At 11:04 AM -0700 7/26/00, sunder wrote:
>Carol Braddock wrote:
>>
>> The only way this is even is remotely palateable is open source.
>> They aren't gonna do it, for they wanna snoop. There are enough
>> ways to snoop as it is.
>
>What is this fetish about open source? The box is evil, regardless
>of how open source it is? Do you think for one second that opening up
>the source code to this thing will do what you think it will?
This is why I thought the whole charade of "hearings" was despicable.
Who the fuck cares what the source code is?
Someone who comes to my house and demands that a snooping camera, or
microphone, or carnivore be placed on my property has crossed over
the line. And even if a court order is presented for a _specific_
target, that in no way justifies a permanent installation (as is the
case with Earthlink, AOL, etc., where the FBI is "co-locating" their
racks of equipment permanently).
Note: There _may_ be a role for some court-appointed ombudsman to
verify on a specific case basis that only the target of a wiretap
order is in fact being monitored. This doesn't negate the basic flaw
of "co-locating" surveillance equipment, but I suppose it's something
that the courts and civil liberties advocates could consider.
>
>Do you think you'll get the real sources or just some sanitized version
>which after review will never change???
>
>Hello??? There's a clue out there you're not getting: You don't get
>access to the carnivore boxes to audit them. The Feebs can install
>whatever they want on them whenever they want, regardless of any audits,
>previousl reviewed open source or not.
Yep, I felt like screaming in frustration as I read the mantra of
"open source" being chanted over and over again. Open source may work
for certain things, but the mantra is becoming a cure-all which it is
not.
(BTW, the same basic point applies to the Freedom code. The focus on
open source, for such a complex system of pipes and servers is
misplaced. There is no guarantee that what is looked at as part of
the open source is what is being run on some node, absent a system of
code signing and some means of checking those signatures on a
continuing basis. With "nested PGP" used with remailers, there is a
much more basic way of checking that a launched message payload has
been properly packaged--the originator can ensure that he has
properly nested the encryptions. Verifying that Freedom has not been
compromised, that nodes are not adding sniffer bits, whatever, would
seems to be a vastly harder problem. I'm not saying that examination
of the code shouldn't be done, just that analyzing snippets of
Freedom source code is only a baby step. This is another discussion
topic, though.)
--Tim May
--
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.
