Re: NSA knows who you've called.

2006-05-18 Thread Steve Schear

At 08:05 AM 5/11/2006, Perry E. Metzger wrote:

Let me again remind people that if you do not inform your elected
representatives of your displeasure with this sort of thing,
eventually you will not be in a position to inform them of your
displeasure with this sort of thing.


I think begging elected representatives to acknowledge your rights is 
generally a waste of time, especially when there is powerful or ingrained 
opposition.  The Civil Rights movement got nowhere until there was massive 
civil disobedience.  Widespread deployment of generic and otherwise 
acceptable technologies that can be re-targeted for end-user controlled 
privacy (not what governments would like to see, which is privacy mediated 
by corporations, licensed professionals or other regulated entities they 
can easily pressure) and/or insistence of powerful and wealthy individuals 
that they have the privacy they deserve and get it in such a way as its 
easily unavailable to the average citizen.


Steve 



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NSA knows who you've called.

2006-05-17 Thread Russ Nelson
[EMAIL PROTECTED] writes:
  You and I are in agreement, but how do we get
  the seemingly (to us) plain truth across to
  others?  I've been trying for a good while now,
  reaching a point where I'd almost wish for a
  crisis of some sort as persuasiveness is not
  working.
  
  We are probably well off-topic for this list.

First they came for the terrorists, and I said nothing because I
wasn't a terrorist.  Then they came for my phone calls, and I said
nothing because I had nothing to hide.  Then they came for the
cryptographers, and I said nothing because I coulldn't even spel the
word.  Now I can't hide anything.

-- 
--my blog is athttp://blog.russnelson.com   | Microsoft as wall,
Crynwr sells support for free software  | PGPok | OSI are the sappers.
521 Pleasant Valley Rd. | +1 315-323-1241   | Walls fall stone by stone
Potsdam, NY 13676-3213  | Sheepdog  | 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NSA knows who you've called.

2006-05-13 Thread dan

alan writes:
-+--
 | 
 | Probably because most Americans believe they are being spied on
 | anyways.  (And have for a very long time.)
 | 


Au contraire', it is precisely what, for example,
my spouse would say: I live a decent life and have
nothing to hide.

As this and all security-related lists are composed
of people who are off-center when it comes to risk,
it is us what be the outliers in the distribution
and in no way are our various paranoias widely shared.

Not trying to debate the hive mind, etc.,

--dan


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NSA knows who you've called.

2006-05-13 Thread Nick Owen
Perry E. Metzger wrote:
 [EMAIL PROTECTED] writes:
 While I agree with you, the public does not,
 so far as I can tell, find itself willing to
 risk insecurity for the benefit of preserving
 privacy, as this article in today's Boston
 Globe would tend to confirm.
 
 I'm sure. On the other hand, I think it is our place, as security
 professionals, to explain why the tradeoff is a false one. Respect for
 individual rights is not something we do in good times because it is a
 luxury we can afford when there is stability. It is something we need
 most in bad times, because it is what keeps us safe and maintains
 stability itself.

Or to teach pollsters to ask the correct questions.  Take this survey:
http://www.washingtonpost.com/wp-srv/politics/polls/postpoll_nsa_051206.htm

What it this question from the poll:
It's been reported that the National Security Agency has been collecting
the phone call records of tens of millions of Americans. It then
analyzes calling patterns in an effort to identify possible terrorism
suspects, without listening to or recording the conversations. Would you
consider this an acceptable or unacceptable way for the federal
government to investigate terrorism? Do you feel that way strongly or
somewhat?

Was instead:
The NSA has been collecting the phone call records of tens of millions
of Americans possibly in violation of the law.  Would you consider it
acceptable for the government to break the law to investigate terrorism?

Nick

-- 
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
https://www.linkedin.com/in/nickowen

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NSA knows who you've called.

2006-05-13 Thread dan

Nick Owen writes:
-+---
 | ...
 | Or to teach pollsters to ask the correct questions.
 | ...


All,

Mr. Owen is dead-on.  Speaking as someone who has had
a formal education in statistics including the design
of survey instruments, I will say that of all the ways
in which it is possible for the dishonest to skew the
results of quantitative analysis, survey design is hands
down the most vulnerable.  You want the numbers to come
out your way?  Sure, you can manipulate any data set of
numbers to lean the direction you want them to lean,
but if you control the survey instrument used to collect
the raw data in the first place you 0wn the analysis
in ways that re-analysis by others cannot erase.

Case in point: Allowing those who care about Issue XYZ
to self-select whether to take your survey guarantees
overweighting the tails of your distribution and in
ways that you may not be able to see (such as organized
survey takers who talk to each other).  Sort of like
an Internet-mailing-list, no?

--dan


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NSA knows who you've called.

2006-05-13 Thread alan

On Fri, 12 May 2006, [EMAIL PROTECTED] wrote:



alan writes:
-+--
|
| Probably because most Americans believe they are being spied on
| anyways.  (And have for a very long time.)
|


Au contraire', it is precisely what, for example,
my spouse would say: I live a decent life and have
nothing to hide.


I ask people who say they have nothing to hide for their credit card 
numbers.


Everyone has something to hide.

The point is that you do not have to have done *anything* to be worried. 
How do you know that your name is not a known alias of some evil nasty 
terrorist who buggers FBI agents in his spare time?



As this and all security-related lists are composed
of people who are off-center when it comes to risk,
it is us what be the outliers in the distribution
and in no way are our various paranoias widely shared.


The question is should they be?.

--
Waiter! This lambchop tastes like an old sock! - Sheri Lewis

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NSA knows who you've called.

2006-05-13 Thread alan

On Fri, 12 May 2006, [EMAIL PROTECTED] wrote:



Perry E. Metzger writes:
-+
|
| And a personal note to you all:
|
| Let me again remind people that if you do not inform your elected
| representatives of your displeasure with this sort of thing,
| eventually you will not be in a position to inform them of your
| displeasure with this sort of thing.
|

Perry,

While I agree with you, the public does not,
so far as I can tell, find itself willing to
risk insecurity for the benefit of preserving
privacy, as this article in today's Boston
Globe would tend to confirm.

http://www.boston.com/news/nation/articles/2006/05/12/most_put_security_ahead_of_privacy/

  Most put security ahead of privacy
  (By Bruce Mohl, Globe Staff)
  Mark Jellison, a Verizon customer in Quincy, isn't fazed that his
  phone company may have turned over his calling records and those of
  millions of others to the National Security Agency as part of an
  effort to thwart terrorism.

  snip


Probably because most Americans believe they are being spied on anyways. 
(And have for a very long time.)


I find it interesting that the question is always about fighting 
terrorism.  I am willing to bet you would get different answers if the 
question was phrased as Should a president be allowed to carry out 
massive wiretaps to spy on his political enemies?


I have seen NO proof that this spying was limited, or even directed 
towards, terrorists.  (Unless Democrats, peace activists, eco-freaks, 
hackers, and the like are now considered Terrorists.) Since there is no 
oversight allowed, we must assume that this effort has more to do with 
rooting out and destroying threats to the President than it does to actual 
threats to the security of the country.


--
Waiter! This lambchop tastes like an old sock! - Sheri Lewis

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NSA knows who you've called.

2006-05-13 Thread dan

Alan,

You and I are in agreement, but how do we get
the seemingly (to us) plain truth across to
others?  I've been trying for a good while now,
reaching a point where I'd almost wish for a
crisis of some sort as persuasiveness is not
working.

We are probably well off-topic for this list.

--dan


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NSA knows who you've called.

2006-05-13 Thread dan

alan writes:
-+--
 | 
 | I guess the big question is one of trust.  I cannot see why people
 | trust the Bush administration.  Any time they have been given power
 | they have abused it or used it to destroy their rivals.
 | 


I don't think this has anything to do with
any particular administration.  As Gilmore
would say now (hi, John), don't give any
government a power you would not want a 
despot to have. 

--dan

=
What's on my car

https://www.protestwarrior.com/store/files/master/democrat_president.gif


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NSA knows who you've called.

2006-05-13 Thread Daniel F. Fisher

See also Title 18 section 2703(c)(2):

(2) A provider of electronic communication service or remote computing 
service shall disclose to a governmental entity the - (A) name; (B) 
address; (C) local and long distance telephone connection records, or 
records of session times and durations; (D) length of service (including 
start date) and types of service utilized; (E) telephone or instrument 
number or other subscriber number or identity, including any temporarily 
assigned network address; and (F) means and source of payment for such 
service (including any credit card or bank account number), of a 
subscriber to or customer of such service when the governmental entity 
uses an administrative subpoena authorized by a Federal or State statute 
or a Federal or State grand jury or trial subpoena or any means 
available under paragraph (1). 


(at 
http://caselaw.lp.findlaw.com/casecode/uscodes/18/parts/i/chapters/121/sections/section_2703.html 
)


This paragraph specifically gives the requirements for disclosure of 
local and long distance telephone connection records, which were plainly 
not met.


-Dan

William Allen Simpson wrote:


Perry E. Metzger wrote:


http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm


Legal analysis from Center for Democracy and Technology at:

http://www.cdt.org/publications/policyposts/2006/8




-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NSA knows who you've called.

2006-05-13 Thread Anne Lynn Wheeler

[EMAIL PROTECTED] wrote:

You and I are in agreement, but how do we get
the seemingly (to us) plain truth across to
others?  I've been trying for a good while now,
reaching a point where I'd almost wish for a
crisis of some sort as persuasiveness is not
working.


for other drift ... the stuff about call record analysis with regard to 
social networking has been topic in datamining conferences for at least 
a couple years ... both academia and industry. the cellphone companies 
appear to be especially interested in it, for various kinds of capacity 
planning and marketing purposes (I think some academia even have 
contracts with cell phone companies researching this area).


several months ago my wife had extensive communication with an editor 
doing some background stuff on datamining. some of it showed up in an 
article somewhat spun for the current situation


Info Mining  Sharing are Controversial Co-Dependents, part 1:
http://www.publicsectorinstitute.net/ELetters/EGovernment/v4n7/May13Articles.lsp#DataMining

my wife's quotes liberally lace part 2:

Data Mining Disrupts  Enables
http://www.publicsectorinstitute.net/ELetters/EGovernment/v4n7/May13Articles.lsp#DataMining2

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NSA knows who you've called.

2006-05-12 Thread William Allen Simpson

Perry E. Metzger wrote:

http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm


Legal analysis from Center for Democracy and Technology at:

http://www.cdt.org/publications/policyposts/2006/8

--
William Allen Simpson
Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NSA knows who you've called.

2006-05-12 Thread dan

Perry E. Metzger writes:
-+
 | 
 | And a personal note to you all:
 | 
 | Let me again remind people that if you do not inform your elected
 | representatives of your displeasure with this sort of thing,
 | eventually you will not be in a position to inform them of your
 | displeasure with this sort of thing.
 | 

Perry,

While I agree with you, the public does not,
so far as I can tell, find itself willing to
risk insecurity for the benefit of preserving
privacy, as this article in today's Boston
Globe would tend to confirm.

http://www.boston.com/news/nation/articles/2006/05/12/most_put_security_ahead_of_privacy/

   Most put security ahead of privacy
   (By Bruce Mohl, Globe Staff)
   Mark Jellison, a Verizon customer in Quincy, isn't fazed that his
   phone company may have turned over his calling records and those of
   millions of others to the National Security Agency as part of an
   effort to thwart terrorism.

   snip


--dan


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NSA knows who you've called.

2006-05-12 Thread Perry E. Metzger

[EMAIL PROTECTED] writes:
 While I agree with you, the public does not,
 so far as I can tell, find itself willing to
 risk insecurity for the benefit of preserving
 privacy, as this article in today's Boston
 Globe would tend to confirm.

I'm sure. On the other hand, I think it is our place, as security
professionals, to explain why the tradeoff is a false one. Respect for
individual rights is not something we do in good times because it is a
luxury we can afford when there is stability. It is something we need
most in bad times, because it is what keeps us safe and maintains
stability itself.


Perry

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]