lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <15321512.1135160256591.JavaMail.teamon@bda055-cell00.bisx.prod.on.blackberry>
Date: Wed Dec 21 10:17:59 2005
From: jasonc at science.org (Jason Coombs)
Subject: Re: [Antisocial] Re: [Clips] Why Bush Approved
	the Wiretaps (fwd)

Perry E. Metzger <perry@...rmont.com> wrote:
>   Electronic surveillance means
>   (1) the acquisition by an electronic, mechanical, or other
>       surveillance device of the contents of any wire or radio
>       communication sent by or intended to be received by
...

Dear Perry, et al:

I think you're missing the key clue as to what was actually done, and thus why it was done in the manner chosen, and why it is now being defended by the Bush Administration as being legal.

All of the statutes quoted, and every other one of which I am aware, prohibit the INTERCEPTION of the CONTENT of communications.

Nothing presently prohibits the automated processing of the content via software when the content is not captured/intercepted, nor excerpted/preserved for law enforcement's review. A computer system, designed to circumvent the intent but comply with the letter of present law, can legally do what a person cannot.

Furthermore, courts in jurisdictions in which I have worked are presently ruling that with respect to electronic equivalents of conventional PSTN pen register intercepts, all information considered to be 'routing' information rather than CONTENT of electronic communications is fair game, and may not even require a warrant, anywhere, with respect to anyone.

At the very least, there is serious gray area in the lack of clear definition of the electronic communication equivalent to the conventional PSTN pen register.

I suspect that what is actually being intercepted is not content, but rather is data that the administration considers to be network routing information -- e-mail and IP addresses, basically. Maybe domain names of Web sites being visited.

Read more about Carnivore's known capabilities from several years ago with respect to its pen register mode of operation:

http://www.epic.org/privacy/carnivore

Then consider the consequences of the absence of explicit mention of 'electronic communications equivalent of a pen register' or the words 'or network routing information' in any of the statutes you mentioned.

I wouldn't be surprised at all if the administration ultimately argues that the data they intercepted without a warrant, to the extent that ANY data was 'intercepted', was not 'content' that the sender/recipient intended to communicate to/from the other party. Furthermore they could take the position that there is no need for a warrant for 'electronic communication pen registers' as the pen register statutes are cleverly ambiguous and (probably intentionally) antiquated...

Regards,

Jason Coombs
jasonc@...ence.org

-----Original Message-----
From: "J.A. Terranson" <measl@....org>
Date: Tue, 20 Dec 2005 23:49:30 
To:antisocial@....org
Subject: [Antisocial] Re: [Clips] Why Bush Approved the Wiretaps (fwd)


Good back and forth.
-- 
Yours,

J.A. Terranson
sysadmin@....org
0xBD4A95BF


	Just once, can't we have a nice polite discussion about
	the logistics and planning side of large criminal enterprise?

	- Steve Thompson



---------- Forwarded message ----------
Date: Tue, 20 Dec 2005 13:04:00 -0500
From: Perry E. Metzger <perry@...rmont.com>
To: R. A. Hettinga <rah@...pwright.com>
Cc: cypherpunks@...t.org
Subject: Re: [Clips] Why Bush Approved the Wiretaps

"R. A. Hettinga" <rah@...pwright.com> writes:
[...]>
>  The National Review
>  Byron York
[...]
>  At his news conference this morning, the president explained that he
>  believed the U.S. government had to "be able to act fast" to intercept the
>  "international communications of people with known links to al Qaeda." "Al
>  Qaeda was not a conventional enemy," Bush said. "This new threat required
>  us to think and act differently."

The FISA law already allows taps to go on for 72 hours before a court
is informed. That's three days. In three days people can't fill in a
form and deliver it to the FISA court? The FISC has approved 15,000
wiretaps and rejected less than ten in its history.

>  But there's more to the story than that. In 2002, when the president made
>  his decision, there was widespread, bipartisan frustration with the
>  slowness and inefficiency of the bureaucracy involved in seeking warrants
>  from the special intelligence court, known as the FISA court.

It is so inefficient that you don't even have to ask for THREE
DAYS. Three days isn't enough time?

More to the point, even if the President thinks something is
"inefficient", the law is the law. If it says "those who do not seek a
FISC warrant go to jail for five years", the President has to obey.

>  People familiar with the process say the problem is not so much with the
>  court itself as with the process required to bring a case before the court.
>  "It takes days, sometimes weeks, to get the application for FISA together,"
>  says one source. "It's not so much that the court doesn't grant them
>  quickly, it's that it takes a long time to get to the court.

Of course, this is in fact untrue. FISA requests are as fast as the
Department of Justice and NSA wish them to be.

Of course, even if it were true, the law is clear, and the President
is not the legislature. The administration had years and years in
which to ask Congress to alter the law. It did not do so. It chose to
simply solicit the commission of felonies.

All these comments about "slowness" and "cumbersomeness" etc. are
attempts by the magician to keep your eye away from what he does not
want you to see. Do not be distracted. A felony was solicited by the
President and committed by employees of the NSA. Do not let them
distract you. Keep your eye on the target.

>  And even though the attorney general has the
>  authority in some cases to undertake surveillance immediately, and then
>  seek an emergency warrant, that process is just as cumbersome as the normal
>  way of doing things.

Actually, the law doesn't say "in some cases".

  Notwithstanding any other provision of this subchapter, when the
  Attorney General reasonably determines that
  (1) an emergency situation exists with respect to the employment of
      electronic surveillance to obtain foreign intelligence information
      before an order authorizing such surveillance can with due
      diligence be obtained; and
  (2) the factual basis for issuance of an order under this subchapter
      to approve such surveillance exists;
  he may authorize the emergency employment of electronic surveillance
  if a judge having jurisdiction under section 1803 of this title is
  informed by the Attorney General or his designee at the time of such
  authorization that the decision has been made to employ emergency
  electronic surveillance and if an application in accordance with this
  subchapter is made to that judge as soon as practicable, but not more
  than 72 hours after the Attorney General authorizes such surveillance.

So it isn't "in some cases" -- it is basically any time the Attorney
General decides to rubber stamp it.

Again, don't be fooled by the smokescreen. Read the law yourself. See
for yourself that the President has disobeyed a criminal statute.

>  Lawmakers of both parties recognized the problem in the months after the
>  September 11 terrorist attacks. They pointed to the case of Coleen Rowley,
>  the FBI agent who ran up against a number roadblocks in her effort to
>  secure a FISA warrant in the case of Zacarias Moussaoui, the al Qaeda
>  operative who had taken flight training in preparation for the hijackings.
>  Investigators wanted to study the contents of Moussaoui's laptop computer,
>  but the FBI bureaucracy involved in applying for a FISA warrant was
>  stifling, and there were real questions about whether investigators could
>  meet the FISA court's probable-cause standard for granting a
>  warrant.

A fascinating story, except it is on its face false. FISA warrants are
for intercepting communications, not for examining laptops:

   Electronic surveillance means
   (1) the acquisition by an electronic, mechanical, or other
       surveillance device of the contents of any wire or radio
       communication sent by or intended to be received by a particular,
       known United States person who is in the United States, if the
       contents are acquired by intentionally targeting that United
       States person, under circumstances in which a person has a
       reasonable expectation of privacy and a warrant would be required
       for law enforcement purposes;
   (2) the acquisition by an electronic, mechanical, or other
       surveillance device of the contents of any wire communication to
       or from a person in the United States, without the consent of any
       party thereto, if such acquisition occurs in the United States,
       but does not include the acquisition of those communications of
       computer trespassers that would be permissible under section 2511
       (2)(i) of title 18;
   (3) the intentional acquisition by an electronic, mechanical, or other
       surveillance device of the contents of any radio communication,
       under circumstances in which a person has a reasonable expectation
       of privacy and a warrant would be required for law enforcement
       purposes, and if both the sender and all intended recipients are
       located within the United States; or
   (4) the installation or use of an electronic, mechanical, or other
       surveillance device in the United States for monitoring to acquire
       information, other than from a wire or radio communication, under
       circumstances in which a person has a reasonable expectation of
       privacy and a warrant would be required for law enforcement purposes.

Also, Mr. Moussaoui was not a US person, and the Attorney General can
authorized anything he likes without a court order if:

   [...]there is no substantial likelihood that the surveillance will acquire
   the contents of any communication to which a United States person is a
   party[...]

As I said, the story in question is completely false on its face. The
people who wrote it are counting on you not reading the law, not
informing yourself, not knowing what is true and what is not. Do not
be fooled. Read the law for yourself.

In any case, cumbersome and unpleasant or not, the law is still in
force, and the law says that the President of the United States
committed a felony and solicited the commission of felonies.

>  Bush's order, it appears, was an attempt to change that situation.
>  Especially before, and even after, passage of the Patriot Act, the FISA
>  bureaucracy and the agencies that dealt with it were too unwieldy to handle
>  some fast-moving intelligence cases.

There is no "FISA bureaucracy". What is there? There is a court with
eleven judges. That's it:

  The Chief Justice of the United States shall publicly designate 11
  district court judges from seven of the United States judicial
  circuits of whom no fewer than 3 shall reside within 20 miles of the
  District of Columbia who shall constitute a court which shall have
  jurisdiction to hear applications for and grant orders approving
  electronic surveillance anywhere within the United States under the
  procedures set forth in this chapter[...]

That is the "FISA bureaucracy" they speak of.

Again, do not be fooled. Do not allow the spin masters to convince you
that black is white and white is black. Read the law for yourself,
understand for yourself what has happened.

http://www.law.cornell.edu/uscode/html/uscode50/usc_sup_01_50_10_36_20_I.html

Perry
_______________________________________________
Antisocial mailing list
Antisocial@....org
http://lists.mfn.org/mailman/listinfo/antisocial

.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ