Re: [OT] Online privacy, police to have free access to IP addresses
On Mon, Aug 20, 2007 at 08:53:11PM +0300, Oleg Goldshmidt wrote: I was going to stay out of the discussion, but I think you mean me, Geoff, right? Yes. If so, we were not such bad guys - we didn't mine the contents, nor were we actually interested in the values of any packet header fields. The purpose of the product was to distinguish between different types of traffic (e.g., between D?DoS and legitimate traffic) in real time, and differentiation was all that mattered. True, but that does not mean the technology could not be expanded. Considering that a 300mHz PII was a hot machine in those days, and now you can get a quad processor each 10 times that fast for under $1,000 or a CELL type processor on a video game console, it could really be done a lot better. We got out starting capital after the bubble had burst and their bankruptcy was, as far as I can tell, due to other reasons. Ok, I was being polite. :-) Certainly not us - the principals. We are all into other things now... Over the last 5 years we got quite a few calls (including from the now recovered VC) saying there is real need for the technology, where are you? - Elsewhere. Yes, that happens all the time. One of the reasons my company failed was our lawyer told us all to go out and get day jobs instead of selling some stock. Startups are like most relationships, once you split up, you never get back together. :-( I don't know if you applied for patents for the technology, but if you did and due to the lack of funding abandoned the applications, or did not pursue U.S. provisionals, it's public domain. If it stayed a trade secret, or someone was able to carry on and get patents, then they may still be worth a lot of money to the right buyer. Now, since Geoff invited me to the discussion on the topic in question... We all routinely use encryption in many situations: cell phones, ssh to remote hosts, secure web connections from Amazon to banks, you name it. So far I have had no run-ins with government agencies because of that. No, luckily things have lightened up on that. I remember when it was illegal to export DES code from the U.S. Many software companies added it to force a legal way of preventing people selling their programs outside the U.S. To keep it on the FOSS topic, a programmer in Australia wrote a version of it and submitted to DECUS (the DEC user's group). They put it on a contributed software CD, published in the U.S. It could not be legally exported although the code was originally not from the U.S. Many people on this list remember the DECSS code T-shirts and song. :-) If I understand the article linked to by the OP, the proposed law does not authorize continuous data mining of everybody's communications. From the article, it looks to me that if the law is passed it will be much easier for the police to find out who the wiretapped suspect was talking to or sent an email (possibly encrypted) to at a specific time. For that, they want a reverse map of phone numbers (IP addresses, etc.) to names/IDs/addresses that can be easily queried without a court order. I don't know how well that would fly. Since most ISP's use dynamic addressing, a database is only good for a few minutes at most. It would have to have both data records and a time-stamp. This is, in principle, worrying. I assume that today if the police wiretap someone's Internet connection then to see who got the email sent at 20:47 on 2007/08/20 they will have to go to an ISP who, I hope, will want to see a court order. I doubt that. I expect that if the police called one of the big ISP's (are there any small ones left?) and said we tracked an Al-Quieda terrorist to this IP address, the ISP would jump at the chance to help. Even more so if they said it was a Hamas terrorist in the process of preparing an attack. If anyone of us calls an ISP and complains about break-in attempts, spam, or whatever from am IP address the ISP may take action against the owner, but they won't tell you who it is. With this new law, at least the police won't have to ask ISP for the info. Is that good or bad? The current system stops random piscene searches (fishing expeditions), but nothing else. I'm sure the person who claimed on this list that the government is monitoring his emails is on some watch list already and something beeps when he sends an email in this country, etc. I don't like it, personally. Besides potential abuse by government agencies random people can draw attention if anyone, including criminals, decide to subvert the system. E.g., if you suspect that your email may be intercepted, encrypt every email and send it to N different IP addresses. It will only be decrypted by the intended recipient who has the key, but if the police decide to check who it was sent to they will be either swamped or start investigating innocents, depending on N. Or send the email to a permissive mailing list or newsgroup that
Re: [OT] Online privacy, police to have free access to IP addresses
On 23/08/07, Geoffrey S. Mendelson [EMAIL PROTECTED] wrote: Let's face it, if I picked a go code of buy (some number) of (drug name) at (some price) from our supplier in (country name) no one would take a second notice. The numbers could be times, dates, or addresses, the drug names represent a location, and the country a method. But you have to be smart of what analogies you use - there were these drug dealers who just substituted shirts for Hashish shoes, the police convicted them based on an intercepted message talking about two and a half shirts :) (yes, the Israeli police, as much as it's hard to believe). --Amos
Re: [OT] Online privacy, police to have free access to IP addresses
On Mon, Aug 20, 2007, Gadi Cohen wrote about Re: [OT] Online privacy, police to have free access to IP addresses: Exactly, but that's just the point... in any sane democracy there are structures in place to prevent such abuses taking place. Like before I gave my example of police needing to obtain a search warrant before they can break into someone's house, they need to prove that such action is necessary to someone other than themselves, and be able to back up their claim. If that wasn't the case, do you not think the ability to search people's houses would be abused? Such power needs to be monitored; its a matter of protecting our society from human nature. This is getting more and more off-topic, but I'll bite... I don't disagree with you, but I'm trying to explain why the opposite view is not the view of the devil, but simply a different (even if wrong) view. You say that in order to prevent police from abusing their power, they should have to get a-priori (before the fact) approval for searches they conduct. This makes sense, and is indeed how we grew up to think, and as I said this sort of thinking is especially strong in the US, with their fourth amendment. However, look at the other powers the police have, which are far more serious than searching of evesdropping. The police have guns, and can shoot you, for example. Before a policeman shoots you, does he need to get written authorization from a judge? No, of course not. But he knows that *after* the fact, he will be judged, and if he abused his power, he's going to jail for a long time. Similarly, it is not inconcievable to imagine a state where Internet evesdropping is legal for the police, but a policeman knows that if he's ever caught doing it for any other reason but his official work, he'll go to jail. This doesn't make this a totalitarian state, if the police, judicial system, and the government, are still three separate entities which don't cover each other's asses. P.S. Looking at American history is always interesting for putting the relative importance of rights into perspective. As late as 1860, Americans considered sacred the need for a judge to sign on searches before they happen (the 4th amendment) and considered holy the right to own a weapon (the 2nd amendment); But at the same time, they also allowed slavery, forbidden married women from signing contracts or owning property, and forbidden both women and slaves from voting. It's not hard to get the feeling that something was terribly screwed up in this value system. -- Nadav Har'El|Tuesday, Aug 21 2007, 7 Elul 5767 [EMAIL PROTECTED] |- Phone +972-523-790466, ICQ 13349191 |Long periods of drought are always http://nadav.harel.org.il |followed by rain. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Online privacy, police to have free access to IP addresses
Nadav Har'El wrote: However, look at the other powers the police have, which are far more serious than searching of evesdropping. The police have guns, and can shoot you, for example. Before a policeman shoots you, does he need to get written authorization from a judge? No, of course not. But he knows that *after* the fact, he will be judged, and if he abused his power, he's going to jail for a long time. Yes, that is a valid argument. The main difference is, of course, that if a policeman shoots someone, the chances of no one related to the victim noticing are extremely small. Questions such as whether people are believed, whether the policeman can still walk even if he abuses power etc. are all good questions, but they are nullified by the major problem - with evesdropping, the chance of the police getting into any kind of trouble from which he will have to wriggle free are close to nill. So, the above law could be improved by saying, for example, that anyone whose records are pulled will have to be notified (preferably by an automatic system) as soon as the investigation can allow it, but never later than a month after the information was pulled (unless a judge thinks further secrecy is still needed). Put that into the automatic system that does the evesdropping (and make sure that only someone from the judiciary system has the technical permissions to extend the one month expiry), and I think you may actually get a net improvement over the situation as it is today. Shachar = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Online privacy, police to have free access to IP addresses
On 21/08/07, Shachar Shemesh [EMAIL PROTECTED] wrote: So, the above law could be improved by saying, for example, that anyone whose records are pulled will have to be notified (preferably by an automatic system) as soon as the investigation can allow it, but never later than a month after the information was pulled (unless a judge thinks further secrecy is still needed). Put that into the automatic system that does the evesdropping (and make sure that only someone from the judiciary system has the technical permissions to extend the one month expiry), and I think you may actually get a net improvement over the situation as it is today. I like the technical solution. Good luck getting *this* through the Knesset, thought...:^) --Amos
Re: [OT] Online privacy, police to have free access to IP addresses
The following movie of the day is pertinent to the discussion, and is even a bit on-topic (there is a penguin, if you look carefully!): http://wolfgang.lonien.de/?p=386 -- In civilized societies, captions are as important in movies as soundtracks, professional photography and expert editing. My own blog is at http://www.zak.co.il/tddpirate/ My opinions, as expressed in this E-mail message, are mine alone. They do not represent the official policy of any organization with which I may be affiliated in any way. WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Online privacy, police to have free access to IP addresses
On Mon, Aug 20, 2007 at 02:22:51AM +0200, Moshe Leibovitch wrote: I'm wonder if the Israeli law allows you to encrypt your communications over public channels. I wouldn't shock me to find out the even this discussion is illegal :) There was a law that permitted encryption by private parties only if you declared your intention to encrypt to a specific government agency with enough notice (actual time specified, but I don't remember it), for them to refuse you permission. The law was changed or dropped when WiFi was really allowed here (November 2003). Until that time it was limited to 1 or two channels without encryption. I remember at that time trying to download the Linux drivers for a 3Com WiFi USB dongle and being redirected to a page saying that 3Com would not not allow me to download the drivers as they contained encryption and it was illegal in my country. A few months later they changed their code and fixed it. Note that the dongle, complete with a Windows driver CD, was sold to me legally by the Bug Shoppe. I am not sure, but I think that the change to the law also allows https connections. I wonder how many people who panic at the FUD* accompanying the bill use a web based email service such as GMAIL or HOTMAIL or YAHOOMAIL where they routinely scan your email and data mine it. Of course your definition of what data mining yields may be very different than mine, see the Simpson's movie. :-) It's not just data mining email, one of the people on this list, and I won't name them if they wish to remain out of the discussion, around 4 years ago worked for a startup that almost produced a product that data mined real time communicaitons. The company failed before releasing their product beacuse the vulture capital fund beind them failed when the bubble burst, but by now either the prinicpals behind the company or someone else has probably produced a similar product. Geoff. * As the old saying goes, just because you are paranoid does not mean that they are not out to get you. -- Geoffrey S. Mendelson, Jerusalem, Israel [EMAIL PROTECTED] N3OWJ/4X1GM IL Voice: (07)-7424-1667 U.S. Voice: 1-215-821-1838 Visit my 'blog at http://geoffstechno.livejournal.com/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Online privacy, police to have free access to IP addresses
Nadav Har'El wrote: It doesn't make us a totalitarian state, unless the police actually (ab)uses this power, and so far, I don't think that it actually does. Exactly, but that's just the point... in any sane democracy there are structures in place to prevent such abuses taking place. Like before I gave my example of police needing to obtain a search warrant before they can break into someone's house, they need to prove that such action is necessary to someone other than themselves, and be able to back up their claim. If that wasn't the case, do you not think the ability to search people's houses would be abused? Such power needs to be monitored; its a matter of protecting our society from human nature. So, with the new law, I don't think suddenly all our rights are going to be abused... but I can see the police using this new system more and more often, each time with less and less hard reason... until such use is common place and unmonitored (unmonitored within the police, that is... seeing as they are already right now getting rid of any higher power to check up on them). And I think that process, no matter how many years it will take, will lead to a totalitarian system, and that's why I think no other democracy in the entire world is allowing such a thing. Moshe Leibovitch wrote: I'm wonder if the Israeli law allows you to encrypt your communications over public channels. I wouldn't shock me to find out the even this discussion is illegal :) Yes, discussing such policies could indeed be dangerous, especially since there is enough information in a typical email message received from this list to - with the new system in place - get your full name, address and every other detail about you. Actually by subscribing to this list and writing a simple script and letting it run for a month or so, you could have everyone's full details ready and waiting to arrest this cell which could threaten the police's reputation (and could be arrested for an illegal discussion). Yes, an extreme and hypothetical example, and I think very unlikely, but still *possible* - and that should worry you :) [EMAIL PROTECTED] wrote: In addition, stop using your ISP's email, use either GMAIL or HOTMAIL or whatever you like. As YBA suggested, encrypt email. Use steganography. Use pigeons. Any webmail = good. Whatever you like = bad. Don't forget on usual SMTP communications, the mail server will record the sender IP address and time the email was received from it. That's enough info with the new law to get your full name, address, etc. With webmail, the webserver connects to the mail server and so the recorded address is 'localhost'... I wouldn't use webmail in Israel though :) Don't forget you'll need to use a proxy server outside of Israel for any website in Israel which records your IP address, and any website in the world which could display your IP address (e.g. a wiki if aren't registered, or forget to log in.. big mistake :)). Network security is nothing new for me, I can't imagine too many major changes to my regular routine... it will just be a shit feeling thinking that the people I'm now protecting myself against are the people who are meant to be protecting me! Gadi -- Gadi Cohen aka Kinslayer [EMAIL PROTECTED] www.wastelands.net Freelance admin/coding/design HABONIM DROR linux/fantasy enthusiast KeyID 0x93F26EF5: 256A 1FC7 AA2B 6A8F 1D9B 6A5A 4403 F34B 93F2 6EF5 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Online privacy, police to have free access to IP addresses
slightly less [OT] - read to the end. On Mon, 2007-08-20 at 02:22 +0200, Moshe Leibovitch wrote: I'm wonder if the Israeli law allows you to encrypt your communications over public channels. I wouldn't shock me to find out the even this discussion is illegal :) Some relevant links: http://www.mod.gov.il/pages/encryption/tzofen.asp http://www.law.co.il/showarticles.php?d=harticle=58 http://www.law.co.il/showarticles.php?d=harticle=132 http://www.law.co.il/showarticles.php?d=harticle=133 http://www.law.co.il/showarticles.php?d=harticle=134 List of encryption means that can be legally (ab)used by the public without the need for a specific license: http://www.mod.gov.il/pages/encryption/docs/Free-means.xls (Microsoft Excel format) Note that this list contains specific products (including stuff I wasn't aware had encryption in it), and - as much as I can see - doesn't include any open source software. Note that it can be argued that any open source software by its nature cannot be declared a free encryption mean according to its definition in the encryption law (see: http://www.mod.gov.il/encryption/#6 ) as it can be modified and combined, so any open source software has to be relicensed per version or compilation or something. -- Oded = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Online privacy, police to have free access to IP addresses
Geoffrey S. Mendelson [EMAIL PROTECTED] writes: It's not just data mining email, one of the people on this list, and I won't name them if they wish to remain out of the discussion, around 4 years ago worked for a startup that almost produced a product that data mined real time communicaitons. I was going to stay out of the discussion, but I think you mean me, Geoff, right? If so, we were not such bad guys - we didn't mine the contents, nor were we actually interested in the values of any packet header fields. The purpose of the product was to distinguish between different types of traffic (e.g., between D?DoS and legitimate traffic) in real time, and differentiation was all that mattered. The company failed before releasing their product beacuse the vulture capital fund beind them failed when the bubble burst, We got out starting capital after the bubble had burst and their bankruptcy was, as far as I can tell, due to other reasons. but by now either the prinicpals behind the company or someone else has probably produced a similar product. Certainly not us - the principals. We are all into other things now... Over the last 5 years we got quite a few calls (including from the now recovered VC) saying there is real need for the technology, where are you? - Elsewhere. Now, since Geoff invited me to the discussion on the topic in question... We all routinely use encryption in many situations: cell phones, ssh to remote hosts, secure web connections from Amazon to banks, you name it. So far I have had no run-ins with government agencies because of that. If I understand the article linked to by the OP, the proposed law does not authorize continuous data mining of everybody's communications. From the article, it looks to me that if the law is passed it will be much easier for the police to find out who the wiretapped suspect was talking to or sent an email (possibly encrypted) to at a specific time. For that, they want a reverse map of phone numbers (IP addresses, etc.) to names/IDs/addresses that can be easily queried without a court order. This is, in principle, worrying. I assume that today if the police wiretap someone's internet connection then to see who got the email sent at 20:47 on 2007/08/20 they will have to go to an ISP who, I hope, will want to see a court order. If anyone of us calls an ISP and complains about break-in attempts, spam, or whatever from am IP address the ISP may take action against the owner, but they won't tell you who it is. With this new law, at least the police won't have to ask ISP for the info. I don't like it, personally. Besides potential abuse by government agencies random people can draw attention if anyone, including criminals, decide to subvert the system. E.g., if you suspect that your email may be intercepted, encrypt every email and send it to N different IP addresses. It will only be decrypted by the intended recipient who has the key, but if the police decide to check who it was sent to they will be either swamped or start investigating innocents, depending on N. Or send the email to a permissive mailing list or newsgroup that won't ban you as quickly as linux-il moderators. Or get really inventive in some other way. Come to think of it, I don't know if our AI technology Geoff alluded to would be of any help to the police differentiating real recipients from bogus ones... Unfortunately, I suspect that our lawmakers don't get sufficient information or feedback from people who both understand the technical side of things and are sufficiently concerned about privacy. A couple of months ago I was invited to a session of the Science Committee of the Knesset. The topic was totally different, but there was only one person, representing an NGO, who asked the (sole) MK for guidance on related privacy issues. The overwhelming majority of the participants were shamelessly touting their products many of which subverted privacy in various ways. If this law has been discussed at a Knesset Committee I expect that the discussion was totally dominated by sales reps offering to build the DB in the best possible way. Oh, maybe I should go to the Knesset and offer our AI technology to support the proposed legislation?... -- Oleg Goldshmidt | [EMAIL PROTECTED] | http://www.goldshmidt.org = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Online privacy, police to have free access to IP addresses
On Mon, 20 Aug 2007 18:59:17 Oded Arbel wrote: slightly less [OT] - read to the end. On Mon, 2007-08-20 at 02:22 +0200, Moshe Leibovitch wrote: I'm wonder if the Israeli law allows you to encrypt your communications over public channels. I wouldn't shock me to find out the even this discussion is illegal :) Some relevant links: http://www.mod.gov.il/pages/encryption/tzofen.asp http://www.law.co.il/showarticles.php?d=harticle=58 http://www.law.co.il/showarticles.php?d=harticle=132 http://www.law.co.il/showarticles.php?d=harticle=133 http://www.law.co.il/showarticles.php?d=harticle=134 List of encryption means that can be legally (ab)used by the public without the need for a specific license: http://www.mod.gov.il/pages/encryption/docs/Free-means.xls (Microsoft Excel format) Note that this list contains specific products (including stuff I wasn't aware had encryption in it), and - as much as I can see - doesn't include any open source software. Note that it can be argued that any open source software by its nature cannot be declared a free encryption mean according to its definition in the encryption law (see: http://www.mod.gov.il/encryption/#6 ) as it can be modified and combined, so any open source software has to be relicensed per version or compilation or something. I have an (official ?) email from the IMOD Encryption Control Director that exempt any individual or company that uses e-mail encryption for its own needs, as long as the user or company is not in encryption business. Ehud. -- - Yoram Cohen e-mail - -- From: Yoram Cohen - IMOD Encryption Control Director [EMAIL PROTECTED] To: Ehud Karni [EMAIL PROTECTED] Cc: Gil Mor - IMOD [EMAIL PROTECTED] References: [EMAIL PROTECTED] X-Received-Date: 19:13:27 16/07/06 +0300 (on sw-gib) Subject: Re: Use of PGP and GnuPG for mail encryption Date: Sun, 16 Jul 2006 18:11:28 +0200 MIME-Version: 1.0 ,שלום אהוד .בהמשך לשיחתנו הטלפוני מהיום ולשאלתך בנושא שימוש באמצעי הצפנה .ללא קשר למוצר או לתקן הצפנה מסויים .מדיניות משרד הביטחון הינה שניתן לעשות שימוש באמצעי הצפנה לצורך הגנה על מידע של אדם פרטי או חברה, כל זמן שמדובר בשימוש עצמי .שימוש עצמי משמעותו שימוש באמצעי ההצפנה לצרכים פנימיים של חברה ועובדיה או לשימש אישי בלבד של אדם פרטי .כל זמן שאלו (החברה או האדם הפרטי) אינם מפתחים, מוכרים, מפיצים, או עוסקים ביצוא מסחרי של אמצעי הצפנה - לא נדרש לכך רשיון עיסוק בהצפנה http://www.mod.gov.il/encryption/hakdama.asp :במדיניות הפיקוח תוכל לעיין באתר http://www.mod.gov.il/encryption/rishuy.asp :ספציפית שימוש עצמי .לעיתים התרחיש הטכנולוגי אינו חד משמעי ולא ברור לחברה האם הינו נופל בגדר שימוש עצמי או שדרוש רשיון לפעילות לכן אנו ממליצים לפנות בכל שאלה בנושא או ספק למשרדנו ,בברכה יורם -- Yoram Cohen Encryption Control Director - Ministry of Defense - Israel Department of Defense Export Controls D.D.E.C 6977499 - 3 - 972 Tel: 972 - 3 - 6977458 Fax: http://www.mod.gov.il/encryption/ mailto: [EMAIL PROTECTED] Mail: P.O.B 7093, Hakirya, Tel-Aviv 61070 Israel -- - Original Message - From: Ehud Karni To: יורם כהן Sent: Sunday, July 16, 2006 4:22 PM Subject: Use of PGP and GnuPG for mail encryption ,שלום יורם .ראשית, תודה על תשובתך המהירה לפנייתי הטלפונית להצפנה (GnuPG או) PGP-הייתי רוצה לקבל ממך אשור (כפי שמסרת לי בטלפון) ששימוש ב .של דואר מותרת על פי צו ההצפנה ואינה מצריכה אשור מיוחד .כיון שאני יועץ לחברות שונות אבקש במיוחד התיחסות האם אשור זה חל גם לגבי חברות מסחריות הבעיה לוחצת מאוד כיון שהחברות בהן מדובר מעבירות נתונים פיננסים לגבי עובדיהן (נתונים המוגנים על פי חוק הפרטיות). כמו כן קיימת דרישת סודיות עי רואי החשבון בעיקר בגלל תנאי סרביאנס-אוקסלי .הנכפים עלינו ,בכבוד רב ,אהוד קרני מומחה ויועץ למערכות יוניקס -- Ehud Karni Tel: +972-3-7966-561 /\ Mivtach - Simon Fax: +972-3-7966-667 \ / ASCII Ribbon Campaign Insurance agencies (USA) voice mail and X Against HTML Mail http://www.mvs.co.il FAX: 1-815-5509341 / \ GnuPG: 98EA398D http://www.keyserver.net/Better Safe Than Sorry To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Online privacy, police to have free access to IP addresses
On Mon, 2007-08-20 at 22:17 +0300, Ehud Karni wrote: I have an (official ?) email from the IMOD Encryption Control Director that exempt any individual or company that uses e-mail encryption for its own needs, as long as the user or company is not in encryption business. This is very interesting. Not that I doubt the sincerity of the official from the ministry of defense, but this email - to the best of my understanding - does not exempt two very common uses of open source encryption technology: * A consultant (such as yourself) that in a commercial setting helps another company is setting up encryption based on open source software (which is not explicitly allowed in the list of allowed means). This falls under מוכרים. * Anyone that hosts a mirror of open source software collection, some of it uses encryption (like any Linux distribution). This looks to me to fall under the מפיצים clause in the original email. As a consultant I find it troubling that by choosing open source software over commercial software for setting up basic services for customers (such as encrypted e-mail, backup and/or remote access) I can find myself in danger of being in violation of the encryption law. -- Oded To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
[OT] Online privacy, police to have free access to IP addresses
http://www.haaretz.com/hasen/spages/894512.html In short: There is a law presently being passed that will give the police free access to all phone numbers, IP addresses, etc, creating the largest such database for police use in the entire Western World (i.e. Israel will set a new precedent for what is allowable in a democracy, using totalitarian policies as inspiration). This really worries me. Not that I am a terrorist or criminal warlord who is worried in a disruption of my activities, but in that I consider it a major invasion of my privacy and a very bad direction for Israel to go in. I am therefore writing for two reasons: 1) To make you know about this proposed law. 2) To find out what we do to prevent it (assuming others are as troubled as I am). In my mind, there are very good reasons why in democracies, the police need to obtain a warrant or court order for sensitive information. Privacy is a basic liberty which needs to be protected. Not only that, such a system is bound to be abused, at first a little until such abuse is common place. All in all, a very downward spiral for the State. Other thoughts are of course welcome. Gadi -- Gadi Cohen aka Kinslayer [EMAIL PROTECTED] www.wastelands.net Freelance admin/coding/design HABONIM DROR linux/fantasy enthusiast KeyID 0x93F26EF5: 256A 1FC7 AA2B 6A8F 1D9B 6A5A 4403 F34B 93F2 6EF5
Re: [OT] Online privacy, police to have free access to IP addresses
On Sun, 19 Aug 2007, Gadi Cohen wrote: Date: Sun, 19 Aug 2007 12:03:09 +0300 From: Gadi Cohen [EMAIL PROTECTED] To: IGLU Mailing list linux-il@cs.huji.ac.il Subject: [OT] Online privacy, police to have free access to IP addresses http://www.haaretz.com/hasen/spages/894512.html In short: There is a law presently being passed that will give the police free access to all phone numbers, IP addresses, etc, creating the largest such database for police use in the entire Western World (i.e. Israel will set a new precedent for what is allowable in a democracy, using totalitarian policies as inspiration). This really worries me. Not that I am a terrorist or criminal warlord who is worried in a disruption of my activities, but in that I consider it a major invasion of my privacy and a very bad direction for Israel to go in. I am therefore writing for two reasons: 1) To make you know about this proposed law. Thanks, already read about it in Haaretz like most folks on this list. 2) To find out what we do to prevent it (assuming others are as troubled as I am). To prevent the law, probably nothing. To subvert it - anonimyzers, encrypted file systems and and encrypted email. In my mind, there are very good reasons why in democracies, the police need to obtain a warrant or court order for sensitive information. Privacy is a basic liberty which needs to be protected. Not only that, such a system is bound to be abused, at first a little until such abuse is common place. All in all, a very downward spiral for the State. The stegonographic and encryption technologoes to subvert the law are already freely available open source. - yba Other thoughts are of course welcome. Gadi -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}ooO--U--Ooo{= - [EMAIL PROTECTED] - tel: +972.2.679.5364, http://www.tkos.co.il - = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Online privacy, police to have free access to IP addresses
In addition, stop using your ISP's email, use either GMAIL or HOTMAIL or whatever you like. As YBA suggested, encrypt email. Use steganography. Use pigeons. Smile at the camera, while you're at it. Marc = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Online privacy, police to have free access to IP addresses
[EMAIL PROTECTED] wrote: Use pigeons. Sorry, we've had all the pigeons wired last week. This change takes away the illusion of privacy you had nothing more. Gilad -- Gilad Ben-Yossef [EMAIL PROTECTED] Codefidence. A name you can trust(tm) http://www.codefidence.com Phone: +972.3.7515563 ext. 201 | Cellular: +972.52.8260388 SIP: [EMAIL PROTECTED] | Fax: +972.3.7515503 Lacking fins or tail the gefilte fish swims with great difficulty. -- A Jewish Haiku = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Online privacy, police to have free access to IP addresses
On Sun, 19 Aug 2007, Gadi Cohen wrote: In short: There is a law presently being passed that will give the police free access to all phone numbers, IP addresses, etc, creating the largest such database for police use in the entire Western World (i.e. Israel will set a new precedent for what is allowable in a democracy, using totalitarian policies as inspiration). It's been just over 225 years since the American War of Independence is over, And americans are just now starting to forget why the fourth amendment to their constitution ([1]) was needed. In Israel, we never understood it in the first place. [1] http://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution When you see your government (in the American case, the British government before the revolution) abuse their search rights and use them for unreasonable purposes, you understand why such an amendment is necessary. In Israel, we apparently have no such traumatic memories (we have far more traumatic memories from just before our independence, unfortunately), so people are far less opposed to giving the police more search power. It doesn't make us a totalitarian state, unless the police actually (ab)uses this power, and so far, I don't think that it actually does. -- Nadav Har'El| Sunday, Aug 19 2007, 5 Elul 5767 [EMAIL PROTECTED] |- Phone +972-523-790466, ICQ 13349191 |If a million Shakespeares tried to write http://nadav.harel.org.il |together, they would write like a monkey. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Online privacy, police to have free access to IP addresses
On 20/08/07, Nadav Har'El [EMAIL PROTECTED] wrote: far less opposed to giving the police more search power. It doesn't make us a totalitarian state, unless the police actually (ab)uses this power, and so far, I don't think that it actually does. There is also the issue of having all the information about you concentrated in one place, open for corrupt officials to give/sell away to anyone who wants to know this stuff about you. It's already mostly there with the Identification Number being a single join field on everything written about you - from your birth certificate through your school marks, your army records, your rental agreements, bank records, national insurance, any club membership your have etc. etc. As far as I followed the article, the new law is just going to make it even easier to track you. BTW - all this cryptography and stenography stuff is not the point - I suppose none of us in this forum are criminals that have anything to hide. But as law abiding citizens we are now even more exposed to criminals having more information about us - e.g. someone who gathers enough information about you can start pretending to be you and get credit cards on your name, or know that you are away from home for a period and break into it, knowing exactly what to look for because they also found your credit card or warranty records, etc. --Amos
Re: [OT] Online privacy, police to have free access to IP addresses
I'm wonder if the Israeli law allows you to encrypt your communications over public channels. I wouldn't shock me to find out the even this discussion is illegal :) On 20/08/2007 01:03, Amos Shapira wrote: On 20/08/07, *Nadav Har'El* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: far less opposed to giving the police more search power. It doesn't make us a totalitarian state, unless the police actually (ab)uses this power, and so far, I don't think that it actually does. There is also the issue of having all the information about you concentrated in one place, open for corrupt officials to give/sell away to anyone who wants to know this stuff about you. It's already mostly there with the Identification Number being a single join field on everything written about you - from your birth certificate through your school marks, your army records, your rental agreements, bank records, national insurance, any club membership your have etc. etc. As far as I followed the article, the new law is just going to make it even easier to track you. BTW - all this cryptography and stenography stuff is not the point - I suppose none of us in this forum are criminals that have anything to hide. But as law abiding citizens we are now even more exposed to criminals having more information about us - e.g. someone who gathers enough information about you can start pretending to be you and get credit cards on your name, or know that you are away from home for a period and break into it, knowing exactly what to look for because they also found your credit card or warranty records, etc. --Amos = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Online privacy, police to have free access to IP addresses
IANAL, but if I remember correctly, the answer is that it is not only forbidden to encrypt a message, it is even forbidden to modulate a message (i.e. change the signal), without due permission from the relevant ministry. In effect, by using such problematic and scurrilous items as voice mail systems, cellular phones and so forth, we all are risking being sent to the nach und nebel. M - Moshe Leibovitch [EMAIL PROTECTED] wrote: I'm wonder if the Israeli law allows you to encrypt your communications over public channels. I wouldn't shock me to find out the even this discussion is illegal :) On 20/08/2007 01:03, Amos Shapira wrote: On 20/08/07, *Nadav Har'El* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: far less opposed to giving the police more search power. It doesn't make us a totalitarian state, unless the police actually (ab)uses this power, and so far, I don't think that it actually does. There is also the issue of having all the information about you concentrated in one place, open for corrupt officials to give/sell away to anyone who wants to know this stuff about you. It's already mostly there with the Identification Number being a single join field on everything written about you - from your birth certificate through your school marks, your army records, your rental agreements, bank records, national insurance, any club membership your have etc. etc. As far as I followed the article, the new law is just going to make it even easier to track you. BTW - all this cryptography and stenography stuff is not the point - I suppose none of us in this forum are criminals that have anything to hide. But as law abiding citizens we are now even more exposed to criminals having more information about us - e.g. someone who gathers enough information about you can start pretending to be you and get credit cards on your name, or know that you are away from home for a period and break into it, knowing exactly what to look for because they also found your credit card or warranty records, etc. --Amos = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]