lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4444EFDE.3080802@blocked.org>
Date: Tue Apr 18 14:55:57 2006
From: lists at blocked.org (Eddie)
Subject: Re: kiddie porn warning [was: Fwd: Re: montspace
	-- child porn (site still up)]

The following only pertains to US jurisdictions. Also, I am not a 
lawyer, only citing public documents.

  <inline>

Michael Holstein wrote:
>> Guys, please refrain from going to that site or downloading it. In 
>> some western countries just having CP on your PC means your life can 
>> be completely ruined without much further evidence or investigation 
>> before-hand.
> 
> wget to STDOUT would be safe in such situations, no?
> 
> You can't "see" an image rendered that way, unless you're Rain Man and 
> can mentally reassemble a JPG from text.
> 

The issue isn't whether or not you "see" the images, the issue is 
whether you have communicated the images. wget-ing would still move the 
image to you. Granted that displaying to STDOUT would not leave that 
image in a retrievable form, however, do you want the Feds coming to 
your home/place of business and seizing your equipment for review?

>> Motive is irrelevant. Leave this to the proper authorities.
> 
> Tried that .. emailed both the FBI and Interpol on three occasions .. 
> and received no response. Perhaps if I picked up the phone and just 
> talked to the dialtone .. then their evesdroppers would pick it up and act?
> 
> /mike.
> 
> PS: This begs the larger question on what, as a network operator do we 
> do when we "stumble" upon such things? .. are we guilty just because we 
> found it by accident (in this case, because some dipass posted a URL 
> without warning as to the content) .. and try to be proactive in dealing 
> with the problem (while simultaneously reporting it to the authorities)?

 From the CFR ? 81.12 'Submission of reports to the "Cyber Tipline" at 
the National Center for Missing and Exploited Children'


     (a) When a provider of electronic communications services or remote 
computing services to the public ("provider") obtains knowledge of facts 
or circumstances concerning an apparent violation of Federal child 
pornography statutes designated by 42 U.S.C. 13032(b)(1), it shall, as 
soon as reasonably possible, report all such facts or circumstances to 
the "Cyber Tipline" at the National Center for Missing and Exploited 
Children Web site (http://www.CyberTipline.com), which contains a 
reporting form for use by providers.

(b) A provider should initially call the National Center for Missing and 
Exploited Children to receive an identification number and a password 
that will enable it to log on to the section of the "Cyber Tipline" that 
is designed for provider reporting.

42 U.S.C. referenced above is:

? 13032.  Reporting of child pornography by electronic communication 
service providers

(a) Definitions. In this section--
    (1) the term "electronic communication service" has the meaning 
given the term in section 2510 of title 18, United States Code; and
    (2) the term "remote computing service" has the meaning given the 
term in section 2711 of title 18, United States Code.

(b) Requirements.
    (1) Duty to report. Whoever, while engaged in providing an 
electronic communication service or a remote computing service to the 
public, through a facility or means of interstate or foreign commerce, 
obtains knowledge of facts or circumstances from which a violation of 
section 2251, 2251A, 2252, 2252A, 2252B, or 2260 of title 18, United 
States Code, involving child pornography (as defined in section 2256 of 
that title), or a violation of section 1466A of that title, is apparent, 
shall, as soon as reasonably possible, make a report of such facts or 
circumstances to the Cyber Tip Line at the National Center for Missing 
and Exploited Children, which shall forward that report to a law 
enforcement agency or agencies designated by the Attorney General.
    (2) Designation of agencies. Not later than 180 days after the date 
of enactment of this section [enacted Oct. 30, 1998], the Attorney 
General shall designate the law enforcement agency or agencies to which 
a report shall be forwarded under paragraph (1).
    (3) In addition to forwarding such reports to those agencies 
designated in subsection (b)(2), the National Center for Missing and 
Exploited Children is authorized to forward any such report to an 
appropriate official of a state or subdivision of a state for the 
purpose of enforcing state criminal law.
    (4) Failure to report. A provider of electronic communication 
services or remote computing services described in paragraph (1) who 
knowingly and willfully fails to make a report under that paragraph 
shall be fined--
       (A) in the case of an initial failure to make a report, not more 
than $ 50,000; and
       (B) in the case of any second or subsequent failure to make a 
report, not more than $ 100,000.

(c) Civil liability. No provider or user of an electronic communication 
service or a remote computing service to the public shall be held liable 
on account of any action taken in good faith to comply with or pursuant 
to this section.

(d) Limitation of information or material required in report. A report 
under subsection (b)(1) may include additional information or material 
developed by an electronic communication service or remote computing 
service, except that the Federal Government may not require the 
production of such information or material in that report.

(e) Monitoring not required. Nothing in this section may be construed to 
require a provider of electronic communication services or remote 
computing services to engage in the monitoring of any user, subscriber, 
or customer of that provider, or the content of any communication of any 
such person.

(f) Conditions of disclosure of information contained within report.
    (1) In general. No law enforcement agency that receives a report 
under subsection (b)(1) shall disclose any information contained in that 
report, except that disclosure of such information may be made--
       (A) to an attorney for the government for use in the performance 
of the official duties of the attorney;
       (B) to such officers and employees of the law enforcement agency, 
as may be necessary in the performance of their investigative and 
recordkeeping functions;
       (C) to such other government personnel (including personnel of a 
State or subdivision of a State) as are determined to be necessary by an 
attorney for the government to assist the attorney in the performance of 
the official duties of the attorney in enforcing Federal criminal law; or
       (D) where the report discloses a violation of State criminal law, 
to an appropriate official of a State or subdivision of a State for the 
purpose of enforcing such State law.
    (2) Definitions. In this subsection, the terms "attorney for the 
government" and "State" have the meanings given those terms in Rule 54 
of the Federal Rules of Criminal Procedure.


Seriously, it's best to not attempt to do anything with the websites, 
other than report. DON'T SEND SAMPLES. You'd be surprised how many 
people get into trouble with State/local law enforcement for sending 
samples which is itself a violation of federal law.

Eddie

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ