-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Meyer wrote:
>"So far, U.S. and European authorities battling terrorism and cybercrime >have apparently focused their surveillance elsewhere. The FBI and the >National Security Agency, which monitors international telecommunications, >declined to comment on what strategy, if any, they have for dealing with >remailers." >That would have made the article much more interesting.. >What *is* the FBI/etc.'s strategy on dealing with remailers, other than >ignoring them (and hoping that anti-spam/anti-terror legislation will make >them illegal?) I don't know, how about traffic analysis? Exploiting (publicly) undisclosed holes in the remailer software? Exploiting (publicly) undisclosed holes in PGP? That certainly seems like a fruitful place to dump research money. Good old-fashioned deception isn't exactly rocket science, either. How about suckering people into routing traffic through an ever-increasing number of corrupt nodes, either by: 1) running them covertly 2) buying off "trusted pillars of the crypto community" and trading on their reputation capital? A sobering thought. Or how about this one: enticing people interested in developing cryptography into an closed system based in Canada (international, so using full-blown Echelon technology against it isn't a problem) offering "secure" messaging, file storage, sharing and transmission etc. while promising them the moon about being a no-compromise information-haven phuck-the-state all-your-eggs-in-one - -basket crypto system? Oh wait, it's called CryptoHeaven. Nevermind. Not that I'm claiming the first thing about them--it's just that if I were trying to come up with a way to gather information on people interested in developing privacy and cryptography technology, setting up a compromised CryptoHeaven-like system on behalf of the United States Government would be IDEAL. Or at the very least,inserting some bad actors into the system to root up the vulnerabilities couldn't hurt. Not to mention cultivating "trusted insider" informants. At any rate, any company that lays on the "trust us!!" razzamatazz that thick makes me nervous. The fact that you it gives you zero opportunity for compartmentalization ought to be a red flag. Bad OPSEC makes for shitty tradecraft. I just can't say this enough: one of the drawbacks of viewing all feds as donut-chomping incompetents is that it fosters a false sense of complacency. Underestimating your adversary never did anyone a bit of good. Something to think about, anyway. ~Faustine. *** As nightfall does not come at once, neither does oppression....There is a twilight when everything remains seemingly unchanged. And it is in such a twilight that we must be most aware of change in the air however slight lest we become unwitting victims of the darkness. - --William O. Douglas, Associate Justice, US Supreme Court -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. (Diffie-Helman/DSS-only version) iQA/AwUBPBfQI/g5Tuca7bfvEQIz+gCffs/DSkAHpK/PU2yxx6QcddQSNAoAoOw3 CHApBSii8Tk3bTaeEzr/xdFh =4PZs -----END PGP SIGNATURE-----
