From: fergp@sytex.com (Paul Ferguson)
Date: Tue, 25 May 93 20:47:08 PDT
To: jim@sytex.com
Subject: Just the facts, ma'am.
Message-ID: <9qX54B2w165w@sytex.com>
MIME-Version: 1.0
Content-Type: text/plain


Okay, folks. Let's bring this into focus.
 
I don't like unfounded allegations, especially when they are involving
my own communications providers, but let's let the truth be known. I'd
like to summarize to the list several trains of thought and track this
down to a reliable source. If, in fact, a UUNet operator/provider has,
indeed, stated that this has been common practice, I think that it may
behoove them to own-up to these allegations. Before I do confront the
UUNet staff, however, I must get the allegations correct, and I
therefore rely on you crypto-rebels to provide them for me. Please.
 
In my original message I stated:
 
>From: uunet!sytex.com!fergp (Paul Ferguson)
 Message-Id: <VgH54B1w165w@sytex.com>
 Date: Tue, 25 May 93 16:30:06 EDT
 Organization: Sytex Communications, Inc
 
 On Tue, 25 May 1993 14:56:48 -0400,
  andrew m. boardman <uunet!cs.columbia.edu!amb> wrote -
 
 > Food for thought: that, at least as of recently, the NSA bought
 > weekly dumps of all usenet articles on tape.  I highly doubt they
 > were for their reading pleasure...
 
  Is this hearsay, innuendo or fact? If fact, what can you site as
  reference to support your statement? If you know this to be fact,
  please cite your references and provide as much detail as possible.
 
  Cheers.
 
- --
 
In subsequent posts, we received these replies. (I'd like to have
additional affidavits, if necessary. If you do not care to get
involved, fine. If you care, please re-affirm.)
 
 From:
 
 > Date: Tue, 25 May 1993 17:11:22 -0400
 > From: Marc Horowitz <uunet!GZA.COM!marc>
 
  >>  Is this hearsay, innuendo or fact? If fact, what can you site as
  >>  reference to support your statement? If you know this to be fact,
  >>  please cite your references and provide as much detail as possible.
 
 > Rick Adams of UUNET confirmed on the com-priv list that his
 > organization had been selling the FBI a usenet feed on tape.  I could
 > find the exact reference if you want.  I don't know for sure that the
 > NSA has a feed, or from whom, but it wouldn't surprise me.
 
I would like. Specifically, an e-mail address other than "postmaster."
 
The point is this, Marc: Those of us who subscribe to UUNet through
third party services have no idea that our communications may be
recorded or archived for intelligence purposes (I know, but that's
beside the point). If UUNet _is_ doing this without a broad policy
statement, then I think a change is in order.
 
Also, (and I do not implicitly imply that UUNet is responsible), I've
had some very interesting problems passing encrypted traffic. For some
strange reason, it just disappears. Fancy that. Should I question
that? You bet. And I shall. I, and my comm provider, pays in good
faith for our Internet services. We are protected under Law, and as
far I know, UUNet does not expressly forbid encrypted _private_
communications. But, it happens. They just disappear sometimes. Go
figure.
 
 > However, the obvious next point is, so what?  It's a public system.
 > Any idiot can pay $20/month and get a public access account.  If you
 > say something in a news post which you wouldn't want the FBI or NSA or
 > whoever to see, you're the person who has done something stupid.
 
I beg your pardon. Since when does stupidity become a prerequisite for
privacy rights violations? I'm not talking about Usenet or List posts,
Marc, but private e-mail.
 
 > Tapping a news feed isn't like tapping a phone line.  It's more like
 > turning on the television.
 
Of course it is. This is not an issue.
 
 > Date: Tue, 25 May 1993 17:26:58 -0400
 > From: andrew m. boardman <uunet!cs.columbia.edu!amb>
 
 > This was based on a verbal conversation at Interop with someone from
 > uunet, from whom the tapes are purchased.  I or they could be
 > mis[led|informed|remembering], but if you really care, ask uunet.
 
Thank you for your insights. I will ask UUNet, but I'm beginning to
wonder if other local comm providers practice the same deceptions.
Does anyone have any experiences with digex.com that they would like
to share?
 
If so, it would aid in our attempts to bring these unknown anomalies
to light. I don't like spending money to have my private e-mail
compromised.
 
 > Date: Tue, 25 May 93 18:28:31 EDT
 > From: Matt Blaze <uunet!crypto.com!mab>
 
 > Actually, the most alarming revelation here could be that someone at
 > uunet is going around casually disclosing information about their
 > customers.
 
Actually, I find this possibility both extremely disturbing, yet
possible. I don't wish that this what we will find out; I hope that
legal inquiries will not be necessary. However, if information
concerning these topics is not divulged voluntarily, then we must take
legal action to bring this to the surface.
 
 > Most communications companies, especially those that seek to be
 > regarded as "common carriers", make quite clear to their employees
 > that customer data are among their most proprietary and that
 > revealing any of it is grounds for lightning-speed dismissal.
 > (Obviously, they reveal data that they SELL about their customers,
 > and will disclose anything on a court order, but that's not
 > what we're talking about here).
 
Indeed, we are not speaking of the dissemination of USENet or List
information, but rather private e-mail.
 
 
 > Date: Tue, 25 May 1993 19:13:37 -0400
 > From: andrew m. boardman <uunet!cs.columbia.edu!amb>
 
> Having just spoken to someone who contracts at the NSA (and no,
> this name I will not post), he does not believe they get such a
> beast, although, as many people have pointed out, the FBI did.
> That, then, would be the origin of that, along with some TLA
> confusion.
 
I'd have to be presented with factual documentation to actually
believe that.
 
 > A lot of people perceive the government as having neither a right
 > nor a need to privacy.  Certainly there are also quite a few who
 > label themselves "privacy advocates" whose standards do a 180
 > when the privacy involved is that of the likes of Mykotronx...
 
Funny how that works, huh? The dumpster divers band together when t
comes to stuff like that, from what I'm told.
 
Cheers

Paul Ferguson               |  The future is now.
Network Integrator          |  History will tell the tale;
Centreville, Virginia USA   |  We must endure and struggle
fergp@sytex.com             |  to shape it.
 
          Stop the Wiretap (Clipper/Capstone) Chip.