stopped late Tuesday by US troops conducting search operations on a street in the central city of Kut, Lieutenant Mohamad Abdel Abbas told AFP. After the man refused to remove al-Sadr's picture from his car, the soldiers forced him out of the vehicle and started beating him with truncheons, he said. US troops also detained from the same area five men wearing black pants and shirts, the usual attire of al-Sadr's Mehdi Army militiamen and followers. Qassem Hassan, the director of Kut general hospital, identified the man as Salem Hassan, a resident of a Kut suburb. He said the man had died of wounds sustained in the beating. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division Do What Thou Wilt Shall Be The Whole Of The Law _ MSN Toolbar provides one-click access to Hotmail from any Web page FREE download! http://toolbar.msn.com/go/onm00200413ave/direct/01/
