Re: layered deception
At 11:46 PM 4/28/2001 -0400, Declan McCullagh wrote: I rather like the idea of encrypting the logs on the fly and shipping them offshore. Your offshore partner will be instructed to turn over the logs only if you are not asking for them under duress. (A reasonable protocol can probably be worked out. Would a court order instruct you to lie? If so, would it be valid?) One of the simplest and most effective ways to accomplish this is to require the legally responsible corporate person to physically show up at the offshore location as proof of a lack of duress. steve
RE: layered deception
there is no requirement for maintaining log files (unless specifically directed otherwise.) log files contain either marketing value or sysadmin value -- in both cases specific ip addr info isn't necessary to maintain that value (except in case of anomalous activity). one could collect info without identifying information. same principle applies to e-mail. once mail is deleted from a pop or imap or whatever server, there is no requirement to keep the backup tapes of e-mail. in fact the larger isps no longer keep deleted e-mail...they maintain only e-mail headers for up to six months. smaller isps should follow in these steps (though i'd argue you shouldn't even keep header info.) don't save it if you don't really truly need it. phillip -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Declan McCullagh Sent: Saturday, April 28, 2001 11:46 PM To: Anonymous Cc: [EMAIL PROTECTED] Subject: Re: layered deception I rather like the idea of encrypting the logs on the fly and shipping them offshore. Your offshore partner will be instructed to turn over the logs only if you are not asking for them under duress. (A reasonable protocol can probably be worked out. Would a court order instruct you to lie? If so, would it be valid?) -Declan On Sat, Apr 28, 2001 at 03:45:38PM -0600, Anonymous wrote: In view of the recent gimme-the-logs-or-we-fuck-you activities of armed men (http://www.indymedia.org/front.php3?article_id=36912group=webcast , http://seattle.indymedia.org/display.php3?article_id=3013 ) what would be the legal consequence of the following: 1. A virus is designed that spreads itself in some standard way and that deletes log files of popular http server implementations. 2. Files are deleted when virus receives a packet on a known port. 3. Detection of virus requires more than average admin can do. So when logs are requested an outside 3rd party can maliciously remove logs. The first several ISPs to contract this virus will probably get fucked, but by then it should become obvious that the ISP cannot effectively control the virus.
Re: layered deception
I rather like the idea of encrypting the logs on the fly and shipping them offshore. Your offshore partner will be instructed to turn over the logs only if you are not asking for them under duress. (A reasonable protocol can probably be worked out. Would a court order instruct you to lie? If so, would it be valid?) -Declan On Sat, Apr 28, 2001 at 03:45:38PM -0600, Anonymous wrote: In view of the recent gimme-the-logs-or-we-fuck-you activities of armed men (http://www.indymedia.org/front.php3?article_id=36912group=webcast , http://seattle.indymedia.org/display.php3?article_id=3013 ) what would be the legal consequence of the following: 1. A virus is designed that spreads itself in some standard way and that deletes log files of popular http server implementations. 2. Files are deleted when virus receives a packet on a known port. 3. Detection of virus requires more than average admin can do. So when logs are requested an outside 3rd party can maliciously remove logs. The first several ISPs to contract this virus will probably get fucked, but by then it should become obvious that the ISP cannot effectively control the virus.
Ashcroft's Wants A Billion More than Reno...
[Note from Matthew Gaylor: Here is a prime example of the Republican vision of doing more with less FY 2002 budget includes $1.057 billion in program increases. That's a billion more than Janet Reno spent. What total and complete government reduction frauds the Republicans are. Also note that Ashcroft wants to add 1,500 School Resource Officers to Clinton's 100,000 Cops program. What these 1500 federal funded officers are going to do in our schools, will make an even better case for home schooling. I'm sure the stupid ass religious right can be happy now that they've added a new federally funded police force bureaucracy to local schools. I'll know who to blame especially after they fought tooth and nail for Ashcroft's nomination. Please note- My stupid ass comment is not directed at religion, but is directed at those who supported Ashcroft. And to top it off he wants extra cash to break crypto, presumably so we can't bitch about their nefarious anti-liberty activities privately.] STATEMENT OF JOHN ASHCROFT BEFORE THE UNITED STATES SENATE COMMITTEE ON APPROPRIATIONS SUBCOMMITTEE ON COMMERCE, JUSTICE, AND STATE, THE JUDICIARY AND RELATED AGENCIES April 26, 2001 Mr. Chairman and Members of the Subcommittee: It is both an honor and a pleasure to appear before you this morning to present President Bush's first budget request for the Department of Justice. For Fiscal Year 2002, the President's budget seeks $24.65 billion for the Department of Justice, including $20.94 billion in discretionary spending authority and $3.71 billion in mandatory resources, such as fees. This budget seeks to fulfill our basic federal law enforcement responsibilities, address emerging technology and critical infrastructure needs, and focus on the Administration's priorities of reducing gun crime, combating drug use, guaranteeing the rights of all Americans, and empowering communities in their continued fight against crime. While the fiscal year 2002 budget request maintains the same overall amount of discretionary spending authority as was provided by this Subcommittee in FY 2001, we have managed to enhance a number of key areas. The budget includes a general shift in spending from state and local law enforcement in order to support our core federal law enforcement mission, and better target assistance to areas of greatest need, such as crime in our schools, crimes committed with firearms, and violence against women. The Community Oriented Policing Services (COPS) program is continued at a somewhat reduced level, with resources targeted for school safety, law enforcement technology needs, and reducing DNA backlogs. The COPS request does not disrupt or affect the commitments made to put 100,000 more police on the streets and, in fact, goes further by proposing to hire up to an additional 1,500 School Resource Officers. Basic Law Enforcement The Core Federal Mission The budget I present to you today first addresses the basic law enforcement responsibilities of the Department of Justice. The mission of the Department is clear: to enforce the law and defend the interests of the United States according to the law; to provide leadership in preventing and controlling crime; to seek just punishment for those guilty of unlawful behavior; to administer and enforce the nation's immigration laws fairly and effectively; and to ensure fair and impartial administration of justice for all Americans. The FY 2002 budget includes $1.057 billion in program increases to enable the Department to carry out its mission, particularly in the areas of detention and incarceration, antiterrorism, cybercrime, and counterintelligence. Increased Detention and Incarceration Capacity The number of inmates in the Federal Prison System has more than doubled since 1990 as a result of tougher sentencing guidelines, mandatory minimum sentences, the abolition of parole, and increased federal law enforcement efforts. This surge in the prison population continually tests the limits of our detention and incarceration capacity. The FY 2002 budget for the Department of Justice includes a $949.5 million increase in funding to support the federal responsibility of detaining individuals awaiting trial or sentencing in federal court, and incarcerating inmates who have been sentenced to prison for federal crimes. The rapid growth in the federal inmate population is expected to continue. Despite the investment of nearly $5 billion for prison construction over the past decade, the prison system is
RE: layered deception
On Sun, 29 Apr 2001, Declan McCullagh wrote: Right, in most circumstances you're not required to keep logs. But there are some cases, albeit a fairly narrow subset, in which you'd want to have log files that are available to you but not an adversary using legal process. -Declan If you need your logs for technical debugging, do your technical debugging diligently and daily, and erase them immediately after. Until the moment they are erased, they are vulnerable to theft, whether the thief has a subpeona or not. If you want to preserve relevant information from your logfiles, just lift out the relevant information and nothing else. Mung it into a completely different form (so it's not a logfile anymore), encrypt it, and save it to a private directory. With any luck, a regular data thief won't find it. Short of making a bad mistake, even if they do find it they won't be able to decrypt. If you're forced to guide a thief with a subpeona to it, there's no guarantee that the info *you* found relevant is the same info they want and also the precedent on whether you can be jailed for refusing to reveal a key you keep in your head is fuzzy at best. Bear
Re: Choate - Enough is Enough
Will someone at lne.com finally decide that he qualifies as spam and start filtering? That simple act would improve the signal to noise ratio dramatically. Internet is a self-service establishment. Full-service has too much undesirable luggage attached to it. I haven't seen choatian posts for months, because I'm filtering him out. The only time it fails is when he changes the originating address, which is infrequent. So stop whining and do it yourself. Hushmail won't let you do it ? Tough shit. You need a better service.
RE: layered deception
Declan McCullagh [EMAIL PROTECTED] wrote: Right, in most circumstances you're not required to keep logs. But there are some cases, albeit a fairly narrow subset, in which you'd want to have log files that are available to you but not an adversary using legal process. -Declan Which would/could get you charged with obstruction of justice/contempt/conspiracy etc, etc. You can protect your log files safely enough by not having any- But protecting your real ASSets is a bit more difficult. Regards, Matt- ** Subscribe to Freematt's Alerts: Pro-Individual Rights Issues Send a blank message to: [EMAIL PROTECTED] with the words subscribe FA on the subject line. List is private and moderated (7-30 messages per week) Matthew Gaylor, 2175 Bayfield Drive, Columbus, OH 43229 (614) 313-5722 ICQ: 106212065 Archived at http://groups.yahoo.com/group/fa/ **
RE: layered deception
Right, in most circumstances you're not required to keep logs. But there are some cases, albeit a fairly narrow subset, in which you'd want to have log files that are available to you but not an adversary using legal process. -Declan At 01:15 AM 4/29/01 -0400, Phillip H. Zakas wrote: there is no requirement for maintaining log files (unless specifically directed otherwise.) log files contain either marketing value or sysadmin value -- in both cases specific ip addr info isn't necessary to maintain that value (except in case of anomalous activity). one could collect info without identifying information. same principle applies to e-mail. once mail is deleted from a pop or imap or whatever server, there is no requirement to keep the backup tapes of e-mail. in fact the larger isps no longer keep deleted e-mail...they maintain only e-mail headers for up to six months. smaller isps should follow in these steps (though i'd argue you shouldn't even keep header info.) don't save it if you don't really truly need it. phillip -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Declan McCullagh Sent: Saturday, April 28, 2001 11:46 PM To: Anonymous Cc: [EMAIL PROTECTED] Subject: Re: layered deception I rather like the idea of encrypting the logs on the fly and shipping them offshore. Your offshore partner will be instructed to turn over the logs only if you are not asking for them under duress. (A reasonable protocol can probably be worked out. Would a court order instruct you to lie? If so, would it be valid?) -Declan On Sat, Apr 28, 2001 at 03:45:38PM -0600, Anonymous wrote: In view of the recent gimme-the-logs-or-we-fuck-you activities of armed men (http://www.indymedia.org/front.php3?article_id=36912group=webcast , http://seattle.indymedia.org/display.php3?article_id=3013 ) what would be the legal consequence of the following: 1. A virus is designed that spreads itself in some standard way and that deletes log files of popular http server implementations. 2. Files are deleted when virus receives a packet on a known port. 3. Detection of virus requires more than average admin can do. So when logs are requested an outside 3rd party can maliciously remove logs. The first several ISPs to contract this virus will probably get fucked, but by then it should become obvious that the ISP cannot effectively control the virus.
RE: layered deception
I think Matt is a bit too quick to conclude a court will charge the operator with contempt and that the contempt charge will stick on appeal. Obviously judges have a lot of discretion, but it doesn't seem to me like the question is such a clear one if a system is set up in the proper cypherpunkish manner. -Declan At 01:04 PM 4/29/01 -0400, Matthew Gaylor wrote: Declan McCullagh [EMAIL PROTECTED] wrote: Right, in most circumstances you're not required to keep logs. But there are some cases, albeit a fairly narrow subset, in which you'd want to have log files that are available to you but not an adversary using legal process. -Declan Which would/could get you charged with obstruction of justice/contempt/conspiracy etc, etc. You can protect your log files safely enough by not having any- But protecting your real ASSets is a bit more difficult. Regards, Matt- ** Subscribe to Freematt's Alerts: Pro-Individual Rights Issues Send a blank message to: [EMAIL PROTECTED] with the words subscribe FA on the subject line. List is private and moderated (7-30 messages per week) Matthew Gaylor, 2175 Bayfield Drive, Columbus, OH 43229 (614) 313-5722 ICQ: 106212065 Archived at http://groups.yahoo.com/group/fa/ **
RE: layered deception
At 01:04 PM 4/29/2001 -0400, Matthew Gaylor wrote: Declan McCullagh [EMAIL PROTECTED] wrote: Right, in most circumstances you're not required to keep logs. But there are some cases, albeit a fairly narrow subset, in which you'd want to have log files that are available to you but not an adversary using legal process. -Declan Which would/could get you charged with obstruction of justice/contempt/conspiracy etc, etc. You can protect your log files safely enough by not having any- But protecting your real ASSets is a bit more difficult. Almost anything the court does not like can get you so charged. So what else is new? Still, if the information or principle is sufficiently important you will eventually be released (if you are even held). steve
