From: attila <attila@hun.org>
Date: Sun, 19 Jul 1998 12:29:13 -0700 (PDT)
To: John Young <jya@pipeline.com>
Subject: Re: Covert Access to Data and ID
In-Reply-To: <199807081547.LAA21623@camel14.mindspring.com>
Message-ID: <Pine.BSF.3.96.980719183027.2251C-100000@hun.org>
MIME-Version: 1.0
Content-Type: text/plain



    there is no such word as "can not" in terms of covert surveillance;
    however, if the method is to be universal, the gubmnt will need to

    1.  enforce drastic standardization of hardware systems if the 
	logging functions are to be effective. 

	    this might Intel rather happy and Intel is the type of
	    organization which would perform the function with glee,
  	    if they are not already developing it.  for instance,
	    I just installed a ATX-BX-AGP motherboard which consists
	    of a "few" VLSI support chips for the SLot 1 processor:
	    PCI, PCI to ISA, IDE, USB, and power management  (5 chips,
	    all Intel) plus adaptec SCSI and Intel's 100M ethernet.

	    it would be easy enough to embed the keystroke function
	    since the PC98 spec calls for total implementation of the
	    USB controlled.  

    2.  enforce drastic standardization of operating systems to support
	the hardware --which makes MickeySnot ideal in so much as they
	do not publish source code.

	    my question would be whether or not Gate$ was doing the
	    SIGINT or the government. embedding WIPO is a wet dream
	    on the part of the same publishers which are trying to
	    ram home the draconian M$ software license in the UCC
	    revisions up for vote in Cleveland later this month.

	    why M$?  they are almost universal.
 
	    I, for one, refuse to run _anything_ branded by
	    Gate$ encroaching sloth --never have, never will. I can see
	    the government trying to slip their code into freeBSD
	    distributions --welcome to the anarchists...  likewise,
	    Linux, netBSD, BSDI, etc. and, I would say the government's
	    interest is significantly more advanced for the known
	    dedicated hackers, operating systems tweakers, and other
	    assorted non-conformists who do not subscribe to M$.

	    bottom line is a proprietary OS --and getting everyone to
	    run it --good luck, other than by unenforcable fiat; there
	    will be ways to circumvent any clamp although the feds will
	    certainly thin our ranks.

    3.	provide some means of transparently piggy-backing the information
	(presumably in raw form) on the network.

	    again, the cooperation of the operating system is required;
	    not everyone is on line, and many connections are slow. if the
	    data collection is limited to keystokes only, the data require-
	    ment is relatively low, but the holding tank is still required.

	    the alternative is to short range transmit the information
	    and wire the neighborhoods with the receivers.  one of their
	    objective is to have everyone instantly "tappable".

    4.  establish data collection centers

	    60 million current net users --consider the data quantity

    5.  establish prescreen and select for analysis data processing

	    consider the intelligence required

    6.  analysis software

	    NSA may try to scan all international traffic in real time
	    with key word recognition, etc. but keystroke, including
	    dealing with editing, mistakes, corrections, etc, which
	    confuse the input?

    bottom line:  we aint there yet.  however, a van outside in the
    street can pick up the signals from hundreds of machines. 

	[  lost most of my recent files on a tape crash --there was 
	   a project at OxBridge which generated hash interferance 
           which made scanning rather difficult - more effective than
	   Tempest --can anyone refresh the pointer? ]

    there is no question the government expects intrusive technology. the
    burrow-critters are running on high-octane paranoia and they intend
    to preserve the status quo of governing without our consent.  their
    historical means of controlling the news is running out of headroom;
    the internet gossip lines are faster than their reaction times.

    I certainly would not want to say the feds could not initiate and/or
    enforce any or all of the above requirements, but there is a point
    where even the American sloths will rise up and start the process
    of creating martyrs for the cause.

    a more probable approach is to limit the desemination of information
    by "known" opponents of government actions (trivial by blocking their 
    network access once the control the ISPs; and 

    maybe a few high profile trials with lead jacket incarcerations to 
    scare off some of the less vociferous (dont say they cant jail us all).

    lastly, I look at it this way: for every measure, there is a counter-
    measure. if I can not determine the existence of SIGINT transmissions
    from my hardware/software, I'll be hanging up my spurs.  after all,
    listening to gubmnt propoganda in both ears is redundent, who needs it?

    	attila out...

   _________


On Wed, 8 Jul 1998, John Young wrote:

>Dave Emery's remarks on government access to
>keystrokes (proposed by the NYT as an alternative
>to GAK) points to the probable increase of intrusive
>devices to counter increasing use of encryption
>and other privacy and anonymity measures.
>
>This topic comes up here now and then, with
>mentions of a slew of methods to protect privacy of 
>data during transmission or storage. But the possibility
>of logging the initial creation or manipulation of data is
>not as often discussed, nor how to tie a person to
>the data, as now being asked in legal and law
>enforcement fora to identify, catch, convict and
>jail computer culprits.
>
>That the NYT floated the idea surely means someone
>is testing public response to an idea that seems to
>be more intrusive than GAK: the logging of initial
>data and any manipulation of it, prior to encrypting,
>and maybe including a means to link the actions to
>the user.
>
>If this is logging (and related retrieval) is done covertly, 
>encryption could thereby become a falsely reassuring 
>cloak of privacy.
>
>Dave thinks devices like these are surely in the works,
>and he can say more about their sponsors, technologies 
>and implementations.
>
>One driving force, as he previously noted, is the desire
>for devices to assure copyright protection, backed by the 
>WIPO treaty, which now being considered for approval. 
>See the House report on it at:
>
>   http://jya.com/hr105-551.txt  (141K)
>
>And the EFF and ACLU opposition to it:
>
>   hr2281-opp.htm
>
>Other forces, though, are employers who want to snoop,
>law enforcement, government, marketers, actually the
>same groups who dislike privacy protection measures,
>but often prefer to snoop covertly while loudly proclaiming
>support for privacy.
>
>Thus, the more general question Dave has raised is how
>widespread is the development and implementation of
>technolgies for covert surveillance on the Web and in 
>desktop boxes -- happily spreading quietly while attention 
>is focussed on the very encryption which it will circumvent?
>
>And what are these devices, or what might they be, what 
>might be countermeasures and who might be working for 
>and against them. SDA must have insights to share.
>
>Over to Dave Emery and those more knowledgeable. 
>
>For those who missed his earlier message we've put it, with a 
>follow-up at:
>
>   http://jya.com/gaks-de.htm
>
>
>

__________________________________________________________________________
    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.