On 04/25/2013 04:23 PM, Tzafrir Cohen wrote: > Off topic, but may be interesting:
I'll re-order the quoted excerpts to put the technical/on-topic part of the response first. The non-technical/off-topic considerations may be skipped, unless you are inerested in my opinions. > Any existing software to automatically (and periodically) generate email > on a mailbox which will appear to be used, so if anybody wants a casual > look at my mailbox, I don't have to provide any real email > credentials? Since this is not endemic to Israel (see the OT part below), even if the media think it is (all that happened was that the Attorney General confirmed that the security services are not prevented by law from asking to access your email, and may even have the option written in their procedures), generating a fake email account is a valid idea. Many years ago, when communication was a lot more difficult than now (no mobile phones or Skype, very expensive long distance land line calls, etc.), a friend of mine - American, observant - faced a problem of reporting daily (well, frequently...) on the well-being of his 4 daughters to his parents. He created an awk script that generated an email describing numerous routine occurrences such as success at school in one subject or another, a new best friend, a minor illness, whatever. The script randomly rotated his daughters' names so different sentences referred to different child each time. The phrases and the vocabularly also varied slightly. The script ran through cron. From time to time he wrote real emails, of course. One can set up several mail accounts, devise such a script (my friend's story proves it is possible), generate a random delay and run it off at(1) [rather than cron, to avoid regularity], rotating sender addresses in the process. Then fetchmail from a designated account, procmail to a script that sometimes generates a reply... In particular, I have just verified that when I use mail(1) to send an email to one of my web accounts with a Bcc to another one (the latter is on GMail, and I have the appropriate MASQUERADE_AS in sendmail.mc), the email properly appears under the Sent label in GMail. If your GMail is set up to "archive" certail emails (maybe all) then it will not appear in the Inbox, removing the tell-tale sign. If the security agent knows what to look for he/she will notice that the mail does not have a "mailed-by" header. This may look suspicious if the security personnel assume that you use GMail from the web. If, however, you first show them your local mailbox and explain that you POP/IMAP and don't use the web interface, this will reduce suspicion. If they hunt down your procmailrc or other scripts they'll find out you are up to no good, but that requires a different level of sophistication. You can camouflage your deviousness pretty thoroughly, if not perfectly. You will have a good chance to fool an interactive and not very technically adept observer. If you are caught you are on your own though... ;-) > I heard recently that it is now legal for the security checks in the Ben > Gurion airport to require that I show my mail account. When I read about it I tried to think it over (I consider myself very privacy-conscious). IANAL and OT disclaimers apply to what follows. a) Your computer may be accessed, impounded, whatever at any border in the world. Large (non-Israeli) companies whose employees travel, and who have policies for everything, usualy have a policy that instructs employees to always allow border/security/customs authorities to access the work laptop, provide passwords, surrender the laptop on demand, etc. This is with full realization that classified corporate secrects may be accessed, and even in cases where reasonable suspicion a priori exists that (business/technological) intelligence may be gathered (obvious examples: China, Russia, etc.). IBM had such a policy when I worked there. Access to a laptop is, strictly speaking, different from access to (presumably cloudy) email, which often requires separate credentials. Not sure if there is much difference really, given that a business laptop has several levels of security: bootloader password, disk encryption, login, etc. The polciies I mentioned above said, give up everything, just don't get into trouble. b) None of us Israelis will be denied entry if we refuse, and I very much doubt any of us will ever be asked for access to our mailbox (unless some foundations of our society change very significantly, in which case we'll have bigger problems). We face, in principle, the same situation when we travel to other countries, even thoroughly democtratic ones. Besides, how is it different from invasive search of your personal belongings or a body search which are routine in every airport everywhere? And some countries actually have laws against search and seizure, while denying reasonable expectation of privacy for internet communications. Having said that, I'd be very troubled indeed if this were applied more frequently than in very rare cases where serious suspicion exists. I'd want to to be a tool to maybe reconsider an almost-made decision to deny entry. The recent "flytilla" would be fair game in my mind, maybe. c) This may look troubling. However, it does not violate anyone's privacy by itself. Before raising a "human rights" ruckus one should remember that this does not give the security services a right to access your email. It is not that there is a law that mandates that you give up your email password on demand. The issue is that there is no law that explicitly forbids the security services to ask for permission to access a suspect's email. In my mind, it's quite a different kettle of fish. They may ask you to let them into you mailbox, and you may refuse. You may or may not be denied entry then. However, if you are not a citizen of a sovereign country X, in general country X can deny you entry without reasons or explanations - there is no "right" to travel to X, anywhere in the world. The argument that you will gladly provide an email password because you are under duress since you've paid for the ticket is bull***t. You may even be refused boarding by the airline (the recent "racism" case that Air France recently lost notwithstanding) if they have a reasonable expectation that you would be denied entry - this is because they will have to fly you back at their expense. This is why airlines verify at check-in that you have a visa, when applicable. Shachar Shemesh <[email protected]> writes: > While I am the first to admit that there is a propaganda war going on > against Israel, I feel this is the wrong method (and the wrong agents) > to collect intelligence. I actually thought that if this is applied to persons who are already under a serious suspicion then it is a perfectly valid method to *try* to obtain intelligence. I assume that web mail may be accessed from a security service computer rather than from the traveller's laptop/tablet/phone, and an unseen program may slurp quite a bit of information from the suspect's account, e.g., whom he/she communicates with. Consider the "flytilla" again. Yes, it would lack any judicial supervision or sanction, but if the account owner gives permission... As for "wrong agents", I suspect that this is carried out by security services rather than by El Al "selectors", and at this stage well-trained personnel may well be involved. I do not know though. -- Oleg Goldshmidt | [email protected] _______________________________________________ Linux-il mailing list [email protected] http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
