[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a3a7d6660711141301o4d7b8b85mef2d0e01c84d37eb@mail.gmail.com>
Date: Wed, 14 Nov 2007 21:01:19 +0000
From: imipak <imipak@...il.com>
To: raju@...ux-delhi.org, Bugtraq <bugtraq@...urityfocus.com>
Subject: Re: Standing Up Against German Laws - Project HayNeedle
Hi Raju,
On Nov 14, 2007 3:20 AM, Raj Mathur <raju@...ux-delhi.org> wrote:
> The mail addresses can only be stored if the server through which the
> mail is relayed (or on which it originates) falls under the law. I'd
> presume that's not a significant percentage of all mails sent out from
> any country.
>
(a) (as you say) they can of course be trivially extracted from the
traffic flow at the provider level. cf the current EFF / NSA / San
Francisco case - that (as I understand it) is probably in breach of
the US Constitution, yet it happened/is happening. The German law, and
similar laws in the UK and other countries, implicitly (at least)
enables such tactics;
(b) most mail users use mail servers at their employers or their local
ISP (ISPs with retail presence in multiple territories will of course
have mail servers in situated locally);
(c) the balance, excluding those weirdos running their own personal
MTA / MSAs, will be using webmail services like Hotmail and Gmail.
Tracerouting from the machine I'm typing this on (in the UK) shows a
route through my ISP, to LINX (the London IX), and then straight into
Google space. The RTT all the way to the final hop is in the 30ms
range:
[...]
8 209.85.248.80 (209.85.248.80) 25.302 ms 24.348 ms 25.605 ms
MPLS Label 548800 TTL=1
9 209.85.248.79 (209.85.248.79) 27.972 ms 36.281 ms 26.562 ms
10 72.14.233.77 (72.14.233.77) 28.266 ms 29.057 ms 27.273 ms
11 66.249.94.146 (66.249.94.146) 29.517 ms 30.668 ms 30.179 ms
12 ik-in-f19.google.com (66.249.91.19) 28.092 ms 27.926 ms 28.564 ms
...which strongly suggests to me that the front-end Gmail webserver my
"mail" hits is probably pretty close to me. It's certainly not on the
other side of the Atlantic. There's quite a lot of cooperation between
EU member states, would a "UKUSA"-type arrangement in the EU be very
surprising?
=i
On Nov 14, 2007 3:20 AM, Raj Mathur <raju@...ux-delhi.org> wrote:
> On Tuesday 13 November 2007 15:29, Florian Echtler wrote:
> > [snip]
> > As a native German speaker, allow me to clarify: with respect to IP
> > communication, the law mandates saving the following information for
> > 6 months:
> >
> > - which customer was assigned which IP for what timespan
> > - sender mail address, receiver mail address and sender IP for each
> > mail - in case of VOIP: caller and callee phone number and IP address
>
> The mail addresses can only be stored if the server through which the
> mail is relayed (or on which it originates) falls under the law. I'd
> presume that's not a significant percentage of all mails sent out from
> any country.
>
> Of course, it's also possible to track (snoop) all SMTP traffic on the
> network, but that's totally different from just keeping mail and AAA
> server logs and from my understanding that's not what this law
> mandates.
>
> Regards,
>
> -- Raju
> --
> Raj Mathur raju@...dalaya.org http://kandalaya.org/
> Freedom in Technology & Software || February 2008 || http://freed.in/
> GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F
> PsyTrance & Chill: http://schizoid.in/ || It is the mind that moves
>
--
And what exactly is a dream?
And what exactly is a joke?
- Syd Barrett
Powered by blists - more mailing lists