Horseman #3, cont'd...
--- begin forwarded text Status: U Date: Sun, 16 Dec 2001 20:35:36 -0800 To: Declan McCullagh [EMAIL PROTECTED], [EMAIL PROTECTED] From: John Young [EMAIL PROTECTED] Subject: Re: Terrifying PGP Sender: [EMAIL PROTECTED] Sure, and the URLs still work. The first URL opens the story and the PGP doc is mentioned at the jump at the 2nd URL: http://semanal.expresso.pt/primeira/artigos/interior.asp?edicao=1520id_arti go=ES45175 http://semanal.expresso.pt/internacional/artigos/interior.asp?edicao=1520id _artigo=ES45132 Here's Babelfish translation of the passage: To the side of some techniques of combat, apparently rudimentary, were possible to find a manual on one of the techniques of criptagem of more advanced electrsnicas communications of the world, Pretty Good Privacy (PGP). This method, practically considered inviolable, was forbidden by the Congress them United States for distrust that could be used to hide activities terrorist. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re[2]: Russian Duma Adopts Law On Digital Signatures
Hello Pawel, Monday, December 17, 2001, 1:45:02 PM, you wrote: PK Interesting how laws are passed in the part of world, as Polish digital PK signature law was also passed with lots of private businesses being PK done in both Parliament and Senate, against advice of the expert PK comission created by the Parliament itself (sic!) and agains the EU PK recommendations. So we have the law enacted, but everyone is expecting PK that to be changed soon to become usable, and definitely to make it PK compliant with EU law. Are there any translation/comments in English? Cheers, -- -- Maksim - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [DailyRotten] FBI requests worm-built password log
Jay D. Dyson writes:: On Mon, 17 Dec 2001, Gordon Mohr wrote: http://www.dailyrotten.com/articles/archive/189387.html I can see legitimate reasons for wanting the log: tracing the progression/origin of the worm, or notifying the victims. But the interplay with MagicLantern and PatriotAct issues is thought-provoking... Actually, this is nothing new. The boys at the Bureau have a long history of requesting data to which they have no genuine legal right of access. Their original requests -- with few exceptions -- bank on ignorance of due process. Why is anyone surprised law enforcement would want this data? In order to investigate the crime in the first place, law enforcement needs to know what the crackers stole. One may not like the standards for access (warrant, certification, administrative subpoena, etc.) but it's difficult to argue the FBI lacks a legitimate purpose for this data. I also see no evidence that any laws are being broken here. So what's the gripe? The Patriot Act went too far? That's old news at this point. Given the detail (and named sources) missing from the story, it looks like nothing so much an account of a standard, legitimate inquiry from law enforcement. Will Rodger - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [DailyRotten] FBI requests worm-built password log
In message Pine.GSO.3.96.1011217132546.27456B-10@crypto, Jay D. Dyson w rites: On Mon, 17 Dec 2001, Will Rodger wrote: But the interplay with MagicLantern and PatriotAct issues is thought-provoking... Actually, this is nothing new. The boys at the Bureau have a long history of requesting data to which they have no genuine legal right of access. Their original requests -- with few exceptions -- bank on ignorance of due process. Why is anyone surprised law enforcement would want this data? In order to investigate the crime in the first place, law enforcement needs to know what the crackers stole. I guess you can consider me puzzled as to this claim. The FBI isn't interested in what was stolen. The forensic analyses of the worm's functions will tell you in a generic sense the answer to that question. What the boys at the Bureau want is the lump sum of victims' stolen information. To use an analogy[1], if a neighborhood burglar makes off with my videocamera, all the LEAs and their LEOs need to know is the description and serial number of the product so it can be identified as mine. They don't need to know the contents of the tape in the videocamera in order to demonstrate that criminal action occurred in the taking of said camera. Well, recovered stolen property is generally considered evidence. Looking at that file provides evidence that the worm *did* steal passwords, and not just that it was capable of doing so according to some complex analysis. (For many worms, there is often considerable uncertainly about exactly what they can and cannot do. Besides, do you want to try to explain decompiling to a jury?) Perhaps more on target, possession of those passwords does *not*, as far as I can tell, change the FBI's legal ability to, for example, read someone's email. They'd still need a court order under your favorite statute. At most, I suspect that they could use information in that file as evidence of improper possession of a password by one of the worm's victims. Not good if you're the improper possessor -- but also not an extension of the FBI's abilities or authority. The implication of the original claim was that the FBI wanted these passwords so that they could surreptiously read email without bothering with Magic Lantern or Carnivore. Maybe -- but doing so without authorization is just as illegal with passwords as via a tailored Trojan horse. (Well, maybe the latter would constitute a violation of 18 USC 1030, the Computer Fraud and Abuse Act. I think the former would, too, plus it would violate 18 USC 1029: use of a counterfeit access device.) The only thing these passwords would do is make the entry easier. --Steve Bellovin, http://www.research.att.com/~smb Full text of Firewalls book now at http://www.wilyhacker.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
