On Oct 30, 8:02 am, Roy Schestowitz <newsgro...@xxxxxxxxxxxxxxx>
wrote:
> Ghosts in the machine, spooks on the wire
>
> ,----[ Quote ]
> | It's not paranoia; you can't see them but they are there. "They" are all
> | manner of public and private organizations, some legitimately involved with
> | carrying your voice and data to intended destinations or acquiring records
> | for commercial interests, others just ... listening. (Or, more precisely,
> | sniffing.)
> `----
>
> http://www.linuxworld.com.au/index.php?id=879236755&rid=-50
Let's just be clear. The government started getting concerned about
this during the early years of the Clinton administration. The NSA
was concerned that if people started using PGP and DES encryption,
they could not crack the content fast enough to decode messages
between terrorists engaged in activities that would be an immediate
threat. This concern became even more acute after the World Trade
Center bombing of 1993.
To reduce the risk, the NSA encouraged the use of "Public Key
Infrastructure". PKI does make it easier to validate keys by
contacting a "trusted" source. I had suggested that the United States
Postal Service be used as at least one PKI certificate provider.
Ironically, the NSA decided that the government agencies should NOT
provide Public Key certificates, because that would mean that these
keys would be under the same laws as the US mail. Since the
constitution forbids the searching of mail without a warrant, the NSA
would not be able to search other documents without a warrant either.
The NSA solution was to have Microsoft back a private corporation -
Verisign, as their preferred Certificate provider. As a private
organization, Verisign could simply cooperate with the police or the
NSA and provide keys when they were requested. In England, MI5 used
the Thawte group for a similar purpose. Eventually Verisign and
Thawte group were "merged" - each company retaining it's own identity
but able to provide keys to the other.
Until the Patriot Act, there were limits on what could be done with
the intercepted information. The primary goal was to disrupt the
timing of planned terrorist activities or to mitigate the damage. For
example, if a train was suspected of holding a bomb, it could be moved
to an unpopulated area while the bomb was being diffused. If
terrorists were suspected of blowing up a plane, they could reroute or
replace that plane to make sure that passengers were on safe planes.
We will probably never know how many attacks have been prevented, how
many lives have been saved, and how many other 9/11 type events were
avoided or minimized by collecting this information. I have heard
reports as high as one major attack per day being planned and thwarted
through the use of intercepted encrypted messages. These were on
public television shows, so the .real number could be MUCH higher.
Remember, most of the attacks don't look like planes flying into the
sides of buildings. They look like a gas leak, an apartment fire, a
forest fire, a flood, or a power failure. They are kept quite to
prevent vigilante groups from hurting innocent people.
Still. There are limits to how the information can be used. It can't
be used in court proceedings. It can't even be used as the basis for
a search warrant. It can't even be used as the basis for a "hold and
treat". It might be used to report a suspects car stolen (charges to
be dropped later), or to report a credit card stolen (to be corrected
a few hours later), or to create other delays that can prevent, delay,
or minimize the damage of the attack.
How many terrorist e-mails are intercepted is probably one of the
better kept secrets. When you have a specific target in mind, they
can track you by cell phone, credit card, e-mail, EZ-Pass, and even
those little cameras that take your picture if you run a stop light,
as well as traffic cams, subway cams, mall security cameras, store
security cameras, and even the cameras on ATM machines. Not all of
these sources are "On Line", but if there is suspician that something
big is going down - for example you use 3 of your credit cards to buy
6 jumbo bottles of aspirin, some PH balancing solution, and no
aquarium or fish, they are likely to want to know who you might be
making the plastique for.
Things that would seem pretty normal and innocent to us could be the
ingredients for IEDs, timer devices, or other detonators or terrorist
tools.
Again, you might not be arrested, but you would probably be watched.
And by the way, it probably WOULDN'T matter whether you used Linux or
Windows. Furthermore, if you attempted to deliberatly avoid such
monitors, for example, by using PGP versions from 1993-4, that don't
have little "headers" that help the NSA crack the encryption when
necessary, you would fnd yourself being watched much MORE closely.
The patriot act made it possible for the government to use those
decrypted messages, especially those involving successful plots, to
identify and detain participants for questioning as material
witnesses. Ironically, they can't be convicted for the crimes they
actually committed because the evidence used to identify them as
terrorists can't be used against them in court.
The patriot act goes further, effectively shredding the constitution,
the Bill of Rights, and the Geneva Convention. Since the witnesses
are uncooperative, but can't be convicted for their own action, they
can be held indefinitely and - to prevent a future attack - forced to
provide information about other terrorists. Since they are not being
compelled to testify against themselves, the current administration
thinks that they can legally be tortured into providing information
against others.
Ironically, none of these questions were asked of Supreme Court
nominees, and they are only now being raised in relation to the
Attorney General nomination. Ironically, the torture is conducted
under the NSA and the State department, not the DOJ.
> FBI ducks questions about its remotely installed spyware
>
> ,----[ Quote ]
> | There are plenty of unanswered questions about the FBI spyware that, as we
> | reported earlier this week, can be delivered over the Internet and implanted
> | in a suspect's computer remotely.
> `----
> http://news.com.com/8301-10784_3-9747666-7.html
The ability to "wiretap" a Windows user's computer by sending a link
to a carefully designed Active-X control has been well documented
several times. Unfortunately, each time these documents are published
- Microsoft gets a court order to have the content removed. When
Microsoft first released IE 4.0 Tracy Reed of Ultriviolet.org posted a
series of demonstrations of how to use Active-X controls to read
someone's files, send them elsewhere, e-mail them, modify them, hide
them, or delete them. He even had one demonstration that would render
any hard drive permanently unreadable.
Wire-tapping is easy. In fact, with the right combination of e-mail,
active-X, and downloaded software, it's even possible to turn on the
Microphone in a laptop, turn on a web-cam without turning on the light
indicating it's on, or even record every keystroke as it's being typed
- all without being detected.
The treasury department requires that all large cash deposits be
carefully recorded, that accounts receiving large amounts of currency
deposits be carefully monitored, even that accounts receiving large
numbers of money orders with similar serial numbers be monitored. The
account could be used to launder drug money or to fund terrorist acts.
Since the Patriot act covers the funding of terrorism, and since drug
money is assumed to help fund terrorist activities (Talaban and Al-
Queda sell opium and heroin), the account could be tied to terrorism.
The information I'm providing here is based on publicly available
information.
Most other information requires top security clearance and a "need to
know".
|
|