lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20071114162328.GC21935@papafloh.de>
Date: Wed, 14 Nov 2007 17:23:28 +0100
From: streck@...afloh.de (Florian Streck)
To: rakesh@...man.in
Cc: 'full-disclosure' <full-disclosure@...ts.grok.org.uk>,
	bugtraq@...urityfocus.com
Subject: Re: Standing Up Against German Laws - Project
	HayNeedle

Hello Rakesh,

> 2. Even if, it is there, it is for Public good. It is to protect you against
> terrorism. Yes, this amounts to big brother is watching, but many times,
> that is essential. Remember USA 9/11/2001, London 7/7/2006, India (many many
> incidents). Have trust in your government. I believe, German government
> machinery is reasonable efficient and honest. If communication transactions
> are logged, what is the harm? In case of any incident, how will the
> government investigate? If you are a security professional, don't you advise
> your client for all this like audit logs etc.

I think this is not correct. People with enough "criminal energy" have
ways to circumvent any of the governments measures. The only people
caught by this are idiot criminals, people that are to lazy to protect
teir privacy (like me) and the normal citizen who has no idea of what is
happening.
The harm is, that if your communication habbits have suspicious patterns
you are a suspect. And you don't even know about it. Like those
No-Fly-Lists. You don't know that you are on it till it's too late (and
you miss your flight) and you have no way to get of it. How do you prove
that you are innocent if the polices software says you are behaving
suspicious?

> 3. Even if, you need to protest, please do. This is your right. But, this is
> not the way to protest. Even if you say that technically you are not
> breaking any law, the difference between you and a law breaker is very thin.
> If you want to protect, use democratic methods. Write about it in print
> media. Use electronic media to mobilise opinion. Create Blogs. Send e-mails.
> Lobby with MPs (members of Bundestag). If your ideas will appeal to people,
> many will raise voice. Ultimately, law is manifestation of social
> aspirations for social good. As I understand, Germany (Deutschland) is a
> vibrant democracy and not a dictatorship or oppressive state. Further, ask
> the background - why this law was necessary? In a democracy, laws are made
> after careful and well defined process. Ask for the details of the process.

All this is beeing done right now. As soon as this law is put into
effect there will be an action at the constitutional court. But I fear
that this will not be enough. We will have to investigate the government
measures and develop technical countermeasures. And then teach the
people what is done, what's the harm in it and how to circumvent it.

> 4. If you can cite some incidents of misuse / oppression by the government
> machinery of any other law, you can quote that in venting your feelings /
> opinion.

We have a sad history of oppressive governments that used just methods
like that. First it was the nazis and then in eastern germany the
socialist government. They'd have been thrilled about the possibilities
that our police will get. They also mixed up secret services and police
as it is beeing done right now here in germany. They (at least the
nazis) used democratic laws to build a dictatorship.

Right now we still have a democracy. But I'm not sure where the way will
go to.

Florian Streck

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ