Re: layered deception
At 10:32 PM 4/28/01 -0700, Steve Schear wrote: At 11:46 PM 4/28/2001 -0400, Declan McCullagh wrote: I rather like the idea of encrypting the logs on the fly and shipping them offshore. Your offshore partner will be instructed to turn over the logs only if you are not asking for them under duress. (A reasonable protocol can probably be worked out. Would a court order instruct you to lie? If so, would it be valid?) One of the simplest and most effective ways to accomplish this is to require the legally responsible corporate person to physically show up at the offshore location as proof of a lack of duress. A location which does not have extradition contracts with the homeland...
Re: layered deception
Tim May [EMAIL PROTECTED] wrote: A profound new insight. We still await some real insights from a real graduate student (!), beyond her saying that we don't know as much as she says she knows. BTW, I have removed the additional addresses (David Honig [EMAIL PROTECTED], Declan@Well. Com [EMAIL PROTECTED], Steve Schear [EMAIL PROTECTED]). When a list is replied to, there is no need to carry along the baggage of everyone who has added to a thread. --Tim May Why bother to continue the thread when you have nothing of value to add? Regards, Matt- ** Subscribe to Freematt's Alerts: Pro-Individual Rights Issues Send a blank message to: [EMAIL PROTECTED] with the words subscribe FA on the subject line. List is private and moderated (7-30 messages per week) Matthew Gaylor, 2175 Bayfield Drive, Columbus, OH 43229 (614) 313-5722 ICQ: 106212065 Archived at http://groups.yahoo.com/group/fa/ **
Re: layered deception
At 11:46 PM 4/28/2001 -0400, Declan McCullagh wrote: I rather like the idea of encrypting the logs on the fly and shipping them offshore. Your offshore partner will be instructed to turn over the logs only if you are not asking for them under duress. (A reasonable protocol can probably be worked out. Would a court order instruct you to lie? If so, would it be valid?) One of the simplest and most effective ways to accomplish this is to require the legally responsible corporate person to physically show up at the offshore location as proof of a lack of duress. steve
RE: layered deception
there is no requirement for maintaining log files (unless specifically directed otherwise.) log files contain either marketing value or sysadmin value -- in both cases specific ip addr info isn't necessary to maintain that value (except in case of anomalous activity). one could collect info without identifying information. same principle applies to e-mail. once mail is deleted from a pop or imap or whatever server, there is no requirement to keep the backup tapes of e-mail. in fact the larger isps no longer keep deleted e-mail...they maintain only e-mail headers for up to six months. smaller isps should follow in these steps (though i'd argue you shouldn't even keep header info.) don't save it if you don't really truly need it. phillip -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Declan McCullagh Sent: Saturday, April 28, 2001 11:46 PM To: Anonymous Cc: [EMAIL PROTECTED] Subject: Re: layered deception I rather like the idea of encrypting the logs on the fly and shipping them offshore. Your offshore partner will be instructed to turn over the logs only if you are not asking for them under duress. (A reasonable protocol can probably be worked out. Would a court order instruct you to lie? If so, would it be valid?) -Declan On Sat, Apr 28, 2001 at 03:45:38PM -0600, Anonymous wrote: In view of the recent gimme-the-logs-or-we-fuck-you activities of armed men (http://www.indymedia.org/front.php3?article_id=36912group=webcast , http://seattle.indymedia.org/display.php3?article_id=3013 ) what would be the legal consequence of the following: 1. A virus is designed that spreads itself in some standard way and that deletes log files of popular http server implementations. 2. Files are deleted when virus receives a packet on a known port. 3. Detection of virus requires more than average admin can do. So when logs are requested an outside 3rd party can maliciously remove logs. The first several ISPs to contract this virus will probably get fucked, but by then it should become obvious that the ISP cannot effectively control the virus.
Re: layered deception
I rather like the idea of encrypting the logs on the fly and shipping them offshore. Your offshore partner will be instructed to turn over the logs only if you are not asking for them under duress. (A reasonable protocol can probably be worked out. Would a court order instruct you to lie? If so, would it be valid?) -Declan On Sat, Apr 28, 2001 at 03:45:38PM -0600, Anonymous wrote: In view of the recent gimme-the-logs-or-we-fuck-you activities of armed men (http://www.indymedia.org/front.php3?article_id=36912group=webcast , http://seattle.indymedia.org/display.php3?article_id=3013 ) what would be the legal consequence of the following: 1. A virus is designed that spreads itself in some standard way and that deletes log files of popular http server implementations. 2. Files are deleted when virus receives a packet on a known port. 3. Detection of virus requires more than average admin can do. So when logs are requested an outside 3rd party can maliciously remove logs. The first several ISPs to contract this virus will probably get fucked, but by then it should become obvious that the ISP cannot effectively control the virus.
RE: layered deception
On Sun, 29 Apr 2001, Declan McCullagh wrote: Right, in most circumstances you're not required to keep logs. But there are some cases, albeit a fairly narrow subset, in which you'd want to have log files that are available to you but not an adversary using legal process. -Declan If you need your logs for technical debugging, do your technical debugging diligently and daily, and erase them immediately after. Until the moment they are erased, they are vulnerable to theft, whether the thief has a subpeona or not. If you want to preserve relevant information from your logfiles, just lift out the relevant information and nothing else. Mung it into a completely different form (so it's not a logfile anymore), encrypt it, and save it to a private directory. With any luck, a regular data thief won't find it. Short of making a bad mistake, even if they do find it they won't be able to decrypt. If you're forced to guide a thief with a subpeona to it, there's no guarantee that the info *you* found relevant is the same info they want and also the precedent on whether you can be jailed for refusing to reveal a key you keep in your head is fuzzy at best. Bear
RE: layered deception
Declan McCullagh [EMAIL PROTECTED] wrote: Right, in most circumstances you're not required to keep logs. But there are some cases, albeit a fairly narrow subset, in which you'd want to have log files that are available to you but not an adversary using legal process. -Declan Which would/could get you charged with obstruction of justice/contempt/conspiracy etc, etc. You can protect your log files safely enough by not having any- But protecting your real ASSets is a bit more difficult. Regards, Matt- ** Subscribe to Freematt's Alerts: Pro-Individual Rights Issues Send a blank message to: [EMAIL PROTECTED] with the words subscribe FA on the subject line. List is private and moderated (7-30 messages per week) Matthew Gaylor, 2175 Bayfield Drive, Columbus, OH 43229 (614) 313-5722 ICQ: 106212065 Archived at http://groups.yahoo.com/group/fa/ **
RE: layered deception
Right, in most circumstances you're not required to keep logs. But there are some cases, albeit a fairly narrow subset, in which you'd want to have log files that are available to you but not an adversary using legal process. -Declan At 01:15 AM 4/29/01 -0400, Phillip H. Zakas wrote: there is no requirement for maintaining log files (unless specifically directed otherwise.) log files contain either marketing value or sysadmin value -- in both cases specific ip addr info isn't necessary to maintain that value (except in case of anomalous activity). one could collect info without identifying information. same principle applies to e-mail. once mail is deleted from a pop or imap or whatever server, there is no requirement to keep the backup tapes of e-mail. in fact the larger isps no longer keep deleted e-mail...they maintain only e-mail headers for up to six months. smaller isps should follow in these steps (though i'd argue you shouldn't even keep header info.) don't save it if you don't really truly need it. phillip -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Declan McCullagh Sent: Saturday, April 28, 2001 11:46 PM To: Anonymous Cc: [EMAIL PROTECTED] Subject: Re: layered deception I rather like the idea of encrypting the logs on the fly and shipping them offshore. Your offshore partner will be instructed to turn over the logs only if you are not asking for them under duress. (A reasonable protocol can probably be worked out. Would a court order instruct you to lie? If so, would it be valid?) -Declan On Sat, Apr 28, 2001 at 03:45:38PM -0600, Anonymous wrote: In view of the recent gimme-the-logs-or-we-fuck-you activities of armed men (http://www.indymedia.org/front.php3?article_id=36912group=webcast , http://seattle.indymedia.org/display.php3?article_id=3013 ) what would be the legal consequence of the following: 1. A virus is designed that spreads itself in some standard way and that deletes log files of popular http server implementations. 2. Files are deleted when virus receives a packet on a known port. 3. Detection of virus requires more than average admin can do. So when logs are requested an outside 3rd party can maliciously remove logs. The first several ISPs to contract this virus will probably get fucked, but by then it should become obvious that the ISP cannot effectively control the virus.
RE: layered deception
I think Matt is a bit too quick to conclude a court will charge the operator with contempt and that the contempt charge will stick on appeal. Obviously judges have a lot of discretion, but it doesn't seem to me like the question is such a clear one if a system is set up in the proper cypherpunkish manner. -Declan At 01:04 PM 4/29/01 -0400, Matthew Gaylor wrote: Declan McCullagh [EMAIL PROTECTED] wrote: Right, in most circumstances you're not required to keep logs. But there are some cases, albeit a fairly narrow subset, in which you'd want to have log files that are available to you but not an adversary using legal process. -Declan Which would/could get you charged with obstruction of justice/contempt/conspiracy etc, etc. You can protect your log files safely enough by not having any- But protecting your real ASSets is a bit more difficult. Regards, Matt- ** Subscribe to Freematt's Alerts: Pro-Individual Rights Issues Send a blank message to: [EMAIL PROTECTED] with the words subscribe FA on the subject line. List is private and moderated (7-30 messages per week) Matthew Gaylor, 2175 Bayfield Drive, Columbus, OH 43229 (614) 313-5722 ICQ: 106212065 Archived at http://groups.yahoo.com/group/fa/ **
RE: layered deception
At 01:04 PM 4/29/2001 -0400, Matthew Gaylor wrote: Declan McCullagh [EMAIL PROTECTED] wrote: Right, in most circumstances you're not required to keep logs. But there are some cases, albeit a fairly narrow subset, in which you'd want to have log files that are available to you but not an adversary using legal process. -Declan Which would/could get you charged with obstruction of justice/contempt/conspiracy etc, etc. You can protect your log files safely enough by not having any- But protecting your real ASSets is a bit more difficult. Almost anything the court does not like can get you so charged. So what else is new? Still, if the information or principle is sufficiently important you will eventually be released (if you are even held). steve