Re: Run a remailer, go to jail?
At 06:06 PM 03/28/2003 -0500, Steven M. Bellovin wrote: What's unclear to me is who is behind this. Felten thinks it's content providers trying for state-level DMCA; I think it's broadband ISPs who are afraid of 802.11 hotspots. It looked to me like it was the cable TV industry trying to ban possession or sale of illegal cable descramblers as well as connection-sharing things like NAT, but it was a bit hard to tell how much of the language was new as opposed to older, so this may have been extending existing cable descrambler laws to also cover 802.11 or Napsterizing your Tivo. I don't think that banning remailers or crypto was the intent, but the cable industry has never been above using nuclear weaponry to discourage cable service theft, regardless of collateral damage. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Run a remailer, go to jail?
It would also outlaw pre-paid cell phones, that are anonymous if you pay in cash and can be untraceable after a call. Not to mention proxy servers. On the upside, it would ban spam ;-) Cheers, Ed Gerck Perry E. Metzger wrote: http://www.freedom-to-tinker.com/archives/000336.html Quoting: Here is one example of the far-reaching harmful effects of these bills. Both bills would flatly ban the possession, sale, or use of technologies that conceal from a communication service provider ... the existence or place of origin or destination of any communication. -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Run a remailer, go to jail?
Sidney Markowitz writes: They both require that the use of such technologies be for the purpose of committing a crime. The Massachusetts law defines as a crime: (b) Offense defined.--Any person commits an offense if he knowingly (1) possesses, uses, manufactures, develops, assembles, distributes, transfers, imports into this state, licenses, leases, sells or offers, promotes or advertises for sale, use or distribution any communication device: [ ... ] or; (ii) to conceal or to assist another to conceal from any communication service provider, or from any lawful authority, the existence or place of origin or destination of any communication; [...] (5) Assist others in committing any of the acts prohibited by this section. To heck with remailers, anonymizing proxies, etal. As I read this, the USPO is liable if it accepts a letter without a correct return address. Peter Trei - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
How useful is www.crypto.com/exports/mail.txt?
For the last three years, I've operated a mail alias, [EMAIL PROTECTED], that publicly archives and forwards to the government authorities announcements of the public availability of cryptographic software. The idea was that since current US export regulations require notifying the government any time such software is made available, it might be useful to have a mechanism that lets the rest of us know at the same time. It was started on a whim, at the suggestion of someone on this list, if I recall correctly. The alias forwards messages sent to it to [EMAIL PROTECTED] and [EMAIL PROTECTED] and archives the mail at http://www.crypto.com/exports/mail.txt. According to my server logs, that (large) file gets a few hits an hour. As of today, 128 announcements of crypto software availability have been forwarded through it. Lately, the flow of announcement messages has been dwarfed by the bombardment of spam that you'd expect a relatively long-lived, widely-published email address to receive. The alias gets about 100 spam messages a day (I don't keep track any more, I just delete them from the archive every now and then). By contrast, the last message actually announcing crypto software was sent at the beginning of February. Deleting the spam has gotten to be a real chore, and I have a sense that perhaps the alias may have run its course and outlived any useful purpose it may have once served. There are now other ways to advertise open-source software and other archived mailing lists to which messages to the government can be openly cc'd. I'm considering shutting the [EMAIL PROTECTED] alias down, or perhaps I might leave it up but not maintain the archive web page. Would this be a terrible inconvenience for anyone? Does anyone actually depend on this service at this point? If so, I'll be happy to keep it running, but if not, I think it may be time to pull the plug. -matt m - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Run a remailer, go to jail?
I've just read Declan's politech article sent out this morning, referencing his full report at: http://news.com.com/2100-1028-994667.html I was shocked to see that Michigan has *already* passed such a law! I've found the new law(s), and they basically outlaw my living in Michigan starting March 31st: http://www.michiganlegislature.org/printDocument.asp?objName=mcl-750-219a-amendedversion=txt http://www.michiganlegislature.org/printDocument.asp?objName=mcl-750-540c-amendedversion=txt This was passed in a lame duck session (December 11, 2002) as part of a big omnibus crime act that covered everything from adulteration of butter and cream, to trick or acrobatic flying to false weights and measures, mostly increasing fines and/or jail for existing offenses. Michigan is a leader in overcrowding its prisons. There was other lame duck legislation passed, before a new Governor took office, almost all of it bad for civil liberties! The Bill analysis basically quotes the MPAA website! http://michiganlegislature.org/documents/2001-2002/billanalysis/house/htm/2001-HLA-6079-b.htm Steven M. Bellovin wrote: The question is more complicated than that. The full text of the Texas bill is at http://www.capitol.state.tx.us/data/docmodel/78r/billtext/pdf/HB02121I.PDF (I haven't found the Mass. version). It is far from clear to me that intent to commit a crime is needed. Section 2 of the billl, which does contain the phrase with the intent to harm or defraud a communication service, bars theft of service. (I'm speaking loosely here; read it for yourself.) Section 3 and 4 also contain that phrase; they bar possession of devices for defrauding providers. (The language is rather broad, and seems to bar possession even a computer or modem if you have evil intent.) Michigan's version was done by modifying existing statute concerning cable or satellite television service providers, and drastically broadening it to TELECOMMUNICATIONS. Michigan 750.219a outlaws avoiding a communication charge. Period. No defraud. avoid or attempt to avoid ... by using any of the following: (a) A telecommunications access device. (b) An unlawful telecommunications access device. (c)... Configuring your ISDN to be a voice device, and then sending data over the device, would be a violation (SBC/Ameritech charges more for data than voice). Most folks around here are willing to settle for 56Kbps + 56Kbps (fixed fee) instead of 64Kbps + 64Kbps (per minute). Configuring a wire pair purchased as a burglar alarm circuit (lower fee) and then using it as DSL (avoid high fee) would be a violation. I run an ISP using this technique. Note that the equipment can equally be a device, *OR* an unlawful device. This was a major change from previous law, which required that the device be (a) stolen or (b) counterfeit. Note that an unlawful device would be, among many things listed, a wireless scanning device. Also, reprogramming or modifying anything. The ban on concealing origin or destination is in Sections 5 and 6. That section does *not* have the intent to harm phrase. Given that the bill is amending three consecutive sections of the state penal code (31.12, 31.13, and 31.14), and given that the first two sections have that language but the third doesn't, it's hard for me to see that evil intent is required by the proposed statute. But it's worse than that: the bill bars concealment of existence or place of origin or destination of any communication from any lawful authority. In other words, it would appear to outlaw many forms of cryptography or steganography. In Michigan, 750.540c(1): (b) Conceal the existence or place of origin or destination of any telecommunications service. Subsection (2) is against programmers. Subsection (3) is against documentation writers. Subsection (4) is A person who violates subsection (1), (2), or (3) is guilty of a felony punishable by imprisonment for not more than 4 years or a fine of not more than $2,000.00, or both. ... Each unlawful telecommunications access device or telecommunications access device is considered a separate violation. Writing documentation used by many persons who write programs for many more persons could land me in gaol for a very long time. What's unclear to me is who is behind this. Felten thinks it's content providers trying for state-level DMCA; I think it's broadband ISPs who are afraid of 802.11 hotspots. Michigan included both. Also, using any device without the express authority of the telecommunications service provider, which pretty clearly covers NAT. (Some cable companies try to charge per machine, and record the machine address of the devices connected.) Also, reprogramming a device (and software and computer chips are explicitly included) that is capable of facilitating the interception, transmission, retransmission, decryption, acquisition, or
Russia Intercepts US Military Communications?
Via the Cryptome, http://www.cryptome.org/, RU sure, look at http://www.aeronautics.ru/news/news002/news082.htm. I'm amazed at their claims of radio interception. One would expect that all US military communications, even trivial ones, are strongly encrypted, given the ease of doing this. Someone, more well informed, please reassure me that this is the case. Otherwise, yet another thing is very wrong about this war and the infrastructure that supports it. -MFR - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Russia Intercepts US Military Communications?
On Sun, Mar 30, 2003 at 07:38:29PM -0500, reusch wrote: | Via the Cryptome, http://www.cryptome.org/, RU sure, look | at http://www.aeronautics.ru/news/news002/news082.htm. | | I'm amazed at their claims of radio interception. One would | expect that all US military communications, even trivial ones, | are strongly encrypted, given the ease of doing this. Someone, | more well informed, please reassure me that this is the case. The ease of doing what? Applying DES with a known key? Key management is hard. Doing key lookups, cert chain management, etc, to NSA level stadards is expensive. Etc. The non-availability of good, cheap, easy to use crypto in a COTS package is the legacy of the ITAR and EAR. That there is a lack of deployed crypto in the US military should be unsuprising. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Fw:Fraud voting machines
On the thread of voting machines, matters of trust and fraud come up, never mind bugs and other errors... There are other references on the web which I am sure some of our viewers have seen... http://www.blackboxvoting.com/ http://www.ecotalk.org/VotingSecurity.htm Date: Sat, 1 Feb 2003 19:34:13 -0800 If You Want To Win An Election, Just Control The Voting Machines by Thom Hartmann Maybe Nebraska Republican Chuck Hagel honestly won two US Senate elections. Maybe it's true that the citizens of Georgia simply decided that incumbent Democratic Senator Max Cleland, a wildly popular war veteran who lost three limbs in Vietnam, was, as his successful Republican challenger suggested in his campaign ads, too unpatriotic to remain in the Senate. Maybe George W. Bush, Alabama's new Republican governor Bob Riley, and a small but congressionally decisive handful of other long-shot Republican candidates really did win those states where conventional wisdom and straw polls showed them losing in the last few election cycles. Perhaps, after a half-century of fine-tuning exit polling to such a science that it's now sometimes used to verify how clean elections are in Third World countries, it really did suddenly become inaccurate in the United States in the past six years and just won't work here anymore. Perhaps it's just a coincidence that the sudden rise of inaccurate exit polls happened around the same time corporate-programmed, computer-controlled, modem-capable voting machines began recording and tabulating ballots. But if any of this is true, there's not much of a paper trail from the voters' hand to prove it. You'd think in an open democracy that the government - answerable to all its citizens rather than a handful of corporate officers and stockholders - would program, repair, and control the voting machines. You'd think the computers that handle our cherished ballots would be open and their software and programming available for public scrutiny. You'd think there would be a paper trail of the vote, which could be followed and audited if a there was evidence of voting fraud or if exit polls disagreed with computerized vote counts. You'd be wrong. The respected Washington, DC publication The Hill (www.thehill.com/news/012903/hagel.aspx) has confirmed that former conservative radio talk-show host and now Republican U.S. Senator Chuck Hagel was the head of, and continues to own part interest in, the company that owns the company that installed, programmed, and largely ran the voting machines that were used by most of the citizens of Nebraska. Back when Hagel first ran there for the U.S. Senate in 1996, his company's computer-controlled voting machines showed he'd won stunning upsets in both the primaries and the general election. The Washington Post (1/13/1997) said Hagel's Senate victory against an incumbent Democratic governor was the major Republican upset in the November election. According to Bev Harris of www.blackboxvoting.com, Hagel won virtually every demographic group, including many largely Black communities that had never before voted Republican. Hagel was the first Republican in 24 years to win a Senate seat in Nebraska. Six years later Hagel ran again, this time against Democrat Charlie Matulka in 2002, and won in a landslide. As his hagel.senate.gov website says, Hagel was re-elected to his second term in the United States Senate on November 5, 2002 with 83% of the vote. That represents the biggest political victory in the history of Nebraska. What Hagel's website fails to disclose is that about 80 percent of those votes were counted by computer-controlled voting machines put in place by the company affiliated with Hagel. Built by that company. Programmed by that company. This is a big story, bigger than Watergate ever was, said Hagel's Democratic opponent in the 2002 Senate race, Charlie Matulka (www.lancastercountydemocrats.org/matulka.htm). They say Hagel shocked the world, but he didn't shock me. Is Matulka the sore loser the Hagel campaign paints him as, or is he democracy's proverbial canary in the mineshaft? In Georgia, Democratic incumbent and war-hero Max Cleland was defeated by Saxby Chambliss, who'd avoided service in Vietnam with a medical deferment but ran his campaign on the theme that he was more patriotic than Cleland. While many in Georgia expected a big win by Cleland, the computerized voting machines said that Chambliss had won. The BBC summed up Georgia voters' reaction in a 6 November 2002 headline: GEORGIA UPSET STUNS DEMOCRATS. The BBC echoed the confusion of many Georgia voters when they wrote, Mr. Cleland - an army veteran who lost three limbs in a grenade explosion during the Vietnam War - had long been considered 'untouchable' on questions of defense and national security. Between them, Hagel and Chambliss' victories sealed Republican control of the Senate. Odds are both won fair and square, the American way, using huge piles of
RE: Russia Intercepts US Military Communications?
reusch[SMTP:[EMAIL PROTECTED] wrote: Via the Cryptome, http://www.cryptome.org/, RU sure, look at http://www.aeronautics.ru/news/news002/news082.htm. I'm amazed at their claims of radio interception. One would expect that all US military communications, even trivial ones, are strongly encrypted, given the ease of doing this. Someone, more well informed, please reassure me that this is the case. Otherwise, yet another thing is very wrong about this war and the infrastructure that supports it. -MFR There are a lot of people who don't consider this source credible. After the site was cited on the Interesting People list, the following appeared. I'll leave it up to the reader as to who to believe. Peter From: Stephen D. Poe [EMAIL PROTECTED] Subject: Venik iraqwar.ru Follow-Ups To: [EMAIL PROTECTED] Date: Thu, 27 Mar 2003 21:42:48 -0600 Organization: Nautilus Solutions Reply-To: [EMAIL PROTECTED] Dave - There's currently several newsgroup threads discussing iraqwar.ru (see sci.military.naval:The credibility of Iraqwar.ru or lack thereof and smn:Intel evaluation 2003.03.25, in rec.aviation.military:The Noted Waterhead: Venik and even in alt.engr.exploisves:Russian analysis of the ongoing battles in Iraq). Regarding Venik and his site at http://www.aeronautics.ru; I suggest a few minutes spent on Google will be informative. He's well know to both sci.military.naval and rec.aviation.military posters and lurkers. Historically he's not known for his accuracy. He's probably best known for his heated assertions during the Yugoslavia conflict as to how many planes NATO lost, NATO's deliberate targeting of civilian targets, and NATO's use of chemical weapons. His claims of multiple shoot-downs of everything from F-16s to B-2s and B-52s were somewhat quickly quashed given the hobby of tail spotters worldwide. Many of his other claims, such as A NATO pilot admits that civilian targets were deliberately attacked during the operation Allied Force and that NATO aviation used chemical weapons were likewise not later confirmed. See: http://www.aeronautics.ru/natodown.htm and a Google search for Venick B-2 Shoot Down as examples. I would have to view anything with his name associated with it with suspicion. -- Archives at: http://www.interesting-people.org/archives/interesting-people/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Russia Intercepts US Military Communications?
On Sun, 30 Mar 2003, reusch wrote: I'm amazed at their claims of radio interception. One would expect that all US military communications, even trivial ones, Trivial ones are voice radio. Nontrivially to encrypt (mil people tend to be conservative), unlike teletype (I've used NEMP-proof perforated tape, teletypes and electromechanical rotor crypto keyed by a wire plug box in 1988's Bundeswehr). are strongly encrypted, given the ease of doing this. Someone, more well informed, please reassure me that this is the case. While there's no doubt comm is being intercepted the www.aeronautics.ru main analyst (forgot his name) is purported to be not very credible. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: How useful is www.crypto.com/exports/mail.txt?
For the last three years, I've operated a mail alias, [EMAIL PROTECTED] ... It was started on a whim, at the suggestion of someone on this list, if I recall correctly. That was me. I think the openssl folks mention it and use it, so sending your posting there is good idea. Thanks for all the years of service! /r$ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Russia Intercepts US Military Communications?
At 7:38 PM -0500 3/30/03, reusch wrote: Via the Cryptome, http://www.cryptome.org/, RU sure, look at http://www.aeronautics.ru/news/news002/news082.htm. I showed this link to a friend who fixes helicopters for the Army/Marines. He was incredulous at first, but then said, Oh, they probably just turned off the crypto. There's a switch to do that. Sometimes you have to do that if things screw up. He went on to talk about crypto as if it was something like fuel or food. He said, They probably loaded up 4 or 5 days of crypto at the beginning, but then they had to turn it off after the supply lines got muddled. So this would be consistent with some key management structures but not with others. If you give a unit a good random number source and diffie-hellman, they should be able to go the entire war without running out of crypto. But I don't know if the US military embraces the kind of hierarchy-free key management imagined by cypherpunks. Of course, many of the details from the Russian could be gathered from raw traffic analysis. It's easy to count messages and triangulate to figure out where US troops are massing. It's also easy to tell that an absence of messages from the interior of the city means that the US troops haven't entered yet. The crypto may cloak the details of the messages, but those details may not be too important. (I wouldn't be surprised if they carried some news of the NCAA basketball tournament, for instance.) -Peter - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Russia Intercepts US Military Communications?
On Sun, Mar 30, 2003 at 07:38:29PM -0500, reusch wrote: I'm amazed at their claims of radio interception. One would expect that all US military communications, even trivial ones, are strongly encrypted, given the ease of doing this. Someone, more well informed, please reassure me that this is the case. It's not the case. I routinely listen in on communications. Most of the planes have either KY-57 or Have Quick. The KY is digital and probably better than DES encryption. Adequate except for stupidly using AM (Amplidude Modulation, aka ancient modulation) which along with poor maintenance makes it often unusable. Have Quick is actually anti-jam and often mistaken for encryption. Likely the Russians can read it. The real problem is that flaky encrypted comms are a tactical problem so it is often better to use clear comms when time is the issue. Not too helpful to know what's about to happen if you can't do anything about it anyway. Otherwise, yet another thing is very wrong about this war and the infrastructure that supports it. -MFR It's amazing to me to listen to engineers try a test 15 times and then when it finally works, declare victory and go on to the next one. The military industrial complex is about money, not reliable high-tech systems. I was more impressed with American expertise 40 years ago than I am now. -- - | 73,E-mail | [EMAIL PROTECTED] | | Lyn Kennedywebpage | http://home.earthlink.net/~lrkn | | K5QWB ICBM | 32.5 North 96.9 West| ---Livin' on an information dirt road a few miles off the superhighway--- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Run a remailer, go to jail?
On Sun, 2003-03-30 at 17:33, Jurgen Botz wrote: [Moderator's note: is using a NAT box intent to defraud a cable modem provider? --Perry] The cable modem provider and the DSL provider at their consumer service level in my area both have explicit clauses in their AUP prohibiting sharing of the connection by multiple machines (I've seen various wordings, some explicitly mentioning NAT, others explicitly mentioning 802.11). I seem to remember Verizon running DSL TV ads a while back for an equipment and installation deal that included a low-end NAT router. At least in my area (Pittsburgh), they really don't seem to care how many machines I have behind the router in my house. Indeed, when Verizon DSL switched me from a static IP to a PPPoE connection last week (without telling me; gee thanks), and I called their tech support line to find out why my connection was down, the first question the tech asked was whether I was using a router. I said yes, and he gave me the PPPoE info I needed to configure my router while he waited on the line. The only concern he seemed to have about the router was pure personal curiosity as to what model it was. -- Ben - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Russia Intercepts US Military Communications?
I'm amazed at their claims of radio interception. 1. Look for plaintext. This was rule #1 stated by Robert Morris Sr. in his lecture to the annual Crypto conference after retiring as NSA's chief scientist. You'd be amazed how much of it is floating around out there, even in military communications. 2. Wars are great opportunities to learn what other folks are doing for communications security. Whether or not you are a belligerant in the war, you clearly want to be focusing your interception capabilities on that battlefield and its supply and command trails. Besides operational errors made under stress, which can compromise whole systems, you just learn what works and what doesn't work among the fielded systems. And what works or not in your own interception facilities. Wars are much better than sending probe jets a few miles into an opponent's territory, to show you how their electronics work. One would expect that all US military communications, even trivial ones, are strongly encrypted, given the ease of doing this. Given the ease of writing strong encryption applications, I'm amazed that civilian communications are seldom -- very seldom -- encrypted. Deployment and interoperability without introducing major vulnerabilities is much harder than just designing algorithms and writing code. It involves changing peoples' habits, patterns, and practices. Remember, the cypherpunks cracked Clipper and DES, deployed the world's most widely used email encryption, secured any Web traffic that chooses to be secure, built a lot of the most popular network encryption. We beat back NSA's controlling hand, and encouraged a global spread of encryption expertise. We secured most of the Internet's control traffic (using ssh - thanks Tatu) to make it harder to break into the infrastructure. We're the A-team. But our cellphones are still trivial to track and intercept; the vast majority of email, web, and IM traffic is totally unencrypted; ordinary phone calls are totally wiretap prone; our own new technologies like 802.11 have no decent encryption and no likelihood of a real fix that works everywhere by default; we know the government IS TODAY wiretapping tons of innocents in a feeding frenzy of corruption; the US government has mandated Stasi-like wiretap capabilities in every form of new communication (even where the law gives them no power, they arrogate it and largely succeed); the wiretappers have largely built an international consensus of cops to track and wiretap anybody anywhere; practical anonymity has significantly shrunken in the last decade; and even more traffic is moving onto wireless where legal or illegal interception is undetectable. We still fight endless intra-community battles that delay or derail deployment of existing encryption. The most widespread large-scale hard-to-crack systems are being deployed AGAINST the public interest -- by the copyright mafia. If *we*, the victors in the crypto wars, couldn't get decent encryption deployed, even among ourselves, why would you expect that a government bureacracy could do it among itself and its clients? John - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Russia Intercepts US Military Communications?
At 12:51 PM 3/31/03 -0500, Adam Shostack wrote: On Sun, Mar 30, 2003 at 07:38:29PM -0500, reusch wrote: | Via the Cryptome, http://www.cryptome.org/, RU sure, look | at http://www.aeronautics.ru/news/news002/news082.htm. | | I'm amazed at their claims of radio interception. One would | expect that all US military communications, even trivial ones, | are strongly encrypted, given the ease of doing this. Someone, | more well informed, please reassure me that this is the case. The ease of doing what? Applying DES with a known key? Key management is hard. Doing key lookups, cert chain management, etc, to NSA level stadards is expensive. Etc. The non-availability of good, cheap, easy to use crypto in a COTS package is the legacy of the ITAR and EAR. That there is a lack of deployed crypto in the US military should be unsuprising. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume Nosing around on the same site, one finds How military radio communications are intercepted http://www.aeronautics.ru/news/news002/news071.htm Searching for SINCGARS indicates that all US military radios have encryption capabilities, which can be turned off. Several, in use, key distribution systems are mentioned. Perhaps these systems or even encryption, with infrequently changed keys are, as you suggest, too inconvenient to use under the conditions. -MFR - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Russia Intercepts US Military Communications?
[EMAIL PROTECTED] writes: The real problem is that flaky encrypted comms are a tactical problem so it is often better to use clear comms when time is the issue. Not too helpful to know what's about to happen if you can't do anything about it anyway. -- This is a very important point! I am sure that most of what is being intercepted is tactical voice, and has very limited shelf-life. I am much more concerned about the apparent lack of good IFF (missile batteries lighting up the RAF plane that they then shot down; the USAF plane that reacted to being lit up by firing at and destroying the ground radar; stories about our close air-support firing on our tanks and other ground units)! This sounds like it is very close to criminal negligence! Do these units NOT have IFF or are they not using it or does it just not work all of the time ? Geraldo wants to know!! - chazzchezz - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: GPS phones confiscated from reporters in Iraq
http://www.newscientist.com/news/print.jsp?id=ns3567 It's nice to see that the US military realizes the terrible possibilities from tracking the movements of ordinary people (who happen to be soldiers or with soldiers). When will they get on the bandwagon demanding that person-tracking phones be banned -- rather than required -- by the FCC? John - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Russia Intercepts US Military Communications?
On Mon, Mar 31, 2003 at 01:17:43PM -0500, Peter Wayner wrote: | He went on to talk about crypto as if it was something like fuel or | food. He said, They probably loaded up 4 or 5 days of crypto at the | beginning, but then they had to turn it off after the supply lines | got muddled. | | So this would be consistent with some key management structures but | not with others. If you give a unit a good random number source and | diffie-hellman, they should be able to go the entire war without | running out of crypto. But I don't know if the US military embraces | the kind of hierarchy-free key management imagined by cypherpunks. Heh. They certainly tend not to. And really, when you have a hierarchy, you may not even want to. The ease of jumping into an encrypted net with a MITM attack would be pretty scary, or everyone needs copies of a few dozen to thousands of authentication keys, which is going to be tricky. (Of course, if they just put the crypto on smartcards, or key fobs, you could likely carry a month or three worth of crypto with you, but then they wouldn't know what had happened to every key out there. Clearly, its better to have unencrypted comms where you know they're insecure, rather than low assurance secure comms. For some threat models that I disagree with, anyway. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Russia Intercepts US Military Communications?
reusch wrote: Via the Cryptome, http://www.cryptome.org/, RU sure, look at http://www.aeronautics.ru/news/news002/news082.htm. I'm amazed at their claims of radio interception. One would expect that all US military communications, even trivial ones, are strongly encrypted, given the ease of doing this. Someone, more well informed, please reassure me that this is the case. Possibly someone was bribable - presumably the CoW need to share the same frequencies and keys, so - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Russia Intercepts US Military Communications?
John Gilmore [EMAIL PROTECTED] writes: Remember, the cypherpunks ... secured any Web traffic Credit where it's due. Netscape was responsible for this. -Ekr -- [Eric Rescorla [EMAIL PROTECTED] http://www.rtfm.com/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Fw:Fraud voting machines
Richard Guy Briggs wrote: If You Want To Win An Election, Just Control The Voting Machines by Thom Hartmann [...] Six years later Hagel ran again, this time against Democrat Charlie Matulka in 2002, and won in a landslide. As his hagel.senate.gov website says, Hagel was re-elected to his second term in the United States Senate on November 5, 2002 with 83% of the vote. That represents the biggest political victory in the history of Nebraska. What Hagel's website fails to disclose is that about 80 percent of those votes were counted by computer-controlled voting machines put in place by the company affiliated with Hagel. Built by that company. Programmed by that company. Breathless speculation aside, it oughtn't be that hard to test whether Hagel's victory was credible. Surely there were some polls of the voters. You would think that if there was significant fraud through compromised voting machines, then this fact would be very noticeable in the polls. Does anyone know whether there is any evidence to back up these allegations that Hagel's election results were fraudulent, or is this article just blowing smoke? I agree that we ought to take voting fraud seriously, and I'm very critical of e-voting. However, we also ought to get the facts, all the facts, and to get them right. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Russia Intercepts US Military Communications?
On Mon, Mar 31, 2003 at 02:59:11PM -0500, [EMAIL PROTECTED] wrote: I am much more concerned about the apparent lack of good IFF (missile batteries lighting up the RAF plane that they then shot down; the USAF plane that reacted to being lit up by firing at and destroying the ground radar; stories about our close air-support firing on our tanks and other ground units)! This sounds like it is very close to criminal negligence! Do these units NOT have IFF or are they not using it or does it just not work all of the time ? Geraldo wants to know!! - chazzchezz IFF is no longer limited to 6x8-foot Union Jacks flown by British vehicles but it's obvious there are still problems. Considering how much effort I know about in the last ten years, one would think they have every plane, vehicle, and ship tagged with something. My father fought WWII in Dallas, installing IFF in airplanes. Plenty of time to perfect these concepts. One needs to keep in mind that the problem is often simple failure to communicate. The Combat Air Patrols over the US in the last year give some insight: Fighters in Texas taking direction from Florida rather than talking to the Air Traffic Controllers below. I listen to private pilots near Dubya's ranch complaining about being attacked by F-16s while following directions from ATC. The F-16s chase scheduled airliners into Waco. Perhaps they don't have weapons and that is all that has saved planes from being shot down in Texas. -- - | 73,E-mail | [EMAIL PROTECTED] | | Lyn Kennedywebpage | http://home.earthlink.net/~lrkn | | K5QWB ICBM | 32.5 North 96.9 West| ---Livin' on an information dirt road a few miles off the superhighway--- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Russia Intercepts US Military Communications?
At 2:10 PM -0500 3/31/03, reusch wrote: ... Nosing around on the same site, one finds How military radio communications are intercepted http://www.aeronautics.ru/news/news002/news071.htm Searching for SINCGARS indicates that all US military radios have encryption capabilities, which can be turned off. Several, in use, key distribution systems are mentioned. Perhaps these systems or even encryption, with infrequently changed keys are, as you suggest, too inconvenient to use under the conditions. -MFR There is a lot of material on SINCGARS available on line via Google. This is a low-VHF system used primarily by U.S. ground forces and those who want to talk to them. It offers both frequency hopping and Type-1 encryption (at least the newer models) and can also be used in single channel, unsecured mode to talk to older VHF-FM radios. According to one source, about 164,000 SINCGARS radios have been fielded and all older VRC-12 radios should have been replaced by 2001. The key management systems (nightmare may be a better term) are described in considerable detail in http://www.fas.org/man/dod-101/sys/land/sincgars.htm . It's from 1996 and makes very interesting reading. For example, radios have to have their time set to within 0.4 sec of GMT. It's easy to believe that units switch to un-encrypted modes under the stress of battle. Even tho the radios seem quite versatile, the usage is extremely hierarchical. News reports have stated that one advance in this war is that the daily tasking order can now be distributed electronically. This probably includes all the material needed to set up the SINCGARS (frequency hop list, frequency hopping keys, communications security keys, call sign lists, network IDs, etc.). That may make things a little better than in 1996. I went to a lecture at MIT by someone for the US Army talking about the soldier of the future, an integrated body armor/backpack/electronics system. I asked about encryption and he said it was Army doctrine not to use it at the intra-squad level. Key management is one of the issues. That is consistent with the number of SINCGARs radios produced. So there should be plenty of open voice traffic to analyze. Arnold Reinhold - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Kashmir crypto
While Googling for material on SINCGARS, I found an article about crypto in the India/Pakistan conflict. Old style cryptanalysis isn't dead yet: http://www.tactical-link.com/india_pakistan.htm Arnold Reinhold - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Russia Intercepts US Military Communications?
Eric Rescorla wrote: Sent: Monday, March 31, 2003 23:42 To: John Gilmore Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Russia Intercepts US Military Communications? John Gilmore [EMAIL PROTECTED] writes: Remember, the cypherpunks ... secured any Web traffic Credit where it's due. Netscape was responsible for this. Just for the record, SSLv1 first saw significant review, if it was not first posted to, the Cypherpunks mailing list. Those who participated in the list at the time may remember Mark Andreessen, a Cypherpunks newbie in those days, proudly posting his new crypto protocol. The protocol received the customary reception security protocols designed by crypto newbies tend to receive: it was torn to shreds immediately. SSLv2 rapidly superceded SSLv1. SSLv2 in turn was implemented throughout Netscape's products by the Weinstein brothers, which during those days were very active participants in both the Cypherpunks mailing list and Cypherpunks meetings. --Lucky Green - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Russia Intercepts US Military Communications?
Well I am sure most of you would be amazed and/or flabbergasted with how the crypto keys are handed out for the different avionics/communication devices on a daily basis. You will know if you forgot one of them like when you pass over a hawk missile sight at the edge of base, and they lock on and start tracking you. Notice I said daily basis. Might give a hint to how they ran out. Dave _ Dave Kleiman [EMAIL PROTECTED] www.netmedic.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Wayner Sent: Monday, March 31, 2003 13:18 To: reusch; [EMAIL PROTECTED] Subject: Re: Russia Intercepts US Military Communications? At 7:38 PM -0500 3/30/03, reusch wrote: Via the Cryptome, http://www.cryptome.org/, RU sure, look at http://www.aeronautics.ru/news/news002/news082.htm. I showed this link to a friend who fixes helicopters for the Army/Marines. He was incredulous at first, but then said, Oh, they probably just turned off the crypto. There's a switch to do that. Sometimes you have to do that if things screw up. He went on to talk about crypto as if it was something like fuel or food. He said, They probably loaded up 4 or 5 days of crypto at the beginning, but then they had to turn it off after the supply lines got muddled. So this would be consistent with some key management structures but not with others. If you give a unit a good random number source and diffie-hellman, they should be able to go the entire war without running out of crypto. But I don't know if the US military embraces the kind of hierarchy-free key management imagined by cypherpunks. Of course, many of the details from the Russian could be gathered from raw traffic analysis. It's easy to count messages and triangulate to figure out where US troops are massing. It's also easy to tell that an absence of messages from the interior of the city means that the US troops haven't entered yet. The crypto may cloak the details of the messages, but those details may not be too important. (I wouldn't be surprised if they carried some news of the NCAA basketball tournament, for instance.) -Peter - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Run a remailer, go to jail?
to conceal or to assist another to conceal from any communication service provider, or from any lawful authority, the existence or place of origin or destination of any communication. I agree with Peter. Now what are they going to with all that Postal mail without return addresses? Who is liable if you receive it? The Post Office? Will FedEx now require an ID before sending packages? Little electronic ATM like card readers for your ID card at the drop boxes and US mail boxes? If you send it electronically through your ISP and they let it get by, are they now liable if the receiver of the e-mail reports it. They did assist another to conceal. Did they not? If you live in Mass but your ISP is in NY does the law apply? I am thinking if this is one of those laws passes because of ignorant voters and politicians. It will: A) Make a lot of attorneys rich. B) Get torn apart by case law, after making said attorneys rich. But that is just my opinion :) Dave _ Dave Kleiman [EMAIL PROTECTED] www.netmedic.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Trei, Peter Sent: Friday, March 28, 2003 23:55 To: 'Sidney Markowitz '; '[EMAIL PROTECTED] ' Subject: RE: Run a remailer, go to jail? Sidney Markowitz writes: They both require that the use of such technologies be for the purpose of committing a crime. The Massachusetts law defines as a crime: (b) Offense defined.--Any person commits an offense if he knowingly (1) possesses, uses, manufactures, develops, assembles, distributes, transfers, imports into this state, licenses, leases, sells or offers, promotes or advertises for sale, use or distribution any communication device: [ ... ] or; (ii) to conceal or to assist another to conceal from any communication service provider, or from any lawful authority, the existence or place of origin or destination of any communication; [...] (5) Assist others in committing any of the acts prohibited by this section. To heck with remailers, anonymizing proxies, etal. As I read this, the USPO is liable if it accepts a letter without a correct return address. Peter Trei - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Run a remailer, go to jail?
On Fri, Mar 28, 2003 at 01:10:56PM -0500, Perry E. Metzger wrote: http://www.freedom-to-tinker.com/archives/000336.html Quoting: Here is one example of the far-reaching harmful effects of these bills. Both bills would flatly ban the possession, sale, or use of technologies that conceal from a communication service provider ... the existence or place of origin or destination of any communication. -- Perry E. Metzger [EMAIL PROTECTED] I find another thread of concern to some of us who are hams and radio and satellite TVRO hobbyists. Quoting from the Mass version of the bill... (b) Offense defined.--Any person commits an offense if he knowingly: (1) possesses, uses, manufactures, develops, assembles, distributes, transfers, imports into this state, licenses, leases, sells or offers, promotes or advertises for sale, use or distribution any communication device: (i) for the commission of a theft of a communication service or to receive, intercept, disrupt, transmit, re-transmits, decrypt, acquire or facilitate the receipt, interception, disruption, transmission, re-transmission, decryption or acquisition of any communication service without the express consent or express authorization of the communication service provider; or (2) Communication service. Any service lawfully provided for a charge or compensation to facilitate the lawful origination, transmission, emission or reception of signs, signals, data, writings, images and sounds or intelligence of any nature by telephone, including cellular or other wireless telephones, wire, wireless, radio, electromagnetic, photoelectronic or photo- optical systems, networks or facilities; and any service lawfully provided by any radio, telephone, fiber optic, photo-optical, electromagnetic, photoelectric, cable television, satellite, microwave, data transmission, wireless or Internet-based distribution system, network or facility, including, but not limited to, any and all electronic, data, video, audio, Internet access, telephonic, microwave and radio communications, transmissions, signals and services, and any such communications, transmissions, signals and services ^^ lawfully provided directly or indirectly by or through any of the aforementioned systems, networks or facilities. --- end of quote Whilst I am no lawyer, this would seem to possibly render illegal radio and satellite TV receivers that could be used or are used to lawfully receive those radio communications the public is explicitly permitted to listen to under the ECPA (18 USC 2510 and 2511) if the originator of the communication does not provide explicit permission to listen and the transmission involves use of facilities for which a fee is paid (such as space on a leased tower). Included in this category are unencrypted public safety communications such as police and fire calls, aircraft, ships, trains and the like all of which can be picked up on the ubiquitous police scanners (and more sophisticated radios that some of us own as well). And obtaining explicit permission from all the parties involved in such communications is not always easy, nor in many cases do local agencies want to grant it. And also much more likely to be included under the rubric of at at least this very broad Mass language are unencrypted non-scrambled back hauls, news feeds, and free to air MPFG and analog services available from TVRO satellite dishes. These are pretty clearly communications services and watching them in the privacy of one's home for private non-commercial purposes has been legal under the provisions of the late 80s Satellite Viewers Rights Act (provided they weren't scrambled). Of course compared to the larger issues raised by the DMCA language and the apparent prohibition of NAT and anonymous mailers this may seem minor... But it is worrisome to some of us working on software defined radio code in Mass... which might or could be used in ways that might be found illegal under this bill. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493 PGP fingerprint 1024D/8074C7AB 094B E58B 4F74 00C2 D8A6 B987 FB7D F8BA 8074 C7AB - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Run a remailer, go to jail?
At 6:09 PM -0800 3/31/03, dave wrote: to conceal or to assist another to conceal from any communication service provider, or from any lawful authority, the existence or place of origin or destination of any communication. However, this provision shouldn't interfere with NAT on a home network. All the machines are at the same address, the origin of the communication. (The actual source of email communication is the keyboard processor, not the computer with the IP address and email client.) OTOH, the sections dealing with theft of service may apply. Moral is to get your service from a provider that allows NAT. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
GPS phones confiscated from reporters in Iraq
http://www.newscientist.com/news/print.jsp?id=ns3567 New Scientist GPS phones confiscated from reporters in Iraq 15:26 31 March 03 Will Knight Satellite phones with built-in Global Positioning System (GPS) capabilities have been confiscated from journalists travelling with US troops inside Iraq, due to fears that they could inadvertently reveal their positions. Reporters embedded with the troops have been asked to hand over satellite telephones operated by Thuraya Satellite Telecommunications, a communications company based in Abu Dhabi. The restriction is limited to units near the war's front-line and is expected to be temporary, a spokesman for US central command in Qatar told New Scientist . A spokeswoman for the US Department of Defense added that reporters with unaffected satellite phones would be asked to share them and that military communications equipment would be made available when possible. Replacement phones could also be sent to the front line. Richard Langley, a GPS expert at the University of New Brunswick, Canada, says US military commanders may be concerned that positioning information embedded in signals sent by the Thuraya phones could be intercepted and used by Iraqi forces to locate and attack US troops. It's not impossible, although it would be rather difficult, Langley told New Scientist . The signals are line-of-sight [from handset to satellite] so very little would leak out and be interceptable on the ground. Ground station intercept It would be easier to intercept the signal as it arrives from the satellite at the network operator's ground station, he says. But even in this case, any interceptor would still have to crack the encryption protecting the signal. An alternative concern is that the US military are worried that computers used to store call information are vulnerable to cyber attack. Perhaps the concern was that there would be a log of these positions kept on a computer somewhere, Langley says. Positional information captured by any means would only be useful for as long as the caller remained in the same place, he notes: Anyone wanting to use the information would have to work quickly. Thuraya telephones can connect to GSM mobile phone networks when they are available, and a satellite network when in more remote areas. The phones can also be used as a GPS receiver, determining its position by communicating with satellites in the GPS constellation. If the GPS functionality is switched on, the caller's co-ordinates are automatically embedded in the voice signal sent to the communications satellites. -- R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]