| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 1 Oct 2006 13:41:56 -0500 From: "J. Oquendo" <sil@...iltrated.net> To: Valdis.Kletnieks@...edu Cc: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Truths in "Truth in Caller ID Act" Valdis.Kletnieks@...edu wrote: > You mis-read the legalese. > "It shall be unlawful for any person within the United States" Define within the United States. The person, the server, the provider or all three. I don't believe it's misread it's to the letter of the law. So again step by step... "It shall be unlawful for any person within the United States, in connection with any telecommunications service or VOIP service..." 1) Teleco/VoIP service is out of bounds here. 2) The User who initiated the command is logged from an address somewhere over the rainbow (Tor+Privoxy). 3) "within the United States" which? The person, or the telco/VoIP provider? Does it have to be both - person and provider. Sounds broad to me. Can't be single sided here. So I decide to offer a service to say rape victims who want to remain anonymous, a victim decides to use "Jane Smith" <2035551212>, she is calling from say the British Virgin Islands where she was raped by a congressman. She doesn't want her identity known, but would like counseling over the phone. 1) She is in the British Virgin Islands so technically she is not breaking the law. 2) Me being the provider, I didn't initiate the spoof, I provided a service. Should I be held accountable for upholding the right to privacy? 3) Sure caller ID blocking could have been used, it still could be traced. Let's take the case of someone blowing the whistle on government corruption. History has shown their life will be ruined. This is a great avenue worry free to make a report yet at the same time if I decided to set my caller ID as that of the White House, I'm sure I can con a reporter to report something bogus. Dual edged sword. What will be next outlawing telco service unless it passes through DCS100 along with a photo and fingerprint at Fort Meade. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 sil infiltrated . net http://www.infiltrated.net "How a man plays the game shows something of his character - how he loses shows all" - Mr. Luckey _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists