Re: Email Privacy eating software
In message [EMAIL PROTECTED], Matt Holdrege wr ites: I'm not sure what "sounds a bit overmuch" to you. Have a look at http://news.bbc.co.uk/hi/english/sci/tech/newsid%5F15/150465.stm How is this different than looking in your bags for porn magazines or videotapes? How is looking at your stored email different than looking at your paper correspondence? Leaving out their technical limitations and assumptions (the whole world doesn't run Windows), the problem is that you don't know what they're really doing. Indeed, the Customs officers may not -- can you tell from the wrapper what an arbitrary piece of software does? A magazine is fairly obviously just that -- but there's a lot of very sensitive data on many people's laptops. Perhaps the British government can be trusted -- but I can name a number of others, including nominal democracies, that I wouldn't trust. As I stated in my previous post "unless provoked". Customs in many countries can be provoked to look at those things. What makes a computer special? Why single out the U.K. government when many others do essentially the same thing. Apart from the question of what it takes to "provoke" a Customs officer -- skin color? -- the issue with the UK in particular is the lack of any checks on the powers of the House of Commons. Usually, they show restraint and common sense -- but not always. (As an aside, one of the Customs officials I encountered in Australia, after hearing why I was there, opined that the Internet was really a tool of the Devil, and that it was somehow related to the Mark of the Beast. I decided not to argue, not even to point out that my religion knows nothing of Beasts nor marks thereof.) --Steve Bellovin
Re: Email Privacy eating software
Dennis Glatting wrote: Perhaps at the Pittsburgh plenary we should discuss whether we want to move the London meeting elsewhere, least all of our lap tops be "scanned" and cryto keys surrendered. Or maybe we should discuss it here, so as not to exclude people who can't make it to Pittsburgh (particularly Europeans, who would be more likely to go to London than to Pittsburgh). Much as I like London, I would be in favor of moving the meeting if the RIP bill passes. Email is bad enough; but suppose some British police authority notices encrypted SSH and IPSec traffic coming from the IETF network, and demands the keys? They'd be able to use those keys to connect to our (nominally) secure networks. It might also be useful for the British organizations lobbying against RIP if they could point to an IETF boycott as evidence that RIP was harming British companies. (Or it might not, of course; Parliament might decide they didn't like being threatened.) -- /==\ |John Stracke| http://www.ecal.com |My opinions are my own.| |Chief Scientist |=| |eCal Corp. |Never do card tricks for your poker buddies. | |[EMAIL PROTECTED]| | \==/
Re: Email Privacy eating software
Matt Holdrege writes: How is this different than looking in your bags for porn magazines or videotapes? It's not. I take it that you don't mind having your bags searched? How about your wallet? Where do you draw the line, or don't you draw one? How is looking at your stored email different than looking at your paper correspondence? It's not--but nobody looks at your paper correspondence. Through many centuries of familiarity, it has come to be accepted that paper correspondence is relatively private, even by those who fail to grasp the equivalence of correspondence stored in computers. As I stated in my previous post "unless provoked". As I implied in my previous post, selective enforcement is an open door to erosion of critical freedoms. "Provocation" should not be a factor in enforcement. Customs in many countries can be provoked to look at those things. If they can be provoked into looking at those things, then it stands to reason that they can also be persuaded to ignore them. Which technique do you think the bad guys are more likely to use? What makes a computer special? Nothing. It's just like, say, the sum total of all the papers and personal effects that you have in your home. You don't mind if someone goes through all of those, do you? There _might_ be something illegal among them, after all. Why single out the U.K. government when many others do essentially the same thing. Multiple wrongs don't make a right. And it sounds like the U.K. has gone further than many other countries held to be at a similar level of "civilization" (or "civilisation").
RE: Email Privacy eating software
"I use the computer to access the Internet, yes," I said, rather proud of myself for my accuracy. "Is there any pornography on it?" she said, stoically. I belive she ment the Computer not the Internet. -Original Message- From: John Stracke [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 19, 2000 3:16 PM To: [EMAIL PROTECTED] Subject: Re: Email Privacy eating software Matt Holdrege wrote: I'm not sure what "sounds a bit overmuch" to you. Have a look at http://news.bbc.co.uk/hi/english/sci/tech/newsid%5F15/150465.stm How is this different than looking in your bags for porn magazines or videotapes? How is looking at your stored email different than looking at your paper correspondence? Read it again--they were apparently going to use their program to view a known porn site, not porn on his hard drive. -- /==\ |John Stracke| http://www.ecal.com |My opinions are my own.| |Chief Scientist |=| |eCal Corp. |You buttered your bread, now lie in it. | |[EMAIL PROTECTED]| | \==/
RE: Email Privacy eating software
[from [EMAIL PROTECTED], (www.benton.org/News/) Communications-related Headlines for 7/19/2000 ] BRITISH AUTHORITIES MAY GET WIDE POWER TO DECODE E-MAIL Issue: Privacy/International Britain may adopt a law making it the only Western democracy where the government could require anyone using the Internet to turn over the keys to decoding e-mails messages and other data. "The powers in the bill are necessary and proportionate to the threat posed by 21st century criminals, no more, no less," Charles Clarke, the Home Office official in charge of the bill, said last week. The legislation would allow the British government to tap into and monitor electronic communication for a host of reasons, including to protect national security, to "safeguard the country's well-being," and to prevent and detect serious crime. That last, far-reaching category might include, for instance, "a large number of persons in pursuit of a common purpose." The measure would not require traditional warrants signed by judges. "This is Big Brother government realizing that unless they get their act together, technology is going to make them impotent by allowing individuals to bypass the regulations, and the spies, of the state," said Ian Angell, professor of information systems at the London School of Economics and a consultant on the recent report. "I'm a supporter of the police, and I believe they should be given powers, but there has to be due process, and this bill doesn't provide that," Mr. Angell said. "They'll be allowed to go on fishing expeditions." [SOURCE: New York Times (A3), AUTHOR: Sarah Lyall]
Re: Email Privacy eating software
Eric Brunner wrote: [from [EMAIL PROTECTED], (www.benton.org/News/) Communications-related Headlines for 7/19/2000 ] BRITISH AUTHORITIES MAY GET WIDE POWER TO DECODE E-MAIL Perhaps at the Pittsburgh plenary we should discuss whether we want to move the London meeting elsewhere, least all of our lap tops be "scanned" and cryto keys surrendered.
Re: Email Privacy eating software
Jon Crowcroft wrote: yo udont know about RIP then if you visit the UK, and are asked to show any files on your computer, you cannot claim you "cannot remember the key" that wil lbe deemed evidence that you are witholding evidence and yo ucan go to jail jus for that.,. i.e. our new crypto-fascist law takes away the right to the presumption of innocence ratehr than guilt its like escrow only worse. the technology is irrelevant in the face of such blatant misuse of human rights. Well, the U.K. is supposed to be a democracy; why don't you just vote to get your rights restored?
RE: Email Privacy eating software
Well been British, we are to polite and would not like to make a fuss. :) -Original Message- From: Anthony Atkielski [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 18, 2000 9:37 AM To: [EMAIL PROTECTED] Subject: Re: Email Privacy eating software Jon Crowcroft wrote: yo udont know about RIP then if you visit the UK, and are asked to show any files on your computer, you cannot claim you "cannot remember the key" that wil lbe deemed evidence that you are witholding evidence and yo ucan go to jail jus for that.,. i.e. our new crypto-fascist law takes away the right to the presumption of innocence ratehr than guilt its like escrow only worse. the technology is irrelevant in the face of such blatant misuse of human rights. Well, the U.K. is supposed to be a democracy; why don't you just vote to get your rights restored?
Re: Email Privacy eating software
Jonathan Parkinson wrote: Well been British, we are to polite and would not like to make a fuss. :) Yeah, the ones who liked to make a fuss went off and started their own democracies centuries ago. So the British really don't mind having their privacy compromised, then? I hope Americans show a bit more concern, before it's too late.
Re: Email Privacy eating software
In message 008601bff09b$8b32e9b0$0a0a@contactdish, Anthony Atkielski type d: Well been British, we are to polite and would not like to make a fuss. :) Yeah, the ones who liked to make a fuss went off and started their own democracies centuries ago. So the British really don't mind having their privacy compromised, then? I hope Americans show a bit more concern, before it's too late. next summer's IETF meeting is tentatively scheduled for London, England http://www.ietf.org/meetings/0mtg-sites.txt if you turn up at customs with a laptop, you may be asked to show any and all files on it to the nice chaps there. if someone has sent you crypted email (say using your public key) you may be obliged to connect the lapto pto the public net and access your other key to decrypt the mail for the nice chaps in customs to priove that it is not to do with pornography or terrorism - whereeve yo uare from, you will have no recourse to say "no" or "this is commercial in confidence" or "my company will fire me if i let this go to anyone or send it over the net to decrypt at my home site etc etc" the wavelan in the meeting site may be subject to wiretap...etc etc the ietf community may wish to send a message by reconsidering having a meeting in the UKuntil the law here is made more rational. cheers jon
Re: Email Privacy eating software
At 11:50 AM 7/18/00 +0100, Jon Crowcroft wrote: next summer's IETF meeting is tentatively scheduled for London, England http://www.ietf.org/meetings/0mtg-sites.txt if you turn up at customs with a laptop, you may be asked to show any and all files on it to the nice chaps there. if someone has sent you crypted email (say using your public key) you may be obliged to connect the lapto pto the public net and access your other key to decrypt the mail for the nice chaps in customs to priove that it is not to do with pornography or terrorism - whereeve yo uare from, you will have no recourse to say "no" or "this is commercial in confidence" or "my company will fire me if i let this go to anyone or send it over the net to decrypt at my home site etc etc" As one who travels to London quite often and has red hair and is of Irish descent, this sounds a bit overmuch to me. I've never had anything other than a kind welcome by British customs officials. There are loads of crazy laws in the U.S. and other countries. We citizens are grateful that the enforcement branch of the government chooses to ignore them unless provoked.
Re: Email Privacy eating software
In message [EMAIL PROTECTED], Matt Holdrege wr ites: At 11:50 AM 7/18/00 +0100, Jon Crowcroft wrote: next summer's IETF meeting is tentatively scheduled for London, England http://www.ietf.org/meetings/0mtg-sites.txt if you turn up at customs with a laptop, you may be asked to show any and all files on it to the nice chaps there. if someone has sent you crypted email (say using your public key) you may be obliged to connect the lapto pto the public net and access your other key to decrypt the mail for the nice chaps in customs to priove that it is not to do with pornography or terrorism - whereeve yo uare from, you will have no recourse to say "no" or "this is commercial in confidence" or "my company will fire me if i let this go to anyone or send it over the net to decrypt at my home site etc etc" As one who travels to London quite often and has red hair and is of Irish descent, this sounds a bit overmuch to me. I've never had anything other than a kind welcome by British customs officials. There are loads of crazy laws in the U.S. and other countries. We citizens are grateful that the enforcement branch of the government chooses to ignore them unless provoked. I'm not sure what "sounds a bit overmuch" to you. Have a look at http://news.bbc.co.uk/hi/english/sci/tech/newsid%5F15/150465.stm --Steve Bellovin
Re: Email Privacy eating software
I have had a similar experience to the one reported in the article, and was meet with a similar dejected mood when they fired up my laptop to find not the usual, nice, graphical widows desktop but Linux, The officer in question picked up a phone and said to his colleague, It doesn't look like windows I think it is something else. When I said it was UNIX, he visibly paled in front of me, and waved me through. So it would appear that if you are a terrorist, bomb maker, subversive or have a hard disk full of pornography and plan to travel to London for the IETF meeting or anything else for that matter, I would recommend trading in your Laptop's running windows for an Apple or in my case a laptop running Linux, which cannot be scanned. It is sometimes kind of silly, but I am also English (working in the US) and frankly, I have to admit that in the grand scheme of things I do sleep slightly better at night knowing that these people (H.M. Customs Excise and even U.S. Customs) are there plugging away for us, I am sure that the way they look at it ,they also do not want to be doing it, but every so often they must catch a bad person. (notice, I did not say guilty ;-) that they can charge with something really heinous. And let us not forget that these people are enforcing the law that the politicians make. What we need IMHO is more understanding by the legislators, without this we are doomed to have our time wasted by ineffectual laws that serve no real purpose other than to waste people's time and slow them down instead of protecting the public interest. The future may hold that if you are running the non-de facto O/S like MacOS or Linux then you are technically guilty of encrypting data, because the guy that wants to search your hard disk is only trained on the commands and how to navigate the windows file system and no other. Maybe the NSA will classify Linux and other non windows operating systems as munitions of war ;- (which would be interesting seeing as I recall they (NSA) also run Linux, something about better security) Jim ** Legal Disclaimer The opinions expressed within this mail are specifically my own and in no way refer to or relate to any ongoing business and/or the technical direction of 3Com Corporation, or any subsidiary companies or business units within 3Com Corporation and its subsidiaries. ** "Steven M. Bellovin" [EMAIL PROTECTED] on 07/18/2000 11:45:14 AM Sent by: "Steven M. Bellovin" [EMAIL PROTECTED] To: Matt Holdrege [EMAIL PROTECTED] cc: Jon Crowcroft [EMAIL PROTECTED], [EMAIL PROTECTED] (Jim Stephenson-Dunn/C/HQ/3Com) Subject: Re: Email Privacy eating software In message [EMAIL PROTECTED], Matt Holdrege wr ites: At 11:50 AM 7/18/00 +0100, Jon Crowcroft wrote: next summer's IETF meeting is tentatively scheduled for London, England http://www.ietf.org/meetings/0mtg-sites.txt if you turn up at customs with a laptop, you may be asked to show any and all files on it to the nice chaps there. if someone has sent you crypted email (say using your public key) you may be obliged to connect the lapto pto the public net and access your other key to decrypt the mail for the nice chaps in customs to priove that it is not to do with pornography or terrorism - whereeve yo uare from, you will have no recourse to say "no" or "this is commercial in confidence" or "my company will fire me if i let this go to anyone or send it over the net to decrypt at my home site etc etc" As one who travels to London quite often and has red hair and is of Irish descent, this sounds a bit overmuch to me. I've never had anything other than a kind welcome by British customs officials. There are loads of crazy laws in the U.S. and other countries. We citizens are grateful that the enforcement branch of the government chooses to ignore them unless provoked. I'm not sure what "sounds a bit overmuch" to you. Have a look at http://news.bbc.co.uk/hi/english/sci/tech/newsid%5F15/150465.stm --Steve Bellovin
Re: Email Privacy eating software
Phil Neumiller wrote: I like this idea! Yeah, if we can reclassify black boxes as munitions, as the NSA has done to encryption for years, then we can claim that we have the "right to bear black boxes". ...just like we have the right to own nuclear weapons. -- /==\ |John Stracke| http://www.ecal.com |My opinions are my own.| |Chief Scientist |=| |eCal Corp. |You buttered your bread, now lie in it. | |[EMAIL PROTECTED]| | \==/
RE: Email Privacy eating software
I can not disagree, however, where does the responsibility to ensure liberty lay, and what is required to ensure said liberty? specifically, what may be suggested that one do, assuming bearing arms is inappropriate, to ensure email privacy in particular and 'internet' liberty in general? -Original Message- From: Book, Robert [mailto:[EMAIL PROTECTED]] Sent: Monday, July 17, 2000 12:45 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: Email Privacy eating software Hmmm, I think the federal government might have another opinion that topic, re: Waco, etc., but this is far off the topic. It's an idyllic viewpoint, though. But I'm afraid we're at the point in history where the phrase "a life of freedom in the United States" is an oxymoron. And, if Carnivore isn't as clear an example of that as one needs, then one is probably wearing rose-colored glasses. -Original Message- From: David A. Higginbotham [mailto:[EMAIL PROTECTED]] Sent: Monday, July 17, 2000 10:54 AM To: [EMAIL PROTECTED] Subject: RE: Email Privacy eating software we have the right to own anything we can dream up and build, we do not always have the right to use it for its intended purpose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Stracke Sent: Monday, July 17, 2000 10:15 AM To: [EMAIL PROTECTED] Subject: Re: Email Privacy eating software Phil Neumiller wrote: I like this idea! Yeah, if we can reclassify black boxes as munitions, as the NSA has done to encryption for years, then we can claim that we have the "right to bear black boxes". ...just like we have the right to own nuclear weapons. -- /==\ |John Stracke| http://www.ecal.com |My opinions are my own.| |Chief Scientist |=| |eCal Corp. |You buttered your bread, now lie in it. | |[EMAIL PROTECTED]| | \==/
Re: Email Privacy eating software
On Mon, 17 Jul 2000 11:37:47 PDT, Brian Lloyd said: Personally, I satisfy my desire for privacy by using strong encryption wherever possible. I sure hope I am not hurting any feelings at the FBI. From the Sendmail 8.11 Release notes: Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS). Implementation influenced by the example programs of OpenSSL and the work of Lutz Jaenicke of TU Cottbus. Support the security layer in SMTP AUTH for mechanisms which support encryption. Based on code contributed by Tim Martin of CMU. I'm sure that the guys who run Echelon will be overjoyed when this ships (Real Soon Now ;) They'll be even more overjoyed if a lot of sites start using it... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech PGP signature
RE: Email Privacy eating software
At 12:15 PM 7/17/2000, David A. Higginbotham wrote: When is one oppressed such that fighting is appropriate? Where does one begin this fight should such a point be reached? I will be happy to discuss my views on this with you but my feeling is that it is not an appropriate topic of discussion for the IETF list. Brian Lloyd Lucent Technologies [EMAIL PROTECTED] 3461 Robin Lane, Suite 1 http://www.livingston.comCameron Park, CA 95682 +1.530.676.6513 - voice +1.530.676.3442 - fax
Re: Email Privacy eating software
On Fri, 14 Jul 2000, Anthony Atkielski wrote: I don't understand why the FBI feels that it needs to have a top-secret black box attached to the ISP's network. Why not just have the ISP provide a copy of all e-mail to or from the specified mailbox? Because other people will know when they're snooping. -- steven
Re: Email Privacy eating software
In message 01dc01bfed78$0e7a55a0$0a0a@contactdish, Anthony Atkielski type d: I don't understand why the FBI feels that it needs to have a top-secret black box attached to the ISP's network. Why not just have the ISP provide a copy of all e-mail to or from the specified mailbox? wiretap is a weapon in the FBI's armoury in the US, YOU have the right to bear arms You should demand the constitutional right to wiretap the FBI and CIA and so on right now. that will fix things. j.
RE: Email Privacy eating software
In the UK we have the same type of problem, this time from my Favorite Company MI5. 'The UK is leading the world when it comes to high-tech spying on its citizens' Please see http://news6.thdo.bbc.co.uk/hi/english/sci/tech/newsid_762000/762514.stm Lets face it, internet service providers will be forced to install black boxes in their data centres that connect directly to an MI5 monitoring centre in London. Now that would be nice to hack into. More to the point, Who is going to fund this? 'thinking' Oh yes thats why Petrol in the UK has now passed the £1.03 per litre barrier. 'http://www.rip-off.co.uk/fuel.htm' :-) -Original Message- From: Jon Crowcroft [mailto:[EMAIL PROTECTED]] Sent: Friday, July 14, 2000 12:03 PM To: Anthony Atkielski Cc: ietf Subject: Re: Email Privacy eating software In message 01dc01bfed78$0e7a55a0$0a0a@contactdish, Anthony Atkielski type d: I don't understand why the FBI feels that it needs to have a top-secret black box attached to the ISP's network. Why not just have the ISP provide a copy of all e-mail to or from the specified mailbox? wiretap is a weapon in the FBI's armoury in the US, YOU have the right to bear arms You should demand the constitutional right to wiretap the FBI and CIA and so on right now. that will fix things. j.
Re: Email Privacy eating software
I like this idea! Yeah, if we can reclassify black boxes as munitions, as the NSA has done to encryption for years, then we can claim that we have the "right to bear black boxes". This is great! - Original Message - From: "Jon Crowcroft" [EMAIL PROTECTED] To: "Anthony Atkielski" [EMAIL PROTECTED] Cc: "ietf" [EMAIL PROTECTED] Sent: Friday, July 14, 2000 6:03 AM Subject: Re: Email Privacy eating software In message 01dc01bfed78$0e7a55a0$0a0a@contactdish, Anthony Atkielski type d: I don't understand why the FBI feels that it needs to have a top-secret black box attached to the ISP's network. Why not just have the ISP provide a copy of all e-mail to or from the specified mailbox? wiretap is a weapon in the FBI's armoury in the US, YOU have the right to bear arms You should demand the constitutional right to wiretap the FBI and CIA and so on right now. that will fix things. j.
Re: Email Privacy eating software
In message [EMAIL PROTECTED], "Parkinson, Jonathan" typed: In the UK we have the same type of problem, this time from my Favorite Company MI5. I agree. i also think that there are important lessons for lawmakers in other countries, so it is a suitable subject for IETF discussion. 'The UK is leading the world when it comes to high-tech spying on its citizens' Please see http://news6.thdo.bbc.co.uk/hi/english/sci/tech/newsid_762000/762514.stm= yes, this is something that the UK should be ashamed of - there is very good documentary evidence that the government is ignoring technical advice on the costs ot the ISP community in terms of implementing this they wayu that the UK law was designed, or the risks to citizens, and the loss of revenue when content and application providers move their business to palecs which implement less stupid, expensive and ineffective ways to intercept criminal or terrorist communication - the home offices response to criticism was a masterpiece of political rubbish, and included specific items which were lies. examples include assertions about what other coutnries were doing in terms of techniocal implementations of both intercept, and who gets charged for the implementation cost. Lets face it, internet service providers will be forced to install = black boxes in their=20 data centres that connect directly to an MI5 monitoring centre in = London. Now that would=20 be nice to hack into. =20 when it happens, it will be a good day for demoracy. one trick to do is to put a bunch of fake data on the net whch causes them to either act on it, or have to randiomize whether they act or not (see cryptonomicon) so that real miscreants wont be able to tell they are listening (fairly standard stuff in fact) - turns out that there are several ways to put in place random traffic generators (which even more interestingly can also be part of billing systems) that run counter-intuitive, but make it very hard to do RIP but do allow one to retain privacy. More to the point, Who is going to fund this? 'thinking' Oh yes thats = why Petrol in the=20 UK has now passed the =A31.03 per litre barrier. 'http://www.rip-off.co.uk/fuel.htm'=20 :-) right - but in that case, we can take public transport or buy a bike - in the case of ecommerce, it can go elsewhere and the UK loses. note that a lot of the GRID users are talking about striping data over multiple paths (yes, and at 1.2Gbps per path) so the data copy costs of intercept are more than double the data transfer - in fact they would be just with normal dynamic routing the reason the UK bill is confused is that it was written by telephants - people who probably lost their jobs as the tradditonal phone business goes marginal and now advise shady organisations such as gchq - these folks understand that the Exchange in the PSTN is the natuaral point for billing and is therefore also quite a reasnable palce to do intercept what they dont get is that there is no natural point to do this in a packet net, least of all a datagram, end to end network, except at the end points. what annoys me is that the UK government has persistnytly caimed that ALL opponents of the bill oppose intercept, when in fact almost all the ones I've spoken to object to a STUPID pointless waste of money, not to intercept at feasiable (E.g. end systems - such as email servers, web, web cachce/proxy, napster server etc) points -Original Message- From: Jon Crowcroft [mailto:[EMAIL PROTECTED]] Sent: Friday, July 14, 2000 12:03 PM To: Anthony Atkielski Cc: ietf Subject: Re: Email Privacy eating software In message 01dc01bfed78$0e7a55a0$0a0a@contactdish, Anthony = Atkielski type d: I don't understand why the FBI feels that it needs to have a = top-secret black box attached to the ISP's network. Why not just have the ISP provide a copy of all e-mail to or from the specified mailbox? wiretap is a weapon in the FBI's armoury in the US, YOU have the right to bear arms You should demand the constitutional right to wiretap the FBI and CIA = and so on right now. that will fix things. j. cheers jon
Re: Email Privacy eating software
In message [EMAIL PROTECTED], Doug Isenberg writes : From today's Wall Street Journal (http://interactive.wsj.com/articles/SB963523417716552926.htm): One of the nation's largest Internet-service providers, Earthlink Inc., has refused to install a new Federal Bureau of Investigation electronic surveillance device on its network, saying technical adjustments required to use the device caused disruptions for customers. The FBI has used Carnivore, as the surveillance device is called, in a number of criminal investigations. But EarthLink is the first ISP to offer a public account of an actual experience with Carnivore. The FBI has claimed that Carnivore won't interfere with an ISP's operations One can draw some interesting conclusions from that article, though firm technical details from the FBI would be welcome. First -- the box was placed at the remote access servers, and is -- according to the article -- capable of monitoring email and other network traffic. Earthlink claims that the box was incompatible with the software version of the server they were running, and says that they had to downgrade to an older, buggy version, which crashed, causing a denial of service. The FBI, in turn, says that their box is purely passive, so it can't affect the net. My suspicion is that the box wants to monitor traffic based on IP address, and not just email headers. To do that, it needs to know when the suspect has dialed in, and what his/her IP address is. That, in turn, would likely require monitoring of the RADIUS traffic, which (if it were different from release to release) might have forced the downgrade. --Steve Bellovin
Re: Email Privacy eating software
Date: Fri, 14 Jul 2000 16:13:35 +0200 (CEST) From: Steven Cotton [EMAIL PROTECTED] Subject: Re: Email Privacy eating software On Fri, 14 Jul 2000, Steven M. Bellovin wrote: That, in turn, would likely require monitoring of the RADIUS traffic, which (if it were different from release to release) might have forced the downgrade. RADIUS logfiles provide lots of interesting information. They'll know your dial-up habits, phone number, length of time connected etc. The FBI should just start their own ISP. How do you know "they" (whoever "they" might be) haven't? -tjs
RE: Email Privacy eating software
-Original Message- From: Steven Cotton [mailto:[EMAIL PROTECTED]] Sent: Friday, July 14, 2000 10:14 AM To: ietf Subject: Re: Email Privacy eating software On Fri, 14 Jul 2000, Steven M. Bellovin wrote: That, in turn, would likely require monitoring of the RADIUS traffic, which (if it were different from release to release) might have forced the downgrade. RADIUS logfiles provide lots of interesting information. They'll know your dial-up habits, phone number, length of time connected etc. The FBI should just start their own ISP. What a scary thought! Maybe then they would not need to scan email - they could just tell us what to write. Cheers, ~L
Re: Email Privacy eating software
How do you know "they" (whoever "they" might be) haven't? Because they don't know how. And we know that they don't know how because they are still setting up stupid things like Carnivore.
Re: Email Privacy eating software
On Fri, 14 Jul 2000 18:43:29 +0200, Anthony Atkielski [EMAIL PROTECTED] said: How do you know "they" (whoever "they" might be) haven't? Because they don't know how. And we know that they don't know how because they are still setting up stupid things like Carnivore. It has long been a well-known fact that to excel in slapstick comedy requires incredible agility, strength, and flexibility -- Valdis Kletnieks Operating Systems Analyst Virginia Tech PGP signature
